ant-thomas / zsgx1hacks Goto Github PK

Just a short message to tell you, it's also working on GD-SC01 outdoor camera.
The RTSP default password is just different: dg20160404
It can be changed in /home/hwcfg.ini (passwd option)

I'm now working on the wifi part.

Thanks for your good job!

I opened the p2pcam file in a text editor an found a list of domains. Don't know if these are all used. Most of these domains are in the new hosts file her but there are also some additional domains.

xmpp.stg.closeli.com
relayus-w.stg.arcsoftcloud.com
update.stg.closeli.com
esd.stg.closeli.com
upns.stg.arcsoftcloud.com
argus.stg.closeli.com
argus.closeli.com
relay.stg.closeli.com
api.stg.closeli.com
xmpp.icloseli.com
relayus-w.arcsoftcloud.com
update.icloseli.com
esd.icloseli.com
upns.icloseli.com
argus.icloseli.com
relay.icloseli.com
api.icloseli.com
xmpp.stg.icloseli.cn
relaycn.arcsoftcloud.com
update.stg.icloseli.cn
esd.stg.icloseli.cn
upns.stg.icloseli.cn
argus.stg.icloseli.cn
relay.stg.icloseli.cn
stun.closeli.cn
api.stg.icloseli.cn
bell.stg.closeli.cn
xmpp.icloseli.cn
update.icloseli.cn
esd.icloseli.cn
upns.icloseli.cn
argus.icloseli.cn
relay.icloseli.cn
stun.icloseli.cn
api.icloseli.cn
bell.closeli.cn

Anyone have backup firmware for the ZS-GX1 I can download? My camera is stuck loop.

Has anyone got PTZ Control in ISpy, I've tried everything I can think of, any help would be appreciated. Thanks

Hi,

Thanks for the hacks. That saves me money.

Works very well on 2 ZS-GX1 with latest firmware but I heard a sharp whistling on the 2 devices when booted on SDCard and not on the original firmware.

Could you help me ?

Hello everyone,
I managed to view live streams. (with audio and PTZ (movement) support) In this thread I'm going to show you how to configurate.

• First download the software according your OS.
  https://www.ispyconnect.com/download.aspx
• Then open the software.
• Click Add button
• Select IP Camera from dropdown menu
• Select ONVIF from the top menu
• enter username and password (some cameras admin:admin some cameras just admin without a password just try)
• enter IP address http://YOURCAMERASIPADRESSHERE
• Make sure Transport -> Auto and Connect with -> FFMPEG selected
• Click next.
• Select second URL (this URL supports audio stream, First one without audio) (Example: rtsp://YOURCAMERASIPADDRESSHERE:554/0/av1)
• Click OK
• Now you need to see your camera running on the software.
• Select PTZ section
• Select camera model as ONVIF
• Now you can move your camera as you want :)
  That's it. Feel free to explore other features such as recording, uploading ftp etc. etc.

Note: I'm not the owner of the software. Please use it at your own risk

Hi!

I own a SC-02 and SC-11 GUUDGO cams. Both work OK with the latest firmware.
But I have a problem. RTSP seems like unstable. VLC handles it more or less good, but other NVR software not. I don't know why, but every minute it makes the cams reboot. (I am using QNAP's QVR Pro software). I have a bunch of cams and it's the first time I've seen this behaviour.

I would like to get rid of p2pcam and instead using a v4l2rtsp server, (for example). I know it is said on the README's ToDo, but I am really interested in this feature, as I cannot use both cameras for the NVR, what was my first intention.

I also open this issue to be notified about future changes. Anyway, I don't know much about compiling, but you could explain it to me, in order to help you to solve this issue

Hello ! ... I hope I can find help from you ... I have no idea how to communicate with you and how this site works. I came across your post trying to change the way to register on google drive or ftp instead of the paid cloud. I have a CIPC-Gc13H cloud ip camera.

I was able to record on my SD card only.

I downloaded the last file zsgx1hacks-v0.3.zip ... unzip and put on my SD card, insert in my camera, restart this one

Now ... I do not know what to do !! LOL I'm not even able to come back and use as before! I downloaded Putty and tried to communicate with the camera .. also try onvid app on android.

Can you help me please! ..thank you

I do not even know if I'll be able to read you if you answer me ..

Title says it all
Does this works for GUUDGO GD-SC02 https://www.banggood.com/GUUDGO-GD-SC02-720P-Wifi-IP-Camera-PanTilt-IR-Cut-Night-Vision-Two-way-Audio-Motion-Detection-Alarm-p-1176850.html

thanks in advance

Hi,
I have read the instructions and have some questions. I will be very grateful if you answer.
My main problem is that "annoying whining noise". I only want to fix that. If I only copy goke_volume file to SD card, will it be enough? Or if I have to copy all files together? What other changes I will see? For example; it writes "No communication to cloud services". What happens if there is no communication to cloud services? Can I still use Eyeplus Android application to use cameras? Also what is "updated busybox"?

Thank you.

Hello,

Great little hack to prevent it sending video to their cloud.

I see some problems that could make this perfect cam for my newborn room and to be used as baby monitor.

1. RTSP stream has no sound.
2. IR LED should turn on/off automatically depending on the brightness level in the environment.
3. Command ntpd -q -p uk.pool.ntp.org did not set correct time for me. I had to use my ISP NTP server address. Maybe we need more "general" NTP server.

Is there a solution already available for this issues?

Thank you and best regards.

Tried the files on the zip on my camera and they work ok .

The only "issue" is that the card needs to be there all the time .

Thought it would be an "update file" but the camera is using the old files as soon as i reboot without sdCard.

So maybe just add a note on the readme.md that the sdcard needs to be on camera always for the "hack" to work

Thanks again for great work

Is there any way to backup of oficial firmware before update it or change it

Hi, after trying for several weeks to open the rtsp stream from my camera (see #30), I came yesterday to the conclusion that the rtsp stream coming from the camera has some problems. I can successfully connect and authorize to it but all the clients I used report some mismatches on the stream.
So my question is, can I flash another firmware to my camera to make it compatible to the majority of the cameras you are having? If yes where can I find it and how can I flash it.
Can I make a backup of the existing firmware and flash it back in case the new firmware is not working?

Hi There,

Do you have maybe a description to get in the old boot? Because i flashed it to zsgx1hacks-v0.3 wit the the SD-Card and after that the whole device is not responding anymore. Device type is the following: gk7102s_ytj_A0

I can hear the device booting and booting, so its stuck in a bootloop

Hope you get back to me with a solution! Thanks :)

Hi all , great work.
I like to setup the wifi via telnet. Does anyone know how to do?

THX

Here is the link: https://client.closeli.com where it's possible to see live preview from camera.
credentials are the same as the one you put to register camera at first time.

closeli app is available in google play store

Hi to all,

I successfully logged in to the camera through telnet and through ssh, but it is completely impossible to find a valid rtsp link to get the image from. I have tried hundreds of combinations without success.

I'm using Linux Mint 18.2 and I have tried these rtsp links both with VLC and mplayer...

Also, what version should the Camera SW have? Are your modifications working with every SW version?
The mobile App is suggesting me to make an upgrade of the firmware. Should I do it or not?

model.ini contains:
pubtime=0x598016BF 8

hardinfo.bin contains:
<?xml version="1.0" encoding="UTF-8"?> <DeviceInfo version="1.0"> <DeviceClass>0</DeviceClass> <OemCode>0</OemCode> <BoardType>1003</BoardType> <FirmwareIdent>eyeplus_ipc_gk_002</FirmwareIdent> <Manufacturer>RS</Manufacturer> <Model>GK7102</Model> <WifiChip>MT7601</WifiChip> <GPIO> <BoardReset>30_0x00000000_0_0</BoardReset> <SpeakerCtrl>-1</SpeakerCtrl> <BlueLed>15_0x00000000_0_0</BlueLed> <RedLed>15_0x00000000_0_0</RedLed> <IrFeedback>39_0x00000000_0x1_1</IrFeedback> <IrCut1B>40_0x00000000_0_1</IrCut1B> <IrCtrl>46_0x00000000_0_1</IrCtrl> </GPIO>

Any help would be much appreciated!

Working on trying to figure out a permanent hack without using an SD card.

Currently got one working where you only need to use an SD card once. The hack is copied across and the SD card can be removed once the hack is applied.

This is possible because everything in /home is persistent across reboots. Meaning you can use debug_cmd.sh to copy a new start.sh file to /home and copy all the required files (dropbear, busybox, hosts etc) to a folder on /home.

Within a new start.sh the commands are added to apply the hack on each boot. No SD required.

Tried to extract this firmware via binwalk but it doesnt recognize any partition/formats

http://files.banggood.com/2016/06/GUUDGO%20ONVIF.rar

I see the header PK2 which seems compressed kinda like ZIP

Any idea ?

I like to connect the camera to a cloud to keep the recordings, is there a way to change the RTSP password? It is now user:admin and blank password.

I have QNAP SS-839 (little old I know) and I tried to setup the video surveillance option with GuudGo SC-03. I got error message:

Failed to create the RTSP connection to the network camera. Please check if the RTSP port is correct and the RTSP streaming access name is 'live.sdp' on the network camera.

I searched with Google and there was something similar error and there was something about RTSP versions?

PS. I wonder if there is something odd with the latest ZIP-file, it did not install correctly, perhaps the files were not correctly copied to SD-card? There is two SDcard directories???

I'm using GuuDGo GD-SC03 with GuuDGo GD-NR01 NVR and no luck to get motion detect working. Video recording work only continuously. Is there anyone with motion detect working? Someone says, that this is not problem from NVR, but the camera.

There were a lot of comments on websites like "mydealz" where users posted older firmwares for a GUUDGO GD-SC03 where rtsp was enabled (unlike in the original firmware of the shipped version). So far so good. But after the trial period of 14 days this access was disable (even if you blocked all outside communications).

Is this hack different? Do I need a special firmware version?

The result should be, that I can use a rtsp stream for a unlimited amount of time. Is this the case?

Hi, great work.
I don't want to be rude, but I think it is better to make the zsgx1hacks-v0.3.zip configurable. If someone want to have permanent change to camera or not. Thank you.

To anyone, who want FTP with write access enable, just add switch -w to the command:
...
(tcpsvd -vE 0.0.0.0 21 ftpd -w / ) &
...

Does anyone know how to enable rotation of the image in the rtsp stream? I can see an option can be passed to 'goke_p2pcam_param' but I did that and my camera hasnt re-joined my wifi network after rebooting.

I'll wipe it tomorrow to get it back on the network but does anyone have a working way to rotate the image?

V0.4 permanent installed on my GD-SC02, works perfectly.
Only issue, I cannot connect to SSH by using putty.... gives me a key algorithm error...still trying to find a solution.
Thanks for the hard work. I will contribute if I find anything helpful.
Cheers!

I try diferent versions and not running. I have root acces, i get it with serial and adding some lines to boot.sh

During first time setup WiFi over App just make screenshot with QR code, next time just point camera to this screenshot and WiFi is set up. (Content of QR is crypted, maybe someone found a way to generate it).

The following should implement the devParams.dat checksum algorithm: goke_pwpcam_param.c

If the sums do not match the devParams.dat is emptied and p2pcam will ask to reconfigure using the app.

Dear Cheap cam buyers :P

I also bought a cheap chinese cam (well 2). This is a Lintratek with 3 antenna's.
All connections are same as always through app and cloud.
Also telnet is open with the password found here before.

Would really want to help here.
Also, took apart 1 cam and this seems to be a slightly different chip GK7102s

http://www.mydigoo.com/Digoo-DG-M1Q-960P-2_8mm-Wireless-Mini-WIFI-Night-Vision-Smart-Home-Security-IP-Camera-Onvif-Monitor-p-38.html

Would be interested if anyone has tried this on the Digoo M1Q cameras? Apparently they run on the Goke GK7102 chip as well.

The current firmware is annoying because it wants to setup a tunnel to a server in China, when I use the firewall to block access to the internet it starts a timer and will reset itself. Also uses the tunnel to get NTP time so the time is always messed up.

How to access these settings without previously connectiong cam to network?

Is this only possible via serial?

Hi all,

Was also doing some tests do full-fill some needs I have.

Currently using ffserver + ffmpeg to convert RTSP stream into mpeg and could open in any browser.

Are you compiling the bin files (busybox, httpd, etc) or exist any repository with pre-build packs for this armv6?

br
Alex

Hi, nice hack so far; I have a guudgo version of this camera and have been hacking a bit on it. The password for telnet is: cxlinux

Good luck

Hi! I also bought 2 of these cameras ZS - GX1 1080P WiFi IP Camera Webcam from GearBest (also known as GUUDGO GD-SC03 Snowman 1080P WIFI) .
I have tested one camera and seems to be good quality for the money. I have also tried to find out root password for telnet and tried to sniff packets with WireShark. Only thing I discovered was that "eyeplusiot.com" equals to "icloseli.com".

Fortunately my camera already had rtsp://admin:20160404@cameraip/onvif1 active.
Thanks for sharing your work!

hello
Trying to set up a server with ffmpeg to convert the RTSP of the camera to hls .
Ffmpeg doesnt like how the authentication is setup on the RTSP server of camera.

Is there a way to make the rtsp server accessible without user/pass ?

meaning rtsp://192.168.1.15:554 instead of rtsp://admin:[email protected]:554 ?

Thanks

Hi there,

great to see this hack happen.
I'm not really in it so could you please give some idiot proof advise how to flash this version?
I would like to kill the connection to china at least.

Regards
Kev0

I tested the Script on a GD-SC11 an it works also.
Some little improvements I do to the script. I added the line:
ntpd -q -p ptbtime1.ptb.de
to set the correct time.

I've just ordered "snowman SRC-001" from Gamiss (which is on sale with coupon for $22 USD) having found it's the equivalent to a ZS-GX1 and I'm looking forward to trying your hacked system on it!

I was poking around in some of the source files, and although I just have some *nix shell experience and not a programmer per se, I noticed a very minor typo in the params help text for setting options, in zsgx1hacks/source/goke_p2pcam_param.c, on line 98, here:

printf("\t -p, --password Stream username (default: admin)\n");

I believe it should read "...Stream password..."

It will be a week or two, but I can pop back in with some feedback on how your hacked system works on my SRC-001.

Thanks for sharing this work!

Hello, great work, have You find a way to change frame rate and bitrate param?

Not an issue, just tested on the Digoo DG-W01F camera and these scripts work.
It appears to run damn near identical code to the cameras you've been discussing so I thought I'd test it as I've been doing a bit of hacking of my own.

Scripts run fine. I think even the wifi comes up but I haven't fully tested that yet it's currently wired for testing.
I had looked at compiling the snx_rtsp_server for this camera so I'm going to test that today as an alternative to the p2pcam RTSP server.

Link for this camera is https://www.banggood.com/Digoo-DG-WO1F-Cloud-Storage-3_6mm-Lens-720P-Waterproof-Outdoor-WIFI-Security-IP-Camera-Motion-Detect-p-1194795.html

After setting up and reset again the camera wont connect to wifi anymore.

edit: was a local problem reboot router helped

I've found, that devParam.dat is one of files, which are changed when WiFi changed over App. In this binary file is stored some data and some parts contain WiFi SSID + Pass and file checksum. Camera (tested on SC03) on start checks checksum and if data in file changed [e.g. SSID], crc is not OK and file is deleted. Therefore I thought, that WiFi is initialized from this file. I've found a way, how to calculate checksum for changed WiFi data in file. After data change and with new calulated crc, file is no more deleted, but unfortunately nothing is changed. Old WiFi connection is still used. If somebody want, how to calculate checksum, please let me know.

I m starting to work on how the camera rotation is controlled. Any ideas are welcome.

Got a GIBSSI 1080P Wireless IP Camera with same SoC (Goke GK7102S) but different PCB. Telnet/root credentials are equivalent, even RTSP (on different port: 8001) works with VLC but can not control it with onvif (tried iSpy) ...

Any suggestions?

# uname -a
Linux IP CAMERA 3.4.43-gk #61 PREEMPT Wed May 17 19:07:50 CST 2017 armv6l GNU/Linux

# netstat -tulpen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:843             0.0.0.0:*               LISTEN      175/p2pcam
tcp        0      0 0.0.0.0:6670            0.0.0.0:*               LISTEN      175/p2pcam
tcp        0      0 127.0.0.1:9008          0.0.0.0:*               LISTEN      175/p2pcam
tcp        0      0 0.0.0.0:23              0.0.0.0:*               LISTEN      178/telnetd
tcp        0      0 0.0.0.0:5050            0.0.0.0:*               LISTEN      175/p2pcam
tcp        0      0 0.0.0.0:7101            0.0.0.0:*               LISTEN      175/p2pcam
tcp        0      0 0.0.0.0:7103            0.0.0.0:*               LISTEN      175/p2pcam
tcp        0      0 0.0.0.0:8001            0.0.0.0:*               LISTEN      175/p2pcam
tcp        0      0 0.0.0.0:3201            0.0.0.0:*               LISTEN      149/tees
udp        0      0 0.0.0.0:7998            0.0.0.0:*                           175/p2pcam
udp        0      0 0.0.0.0:8001            0.0.0.0:*                           175/p2pcam
udp        0      0 0.0.0.0:8002            0.0.0.0:*                           175/p2pcam

# pwd
/home
# ls -la
drwxrwxrwx    5 root     root             0 Mar  8 18:39 .
drwxr-xr-x   18 root     root             0 Jan  1  1970 ..
-rwxrwxrwx    1 root     root          1200 Jan  1  1970 1080_mem_cfg.bin
-rwxrwxrwx    1 root     root       1137700 Sep  8 02:41 8188fu.ko
-rwxrwxrwx    1 root     root        361845 Jan  1  1970 VOICE.tgz
-rwxrwxrwx    1 root     root        334850 May  5  2017 VOICE.tgz.yuan
-rwxrwxrwx    1 root     root         59746 Jan  1  1970 ca-bundle-add-closeli.crt
-rwxrwxrwx    1 root     root           375 Jan  1  1970 check_mem.sh
-rwxrwxrwx    1 root     root         14153 Jan  1  1970 chmemcfg
-rwxrwxrwx    1 500      500            634 Jan  1  1970 cloud.ini
-rwxrwxrwx    1 500      500            609 Jan  1  1970 cloud_oversea.ini
-rw-r--r--    1 root     root           753 Mar  8 18:39 config.cfg
-rwxrwxrwx    1 root     root           753 Mar  8 18:39 config.cfg.bak
-rwxrwxrwx    1 root     root           141 Mar  7 12:33 config.json
-rwxrwxrwx    1 root     root          3659 Mar  8 18:40 config.xml
-rwxrwxrwx    1 root     root           141 Nov  8 15:19 config_bak.json
-rwxrwxrwx    1 root     root           155 Jun 23  2017 custom_init.sh
-rwxrwxrwx    1 500      500           7376 May 25  2017 debugtool
-rwxrwxrwx    1 root     root          1024 Mar  8 18:39 devParam.dat
drwxrwxrwx    2 1000     default          0 Mar 31  2017 extra
-rwxrwxrwx    1 root     root            32 Jul 28  2017 eye.conf
-rwxrwxrwx    1 500      500           1575 Jun 20  2017 factory_tool.sh
-rwxrwxrwx    1 root     root         14078 May 13  2017 flashwriteMtd
-rwxrwxrwx    1 500      500           4639 May 17  2017 gio.ko
-rwxrwxrwx    1 root     root        677824 Jun 23  2017 gk_fw.bin
-rwxrwxrwx    1 root     root         26094 Jan  1  1970 gkptz-dsa.ko
-rwxrwxrwx    1 root     root         25734 Jan  1  1970 gkptz.ko
-rwxrwxrwx    1 root     root           455 Jun 23  2017 hardinfo.bin
-rwxrwxrwx    1 root     root           137 Sep 12 07:57 hwcfg.ini
-rwxrwxrwx    1 root     root             8 Mar  7 12:34 idx.log
-rwxrwxrwx    1 root     root            30 Jan  1  1970 model.ini
-rwxrwxrwx    1 root     root       2706387 Jan  1  1970 p2pcam.tar.gz
-rwxrwxrwx    1 root     root            20 Mar  8 10:39 psp.dat
-rwxrwxrwx    1 root     root            89 Jun 23  2017 ptz.cfg
-rwxrwxrwx    1 500      500          21489 May  4  2017 sdc_tool
-rwxrwxrwx    1 500      500           1779 Apr 13  2017 sensor.sh
-rwxrwxrwx    1 500      500          38796 May 13  2017 sensordetect
drwxrwxrwx    2 500      500              0 Jan 23  2017 sensors
-rwxrwxrwx    1 500      500           3337 Jan  1  1970 start.sh
-rwxrwxrwx    1 root     root         28487 Jan  1  1970 tees
-rwxrwxrwx    1 root     root           985 Mar  7 12:28 work.log
-rwxrwxrwx    1 root     root        595508 Jan  1  1970 wpa_supplicant
-rwxrwxrwx    1 root     root           154 Jan  1  1970 wpa_supplicant.conf
-rwxrwxrwx    1 500      500            185 Jan  1  1970 wpa_supplicant.conf_EYERD

Starting Nmap 7.60 ( https://nmap.org ) at 2018-03-08 19:46 CET
NSE: Loaded 146 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 19:46
Completed NSE at 19:46, 0.00s elapsed
Initiating NSE at 19:46
Completed NSE at 19:46, 0.00s elapsed
Initiating ARP Ping Scan at 19:46
Scanning 192.168.2.3 [1 port]
Completed ARP Ping Scan at 19:46, 0.01s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 19:46
Completed Parallel DNS resolution of 1 host. at 19:46, 0.00s elapsed
Initiating SYN Stealth Scan at 19:46
Scanning 192.168.2.3 [1000 ports]
Discovered open port 23/tcp on 192.168.2.3
Discovered open port 7103/tcp on 192.168.2.3
Discovered open port 8001/tcp on 192.168.2.3
Discovered open port 5050/tcp on 192.168.2.3
Discovered open port 843/tcp on 192.168.2.3
Completed SYN Stealth Scan at 19:46, 0.11s elapsed (1000 total ports)
Initiating Service scan at 19:46
Scanning 5 services on 192.168.2.3
Completed Service scan at 19:46, 46.02s elapsed (5 services on 1 host)
Initiating OS detection (try #1) against 192.168.2.3
NSE: Script scanning 192.168.2.3.
Initiating NSE at 19:46
Completed NSE at 19:46, 5.04s elapsed
Initiating NSE at 19:46
Completed NSE at 19:46, 0.03s elapsed
Nmap scan report for 192.168.2.3
Host is up (0.00053s latency).
Not shown: 995 closed ports
PORT     STATE SERVICE    VERSION
23/tcp   open  telnet
| fingerprint-strings: 
|   GenericLines: 
|     CAMERA login: 
|     CAMERA login: IP CAMERA login:
|   GetRequest: 
|     HTTP/1.0
|     CAMERA login:
|   Help: 
|     HELP
|     CAMERA login:
|   NCP: 
|     DmdT^@^@^@
|     ^@^@^@^A^@^@^@^@^@
|   NULL: 
|     CAMERA login:
|   RPCCheck: 
|     ^@^@(r
|   SIPOptions: 
|     OPTIONS sip:nm SIP/2.0
|     Via: SIP/2.0/TCP nm;branch=foo
|     From: <sip:nm@nm>;tag=root
|     <sip:nm2@nm2>
|     Call-ID: 50000
|     CSeq: 42 OPTIONS
|     Max-Forwards: 70
|     Content-Length: 0
|     Contact: <sip:nm@nm>
|     Accept: application/sdp
|     CAMERA login:
|   tn3270: 
|     ^@IBM-3279-4-E
|_    ^YIP CAMERA login:
843/tcp  open  unknown
| fingerprint-strings: 
|   DNSStatusRequest, GenericLines, GetRequest, HTTPOptions, Help, JavaRMI, LANDesk-RC, LDAPBindReq, LPDString, NCP, RTSPRequest, TerminalServer, X11Probe, afp: 
|_    <cross-domain-policy> <allow-access-from domain="*" to-ports="*" /> </cross-domain-policy>
5050/tcp open  mmcc?
7103/tcp open  tcpwrapped
8001/tcp open  rtsp
| fingerprint-strings: 
|   FourOhFourRequest: 
|     HTTP/1.1 404 Not Found
|     Server: TAS-Tech IPCam
|     Date: Fri, 8 Mar 118 18:46:15 GMT
|     Content-Length: 9
|     Cache-Control: no-cache
|     Found
|   GetRequest: 
|     HTTP/1.1 404 Not Found
|     Server: TAS-Tech IPCam
|     Date: Fri, 8 Mar 118 18:46:10 GMT
|     Content-Length: 9
|     Cache-Control: no-cache
|     Found
|   HTTPOptions: 
|     HTTP/1.1 405 Method Not Allowed
|     Server: TAS-Tech IPCam
|     Date: Fri, 8 Mar 118 18:46:20 GMT
|     Content-Length: 18
|     Cache-Control: no-cache
|     Method Not Allowed
|   RTSPRequest: 
|     RTSP/1.0 200 OK
|     CSeq: 0
|     Server: TAS-Tech Streaming Server V100R001
|_    Public: DESCRIBE, SET_PARAMETER, SETUP, TEARDOWN, PAUSE, PLAY
|_rtsp-methods: DESCRIBE, SET_PARAMETER, SETUP, TEARDOWN, PAUSE, PLAY
3 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port23-TCP:V=7.60%I=7%D=3/8%Time=5AA184F3%P=x86_64-apple-darwin13.4.0%r
SF:(NULL,20,"\xff\xfd\x01\xff\xfd\x1f\xff\xfb\x01\xff\xfb\x03\r\r\nIP\x20C
SF:AMERA\x20login:\x20")%r(GenericLines,46,"\xff\xfd\x01\xff\xfd\x1f\xff\x
SF:fb\x01\xff\xfb\x03\r\r\nIP\x20CAMERA\x20login:\x20\r\n\r\nIP\x20CAMERA\
SF:x20login:\x20IP\x20CAMERA\x20login:\x20")%r(tn3270,31,"\xff\xfd\x01\xff
SF:\xfd\x1f\xff\xfb\x01\xff\xfb\x03\r\r\n\^@IBM-3279-4-E\xfb\^YIP\x20CAMER
SF:A\x20login:\x20")%r(GetRequest,32,"\xff\xfd\x01\xff\xfd\x1f\xff\xfb\x01
SF:\xff\xfb\x03\r\r\nGET\x20/\x20HTTP/1\.0\r\n\r\nIP\x20CAMERA\x20login:\x
SF:20")%r(RPCCheck,19,"\xff\xfd\x01\xff\xfd\x1f\xff\xfb\x01\xff\xfb\x03\r\
SF:r\n\x80\^@\^@\(r\xfe\^\]")%r(Help,26,"\xff\xfd\x01\xff\xfd\x1f\xff\xfb\
SF:x01\xff\xfb\x03\r\r\nHELP\r\nIP\x20CAMERA\x20login:\x20")%r(SIPOptions,
SF:FF,"\xff\xfd\x01\xff\xfd\x1f\xff\xfb\x01\xff\xfb\x03\r\r\nOPTIONS\x20si
SF:p:nm\x20SIP/2\.0\r\nVia:\x20SIP/2\.0/TCP\x20nm;branch=foo\r\nFrom:\x20<
SF:sip:nm@nm>;tag=root\r\nTo:\x20<sip:nm2@nm2>\r\nCall-ID:\x2050000\r\nCSe
SF:q:\x2042\x20OPTIONS\r\nMax-Forwards:\x2070\r\nContent-Length:\x200\r\nC
SF:ontact:\x20<sip:nm@nm>\r\nAccept:\x20application/sdp\r\n\r\nIP\x20CAMER
SF:A\x20login:\x20")%r(NCP,49,"\xff\xfd\x01\xff\xfd\x1f\xff\xfb\x01\xff\xf
SF:b\x03\r\r\nDmdT\^@\^@\^@\x08\x20\x08\x08\x20\x08\x08\x20\x08\x08\x20\x0
SF:8\x08\x20\x08\x08\x20\x08\x08\x20\x08\x08\x20\x08\x08\x20\x08\x08\x20\x
SF:08\^@\^@\^@\^A\^@\^@\^@\^@\^@");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port843-TCP:V=7.60%I=7%D=3/8%Time=5AA184F3%P=x86_64-apple-darwin13.4.0%
SF:r(GenericLines,5B,"<cross-domain-policy>\x20<allow-access-from\x20domai
SF:n=\"\*\"\x20to-ports=\"\*\"\x20/>\x20</cross-domain-policy>\0")%r(GetRe
SF:quest,5B,"<cross-domain-policy>\x20<allow-access-from\x20domain=\"\*\"\
SF:x20to-ports=\"\*\"\x20/>\x20</cross-domain-policy>\0")%r(HTTPOptions,5B
SF:,"<cross-domain-policy>\x20<allow-access-from\x20domain=\"\*\"\x20to-po
SF:rts=\"\*\"\x20/>\x20</cross-domain-policy>\0")%r(RTSPRequest,5B,"<cross
SF:-domain-policy>\x20<allow-access-from\x20domain=\"\*\"\x20to-ports=\"\*
SF:\"\x20/>\x20</cross-domain-policy>\0")%r(DNSStatusRequest,5B,"<cross-do
SF:main-policy>\x20<allow-access-from\x20domain=\"\*\"\x20to-ports=\"\*\"\
SF:x20/>\x20</cross-domain-policy>\0")%r(Help,5B,"<cross-domain-policy>\x2
SF:0<allow-access-from\x20domain=\"\*\"\x20to-ports=\"\*\"\x20/>\x20</cros
SF:s-domain-policy>\0")%r(X11Probe,5B,"<cross-domain-policy>\x20<allow-acc
SF:ess-from\x20domain=\"\*\"\x20to-ports=\"\*\"\x20/>\x20</cross-domain-po
SF:licy>\0")%r(LPDString,5B,"<cross-domain-policy>\x20<allow-access-from\x
SF:20domain=\"\*\"\x20to-ports=\"\*\"\x20/>\x20</cross-domain-policy>\0")%
SF:r(LDAPBindReq,5B,"<cross-domain-policy>\x20<allow-access-from\x20domain
SF:=\"\*\"\x20to-ports=\"\*\"\x20/>\x20</cross-domain-policy>\0")%r(LANDes
SF:k-RC,5B,"<cross-domain-policy>\x20<allow-access-from\x20domain=\"\*\"\x
SF:20to-ports=\"\*\"\x20/>\x20</cross-domain-policy>\0")%r(TerminalServer,
SF:5B,"<cross-domain-policy>\x20<allow-access-from\x20domain=\"\*\"\x20to-
SF:ports=\"\*\"\x20/>\x20</cross-domain-policy>\0")%r(NCP,5B,"<cross-domai
SF:n-policy>\x20<allow-access-from\x20domain=\"\*\"\x20to-ports=\"\*\"\x20
SF:/>\x20</cross-domain-policy>\0")%r(JavaRMI,5B,"<cross-domain-policy>\x2
SF:0<allow-access-from\x20domain=\"\*\"\x20to-ports=\"\*\"\x20/>\x20</cros
SF:s-domain-policy>\0")%r(afp,5B,"<cross-domain-policy>\x20<allow-access-f
SF:rom\x20domain=\"\*\"\x20to-ports=\"\*\"\x20/>\x20</cross-domain-policy>
SF:\0");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port8001-TCP:V=7.60%I=7%D=3/8%Time=5AA184F8%P=x86_64-apple-darwin13.4.0
SF:%r(GetRequest,8A,"HTTP/1\.1\x20404\x20Not\x20Found\r\nServer:\x20TAS-Te
SF:ch\x20IPCam\r\nDate:\x20Fri,\x208\x20Mar\x20118\x2018:46:10\x20GMT\r\nC
SF:ontent-Length:\x209\r\nCache-Control:\x20no-cache\r\n\r\nNot\x20Found")
SF:%r(FourOhFourRequest,8A,"HTTP/1\.1\x20404\x20Not\x20Found\r\nServer:\x2
SF:0TAS-Tech\x20IPCam\r\nDate:\x20Fri,\x208\x20Mar\x20118\x2018:46:15\x20G
SF:MT\r\nContent-Length:\x209\r\nCache-Control:\x20no-cache\r\n\r\nNot\x20
SF:Found")%r(HTTPOptions,9D,"HTTP/1\.1\x20405\x20Method\x20Not\x20Allowed\
SF:r\nServer:\x20TAS-Tech\x20IPCam\r\nDate:\x20Fri,\x208\x20Mar\x20118\x20
SF:18:46:20\x20GMT\r\nContent-Length:\x2018\r\nCache-Control:\x20no-cache\
SF:r\n\r\nMethod\x20Not\x20Allowed")%r(RTSPRequest,87,"RTSP/1\.0\x20200\x2
SF:0OK\r\nCSeq:\x200\r\nServer:\x20TAS-Tech\x20Streaming\x20Server\x20V100
SF:R001\r\nPublic:\x20DESCRIBE,\x20SET_PARAMETER,\x20SETUP,\x20TEARDOWN,\x
SF:20PAUSE,\x20PLAY\r\n\r\n");
MAC Address: 00:0C:43:xx:xx:xx (Ralink Technology)
Device type: general purpose
Running: Linux 2.6.X|3.X
OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3
OS details: Linux 2.6.32 - 3.13
Uptime guess: 0.002 days (since Thu Mar  8 19:44:12 2018)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=254 (Good luck!)
IP ID Sequence Generation: All zeros

TRACEROUTE
HOP RTT     ADDRESS
1   0.53 ms 192.168.2.3

NSE: Script Post-scanning.
Initiating NSE at 19:46
Completed NSE at 19:46, 0.00s elapsed
Initiating NSE at 19:46
Completed NSE at 19:46, 0.00s elapsed
Read data files from: /usr/local/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 55.67 seconds
           Raw packets sent: 1026 (45.986KB) | Rcvd: 1014 (41.258KB)

Hey guys!

I ordered a Gearbest camera: ZS - GX1 1080P WiFi IP Camera Webcam.
This can only be used with eyepluspilot.com or by phone. I would like to use it as described, but I do not have the knowledge to install it. Please make a "how-made" video for users, which everyone uses for their own responsibility. I tried Telnet, but I do not know the password.
Features:
Camera Version
Firmware: 3.1.1.0908
Embedded Application: 3.1.1.0908
Device ID: ******************
MAC Address: ******
Model Type: CloudCamera
Anti Flicker: 60Hz

I'm sorry about English, I'm writing about Hungary.

All my respect, Mark!

Hello,

The camera works well when its connected with Wireless but is when I connect with ethernet cable it doesnt get an IP.

Is there any chance to give the camera a Static IP?