I picked up this 50H10L (HI3518E_50H10L_S39) based cheap POE CCTV style camera as a test for replacing the cameras we use at work to view EUTs (Equipment Under Test). the cameras we normally use are wired CCTV cameras.
The (professionally done) CD comes with a number of applications and PDFs on it…
The one useful set seems to be the Camera CMS Software.
A powerful central control software, distributed architecture, set much window, many customers and language, voice interphone, video conference, grading electronic map, alarm center, compatible with other extended product, single straight even equipment monitoring system and other function as one. Software has the function of electronic map, friendly interface, simple operation, convenient for the permission.
These are photos of the back of the Camera board, and the POE:
Looks like I can directly supply it with power and drop off the POE daughter board.
I am feeding the supplied POE / splitter thing with 12V center Positive from a small bench top PSU, and ran an ethernet cable to the network switch.
I have had a quick look at the camera to see which ports are open:
PORT STATE SERVICE 23/tcp open telnet 80/tcp open http 88/tcp open kerberos-sec 554/tcp open rtsp
There seems to be port 8899 open, and something called Sofia running on port 9527
Telnet seems to be on the username root password xmhdipc (thanks to here) for the password, once in its time to have a quick look around, the MOTD banner says “Welcome to Monitor Tech.”
# cat /proc/version Linux version 3.0.8 ([email protected]) (gcc version 4.4.1 (Hisilicon_v100(gcc4.4-290+uclibc_0.9.32.1+eabi+linuxpthread)) ) #150 Mon Jan 5 11:19:45 CST 2015 # cat /proc/cpuinfo Processor : ARM926EJ-S rev 5 (v5l) BogoMIPS : 218.72 Features : swp half thumb fastmult edsp java CPU implementer : 0x41 CPU architecture: 5TEJ CPU variant : 0x0 CPU part : 0x926 CPU revision : 5 Hardware : hi3518 Revision : 0000 Serial : 0000000000000000
Looking around the file system, there is a text file called ProductDefinition in /usr/bin with the values for Vendor: General and Hardware: HI3518E_50H10L_S39, however that is not much use when handed to google, in teh root linuxrc is a symlink to bin/busybox
Enough Playing, time to try and use the camera!
Installing Camera CMS Software on my desktop allows me to connect to the camera and change its IP address away from the default of 192.168.1.10 (mine is 192.168.1.8).
Now CMS is lovely and all, but it ain’t VLC, the path to get VLC working is add
rtsp://192.168.1.8:554/user=admin&password=&channel=1&stream=0.sdp
in the open network stream.
The camera is a little laggy, but it is not too terrible.
Interesting Security problem…
if you goto [ip address] it rewrites the url to [ip address]/Login.htm now you can type in the username admin password [blank], and login, or if that has been changed, you can type in [ip address]/DVR.htm and get past the login screen.
12 thoughts on “Cheep Chinese Camera”
Do you know if you can change the root password?
the web interface access; it is accessible only on your LAN right? is it open to the internet??
The web-interface should only be accessible from inside unless you have port forwarded to it across your router.
The root password is set and stored in the read only EPROM
thx for ur reply.
is telnet accessible from the outside?
Is it a security risk having a root password known by most people lol? it is only if they have access to your LAN right?
Unless you port forward port 23 for telnet and port 80 for http you should not be able to get to either the Telnet port, or the Web admin from outside.
the web interface…that’s port 80 right?
yep, http is port 80, https is port 443
your IP camera is accessible with the Xmeye right?
I am searching for a way to disable access of the camera via the internet. I want to use it only on my LAN.
I went into the CMS software and in settings > netservice > I unticked “cloud” but I can still access the camera via the Xmeye app
I haven’t tried the app
I wonder how the app works … it asks for the device serial number and that’s all….
I assume the camera makes a connection to a server outside your network, and the app makes a connection to the same server.
I lost my password and can not get it, do you have any idea what to do?
xc3511, is quite a common password.