It is amazing what you can get for a few dollars. The Digoo BB-M2 WiFi IP camera is no exception and you can get even more out of it with a few simple tricks that some clever people found out. The camera offers 720p streaming, it contains to stepper motors to remote control the direction and it also has two-way audio capabilities. I guess in no time we will have some cool projects built around it.
Out of the box features
Even without hacking the camera has a lot to offer and I’m just going into the ones I found worth mentioning. The camera has a web interface (listing on port 81) providing different modes of acquiring a stream of images and adjusting the settings. I also managed to watch an rtsp stream on my Mac using VLC. Also surprisingly good is the IR feature which lets you basically see several meters into the dark. You can control the direction of the camera with relatively small steps and the web interface allows you to record and then recall fixed positions, e.g. one pointing to the door, one to the window etc.
The web interface is not very secure which makes it easier for unfriendly but also friendly take-over. The following request lets you move the camera to the left one step:
Such a request can be easily issued from a shell script or an ESP8266 to control many features of the camera (hint, hint!).
Here are some commands I reverse engineered until now:
- command=0: move camera up
- onestep=0: endless
- onestep=1: just one step
- command=1: stop move up (this will be the same for all odd numbered commands)
- command=2: move camera down
- command=4: move camera left
- command=6: move camera right
- command=31: move camera to preset
- command=0: move camera up
Getting command line access
Some clever guys (read posts here and here) also found out how to get command line access. The root password could not be cracked (as far as I know) but you can add scripts to the writable part of the filesystem which will be executed automatically during boot up of the camera. To get telnet access do the following:
- Open ftp settings
- Enter the following as ftp-server: $(killall telnetd)
- In the field user enter: $(telnetd -l /bin/sh)
- Now click on set up, then on test. This will load a page with the error message “Test … Failed. Can not connect to the server”. This is expected and will start a script that will run as root
- Now you can access telnet without password, e.g. telnet CAMERA_IP 23
There is still some reverse engineering todo. Some guys tried to crack the root password to circumvent the ftp hack but that did not succeed yet. Please leave a comment when that changes.
The Digoo BB-M2 camera is an affordable IP camera that you can hack and extend for your own needs. I recently created a time lapse movie to show my daughter that fresh water freezes quicker than salt water on our balcony (in Swiss winter):
Where to buy
Digoo BB-M2 Camera from Banggood (at the time of writing for as little as $20). Use this Coupon-Code to save 15%: BGhouse
A ridiculous amount of coffee was consumed in the process of building this post/project. Add some fuel if you'd like to keep me going!