Sometimes vendor's firmware consists of binary images intended for use with U-Boot image loader and prepended with headers in U-Boot Image wrapper format. The header should be stripped off before you can use such an image as a raw binary file. Here's how you can strip the first 64 bytes from a file:
dd if=inputfile.img of=outputfile.bin bs=64 skip=1alternatively
tail -c +65 inputfile.img > outputfile.binThere is a handful of ways to get access to a locked bootloader shell
Sometimes improper settings make the camera unstable to the point where it is impossible to log in or not enough time before rebooting to fix the settings. Here's how to completely erase the overlay partition in the OpenIPC firmware, right from the bootloader shell, to bring the camera back to its pristine state:
only for 8MB flash partitioning
sf probe 0; sf erase 0x750000 0xb0000; reset
only for 16MB flash partitioning
sf probe 0; sf erase 0xd50000 0x2b0000; reset
ssh root@<camera_ip_address>
There is no password by default.
Open http://<camera_ip_address>:85/ and sign in using default username admin and default password 12345. You will be asked to change the password after successful login.
Please note, it will also change your ssh root password!
Create a serial connection to the camera using a UART adapter and a terminal program. After turning on the camera, press Ctrl-C to interrupt the boot sequence and enter the bootloader shell.
For a camera with 8MB flash chip, run
sf probe; sf erase 0x750000 0xb0000; resetFor a camera with 16MB flash chip, run
sf probe; sf erase 0xd50000 0x2b0000; resetSign in on camera via ssh and run ipctool.
You don't see it because initially it is not there, but there is a shell command of the same name.
(Since it's a shell command, it won't work from Web Console in web UI. Sign in to the camera via SSH and run the command in there.)
When you run this command, the latest available version of ipctool utility
gets downloaded into /tmp/ directory and runs from there. Since the utility
resides in /tmp/, it won't survive a reboot, thus won't take any useful space
on the camera afterwards.
If you need to know what is in the command, search for ipctool in the
/etc/profile file.
This could work if you are lucky, you gained access into Linux shell on stock firmware, and it does support NFS mounting:
fw=$(mktemp -t)
nfs=$(dirname $fw)/nfs
mkdir -p $nfs
mount -t nfs -o tcp,nolock 192.168.1.123:/path/to/nfs/share $nfs
cat /dev/mtdblock? > $fw
mv $fw ${nfs}/firmware_full.binMake sure to use your own IP address and path to the NFS share!
strings dumpfile.bin | grep ^ethaddrOn the camera: Sign in into web UI on port 85 of your camera.
passwdOn the desktop: Copy the public key to the camera by logging in with the password created above.
ssh-copy-id [email protected]On the camera: Create a .ssh folder in the root user's home directory
and copy the file with the authorized keystore into it.
mkdir ~/.ssh
cp /etc/dropbear/authorized_keys ~/.ssh/On the desktop: Open a new session to verify that the authorization is passed using the public key not requesting a password.
Enable and configure Core Dump in the menu Majestic > Majestic Debugging.
You need to specify GPIO pins to control the infrared filter. Settings for some cameras can be found in this table. If your camera is not in the table then you need to use ipctool utility.
The OpenIPC firmware will automatically download the latest version of the
utility to the /tmp directory when ipctool is invoked first time.
On stock firmware, you will need to download the utility to the camera yourself using any tools available in the system: wget, curl, tftp etc.
For example, download the ipctool utility to TFTP server on the local network, then download it to the camera:
tftp -g -r ipctool -l /tmp/ipctool 192.168.1.1
chmod +x /tmp/ipctool
/tmp/ipctoolIf the camera has access to the internet, you can try to mount a public NFS sharing and run the utility from it, without downloading to the camera:
mkdir -p /tmp/utils
mount -o nolock 95.217.179.189:/srv/ro /tmp/utils/
/tmp/utils/ipctoolAfter the utility is downloaded to the camera, run the ipctool gpio scan
command in the terminal and open-close the camera lens a couple of times with
your palm.
Watch the output of ipctool to determine the pins responsible for controlling the IR filter curtain.
Enter the values obtained in the settings for the night mode Majestic. If the pink tint still persists, you may need to enable sensor signal inversion.
Don't forget to add the camera model and found GPIO values to the table!
instead of the current sample_af in the standard /metrics?
No, this is a difficult algorithm, it does not have a sense to run it this way.
Sometimes you need to transfer files to the camera. In addition to the above
method using NFS (Network File System) you can use the standard Linux scp
command to copy files over an SSH connection:
scp ~/myfile [email protected]:/tmp/This command will copy myfile from the home directory to the /tmp/
directory on the camera.
On recent Linux systems the following error may occur:
sh: /usr/libexec/sftp-server: not found
scp: Connection closedIn this case, add -O option to the command:
scp -O ~/myfile [email protected]:/tmp/