Firmware dumps from different IP cameras.
That's how we learn: we break things and then use the knowledge gained to make better things.
- Dump the camera's flash.
- Name the dump according to the naming convention.
- Create a pull request.
Dash-separated names of the following format:
[camera_model]-[soc]-[sensor]-[wifi_module]-[tag].bin
- camera_model is underscored Camera Brand and Model
- soc is System-on-Chip variant
- sensor is Image Sensor model
- wifi_module is Wi-Fi Module Chip
- tag:
- virgin for a dump taken from an unpowered camera
- stock for a previously powered camera
Many cameras provision themselves when they are first powered on, adding initial configuration to the flash. Therefore, it is important to know whether the dump was taken from a virgin camera or not.
I recommend to use a modded CH341A Programmer and scriba for dumping the flash. That is the most reliable way to get a correct dump.
Warning
If the camera has been even powered on, factory-reset it before dumping its flash! Otherwise, your network credentials stored in the flash will be shared!
Open the camera, locate the flash chip and dump it using the flash programmer. Make two readings back to back, then compare their hashes. If they are the same, you have a good dump. If not, repeat the process until you get a good dump. Scriba has a built-in hash comparison feature, which makes the whole process easier.
If you have any questions, feel free to ask them on the Discord server or in the Telegram group.
If you like this project, consider saying thank you.
No license. No strings attached, no responsibility taken. I just want to see you smart.