I picked up this 50H10L (HI3518E_50H10L_S39) based cheap POE CCTV style camera as a test for replacing the cameras we use at work to view EUTs (Equipment Under Test). the cameras we normally use are wired CCTV cameras.

The external packaging
Helpful box markings…
Helpful box markings…
Helpful box markings…
Camera Overview
CD Software came on
POE board
Lense
Camera Overview
Main PCB
POE and Aux DC in
Lense

The (professionally done) CD comes with a number of applications and PDFs on it…

The one useful set seems to be the Camera CMS Software.

A powerful central control software, distributed architecture, set much window, many customers and language, voice interphone, video conference, grading electronic map, alarm center, compatible with other extended product, single straight even equipment monitoring system and other function as one. Software has the function of electronic map, friendly interface, simple operation, convenient for the permission.

These are photos of the back of the Camera board, and the POE:

Back of camera board
Back of POE board

Looks like I can directly supply it with power and drop off the POE daughter board.

I am feeding the supplied POE / splitter thing with 12V center Positive from a small bench top PSU, and ran an ethernet cable to the network switch.

I have had a quick look at the camera to see which ports are open: 

PORT    STATE SERVICE
23/tcp  open  telnet
80/tcp  open  http
88/tcp  open  kerberos-sec
554/tcp open  rtsp

There seems to be port 8899 open, and something called Sofia running on port 9527

Telnet seems to be on the username root password xmhdipc (thanks to here) for the password, once in its time to have a quick look around, the MOTD banner says “Welcome to Monitor Tech.”

# cat /proc/version
Linux version 3.0.8 ([email protected]) (gcc version 4.4.1 (Hisilicon_v100(gcc4.4-290+uclibc_0.9.32.1+eabi+linuxpthread)) ) #150 Mon Jan 5 11:19:45 CST 2015
# cat /proc/cpuinfo
Processor       : ARM926EJ-S rev 5 (v5l)
BogoMIPS        : 218.72
Features        : swp half thumb fastmult edsp java
CPU implementer : 0x41
CPU architecture: 5TEJ
CPU variant     : 0x0
CPU part        : 0x926
CPU revision    : 5

Hardware        : hi3518
Revision        : 0000
Serial          : 0000000000000000

Looking around the file system, there is a text file called ProductDefinition in /usr/bin with the values for Vendor: General and Hardware: HI3518E_50H10L_S39, however that is not much use when handed to google, in teh root linuxrc is a symlink to bin/busybox

Enough Playing, time to try and use the camera!

Installing Camera CMS Software on my desktop allows me to connect to the camera and change its IP address away from the default of 192.168.1.10 (mine is 192.168.1.8).

First Screen after install
Select System > Device Manager
You will first need to add a zone (Mine is called Lab 1)
Once you have your zone, you can add a device to it.
Either IP Search, or add the device by its IP addess (the default is 192.168.1.10)
with the device highlighted in the IP Search box, you can click “Edit Device” this allows you to change IP address etc.
Now back to the main screen, and in the left hand area select the zone, and camera, and then you will be able to see the camera feeds. Drag and Drop one of the camera feeds to one of the “screens” in the main body.
Remote Config allows you to make more changes to the camera, select the camera from the left
and you will be given a load of options that you can change 🙂

Now CMS is lovely and all, but it ain’t VLC, the path to get VLC working is add 

rtsp://192.168.1.8:554/user=admin&password=&channel=1&stream=0.sdp

in the open network stream.

The camera is a little laggy, but it is not too terrible.

Interesting Security problem…

if you goto [ip address] it rewrites the url to [ip address]/Login.htm now you can type in the username admin password [blank], and login, or if that has been changed, you can type in [ip address]/DVR.htm and get past the login screen.