Last active
October 30, 2024 20:45
-
-
Save raplin/63d34d9d71d39bd96238c0b506e0cf2e to your computer and use it in GitHub Desktop.
Simple script for cheap chinese wifi cameras (e.g. "YS01" IP cameras) to dump flash and remove root password
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # put this file on a FAT32 SD card, in a directory called "Factory" and call it "config.sh" | |
| echo "dumping device flash to sd card" | |
| mkdir /mnt/flash | |
| #dump whole flash chip (8mbytes) | |
| dd if=/dev/mtdblock0 of=/mnt/flash/mtd0 | |
| #copy writable directories (also part of the mtd0 dump we just did) | |
| mkdir /mnt/flash/jffs2 | |
| cp -R /etc/jffs2 /mnt/flash/jffs2 | |
| mkdir /mnt/flash/data | |
| cp -R /data /mnt/flash/data | |
| sync | |
| echo "done" | |
| echo 'clearing root password (can just log in as root, no password)' | |
| passwd -d root | |
| sync | |
| echo 'done' | |
| # start telnet | |
| telnetd & | |
| # modify the jffs2 timezone script to also start telnetd on boot when SD card not present | |
| grep telnetd /etc/jffs2/time_zone.sh || echo "telnetd &" >>/etc/jffs2/time_zone.sh | |
| sync | |
| #indicate we're done by turning on the white led on the front | |
| echo 1 >/sys/user-gpio/WHITE_LED | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Once this has run the device won't necessarily have working wifi as the normal boot script didn't start, so remove the SD card and start it up