Author Topic: Lost password of wifi endoscope cam  (Read 19829 times)

0 Members and 1 Guest are viewing this topic.

Offline diy3d

  • Newbie
  • Posts: 3
  • Country: nl
Lost password of wifi endoscope cam
« on: September 07, 2017, 09:59:08 pm »
Hi,

I bought myself a Wifi endoscope camera. The main module is a Wi-Fi accesspoint and with an App, the images can be received on your phone. I was satisfied this device was working well until I changed the default wifi password.  Yes I lost it, I can not remember it anymore. I tried to reset the device so I could use the default 12345678 password...but no way :-\ I asked the the supplier, searched the internet, tried the reset button in all possible combination with the powerbutton, I tried make a USB connect with Putty, I removed the wifi and memory module from the power pcb .. no success. |O
I guess the Wi-Fi configuration and password stored in the program memory of the Ralink RT5350.

So the big question, how do I reset the device?

Therefore, I decided to investigate the device further.

Wifi Endoscoop Module: ZCF99
Os: Linux 2.6.32
Port: 23 tcp open telnet BusyBox telnetd 

WiFi module: Ralink RT5350
Memory module: Etrontech EM63A165TS-6G 16M X 16 Bit Synchronous DRAM (SDRAM)
Serial interface: Macronix  MX25L3206E

Attached pictures show the various components.

Kind Regards

 

Offline RobertHolcombe

  • Frequent Contributor
  • **
  • Posts: 273
  • Country: au
Re: Lost password of wifi endoscope cam
« Reply #1 on: September 07, 2017, 10:17:27 pm »
How did you change the password originally?
 

Offline joao2004

  • Contributor
  • Posts: 11
  • Country: pt
Re: Lost password of wifi endoscope cam
« Reply #2 on: September 07, 2017, 10:41:16 pm »
Have you tried password 88888888 ?
 

Offline alexanderbrevig

  • Frequent Contributor
  • **
  • Posts: 583
  • Country: no
  • Musician, programmer and EE hobbyist
    • alexanderbrevig.com
Re: Lost password of wifi endoscope cam
« Reply #3 on: September 07, 2017, 10:46:02 pm »
Take a deep look inside yourself and ask if maybe it's worth it just to get a new one...?  Yes, there's a joke there somewhere.
 
The following users thanked this post: tooki

Offline cstratton

  • Regular Contributor
  • *
  • Posts: 51
  • Country: us
Re: Lost password of wifi endoscope cam
« Reply #4 on: September 08, 2017, 04:36:15 am »
With a RT5350, what you have is basically a little router that think's it's a camera.

Compare something like this: https://wiki.openwrt.org/toh/hootoo/tripmate-nano

Password will be in the SPI flash, yes.  But likely holding down the reset button for a while will get it to wipe the writable overlay partition and revert to the underlying read only state - typically that's a jffs2 near the end that mounts over the top of a squashfs filling the middle of the chip.

Or look for a UART hearder and see if you can get into U-Boot.

Or hold the CPU in reset and have at the flash with some other access device and micrograbber leads - though do pay attention to the designed voltage.
 

Offline diy3d

  • Newbie
  • Posts: 3
  • Country: nl
Re: Lost password of wifi endoscope cam
« Reply #5 on: September 08, 2017, 08:15:20 am »
How did you change the password originally?
There is an APP called WiFi_View, you can configure the the resolution, SSID, clear or modify password etc.

Have you tried password 88888888 ?
Sure, no results ::)

Take a deep look inside yourself and ask if maybe it's worth it just to get a new one...?  Yes, there's a joke there somewhere.
Do you mean the price is a joke ??? I agree ;)

@cstratton, thanks for the advice :)

 

Offline polli

  • Contributor
  • Posts: 32
  • Country: aq
Re: Lost password of wifi endoscope cam
« Reply #6 on: September 08, 2017, 08:47:05 am »
Since you own this thing, I think this tool should be legal to use for you: https://www.aircrack-ng.org/
I never actually had to use it, but I think that if your password is really basic (like just numbers or just lowercase digits) and you use the appropriate options, you should be able to find it fairly quickly.

Again, I never used this so I can't give you a command ready to execute, but you should be able to find something in the docs or on a tutorial.
0xBE447ABE6628374FEAEB
 

Offline diy3d

  • Newbie
  • Posts: 3
  • Country: nl
Re: Lost password of wifi endoscope cam
« Reply #7 on: September 08, 2017, 09:57:56 am »
Hi thank you, that is an interesting tool.  :)
 

Online Mechatrommer

  • Super Contributor
  • ***
  • Posts: 9067
  • Country: my
  • reassessing directives...
Re: Lost password of wifi endoscope cam
« Reply #8 on: September 08, 2017, 12:29:05 pm »
Take a deep look inside yourself and ask if maybe it's worth it just to get a new one...?  Yes, there's a joke there somewhere.
Do you mean the price is a joke ??? I agree ;)
dont change default password if there is no good reason. and dont forget your password. those are among the jokes... if its easy to reset your device, it will be equally easy to reset other people's device.
if something can select, how cant it be intelligent? if something is intelligent, how cant it exist?
 

Offline NiHaoMike

  • Super Contributor
  • ***
  • Posts: 5524
  • Country: us
  • "Don't turn it on - Take it apart!"
    • Facebook Page
Re: Lost password of wifi endoscope cam
« Reply #9 on: September 08, 2017, 02:18:06 pm »
if its easy to reset your device, it will be equally easy to reset other people's device.
I think the intent of the password is to prevent hackers from breaking into the connection, not to render a stolen device unusable.
Cryptocurrency has taught me to love math and at the same time be baffled by it.

Cryptocurrency lesson 0: Altcoins and Bitcoin are not the same thing.
 

Offline polli

  • Contributor
  • Posts: 32
  • Country: aq
Re: Lost password of wifi endoscope cam
« Reply #10 on: September 08, 2017, 03:27:20 pm »
if its easy to reset your device, it will be equally easy to reset other people's device.

this is not correct, because when resetting your device you usually have physical access. There are devices where security is an issue in case of physical access from an attacker, but this is not such a device. If you have physical access to a laptop, even if it was encrypted correctly, you can just "reset" it by booting from an usb drive and installing a fresh OS. If you steal a phone you can still wipe it and use it with your stuff.
0xBE447ABE6628374FEAEB
 

Offline KingVidiot

  • Contributor
  • Posts: 19
Re: Lost password of wifi endoscope cam
« Reply #11 on: February 06, 2019, 07:13:40 am »
Have you tried password 88888888 ?

thanks, worked perfectly for me on my XJ_wifibox :-)
I should have guessed that since the Chinese really love the number 8
 

Offline soldar

  • Super Contributor
  • ***
  • Posts: 2352
  • Country: es
Re: Lost password of wifi endoscope cam
« Reply #12 on: February 06, 2019, 09:36:41 am »
Since you own this thing, I think this tool should be legal to use for you: https://www.aircrack-ng.org/
I do not think that will help. I think the way it works is that you need to have a valid handshake from someone who logged in with the correct password. Then aircrack tries whatever passwords you tell it to try and it will see if one matches the existing handshake.

In other words, you cannot do anything unless you have a valid handshake.
All my posts are made with 100% recycled electrons and bare traces of grey matter.
 

Offline n8henrie

  • Newbie
  • Posts: 1
  • Country: us
Re: Lost password of wifi endoscope cam
« Reply #13 on: February 11, 2019, 06:48:20 pm »
I ran into this same issue with a similar endoscope and did a writeup of how I figured out the WiFi password, the telnet account and password, and how to configure the endoscope by sending some UDP packets.

The writeup begins here: https://n8henrie.com/2019/02/reverse-engineering-my-wifi-endoscope-part-1/

The short answer is that you'll need to connect to the TX2 and RX2 serial debug ports at 57600 baud, it will print out your WiFi password. (Without that, unfortunately you obviously wouldn't be able to connect by telnet or send any commands over UDP.)

Ran into this post while I was googling for an answer, so thought I'd register to post my solution!
 
The following users thanked this post: Fred27


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf