Some quick searching found that this same chipset is used in countless other IP cameras. However this model differs from most in that it does not try to connect to a remote server where video would be stored and viewed. Instead this device displays its video stream directly to its companion app on a smartphone connected to the WiFi network it creates. I found Alex Porto's blog posts about reverse engineering another camera based on the same chipset and used them as a guide on how to get started reverse engineering the iNite. Wireshark showed traffic between my computer and the camera, but didn't provide any meaningful information other than that the camera's IP address was 192.168.39.1. A scan with nmap showed 4 ports available:
- telnet on port 23 (!)
- a lighttpd server on port 80
- an irc server/ backdoor? on port 6666
- something else on port 8000
Let's try that telnet port. Will it be as easy as logging in as Root?
Success! That was easy. The camera has serial port pads labeled on the board, but since we have telnet working we don't need them. What can we learn about this camera?