Here are some information i collected as i tested this myself and thought that i should share it here in case someone else finds it useful

Information about the RX/TX and GND pins:

The RX/TX pins seem to use 3.3v since I used a USB to UART adapter that uses 3.3v

(Images at the bottom)

How to get root password

• "DCS-6100LH-MACADDRESS"

• replace MACADDRESS with the mac address for your camera

(for example: "DCS-6100LH-B0C5546518E7")

(the mac address can be found on the quick start guide or the underside of the camera)

• put that through a md5 hash generator and the first 8 characters of the hash should be the root password

How to Disable OSD(time overlay and dlink watermark)

• open SystemConfig.ini

• Find the OSD section and set OsdDisplayEnable to 0

• OsdDisplayEnable = 0

• this will disable the overlay

How to disable orange blinking LED

• open SystemConfig.ini

• Find The Mydlink Section

• Set light_status to 0

• light_status = 0

How to enable telnet:

• open /mnt/mtd/boot.sh

• comment out the following line:

/etc/init.d/S50telnet stop

(should be around line 140)

this will stop the telnet daemon from being stopped

Information regarding tftp and busybox:

The camera uses busybox, the syntax for the various commands can be found here: https://busybox.net/downloads/BusyBox.html

• How to transfer files

• Transferring files

example: tftp -p -l SystemConfig.ini 192.168.xxx.xxx

the above command sends a file to a tftp server at address: 192.168.xxx.xxx

--

• Receiving files

example: tftp -g -r test.txt 192.168.xxx.xxx

the above command gets a file from a tftp server at address: 192.168.xxx.xxx

General Information I found:

cat cpuinfo outputs the following:

system type : Formosa
machine : RTS3903N EVB
processor : 0
cpu model : Taroko V0.2 FPU V0.1
BogoMIPS : 497.66
wait instruction : no
microsecond timers : yes
tlb_entries : 64
extra interrupt vector : no
hardware watchpoint : no
isa : mips1
ASEs implemented : mips16
shadow register sets : 1
kscratch registers : 0
package : 0
core : 0
VCED exceptions : not available
VCEI exceptions : not available

cat version outputs the following:

Linux version 4.9.51 (root@ubuntu) (gcc version 6.4.1 20180425 (Realtek RSDK-6.4.1 Build 3029) ) #78 Wed May 6 20:32:31 CST 2020

I tried both URLs:

rtsp://@192.168.0.20:554/live/profile.1/video
rtsp://@192.168.0.20:554/live/profile.0/video

Both did not work (i replaced the .20 with the IP of my camera) in VLC, I also tried the mentioned admin@PIN-from-bottom Version, but this did also not work.

I scanned the camera with nmap and port 554 seems to be open with an detected RTSP Service.

Did I miss something here?

Hi there, I currently use two of these cameras via RTSP and go2rtc in HA.
For me the stream of the cam in HA is crashing every few minutes. Sometimes it heals itself, sometimes I have to reload the page.
I noticed that when I have the official mydlink app running and watching the stream the crashes disappear.
Does someone have an idea to block mydlink and still have stable RTSP?

Since we now have root access, it should be able to disable the mydlink stuff without blocking it from the outside.

hey,

I need help with integrating the camera into Home Assistant. Integrating as a generic camera did not work with the specified url. A stream via vlc with the url works without problems.

What am I doing wrong?

I bought a brand new camera and followed the steps:

• Ran the exploit on recovery mode
• Enabled telnet service
• Add exit on mydlink_watchdog.sh to block cloud functions
• Setup wifi credentials(WIFI_SECURITY_TYPE,WIFI_SSID,WIFI_PWD) and register_st = 1
• Reboot

All these without using the mydlink app. The problem is that, while camera connects successfully to my AP, the only open port is 53, RTSP and telnet ports are closed and red light is flashing. Telnet and RTSP are only available when booting in recovery mode.
Do I need to setup anything extra in SystemConfig.ini, is there any initialization with mydlinkapp needed?
I also tried downgrading to firmware 1.01 but nothing changed. Any help is appreciated!

It seems to be almost impossible to change wifi hotspot after it is first set. I bought 12 of this camera on sale, and have only tested 3 of them. When you set the wifi connection the first time, everything works ok, that is connecting from the phone app and setting up the wifi (using scan) works great. The problem is if you want to change wifi hotspot (testing some different wifi hotspots with Raspberry Pi and others). Downgrading firmware works ok, but setting up the camera through the app now seems quite impossible . Have uploaded new firmware (tried different versions) numerous times now, but connecting from the phone app seems now kind of impossible. After the first step after the scan of the label it now just hangs, for both cameras. I guess I just have to return those back to the shop.

Hi, I've spent a night to play around with that platform
The information might be useful for others which want to play around a bit more

Be warned - without a dump you cannot recover most of the system since the update packages are "incomplete"

Root access can be achieved quite easy:

• connect uart (115200, near the usb port)
• press a button to stop uboot from booting
• enter setenv bootargs console=ttyS1,9600 init=/bin/sh root=/dev/mtdblock3 rts-quadspi.channels=dual mtdparts=18030000.spic:16384k@0(global),320k@0k(boot),2304k@320k(kernel),3584k@2624k(rootfs),7744k@6208k(userdata),2048k@13952k(userdata2),384k@16000k(userdata3)
  and boot
• change baud rate to 9600
• passwd root 2x enter and you've opened pandoras box
• reboot afterwards
• (Enable telnet)
  The shadow file in /mnt/conf/ from multiple devices would be quite helpful since I somehow set the password before dumping it... oops

Cutting the Cloud is just as simple:

• vi /mydlink/mydlink_watchdog.sh press i, add exit under #!/bin/sh, press esc, type :wq and enter
  (Needs to be checked, from looking at it in ghidra these are the cloud services - somehow the streamer still reported occasional connections from an Orange ASN, could be a bug or my network equipment)

Now how do we get the camera into the wifi without any app?

• vi /mnt/conf/SystemConfig.ini
• set WIFI_SECURITY_TYPE = 5 WIFI_SSID = [B64-Encoded] WIFI_PWD = [B64-Encoded] register_st = 1
• reboot

How can the Stream be accessed?

• Get the login/pass from the [ONVIF] section of SystemConfig.ini
• rtsp://[CAMERA IP]:554/live/profile.0/video

How can the update package be decrypted?

• Hold the reset button for 5 seconds, go to the firmware recovery page
• Upload the firmware you want the keys for (they probably come from da_adaptor, seed is quite obvious in the header of the update file)
• Seed, Key and IV plop out on the Serial port - decrypt with openssl aes-128-cbc -d -p -nopad -K "KEY" -iv "IV" -S "SEED" -in UPDATE.bin -out dec.bin
• Use binwalk to explore the package

Other infos:

• The aoni_ipc binary of the first upload package comes with debug symbols
• Support for OpenIPC could be added
• SDcard and speaker can be added (see this)
• Just use tftp to copy data...

For 15€ that thing is quite nice and seems to feature some interesting hardware features

"When attempting to execute this command at step 7, I consistently encounter an error stating:

Ncat: Connection refused by the target computer.

I've exhausted various troubleshooting steps, such as opening ports and disabling the firewall, yet the issue persists."

(AI used for translation) sorry

Or did you add it to mydlink and just block the network traffic?

Hi,
firstly thank for making this great repo. Maybe you already mentioned it, but i couldnt find anything about it.

My question:
Did you also find a link, that only shows the current frame/image?

Cause i want to integrate my camera into Home Assistant and it seems to only work (at least for me i guess) when a Still Image URL is provided.

Thanks

So i'm getting tired of not having the correct time on my cameras that i block from reaching the internet.
I've figured out thanks to another post here that it seems to use ntp1.dlink.com to set the time so i tried rewriting that to my local ntp server via pfsense but no dice.
Should be a no brainer as i need to do this with other cameras, here is a pic on the pfsense config.

I'm i missing something here, maybe these cameras use sntp or something else i'm not taking into account ?

Hey. So is the highest firmware for RTSP 1.01?

Hi,

so far this camera is nice - yet i havent found a skill to "enable surveilance" or disable it. Easiest way would be a Skill to switch mydlink scenes from "away" to "home" and vice versa - but via Alexa.

can i write an app (one for Linux-root; one for Android) on my own so i dont have to use mydlink? i only need this features:

• installation of Camera (connect to local WiFi, settings etc)
• auto-start recording (15s) after motion detection (server runs vlc and saves incoming rtsp as flv/mp4)
• Privacy-Mode
• live feed (plus screenshot and video recording)
• motion detection and notification via whatsapp with link to mp4 and screenshot
• Alexa features: show Camera (Alexa, show Frontdoor Kamera); Privacy-Mode on/off (Alexa, start/stop surveillance camera)

where do in find documentation for this? :)

Hello,

I'm wondering if you could provide the links as well for older firmware to what the DCS8300LHV2 uses?

Or where did you get hold of the links provided in your tutorial? It seems you need a Dlink company email to be able to login and browse for firmware there.

/B.R. csoM