Hello a pau!
Hoʻomohala wau i ka firmware no nā pahu kiʻi wikiō no nā lawelawe b2b a me b2c, a me ka poʻe e komo ana i nā papahana nānā wikiō federal.
Ua kākau wau e pili ana i ko mākou hoʻomaka ʻana i loko .
Mai ia manawa, ua loli ka nui - ua hoʻomaka mākou e kākoʻo i nā chipsets hou aʻe, no ka laʻana, e like me mstar a me fullhan, ua hālāwai mākou a ua launa pū me ka helu nui o nā mea hana kiʻi kiʻi IP a me ka home.
Ma keʻano laulā, hele pinepine mai nā mea hoʻolale kiʻi kiʻi iā mākou e hōʻike i nā mea hana hou, e kūkākūkā i nāʻano loea o ka firmware a iʻole ke kaʻina hana.
Akā, e like me nā manawa a pau, i kekahi manawa e hele mai nā kāne ʻē aʻe - lawe mai lākou i nā huahana Kina i ʻae ʻole ʻia me ka firmware piha i nā lua, a me ka uhi wikiwiki ʻana i ka hōʻailona o kahi hale hana kolu, akā i ka manawa like e ʻōlelo ana ua kūkulu lākou i nā mea āpau: ʻelua. ka circuitry a me ka firmware, a ua lilo lākou i huahana Lūkini loa.
I kēia lā e haʻi wau iā ʻoe e pili ana i kekahi o kēia mau kāne. ʻO kaʻoiaʻiʻo, ʻaʻole wau he kākoʻo i ka hoʻopaʻa ʻana i ka lehulehu i nā "hoʻokomo i nā mea pani" - hoʻoholo maʻamau wau ʻaʻole makemake mākou i ka pilina me ia mau ʻoihana, a i kēia manawa mākou e hoʻokaʻawale me lākou.
Akā naʻe, i kēia lā, i ka heluhelu ʻana i ka nūhou ma Facebook a me ka inu ʻana i kaʻu kofe kakahiaka, kokoke au e hoʻokahe ma hope o ka heluhelu ʻana ʻO ka hui o Rusnano, ka hui ʻo ELVIS-NeoTek, me Rostec, e hoʻolako i nā ʻumi tausani o nā kāmela i nā kula.
Aia ma lalo o ka ʻokiʻoki nā kikoʻī o ke ʻano o kā mākou hoʻāʻo ʻana iā lākou.
ʻAe, ʻae - ʻo ia ka poʻe i lawe mai iaʻu me ka haʻahaʻa haʻahaʻa a me ka maikaʻi ʻole o Kina, ma lalo o ke ʻano o kā lākou ulu ʻana.
No laila, e nānā kākou i nā ʻoiaʻiʻo: Ua lawe mai lākou iā mākou i kahi kāmeʻa "VisorJet Smart Bullet", mai kahi hale - he pahu a me kahi pepa ʻae QC (:-D), i loko aia kahi kāmela modular maʻamau Kina e pili ana i ka Hisilicon 3516 chipset.
Ma hope o ka hana ʻana i kahi firmware dump, ua ʻike koke ʻia ʻo ka mea hana maoli o ke kāmela a me ka firmware ʻo ia kekahi ʻoihana "Brovotech", ka mea loea i ka hāʻawi ʻana i nā kiʻi kiʻi IP maʻamau. Ma kahi kaʻawale, ua huhū au i ka inoa ʻelua o kēia keʻena "» He hoʻopunipuni hoʻopunipuni ka inoa o ka hui ʻo Ezviz, he kaikamahine b2c a kekahi o nā alakaʻi honua ʻo Hikvision. Hmm, aia nā mea a pau i nā kuʻuna maikaʻi loa o Abibas a me Nokla.
ʻO nā mea a pau i loko o ka firmware ua lilo i mea maʻamau, unpretentious ma ka ʻōlelo Kina:
Nā faila ma ka firmware
├── alarm.pcm
├── bvipcam
├── cmdserv
├── daemonserv
├── ʻike
├── font
├── lib
...
│ └── libsony_imx326.so
├── hana hou
├── start_ipcam.sh
├── sysconf
│ ├── 600106000-BV-H0600.conf
│ ├── 600106001-BV-H0601.conf
...
│ └── 600108014-BV-H0814.conf
├── system.conf -> /mnt/nand/system.conf
├── version.conf
└── www
...
├── hōʻailona
│ ├── elvis.jpg
│ └── qrcode.png
Mai kahi mea hana hale ʻike mākou i ka faila elvis.jpg - ʻaʻole maikaʻi, akā me ka hewa i ka inoa o ka ʻoihana - e hoʻoholo ana i ka pūnaewele i kapa ʻia lākou "elvees".
ʻO bvipcam ke kuleana no ka hana ʻana o ke kāmela - ʻo ka noi nui e hana pū me nā kahawai A/V a he kikowaena pūnaewele.
I kēia manawa e pili ana i nā puka a me nā puka hope:
1. He maʻalahi loa ka puka hope ma bvipcam: strcmp (password, "20140808") && strcmp (inoa hoʻohana,"bvtech"). ʻAʻole ia i hoʻopaʻa ʻia, a holo ma luna o ke awa kīnā ʻole 6000
2. Aia i loko o /etc/shadow kahi huaʻōlelo aʻa static a me kahi awa telnet wehe. ʻAʻole ka MacBook ikaika loa i hoʻoikaika i kēia ʻōlelo huna ma lalo o hoʻokahi hola.
3. Hiki i ka pahupaʻikiʻi ke hoʻouna i nā ʻōlelo huna a pau i mālama ʻia ma o ka mana mana ma ke kikokikona maʻemaʻe. ʻO ia hoʻi, ma ke komo ʻana i ka pahupaʻikiʻi me ka backdoor log pass mai (1), hiki iā ʻoe ke ʻike maʻalahi i nā ʻōlelo huna o nā mea hoʻohana a pau.
Ua hana au i kēia mau hana hoʻopunipuni a pau - maopopo ka ʻōlelo hoʻoholo. ʻO ka firmware Kina ʻekolu, ʻaʻole hiki ke hoʻohana ʻia i nā papahana koʻikoʻi.
Ma ke ala, ua loaʻa iaʻu ma hope iki - i loko o laila ua hana lākou i ka hana hohonu i ke aʻo ʻana i nā lua i nā kāmera mai brovotech. Hmmm.
Ma muli o nā hopena o ka hoʻokolokolo, ua kākau mākou i kahi hopena iā ELVIS-NeoTek me nā ʻike āpau i ʻike ʻia. I ka pane ʻana, ua loaʻa iā mākou kahi pane maikaʻi mai ELVIS-NeoTek: "ʻO ka firmware no kā mākou mau kāmela i hoʻokumu ʻia ma ka Linux SDK mai ka mea hana hoʻokele HiSilicon. No ka mea hoʻohana ʻia kēia mau mea hoʻoponopono i kā mākou mau kamera. Ma ka manawa like, ua hoʻomohala ʻia kā mākou polokalamu ponoʻī ma luna o kēia SDK, nona ke kuleana no ka hoʻopili ʻana o ke kāmela me ka hoʻohana ʻana i nā protocol hoʻololi ʻikepili. He mea paʻakikī no ka ʻike ʻana i nā loea hoʻāʻo, ʻoiai ʻaʻole mākou i hāʻawi i ke aʻa i nā kāmela.
A i ka loiloi ʻia ʻana mai waho mai, hiki ke hoʻokumu ʻia kahi manaʻo kuhihewa. Inā pono, ua mākaukau mākou e hōʻike i kāu poʻe loea i ke kaʻina holoʻokoʻa o ka hana a me ka firmware o nā kāmera i kā mākou hana. Me ka hōʻike ʻana i kahi hapa o nā code kumu firmware.
ʻO ka mea maʻamau, ʻaʻohe mea i hōʻike i ke code kumu.
Ua hoʻoholo wau ʻaʻole e hana hou me lākou. A i kēia manawa, ʻelua makahiki ma hope mai, ua loaʻa i nā hoʻolālā o ka hui ʻo Elvees e hana i nā kāmela Kina haʻahaʻa me ka firmware Kina ma lalo o ke ʻano o ka hoʻomohala ʻana o Rūsia ua loaʻa kā lākou noi.
I kēia manawa ua hele au i kā lākou pūnaewele a ʻike ua hōʻano hou lākou i kā lākou laina kamera a ʻaʻole like ia me Brovotech. ʻAe, ʻike paha nā kāne a hoʻoponopono iā lākou iho - ua hana lākou i nā mea āpau iā lākou iho, i kēia manawa me ka ʻoiaʻiʻo, me ka ʻole o ka firmware leaky.
Akā, auē, ka hoʻohālikelike maʻalahi "Lūkini" kamera hāʻawi i nā hopena.
No laila, e hālāwai me ke kumu: nā kāmela mai kahi mea kūʻai ʻike ʻole.
Pehea ka maikaʻi o kēia mile mile ma mua o brovotech? Mai kahi manaʻo palekana, ʻoi loa, ʻaʻohe mea - kahi hopena maʻalahi e kūʻai.
E nānā wale i ke kiʻi kiʻi o ka pūnaewele pūnaewele o ka mileight a me nā kāmela ELVIS-NeoTek - ʻaʻohe mea kānalua: ʻo nā kāmela VisorJet "Russian" he clone o nā kāmela mileight. ʻAʻole wale nā kiʻi o nā pilina pūnaewele e pili ana, akā ʻo ka IP paʻamau 192.168.5.190 a me nā kiʻi kiʻi kamera. ʻO ka ʻōlelo huna paʻamau ka mea like: ms1234 vs en123456 no ka clone.
I ka hopena, hiki iaʻu ke ʻōlelo he makua kāne wau, he mau keiki kaʻu i ke kula a ke kūʻē nei au i ka hoʻohana ʻana i nā kāmeʻa Kina me ka leaky Chinese firmware, me nā Trojans a me nā puka hope i kā lākou hoʻonaʻauao.
Source: www.habr.com