remote_install.sh RuntimeError #132
Comments
|
Same here on a V2 and V3, most current firmware for both (4.9.6.241 and 4.36.2.5) |
|
This happened to me a few times also. Rebooted camera and then it worked. |
|
I'm also encountering this on v2,v3, and Pan. Rebooting didn't help me. |
|
I'm encountering the same error on a wyze cam v3 with firmware version 4.36.1.4, and rebooting the camera didn't help. The failed request appears to be a POST to https://api.wyzecam.com/app/v2/auto/run_action |
|
Also just ran into this. Tried on V3 cam with firmware version |
|
I'm seeing the same issue. I have one v3 on firmware version 4.36.2.5, plugin version 1.7.0.33 activation date 5/11/2021 and it's currently working with wyzehacks. I just tried to run this on two cameras I got today, same firmware version and plugin version, and I get the 3005:UnauthorizedOperation message. |
|
I'm having the same issue on WyzeCam2 Looks to be related to this: elahd/esp2ino#16 (comment) And related to this specifically HclX/WyzeUpdater#9 |
|
As an EXTREMELY hacky way to make this work I Changed a few lines in the Line 256 Specifically I won't be covering any details on how to do this, but I was able to give the Wyze camera a custom response to the dns lookup for |
|
confirm, @mandusm's method does work. |
|
@mandusm's method works but here are some missing details. IP address of Mac I used was 192.168.11.4. IP Address of DNS serving raspberry pi was 192.168.11.11 (adjust according to your method and values).
So at least on my OSX computer the functioning command was: |
|
tried with a local DNS server on mac (NEMO) but the fw update gets stuck endlessly. |
|
Since you have the line: 192.168.4.169 - - [18/Jul/2021 22:18:13] "GET /wuv2/upgrade/WLPP1/firmware/1.2.0.80a.bin HTTP/1.1" 200 it looks like it's getting served correctly to your device by your computer.
|
|
It's a v3 - the camera flashed blue / red and then rebooted. |
|
yes, but does telnet let you enter a username / password? If so, you've already succeeded in adding wyzehacks. the default password for V3 is WYom2020 . Did you try that? Note that I miswrote this initially as WYom2021 |
|
I get user/pass prompt but can't login with root/WYom2021. |
|
can't login yet I have the telnet prompt .. |
|
Unless the password changed very recently, I believe pass should be WYom2020 for v3
…On Jul 19, 2021, 08:02 -0700, nadigo ***@***.***>, wrote:
can't login yet I have the telnet prompt ..
I used fw FIRMWARE_660R.bin
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
|
I think I saw a beta version v3 firmware with different root password. Wyze is definitely trying to block this (which I totally understand). I can get the hash so if someone has a powerful gpu can run hash cat to get the new root password. |
|
Team, there is a big Wyze update coming out next week that may try to stop all these hacks. They are trying to force even the app to be updated so tread lightly before you update your cams to latest firmware as it might close up all the insecurities that these hacks work on, including the update URL method that WyzeHacks uses. I’m still on version 228 for V3 but they may force cam firmware updates, too, which they systematically can. :( |
|
Hello folks,
Am I missing something? What can I check?
Let me know, |
|
can't use remote_install.sh to hack this because it will set the port 11808 and then that won't match what you're asking the camera to update against (port 80) instead run the wyze_updater directly : sign of success is a row like: [IP address should be the IP of your camera] |
|
Thanks a lot for help. |
@HclX Lemme take a crack at it if you've got it. |
|
@julxb neither of those lines is an indication that the camera is trying to download a firmware from your computer. It should be a GET request with the path to the firmware that you sent in the modified version of wyze_updater.py . Are you sure you've DNS spoofed your wyze cam and not just your computer? |
|
Today I received the official push notification of the v2 update, and of course they have changed their root password. Here are the ones I'm seeing: v3 (4.36.3.19 beta): root:$6$wyzecamv3$8gyTEsAkm1d7wh12Eup5MMcxQwuA1n1FsRtQLUW8dZGo1b1pGRJgtSieTI02VPeFP9f4DodbIt2ePOLzwP0WI0:0:0:99999:7::: @C1ARKGABLE can you help on those passwords? Look at the salt they are taking that seriously so these passwords might not be easy to crack. Thanks |
|
@HclX see ya in 2053... Oof Anyone have a good dictionary to use? Or maybe a quantum computer? I'm asking for a friend... |
|
I'm getting the 3005:UnauthorizedOperation error as well when trying to remote install v0_5_08 on a v2 Cam Pan. This link has info about the API password is that what is needed? md5(md5(md5(password))) |
|
@jdkadel NO, that has nothing to do with this.
If you run it successfully, you'll see [IP of camera] - - [18/Jul/2021 22:18:13] "GET /wuv2/upgrade/WLPP1/firmware/1.2.0.80a.bin HTTP/1.1" 200 |
|
Thanks, just trying to help. I modified the .py file and verified that the DNS changes with a ping to ...amazonaws and it returned the local computer address. I didn't get a line with the "GET ...200". Here's the end of the command. I didn't get the response that the request was received. The camera did not reboot or was it accessible on SSH. I'll run thru the process again Sunday. header: Connection: keep-alive |
|
Downgraded to 4.10.5.111 and still no luck. Tried with just unzipping everything onto sd card. Tried deleting everything off sd card and renaming FIRMWARE_xxx.bin file to demo.bin. Tried with pushing setup button and without pushing setup button. Too bad because this modification to use a remote file system works well on my other cameras. |
|
Just for reference here is my install.log:
|
@mpatton125 , I don't see this in the current or beta android app. Where did you see this in? Thanks! |
|
@FiveLeavesLeft it's not there as far as i can tell - i had to end up with the DNS spoofing. To clarify, for roll back i did it via SD card (and hold the reset button). |
Yeah it looks like they have removed it in current versions of the app. It might still be possible with older app versions. |
|
I went back to v2.19.15 of the app and the "Have problem?" link is there - no idea if it will still work. |
|
@mpatton125 , thanks for that info. It's a shame that wyze doesn't embrace developers, we could do some cool stuff. |
When you used this older software were you actually able to connect and view your cams? I'm on the newer 798 firmware and I'm not sure if I'm just having connection issues or if the older client won't connect to the newer firmware. |
|
I'm on 4.36.14.
…On Mon, Sep 27, 2021, 5:35 PM famewolf ***@***.***> wrote:
I went back to v2.19.15 of the app and the "Have problem?" link is there -
no idea if it will still work.
My camera is on 4.9.6.241 and the "Have problem?" link says it can revert
my firmware to:
4.9.6.199
4.9.6.193
4.9.6.156
4.9.5.39
When you used this older software were you actually able to connect and
view your cams? I'm on the newer 798 firmware and I'm not sure if I'm just
having connection issues or if the older client won't connect to the newer
firmware.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#132 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAILX7N3EANEYBPSLFBJAKLUEDPRPANCNFSM5AID5EYA>
.
|
|
Correction : 4.36.1.4
…On Mon, Sep 27, 2021, 5:53 PM Satadru Pramanik ***@***.***> wrote:
I'm on 4.36.14.
On Mon, Sep 27, 2021, 5:35 PM famewolf ***@***.***> wrote:
> I went back to v2.19.15 of the app and the "Have problem?" link is there
> - no idea if it will still work.
> My camera is on 4.9.6.241 and the "Have problem?" link says it can revert
> my firmware to:
> 4.9.6.199
> 4.9.6.193
> 4.9.6.156
> 4.9.5.39
>
> When you used this older software were you actually able to connect and
> view your cams? I'm on the newer 798 firmware and I'm not sure if I'm just
> having connection issues or if the older client won't connect to the newer
> firmware.
>
> —
> You are receiving this because you are subscribed to this thread.
> Reply to this email directly, view it on GitHub
> <#132 (comment)>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/AAILX7N3EANEYBPSLFBJAKLUEDPRPANCNFSM5AID5EYA>
> .
>
|
Yeah I could connect but my cams weren't on newer firmware - 4.9.6.241 as noted previously. |
Where is "firmware.bin" coming from? The downloaded .241 firmware renamed or the FIRMWARE_660R.bin that comes with wyze hacks renamed? I've already done the dns spoof and the url = edit. Ok so maybe I'm misunderstanding and this hack allows OTA if you are on a compatible firmware already? Is there anyway to downgrade to the .241 firmware using this method? |
|
Downgrading firmware is easy but I thought that previously in this thread it was stated that there is now strict checking of SSL certificates so DNS spoofing no longer works. |
The certificate checking is in the later firmware, which is why you downgrade - so the spoofing will work. |
Thank you. I was just grasping at straws hoping to avoid climbing up a ladder for 2 of my cams and trying to swap sd cards because the are mounted in "outside cases". So then firmware.bin should be pointing to the FIRMWARE660R.bin that comes with wyze hacks. With spoofing in place and url = edited it ACTS like it works when I selected EITHER firmware but doesn't actually do anything..ie no telnet is available on the firmware ending in .798. I skipped my front doorbell which probably would have worked. Both wyze hacks and "wyze bridge" which provides rtsp, hls and a few other things require the .241 firmware so I suppose I'll have to upgrade them one by one and then lock down the firmware upgrade in the app. |
|
Any guides for spoofing? I currently have AdGuard Home plugin for OpnSense handling DNS. I've tried using the Dnsmasq plugin, and here's what I've entered.: Host: Save, apply changes, still UnauthorizedOperation. |
|
@evanheckert two thoughts. First, try doing sudo at the front of your command. On my mac, I could not spoof to port 80 without it. Second, I'm not entirely sure what the current situation is on spoofing as I hacked all of the wyze cameras I own (in back july), but judging by more recente reports people can no longer hack cameras using spoofing. The spoofing involves sending a request to wyze's api (on the internet -- not the device itself) and then the api telling the camera to try to download the firmware from the indicated api and going into a new firmware receptive state. the api checked (used to check?) the url for validity against known good lists, but if spoofed it would go through anyway. I believe they updated the checking to make it more thorough or something and this broke the spoof method. |
|
Ah, I see @virmaior - so does that mean we're SOL on the V3 cam? |
|
i thought i saw some people mentioning that they downgraded the firmware version to a few versions back and were able to get something functional from that. But again, I'm not messing with my functioning setup. For me, my main goal was to set it up so that I can get clear video of the flying squirrel onto my raspberry pi. Also HClX was/is cooking up a way to do it from an SD card supposedly. |
|
I successfully updated several v3 and pancam cameras back around July. |
I tried multiple versions of the firmware (reflashing with SD card) and hack (from the original that supported v3's to most recent) on my v3 while spoofing a couple weeks ago, nothing worked. Afaict we're currently sol. |
|
I got my v3 in Sept (sept 2) and flashed it. I had to use the SD card recovery method to get it to 4.36.2.5 and then use the dns spoof to actually do the Wyze hack update. |
This worked for me on my WYZECP1_JEF! Thanks. |
|
@genevera Which version of Wyze firmware were you running on your camera before installing the hacked firmware? |
|
Any situation that would cause the sd card firmware recovery method not to work? I'm on stock RSTP firmware, but when I put an older standard firmware on the microSD, name it properly, power it on with setup pressed, it just boots up per normal and ignores the SD card. |
|
@evanheckert have what size / format is your SD card? The support for larger sizes is a bit buggy and may not be present at the stage where an SD firmware recovery occurs. It needs to be fat32 and not exfat to work. |
|
As of December 28 2021 the WyzeCameraLiveStream still works just downgraded from RTSP firmare to 4.36.0.228 to go back to WyzeCameraLiveStream which in my opinion works better than RTSP installed DNS server using Dnsmasq following this guide: dnsmasq spoofing my dns server: 192.168.1.245 ( raspberry pi 4 using raspbian lite ) run dnsmasq or some other DNS server and spoof s3-us-west-2.amazonaws.com to the computer you will run the script from. In my case, I used a rasbperry pi for dns serving. This involved (1) adding a line to hosts of s3-us-west-2.amazonaws.com 192.168.11.4 (2) changing the DNS server choice on the DHCP server to the ip of your spoofing DNS server (in my case 192.168.11.11)
Manually set the url inside the to http://s3-us-west-2.amazonaws.com/wuv2/upgrade/WLPP1/firmware/1.2.0.80a.bin
The port used must be port 80 (since it's checking urls I doubt it will work with another port). Note that the default port if you use remote_install.sh is not 80 On OSX, I had to use sudo to avoid getting "PermissionError: [Errno 13] Permission Denied" Flashing command:
|
I am having so much trouble with this lol. I have a wyzecam v3. My camera has been downgraded to 4.36.3.19 to attempt the hack. After 3 days of attempting, I thought I had it. Running the command you gave pushed the update to my camera. After it rebooted and connected back to my wifi I attempted a telnet, it was refused...so the hack did not successfully install. I see that everyone says to use 4.36.0.280 to install the hack, then upgrade..but here's the kicker. When installing anything below 4.36.3.19, my cameras absolutely REFUSE to connect to my wifi network. I have left the cameras alone after the firmware downgrade, I have pressed the setup button to try and force it to reconnect, nada. I do have dualband running on my router, which I had hoped setting it to seperate ssids would solve the issue..attempted to connect it to the 2.4ghz network, no dice. The camera just continues flashing red and blue lights attempting to connect to a network. So now even if I am on an exploitable firmware, I cannot connect to it to run the script and push the hack to the camera... I have even plugged in a usb wireless adapter, set up a 2.4ghz hotspot on my laptop and the camera does not even attempt to connect.. Any help is appreciated |
|
I have a suspicion that Wyze would be using a wyze CNAME and not the underlying AWS URL. I have not done a packet capture to verify this, but it isn't hard to do and verify. So, although using the AWS URL spoof is working, verifying the original DNS request would likely be the most future-proof. I finished upgrades earlier today so need to wait, or downgrade one, to get that detail. |
|
@HclX would you happen to have a copy of mtdblock0 with the md5 of 5cd21257d6a23da5833caf37e1971e2c (got this from your v2 branch)? None of my camera's have this bootloader... trying to flash modified rootfs from sd. |
and others
Wyze Cam v2 with FW: 4.9.6.241
Failed with wyze_hacks_0_5_07 and wyze_hacks_0_5_08
Pushing firmware to this device? [y/N]:y
INFO:root:Serving firmware file './firmware.bin' as 'http://192.168.0.1:11808/firmware.bin', md5=11567104604de4f4cc8f4633bc6c33f4
Traceback (most recent call last):
File "./wyze_updater.py", line 362, in
args.action(creds, args)
File "./wyze_updater.py", line 260, in update_devices
push_update(creds, dev_info['product_model'], mac, url, md5)
File "./wyze_updater.py", line 163, in push_update
return run_action(creds, model, "upgrade", mac, {"url": update_url, "md5": md5, "model": model})
File "./wyze_updater.py", line 160, in run_action
custom_string="", action_params=params)
File "./wyze_updater.py", line 140, in device_api
raise RuntimeError('Request failed, error %s:%s' % (rsp['code'], rsp['msg']))
RuntimeError: Request failed, error 3005:UnauthorizedOperation
The text was updated successfully, but these errors were encountered: