Skip to content

Latest commit

 

History

History
95 lines (65 loc) · 2.74 KB

xm_get_telnet.md

File metadata and controls

95 lines (65 loc) · 2.74 KB
Raw

How to login inside original firmware

Information applicable only for XM-based camera (and partially DVR/NVR) firmwares.

In recent versions of XM firmwares, telnet is not enabled by default, and most of backdoors allowing to easily (remotely) enable it are fixed/closed.

Enable telnet server

In U-Boot console:

setenv telnetctrl 1; saveenv

Note that saveenv is mandatory, otherwise Linux side (which analyzes this setting) simply won't see it.

Connect with telnet

In some case, telnetctrl variable does not start telnet automatically and it have to be started manually.

telnetd
sleep 1
touch /var/Telnetd_WanCheckFlag

The creation of the flag file /var/Telnetd_WanCheckFlag allow connection from lan. It has to be created after the starting of telnetd.

Then, to log in, use the following

LocalHost login: root
Password: xmhdipc
Welcome to HiLinux.

Also can try other login/passwd pairs In recent NVR firmware versions, you may need to login with the actual admin password which you set up in the UI (static predefined password won't work).

Optional: enable Linux kernel verbose boot

if armbenv exists

# armbenv -s xmuart 0
# reboot

Or in case where XmEnv exists:

# XmEnv -s xmuart 0
# reboot

Note that while this setting modifies U-Boot environment, it should be done from Linux. At least some vendor U-Boot versions don't allow to set this from U-Boot console itself (attempt to set a variable of such name is ignored). But you can try with the -f option from U-Boot.

In U-Boot console:

setenv -f xmuart 0; saveenv

Note that saveenv is mandatory, otherwise Linux side (which analyzes this setting) simply won't see it.

Enable telnet without even open your camera (remotely)

  • Find proper zip with recent firmware update using link and download it.

  • Unzip it and choose proper bin file from several options.

  • It's recommended update your camera using this stock firmware without modifying it. It will help understand possible issues. Use General... if not sure which option you want.

  • Unzip bin file as it would be ordinary zip archive.

  • Copy add_xmuart.sh from utils directory of the repository inside directory with unpacked files.

  • Run ./add_xmaurt.sh and then ensure that u-boot.env.img has xmuart=1telnetctrl=1 near the end of file.

  • Repack bin file adding changed u-boot.env.img there like this: zip -u General_IPC_HI3516EV200_85H30AI_S38.Nat.dss.OnvifS.HIK_V5.00.R02.20200507_all.bin u-boot.env.img

  • Upgrade camera using new bin file