Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bullet 4S Merkury firmware version: ppstrong-a3-tuya2_merkury-4.0.6.20210310 WITHOUT patched ppsapp #9

Closed
williamkennyAK opened this issue Sep 23, 2021 · 20 comments

Comments

@williamkennyAK
Copy link

williamkennyAK commented Sep 23, 2021

Here's the output of deviceinfo:

{
"devname":"Smart Home Camera",
"model":"Bullet 4S",
"serialno":"101088550",
"softwareversion":"4.0.6",
"hardwareversion":"B4S_V10_A2_2063",
"firmwareversion":"ppstrong-a3-tuya2_merkury-4.0.6.20210310",
"identity":"M3R0019H5701608572",
"authkey":"LB7x0ANcVo7AEwEA1JqPr8KzUP44V2sv",
"deviceid":"pp0196ff4a66aeecd128",
"pid":"aaa",
"WiFi MAC":"84:7a:b6:87:67:35",
"ETH MAC":"00:00:00:00:00:00"
}

Attached is my ppsapp (zip)

I've been banging my head on the wall trying to patch it and it just keeps rebooting over and over on me.

There does seem to be a match that I've tried, but it just does not work...

Thank you!!!
--deleted--

@williamkennyAK
Copy link
Author

I'm going to self-close this... Turns out this version already supports ONVIF out of the box. No need to patch ppsapp, just enable onvif_enable=1 in tuya_config.json.

@williamkennyAK williamkennyAK changed the title Patch Request Bullet 4S Merkury firmware version: ppstrong-a3-tuya2_merkury-4.0.6.20210310 WITHOUT patched ppsapp Sep 23, 2021
@williamkennyAK
Copy link
Author

Confirmed on a second camera.

To recreate, I followed all the steps until patching ppsapp then did the following:

  1. telnet into camera
  2. modify /home/cfg/tuya_config.json
    (a) change onvif_enable=0 to onvif_enable=1
    (b) change onvif_pwd to the password you wish (plaintext)
  3. run the following command:
    set onvif_enable 1
  4. reboot by running the reboot command

That's it, once it rebooted you can access the rtsp stream.

I used the following program to determine the rtsp stream addresses:
https://github.com/paullouisageneau/gsoap-onvif

Here's the output:

[2021-09-23 23:36:06] [main.cpp] [26] {error:3 faultstring:Validation constraint violation: tag name or namespace mismatch in element 'env:Fault' faultcode:SOAP-ENV:Sender faultsubcode:(null) faultdetail:(null)}
[2021-09-23 23:36:06] [main.cpp] [115] {-------------------Device-------------------}
[2021-09-23 23:36:06] [main.cpp] [116] {XAddr:http://192.168.2.207:8000/onvif/device_service}
[2021-09-23 23:36:06] [main.cpp] [118] {-------------------Network-------------------}
[2021-09-23 23:36:06] [main.cpp] [119] {IPFilter:Y}
[2021-09-23 23:36:06] [main.cpp] [120] {ZeroConfiguration:Y}
[2021-09-23 23:36:06] [main.cpp] [121] {IPVersion6:Y}
[2021-09-23 23:36:06] [main.cpp] [122] {DynDNS:Y}
[2021-09-23 23:36:06] [main.cpp] [124] {-------------------System-------------------}
[2021-09-23 23:36:06] [main.cpp] [125] {DiscoveryResolve:N}
[2021-09-23 23:36:06] [main.cpp] [126] {DiscoveryBye:Y}
[2021-09-23 23:36:06] [main.cpp] [127] {RemoteDiscovery:Y}
[2021-09-23 23:36:06] [main.cpp] [133] {SupportedVersions:}
[2021-09-23 23:36:06] [main.cpp] [137] {2.20 }
[2021-09-23 23:36:06] [main.cpp] [141] {}
[2021-09-23 23:36:06] [main.cpp] [144] {SystemBackup:N}
[2021-09-23 23:36:06] [main.cpp] [145] {FirmwareUpgrade:N}
[2021-09-23 23:36:06] [main.cpp] [146] {SystemLogging:N}
[2021-09-23 23:36:06] [main.cpp] [148] {-------------------IO-------------------}
[2021-09-23 23:36:06] [main.cpp] [149] {InputConnectors:-2075307872}
[2021-09-23 23:36:06] [main.cpp] [150] {RelayOutputs:-2075307840}
[2021-09-23 23:36:06] [main.cpp] [152] {-------------------Security-------------------}
[2021-09-23 23:36:06] [main.cpp] [153] {TLS1.1:N}
[2021-09-23 23:36:06] [main.cpp] [154] {TLS1.2:N}
[2021-09-23 23:36:06] [main.cpp] [155] {OnboardKeyGeneration:N}
[2021-09-23 23:36:06] [main.cpp] [156] {AccessPolicyConfig:N}
[2021-09-23 23:36:06] [main.cpp] [157] {X.509Token:N}
[2021-09-23 23:36:06] [main.cpp] [158] {SAMLToken:N}
[2021-09-23 23:36:06] [main.cpp] [159] {KerberosToken:N}
[2021-09-23 23:36:06] [main.cpp] [160] {RELToken:N}
[2021-09-23 23:36:06] [main.cpp] [183] {-------------------Media-------------------}
[2021-09-23 23:36:06] [main.cpp] [184] {XAddr:http://192.168.2.207:8000/onvif/Media}
[2021-09-23 23:36:06] [main.cpp] [186] {-------------------streaming-------------------}
[2021-09-23 23:36:06] [main.cpp] [187] {RTPMulticast:Y}
[2021-09-23 23:36:06] [main.cpp] [188] {RTP_TCP:Y}
[2021-09-23 23:36:06] [main.cpp] [189] {RTP_RTSP_TCP:Y}
[2021-09-23 23:36:06] [main.cpp] [196] {-------------------PTZ-------------------}
[2021-09-23 23:36:06] [main.cpp] [197] {XAddr:http://192.168.2.207:8000/onvif/PTZ}
[2021-09-23 23:36:06] [main.cpp] [26] {error:401 faultstring:HTTP Error faultcode:SOAP-ENV:Server faultsubcode:SOAP-ENV:Server faultdetail:HTTP/1.1 401 Not Unauthorized}
[2021-09-23 23:36:06] [main.cpp] [239] {-------------------NetworkInterfaces-------------------}
[2021-09-23 23:36:06] [main.cpp] [240] {IPCNetwork}
[2021-09-23 23:36:06] [main.cpp] [241] {84-7a-b6-88-10-05}
[2021-09-23 23:36:06] [main.cpp] [275] {-------------------MediaProfiles-------------------}
}2021-09-23 23:36:06] [main.cpp] [278] {profile0:MainStream Token:IPCProfilesToken0
[2021-09-23 23:36:06] [main.cpp] [288] {RTSP URI:rtsp://192.168.2.207:8554/Streaming/Channels/101}
}2021-09-23 23:36:06] [main.cpp] [278] {profile1:SubStream Token:IPCProfilesToken1
[2021-09-23 23:36:06] [main.cpp] [288] {RTSP URI:rtsp://192.168.2.207:8554/Streaming/Channels/102}
[2021-09-23 23:36:06] [main.cpp] [314] {-------------------VideoEncoderConfigurations-------------------}
[2021-09-23 23:36:06] [main.cpp] [26] {error:401 faultstring:HTTP Error faultcode:SOAP-ENV:Server faultsubcode:SOAP-ENV:Server faultdetail:HTTP/1.1 401 Not Unauthorized}
[2021-09-23 23:36:06] [main.cpp] [332] {Encoding:tt__VideoEncoding__H264}
[2021-09-23 23:36:06] [main.cpp] [336] {name:VideoEncoderConfig0 UseCount:1 token:VideoEncoderConfigToken0
}
[2021-09-23 23:36:06] [main.cpp] [338] {Width:1920 Height:1080
}
[2021-09-23 23:36:06] [main.cpp] [26] {error:401 faultstring:HTTP Error faultcode:SOAP-ENV:Server faultsubcode:SOAP-ENV:Server faultdetail:HTTP/1.1 401 Not Unauthorized}
[2021-09-23 23:36:06] [main.cpp] [332] {Encoding:tt__VideoEncoding__H264}
[2021-09-23 23:36:06] [main.cpp] [336] {name:VideoEncoderConfig1 UseCount:1 token:VideoEncoderConfigToken1
}
[2021-09-23 23:36:06] [main.cpp] [338] {Width:640 Height:360
}

And Bob's your uncle you have an ONVIF camera that you can now integrate with tensorflow and other utilities... I personally use motioneye and doods along with home assistant. i detect motion with motioneye, send a webhook to home assistant, this triggers doods (tensorflow) which detects objects in frame during motion. If it detects objects, it then sends me a notification via telegram. HIKVISION charges 200-300 per camera for a 1080p camera with less configurable software.

@guino
Copy link
Owner

guino commented Sep 24, 2021

@williamkennyAK nice instructions, glad you got it going -- I am just now preparing a patch which seems like it's not required. Sorry I didn't reply earlier I had a hell of a bad day at work yesterday...

@williamkennyAK
Copy link
Author

Totally understand. I'm just enjoying exploring these cameras. Cheap, but decent quality.

Thanks for the amazing work, my man.

@Marko9831
Copy link

Confirmed on a second camera.

To recreate, I followed all the steps until patching ppsapp then did the following:

1. telnet into camera

2. modify /home/cfg/tuya_config.json
   (a) change onvif_enable=0 to onvif_enable=1
   (b) change onvif_pwd to the password you wish (plaintext)

3. run the following command:
   set onvif_enable 1

4. reboot by running the reboot command

That's it, once it rebooted you can access the rtsp stream.

I used the following program to determine the rtsp stream addresses: https://github.com/paullouisageneau/gsoap-onvif

Here's the output:

[2021-09-23 23:36:06] [main.cpp] [26] {error:3 faultstring:Validation constraint violation: tag name or namespace mismatch in element 'env:Fault' faultcode:SOAP-ENV:Sender faultsubcode:(null) faultdetail:(null)} [2021-09-23 23:36:06] [main.cpp] [115] {-------------------Device-------------------} [2021-09-23 23:36:06] [main.cpp] [116] {XAddr:http://192.168.2.207:8000/onvif/device_service} [2021-09-23 23:36:06] [main.cpp] [118] {-------------------Network-------------------} [2021-09-23 23:36:06] [main.cpp] [119] {IPFilter:Y} [2021-09-23 23:36:06] [main.cpp] [120] {ZeroConfiguration:Y} [2021-09-23 23:36:06] [main.cpp] [121] {IPVersion6:Y} [2021-09-23 23:36:06] [main.cpp] [122] {DynDNS:Y} [2021-09-23 23:36:06] [main.cpp] [124] {-------------------System-------------------} [2021-09-23 23:36:06] [main.cpp] [125] {DiscoveryResolve:N} [2021-09-23 23:36:06] [main.cpp] [126] {DiscoveryBye:Y} [2021-09-23 23:36:06] [main.cpp] [127] {RemoteDiscovery:Y} [2021-09-23 23:36:06] [main.cpp] [133] {SupportedVersions:} [2021-09-23 23:36:06] [main.cpp] [137] {2.20 } [2021-09-23 23:36:06] [main.cpp] [141] {} [2021-09-23 23:36:06] [main.cpp] [144] {SystemBackup:N} [2021-09-23 23:36:06] [main.cpp] [145] {FirmwareUpgrade:N} [2021-09-23 23:36:06] [main.cpp] [146] {SystemLogging:N} [2021-09-23 23:36:06] [main.cpp] [148] {-------------------IO-------------------} [2021-09-23 23:36:06] [main.cpp] [149] {InputConnectors:-2075307872} [2021-09-23 23:36:06] [main.cpp] [150] {RelayOutputs:-2075307840} [2021-09-23 23:36:06] [main.cpp] [152] {-------------------Security-------------------} [2021-09-23 23:36:06] [main.cpp] [153] {TLS1.1:N} [2021-09-23 23:36:06] [main.cpp] [154] {TLS1.2:N} [2021-09-23 23:36:06] [main.cpp] [155] {OnboardKeyGeneration:N} [2021-09-23 23:36:06] [main.cpp] [156] {AccessPolicyConfig:N} [2021-09-23 23:36:06] [main.cpp] [157] {X.509Token:N} [2021-09-23 23:36:06] [main.cpp] [158] {SAMLToken:N} [2021-09-23 23:36:06] [main.cpp] [159] {KerberosToken:N} [2021-09-23 23:36:06] [main.cpp] [160] {RELToken:N} [2021-09-23 23:36:06] [main.cpp] [183] {-------------------Media-------------------} [2021-09-23 23:36:06] [main.cpp] [184] {XAddr:http://192.168.2.207:8000/onvif/Media} [2021-09-23 23:36:06] [main.cpp] [186] {-------------------streaming-------------------} [2021-09-23 23:36:06] [main.cpp] [187] {RTPMulticast:Y} [2021-09-23 23:36:06] [main.cpp] [188] {RTP_TCP:Y} [2021-09-23 23:36:06] [main.cpp] [189] {RTP_RTSP_TCP:Y} [2021-09-23 23:36:06] [main.cpp] [196] {-------------------PTZ-------------------} [2021-09-23 23:36:06] [main.cpp] [197] {XAddr:http://192.168.2.207:8000/onvif/PTZ} [2021-09-23 23:36:06] [main.cpp] [26] {error:401 faultstring:HTTP Error faultcode:SOAP-ENV:Server faultsubcode:SOAP-ENV:Server faultdetail:HTTP/1.1 401 Not Unauthorized} [2021-09-23 23:36:06] [main.cpp] [239] {-------------------NetworkInterfaces-------------------} [2021-09-23 23:36:06] [main.cpp] [240] {IPCNetwork} [2021-09-23 23:36:06] [main.cpp] [241] {84-7a-b6-88-10-05} [2021-09-23 23:36:06] [main.cpp] [275] {-------------------MediaProfiles-------------------} }2021-09-23 23:36:06] [main.cpp] [278] {profile0:MainStream Token:IPCProfilesToken0 [2021-09-23 23:36:06] [main.cpp] [288] {RTSP URI:rtsp://192.168.2.207:8554/Streaming/Channels/101} }2021-09-23 23:36:06] [main.cpp] [278] {profile1:SubStream Token:IPCProfilesToken1 [2021-09-23 23:36:06] [main.cpp] [288] {RTSP URI:rtsp://192.168.2.207:8554/Streaming/Channels/102} [2021-09-23 23:36:06] [main.cpp] [314] {-------------------VideoEncoderConfigurations-------------------} [2021-09-23 23:36:06] [main.cpp] [26] {error:401 faultstring:HTTP Error faultcode:SOAP-ENV:Server faultsubcode:SOAP-ENV:Server faultdetail:HTTP/1.1 401 Not Unauthorized} [2021-09-23 23:36:06] [main.cpp] [332] {Encoding:tt__VideoEncoding__H264} [2021-09-23 23:36:06] [main.cpp] [336] {name:VideoEncoderConfig0 UseCount:1 token:VideoEncoderConfigToken0 } [2021-09-23 23:36:06] [main.cpp] [338] {Width:1920 Height:1080 } [2021-09-23 23:36:06] [main.cpp] [26] {error:401 faultstring:HTTP Error faultcode:SOAP-ENV:Server faultsubcode:SOAP-ENV:Server faultdetail:HTTP/1.1 401 Not Unauthorized} [2021-09-23 23:36:06] [main.cpp] [332] {Encoding:tt__VideoEncoding__H264} [2021-09-23 23:36:06] [main.cpp] [336] {name:VideoEncoderConfig1 UseCount:1 token:VideoEncoderConfigToken1 } [2021-09-23 23:36:06] [main.cpp] [338] {Width:640 Height:360 }

And Bob's your uncle you have an ONVIF camera that you can now integrate with tensorflow and other utilities... I personally use motioneye and doods along with home assistant. i detect motion with motioneye, send a webhook to home assistant, this triggers doods (tensorflow) which detects objects in frame during motion. If it detects objects, it then sends me a notification via telegram. HIKVISION charges 200-300 per camera for a 1080p camera with less configurable software.

What password you use? http://admin:056565099 or http://admin:admin. dos not work.
i got the same deviceinfo

@guino
Copy link
Owner

guino commented Dec 5, 2021

@Marko9831 you say you got the same deviceinfo from #9 (comment) -- in order to get that deviceinfo you must have used http://admin:056565099@ip/devices/deviceinfo or http://admin:admin@ip/devices/deviceinfo -- that user/password combination is only used for the URLs when applying the hack and is used for nothing else after that. The onvif/rtsp user in that firmware is admin and the password is whatever is listed in /home/cfg/tuya_config.json -- the RTSP url should be what was displayed in the log above: rtsp://admin:[email protected]:8554/Streaming/Channels/101 and rtsp://admin:[email protected]:8554/Streaming/Channels/102 (admin:056565099 will not work on rtsp). You can probably check the password using this URL: http://admin:056565099@IP/proc/self/root/home/cfg/tuya_config.json (or using admin as password if necessary) -- you should look for the value 'onvif_pwd' in the response.

@sanscorp1
Copy link

I cannot find tuya_config.json in /home/cfg/
When I try the patched repo I also get a bootloop.
Without the patched ppsapp in the root of the SD the camera is working.

Do I create the json file or should I look elsewhere?

@afleuryg
Copy link

You have to register the camera with the Tuya app to have the tuya_config.json file created in /home/cfg.
Also, I wouldn't run the camera without registering it, as if it's not configured, it only launches a process that parse whatever content is shown to the camera to find a wifi configuration QR-Code. The PPStrong app is not launched, and so there is no ONVIF stream.

@sanscorp1
Copy link

sanscorp1 commented Feb 14, 2022

Thank you, I got the awnser from Guino earlier and it is working flawlessly now.

@afleuryg
Copy link

Thank you, I got the awnser from Guino earlier and it is working flawlessly now.
Sorry, just found his comment and your success (in issue #21) after replying to this. I was just pecking around to see if someone found another option to integrate/extract the rstp stream, and as I had the problem with the json file earlier, I thought it would be nice to have the answer below the question... ;-)

@sanscorp1
Copy link

This also works for the mini 16S
softwareversion 5.2.4
hardwareversion M16S_A2_V10_MIS
firmwareversion ppstrong-a3-tuya2_lsc-5.2.4.20211015

The hack isn't working, it does not copy the ppsapp nor does it look at custom.sh.

@guino
Copy link
Owner

guino commented Feb 20, 2022

@sanscorp1 the message above is unclear about what works or not but on the other issue you said you can telnet and use rtsp by modifying the json file - please just update the other issue with details from now on: #23

@sanscorp1
Copy link

sanscorp1 commented Feb 20, 2022 via email

@richaardvark
Copy link

For those of us new to this/who haven't used telnet since like Windows 95/98 lol, how the heck do I modify the file? It seems like I either have to load some sort of small python editing program onto the device or have to export the file to my client/machine somehow and then use wget and an ftp server on my PC to then again send the file back to the camera? So confused...

@guino
Copy link
Owner

guino commented May 10, 2022

@richaardvark you can view/modify the config file like this:

login by telnet (assuming you configured it using provided steps)
execute cp /home/cfg/tuya_config.json /mnt/mmc01
remove card, place it on computer, edit line in tuya_config.json from "onvif_enable": 0, to "onvif_enable": 1 , save and eject card properly
insert card on device, wait a few seconds (i.e. 10s) so the card is mounted
execute cp /mnt/mmc01/tuya_config.json /home/cfg
Wait 10 seconds to flush cache & reboot device.

@richaardvark
Copy link

richaardvark commented May 10, 2022

@richaardvark you can view/modify the config file like this:

login by telnet (assuming you configured it using provided steps) execute cp /home/cfg/tuya_config.json /mnt/mmc01 remove card, place it on computer, edit line in tuya_config.json from "onvif_enable": 0, to "onvif_enable": 1 , save and eject card properly insert card on device, wait a few seconds (i.e. 10s) so the card is mounted execute cp /mnt/mmc01/tuya_config.json /home/cfg Wait 10 seconds to flush cache & reboot device.

Thank you very much! I figured the cp command would be useful but I couldn't figure out how to find some sort of of file structure bridge between the two file systems but that makes sense now, using /mnt/mmc01.

I was also able to eventually figure out that the "vi" command/small text editor tool is present in Busybox/the camera's OS environment as well so I was able to use that to directly modify the tuya_config.json file without having to extract it to my PC, edit it, and then send the modified version back to the camera. Reposting the instructions from @williamkennyAK from above, I'll include the actual commands I entered for anyone else who might find this helpful (update with your device's own actual IP of course):

  1. telnet into camera

telnet 192.168.1.242

  1. modify /home/cfg/tuya_config.json
    (a) change onvif_enable=0 to onvif_enable=1
    (b) change onvif_pwd to the password you wish (plaintext)

vi /home/cfg/tuya_config.json
(then use the arrow keys to navigate down from the top of the file to the onvif_enable line and change the 0 to 1.
To exit the vi text editor and save your changes, press the escape key and then type ":wq" and press enter.)

  1. run the following command:
    set onvif_enable 1

set onvif_enable 1

  1. reboot by running the reboot command

reboot

Edit: Came back to say make sure in addition to setting onvif_enable=1 in tuya_config.sh as described above also make sure you have uncommented the onvif line in the custom.sh file:

#/mnt/mmc01/set onvif_enable 1 --> /mnt/mmc01/set onvif_enable 1

I hadn't done that at first. I really wish all these steps could be in one place but I realize it's hard to make that happen given everyone likely/potentially has different hardware/firmware/etc. And this whole thing developed organically as you and others discovered new features/workarounds etc.

@guino
Copy link
Owner

guino commented May 10, 2022

@richaardvark is it working now? if so, that's all that matters

@richaardvark
Copy link

@richaardvark is it working now? if so, that's all that matters

rtsp is working but I can't for the life of me get snap or mjpeg to work :( I tried patching it myself but ran into a dead end. I made a new issue here for my firmware/hardware version.

@Tomatensaft9000
Copy link

hi, how to telnet into camera?

@guino
Copy link
Owner

guino commented Jun 5, 2022

@Tomatensaft9000 only way to telnet into the camera is to root it with the steps described here (Assuming you have a Merkury 1080P camera): https://github.com/guino/Merkury1080P#conclusion

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

7 participants