und-arc / ipcam Goto Github PK

Scan firmware vendor site, www.p2plivecam.com, to see if there are any interesting finds to be found.

The test I would like to be run is:

nmap -sS -T4 -vvv -p 1-65535 www.p2plivecam.com
nmap -F -T5 -A -vvv --script all www.p2plivecam.com

This will require root privileges and the installation of nmap.
Is there any chance that this will cause damage/in some way alter the code executing on the camera?
No.

Does this test prelude/follow up on others? If so, what? Depends.

Need to measure SoC physical size to determine chip type:

Datasheets:

• Hi3518A & Hi3518C (Size data is on bottom of PDF page 20)
• Hi3518E (Size data is bottom-right of PDF page 1)

This is a request for information issue

Want to test more in-depth AP mode's port 67/udp.

IANA's serivce name/port registry lists 67/udp as BOOTP, and the associated RFC specifies 67 as the server (with 68 as a client). However, Nmap identified the service as dhcps. IANA doesn't mention it, but Wikipedia mentions that DHCP also uses port 67 (and 68).

nmap -sS -sU -p 67 -T3 -A -vvv --script all 192.168.10.1

This test requires root priviliges.

Is there any chance that this will cause damage/in some way alter the code executing on the camera?
Shouldn't be.

Does this test prelude/follow up on others? If so, what?
Maybe. If the service is bootps, further investigation may yield a method of mapping parts of the filesystem.
If the test is inconclusive, utilizing the DHCP failover protocol (port 647/847) may yield more information.

This is a request for information issue
In the ASP index from www.p2plivecam.com, there is an IP address linked with downloading PCTools and the Android APK software. The address is 112.124.40.254:808 and appears to be a Chinese IPCamera software upgrade management platform.

The test I would like to be run is:

$ nmap -sS -sU -T4 -vvv -p 1-65535 112.124.40.254
$ nmap -F -T4 -A -vvv --script all 112.124.40.254

This will require root privileges.

Is there any chance that this will cause damage/in some way alter the code executing on the camera?
No.

Does this test prelude/follow up on others? If so, what? No idea.

Need to run tests on each of the P2P servers outlined in the P2P config section of about.md to see what they do.

Tests to run:

1. nmap -sS -sU -p 1-65535 -T4 -v [server]
2. nmap -F -T4 -A -v -v --script "default or (discovery and safe)" [server]
3. If 1 cannot be run due to permissions, nmap -p 1-65535 -T4 -v [server] will suffice

Test 1 will take a long time!

Sorry if this is not the right place to write this.
I have the exact same hardware as you described but in a different form factor and I am willing to help reverse engineer this this and hopefully be able to put more trusted and open firmware on it. I will share more info about my unit and happy to test anything if you need.

Is there a way to enable RTSP streams?