Month: November 2012

Reverse Engineering Firmware

This site has a nice step-by-step instructions for firmware reverse engineering of a Linksys WAG120N:

http://www.devttys0.com/2011/05/reverse-engineering-firmware-linksys-wag120n/

In this site I discovered very interesting tools:

Firmware Mod Kit: http://www.bitsum.com/firmware_mod_kit.htm
ZX Utils: http://tukaani.org/xz/

Until now I didn’t need any special tool, because the IP Camera H6937WI is easy disassemble 😉

Linux kernel source code for Solomon Systech SSD1935

As you know, based on previous posts, I’m hacking a VStarcam H6837WI IP Camera.

Then I start searching for source code of kernel for this camera, but didn’t find it. Then I discovered this camera is using the chip SSD1935 from Solomon Systech.

I have been browsing for all places on Internet searching for the kernel to this chip, but with no success. So I decide search for similar chip, first SSD1936… no way, then I searched for SSD1933 and found this post at Rockbox:

http://www.rockbox.org/irc/log-20111109

There I got the pot of gold posted by TEAC for their WAP R8900:

http://www.teac.eu/fileadmin/project_data/hifi/support/wap/WAP-R8900/opensource/WAP-R8900-emlinux.tar.gz

Now I created a repository at github to let other people to get it easily:
https://github.com/acassis/linux_kernel_ssd1935

Some driver are compiled separated from ssd1935 kernel, then I will include it there to simplify kernel compilation.

Hacking IP Cameras

I started hacking my camera VStarcam H6837WI after I discovered it is running Linux:

http://hardenedgentoo.blogspot.com.br/2012/07/fun-with-vstarcam-ip-camera.html

Unfortunately my camera came without telnet support on it, but fortunately this camera let you to do firmware’s downgrade, then I did it and got telnet working! \o/

After connecting using telnet I did a dump of flash content (/dev/mtd) to SD Card using “dd” command existent on it.

So I started to search for other people hacking IP Cameras and found this nice post:
https://irishjesus.wordpress.com/2010/03/30/hacking-the-foscam-fi8908w/

All these cameras clones are using Linux but nobody released its source code, exception to few companies:
http://www.openipcam.com/files/ARM9/

Error: SIOCSIFFLAGS: Operation not possible due to RF-kill

Ubuntu 12.04 has a BUG when your disable Wireless on NetworkManager applet.
It disables the “Enable Wireless” option and if you try to re-enable it manually you will receive this error:

$ sudo ifconfig wlan0 up
SIOCSIFFLAGS: Operation not possible due to RF-kill

You can verify if rfkill is blocked:

$ sudo rfkill list all
1: sony-wifi: Wireless LAN
	Soft blocked: yes
	Hard blocked: no
2: sony-bluetooth: Bluetooth
	Soft blocked: no
	Hard blocked: no
3: phy0: Wireless LAN
	Soft blocked: yes
	Hard blocked: yes
4: hci0: Bluetooth
	Soft blocked: no
	Hard blocked: no

$ rfkill unblock wifi
$ rfkill unblock all
$ sudo /etc/init.d/network-manager restart

Installing Starcam H6837WI on Linux

I bought a H6837WI camera on dx.com, it is a h264 camera for less than U$80.00. There are other even less expensive cameras (about U$50.00) but they are MJPEG and has worst quality.

I just connected the Ethernet cable and copied the CD’s content to computer and try to install it using wine, but received an error message:

$ wine ipcamera.exe 
err:ole:CoGetClassObject class {d27cdb6e-ae6d-11cf-96b8-444553540000} not registered
err:ole:create_server class {d27cdb6e-ae6d-11cf-96b8-444553540000} not registered
err:ole:CoGetClassObject no class object {d27cdb6e-ae6d-11cf-96b8-444553540000} could be created for context 0x5

After searching on Internet I discovered this error is related to Flash Shockware plugin support (in fact the ipcamera.exe installation uses flash).
Then I used winetricks application to install Firefox and using this browser entered inside a site which requires flash, the Flash plugin was installed correctly, but after that I still getting same error.

Still researching and I read in some other place I need to register the Flash.ocx manually.

Then I download Flash.ocx from here:
http://www.ocxme.com/ocx/files/flash_ocx.html

$ regsvr32 Flash.ocx
fixme:advapi:SetNamedSecurityInfoW L"MACHINE\\Software\\Classes\\CLSID\\{D27CDB6E-AE6D-11CF-96B8-444553540000}" 4 4 (nil) (nil) 0x1351c4 (nil)
fixme:advapi:SetNamedSecurityInfoW L"MACHINE\\Software\\Classes\\CLSID
...
Failed to register DLL Flash.ocx

It is strange, even receiving this error message, now ipcamera.exe is working:

$ wine ipcamera.exe 
fixme:ntdll:find_reg_tz_info Can't find matching timezone information in the registry for bias 180, std (d/m/y): 26/02/2012, dlt (d/m/y): 21/10/2012
fixme:win:DisableProcessWindowsGhosting : stub
fixme:ntdll:find_reg_tz_info Can't find matching timezone information in the registry for bias 180, std (d/m/y): 26/02/2012, dlt (d/m/y): 21/10/2012
fixme:sfc:SfcIsFileProtected ((nil), L"C:\\Program Files\\IP Camera Super Client\\unins000.exe") stub
err:module:import_dll Library MFC42.DLL (which is needed by L"C:\\windows\\system32\\Socket.dll") not found
err:module:import_dll Library Socket.dll (which is needed by L"C:\\windows\\system32\\Video.ocx") not found
err:module:import_dll Library MFC42.DLL (which is needed by L"C:\\windows\\system32\\PlaySdk.dll") not found
err:module:import_dll Library PlaySdk.dll (which is needed by L"C:\\windows\\system32\\Video.ocx") not found
err:module:import_dll Library MFC42.DLL (which is needed by L"C:\\windows\\system32\\Socket.dll") not found
err:module:import_dll Library Socket.dll (which is needed by L"C:\\windows\\system32\\Video.ocx") not found
err:module:import_dll Library MFC42.DLL (which is needed by L"C:\\windows\\system32\\PlaySdk.dll") not found
err:module:import_dll Library PlaySdk.dll (which is needed by L"C:\\windows\\system32\\Video.ocx") not found
err:module:import_dll Library MFC42.DLL (which is needed by L"C:\\windows\\system32\\CamSearch.ocx") not found
fixme:ntdll:find_reg_tz_info Can't find matching timezone information in the registry for bias 180, std (d/m/y): 26/02/2012, dlt (d/m/y): 21/10/2012
err:ole:CoGetClassObject class {00000514-0000-0010-8000-00aa006d2ea4} not registered
err:ole:create_server class {00000514-0000-0010-8000-00aa006d2ea4} not registered
err:ole:CoGetClassObject no class object {00000514-0000-0010-8000-00aa006d2ea4} could be created for context 0x5
fixme:dwmapi:DwmSetWindowAttribute (0xa010c, 3, 0x33fa58, 4) stub
^Cfixme:console:CONSOLE_DefaultHandler Terminating process 8 on event 0
fixme:console:CONSOLE_DefaultHandler Terminating process 37 on event 0

Very very strange, even with above error messages is possible to initialize and to install the IP Camera software.

Now I just need to enter on IP Camera Super Client:

$ cd ~
$ cd .wine/drive_c/Program\ Files/IP\ Camera\ Super\ Client/

And execute IP Camera Super Client to detect the camera

$ wine IPCamWizard.exe 
fixme:ntdll:find_reg_tz_info Can't find matching timezone information in the registry for bias 180, std (d/m/y): 26/02/2012, dlt (d/m/y): 21/10/2012
fixme:wininet:InternetSetOptionW Option INTERNET_OPTION_CONNECT_TIMEOUT (5000): STUB
fixme:wininet:InternetSetOptionW INTERNET_OPTION_SEND/RECEIVE_TIMEOUT/DATA_SEND_TIMEOUT 5000
fixme:wininet:InternetSetOptionW Option INTERNET_OPTION_DATA_RECEIVE_TIMEOUT (5000): STUB
fixme:wininet:InternetSetOptionW Option INTERNET_OPTION_CONNECT_TIMEOUT (5000): STUB
fixme:wininet:InternetSetOptionW INTERNET_OPTION_SEND/RECEIVE_TIMEOUT/DATA_SEND_TIMEOUT 5000
fixme:wininet:InternetSetOptionW Option INTERNET_OPTION_DATA_RECEIVE_TIMEOUT (5000): STUB
fixme:wininet:InternetSetOptionW Option INTERNET_OPTION_CONNECT_TIMEOUT (5000): STUB
fixme:wininet:InternetSetOptionW INTERNET_OPTION_SEND/RECEIVE_TIMEOUT/DATA_SEND_TIMEOUT 5000
fixme:wininet:InternetSetOptionW Option INTERNET_OPTION_DATA_RECEIVE_TIMEOUT (5000): STUB
fixme:wininet:InternetSetOptionW Option INTERNET_OPTION_CONNECT_TIMEOUT (5000): STUB
fixme:wininet:InternetSetOptionW INTERNET_OPTION_SEND/RECEIVE_TIMEOUT/DATA_SEND_TIMEOUT 5000
fixme:wininet:InternetSetOptionW Option INTERNET_OPTION_DATA_RECEIVE_TIMEOUT (5000): STUB
fixme:wininet:InternetSetOptionW Option INTERNET_OPTION_CONNECT_TIMEOUT (5000): STUB
fixme:wininet:InternetSetOptionW INTERNET_OPTION_SEND/RECEIVE_TIMEOUT/DATA_SEND_TIMEOUT 5000
fixme:wininet:InternetSetOptionW Option INTERNET_OPTION_DATA_RECEIVE_TIMEOUT (5000): STUB
fixme:wininet:InternetSetOptionW Option INTERNET_OPTION_CONNECT_TIMEOUT (5000): STUB
fixme:wininet:InternetSetOptionW INTERNET_OPTION_SEND/RECEIVE_TIMEOUT/DATA_SEND_TIMEOUT 5000
fixme:wininet:InternetSetOptionW Option INTERNET_OPTION_DATA_RECEIVE_TIMEOUT (5000): STUB

I clicked on Wizard button and the camera was detected correctly at IP 192.168.1.126.

In fact I just used this program to detect the camera’s IP, after that only open the browser at http://192.168.1.126:81 to visualize the camera.

Now you need to click on “Camera Configuration” button and enter at “Network Settings” -> “WiFi Settings” and click on “Scan” button and select you wifi access point and enter its password.

You don’t need to do this process to discover your camera IP.
Just look the IP written on tag stamp under your camera, easy!

Qualidade da Dell esta “Dell-teriorando”

É triste ver que uma empresa como a Dell que tem um nome construído ao longo de vários anos cometa erros tão estúpidos com os consumidores.

Pois bem, vou relatar o meu caso e espero que ele sirva de alerta para outras pessoas que estão planejando comprar um notebook Dell.

No dia 08/11/2012 eu comprei um “Notebook Inspiron 14R-3460 com Intel Core 3 i7 8GB 1TB LED 14 Prata W7P – Dell” por R$ 2.296,01 no Shoptime, recebi o mesmo no dia 13/11/2012 e após filmar a inicialização pela primeira vez e NÃO aceitar a licença do Windows, notei que notebook veio sem o selo de autenticidade do Windows, que eu precisaria para solicitar o reembolso do Windows (R$ 208,73). Então entrei em contato com o suporte telefônico da Dell e eles me informaram que o notebook deveria vir com o selo de autenticidade.

Imediatamente entrei em contato com o Shoptime e solicitei o cancelamento da compra e a devolução do valor pago.

Então resolvi procurar por outra empresa que vendesse o mesmo notebook, pois gostei muito da configuração do hardware dele. Encontrei o mesmo notebook no Magazine Luiza, mas o preço esta um pouco mais salgado (R$ 2429,10), mesmo assim acabei comprando pois no site da própria Dell este estava bem mais caro (R$ 3.218,99).

Ontem a tarde (20/11/2012) o notebook Dell chegou, então resolvi filmar novamente, mas dessa vez decidi filmar inclusive a abertura da caixa, para evitar qualquer tipo de dúvida de que o selo poderia ter sido removido após o produto ter sido aberto.

Para minha surpresa (e infelicidade) o novo notebook também veio sem o selo de autenticidade do Windows. Lembrando que este selo é importante não apenas para quem vai solicitar o reembolso do Windows junto à Dell, mas também para todas as pessoas que vão viajar ao exterior e pretendem levar o notebook consigo, pois se você “cair na malha fina” eles vão verificar inclusive se o notebook tem o selo de autenticidade do Windows.

Deixo abaixo o vídeo demonstrando a abertura da caixa do Notebook Dell e o problema da ausência do selo de autenticidade do sistema operacional:

Update: Peço desculpas publicamente à Dell, pois o selo de autenticidade do Windows veio escondido debaixo da bateria do notebook.

Error: variable ParamName set but not used

If you are compiling Android and getting this error message:

frameworks/compile/slang/slang_rs_export_foreach.cpp:249:23: error: variable ‘ParamName’ set but not used [-Werror=unused-but-set-variable]

Then edit frameworks/compile/slang/slang_rs_export_foreach.cpp and just remove the line:

      llvm::StringRef ParamName = PVD->getName();

Note there are other place with this line, just remove at position 250, since ParamName is not used there.