WyzeHacks

This project contains a set of scripts trying to provide additional features not implemented by the official firmware. Currently, it provides the following functions:

1. Enable telnetd on your camera.
2. Customize the default root password for telnet login.
3. Redirect all the recordings to an NFS share.
4. Redirect console logs into an NFS share.
5. Automatically reboot the camera at certain time.
6. Automatically archive the recordings.

Release notes

0.5.08

• Fixing device hostname
• Including device model in hostname
• BREAKING CHANGE: The custom hostname config variable is renamed to CUSTOM_HOSTNAME due to naming conflict with some device models
• Merged PR130 for large NFS partition support

0.5.07

• Fixing the "network disconnected" issue on latest v2/pan beta firmware.

0.5.06

• Support v3 cameras with root fs version 4.36.0.112 and 4.36.0.56.

0.5.05:

• Including v3 init into the default installation process.

0.5.04:

• Fixing hack not persisting through 4.X.6.241 update.
• Getting rid of all the init file specific modifications.
• Supporting the new logging method used in 4.X.6.241.
• Stopping spamming log messages.

0.5.03:

• Fixing broken SD card simuation on latest v3 firmware (4.36.0.252)

0.5.02:

• Fixing an install issue with RTSP firmware.
• Fixing an issue with NFS connectivity detection.
• Adding a customizable threshold for NFS connectivity detection.
• Making sure telnetd is enabled before NFS mount.

0.5.01:

• Auto update and auto config are now checked every minute.
• Fixing config update mechanism.
• Changing auto reboot to use local time.
• Moving logs to a different directory.
• Support telnetd and physical SD card when NFS_ROOT is not specified.
• Refreshing ifconfig.txt every minute.
• Better method for SD card insertion simulation.
• Removing dummymmc kernel module and uevent_recv/uevent_send binaries.
• Adding uninstallation method.
• Moving v2 installation location from /params to /configs.
• WIP v3 camera support (require special steps, see tools/v3/README.md).
• Tested on firmware 4.9.6.224 (V2), 4.6.10.224 (PAN) and 4.36.0.228 (V3).
• Reducing wyzehack binary size by excluding some sound files.

0.4.04:

• Adding support for latest firmware (4.9.6.218, 4.10.6.218).
• Adding support of custom script.
• Adding support for automatic config and wyzehack update.
• Adding support of customized hostname.

Note: Wyze made some changes in version 4.x.6.218 cuasing it really hard to install wyze hacks non-intrusively. So I have to make some version specific changes, and there may be more version specific changes coming later if they changed it again. This means we may need more frequently releases than before (worst case for every stable firmware). This is why I added auto-update mechanism in this release to make my (and others) lives easier in future.

0.4.03:

• Adding notification volume control.
• Reducing the emulated SD card to 128GB to avoid issues.

0.4.02:

• Adding an option to prevent wifi disconnecting.
• Integrating TOTP based 2FA.
• Supporting camera directory name containing space characters
• Detecting stale NFS connection.

0.4.01:

• Detecting NFS unmount and automatically reboot the camera.
• Fixing SD card size to properly support large NFS shares.
• Fixing config.inc.TEMPLATE comments

0.4.00:

• Support firmware version 4.9.6.156 (WyzeCamV2) and 4.10.6.156 (WyzeCam Pan).
• Due to new firmware blocking SD card installation, a new remote installation method has to be used.
• SD card size emulation to make sure the hack works with large NFS shares.
• Support NFS mount command line options in config file.

Download and installation

The latest release archive can be found in the [release folder] (https://github.com/HclX/WyzeHacks/tree/master/release). You will need to unzip the release archive before proceed. Depending on the firmware version your camera is running, you may have two or three different approaches to install the hack.

Remote install using remote_install.sh

This installation method emulates the Wyze App protocol to push the update to a running camera. You will need the following for installation:

• A Linux-like environment with Python3.7 installed. If you are using linux, it shouldn't be a problem. MacOS might also work but I didn't test that. WSL on Windows, unfortunately, doesn't work due to its isolated network settings.
• The target camera should be in the same network to which your Linux environment connects. If your camera is running in isolated vLAN, you may need to adjust it temporarily.
• The target camera should be in a working condition which means you can see it alive from the Wyze App.

To do the installation, please follow these steps:

1. Unzip your release archive a directory, and change your current working directory to there.
2. Rename "config.inc.TEMPLATE" to "config.inc", and then update the content properly.
3. Run "./remote_install.sh"
4. First time, it will ask your Wyze account and password, and it may also ask for 2FA authentication.
5. The login credentials will be stored in a local file named ".tokens" for future use so you don't need to enter username and password and 2FA everytime. Make sure you don't share this file with anyone you don't trust.
6. The token seems to have an expiration period. So next time if you run into error with something like "Access token error" please delete ".tokens" file and restart.
7. Once correctly authenticated, it will go through all the Wyze Cameras under your account, asking you for each of them if you want to push the wyzehack onto that camera. Enter 'Y' if yes, otherwise 'N'. Press "Ctrl + C" twice to interrupt the process.
8. Once confirmed, you will hear "installation begins" from the target camera, and then "installation finished" confirming the installation.
9. When you are done, make sure delete ".tokens" file from that archive folder to avoid accidental leak of your logins.

SD card install

SD card install only works when your camera is running firmware before version 4.9.6.156 (WyzeCamV2) or 4.10.6.156 (WyzeCam Pan). You will need an SD card for this purpose. Size of the SD card doesn't matter.

To do the installation, follow these steps:

1. Prepare an SD card with FAT32 format.
2. Extract the release archive to the root directory of SD card.
3. Make a copy of config.inc-TEMPLATE to the root of SD card, rename it to config.inc, and update the content accordingly.
4. Insert the SD card into camera.
5. Wait until it says "installation finished, please remove the SD card"
6. Make sure you remove the SD card before the camera reboots as I've seen strange behavior with SD card in it.
7. Now you should have telnet, and also the NFS recording functionality.

Remote install using telnet_install.sh

This method works when you have telnet access, which is usually enabled after you installed older version wyze hacks.

Here are the steps to follow:

1. Unzip the release archive to a NFS share where you can access from the camera.
2. telnet into the device, and run telnet_install.sh from the NFS share.
3. Wait until it says "installation finished, please remove the SD card"
4. The device should reboot by itself in less than a minute and you should have the latest hack installed.

Automatically install a release on NFS share

In version 0.4.04 I added the "auto-update" mechanism allowing the camera to automatically install a release from NFS share. This feature is by default disabled so you have to manually enable it. Please check the config.inc.TEMPLATE on how to use it.

Uninstalling the wyzehacks

You can use one of the following ways to uninstall this hack:

Use the built-in uninstall feature

Starting with version 0.5.01, you can tell the camera to uninstall wyzehacks by placing a file at the following location: <CamDir>/wyzehacks/uninstall Once the uninstallation finished, you will see a file uninstall.done confirming the success of uninstallation, or a file uninstall.failed telling something went wrong with the uninstallation.

Do a manual telnet uninstall

With wyzehacks installed, you should have the telnet access available. You can log into the camera and perform the following steps (for v1, v2 and PAN):

  cp /system/init/app_init_orig.sh /system/init/app_init.sh 
  rm /params/wyze_hack.*

Once you verified the above commands finished successfully you are no longer having any wyzehacks related stuff on the camera.

NOTE: To telnet into the camera, you need the login with root user and its password, default one for v1/v2 is ismart12. PAN's default password is unknown so you will have to set your password shadow to allow you login. Check the PASSWD_SHADOW section in config.inc.TEMPLATE on how to do that.

Perform a SD card firmware recovery

This removes the wyzehacks boot straping code from the camera so that it will not be loaded by the camera firmware. However, your configuration file remains on the camera. Luckily there is not much sensentive information in that file.

Features:

NFS share naming:

The per camera NFS share was named by the camera's MAC address, but it's very inconvinent to manage if you have many cameras. As a result, a recent change now supports customizing folder names. All you need is renaming the folder from desktop to whatever you want and reboot the camera. The camera should remember whatever folder is using and will continue recording into the renamed folder. This feature is automatically enabled with latest version so no need to change anything in the configuration file to use this feature.

Auto rebooting:

Now you can control rebooting your camera at a specific time of each day. I found it's useful when you notice sometimes the device is not behaving very well after running for a couple days. You will need to uncomment a variable in the configuration file to use this feature.

Password shadowing:

The default root password for WyzeCam is wel