Remember kids. The S in IoT stands for security.

Take a look at the access log of your server :)

The 19 dislikes are smart camera manufacturers

This is EXACTLY what I was looking for when I bought this camera. I hate that the default firmware doesn't allow video streaming via the Wise app without an internet connection [via LAN]. So finally I have a means to circumvent their servers while still attaining live video footage. We don't need to see the baby-monitors when we're out of the house.

Through all the video I was like '' ok that's very theoretical, how would you install the firmware in real life's and the you gave the example at the last second and my blood turned cold 😱

So if you buy one of these used, you should flash the official firmware. Apart from that, not restricting firmware flashing is not a big deal, since flashing it requires physical access to the camera anyway, and having the ability to flash a custom firmware means one can make custom security updates after the camera is discontinued and no longer receives official updates.

Exactly what I was searching for, a well detailed CCTV firmware reversing tutorial. Hey Ninja, I really like your work and your way of explanation, Please Upload more videos, please make it a bit frequent like 1v/month.

That was a lot easier than it should've been lol..

That was so easy to watch and learn, no extra and unnecessary steps, no stupids and distractive ads. simple and awesome iot exploit. Keep up the good work

Really fantastic video, well done. Your explanations and visuals are easy to follow, and we can all tell that you have a good understanding of what you're doing.

Awesome video! Exactly the type of hands-on example I love to see/learn from.

Wow this was really interesting to see a demonstration by someone willing to explain the thinking process along the way. This is very inspiring!

It's good to see this channel is still alive, I love your content! Thank you for sharing your knowledge, hope to see more updates in the future

Great to see you back. Hope you'll post more videos.

Found your channel watching the new Game and Watch hacks and enjoying the content library, this video was awesome to watch and might try to do this myself on my own Wyze cam.

Ghidra Ninja - It's been a while. I love your work and want to see more. Thanks of the video.

Great job on this! I actually have one of these hacked cameras to use a security cam (but keep it off of the wyze network). Crazy how simple it is to hack the firmware and can't wait to see more. Might be time for me to start hacking some of my IoT devices. Makes me a bit nervous of how vulnerable my network might be though!

I would back up your channel on another platform like Bitchute or library. KZbin has been deleting channels like yours.

I was able to get into a Faleemi outdoor camera with this exact same method (except they have an option to only update the rootfs so I only needed to repack the squash file with no UBoot header). Works like a charm, and with telnet/wget I can update my camera remotely with my custom firmware. Thank you so much for my first IoT hack! I was also able to get a UART terminal to it on the hardware side.

i just found your content yesterday, and I am HOOKED. Keep up the awesome work :)

I really liked the style of this video, because it was "just right" for the knowledge I have. You explained it very well and with not too much or too less informations. thx!

I loved this video! i plan on picking up a camera to play around with myself! Im glad I'm not the only one who thought "what if it has been backdoored and returned to the wild" you're a legend man!

Really good video with good explanations! Love it dude! Keep up the good work!

A German Engineer. Nothing more to say :) Ah, wait. A German Reverse Engineer :)) Well done.

Amazing to see you back.Loved the video

What an fantastic video! Excellent content and perfect pace.

Great tutorial, lots of new utilities I have never heard of before

Awesome. I actually have one of these sitting around.

We’ve only had the cameras up and running for a short time. kzbin.infoUgkxOXxsTZ3ptV_Pk0fFl8bNZvVqeoqBQFwe So far we love them! I got the outdoor mounting kit for them and they were easy to install. Once you download the app, it walks you through the very easy set up. The clarity, and range is awesome. I am thinking seriously about adding another camera or two to my 3 camera system. The price is lower than a lot of comparable systems.

Welcome Back! Finally a new video! 🙌

Such a great video! Very informational

Can we quickly laugh at how stupid their way of stopping telnetd is? Instead of uninstalling it and or removing it from the rcS file, instead, they just kill it (And not even stop the service, just use killall.)

Thanks for the tip! Gonna try and modify an init script, pack the squashfs and update the camera. Should be similar to your model

You should make more such videos, you have the potential to grow your channel

This is awesome, I can perfectly use tooling such as jefferson right now for firmware modification. To split up flash image partitions, I am simply using dd though and cat things together again. Edit: Since it looks like jefferson is for extraction only, I'll stick with mounting the rootfs through the mtd + jffs2 kernel modules, which is a bit of work and annoyance, but solved. =) I will still keep jefferson in mind for extraction-only/analysis use-cases though, makes sense also to have something portable. Thank you!

Your videos are amazing, please never stop posting videos, I am now a student of yours.

Great note about zero padding the modified filesystem image before you bundle it to keep it the same size as the original!

very cool i have always been thinking about repacking modified firmwares

Awesome Video! Keep up the good work!

interesting to see the miio client on there, same thing is running on my vacuum. Thanks for the very informative video

Welcome back-

No doubt, you've already had countless people recommending the Wyze Cam V3. The low light image capability seems very good. What it doesn't have is RTSP, and Wyze doesn't seem very anxious to provide that capability. But it's a swell cam.

Great content bro 👍😀

From the UK 🇬🇧. Great stuff

Thank you that knowledge!

This could all be avoided if the customer had all cameras on their own network (vLAN) with no internet access and no access to the main network. But this was a very informative detailed video.

This video is AMAZING. Thx

Learned a lot thanks 👍🙏

Amazing vid!

Dude! Amazing!

Amazing video :) Please make more

dude this channel teach a lot better youtube channel easy tips and learn everyday

I'm taking some courses in IOT, I still can't understand everything here but I'm enjoying it a lot

Awesome video!

Amazing video. I love the "hack" where you get it into ram where there was more space. I was just wondering though: The need to store the extra binary was to get the reverse shell, but if bash was there, could you then use that instead? I do really like you went the NC way, because I learned a lot about what to do if the situation arose. Amazing!

Might have to get a few of those cams now :D

Amazing video...

Very good Job. I liked reverse Shell using netcat , i'm using reverse ssh , bit this is more easy

Awesome video 😍

This is so cool!

I'm going to start checking the firmware on every device I buy from now on. On the plus side it will keep me from buying too many things :D.

finally !YAY

I love your videos!

Heck ya new vid

Wow...Just wow!

Awesome video

hey i love you. this was a fun video to watch

T.Hanks We need more videos xD

This was really interesting, do you have any plans on uploading more IOT videos?

cool video..👍👍👍

Nice video, keep up the good work! But are you planning on uploading more regularly? And do you have any plans in doing more Ghidra related videos?

Great job :)

The oh s*** moment at the end... love it

Would this work on the newer v3's? Awesome video and explanation. I'm looking to set one up as a weather webcam for weather underground.

15:50 Thanks for the advice :)

That's the best KZbin sponsorship I've ever seen.... "this video is sponsored by ME" ;)

Yay! :)

It's been a few years, but I believe I used to use squashfs as the system image on the good ol' T-Mobile G1 (HTC Dream), the first Android device. But I thought it wasn't read-only once mounted as I used to manipulate the system partition all the time... I may be mistaken tho, that was 2009

Whoever disliked this is either an idiot or they accidentally clicked the wrong button. Great video man and it would be good to see more videos like this that give us novices guidance in exploiting devices. It’s also good that you’ve shown it with a device we have access too, so yeh much appreciated 👍

Awesome video very usefull =)

Once i backdoored my neighbour's security cam. He was backdooring his wife...

Nice video

Doom on a wyze camera can't wait to see that

a good video after another and another and another ... good job! Open a patreon if you need a little motivation to upload more frequently. I would sign up just like I'm on the LiveOverflow patreon...

"shameless plug", not sure why but I laughed my ass off at that haha

Great video! Is there a way to repack the JFS2 directory like you did with the squashfs folders? I took a look at jefferson but the docs only mention the ability to extract.

Can you do one similar reverse engineering on a Huawei 4G dongle , that could be a nice tutorial

👏👏👏

Another thing to do is to engineer a completely new board for that camera. One that runs the original firmware, except on the SOC there is another hidden core that taps into the wifi and the camera sensor. Perhaps even add one of those very interesting radios I read about the other day, and exfiltrate images from up to 7Km away. Now not everybody can afford a santa's work shop where all kinds of nifty things are made, such as certain upgrades for routers and the like, but it is still food for thought. The added benefit is you could leave the manufacturer provided backdoors dormant, perhaps add a feature to disable them remotely.

man, you are a genius. i can only wish to know a half of a half of what you know. can you do some alexa hacking? my brother in law have one and i would love to do some pranks to him

nice

great.

I had a friend whose mom purchased a cheap Walmart IoT camera. This camera has two-way communication features and makes an alert when the owner rings in. One time it made the alert sound but no audio on the other end. They literally believed it was caused by ghosts as the camera ". . . doesn't connect to the internet, it goes through my mom's phone."

Thank you for this video. Tell me, please, is it possible to edit files within a SBN (signed binary) file and then repack with this method? I can open the archive and see the files inside but I'm not sure how to repack it.

bin mir absolut sicher, dass du aus dem deutschsprachigem raum bist. dieser akzent ist so einzigartig hahah :D

more like we hope to see YOU soon on this channel again. Whatever happened to wannacry part 2?

Would you please help a noob (little knowledge in navigation with Linux) how to check if any suspicious activity is going on on the devices (CCTV) - for instance how to check if any of the cameras or devices connected in my network having connections established outside of my network? How do I distinguish if the connection is due to cloud functionality (aka mobile access) or due to a malicious SW running in background. Thanks to every comment on this.

Subbed ;)

Generally speaking I do believe systems should allow users to load arbitrary firmware. Just OTA updates should be signed or at least loaded via TLS

The end was real scary