Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Official Wyze Cam V3 RTSP firmware support? #138

Open
satmandu opened this issue Sep 23, 2021 · 21 comments
Open

Official Wyze Cam V3 RTSP firmware support? #138

satmandu opened this issue Sep 23, 2021 · 21 comments

Comments

@satmandu
Copy link

satmandu commented Sep 23, 2021
edited
Loading

RTSP firmware has now been released for the Wyze Cam V3: https://download.wyzecam.com/firmware/rtsp/demo_v3_RTSP_4.61.0.1.zip
https://www.reddit.com/r/wyzecam/comments/pu4hij/wyze_cam_v3_rtsp_firmware_beta_test_9232021/

Any chance of this getting this supported so we can do things like enable USB ethernet?
@satmandu satmandu changed the title Official Wyze V3 RTSP firmware support? Official Wyze Cam V3 RTSP firmware support? Sep 23, 2021
@satmandu satmandu mentioned this issue Sep 23, 2021
Open
@jassycliq
Copy link

jassycliq commented Nov 15, 2021
edited
Loading

Thanks to @HclX, I was able to use the tools they provided to create a version that works with the RTSP firmware.
Just a reminder that you have to be running the RTSP firmware already in order for it to work. This is the link

@evanheckert
Copy link

I thought they'd blocked the DNS spoof method that allows this to be installed?

@jassycliq
Copy link

jassycliq commented Nov 16, 2021
edited
Loading

From my understanding:

  • In later firmwares, Wyze started forcing https and also removed telnet
  • In the API, Wyze is now checking the urls provided to the cameras for the upgrades

@HclX Has done some great work and has a working update that you have to download separately from their WyzeUpdater repo

Finally, the following command is what I used alongside their updated WyzeUpdater:
./wyze_updater.py --token ~/.wyze_token update -d <camera_mac> -f directory/to/hacked/firmware.bin --url-host 's3-us-west-2.amazonaws.com' --url-path 'wuv2/upgrade/WYZE_CAKP2JFUS/firmware/4.36.3.19.tar' -p 18080

Final Edit:
Also, reminder that you need to be redirecting s3-us-west-2.amazonaws.com for your whole network to the computer running the script.

@evanheckert
Copy link

I haven't figured out how to successfully create the DNS spoof sadly. I'll keep googling for instructions. I'm embarrassed that I'm needing my hand held so much.

So the order of operations at this point is:

  1. install factory RTSP firmware (done and working)
  2. Download WyzeUpdater master and extract
  3. Download the v0.6.0 you linked to above and extract
  4. Put config.inc and firmware.bin into the Upgrade folder
  5. Turn on DSN spoofing
  6. Run the command you shared above, swapping out the camera's mac address, and change the firmware director to '''./Upgrade/firmware.bin'''

And that should use wyzeupdater to install the 0.6.0 firmware?

@jassycliq
Copy link

jassycliq commented Nov 16, 2021
edited
Loading

I would turn on your DNS spoofing as soon as possible. I'm not too familiar with networking but I've had issues with dns caching in the past. Other than that, what you wrote looks good up to the config.inc portion, that goes on root of SDCard.

For my DNS spoofing, I use PiHole as my networks DNS server and then just added the s3 domain to the local DNS record.

@evanheckert
Copy link

@jassycliq Thanks for the replies! I couldn't see how to do it in Adguard Home, so spun up a Pihole instance and a traceroute shows that calls to aws server redirect to my laptop's IP Address.

I run this command:

./wyze_updater.py --token ~/.wyze_token update -d "7c:78:b2:94:0c:4d" -f /Users/evanheckert/Downloads/WyzeUpdater-master/Upgrade/firmware.bin --url-host 's3-us-west-2.amazonaws.com' --url-path 'wuv2/upgrade/WYZE_CAKP2JFUS/firmware/4.36.3.19.tar' -p 18080

I've tried with and without the doublequotes around the Mac address, but still get:

INFO:root:Trying saved credentials from /Users/evanheckert/.wyze_token.
INFO:root:Checking device, mac=7c:78:b2:94:0c:4d
Traceback (most recent call last):
  File "/Users/evanheckert/Downloads/WyzeUpdater-master/./wyze_updater.py", line 433, in <module>
    args.action(creds, args)
  File "/Users/evanheckert/Downloads/WyzeUpdater-master/./wyze_updater.py", line 268, in update_devices
    dev_info = get_device_info(creds, mac)
  File "/Users/evanheckert/Downloads/WyzeUpdater-master/./wyze_updater.py", line 148, in get_device_info
    return device_api(creds, URL_V2_GET_DEVICE_INFO, SV_V2_GET_DEVICE_INFO, device_mac=mac, device_model=model)
  File "/Users/evanheckert/Downloads/WyzeUpdater-master/./wyze_updater.py", line 132, in device_api
    raise WyzeApiError(rsp)
__main__.WyzeApiError: {'ts': 1637038554880, 'code': '3001', 'msg': 'DeviceInfoNotExist', 'data': {}}

I'm completely certain that the MAC address is correct, as both Opnsense and Ruckus Unleashed recognize a new device with manufacturer Wyze with the same IP Address that the Wyze app uses in the RTSP address. The RTSP stream works as well.

Any thoughts?

@jassycliq
Copy link

Don't use the colons for your mac address and its without double quotes.

@evanheckert
Copy link

egads, progress!

The light is now solid purple, with a brief moment off every second. I haven't heard the voice say "installing" or anything, but the CLI is still adding dots. Would that suggest that the camera is not finding the served file?

@jassycliq
Copy link

Hmmm, not to sure. For me it only takes a few seconds to finish.

.......................................................................... is what my console shows by the time it finishes.

@evanheckert
Copy link

Another step - so check opnsense logs, and it was making it through to amazon - apparently my AP's interface had a DNS override to AdGuard Home then google, so it wasn't hitting pihole. Fixed that, and this time the log showed up in Pi-hole as:

Type: AAAA
Domain: a24rq1e5m4mtei.iot.us-west-2.amazonaws.com
Client: 192.168.1.145
Status: OK (cache) 
Reply: IP (0.0ms)

And while it took about the same amount of dots as you just shared, I got no voice feedback as expected. Though I just tried telnet 192.168.1.145 and got wyze-car-cam login:, which means it worked, right?

@jassycliq
Copy link

Another step - so check opnsense logs, and it was making it through to amazon - apparently my AP's interface had a DNS override to AdGuard Home then google, so it wasn't hitting pihole. Fixed that, and this time the log showed up in Pi-hole as:

Type: AAAA
Domain: a24rq1e5m4mtei.iot.us-west-2.amazonaws.com
Client: 192.168.1.145
Status: OK (cache) 
Reply: IP (0.0ms)

And while it took about the same amount of dots as you just shared, I got no voice feedback as expected. Though I just tried telnet 192.168.1.145 and got wyze-car-cam login:, which means it worked, right?

Yup telnet isn't started on original fw, login info is in one of the other threads on mobile now so can't link.

@evanheckert
Copy link

So now that we've had success installing on the factory RTSP firmware, is there a working method for ethernet usage?

@Vendo232
Copy link

Vendo232 commented Dec 29, 2021
edited
Loading

@evanheckert
I was able to enable temporary Telnet using this process. I wanted to install WyzeHack Stream and it did install it but I assume due to temporary Telnet it does not work after reboot.

I`m unable to enable the telnet permanently per this instruction

To make it permanent, all you need is telnet into it and modify /system/init/app_init.sh by removing the comment before line /system/init/run_telnet.sh &

because the app_inst.sh is REDA ONLY. any idea what to do?

@jassycliq
Copy link

@evanheckert
I was able to enable temporary Telnet using this process. I wanted to install WyzeHack Stream and it did install it but I assume due to temporary Telnet it does not work after reboot.

I`m unable to enable the telnet permanently per this instruction

To make it permanent, all you need is telnet into it and modify /system/init/app_init.sh by removing the comment before line /system/init/run_telnet.sh &

because the app_inst.sh is REDA ONLY. any idea what to do?

Which instructions are you following?
Which firmware version are you on?
Which command did you run?
Which repo are you using?

@Vendo232
Copy link

Vendo232 commented Dec 29, 2021
edited
Loading

Which instructions are you following?

I did this

install factory RTSP firmware (done and working)
Download WyzeUpdater master and extract WyzeUpdater repo
Download the v0.6.0 you linked to above and extract ( This is the link )
Put config.inc and camera_telnet.bin into the Upgrade folder
Turn on DNS spoofing
Run this command
./wyze_updater.py --token /home/pi/.wyze_token. update -d D03F27XXXXXX -f /home/pi/WyzeUpdater/Upgrade/camera_telnet.bin.bin --url-host 's3-us-west-2.amazonaws.com' --url-path 'wuv2/upgrade/WYZE_CAKP2JFUS/firmware/4.36.3.19.tar' -p 18080

Camera went into flashing mode, display was showing flashing progress using the dots ( never ending ) and while dots were growing the Telnet became enabled but only READONLY which as I`m reading now is normal for V3.

Question: Which firmware.bin should I use with version 0.6?

@jassycliq
Copy link

jassycliq commented Dec 29, 2021
edited
Loading

Which instructions are you following?

I did this

install factory RTSP firmware (done and working)
Download WyzeUpdater master and extract WyzeUpdater repo
Download the v0.6.0 you linked to above and extract ( This is the link )
Put config.inc and camera_telnet.bin into the Upgrade folder
Turn on DNS spoofing
Run this command
./wyze_updater.py --token /home/pi/.wyze_token. update -d D03F27XXXXXX -f /home/pi/WyzeUpdater/Upgrade/camera_telnet.bin.bin --url-host 's3-us-west-2.amazonaws.com' --url-path 'wuv2/upgrade/WYZE_CAKP2JFUS/firmware/4.36.3.19.tar' -p 18080

Camera went into flashing mode, display was showing flashing progress using the dots ( never ending ) and while dots were growing the Telnet became enabled but only READONLY which as I`m reading now is normal for V3.

Question: Which firmware.bin should I use with version 0.6?

That's intended with the firmware you used.
If you're trying to flash the firmware I posted, just input the correct file path. You extracted it and ran the correct commands but used the wrong firmware bin.

Edit: In the firmware I posted it's named: FIRMWARE_660R.bin

@revenant-81
Copy link

There is probably some hardware differences between the recent V3 and the older V3s.

I was able to install the WyzeHack onto the V3 RTSP firmware for devices where the MAC starts with "2C:AA:xx" using the WyzeUpdater python script with DNS spoofing. Telnet was available after reboot without adjustments.

The more recent V3s purchased from HomeDepot had a MAC of "D0:3F:xx". I was not able to install WyzeHack onto these devices regardless of downgrading firmware.

@revenant-81 revenant-81 mentioned this issue Jan 7, 2022
Open
@evanheckert
Copy link

I got telnet working, but not clear how to make it use ethernet instead of wifi.

@Vendo232
Copy link

Vendo232 commented Jan 8, 2022

I would like to know steps how to enable LAN as well

@inthroxify
Copy link

The more recent V3s purchased from HomeDepot had a MAC of "D0:3F:xx". I was not able to install WyzeHack onto these devices regardless of downgrading firmware.

I have D0:3F units recently purchased from HD, and I couldn't get it to install until I tried a smaller SD card. I could install the RTSP firmware first with the larger card, but after that, I needed a smaller card in the unit with the .inc file present, to apply the hacks. Maybe try a smaller SD card, if you have one, @revenant-81

@revenant-81
Copy link

@inthroxify - I was using a 32GB Sandisk. I'll try to dig out a smaller one and give it a shot. Thanks!

@crossan007 crossan007 mentioned this issue Feb 11, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@jassycliq @satmandu @evanheckert @inthroxify @Vendo232 @revenant-81