├── README.md
└── sdcard
├── backup
└── .gitignore
├── cls.conf.example
├── config.txt
├── debug_cmd.sh
├── hack
├── bin
│ ├── ar
│ ├── file
│ ├── ld
│ ├── magic.mgc
│ ├── nm
│ ├── objcopy
│ ├── objdump
│ ├── pv
│ ├── ranlib
│ ├── readelf
│ ├── size
│ ├── strace
│ ├── strings
│ ├── tcpdump
│ └── xxd
├── busybox
├── dropbear_ecdsa_host_key
├── dropbearmulti
├── etc
│ ├── group
│ ├── hosts
│ ├── passwd
│ ├── profile
│ └── shadow
├── goke_p2pcam_param
├── goke_volume
├── home
│ ├── VOICE.tgz
│ └── cls.conf.example
├── ptz
├── ptz-ctrl
└── www
│ ├── cgi-bin
│ ├── snapshot
│ ├── stream
│ └── webui
│ └── index.html
├── install
├── backup.sh
└── restore.sh
└── logs
└── .gitignore
/README.md:
--------------------------------------------------------------------------------
1 | # Hack for Cheap Chinese Goke GK7102 Cloud IP Cameras
2 |
3 | This hack is for various Chinese Goke GK7102 based IP Cameras. There are few different firmware varieties across various brands of cameras, which means it is impossible to know what exactly will work for you. Older firmware are more hackable because the root filesystem is mounted read/write. In the new firmwares the root filesystem is mounted read-only but the /home directory is writeable. This hack is based on (https://github.com/ant-thomas/zsgx1hacks)
4 |
5 |
6 | ## Working on the following camera models
7 |
8 | * V-Tac 1080P IP Indoor Camera (read-only version)
9 | * ZS-GX1
10 | * Snowman SRC-001
11 | * GUUDGO GD-SC01
12 | * GUUDGO GD-SC03
13 | * GUUDGO GD-SC11
14 | * Digoo DG-W01F
15 | * Digoo DG-MYQ
16 | * YSA CIPC-GC13H
17 | * KERUI CIPC-GC15HE (read-only version)
18 | * EYEPLUS CIPC-GC13H (read-only version)
19 | * HIP291-1M
20 | * 2M-AI
21 | * others on the GOKE processor: GK7102 (GK7102S)
22 |
23 |
24 | ## Features
25 |
26 | * Blocking cloud hosts
27 | * New version of BusyBox v1.26.2
28 | * Configurable settings
29 | * BusyBox FTP Server
30 | * dropbear SSH Server: root can login ssh without password
31 | * WebUI PTZ - (http://192.168.200.1:8080/cgi-bin/webui)
32 | * Debug and diagnostics tools: [andrew-d/static-binaries](https://github.com/andrew-d/static-binaries/tree/master/binaries/linux/arm)
33 | * Changes login credentials to ```user: root password: cxlinux```
34 | * Improved terminal experience
35 | * Wi-Fi configuration without cloud account
36 |
37 |
38 | ## Installation
39 |
40 | Current version works only from microSD card and do not require installation. It should work normaly on both old and new read-only firmwares.
41 |
42 | * Download the hack
43 | * Copy contents of folder ```sdcard``` to the main directory of a vfat/fat32 formatted microSD card
44 | * Change options in ```config.txt```
45 | * Insert microSD card into camera and reboot the device
46 | * Enjoy
47 |
48 |
49 | ## Security
50 |
51 | The security of these devices is terrible.
52 | * DO NOT expose these cameras to the internet.
53 | * For this hack, config.txt is used to decide what servers you want to run.
54 | * This hack is blocking the communication with the cloud providers, see /media/hack/etc/hosts.
55 | * By default the camera wants to use some app [YCC365 Plus](https://play.google.com/store/apps/details?id=com.ycc365plus.aws&hl=en)
56 | * tcpdump binary is included with this hack on /media/hack/bin/tcpdump
57 | * Logs in /tmp/closelicamera.log
58 | * The device was communicating with servers of icloseli.cn, icloseli.com and arcsoft.com
59 | * Some cameras are trying to use 30.108.91.227 and 47.104.139.168, even with the blocked hosts.
60 | ```
61 | 1970-01-01 12:39:32.251493 [4342] [APDirectConnect.cpp(136) bindUdpPort]Trace: Begin___
62 | 1970-01-01 12:39:32.252391 [4342] [APDirectConnect.cpp(157) bindUdpPort]Trace: udp bind port-9999 success.
63 | 1970-01-01 12:39:32.253287 [4342] [APDirectConnect.cpp(179) bindUdpPort]Trace: udp bind port-8888 success.
64 | 1970-01-01 12:39:32.229498 [4311] [Common.cpp(378) ParseCloudIniFile]Trace: read inifile, stun_server_ip = stun.icloseli.cn.
65 | 1970-01-01 12:39:32.257463 [4311] [Common.cpp(378) ParseCloudIniFile]Trace: read inifile, return_server_ip = relaycn.closeli.cn.
66 | 1970-01-01 12:39:32.265895 [4311] [NetInterface.cpp(453) GetIpByHostName]Error: can not get (stun.icloseli.cn) ip addr!
67 | 1970-01-01 12:39:32.267988 [4311] [P2PPlayback.cpp(913) Init]Trace: parse stun domain:stun.icloseli.cn, ret=0, ip=
68 | 1970-01-01 12:39:32.273120 [4311] [NetInterface.cpp(453) GetIpByHostName]Error: can not get (relaycn.closeli.cn) ip addr!
69 | 1970-01-01 12:39:32.274199 [4311] [P2PPlayback.cpp(918) Init]Trace: parse return domain:relaycn.closeli.cn, ret=0, ip=
70 | 1970-01-01 12:39:32.275416 [4311] [P2PNew.cpp(926) SetServerAddr]Trace: stunserver:47.104.139.168:19302, turnserver:30.108.91.227:5000
71 | 1970-01-01 12:39:32.276744 [4311] [P2PNew.cpp(53) P2PLogCb]Trace: ####p2p_log:M=CLP2P;V=c7ab521e;L=error;FC=createP2PClient;MSG=createP2PClient[No StunConfision] >>> build:[Nov 28 2018 16:31:52]
72 | ```
73 | * DO NOT expose these cameras to the internet.
74 |
75 |
76 | ## Instructions
77 |
78 | ### How to check version
79 |
80 | * Using an onvif tool/app like Onvifer (Android) should give firmware version.
81 | * You should also be able to find the firmware version by logging in via telnet and excuting the command
82 | * If you have already configured the camera with the cloud app there should be some info within the app showing firmware version.
83 | ```
84 | ls /tmp | grep -F 3. or ls /tmp | head -1
85 | ```
86 |
87 | ### Default Credentials
88 |
89 | IP Port Service Username Password
90 | ------ ---- ------- -------- --------
91 | 192.168.200.1 23 telnet root cxlinux
92 |
93 |
94 | ### RTSP Connection
95 |
96 | * rtsp://admin:@192.168.200.1:554
97 | * rtsp://admin:@192.168.200.1:554/0/av0 (with audio)
98 | * rtsp://admin:@192.168.200.1:554/0/av1 (low quality)
99 | * rtsp://admin:@192.168.200.1:8001
100 | * rtsp://admin:@192.168.200.1:8001/0/av0 (with audio)
101 | * rtsp://admin:@192.168.200.1:8001/0/av1 (low quality)
102 |
103 |
104 | ### Debug Scripts and Files
105 |
106 | By default, the startup script ```/home/start.sh``` will try to load and run some commands
107 |
108 | #### Files running from SD Card
109 |
110 | To run debug scripts create a file ```debug_cmd.sh``` on an SD card and you will be able to execute bash commands from it.
111 |
112 | #### Files copied from SD Card to /home
113 |
114 | ```*-hwcfg.ini, *-VOICE.tgz, *-ptz.cfg, *-hardinfo.bin, *-custom_init.sh```
115 |
116 | #### File will be flashed
117 |
118 | ```firmware.bin```
119 |
120 |
121 | ### Connect to Wi-fi network
122 |
123 | On the SD card, create the ```cls.conf``` file and write these 3 lines in it. Replace your_wifi_ssid and your_wifi_password with your credentials.
124 | ```
125 | [cls_server]
126 | ssid = your_wifi_ssid
127 | passwd = your_wifi_password
128 | ```
129 |
130 |
131 | ### Date and time
132 |
133 | Camera loses the date and time setting when it loses power. The time is updated from a remote server.
134 |
135 | You can set your date and time manualy by `date --set`
136 | ```
137 | Recognized TIME formats:
138 | hh:mm[:ss]
139 | [YYYY.]MM.DD-hh:mm[:ss]
140 | YYYY-MM-DD hh:mm[:ss]
141 | [[[[[YY]YY]MM]DD]hh]mm[.ss]
142 | 'date TIME' form accepts MMDDhhmm[[YY]YY][.ss] instead
143 | ```
144 | For example:
145 | `date --set="2023-03-23 16:10:00"`
146 |
147 |
148 | ### Disable the whitelight
149 |
150 | If you want to disable the whitelight you can edit `hwcfg.ini` and change support_doublelight from 2 to 1. Check [RussH007's comment](https://github.com/dc35956/gk7102-hack/issues/13) for more details.
151 | `support_doublelight = 1`
152 |
153 |
154 | ### Tweaks
155 |
156 | * [Security, RTSP, SSH, Video files to SD Card](https://github.com/ant-thomas/zsgx1hacks/pull/93/files)
157 | * [Logs and other useful ideas](https://github.com/ant-thomas/zsgx1hacks/pull/4/files)
158 | * [Original ant-thomas with Persistent hack](https://github.com/ant-thomas/zsgx1hacks)
159 | * [Read-only modular customizer by bolshevik](https://github.com/bolshevik/goke-GK7102-customizer)
160 |
161 |
162 |
163 | ## Device Details
164 |
165 | ### Product
166 |
167 | 1080P IP Indoor Camera EU Power Plug & Auto Track Function
168 | Brand: V-Tac
169 | Model: VT-5122
170 |
171 | [V-Tac 1080P IP Indoor Camera ](https://www.v-tac.eu/products/smart-home/cameras/1080p-ip-indoor-camera-eu-power-plug-auto-track-function-detail.html)
172 |
173 |
174 | ### Wi-Fi Manufacturer
175 |
176 | MAC Address: 88:E6:28:xx:xx:xx - Shenzhen Kezhonglong Optoelectronic Technology Co.,Ltd
177 | Floor 3, Bldg. 5, Area B, Xinfu Industrial Park, Chongqing Rd., Baoan Dist,Shenzhen,Guangdong, China Shenzhen Guangdong CN 518103
178 | (https://fccid.io/2AF2K-WM415)
179 |
180 |
181 | ### Software Versions
182 | ```
183 | $ ls /tmp | grep -F 3.
184 | 3.4.2.0724
185 | gc2033
186 |
187 | $ uname -a
188 | Linux localhost 3.4.43-gk #46 PREEMPT Wed Jun 26 13:47:34 CST 2019 armv6l GNU/Linux
189 |
190 | $ busybox
191 | BusyBox v1.22.1 (2019-06-18 19:35:31 CST) multi-call binary.
192 |
193 | $ cat /etc/issue
194 | Welcome to Goke Linux
195 |
196 | p2pcam
197 | ver: 3.4.2.0724
198 | Get Hardware Info: model:Y13, firmware-ident:eyeplus_ipc_gk_008
199 |
200 | "GOKE 7102C BOARD"
201 | ```
202 |
203 | ### Hardware info
204 | ```
205 | $ cat /home/hardinfo.bin
206 | 0
207 | 0
208 | 1007
209 | eyeplus_ipc_gk_008
210 | RS
211 | GK7102
212 |
213 | 53_0x00000000_0_0
214 | 33_0x00000000_0_0
215 | 15_0x00000000_0_1
216 | 12_0x00000000_0_1
217 | 44_0x00000000_0_1
218 | 39_0x00000000_0_1
219 |
220 | ```
221 |
222 | ### Open ports
223 | ```
224 | $ nmap -p- 192.168.200.1
225 | Nmap scan report for _gateway (192.168.200.1)
226 | Host is up (0.018s latency).
227 | Not shown: 65525 closed ports
228 | PORT STATE SERVICE
229 | 23/tcp open telnet
230 | 80/tcp open http
231 | 554/tcp open rtsp
232 | 843/tcp open unknown
233 | 3201/tcp open cpq-tasksmart
234 | 5050/tcp open mmcc
235 | 6670/tcp open irc
236 | 7101/tcp open elcn
237 | 7103/tcp open unknown
238 | 8001/tcp open vcom-tunnel
239 | ```
240 |
241 | ### Processor
242 | ```
243 | $ cat /proc/cpuinfo
244 | Processor : ARMv6-compatible processor rev 7 (v6l)
245 | BogoMIPS : 597.60
246 | Features : swp half fastmult vfp edsp java tls
247 | CPU implementer : 0x41
248 | CPU architecture: 7
249 | CPU variant : 0x0
250 | CPU part : 0xb76
251 | CPU revision : 7
252 |
253 | Hardware : Goke IPC Board
254 | Revision : 0000
255 | Serial : 0000000000000000
256 | $
257 | ```
258 |
259 | ### Memory
260 | ```
261 | $ cat /proc/meminfo
262 | MemTotal: 31844 kB
263 | MemFree: 2192 kB
264 | Buffers: 2284 kB
265 | Cached: 11256 kB
266 | SwapCached: 0 kB
267 | Active: 5488 kB
268 | Inactive: 11856 kB
269 | Active(anon): 3996 kB
270 | Inactive(anon): 536 kB
271 | Active(file): 1492 kB
272 | Inactive(file): 11320 kB
273 | Unevictable: 0 kB
274 | Mlocked: 0 kB
275 | SwapTotal: 0 kB
276 | SwapFree: 0 kB
277 | Dirty: 0 kB
278 | Writeback: 0 kB
279 | AnonPages: 3820 kB
280 | Mapped: 3412 kB
281 | Shmem: 728 kB
282 | Slab: 8548 kB
283 | SReclaimable: 1212 kB
284 | SUnreclaim: 7336 kB
285 | KernelStack: 656 kB
286 | PageTables: 384 kB
287 | NFS_Unstable: 0 kB
288 | Bounce: 0 kB
289 | WritebackTmp: 0 kB
290 | CommitLimit: 15920 kB
291 | Committed_AS: 163912 kB
292 | VmallocTotal: 2039808 kB
293 | VmallocUsed: 63408 kB
294 | VmallocChunk: 1005336 kB
295 | ```
296 |
297 | ### /etc/passwd
298 | ```
299 | $ cat /etc/passwd
300 | root:yE7gW4O0CSXXg:0:0::/root:/bin/sh
301 | daemon:x:1:1:daemon:/usr/sbin:/bin/sh
302 | bin:x:2:2:bin:/bin:/bin/sh
303 | sys:x:3:3:sys:/dev:/bin/sh
304 | sync:x:4:100:sync:/bin:/bin/sync
305 | mail:x:8:8:mail:/var/spool/mail:/bin/sh
306 | proxy:x:13:13:proxy:/bin:/bin/sh
307 | www-data:x:33:33:www-data:/var/www:/bin/sh
308 | backup:x:34:34:backup:/var/backups:/bin/sh
309 | operator:x:37:37:Operator:/var:/bin/sh
310 | haldaemon:x:68:68:hald:/:/bin/sh
311 | dbus:x:81:81:dbus:/var/run/dbus:/bin/sh
312 | ftp:x:83:83:ftp:/home/ftp:/bin/sh
313 | nobody:x:99:99:nobody:/home:/bin/sh
314 | sshd:x:103:99:Operator:/var:/bin/sh
315 | default:x:1000:1000:Default non-root user:/home/default:/bin/sh
316 | ```
317 |
318 | ### cat /home/cloud.ini
319 | ```
320 | [SERVERINFO]
321 | server_name=arcsoft.com
322 | xmpp_server_ip=xmpp.icloseli.cn.
323 | relay_server_ip=relaycn.arcsoftcloud.com
324 | auto_update_server_ip=update.icloseli.cn.
325 | lecam_purchase_server_ip=esd.icloseli.cn.
326 | upns_pnserver=upns.icloseli.cn.
327 | upns_xmpp_name=arcsoft.com
328 | upns_xmpp_ip=xmpp.icloseli.cn.
329 | argus_api_server_ip=argus.icloseli.cn.
330 | argus_server_ip=argus.icloseli.cn.
331 | relay_server_domain_name=relay.icloseli.cn.
332 | stun_server_ip=stun.icloseli.cn.
333 | cloud_auth_server_name=api.icloseli.cn.
334 | bell_server_ip=bell.icloseli.cn
335 | return_server_ip=relaycn.closeli.cn
336 | ```
337 |
338 |
339 | ## References
340 |
341 | * [V-Tac VT-5122: 1080P IP Indoor Camera EU Power Plug & Auto Track Function](https://www.v-tac.eu/products/smart-home/cameras/1080p-ip-indoor-camera-eu-power-plug-auto-track-function-detail.html)
342 |
343 | * [Hacks for ZS-GX1 IP Camera and various Goke GK7102 based IP Cameras](https://github.com/ant-thomas/zsgx1hacks)
344 |
345 | * [The BusyBox project](https://busybox.net/)
346 |
347 | * [ARM Binary andrew-d/static-binaries](https://github.com/andrew-d/static-binaries/tree/master/binaries/linux/arm)
348 |
349 | * [WiFi IP CloudCamer-ы: HIP291-1M/2M-AI, Digoo DG-W01F, Digoo DG-MYQ и другие на процессоре от GOKE: GK7102 (GK7102S)](https://4pda.ru/forum/index.php?showtopic=928641)
350 |
351 | * [GOKE HD IP CAMERA SOLUTION GK7101 GK7102](https://www.unifore.net/company-highlights/goke-hd-ip-camera-solution-gk7101-gk7102.html)
352 |
353 | * [Aliexpress: INQMEGA 1080P Cloud Wireless IP Camera Intelligent Auto Tracking](https://www.aliexpress.com/item/32796421899.html)
354 |
355 | * [threat9/routersploit - Exploitation Framework for Embedded Devices](https://github.com/threat9/routersploit)
356 |
357 | * [GK7102 Based IP Camera](https://gist.github.com/brianpow/d8eeaee0879b1fd46ccedfae04799f49)
358 |
359 | * [Read-only modular GOKE GK7102/GK7102S camera customizer](https://github.com/bolshevik/goke-GK7102-customizer)
360 |
--------------------------------------------------------------------------------
/sdcard/backup/.gitignore:
--------------------------------------------------------------------------------
1 | # Ignore everything in this directory
2 | *
3 | # Except this file
4 | !.gitignore
5 |
--------------------------------------------------------------------------------
/sdcard/cls.conf.example:
--------------------------------------------------------------------------------
1 | [cls_server]
2 | ssid = your_wifi_ssid
3 | passwd = your_wifi_password
4 |
--------------------------------------------------------------------------------
/sdcard/config.txt:
--------------------------------------------------------------------------------
1 |
2 | #####################################################################
3 | ## Wi-Fi Settings
4 |
5 | HACK_WIFI=NO
6 | WIFI_SSID=your_wifi_ssid
7 | WIFI_PASSWORD=your_wifi_password
8 |
9 |
10 | #####################################################################
11 | ## Servers
12 |
13 | # Busybox httpd for WebUI PTZ
14 | HACK_HTTPD=YES
15 |
16 | # SSH Server - user root with no password required
17 | HACK_SSH=YES
18 |
19 | # FTP Server
20 | HACK_FTP=YES
21 |
22 | # Telnet Server
23 | HACK_TELNET=YES
24 |
25 |
26 | #####################################################################
27 | ## System Settings
28 |
29 | # Silence Voices
30 | # Possibly causes some cameras to fail, use at your own risk
31 | VOICE=NO
32 |
33 | # Block cloud services
34 | HACK_CLOUD=YES
35 |
36 |
37 | #####################################################################
38 | ## Installation Settings - TODO
39 | # These setting are not used at the moment.
40 | # This version only works from SD Card!
41 |
42 | # Persistent hack
43 | # Write changes on disk, SD Card NOT required after hack is installed.
44 | # This option may require your device's root filesystem to be read/write mounted
45 | PERSISTENT=NO
46 |
47 | # System Restore
48 | RESTORE=NO
49 |
--------------------------------------------------------------------------------
/sdcard/debug_cmd.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | # mount sd card to separate location
4 | if [ -b /dev/mmcblk0p1 ]; then
5 | mount /dev/mmcblk0p1 /media
6 | elif [ -b /dev/mmcblk0 ]; then
7 | mount /dev/mmcblk0 /media
8 | fi
9 |
10 | # include config
11 | . /media/config.txt
12 |
13 | # confirm hack type
14 | touch /home/HACKSD
15 | mkdir -p /home/busybox
16 |
17 | # install updated version of busybox
18 | mount --bind /media/hack/busybox /bin/busybox
19 | /bin/busybox --install -s /home/busybox
20 |
21 |
22 | ## Mount /etc/ files from microSD card
23 | # env
24 | mount --bind /media/hack/etc/profile /etc/profile
25 | # users and groups
26 | mount --bind /media/hack/etc/group /etc/group
27 | mount --bind /media/hack/etc/passwd /etc/passwd
28 | mount --bind /media/hack/etc/shadow /etc/shadow
29 | # update hosts file to prevent communication
30 | if [ "$HACK_CLOUD" = "YES" ]; then
31 | mount --bind /media/hack/etc/hosts /etc/hosts
32 | fi
33 |
34 |
35 |
36 | # Wi-Fi Settings
37 | if [ "$HACK_WIFI" = "YES" ]; then
38 | echo "[cls_server]" > cls.conf
39 | echo "ssid = $WIFI_SSID" >> cls.conf
40 | echo "passwd = $WIFI_PASSWORD" >> cls.conf
41 | fi
42 |
43 |
44 | ## Servers
45 |
46 | # Busybox httpd
47 | if [ "$HACK_HTTPD" = "YES" ]; then
48 | /home/busybox/httpd -p 8080 -h /media/hack/www
49 | fi
50 |
51 | # SSH Server - user root with no password required
52 | if [ "$HACK_SSH" = "YES" ]; then
53 | /media/hack/dropbearmulti dropbear -r /media/hack/dropbear_ecdsa_host_key -B
54 | fi
55 |
56 | # FTP Server
57 | if [ "$HACK_FTP" = "YES" ]; then
58 | (/home/busybox/tcpsvd -E 0.0.0.0 21 /home/busybox/ftpd -w / ) &
59 | fi
60 |
61 | # Telnet Server
62 | if [ "$HACK_TELNET" = "NO" ]; then
63 | start-stop-daemon -K -n telnetd
64 | fi
65 |
66 |
67 |
68 |
69 | # Sync the time
70 | (sleep 20 && /home/busybox/ntpd -q -p 0.uk.pool.ntp.org ) &
71 |
72 |
73 | # Silence the voices
74 | if [ "$VOICE" = "YES" ]; then
75 | mount --bind /media/hack/home/VOICE.tgz /home/VOICE.tgz
76 | fi
77 |
--------------------------------------------------------------------------------
/sdcard/hack/bin/ar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dc35956/gk7102-hack/bab800b03375c1f3488abb754b50738162fb715a/sdcard/hack/bin/ar
--------------------------------------------------------------------------------
/sdcard/hack/bin/file:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dc35956/gk7102-hack/bab800b03375c1f3488abb754b50738162fb715a/sdcard/hack/bin/file
--------------------------------------------------------------------------------
/sdcard/hack/bin/ld:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dc35956/gk7102-hack/bab800b03375c1f3488abb754b50738162fb715a/sdcard/hack/bin/ld
--------------------------------------------------------------------------------
/sdcard/hack/bin/magic.mgc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dc35956/gk7102-hack/bab800b03375c1f3488abb754b50738162fb715a/sdcard/hack/bin/magic.mgc
--------------------------------------------------------------------------------
/sdcard/hack/bin/nm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dc35956/gk7102-hack/bab800b03375c1f3488abb754b50738162fb715a/sdcard/hack/bin/nm
--------------------------------------------------------------------------------
/sdcard/hack/bin/objcopy:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dc35956/gk7102-hack/bab800b03375c1f3488abb754b50738162fb715a/sdcard/hack/bin/objcopy
--------------------------------------------------------------------------------
/sdcard/hack/bin/objdump:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dc35956/gk7102-hack/bab800b03375c1f3488abb754b50738162fb715a/sdcard/hack/bin/objdump
--------------------------------------------------------------------------------
/sdcard/hack/bin/pv:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dc35956/gk7102-hack/bab800b03375c1f3488abb754b50738162fb715a/sdcard/hack/bin/pv
--------------------------------------------------------------------------------
/sdcard/hack/bin/ranlib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dc35956/gk7102-hack/bab800b03375c1f3488abb754b50738162fb715a/sdcard/hack/bin/ranlib
--------------------------------------------------------------------------------
/sdcard/hack/bin/readelf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dc35956/gk7102-hack/bab800b03375c1f3488abb754b50738162fb715a/sdcard/hack/bin/readelf
--------------------------------------------------------------------------------
/sdcard/hack/bin/size:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dc35956/gk7102-hack/bab800b03375c1f3488abb754b50738162fb715a/sdcard/hack/bin/size
--------------------------------------------------------------------------------
/sdcard/hack/bin/strace:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dc35956/gk7102-hack/bab800b03375c1f3488abb754b50738162fb715a/sdcard/hack/bin/strace
--------------------------------------------------------------------------------
/sdcard/hack/bin/strings:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dc35956/gk7102-hack/bab800b03375c1f3488abb754b50738162fb715a/sdcard/hack/bin/strings
--------------------------------------------------------------------------------
/sdcard/hack/bin/tcpdump:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dc35956/gk7102-hack/bab800b03375c1f3488abb754b50738162fb715a/sdcard/hack/bin/tcpdump
--------------------------------------------------------------------------------
/sdcard/hack/bin/xxd:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dc35956/gk7102-hack/bab800b03375c1f3488abb754b50738162fb715a/sdcard/hack/bin/xxd
--------------------------------------------------------------------------------
/sdcard/hack/busybox:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dc35956/gk7102-hack/bab800b03375c1f3488abb754b50738162fb715a/sdcard/hack/busybox
--------------------------------------------------------------------------------
/sdcard/hack/dropbear_ecdsa_host_key:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dc35956/gk7102-hack/bab800b03375c1f3488abb754b50738162fb715a/sdcard/hack/dropbear_ecdsa_host_key
--------------------------------------------------------------------------------
/sdcard/hack/dropbearmulti:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dc35956/gk7102-hack/bab800b03375c1f3488abb754b50738162fb715a/sdcard/hack/dropbearmulti
--------------------------------------------------------------------------------
/sdcard/hack/etc/group:
--------------------------------------------------------------------------------
1 | root:x:0:
2 | daemon:x:1:
3 | bin:x:2:
4 | sys:x:3:
5 | adm:x:4:
6 | tty:x:5:
7 | disk:x:6:
8 | wheel:x:10:
9 | audio:x:29:
10 | www-data:x:33:
11 | utmp:x:43:
12 | staff:x:50:
13 | lock:x:54:
14 | haldaemon:x:68:
15 | dbus:x:81:
16 | netdev:x:82:
17 | ftp:x:83:
18 | nobody:x:99:
19 | nogroup:x:99:
20 | users:x:100:
21 | default:x:1000:
22 |
--------------------------------------------------------------------------------
/sdcard/hack/etc/hosts:
--------------------------------------------------------------------------------
1 | 127.0.0.1 localhost
2 | 127.0.1.1 goke
3 |
4 | 127.0.0.1 arcsoft.com
5 | 127.0.0.1 xmpp.icloseli.cn
6 | 127.0.0.1 update.icloseli.cn
7 | 127.0.0.1 esd.icloseli.cn
8 | 127.0.0.1 upns.icloseli.cn
9 | 127.0.0.1 argus.icloseli.cn
10 | 127.0.0.1 relay.icloseli.cn
11 | 127.0.0.1 stun.icloseli.cn
12 | 127.0.0.1 api.icloseli.cn
13 | 127.0.0.1 bell.icloseli.cn
14 |
15 | 127.0.0.1 relaycn.arcsoftcloud.com
16 | 127.0.0.1 xmpp.icloseli.com
17 | 127.0.0.1 relayus-w.arcsoftcloud.com
18 | 127.0.0.1 update.icloseli.com
19 | 127.0.0.1 esd.icloseli.com
20 | 127.0.0.1 upns.icloseli.com
21 | 127.0.0.1 argus.icloseli.com
22 | 127.0.0.1 relay.icloseli.com
23 | 127.0.0.1 stun.icloseli.com
24 | 127.0.0.1 api.icloseli.com
25 | 127.0.0.1 bell.icloseli.com
26 |
--------------------------------------------------------------------------------
/sdcard/hack/etc/passwd:
--------------------------------------------------------------------------------
1 | root:yi.LoBvyUCv0k:0:0:root:/root/:/bin/sh
2 |
--------------------------------------------------------------------------------
/sdcard/hack/etc/profile:
--------------------------------------------------------------------------------
1 | # ~/.bashrc: executed by bash(1) for non-login interactive shells.
2 |
3 | export PATH=\
4 | /home/busybox:\
5 | /media/hack/hackenv:\
6 | /bin:\
7 | /sbin:\
8 | /usr/bin:\
9 | /usr/sbin:\
10 | /usr/bin/X11:\
11 | /usr/local/bin
12 |
13 | # If running interactively, then:
14 | if [ "$PS1" ]; then
15 |
16 | if [ "$BASH" ]; then
17 | export PS1="[\u@\h \W]\\$ "
18 | alias ll='/bin/ls --color=tty -laFh'
19 | alias ls='/bin/ls --color=tty -F'
20 | export LS_COLORS='no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.gz=01;31:*.bz2=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.jpg=01;35:*.jpeg=01;35:*.png=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.mpg=01;35:*.mpeg=01;35:*.avi=01;35:*.fli=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:';
21 | else
22 | if [ "`id -u`" -eq 0 ]; then
23 | export PS1='# '
24 | else
25 | export PS1='$ '
26 | fi
27 | fi
28 |
29 | export USER=`id -un`
30 | export LOGNAME=$USER
31 | export HOSTNAME=`/bin/hostname`
32 | export HISTSIZE=1000
33 | export HISTFILESIZE=1000
34 | export PAGER='/bin/more '
35 | export EDITOR='/bin/vi'
36 | export INPUTRC=/etc/inputrc
37 | export DMALLOC_OPTIONS=debug=0x34f47d83,inter=100,log=logfile
38 |
39 | ### Some aliases
40 | alias ps2='ps facux '
41 | alias ps1='ps faxo "%U %t %p %a" '
42 | alias af='ps af'
43 | alias cls='clear'
44 | alias df='df -h'
45 | alias indent='indent -bad -bap -bbo -nbc -br -brs -c33 -cd33 -ncdb -ce -ci4 -cli0 -cp33 -cs -d0 -di1 -nfc1 -nfca -hnl -i4 -ip0 -l75 -lp -npcs -npsl -nsc -nsob -nss -ts4 '
46 | #alias bc='bc -l'
47 | alias minicom='minicom -c on'
48 | alias calc='calc -Cd '
49 | alias bc='calc -Cd '
50 | fi;
51 |
52 | # Source configuration files from /etc/profile.d
53 | for i in /etc/profile.d/*.sh ; do
54 | if [ -r "$i" ]; then
55 | . $i
56 | fi
57 | done
58 |
59 | # enable color support
60 | if [ $(id -u) -eq 0 ]; then
61 | # You are root, set red colour prompt
62 | PS1="\e[0;31m[\\u@\\h:\\w]\e[m# "
63 | else
64 | # Normal user so green prompt
65 | PS1="\e[0;32m[\\u@\\h:\\w]\e[m$ "
66 | fi
67 |
68 | # some more ls aliases
69 | alias ll='ls -alF'
70 | alias la='ls -A'
71 | alias l='ls -CF'
72 |
--------------------------------------------------------------------------------
/sdcard/hack/etc/shadow:
--------------------------------------------------------------------------------
1 | root::10933:0:99999:7:::
2 | bin:*:10933:0:99999:7:::
3 | daemon:*:10933:0:99999:7:::
4 | adm:*:10933:0:99999:7:::
5 | lp:*:10933:0:99999:7:::
6 | sync:*:10933:0:99999:7:::
7 | shutdown:*:10933:0:99999:7:::
8 | halt:*:10933:0:99999:7:::
9 | uucp:*:10933:0:99999:7:::
10 | operator:*:10933:0:99999:7:::
11 | ftp:*:10933:0:99999:7:::
12 | nobody:*:10933:0:99999:7:::
13 | default::10933:0:99999:7:::
14 |
--------------------------------------------------------------------------------
/sdcard/hack/goke_p2pcam_param:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dc35956/gk7102-hack/bab800b03375c1f3488abb754b50738162fb715a/sdcard/hack/goke_p2pcam_param
--------------------------------------------------------------------------------
/sdcard/hack/goke_volume:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dc35956/gk7102-hack/bab800b03375c1f3488abb754b50738162fb715a/sdcard/hack/goke_volume
--------------------------------------------------------------------------------
/sdcard/hack/home/VOICE.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dc35956/gk7102-hack/bab800b03375c1f3488abb754b50738162fb715a/sdcard/hack/home/VOICE.tgz
--------------------------------------------------------------------------------
/sdcard/hack/home/cls.conf.example:
--------------------------------------------------------------------------------
1 | [cls_server]
2 | ssid = your_wifi_ssid
3 | passwd = your_wifi_password
4 |
--------------------------------------------------------------------------------
/sdcard/hack/ptz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dc35956/gk7102-hack/bab800b03375c1f3488abb754b50738162fb715a/sdcard/hack/ptz
--------------------------------------------------------------------------------
/sdcard/hack/ptz-ctrl:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | #
3 |
4 | if [ -f /home/HACKP ]; then
5 | ptzfolder="/home/hack"
6 | elif [ -f /home/HACKSD ]; then
7 | ptzfolder="/media/hack"
8 | fi
9 |
10 | if [ $1 = "u" ];
11 | then
12 | $ptzfolder/ptz 0x65 0x14 && sleep 0.5 && $ptzfolder/ptz 0x64 0x14
13 | fi
14 | if [ $1 = "d" ];
15 | then
16 | $ptzfolder/ptz 0x66 0x14 && sleep 0.5 && $ptzfolder/ptz 0x64 0x14
17 | fi
18 | if [ $1 = "l" ];
19 | then
20 | $ptzfolder/ptz 0x67 0x14 && sleep 0.5 && $ptzfolder/ptz 0x64 0x14
21 | fi
22 | if [ $1 = "r" ];
23 | then
24 | $ptzfolder/ptz 0x68 0x14 && sleep 0.5 && $ptzfolder/ptz 0x64 0x14
25 | fi
26 | if [ $1 = "lu" ];
27 | then
28 | $ptzfolder/ptz 0x69 0x200020 && sleep 0.5 && $ptzfolder/ptz 0x64 0x14
29 | fi
30 | if [ $1 = "ld" ];
31 | then
32 | $ptzfolder/ptz 0x6a 0x200020 && sleep 0.5 && $ptzfolder/ptz 0x64 0x14
33 | fi
34 | if [ $1 = "ru" ];
35 | then
36 | $ptzfolder/ptz 0x6b 0x200020 && sleep 0.5 && $ptzfolder/ptz 0x64 0x14
37 | fi
38 | if [ $1 = "rd" ];
39 | then
40 | $ptzfolder/ptz 0x6c 0x200020 && sleep 0.5 && $ptzfolder/ptz 0x64 0x14
41 | fi
42 |
43 |
--------------------------------------------------------------------------------
/sdcard/hack/www/cgi-bin/snapshot:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | #
3 | echo "Content-type: image/jpeg"
4 | echo ""
5 | /home/busybox/wget http://localhost:554/snapshot -O -
6 |
--------------------------------------------------------------------------------
/sdcard/hack/www/cgi-bin/stream:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | #
3 | echo "Content-Type: multipart/x-mixed-replace; boundary=--boundary"
4 | echo ""
5 | while true
6 | do
7 | echo "--boundary"
8 | echo "Content-Type: image/jpeg"
9 | echo ""
10 | /home/busybox/wget http://localhost:554/snapshot -O -
11 | done
12 |
--------------------------------------------------------------------------------
/sdcard/hack/www/cgi-bin/webui:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | #
3 | echo "Content-type: text/html"
4 | echo ""
5 | command=`echo "$QUERY_STRING" | awk '{split($0,array,"&")} END{print array[1]}' | awk '{split($0,array,"=")} END{print array[2]}'`
6 | date=`date`
7 | ipadd=`ip route get 1 | awk '{print $NF;exit}'`
8 | uptime=`uptime`
9 |
10 |
11 | cat <
13 |
14 |
15 | Camera - WebUI
16 |
17 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
39 |
40 | |
41 | |
42 | |
43 |
44 |
45 | |
46 | PTZ |
47 | |
48 |
49 |
50 | |
51 | |
52 | |
53 |
54 |
55 |
56 | Date - $date
57 |
58 | IP Address - $ipadd
59 |
60 | Uptime - $uptime
61 |
62 |
63 |
66 |
67 |
68 |
69 | EOT
70 |
71 | if [ -f /home/HACKP ]; then
72 | ptzfolder="/home/hack"
73 | elif [ -f /home/HACKSD ]; then
74 | ptzfolder="/media/hack"
75 | fi
76 |
77 |
78 | if [ "$command" = "iron" ]; then
79 | gio -s 46 1 > /dev/null
80 | fi
81 | if [ "$command" = "iroff" ]; then
82 | gio -s 46 0 > /dev/null
83 | fi
84 | if [ "$command" = "ptzu" ]; then
85 | $ptzfolder/ptz-ctrl u > /dev/null
86 | fi
87 | if [ "$command" = "ptzd" ]; then
88 | $ptzfolder/ptz-ctrl d > /dev/null
89 | fi
90 | if [ "$command" = "ptzl" ]; then
91 | $ptzfolder/ptz-ctrl l > /dev/null
92 | fi
93 | if [ "$command" = "ptzr" ]; then
94 | $ptzfolder/ptz-ctrl r > /dev/null
95 | fi
96 | if [ "$command" = "ptzlu" ]; then
97 | $ptzfolder/ptz-ctrl lu > /dev/null
98 | fi
99 | if [ "$command" = "ptzld" ]; then
100 | $ptzfolder/ptz-ctrl ld > /dev/null
101 | fi
102 | if [ "$command" = "ptzru" ]; then
103 | $ptzfolder/ptz-ctrl ru > /dev/null
104 | fi
105 | if [ "$command" = "ptzrd" ]; then
106 | $ptzfolder/ptz-ctrl rd > /dev/null
107 | fi
108 |
--------------------------------------------------------------------------------
/sdcard/hack/www/index.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 | WebUI
7 |
8 |
--------------------------------------------------------------------------------
/sdcard/install/backup.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | cp -R /home /media/backup/home
4 |
--------------------------------------------------------------------------------
/sdcard/install/restore.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | #
3 |
4 | #remove hack files
5 | rm -rf /home/hack
6 | rm /home/HACKP
7 | rm /home/HACKSD
8 |
9 |
10 | #Rename debug_cmd.sh to prevent it running again
11 | #mv /media/debug_cmd.sh /media/debug_cmd.sh.restore
12 |
13 | #reboot to apply hacks
14 | #reboot
15 |
--------------------------------------------------------------------------------
/sdcard/logs/.gitignore:
--------------------------------------------------------------------------------
1 | # Ignore everything in this directory
2 | *
3 | # Except this file
4 | !.gitignore
5 |
--------------------------------------------------------------------------------