Digoo BB-M2: Hackable cheap WiFi camera

Do you like this post? Writing posts, developing libraries and programming online font creators is actually hard work. I order most of my electronics from a Chinese website called Banggood. It is save and the items usually arrive in good quality. With every order you do there by following this link you are supporting the blog. Thank you!

It is amazing what you can get for a few dollars. The Digoo BB-M2  WiFi IP camera is no exception and you can get even more out of it with a few simple tricks that some clever people found out. The camera offers 720p streaming, it contains to stepper motors to remote control the direction and it also has two-way audio capabilities. I guess in no time we will have some cool projects built around it.

Out of the box features

Even without hacking the camera has a lot to offer and I’m just going into the ones I found worth mentioning. The camera has a web interface (listing on port 81) providing different modes of acquiring a stream of images and adjusting the settings. I also managed to watch an rtsp stream on my Mac using VLC. Also surprisingly good is the IR feature which lets you basically see several meters into the dark. You can control the direction of the camera with relatively small steps and the web interface allows you to record and then recall fixed positions, e.g. one pointing to the door, one to the window etc.

 

“REST” API

The web interface is not very secure which makes it easier for unfriendly but also friendly take-over. The following request lets you move the camera to the left one step:

http://CAMERA_IP:81/decoder_control.cgi?loginuse=&loginpas=&command=7&onestep=0

Such a request can be easily issued from a shell script or an ESP8266 to control many features of the camera (hint, hint!).

Here are some commands I reverse engineered until now:

  • decoder_control.cgi
    • command=0: move camera up
      • onestep=0: endless
      • onestep=1: just one step
    • command=1: stop move up (this will be the same for all odd numbered commands)
    • command=2: move camera down
    • command=4: move camera left
    • command=6: move camera right
    • command=31: move camera to preset

 

Getting command line access

Some clever guys (read posts here and here) also found out how to get command line access. The root password could not be cracked (as far as I know) but you can add scripts to the writable part of the filesystem which will be executed automatically during boot up of the camera. To get telnet access do the following:

  1. Open ftp settings
  2. Enter the following as ftp-server: $(killall telnetd)
  3. In the field user enter: $(telnetd -l /bin/sh)
  4. Now click on set up, then on test. This will load a page with the error message “Test … Failed. Can not connect to the server”. This is expected and will start a script that will run as root
  5. Now you can access telnet without password, e.g. telnet CAMERA_IP 23
Digoo BB-M2 Camera – FTP settings for telnet access

There is still some reverse engineering todo. Some guys tried to crack the root password to circumvent the ftp hack but that did not succeed yet. Please leave a comment when that changes.

Digoo BB M2 Console after connecting by telnet

Summary

The Digoo BB-M2 camera is an affordable IP camera that you can hack and extend for your own needs. I recently created a time lapse movie to show my daughter that fresh water freezes quicker than salt water on our balcony (in Swiss winter):

 

Where to buy

Digoo BB-M2 Camera from Banggood (at the time of writing for as little as $20). Use this Coupon-Code to save 15%: BGhouse

 

 

Posted by squix78

2 comments

  1. Amazing price for the hardware, but it seems crazy to me to put such an insecure camera on my network.

    It’d be awesome if one of these cheap camera makers released the source for what is surely an embedded Linux distribution to begin with. My guess is that they are violating the GPL as it is. It would be a huge hit in the Maker community.

  2. So is it possible to password protect it or something like that? So people outside the local network can’t see my feed?

Leave a Reply