Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Factory mode from a QR code #22

Open
alexbgreat opened this issue Feb 11, 2022 · 2 comments
Open

Factory mode from a QR code #22

alexbgreat opened this issue Feb 11, 2022 · 2 comments

Comments

@alexbgreat
Copy link

alexbgreat commented Feb 11, 2022

I had some notes from when I broke Merkury 720p cameras a couple years ago.

One thing I saw in the firmware that never worked was entering factory mode from a QR code. Turns out, it was just my cameras.

Make a qr code that says:

{"p":"Your Wifi password here","s":"Your SSID","t":"_MEARI56565099"}

and show it to the camera when it's in pairing mode, and it should switch to factory mode and enable HTTP on 8090. Tested on a Geeni Doorpeek / Bell 12S

{"devname":"Smart Home Camera","model":"Bell 12S","serialno":"000000000","softwareversion":"4.0.7","hardwareversion":"BE12S_A2GC1_915","firmwareversion":"ppstrong-a3-tuya2_general-4.0.7.20210513","identity":"11111111111111111","authkey":"aaaaaaaaaaaaaaa","deviceid":"aaaaaaaaaa","pid":"aaa","WiFi MAC":"sssssss","ETH MAC":"dddddddddd"}

@guino
Copy link
Owner

guino commented Feb 11, 2022

@alexbgreat that's kind of cool, but one thing to be aware is that 'factory mode' in most recent devices might prevent it from enabling RTSP/ONVIF functions (this is why on these versions we need to remove the ppsFactoryTool.txt file after we root it). It does make me wonder if we can use that QR feature for anything else (I'll have to look in the code when I have a chance).

@bi-os-050
Copy link

Make a qr code that says:

{"p":"Your Wifi password here","s":"Your SSID","t":"_MEARI56565099"}

This JSON is actually a bit familiar to me, I looked through some source code of the mobile app, and I found the QR code format used for pairing the device and connecting to the local Wi-Fi network is

String qrTxt = "{\"p\":\"" + wifiPassword + "\",\"s\":\"" + wifiSsid + "\",\"t\":\"" + token + "\"}";

Which would be {"p":"mysupersecretpassword","s":"mytotallyuniquessid","t":"mylegittoken"}

So I am going to make an educated guess that the token is just a session token which it looks for a camera with a matching one to avoid getting connected with some other rando's camera, but if the token is "_MEARI56565099", it is taken like the ppsFactoryTool.txt file instead and opens port 8090.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants