On Aliexpress I found this impressive 20$ cam: SANNCE WIFI IP CAM

The cam works quite well, assigning IP with mobile app is some kind of pain, but anyway
After integrating into WLAN with Andorid app (google: sannce wifi cam setup) you can reach the cam on port 81.

The cam has following functionality:

  • pan tilt camera motor
  • auto IR night vision leds
  • motion based alert trigger
    • wlan nic
    • ftp upload on alert
    • email on alert
    • record video on alert

undefined

I needed to integrate this cam into mi domoticz home automation system as much as possible.
So I proceeded this way:

  • hack into the cam console
    telnet is running, but no root pw is known
    cam seems to be affected by xss attacks: https://www.pentestpartners.com/security-blog/hacking-the-aldi-ip-cctv-camera-part-2/
    so i tried to configure ftp upload with user: $(telnetd -p25 -l/bin/sh)
    Then hit test, and enjoy telnet server on port 25 without password auth.
  • Modify the scripts to trigger domoticz event on motion
  • /system/init/ipcam.sh
    export PATH=/system/system/bin:$PATH
    mkdir -p /tmp/Wireless/RT2870STA
    cp /system/RT2870STA.dat  /tmp/Wireless/RT2870STA/
    mkdir -p /tmp/Wireless/RT2870AP
    cp /system/RT2870AP.dat /tmp/Wireless/RT2870AP/
    ulimit -HSn 4096
    /system/system/bin/wifidaemon &
    /system/bin/logread.sh &
    /usr/sbin/telnetd -p24 -l /bin/sh
  • /system/bin/logread.sh
    #!/bin/sh
    while true ; do 
    /usr/bin/tail -fn0 /system/param/log?.txt | /usr/bin/awk '/alarm is happen for motion/ {system("/system/bin/alert.sh")}
    /alarm is clear/ {system("/system/bin/clear.sh")}'
    sleep 1 ; done
  • /system/bin/alert.sh
    #!/bin/sh
    echo alert
    wget -q -O -  "http://sensor:sensor@192.168.3.78/json.htm?type=command&param=switchlight&idx=36&switchcmd=On"
    exit 0
    
  • /system/bin/clear.sh
    #!/bin/sh
    echo clear
    wget -q -O - "http://sensor:sensor@192.168.223.78/json.htm?type=command&param=switchlight&idx=36&switchcmd=Off"
    exit 0
    

That's it, now you have a fully integrated webcam, that can be used as:

  • Virtual switch (motion sensor), triggered by http events above (alert.sh, clear.sh)
  • domoticz webcam
    IP: 1.2.3.4
    User: visitor #set up on cam
    PW: secret
    Image URL: snapshot.cgi?user=visitor&pwd=secret

Now you can trigger push notification and integrate it in your fully armed home automation system!