Direct access to SD card with download ability

And look at how many people have begged for this over how many years!

FWIW, I managed to get bftpd running on the stock firmware to get remote access to the recordings. Working great so far.

(All the more reason why I don’t understand why this isn’t available for everyone out of the box…)

Wait what? You can’t just drop a bomb like that and walk away. Details please! :slight_smile:

2 Likes

I’ll do a better write up at some point (and maybe even whip up a few scripts to make it a bit more user friendly?), but you can read it raw here: https://github.com/HclX/WyzeHacks/issues/64

Here’s a quick summary (I did this all on my Mac, but any *nix like system should work)

  1. Download https://github.com/HclX/WyzeUpdater/
  2. Authenticate wyze_updater.py and enumerate your camera by running: ./wyze_updater.py --user {WYZE_email} --password ${WYZE_password} list
  3. ./wyze_updater.py update -p 18080 -d YOUR_SN_FROM_STEP_2 -f firmwares/camera_telnet.bin After a few seconds you can ctrl-c to exit. (This step uses Wyze’s update mechanism to run a small script that blanks out the root password and starts telnet so we can access the system)
  4. telnet ip.address.of.camera (login as root with no password)
  5. Use vi on your camera to add /system/init/custom_init.sh & to the beginning of the existing init script: vi /system/init/app_init.sh
  6. On your computer (not on the camera, it doesn’t have openssl), generate a password hash to store on your camera so you can login with your own password in the future: openssl passwd -1 -salt <YOUR SALT> <YOUR PASSWORD>
  7. Create your custom init script: vi /system/init/custom_init.sh You can paste in this as a starting point, swap in the output from step 6 for the placeholder below:
#!/bin/sh

echo "Starting telnet..." > /tmp/custom_init.log              
killall -9 telnetd                                           
busybox telnetd &                                            
echo "Sleeping 31s so SD can mount..." >> /tmp/custom_init.log
sleep 31                                                      
echo "Setting root password..." >> /tmp/custom_init.log
umount /etc                                                                  
rm -rf /tmp/etc                                                              
cp -r /etc /tmp/                                                             
echo 'root:$1$MYSALT$1Sy1OLRk2kTa7P6fvzwp71:10933:0:99999:7:::' > /tmp/etc/shadow
mount -o bind /tmp/etc /etc                                                  
echo "Starting bftpd..." >> /tmp/custom_init.log                   
/media/mmc/bin/bftpd -d -c /media/mmc/bin/bftpd.conf               
echo "Custom init complete..." >> /tmp/custom_init.log
  1. chmod +x /system/init/custom_init.sh
  2. (someone should just host this on a non-https site so we can just wget it directly from the internet…) Download bftpd from here and copy the file over to your SD card at /media/mmc/bin/bftpd : https://github.com/EliasKotlyar/Xiaomi-Dafang-Hacks/blob/master/firmware_mod/bin/bftpd
  3. Download the bftpd config file from here and copy the file over to your SD card at /media/mmc/bin/bftpd.conf : https://github.com/EliasKotlyar/Xiaomi-Dafang-Hacks/blob/master/firmware_mod/config/bftpd.conf
    (Note, for steps 9 and 10 I just served the files locally with python and downloaded them on the camera via wget, python -m http.server 8000
  4. chmod +x /media/mmc/bin/bftpd
  5. reboot

That’s it, now every time the camera starts, it will enable telnet, set the password you specified for the root password, and start bftpd. You can now access the cameras filesystem (and SD card) with any FTP client!

3 Likes

Totally cool, and an innovative use of previous efforts. Bravo. I assume the password reset doesn’t interfere with Wyze functionality or updates? (And that you’ll have to reapply the hacks after any such update?) Thanks!

I think this will persist across updates, but I haven’t received one yet since setting it up. Worst case, you’d have to re-do steps 3/4/5.

Changing the root password shouldn’t affect anything (and is much more secure than leaving it at the stock one, which is common for everyone, especially if you’re opening up additional services like this).

1 Like

Bump

1 Like

Geez I forgot all about this. Somebody was just asking about this feature. Thanks for the bump.

Edit: Oh it was you! So glad you found this. Sorry I had forgotten about this hack.

Just confirming that yes, you do have to re-apply after each update with the bftpd mod. Files on the SD card stay at least!

1 Like

Wyze app needs the ability to record/capture/download videos from the SD card without needing to sit and re-watch the entire thing. The record button is great for short clips, but from playback there should be an option to capture a video by putting in a start and end time.
This is a standard feature with almost any other security camera system.

Also, as a side note, this should also allow you to download as a video, or as a time-lapse. It would be nice to not have to plan ahead to get a time-lapse and just download what is recorded to the SD card as a time-lapse after the event.

Bump bump

Thanks - got this working. Had to start bftpd manually though by telneting in but i’ll look into that. I didnt know how to transfter the bftpd exe and bftpd.conf using python http, so i just pulled the memory card out of the camera and transferred those files onto it maually …

1 Like

Hey, sorry if this sounds noobish. But why can’t we install dropbear via the updater so it gets sshd?

The lack RTSP, ONVIF, and/or ‘easy’ access to our content on our SD Cards would negate one purchasing a Cam Plus Subscription… and that there is, as you stated, most likely the reason that these features will never be implemented.

I hope I’m wrong, but every time I peruse these forums, I always come away from here with that very thought… if it cuts into the cash flow of Cam Plus Subscriptions, Wyze isn’t going to do anything to cut into that Cash flow source.

SJ