Photo of Terence Eden. He has a beard and is smiling.

Hacking Around With Network Cameras

· 285 comments · 1,300 words · Viewed ~120,330 times.

I was recently given 3 rather locked-down network cameras. Each camera was pre-programmed to communicate with a specific website, and only attach to a predefined wireless access point. Naturally, there was no supplied username or password.

I thought about how I might get access. Using a man-in-the-middle attack to sniff the password, or trying to dump the firmware and examine that. Sadly, all the vulnerabilities previously reported no longer work. After a little bit of thought, I went for decided low-tech solution; I hit the reset button! Yes, each camera had a recessed switch, accessible only with a paperclip, which reset the device to factory settings after holding it down for 10 seconds.

Anyway, this is my voyage of discovery with the three cameras. They are:

  • RC8221_ENRC8221 - a basic internal camera.
  • OC821_ENOC821D - an external camera with weatherproof features.
  • RC8230_ENRC8230 - a pan/tilt camera.

All of them are manufactured by Taiwanese OEM Sercomm. Annoyingly, Sercomm don't have any customer services. They mostly resell the cameras to Linksys, Cisco, Xanboo.

SerComm don't offer any firmware, GPL downloads, or much information about the cameras - so it's all very much trial and error.

Defaults

After resetting the cameras, they'll happily attach up to any wired network via the Ethernet port. Visit the IP address assigned by DHCP and you'll get to the admin panel. The default username is "administrator" - there is no password set. You can now go and fiddle with all the settings.

High Resolution Mode

The cameras are meant to be able to record at 720p - yet the user interface doesn't seem to allow it. Camera Settings Luckily, the API allows us to force the resolution.

http://192.168.0.42/adm/set_group.cgi?group=H264&resolution=4
http://192.168.0.42/adm/set_group.cgi?group=JPEG&resolution=4

Wait! What? API?!

Oh yes, all the cameras come with a variety of commands which can be controlled by simple a HTTP GET request.

Discovering The API

As I said previously, Sercomm provides no documentation. Luckily, their resellers do! EyeSpy247 have the admin manual for the RC8221. Use-IP have the admin manual for the OC821D. I haven't yet found a manual for the RC8230 - but it uses most of the same API commands. The only main addition is the ability to move the camera via its pan/tile functionality. After a bit of digging, I found a discussion on how to activate this functionality.

Up:

http://192.168.0.42/pt/ptctrl.cgi?mv=U,10

Down:

http://192.168.0.42/pt/ptctrl.cgi?mv=D,10

Left:

http://192.168.0.42/pt/ptctrl.cgi?mv=L,11

Right:

http://192.168.0.42/pt/ptctrl.cgi?mv=R,11

The manuals give all sorts of instructions, how to view video streams, get photos, set and get various options. There are, sadly, some omissions.

Sending Sounds

One of the tasks I wanted to accomplish was to make the cameras play some of the turret sounds from the video game "Portal". This is proving tricky, despite the manual's promises to the contrary.

It should be possible to POST an audio file to the cameras, either in G.726, or G.711 (a-law or u-law). Despite creating the audio files correctly, and POSTing them to the cameras - they make not a peep!

curl -vv --data-binary @alaw8k.wav http://user:pass@192.168.0.42/img/g711a.cgi
curl -vv -X POST -d @alaw8k.wav http://user:pass@192.168.0.42/img/g711a.cgi --header "Content-Type:audio/x-wav"

I get a 200 OK, and the volume is set on the camera. Most vexing!

If you think you can help, please leave an answer on StackOverflow.

Arming - or lack thereof

With my other cameras, I can send a command to arm or disarm. I don't need the motion detection to send me emails every second of the day - only when I'm out of the house.

Looking at the source code of one of the pages, it looks like it's possible to POST some data to /adm/file.cgi - but it's not clearly documented which parameters are required. It will take me some time to work through the tangled nest of JavaScript.

Email

The cameras will send video when they detect motion - although getting this to work isn't at all obvious. SMTP Settings Screen-fs8 Firstly, the password is hard-coded to be a maximum of 16 characters. If your password is "StarTrekIntoDarkness1" you're out of luck. Secondly, the "Test the Server" button doesn't actually work. It randomly gave me errors about not being able to reach the server. I struggled for hours until I discovered that the error messages were lying to me! If you enter the details correctly, and the camera has access to the Internet, it should just work.

That said, once enabled, it will happily send emails with large video attachments to you.

Video Audio

All the cameras have microphones, and all do audio triggering (sending an alert when noise levels rise). Yet none of the cameras would embed audio in with the video. When streaming over RTSP, it was possible to pick up audio from the microphone. Lowish quality, 8kHz, mono - but better than nothing. Again, if anyone knows how to get the alert videos to include audio, please let me know!

Motion Detection

Setting the motion detection area is very useful. You might want to ignore movement on the floor if you have a pet, or concentrate on a door handle. Sadly, with these cameras, you have to use IE6 or greater to set the detection area. Internet Explorer 6 Required

You can try and use the API to set areas - but without being able to see the area in question, it's an exercise in frustration.

For my needs, having full screen video detection is fine. I may have to borrow a Windows machine if that changes.

Open Source

Each camera has an embedded Open Source page at /adm/Licenses.txt which includes all the text of the relevant GPL etc.

All three cameras have the following Open Source components: Davicom Ethernet driver Linux kernel 2.6.18 wireless_tools 26 busybox 1.16.0 dhcpcd 1.3.22-pl1 ez-ipupdate 3.0.11b7 iptables 1.3.4 ppp 2.4.1 cron daemon samba client 3.06 glibc 2.8 alsa-lib-1.0.16 wpa_supplicant 0.4.5 NTP thttpd-2.25b

Interesting to note that BusyBox is an unstable release version from 2010, thhtpd supports IPv6 even though the cameras don't appear to. wpa_supplicant is ancient - that may explain why it can't cope with SSIDs with spaces in them. I presume it's the hardware which won't scan the 5GHz range. The Linux kernel is from 2006 - that's common enough in embedded systems, but I do wonder if it presents a security risk.

Security

The cameras offer an SSL connection. However, the certificate is self signed and uses MD5 with 1024 bits. Basically, a security signing which was advised against in 2010. There's no way to replace the certificate without replacing the firmware. If you are willing to trust it, the connection is secured via SSL. Secure Connection Assuming you can confirm the certificate is correct, the encryption should be sufficient to stop anyone but the NSA peeking through your cameras.

That said, the RTSP channel isn't protected by SSL. You can give a username/password, set time of day access, and restrict to specific IP addresses - but the video is transmitted in the clear.

For now, I'm keeping my cameras on my LAN with no external access to them.

What Next

At the moment, I've set the cameras up, but I'm not actively monitoring them - it's just too much work to switch each of them on when I leave for work.

So, if you can help....

  1. How do I send sound to the cameras?
  2. How do I get audio with the video alerts?
  3. How do I arm the cameras via the API?

Share this post on…

285 thoughts on “Hacking Around With Network Cameras”

  1. James says:

    Great blog, thank you for taking the time. Like you I am using the EyeSpy247 RC8221 without the EyeSpy service. Instead I use a subdomian address with port forwarding to access the device locally / remotely. Wondered though if you had any thoughts on accessing the video stream directly with preset options (i.e. 2. H264 with Flash) rather than via the pre branded page. I wish to embed the feed in to another page Thanks again.
    Reply

      1. Victor Marquez says:

        I do have a couple iCameras2, I followed your instruction and I able to get into one, and I am very sure to get into the second one, but I need to know which application I could use to record and check videos from outside of my house?
        Reply

        1. oops says:

          I keep my cameras, icam1000s, icam2s, re purposed androids, and analog cams, all on my LAN. Then I use Zoneminder on a Linux box to do all the motion detecting, recording, and streaming out to the net. It's a lot less hassle to just network one machine, maintain one file of recordings, and access all the cameras from one location. This allows me to have a varied mix of cameras but I only have to remember one password and one IP address.
          Reply

        2. peter says:

          I have one of these icamera 2. how did you do the factory reset? there is a button , but no hole to press a button internal for a paperclip. Just the outside button.
          Reply

          1. compguy65 says:

            Hello! I just found this post doing research on icamera. There should be a rubber button on back of cam. This button has 2 functions. 1st is factory reset. Hold button for 10 seconds. then it will be reset. 2nd function is hold button for 3 seconds, green light on front left blinks to learn wifi and press wps button on router. It is supposed to learn your wifi creds and connect wirelessly but it didn't work for me. I wired it direct to router and had to use Poe dongle. Power on cam and in a few seconds scan your network for any changes. Your cam should be listed. in browser type in that ip and it should get you to cam admin page. My default login was administrator and pass was blank. Hope this helps.
            Reply

  2. Peeter Indrek Solnask says:

    I had RC8221 camera. when i trayng to get some information from camera, i got "400 - bad reqest". Can i do something to use camera alone without provaider service?
    Reply

  3. Tomi says:

    Thanks Terence for a great blog! I too have a RC8221 which was locked to my service provider (Elisa in Finland). Factory reset went ok, and I got to the admin panel. Unfortunately administrator as username (password empty) doesn't work. Is it possible, that credentials might be hard coded or flashed in firmware? Do you have any hints to give how to solve this problem? Cheers! Tomi from Helsinki, Finland
    Reply

    1. says:

      Hmmm, it might be worth doing the factory reset when the camera is on the LAN but *not* connected to the Internet. It's possible that it's phoning home and then changing its password. Other that that, I don't know. Sorry!
      Reply

      1. Brian says:

        how do you reset the camera while it's on the LAN but not connected to the internet?
        Reply

        1. says:

          Assuming you have an ADSL modem - simply detach the cable which goes from your phone socket to the modem. That way you'll be able to reach all the devices on your LAN, but they won't have access to the Internet.
          Reply

    2. says:

      Hi Tomi! I also have a RC8221 and password empty doesn't work for me! Do you find any kind of solution for this problem? Jan
      Reply

      1. Mitch Brewer says:

        I had the same issue with the "default" login credentials ("administrator", blank password). It worked immediately after reset, but I noticed on the administration page that the password had dots in it (like masked characters), but since I hadn't changed anything from the defaults I ignored it. When I logged out and later tried to login it wouldn't take the blank password. So apparently simply entering the administration page populates the password field with something. I did another reset and immediately put my own password in before logging out and haven't had any issues since.
        Reply

        1. says:

          The correct default/factory "username" and "password" for the OC-810-ADT which should be the same on all the OC-*** variants and re-brands are as follows: UN: administrator PW: password *NOTE: The password shouldn't, nor in my experience has never been defaulted as with these models. Hope this helps if the answer has not already been posted by now.
          Reply

  4. Veritas Acerbum says:

    Have you checked out this? http:// ipaddress /img/media.flv
    Reply

  5. Tom says:

    Terrence, Do you have any idea as to how to set the fixed IP address pf the Xanboo cameras?
    Reply

  6. Anne newland says:

    I have 2 network cameras and other stuff which will become obsolete when ATT Remote Monitor (Xanboo) disappears on 6/13. I am searching for a way to still be able to use the cameras without the Attrm website. However it all seems very complicated after reading the above, and I am not tech savvy. I will first try to reset one camera with a paper clip.
    Reply

  8. Diego says:

    Im trying to connect the OC821D to the wireless, but i couldn't..i tried with two differents routers, but the camera never connect. With cable works perfect, but is a wireless camera, so i want to put it outside without cable.
    Reply

    1. says:

      You need to connect to the camera via the ethernet cable - then tell it to scan for wireless networks. Once you've typed in your password you should be able to do a test connect. If that works, save everything then unplug the cable and reboot the camera.
      Reply

  10. Adam Smith says:

    I have had good success setting up the Sercomm iCamera1000. It is very similar to the RC8221 in just about every way - minus a few features. In your blog, you mention issues with the email setup. The screenshot you include even shows that you are using a Google SMTP server. I am trying to do the same thing. Motion is being detected and email is NOT being send. I am guessing it is some random problem. Error message from the Log: "SMTP: Failed to send E-mail to @gmail.com." I felt like it is a problem with SSL/TLS, as the only authentication option is "SMTP authentication." It would seem that the software does NOT support SSL - which seems crazy given that you set yours up to utilize port 465 - which is for SSL. Any insight here? thanks for the great blog and very helpful information on this particular topic. regards, -=Adam
    Reply

    1. says:

      Hey, Might be worth trying it with your ISP's SMTP servers. If that doesn't work - it looks like you're out of luck. Sorry. Terence
      Reply

      1. says:

        I've been working on a little Java application to work around being able to send attachments to gmail on the iCamera-1000. This works pretty well for me anyway, I've put up on my github today. But my next question is, what is the url to post to trigger an http event?
        Reply

        1. Jas says:

          Can you post the url to your github and more information on how to setup gmail smtp on these cameras. Thanks.
          Reply

          2. says:

            I don't use the camera to actually send the email, rather to post an event to my app which then will send the email. Although, in the time since I posted and now I've gone beyond just emailing when the camera sees motion. I'm adding zigbee sensor triggers and triggering the camera that way as well. Eventually, I'll add camera streaming as well, partly because the firmware on my cameras is old, and partly because I want to see if I can make my own home security system based on a Raspberry Pi and Java. I can find others true but I want to write my own completely open source. But to answer your question; https://github.com/djr4488/camera-notifier
            Reply

            1. Y C says:

              Danny, how do you invoke your app upon an event trigger? I got the following message: HTTP-NOTIFY:Failed to connect the HTTP notification server. All I did was to put the full URL in the URL field in the HTTP(S) notification.
              Reply

              1. Danny says:

                Y, I'll need to pull out he cameras here again shortly. If it is alright I'll get you an answer by Sunday, been insanely busy at work the few weeks and am hoping that maybe I'll get some time off soonish.
                Reply

              2. Danny says:

                I updated the readme as I have added other things to my app between the time I originally wrote the readme and now. So there are a few more steps that involve using the swagger interface(only UI I have for the moment. Hopefully that readme will help, if not let me know.
                Reply

    2. Bittoo says:

      Hello, Were you able to solve the email alert problem I am having the same issue and tried three different email address but no luck.
      Reply

  11. Anne newland says:

    I lost the use of both my network cameras and other devices Friday when Att remote monitor website shut down. I've been trying and trying and reading all info available, and today I was able to reset one camera successfully and somehow acess it, so now I can see it from my computer but only locally...I have not been able to find the local address for the other camera yet, it is a Sercomm rc 4020, does anyone have any ideas? Also what's the best way to get acess from the Internet for the camera I can now access? Thank you!
    Reply

  12. Johnny says:

    How can I do a hard reset, my power light is bliking and then after a minut or so all lights come on and does it again and again..
    Reply

    1. says:

      For a full factory reset, push a paperclip into the little hole, hold it there, and turn on the camera. After 30 seconds, the lights should start flashing and the camera should be in its factory state.
      Reply

  13. Johnny says:

    Perfect I did that but the power light keeps blinking and doesnt stop, any suggestions?
    Reply

    1. says:

      Blinking power means you are not on a network You don't tell us the model of your camera. The RC82390D defaults to 192.168.0.99 when it is reset. The default UserId is "administrator" and password is "" (i.e., none). I assigned a fixed IP address at 192.168.0.10 and put an ethernet cable between the PC and the 8230. Entered 192.168.0.99 into the browser's URL and VOILA, I had the camera! From there, I could program the proper network and the wireless picked it right up! I found the manual as an attachment to the FCC listing!!! https://fccid.io/document.php?id=1687444
      Reply

  14. Anne newland says:

    I succeeded in finding the local address for the Sercomm RC 4020 camera, and resetting it, I think, but all I see is the following on a green background: Index of / mode links bytes last-changed name dr-x 7 97 Feb 22 2008 ./ I've been unable to get any kind of info on this model camera. If anyone has any suggestions ?
    Reply

    1. Anne newland says:

      I was able to bring up a login screen by adding user:pss before the ip address, and login with 'administrator' but all I got was another 3 lines on a green background: Index of /adm/ mode links bytes last-changed name dr-x 2 326 Feb 22 2008 ./ dr-x 2 326 Feb 22 2008 ./ dr-x 2 326 Feb 22 2008 ./ Still trying!
      Reply

  15. Anne newland says:

    I have just succeeded in viewing the camera picture! But that's all, so far. No access to setting up the camera.
    Reply

  16. says:

    My RC8030 didn't revert to the default login and password when I set it to defaults in the administrator panel. I did the paperclip reset and it allowed me to log in once but then changed it several seconds later. I reset it again and now it's working alright. Hope this helps anyone with similar issues.
    Reply

    1. says:

      P.S. there are some additional movements the API can do other than the UD/LR and center. "preset=move,104" does the calibration, for example on the 8030.
      Reply

    2. Anne newland says:

      How did you get to the administrator panel? I have a RC4020, and am unable to access the panel.
      Reply

      1. says:

        I have to reset mine several times in a row with the paperclip and then on boot I have about a 20 second window to log in with "administrator" and no password before the device automatically changes the login. If you manage this you can change the password to something you set and shouldn't have to deal with it again. One reset isn't good enough - it's usually on the third one that works.
        Reply

  17. Anne newland says:

    Thank you, I will give this a try! It is all very mysterious to me so far, though I've gotten bits and pieces of the puzzle. Not sure anyone would be interested in this though. My best success with it is that I've finally found the right terms to be able to view a small live camera picture on my local network, but I can't do anything more so far. everything seems to be based on commands that I can't find a list of.
    Reply

        1. Anne newland says:

          When I go to http://192.168.1.7/adm/file.cgi?next_file=system.htm, I get a white page with 'OK' When I go to 192.168.1.7/img/main.cgi?next_file=main.htm, same thing. However when I try http://192.168.1.7/adm/sysinfo.cgi, I get: Firmware Version: V1.0.13 Serial Number:*** I've looked at the manuals above for the cameras that seem similar, but most of the API commands don't seem to accomplish anything so far. Maybe my camera is too early a model and/or just doesn't have an admin panel? I keep trying when I have some free time!
          Reply

          1. says:

            My firmware is V1.0.09 so I would think yours should have one if you're on the newer firmware. I'm not sure what's wrong, if I enter the IP address alone it redirects me to the panel. When I got my camera out of storage (3 years) the panel was buggy until I reset to factory defaults. I'm not sure if resetting will resolve the issue you're having but if it's a similar issue it might. Here is the API command that works for me, since you can't access the panel to do it. http://192.168.1.7/adm/file.cgi?this_file=password.htm&next_file=password.htm&todo=reset If most of the API still works you could probably just download a local copy of the panel.
            Reply

            1. Anne newland says:

              Aha! I got this "Camera's config file has been reset. Camera will restart and IP address maybe change .Please use the Windows utility to locate the camera and configure it correctly for your environment.Please close this Browser window and wait for a moment." No sure how I would download a local copy of the panel, though, any hints? Also I use either an old iPhone, an old iPad, and an old Mac PowerBook. I might have to borrow a pc and see if I could find this Windows utility that is mentioned. I did see something somewhere, hope I bookmarked it, about downloading something for this camera or one similar. Hope I get some time to try this out! Thanks so much!
              Reply

              1. says:

                Basically I would save a copy of all the pages in my camera's control panel and upload them for you to download. Then you'd save them on your desktop and access the camera from there (instead of the camera's address). Since the API is the same it should work if every command was sent to the correct IP address. I'm guessing the Windows utility is used to find the dynamically given IP address or an actual tool used to access your camera. If your camera isn't using a static IP you can check your router for the new local IP (if it was given one).
                Reply

                1. Anne newland says:

                  Thanks, that sounds interesting to try! I wonder if it would work on my rather old computer, a 2003 Mac power pc laptop. I haven't done anything more since my last reply. It would be very useful to have that camera back in operation the way it was when I had the service.
                  Reply

                  1. Johnny G says:

                    Are you guys familiar with micasaverde? I'm trying to add my sercomm RC8230D but i need the http:// address for the video stream, can you guys help me please
                    Reply

                    1. says:

                      If you have a read of the manuals, you'll see that you can get videos from /img/media.sdp and RTSP from rtsp:///img/media.sav
                      Reply

                2. Craig Comstock says:

                  I was just able to do http://ip/adm/flash_dumper.cgi and got a 16mb file. The UI says F/W version: V1.0.01R03. Some interesting stuff in it from the strings program about TI UBL Version 1.51, U-Boot, tftpboot, etc...
                  Reply

  18. says:

    (Sorry in advance for the long post, but I think it'll be worth reading.) I realize that this post has been dead for a while now, but I wanted to let you know that I've got an RC8221 (Lowe's Iris model, aquired second-hand with no software or documentation) that had me confounded on configuring. I decided to go for an approach that I haven't seen before - hardware. I pulled the Flash chip, dumped it, broke it into its MTD partitions, and acquired the login credentials as well as a complete filesystem dump. I've also found that there's a factory "update" mode and it forces the camera to Ethernet IP 192.168.0.99 (and starts a webserver) for uploading firmware images, easily triggered with no additional tools - unfortunately, not a raw image, must have some form of header that I don't yet know... The username on my Lowes device is 'alertme' (makes sense, since the Iris hub is rebranded AlertMe hardware) and the password is a fairly random string, however it is stored plaintext in the firmware in two locations. I'm fairly confident that the same is true of ALL RC8221 cameras, due to its structure and placement, and I'm also confident (based upon the filesystem and config partitions storing the same password) that it's NOT encoded per-camera, more likely per-rebranding. To replicate my attempts, you'll need soldering skill, a Bus Pirate (hardware) and Flashrom (software), a serial terminal program (putty/minicom/etc) as well as a hex editor or Linux knowledge. I'd be willing to trade - my knowledge on how to do this for a dump of someone's non-Lowes firmware....of course, if someone asks, I'd be more than willing to share my knowledge without the trade. Using a hex editor, I was able to change the streams that're enabled, their default settings, resolutions, framerates, etc...as well as making WPS work to set up wireless. Also, to the original content creator here - the speaker output seems to be turned off by default in the firmware via config entry, which I switched on...haven't tested its functionality, but if you're interested in conversing I'll give it a shot.. My biggest frustration, though, is that the Lowes Iris firmware has stripped out the Web UI in its entirity! There is NO web config here, unless I'm just doing it wrong. This is why I need a copy of someone's firmware or temporary access to their device - I'm confident I can toss it on this device to fix that. If anyone still has an RC8221 and the required equipment (or would be willing to send it to me for a few days) I'd like to collaborate on unlocking my device further, or just share the knowledge of course. I have no blog of my own, and don't care to start one for a single post about an outdated device. Comment here and we'll figure out a way to talk. What I need, ideally - I'm especially interested if you have any of the following; A firmware dump of someone's non-Lowes RC8221 Physical access to someone's non-Lowes RC8221 Someone who has the right tools, and a non-Lowes RC8221 A firmware update file from ANY Sercomm device, ideally an RC8221 Thanks for taking the time to read this.
    Reply

    1. Charles says:

      I have four Lowes RC8221 and two OC821. Since I am giving up on Lowes Iris HUB (moving to Smartthings) I would like to hack into these cameras and use EyeSpy247.com service or code them to work with my Smartthings. I am very smart about things but I do not have any real knowledge about these hacks, coding, upload or flashing devises. I am willing to pay, trade and help anyone here. I could just give up these cameras and move to the next model. or we can work on them. 1. Can you share the administrator id and Lowes passcode for these device. 2. Can you explain how to flash or upload new firmware that would give me the UI interface or point to Eyespy247.com service. you can email me directly at CharlesEscutia@me.com if you would prefer. I think hacking into these cameras and using a firmware and the open source coding from Smarthings could get these working.
      Reply

    2. says:

      Hello! Would you be interested in releasing the password for the Lowes Iris camera? I have a non-Iris firmware dump that you can use if you would like, but would like the password in exchange. You can email me at bengroves@fastmail.com. Thanks!
      Reply

    3. Jeremy says:

      Danin, Would you mind sharing the password that you mention in this post? I have a couple Lowe's Iris Branded cameras and would like to try the password that you see in the firmware on my cameras, but I don't have the time or knowhow to pull the firmware from the flash chip like you've done. I looked around a bit, in case you posted it already, but I couldn't find it. Thank you
      Reply

      1. says:

        I didn't want to out-and-out post it in a public setting because ..well, security issues, yanno? Email me, I'll share it with you. Email is my username here, minus spaces, at Gmail...just in case it doesn't show up here or something.
        Reply

        1. Jeremy says:

          I emailed you at the address you described, but I will also leave my email address here. You can email me at jdub615@happy at last.us (no spaces) you can also try jdub615@williamsfam dot comcastbiz dot net if that doesn't work for some reason.
          Reply

    4. Pete Klick says:

      I have a RC 8221 and an willing to send it to you.. this post was very helpful. although I am still a little lost. would I send you some $ and a return post? let me know. thanks.
      Reply

      1. Danin says:

        I have a RC 8221 and an willing to send it to you.. this post was very helpful. although I am still a little lost. would I send you some $ and a return post? let me know. thanks. Pete - sorry for the late reply. I'm glad the post was helpful. The bottom line is, using a hardware flasher to "upgrade" the firmware is a bit tedious and beyond most people's abilities; if you don't understand what was said, you'll want to have someone who does handle it. If you're willing to send it to me for the process, all I ask is that you pay postage both ways. My time isn't particularly valuable to me, I won't ask for you to pay for me to do the modification. I just enjoy playing around with these things. You can reach me at DaninFuchs (at) gmail (dot) com - we can discuss things in more detail there, not really comfortable posting my name and address in a public location such as this.
        Reply

  19. flo says:

    Hello, I own a RC8221 and the default login is: admin / admin! a few question: 1) I have not found any options about motion capture, or send an email when move is detect, does this camera have this option? 2) Is there any android app to view the stream? which? thanks!
    Reply

    1. says:

      Flo - I'll be of limited help, since my camera has no web UI whatsoever, but I do know enough to answer some of it. 1) It appears that some options are removed in some rebrandings. If you don't show those options, it may be that your rebranded firmware has that feature removed. Do you know the origin of this camera? (Lowes Iris, Eyespy247, etc..) That'll help people figure out how to help you. 2) That depends which streams are enabled. My camera defaulted to a video-only MPEG-4 stream, and two video-only H264 streams - after reconfiguring it, it now has a video-only MJPEG stream, an MPEG-4 video stream with audio, and an H264 video-only stream. You'll need to know which streams are enabled, and find an app on Android that supports it - I know that with the Firefox browser you can just point right at the MJPEG stream and not even need an app, but there are likely other - better - solutions out there. If you aren't sure how to determine what streams are enabled, I'll do what I can to help you figure that out.
      Reply

        1. says:

          I've never seen that camera, so I can't say much about the web interface, and I've got zero experience with the SMTP options on this device. I'll get back with you if I can help. I'll leave the URLs I found for my camera's current config - try pointing firefox at the http:// ones, and VLC or MPC or some such program at the rtsp:// ones..if they work, try to find an Android app that lists the protocol for that URL. The first two .sav files can be suffixed with '?channel=2' (or 0 or 1 or whatever else, for how many streams your camera supports at once. Typically 0 thru 2) rtsp://192.168.0.196:554/img/media.sav - MPEG4, 15fps, audio (corrupt with different codec) rtsp://192.168.0.196:554/img/video.sav - MPEG4, 15fps, no audio rtsp://192.168.0.196:554/img/audio.sav - No video, audio only http://192.168.0.196/img/video.h264 - 1280x720 (H264) http://192.168.0.196/img/snapshot.cgi?size=3&quality=(5...1) - 640x480 (JPEG) http://192.168.0.196/img/snapshot.cgi?size=4 - 1280x720 (JPEG) http://192.168.0.196/img/video.mjpeg (MJPEG) http://192.168.0.196/img/mjpeg.htm (MJPEG) http://192.168.0.196/img/mjpeg.cgi (MJPEG)
          Reply

  20. says:

    Can anyone help we with a firmware dumpfor for rc8221 ? you can make the dump with 10.10.10.10/flash_dumper.cgi (your ip /flash_dumper.cgi)
    Reply

    1. says:

      Sorry buddy, 404 on mine. Even tried adding /adm/ or /util/ in the URL, since that's where most of the admin tools are. If anyone else can execute this, I'd actually be quite interested in a copy as well. On a related note, why do you need this dump? I have a manually extracted dump, but my system seems to be somewhat stripped down - if you're interested I can share it with you. Myself, I'm hoping to de-strip my own camera.
      Reply

      1. says:

        Do you have web interface on the camera? , mine has no interface. I can work with your dump, do you have a way to update the firmware without removing the flash chip? My goal is to make the web interface to work. I have the missing .htm but i get checksum error when i try to boot the modified firmware
        Reply

  21. says:

    Maybe we can combine our efforts, here. My camera also has no web interface, but you say you're trying to boot modified firmware..how have you modified the firmware? As of yet, I have no way to update the firmware without pulling the chip, but we may be able to, between us, figure out a way to do that. Is your camera an Iris as well?
    Reply

        1. says:

          Oh, awesome. Thank you so much for that. I apparently didn't get a notification that you had ever replied, or I would gladly have sent an email. This will probably help a lot of people who have these fun little cameras but can't get them to do things the way they need or want. I'll be playing with that tonight.
          Reply

        2. says:

          Well, for what it's worth, I've finally returned home from work and binwalked the firmware. Seems to be a raw image, rather than a web-flashable update. Same default IP of 192.168.0.99, username administrator, password blank. It does seem to have a call to auto register itself with http://www.eyespy247.com, though I'm not sure what it registers or why. I won't have time to flash the image onto my camera for a few days. I'd disable that, but perhaps that's just me. I'm eager, but unfortunately quite busy this week..perhaps this weekend I'll make the time. Thanks again for sharing!
          Reply

    1. Pedro says:

      Hi! Thanks for your research on this! I have bin files from two iCamera 1000s (not the same as yours, but VERY similar API and features). Were you able to call /adm/upgrade.cgi with a file you obtained from /adm/flash_dumper.cgi? Everytime I try - I get an error: "Unable to read upgrade file.", even when the bin file is from the same device.
      Reply

      1. Jim B says:

        I ran into the same problem with the iCamera2. Has anyone figured out how to process the flash_dumper.cgi export to allow for it to uploaded again? One difference is the iCamera2 dump (fw.bin) is 132mb. All of the web downloaded firmwares that I have seen for the Icamera 1000s have only been 16mb.
        Reply

        1. Jim B says:

          Nevermind. I figured it out. The flash_dumper.cgi provides a raw dump of the entire flash memory, which I believe is 128mb in the iCamera2. The upgrade scripts require a compiled file at a fraction of the size (16mb for the iCamera1000 and 32mb for the iCamera2). I have been able to successfully upgrade/downgrade the FWs across vendor platforms. The hard part was finding those files since they are typically provided in the background via vendor configured hub devices.
          Reply

          1. Antoine Ingram says:

            I have a few Icamera2 and Icamera1000, could you give a little more details on how you were able to get to the vendor configured hub, I would like to get cameras on the same firmware.
            Reply

            1. Jim B says:

              Antoine are trying to provision the cameras to a vendor hub or are going to use them standalone via something like Blue Iris? If a hub, which vendor? E.g. Xfinity, ADT, TWC, IRIS, etc?
              Reply

              1. Antoine Ingram says:

                they are set up as standalone cameras, I have one that is running a lower firmware that seems to drop out and I have to restart it to get it to come back online. I'm just trying to get all of them on the same firmware.
                Reply

          2. krytos says:

            Can you explain exactly how you were able to revert back to original firmware? I have several Icam2 cameras with comcast firmware on them that I would like to revert back to the original firmware. I also have several Icam2 cameras that still have the original firmware.
            Reply

  24. Michael says:

    I have the RC8025-ADT Cameras. I reset them, and I am able to use iSpy with them, but only hardwired. Like many of you I am trying to get into it so I can change the configuration. I don't reckon anyone has leveraged these and made it work 1. I reset it 2. tried the IP directly (just got a 404) 3. tried the ip /adm (after much reviewing this site) and I actually did (twice) get prompted for the user name and password. I tried administrator with no password but didn't work. 4. I was going to try to reset and get it connected super fast in case it was autochanging, but ever since I reset it again.. the website never prompts me for a password (wondering if somehow my PC cached it , so going to reboot 5. I have a separate router, which I am setting up for my laptop and this camera so it has NO way to get to the internet to change anything, maybe that will work. The router will have DHCP enabled. I am super hopeful as I have 6 of these and 4 of the OC810 ADT cameras and am forgoing ADT (cost too much) for our local security + I want to self monitor these cameras with iSpy Reset made it work for iSpy.. but wireless is my next goal Thanks!!
    Reply

    1. Michael says:

      Woops I realized something and apologize. Clearly the reset did work and the username is Administrator and the password is blank. However the URL is invalid (I thought I was getting 401, it was a 404), and when I tried just admin.. I got a 401. So my bad However, I still do not know the admin UI URL, if someone does please. I will keep trying the ones from this thread 🙂 Cheers!
      Reply

    2. Michael says:

      I sincerely apologize for the spam When I do try to get into my camera with the IP this happens http://192.168.0.9/main.cgi?next_file=index_in.htm it redirects to this URL and then gives the 404 not found error. When I found a manual for this camera (at least a variation of the base camera), it says I should just use the http://IPAddress and I should get the admin screen. I wonder if ADT did something to them and is there some way to undo it so I can get into the Admin UI... Unless someone else knows the admin ui 🙂 Thanks! Last Spam!
      Reply

      1. Michael says:

        I am able to access some of the URL's that give direct feeds etc, due to the fact that... I guess ADT decided to use a similar firmware as they put in the OC810. The problem is still I cannot change the Wireless Settings 🙁 so the darn thing is only good wired. it is nice that I can do live streaming etc without needing even ISpy, however it would be lovely if I could configure the Wireless. Any thoughts? Cheers
        Reply

          1. Ryan says:

            I have RC8025B-ADT To reset this device I had to take it apart and jump the pins where the reset button should be because it was apparently removed in this version of the hardware. Once I did that, I was able to access the web interface and get a video stream. However, when I try to set the wlan_essid using the CGI API it says Error: Unable to set wireless LAN configuration. Setting other values seems to work as expected. Any ideas?
            Reply

  25. JOhn says:

    Has anyone had any luck connecting RC8221,OC821D OR RC8230 TO A REVO DVR? I am going to try making my own RJ12 toRj45 cable
    Reply

  27. says:

    For what it's worth, I acquired the EyeSpy RC8221 firmware upgrade file from a very helpful reader at this very blog, and looked into upgrading the Lowes Iris RC8221 using it. I couldn't make the normal web interface OR the recovery web interface accept the file in its normal state, I'm assuming it expects a header or checksum of some form to validate the file...HOWEVER - I was able to pull the flash IC again, and dump the EyeSpy RC8221 firmware onto it with an external programmer, and get it to boot properly. Didn't complain about internal checksums, either. Standard EyeSpy 247 WebUI works, default user/pass works, configuration and wireless setup work. All menus functional, haven't actively tested the triggering and recording, but stream configuration works 100%, and remote registration seems to also function. I fully believe this camera is now, effectively, fully operational. With a little more tinkering, I might even be able to get it to run scripts and software from its own MicroSD card slot, but that's distant-future territory... Contact me for details. I really need to set up a blog of my own, apparently..maybe I'll look into that. In the mean time, I've confirmed that the Iris models will run less locked-down firmware. If anyone is willing to let me BORROW (or keep) -any- other IP camera that's locked down -AND- has a non-locked-down version with accessible firmware, I'm willing to burn a few dozen hours messing around with those to unlock them as well, and send it/them back. I suspect the process for things like the OC821 will be very similar. Contact me and we'll negotiate something.
    Reply

    1. Paulo says:

      Hi Danin, I also have an Lowe's Iris camera that I'd like to flash it with the EyeSpy firmware. Can you please provide the steps that I need to take to accomplish this? For example, what software did you use to dump the firmware onto the camera? and also what do you mean by pulling the flash IC? Thanks for your help
      Reply

      1. says:

        Hey Paulo. The process is actually really simple, if you have the means to desolder the flash IC. I'll give the basic no-nonsense outline here, and if you have any questions, let me know. First step is unfortunately to desolder the flash IC, and connect it to your favorite SPI programmer. - If you don't have a favorite SPI programmer, or don't own any of them, what you want to pick up is a Bus Pirate v3.6 - sources include Amazon, SeeedStudio, Sparkfun, etc, for around $30. Keep in mind, the Bus Pirate is not the fastest way to do it, but whatever you buy, it needs to be supported by Flashrom. Also, I'd strongly recommend specifically the Bus Pirate v3.6 - older ones are limited in hardware and the new 'better' v4 isn't as well-supported, changes the pin ordering and quantity on the header, and most guides assume you have the more widespread v3.6 (or earlier) design. Second step is to connect the chip to the SPI programmer. - Myself, I pulled the chip off and soldered wires to the proper pins (use the datasheet from the chip to match wiring to your SPI flasher) in single-bit mode, which is all the Bus Pirate supports as of when I performed this hack. This means Clock, Data 0, Chip Select, ignore the other Data pins. You'll also need to tie a few of the lines (Write Enable and ...something else, I can't remember right now) to VCC or GND depending on which ones they are, to enable write mode and so forth. If you know about flash memory it's easy to figure out which pins. If not, well, frankly I've forgotten which IC it was, and exactly what pins go where, and my camera is not in a place that's easy to unmount and disassemble. If you can't figure it out, tell me what the chip's part number is, I'll pull the datasheet and provide a complete hookup guide. Sorry, but I go through so many random projects that I lose track of details like that, but I guarantee I can get you the right info if you get me the chip's part number. Third step is to dump the chip's contents using Flashrom into a backup file, so you don't completely lose the camera if something goes terribly wrong. Again, the info for using Flashrom is out there, specifically there are also some BusPirate guides to using Flashrom, but not with this chip. The changes are trivial. Fourth step is to write the chip's contents with the EyeSpy firmware, again using Flashrom. Fifth step is to reinstall the chip and enjoy, because you're now done. The camera's default settings/login/etc are available in the EyeSpy247 RC8221 manual, I found it with a simple Google search. Holy crap is this thing ever a lot more capable than I'd expected. Sorry for the lack of clear detail, it's been ages and I cycle through random projects in a matter of days. I never keep the details written down because usually nobody really cares how I did it, hah. Maybe I should start a little blogroll of my own.. As I said, if you need more info, definitely let me know. I'm more than willing to help. Just get me the chip's part number.
        Reply

        1. Paulo says:

          Thank you Danin for the detailed instructions. I'll give this a try soon.
          Reply

    1. Terence Eden says:

      You'll need to reset the camera first. However, I do not have one of those to test.
      Reply

    2. Eric Andersen says:

      Press the reset for 10 seconds or more and that will reset the UserId, pw, and all customization of the IP camera.
      Reply

  29. Rick says:

    Hi all: Great blog! I scavenged a camera from an estate sale and finally took the time to try and make operational. Thanks to this blog I was able to piece together most of the setup info. The Camera is marked as a ISEE-VCWLG. I found that it is a SERCOMM camera through the FCC ID P27YL500. I was finally able to gain access to the Admin software via the IP Addy appended with /adm/file.cgi. I'm at the point where I have everything working via the NIC cable connection but cannot figure out how to get the wireless to work. In the Network section of the Admin panel I see the correct address of the Primary DNS server (Asus RT-N56U). In the Wireless section i have the following: WSC PIN Code:-----(Pin code for the Camera is here) Network Type:-------Infrastructure (other option is Ad Hoc) SSID:------------------ID for my Home Network Domain:--------------USA Channel No:---------Auto Security System:----WPA/WPA2 Personal (as per my Asus setup) Shared Key:----------("Password" to log into the Asus based network is here) With this info saved I disconnect the power from the camera, unplug the NIC cable and reconnect power. This is per the manual from the FCC site. Power must be disconnected in order to disconnect from hard wire connection. FWIU, reconnecting puts it into wireless mode. However, all I get is the blinking power LED and nothing on the Network LED. I'm stumped at this point as I can't get the wireless connection to initiate. Can anyone shed some light on my situation? Many thanks in advance.
    Reply

    1. Rick says:

      As a quick follow-up. I looked at the log and it indeed shows that it tried to connect to the (or a) server and was unsuccefull. Hopefully someone can assist. BUT, I also see that the camera went out to an alarm company and appears to have renewed a lease. I find nothing in the admin panel that references any of this. Is it hard coded into the firmware or is there any way to access and change or block? (Perhaps the log saves info regardless of a factory reset or this occurred before I did a factory reset..??? not sure) Thanks again to Terrence and others! From log: 09/22/2015 07:01:01 DDNS: Failed to connect to DDNS server. 09/22/2015 06:01:01 DDNS: Failed to connect to DDNS server. 09/22/2015 05:01:01 DDNS: Failed to connect to DDNS server. 09/22/2015 04:01:01 DDNS: Failed to connect to DDNS server. 09/22/2015 03:03:01 NTP: Synchronization OK. 09/22/2015 03:02:54 DDNS: Failed to connect to DDNS server. 09/22/2015 03:02:54 HeartBeat: Connect to CMS server (cms1.AlarmCompanyName.com:8060) successfully. 09/22/2015 03:02:51 DHCP: Lease renewal successfully. 09/22/2015 03:02:43 Network: Lan activated.
      Reply

      1. Rick says:

        Update: I couldn't get the camera (Sercomm RC8221) to connect wirelessly to my Asus router. So, I decided to piggy back the Alarm company router (Sercomm IP1006RR N-router) to the Asus and see what would happen. Sure enough the Sercomm router and camera connected within seconds. I went to the Camera live image page and was able to view wirelessly. I'm guessing the camera's connection settings are hard coded into the firmware as the network info I recorded in the camera's Network / Wireless page seemed to do nothing. Attempting another angle, I found the user manual (via FCC id) and attempted to access router management through it's IP addy and the factory default ID / password. No luck. When connected to my PC there's no IP address to found for the router....at all. This leads me to believe it's set up as an access point. When I connect the Sercomm router to the Asus router, the Asus dynamically assigns an IP address to the Sercomm but I still can't gain access. I just get page can't be loaded...as if it's a bad address. I'm tempted to bring the Sercomm router back to factory settings but fear I may lose all settings needed to connect to the camera. Then I'm have nothing to work with. BTW, I use an App which seems to work very nicely called TinyCam. The free version is pretty much enabled. For $3.99 you get the Pro version and no ads. Feedback is welcome.
        Reply

  30. Pascal says:

    Thanks for this huge work as I can now kick the setup of my web provider ! In my firmware version I have no access to the email panel in the administration menu.... By launching an url command, I can see that the email settings are available ! So I just need the html address of the email setup page : can anybody give me this address ? http://xxxx/adm/email.htm ? Or something like that... Thanks, Pascal, fromage Bordeaux, France
    Reply

  31. Pascal says:

    Thanks for this huge work ! On my RC 8110 cam, the email panel is not available from the administration menu, due to my web provider firmware version I suppose. By triggering an url request, I found that the email parameters exist. So can anybody give me the url address of the meal setup page ? (something like http://Xxxx/adm/email.htm..) Thanks Pascal from Bordeaux, France
    Reply

    1. says:

      To start off with I have to cams ( iCamera-1000-ADT Camera and OC810-ADT Outdoor/Night Camera) This blog has helped a lot in helping me figure out a lot. I found that I can connect to my wireless via WPS set up for my cams without the need for getting into the setting. Your question: I use the CGI to configure the settings for this to parameters are GET ( view) and SET ( Change), so for instance /adm/get_group.cgi?group=EMAIL ( will display all the settings for email) /set_group.cgi?group=EMAIL&smtp_enable=1 (will change the settings for the parameter smpt_enable to 1) With the iCamera-1000-ADT Camera, I am having zero luck getting past the admin password , any help will be appreciated. Thanks!
      Reply

  32. Nathan says:

    Terence- To answer "03. How do I arm the cameras via the API?" Try /adm/set_group.cgi?group=EVENT&event_trigger=1 to enable the event trigger and 0 to disable. I'm thinking about writing a script to periodically ping my phone and if no response enable the trigger. Xundre- to login to the iCamera-1000 the username is administrator with no password.
    Reply

    1. says:

      I don't think the Sercomm RC8221 firmware is available, best I've come up with (due to the help of other people on here) is the EyeSpy 247 breed of firmware, which is linked above. If that works for you, but the link above doesn't work any longer, I can give another.
      Reply

      1. Jim B says:

        Danin, I am a huge fan of your hardware solution. That was an ingenious approach! And your extraction of the alertme credentials has been invaluable. Do you still have that eyespy247 image? There is an old sercomm fw tool that worked with the 8021. I am curious if it will work with the eyespy image on an 8221. Also if you are still interested, I can provide some firmware images (both flash dumped and web upgrades, including the latest Iris 1.0.0.6 upgrade for 8221).
        Reply

        1. Danin says:

          Jim - sorry for the delayed reply here, I kind of lost track of the thread for a while. I'm curious what this tool is, but having more information and more sources to work with could never be a bad thing. Get in touch with me if you wish to collaborate further.
          Reply

  34. JM says:

    I scavenged a IP camera RC8021. I think it was Xanboo. Many of above works and I want to contribute some findings of my own. This is basicly listing, so it will be long 🙁 Hope that this is some use. I have not tried to set any of these values yet. These are basic stuff, so probably others have also discovered them. URL:http:///adm/get_group.cgi?group=WIRELESS [WIRELESS] wlan_type=0 wlan_essid=XanHoc wlan_channel=11 wlan_domain=12 wlan_security=0 wep_authtype=1 wep_mode=1 wep_index=1 wep_ascii= wep_kep1= wep_kep2= wep_kep3= wep_kep4= wpa_ascii= wmm=0 http:///adm/get_group.cgi?group=HTTP http:///adm/get_group.cgi?group=VIDEO http:///adm/get_group.cgi?group=SYSTEM http:///adm/get_group.cgi?group=USER http:///adm/get_group.cgi?group=FTP http:///adm/get_group.cgi?group=LOG http:///adm/get_group.cgi?group=NETWORK http:///adm/get_group.cgi?group=MOTION http:///adm/get_group.cgi?group=AUDIO http:///adm/get_group.cgi?group=IO Mine is so called "wiped out". So there is no web pages to set up the camera. All there is are the links for video and snapshot. And of course http cgi.
    Reply

    1. techology says:

      Were you able to setup your camera with these commands? I am trying to setup my camera with this shitty way because the dang UI is gone. But i am not 100% how to do it /adm/get_group.cgi?group=WIRELESS how do i set my SSID and WPA (WPA-PSK/WPA2-PSK) settings? I did /adm/site_survey.cgi and see the wifi network i need but how do i make it possible?
      Reply

  36. says:

    Hi I'm hoping someone could help me. I really don't know much past the basic stuff with computers. I've googled but this blog is the only this that's been somewhat close to what I'm looking for. For the last 2 months on my network I've been seeing a camera (RC8026). It comes and seems to leave about a minute after I notice it. Does anyone know what this is? I'm starting to wonder if my boyfriend has a WiFi cam on me and watching from his home or phone. Please help. Thank u
    Reply

    1. Terence Eden says:

      Hi Shalin, That sounds like an odd situation. If you have an open WiFi network, it could be a random camera connecting. I suggest that you change your WiFi's password and don't tell anyone what the new one is. If you have a mobile phone, download a camera scanning app - it should let you view the camera's feed so you can see where it is. I use https://play.google.com/store/apps/details?id=com.alexvas.dvr Good luck!
      Reply

  37. Sam says:

    Terence and others: If you are interested in examining the firmware in greater detailed, please take a look at the squashfs dump from my Sercomm/Sensormatic/ADT iCamera1000. This was binwalk'd from the complete flash dump as generated by executing /adm/flash_dumper.cgi. The www files are located in /usr/local/www. Of particular interest are file.cgi and ez.cgi - ARM ELFs that provide much of the functionality accessible through the web API. Most CGIs simply link to those two files. File: http://www.filedropper.com/icamera1000squashfs_1 I'm currently looking for some insights into how Sercomm builds their firmware update packages.
    Reply

    1. Sam says:

      A few things: Aside from the obvious flash_dumper.cgi functionality, you can also use next_file to request any binary such as the cgi files themselves. Who knows why this functionality was shipped with production cameras... You can make some todo requests to file.cgi. The interesting one is /adm/file.cgi?todo=inject_telnetd. Unfortunately, I don't know the root password yet. It looks like it might be setup on boot from rc.sethost as a concatenation of three strings, but it's hard to tell without a proper disassembly. If anyone knows the Linux root password for these devices, please let me know.
      Reply

      1. Jim B says:

        Sam, I would love to see your squashfs dump. Unfortunately your link seems to have expired. Any chance you could upload that again? Also I might be able to provide some assistance on the Sercomm firmware update packages. First take a look at the firmware mod kit: https://github.com/mirror/firmware-mod-kit https://code.google.com/archive/p/firmware-mod-kit/ And these two decompiled Sercomm tutorials, both using the FMK: https://dl.packetstormsecurity.net/papers/general/reverse_engineering_ip_camera_firmware.pdf http://www.devttys0.com/2011/05/reverse-engineering-firmware-linksys-wag120n/ I also have a few flash_dumper images for the iCamera1000 and iCamera2, as well as update packages from Comcast and Cox. I am currently working on tracking down packages for the RC8021 and RC8026. Let me know if you are interested.
        Reply

        1. Edd M. says:

          I.am interested in the firmware packages that you have for the Cox iCamera2 cameras. Would i be able to get these from you? Thanks, Edd
          Reply

          1. Jim B says:

            Edd, sorry for the delay. I was trying to reach you on that youtube channel but ran into too many moderation delays. Even tried activating private messaging, but youtube has a bizarre system that requires a new 'brand' account to send PMs. I found out the hard way it deletes all old messages when you merge a brand and personal account. Very strange... Send me an email at paradoxicalloop (at) gmail (dot) com
            Reply

        2. Tim says:

          I have a couple hundred Schlage WCE100 that are great cheap cams. Xan/8021 Sercom. I have the firmware update utility and the NorthQ firmware to make them generic. However using them with the Nexia/Schlage system things have now changed. The Nexia people have updated their system to not update their own cameras with the original firmware. Instead they require you to send it to them for $39.99 and they will do it for you. I have many cameras that need to have the firmware updated off the factory default so they will update to the most recent firmware automatically. Nexia has a ton of theese cameras on their sys and supports them as long as they at some time had the firmware updated off the default Ver 1.0.03R01. The current Ver is 1.0.20. The reason I bought this qty of cameras is that I knew they would always be supported as long as the supported the other 300,000. Because of the proprietary firmware. I have experimented with may cams and find that as long as the firmware was updated off the default some time in the past the system will update to the most recent no problem. If I could extract the new version from any of the working ones I could update the firmware myself (i believe) . I have hooked up to the a usb and watched the linux boot on a old and new version but have no understanding. They just did this and caught me off balance here. Did you make any progress on dumping the flash from the 8021? Best Regards, Tim
          Reply

      2. Dennis Vitali says:

        Was reading function: generate_pass_from_mac in file https , Did you ever get root password for these type cameras from Sercomm.?
        Reply

          1. Dennis Vitali says:

            Ya, stumbled across that same link tonight, joy joy joy. Dennid
            Reply

  38. says:

    Alright, I've had an influx of requests because Lowes pushed a firmware update that seems to be inhibiting people's use of their hardware. You're not renting this junk from Lowes, you own it, even if they neutered it first. I wanted to keep this private, because to my knowledge this is not "in the wild" but Lowes is pushing my hand. Login details; Isername: alertme Password: nFQTEm*s67uxuF**a2vAth7RoJ (I'll repost in a different manner if the blog eats it somehow.) I've got reports that this works for Lowes Iris branded RC8221 and OC821 cameras. They're yours. Use them like you want. I realize someone is probably going to use this for dark purposes, but it wouldn't be necessary if Lowes hadn't locked you all out of your own hardware. They lit the fire, they can deal with the aftermath. You're welcome, Internets.
    Reply

    1. Dan Wil says:

      No joy on any of my 14 bricks. Is there something I should change the ** in the password to?
      Reply

        1. Dan Wil says:

          Yes, they are Lowe's (spit) models. Both the indoor and outdoor. I have the indoor handy it is model RC8221.
          Reply

          1. Jeremy says:

            Maybe I can help a bit. I use the same cameras and went on this mission to find answers after the Iris generation 2 hub made my cameras unusable with my iSpy server. Once I used Lowes' "migration utility" to move my cameras from the Generation 1 hub to the Generation 2 hub, my iSpy server could not connect to the cameras at all. Any connection attempt using RTSP or HTTP (using VLC Media player, which works great for testing video streams) resulted in a username and password prompt. Long before I stumbled across this forum, and eventually got credentials from Danin Fuchs, I tried hard resetting the camera in an attempt to make it work the way it used to. I was eventually able to get the cameras to where I could connect to the RTSP and HTTP feeds using VLC and iSpy, but the rest of the cameras configuration was gone. The Iris hub would no longer pair the cameras and because of this, I was no longer able to configure the wireless. The cameras did however work fine as long as they are hard wired. To reset the camera's (I did this on both the indoor and the outdoor cameras), first, for safety purposes, unplug the Iris hub from your network (assuming that it's still plugged in), make sure there is a wired network cable plugged in to the camera and use a pin or paperclip to push the reset button on the back of the camera and hold it for 30 seconds. Once you let go, the camera will reset, wait about 1 minute for it to finish its startup cycle (you should be able to the hear the IR cut filter click and see the IR lights come on if you are in a dim-ish room). After it's done starting up, pull the power cord and wait for a few seconds then plug it back in. Wait for the startup cycle to finish again. By default, the camera should get an IP address via DHCP handed out by your router or whatever is handing out IPs on your network. Now the video streams should be accessible using VLC or iSpy without asking for the username and password and the credentials supplied by Danin Fuchs should work for sending API calls to the camera's. NOTE: I did have to go through the reset process a couple of times on one of the cameras before I got it to work. I even called Iris support a couple of times to see if I could get anything useful out of them. Of course, they were next to useless. The only thing I was able to get out to of them is that since the cameras were not able to pair to the generation 2 hub (which seems to be a common problem, "once they are paired with a Gen 2 hub and you remove the pairing, they will not re-pair with the hub"), Iris support emailed me a letter to take to a Lowes store where they would replace my Iris cameras with new ones (great idea since my cameras are over two years old). After I got that information I got the credentials that Danin Fuchs supplied above and figured out that after a few hard resets of the cameras, as long as the Gen 2 Iris hub has not tried to pair to the cameras, then the cameras firmware is in a state where the above credentials will work allowing you to adjust the camera's configuration using the API commands listed here: https://github.com/edent/Sercomm-API But, as most people messing with this have realized, these cameras have been crippled quite a bit, and without going through the process that Danin Fuchs used, it's going to be a little hard to do much of anything aside from just basic "turning settings on and off". I haven't had a lot of time to test, but I am working on setting up the wireless using the API commands, I can't seem to pass the commands to the camera in a way that they will accept the input to connect them to my wireless, I assume that all of the commands need to be sent in a string of some sort for it to accept them but without the web interface on the camera, or a working web interface to play with, I'm not sure I will be able to figure it out any time soon. But I'm going to keep trying. Hopefully this information will be useful to someone else.
            Reply

            1. Eric Andersen says:

              Can you go into the detail of using RTSP and HTTP feeds using VLC? I have a "virgin" 8221 cam and I would like to use VLC with it. my cam has fixed address on my network and I use port forwarding to find it.. When I use HTTP, as "aaa.bbb.ccc.ddd:pppp" where aaa.bbb.ccc.ddd is the IP and pppp is the port, I get the the menu view or configure the cam. How can I configure that to use RTSP? Thanks! Eric
              Reply

              1. Jeremy says:

                Once you open VLC Media player, Click Media in the menu at the top, then click "Open Network Stream..." VLC will open a box that asks for the network stream URL. For both the RC8221 (indoor) and the OC821D (Outdoor), I use rtsp://IPADDRESS:554/img/media.sav?channel=2 There is quite a bit of information in the threads above about the different streams that are available, as well as the commands to modify the settings of the streams.
                Reply

            2. Dan Wil says:

              Thanks, key thing I was missing there. I was thinking the password would work while the camera was paired with the IRIS hub. That is the holy grail to get all access back. Have you tried to use WPS to get the wireless settings automatically?
              Reply

              1. Jeremy says:

                No, actually, after typing that reply, I played around with the camera a little more, turns out I was just issuing the command using the wrong group name. after I realized that, I was able to get the wireless set up without issue. Now it works great. I'm considering writing a small .HTM file that has all the documented API calls that you can set and apply using radio buttons and dropdown boxes with submit buttons for all the settings. Not sure when I'll really have time to do it, but it's fairly high on my to do list.
                Reply

                1. techology says:

                  I have icamera2 (which im guessing are somewhat the say because most of these commands work) and i bought a few more and realize the new FW update is also blocking me out of the UI setup. I was wondering if anyone has figured out a way to "downgrade" or flash the fw back down to older FW. This would seem to be the easiest way to re-enable the UI... New Firmware Version: V3.0.02.35 Current Firmware Version: V3.0.01.29
                  Reply

                  1. Tom says:

                    I seem to be having the same issue. I have 3 icamera2's .. they where all working fine for over a year, but now when i try to login to them they are no longer taking my login/password or the default one. Could they have updated on their own to the new firmware? This is not good
                    Reply

                    1. techology says:

                      I had to connect them to the router via WPS, which sucked because when something rebooted the IP's changed. So i had to go into the router and set the static IP via Mac address. I own 9 of these icamera2's and 4 of them i got a few years back from comcast itself. But the most current ones i got from eBay and they already had the updated FW which sucks because i still cannot get into the camera's to change any setttings. I literally did a factory reset on them and connected to router via WPS and thats it.....its kind of upsetting....
                      Reply

                    2. says:

                      Thanks.. But are you still able to get into the admin console of your older icamera 2's? Or is it just the new ones you bought. My icamera 2's are a couple of years old. I set them up with static ips a while back so I never knew that anything changed on them.. My blue iris software never had an issue connecting. I just got a wifi extender and wanted to point one of the cameras to it and that's when I found out that the admin console was no longer accepting my login. But how in the world did they get updated on their own like this? I can get to the main page where you view video but when I click on the admin page link I get login prompt and I can't login anymore with my old credentials. We're your older icamera2's also locked out of admin page? Or just your newer ones?
                      Reply

                  2. says:

                    Did you ever figure out how to get into the iCAMER2 ui AGAIN? i AM HAVING THE SAME PROBLEM.. I had 3 icamera2's working fine for over a year with Blue Iris software.. now all of a sudden i cannot log into them anymore. they still work wireless, but I wanted to change the access point on them but cannot anymore. How did they auto update like this? Seems my settings are still in place but the it no longer takes my login details for setting configuration.. man i am really pissed off.
                    Reply

                    1. techology says:

                      I had to connect them to the router via WPS, which sucked because when something rebooted the IP's changed. So i had to go into the router and set the static IP via Mac address. I own 9 of these icamera2's and 4 of them i got a few years back from comcast itself. But the most current ones i got from eBay and they already had the updated FW which sucks because i still cannot get into the camera's to change any setttings. I literally did a factory reset on them and connected to router via WPS and thats it.....its kind of upsetting....
                      Reply

    2. vic says:

      hi! have you any version firmware for rc8221 with adm access? if you have it, plz send it vic_1980 at bk.ru
      Reply

  39. Susan Macaulay says:

    I must have three unhappy iCamera 1000s (formerly on my Comcast system, which I recently ditched), because I've reset all three of them, and they will not happily talk to my wired network at all. If I attach them directly to my desktop or laptop (via Ethernet), I can see the MAC addresses of each one. When I Ethernet any of the cameras to my route (D-link AC3200), the router never sees it, i.e., it never shows up in the list of connected devices, which is where I need to start to get the IP Address. any suggestions would be greatly appreciated.
    Reply

  40. Pete says:

    When I attempt to change the resolution I get the error message "Invalid resolution"
    Reply

    1. Terence Eden says:

      Not every camera supports the higher resolutions. It will depend on the sensor and the firmware. Sorry.
      Reply

      1. Peter says:

        I have the rc8221d camera and I believe I'm on the 1.0 firmware. Is there somewhere I can download different firmware to enable it?
        Reply

  41. Adam Steidl says:

    I did not read through all the comments, but after fiddling for a few hours, it dawned on me: WPS! Wifi Protected Setup. Worked on RC8025B-ADT. Using iSpy to view. Thanks for helping with all the other things, Terence!
    Reply

    1. Adam Steidl says:

      The OC810-ADT's can use WPS, too. Instead of resetting to default, or in addition to it, anyway, click that button inside the hole next to the power input for only a second or two, to make it connect via WPS. Works beautifully.
      Reply

      1. yc says:

        hello, once you connect it using wps, how are you accessing the feed? by ip? is there a username and password?
        Reply

  42. Dan Wil says:

    I bought an old ATT version (xanboo) of the RC8221 off ebay. I enabled the mic, speakers and MJPEG using the API instruction I found here and in the manuals. Using IP CAM VIEWER PRO for iPhone and am able to send audio to the camera. It is somewhat garbled but it is intelligible and there is no cutout at one second.
    Reply

  43. Dan Wil says:

    OH and BTW the same procedure did not work on the Lowe's version of the camera.
    Reply

  44. Dan Wil says:

    Oh and BTW this same procedure does not work on the Lowe's version of the camera.
    Reply

  45. jdillinger says:

    OC810 - log in info for camera administration is: Username: administrator PW field: leave blank I connected the oc810 via wps. Then tried the above and it worked. So no need to reset 🙂
    Reply

  46. Jim B says:

    If anyone is interested, I have a factory firmware dump for an iCamera2 with a functional GUI. I used flash_dumper.cgi which yielded a 132mb file called fw.bin (fw_ver=V3.0.01.29). Unfortunately it appears to be a raw image and I have yet to figure out how to flash it onto another camera. Even attempting to upload it to the same camera results in "Error: Unable to read upgrade file."
    Reply

    1. Edd M says:

      Hello Jim. I was wondering if you can help me out with the firmware upload i am trying to do to the iCamera2- C. I have gotten to the point that you have described above. I was able to save the 132mb file onto my computer and then when using the camera's web GUI i get the same error that you were receiving."Error: Unable to read upgrade file." Is there something that needs to be done to the 132mb file in order to use the web GUI to upload the firmware to the camera? Also, Do you know if its possible to convert a iCamera2-C into a iCamera2 by replacing the current firmware? I believe the cameras will work with my Cox security system if i can get the firmware to be V3.0.01.34 instead of V3.0.02.38 which it currently is. Thanks for any help you can provide. Edd
      Reply

  47. Jim B says:

    All, here is the command to activate the administration menu on vendor modified firmwares such as Comcast Xfinity, Cox Homelife and ADT Pulse. /adm/enable_ui.cgi Response: OK Tested on iCamera2 using multiple vendor firmware versions. Although I suspect it will work with most Sercomm models. Credit to Prayas Kulshrestha who used the firmware mod kit on an old RC8061 image. I noticed a screenshot on page 6 of his guide that included this file in adm directory, along with some other untested commands: https://dl.packetstormsecurity.net/papers/general/reverse_engineering_ip_camera_firmware.pdf @Terence, I would especially like to thank you for all of your efforts with this blog and github API list! I added this as an 'issue' to your repo. It was my first git contribution, so I apologize if the format is off. The commit process was a bit daunting for a first time user.
    Reply

    1. Dan Wil says:

      NIce find Jim B. I was excited to see this. Unfortunately not working with the LOWES/Sercomm cameras.
      Reply

      1. Jim B says:

        Very interesting. What model number(s) and firmware versions did you test it on? And are you still provisioning them with the IRIS hub? For the FW version you should be able to use /adm/sysinfo.cgi or util/query.cgi?extension=yes. For clarification, you have admin access to these cameras and can execute api calls from /adm/ ?
        Reply

        1. DanWil says:

          The command works and I get the OK back. There is just no web page there. Cameras are the RC8222. The are not on IRIS and I have admin password. I don't remember the firmware.
          Reply

          1. Jim B says:

            So the command was accepted? That's actually more interesting than if it didn't respond at all. There are a few additional steps that IRIS could have used to obfuscate the menu with basic settings, such as limiting access to httpS, changing to a non-standard port, or multiple users with limited access. First off, you mention RC8222 but I couldn't find any reference to that model number. Did you mean to say RC8221? If you feel like pursuing this further, please run the following commands and post the results: /util/query.cgi?extension=yes /adm/sysinfo.cgi /adm/get_group.cgi?group=HTTP /adm/get_group.cgi?group=USER
            Reply

            1. Dan Wil says:

              Here are the responses: hostname=RC8221927BBF description= defname=SC927BBF h264_resolution=1280 h264_resolution2=1280 mic_in=on speaker_out=off ptctrl=off wlled=off irled=on serial=off resolutions=1280x720,640*480,320*240,160*120 mac=00:0e:8f:92:7b:bf privacy_button=on pir_sensor=on wps_pin_code=95999357 ioctrl=on company_name=Lowe's model_number=RC8221 wireless=on sw_pppoe=yes fw_ver=V1.0.06R00 ip_addr=192.168.1.30 netmask=255.255.255.0 gateway=192.168.1.1 timezone=4 current_time=11/03/2016 18:37:57 http_port=80 rtsp_port=554 https_port=443 Firmware Version: V1.0.06 Serial Number: Uptime: 662243 http_mode=1 http_port2=0 http_port2_num=1024 https_mode=1 ssport_enable=0 ssport_number=1025 [USER] login_check=0 admin_timeout=5 admin_name=c37977 admin_password= user1= user2= user3= user4= user5= user6= user7= user8= user9= user10= user11= user12= user13= user14= user15= user16= user17= user18= user19= user20= audio_in_ctrl=0 audio_out_ctrl=0 pt_ctrl=0 io_ctrl=0 adm_ctrl=0
              Reply

            2. vic says:

              Hi I'm have only one answer (for the /util/query.cgi?extension=yes): hostname=RC8221769549 description= defname=SC769549 resolution=640 h264_resolution=640 mic_in=on speaker_out=off ptctrl=off wlled=off irled=on serial=off resolutions=1280*960,640*360,320*180,160*90 mac=00:0e:8f:76:95:49 privacy_button=on pir_sensor=on wps_pin_code=77714657 ioctrl=on company_name=Elisa model_number=RC8221 wireless=on fw_ver=V1.0.05R00 ip_addr=192.182.174.248 netmask=255.255.0.0 gateway=192.182.0.1 timezone=26 current_time=02/22/2016 06:55:30 http_port=80 rtsp_port=554 Another three (/adm/sysinfo.cgi; /adm/get_group.cgi?group=HTTP; /adm/get_group.cgi?group=USER) need authorization.
              Reply

              1. jaanus rebase says:

                Hi I have same problem with Elisa RC8221. You have any version firmware for rc8221?
                Reply

    2. says:

      Crazy, I have been ," Hacking Around With Network Cameras" since i came across a couple of Sercomm cameras , and I became quite proficient with the GUI, but then this! A simple line of code enables the Admin. This is sweet!
      Reply

    3. techology says:

      HELL YES!, I have tried this on 3 of my camera's that didnt have the UI and it worked great. They are iCamera2-C i noticed when i logged into adm screen. iCamera2-C F/W version: V3.0.02.35
      Reply

    4. says:

      This is great.. thanks Jim! and Terrance! One thing I did notice is that its not permanent. I have to enable every time if powered off and on. not a big deal though.
      Reply

      1. Jim B says:

        Good catch Johnny! I hadn't thought of rebooting the cameras. I just tested it on an iCamera1000 and iCamera2 and sure enough, it resets each power cycle.
        Reply

        1. says:

          I actually send curl reboot commands to my cameras once a day as a precautionary maintenance measue, so I just added the enable admin command to the job so I don't ever have to worry about enabling admin again. Works great. But more I think about it I think I may like the fact that admin is disabled now by default. It does provide another layer of security. Thanks again !
          Reply

  48. says:

    Has anybody messed around with this file I noticed http_trigger.cgi? My assumption is that it is what I'd need to post to from an external source(like when a front door opens and I want to trigger video capture, but not based on motion). The only issue is, I don't have the tools to reverse engineer this cgi script and I no longer have the security system to packet sniff for calls to it(like I think was happening) in order to figure out what parameters it needs to test my hypothesis. Thanks
    Reply

    1. says:

      Answered my own question; http_trigger.cgi is fairly simple, it just needs an Authorization header Authorization: Basic Then call it via GET If it takes other parameters though, I don't know, but whenever I pass parameters to it, it says they are invalid and returns a 503 status.
      Reply

  49. krytos says:

    Wondering if anyone could help me out with my firmware issue. I have more than a few icam2's with comcast firmware on them that I would like to flash back to original oem firmware. I do have a few icam2's that still have the oem software on them to extract. Just need to know exactly how to do it.
    Reply

    1. Edd M says:

      Have you been able to get your firmware issue resolved with the iCamera2's? I had the same issue last month with 5 of these cameras and was able to change the firmware version to V3.0.01.34 instead of V3.0.02.38 which they was when they were Comcast Cameras. I did this by using the web GUI and installing the firmware version that I needed. The hard part was finding the right firmware version file. One of the guys on here was nice enough to share it with me.
      Reply

      1. krytos says:

        My cameras (iCamera2) that have are new in the box have V3.0.01.29 on them. The ones that were removed from xfinity home systems have V3.0.02.39. I cannot find firmware anywhere to download. Do you still have the firmware file and would you be willing to share it with me?
        Reply

        1. Edd M says:

          Krytos, I have a few different files you can try. One of the members of this forum was kind enough to share them with me. Send me an email. edinaz1 (at) cox (dot) net
          Reply

          1. krytos says:

            Firmware worked great. I tried all 3 files and V3.0.01.24 was the one that worked the best. I am not able to see any difference between V3.0.01.24 and V3.0.01.29. Thanks again.
            Reply

  50. krytos says:

    iCamera1000 Firmware Files http://edge.xfinity-home.top.comcast.net/firmware/DYW9HZ-105-1002R08.bin http://edge.xfinity-home.top.comcast.net/firmware/DYW9HZ-308-1002R17.bin http://edge.xfinity-home.top.comcast.net/firmware/DYW9HZ-308-1002R19.bin http://edge.xfinity-home.top.comcast.net/firmware/DYW9HZ-308-1002R22.bin iCamera2 Firmware Files http://edge.xfinity-home.top.comcast.net/firmware/DAXNHZ-104-300114.bin http://edge.xfinity-home.top.comcast.net/firmware/DAXNHZ-105-300124.bin http://edge.xfinity-home.top.comcast.net/firmware/DAXNHZ-105-300126.bin http://edge.xfinity-home.top.comcast.net/firmware/DAXNHZ-106-300128.bin http://edge.xfinity-home.top.comcast.net/firmware/DAXNHZ-106-300129.bin http://edge.xfinity-home.top.comcast.net/firmware/DAXNHZ-108-300132.bin http://edge.xfinity-home.top.comcast.net/firmware/DAXNHZ-110-300229.bin http://edge.xfinity-home.top.comcast.net/firmware/DAXNHZ-110-300230.bin http://edge.xfinity-home.top.comcast.net/firmware/DAXNHZ-111-300235.bin http://edge.xfinity-home.top.comcast.net/firmware/DAXNHZ-111-300238.bin http://edge.xfinity-home.top.comcast.net/firmware/DAXNHZ-111-300239.bin
    Reply

    1. Edgar242 says:

      Is there any newer available firmware for download? My Icamera 1000 was reporting firmware version 3.0.1(something)... and I installed DYW9HZ-308-1002R22.bin downgrading the firmware to 1.0.02R22. I wonder if there is any major difference or benefit from downgrading or going back to Firmware v. 3.0.1
      Reply

  51. krytos says:

    You can actually just tell the camera to install whatever firmware you want. Just use the API command below and substitute the firmware version you want to install. /adm/auto_upgrade.cgi?new_fw_url=http://edge.xfinity-home.top.comcast.net/firmware/DAXNHZ-106-300129.bin
    Reply

  52. Laoshi1 says:

    Hi all, I'm looking for to upgrade my rc8061 and rc8221 with firmware eyespy247 to use UI interface. But i didn't find bin's file to donwload anywhere... Is it possible to have a link ? Or if somebody can send me it to: laoshi1@hotmail.fr Thank you for your help.
    Reply

  53. Bmac says:

    I currently have system setup using iCamera2, iSpy Software and a PC server system. My network has a wireless GIG Router and a 48 Port Gig switch. Some of the cameras are setup wireless and some are wired with CAT6 cable to my switch. I would like to replace the PC server with a DVR recorder of some sort. Does anyone know of a DVR recorder that could be compatible or used with these cameras? or a setup I can mimic. Thanks in advance.
    Reply

  54. Ian Philp says:

    Hi,another sercomm product NV412A an encoder for analog to IP cameras on ADT pulse system,has anyone had only luck getting into them.Would be very useful with my cameras at home any info gratefully received,I have reset them but can only get one page of info called Index...toplightnz@gmail.com.Thanks
    Reply

  55. says:

    Hi guys, I have found that the new XCAM cameras seem to have faulty Wireless modules. Camera would work wired but not wireless and when clicking on the "Site Survey" section in the wireless settings the spinning graphic just keeps spinning and never comes back. I just bought a new xcam off ebay an this one is doing the same thing even... unless comcast figured out some way to disable the wireless modules if not going through their gateway somehow.. i doubt it but you never know i guess. Has anyone else been seeing this issue? thanks
    Reply

    1. Jim B says:

      The xcam is almost identical to the icamera2, with the exception of the wifi module being placed in the power supply adapter. The intent is to get better wifi reception by moving it inside the home and closer to the router. That also means you have to use the original power supply vs an aftermarket POE adapter if you want to retain wifi service. The next thing that comes to mind is all of the icameras models disable wifi as soon as you plug in a hardwired ethernet source. That is why the icameras provide 2 POE dongle adapters. One is used for the initial hardwired provisioning of the camera and the 2nd dongle is used to provide power to the camera but no ethernet connection, thus allowing the wifi module to activate. Did you setup the wifi login info on the xcam first and then disconnect the provisioning dongle and plug the Cat5 directly between the xcam and its power supply?
      Reply

  56. Johnny Cakes says:

    i havent been able to figure this one out.. i have a few Icameras, and icamera2's and XCAMs that are failing to switch to night mode anymore. I see you can use cgi to manually switch the Manual day/night setting but it doesn't actually turn off/on the IR filter, it just enables the ability to manually switch between day/night in the "View Video" admin page. Has anyone figured out how to send a cgi command to switch the sercom cameras into night mode?
    Reply

    1. Scott says:

      Any update to this? Im kindve running into the same situation - my icamera2's are working fine but i received an XCAM that i can toggle the IR in the UI but it doesnt do anything and i dont know the command. I found this FCC manual regarding a different camera but the same basic sercomm icontrol UI. it has the admin commands but im unable to find the correct command to trigger the IR: https://fccid.io/pdf.php?id=1418906 As a side not when i query the IR cut i get a filter=0 but on my icam2's i get filter=1 (http://...(IP)/io/query_filter.cgi)
      Reply

  57. Oscar says:

    I inherited (when I purchased a home) 4 Honeywell ipcam-wo cameras that appears identical to the OC821D. However, the user name password combination to get into the camera is not working, does anyone have a clue what the user name password combo might be for an ipcam-wo. Seems like Honeywell likes to force people who have their cameras to enroll in their service. I called Honeywell direct on this and they said that I needed to have the service to have full access of my cameras (which I own). I'm able to use Ispy connect software to see all 4 cameras, but am having a hard time opening ports on these for cloud recording when my PC is turned off. Figured I probably need to gain access to the camera interface and do that from there.
    Reply

    1. James B says:

      Have you reset the cameras and then tried "administrator" for the username with a blank password? I believe you hold the reset button down for 10 to 20 seconds to reset to factory defaults.
      Reply

      2. Oscar says:

        I'm using a Honeywell wireless access point on these btw. Not sure if that changes things. Would it make a difference if the cameras were hard wired into my network?
        Reply

        1. says:

          Connect the lan cable and power cycle the camera, try also administrator:pass@192.168.N.N/img/video.mjpeg I have yet to be successful gaining access to the file system.
          Reply

  58. says:

    on the icameras, is there a way to turn off the wireless radio?
    I have one plugged into a powerline adapter but it still using the wireless radio.
    thanks
    Reply

    1. Jim B says:

      Brian if I recall correctly from your YouTube replies, you're using icamera 2 and xcams. Is the one giving you a problem the icam2? Both the 1000 and icam2 will automatically disable wifi when it detects a hardwired ethernet connection. So the first thing that comes to mind is the POE injector dongle and wiring. Did you by chance reverse the cables from the POE injector? The male ethernet pigtail should plug into the switch or powerline adapter and the female port / patch cable should go into the camera. I have reversed them a couple times myself. Failing that I'd temporarily bypass the power line adapter and plug it directly into the switch to ensure the hardwired functions on the camera is working properly. And there might be a compatibility issue with the power line adapter.
      Reply

  59. Scott says:

    I have an XCAM i can log into and successfully got it configured for wired/wireless but the IR isnt turning on in either mode. When im in the UI i can toggle the settings for IR (manual day/night) but nothing happens both in wire/wireless modes. Other settings do work though such as; timestamp, time, network, video quality and type. Im an installer for these cameras (xfinity) and we were told they would not work hardlined (no info as to why but im digging into it). I found this FCC manual regarding a different camera but the same basic sercomm icontrol UI. it has the admin commands but im unable to find the correct command to trigger the IR Any suggestions?
    Reply

  60. Tim says:

    So I was given a RC8025B-ADT from my aunt because she didn't use it and does not care for it...but she really gave it to us because we have a autistic son that has outburst once and awhile so I wanted to set this up in him room to keep a eye on him but have no clue how to set it to my router and what to download to figure it out..and ADT wants to charge me alot just for them to take charge of it..so how can i get into this one???? Would really help out alot. Thank you.
    Reply

    1. Oedi says:

      Tim did you get this worked out? I have been able to access all the configuration of the RC8025-ADT. Below is all the steps that I used. 1) Press down the reset button (on the left beside the FCC logo) for 20 second 2) Connect a LAN cable to the device and it will boot with DHCP 3) Work out the IP it got 4) Goto http:///adm/enable_ui.cgi 5) when asked for login information use username administrator - blank password and then you will see “OK” on your screen 6) Goto http:// and now you have access to the administration page to set stuff. On a reboot you will have to enable the UI again if you want to make changes.
      Reply

      1. Oedi says:

        The URL got messed up what is missing is the IP of your camera. before the /adm/
        Reply

  61. JoJo says:

    Hi, I've just got my SerComm RC8221 to connect wirelessly, This is a Lowes model, never upgraded firmware. Let me make clear I'm a novice, but love to play around with any devices I've got around. I've been coming back to this site, with hopes of new info on how to get my cam to work. If you're new to all this like me, this pdf, really helped me configure my cam, cause now I knew what all the options were for each setting. Here's is the SerComm Neutral Brand IP Camera Configuration File Spec, which lists SerComm API with descriptions. https://www.yumpu.com/en/document/view/15518716/sercomm-neutral-brand-ip-camera-configuration-file-rpracouk Also following the steps on this site, seemed to do the trick or i just got lucky. lol http://forum.livingwithiris.com/topic/2633-how-to-take-total-control-of-your-iris-cameras-with-the-api/ I hope this helps someone, like all the help I got from this site.
    Reply

  62. wilner nau says:

    I have the RC-8021 W/MIC; I've been trying to access the administrator page. I've followed all your instructions it is still asking me for a password and username. Your information is not for this model, but when I look at the page online, it is the same page. Please help me log in or erase the password or tell me what the default password and username is. It is not an administrator or admin. I would appreciate your help. I can access the video using this command. http://admin:admin@10.0.0.180/img/video.mjpeg.
    Reply

    1. @edent says:

      Have you tried using admin as the username and the password? If not, I suggest speaking to the retailer.
      Reply

  63. Greg says:

    Hi, I recently acquired a used iCamera-1000 from Ebay and found that (I think) the firmware is corrupted. The camera powers up initially like my other iCamera-1000s with all 20 IR LEDs lit and the power light going solid green for about 20 seconds and then it begins steadily blinking a bit less than 2x/sec. The difference is it will continue blinking for as long as I let it (hours, maybe days or weeks) with no other lights activating. Pressing and holding the reset button for >8 second then releasing does nothing. It does not appear to obtain an IP address so I cannot communicate with it through my network. I have other iCamera-1000s and have been able to reset them successfully and play around with the settings as well as use some of the API commands. I suspect this camera's firmware is hosed...any ideas how I might reflash it short of removing the MXIC flash chip? Thanks!
    Reply

  64. Fenerli says:

    I setup EMAIL when EVENT is triggered by PIR on my RC8221. Log shows SMTP: Send E-mail OK by SMTP server [host: xxxxxxx@gmail.com]. But there's no email in my inbox. What am I missing here?
    Reply

    1. @edent says:

      Your SMTP provider may not accept emails sent from your IP address. You need to contact your email provider.
      Reply

  65. David says:

    What about getting the memory card slot to work and record when motion is detected? I know Iris has it disabled. Any thoughts or ideas on how to make it useful? Thanks.
    Reply

  66. Johnny Cakes says:

    I have found that these icameras/icamera2's (sercom) do not last all that long if mounted outside in the hot humid weather. I have one location that I have gone through about 3 cameras already. They always seem to fail with the day/night mode auto switching. Its strange. Anyone know of any new comparable cameras to the Icamera 2/Sercom 720P camera? What i liked about it was that it was 1. Outdoor 2. Wireless or Wired with just a single cord. 3. 720P 4. Small footprint Thanks!
    Reply

  67. Johnny Cakes says:

    in case anyone finds this valuable i was able to manually trigger day/night mode on my icamera2's using cgi.. Auto Mode /adm/set_group.cgi?group=VIDEO&dn_sch=0 Day Mode /adm/set_group.cgi?group=VIDEO&dn_sch=2 Night Mode /adm/set_group.cgi?group=VIDEO&dn_sch=3
    Reply

  68. josh says:

    like many posts i've found on the internet, we have a newly purchased home that came with an at&t digital life system. after much digging around, i've finally nailed down how the wiring works. i cannot, however, figure out how to get access to the camera login. i've tried hitting the reset button on the back, but either it's just not resetting, or something else is wrong. the hardware i have is sercomm rp131 WPS-POE ports (2 of these, one for each camera). they also had sercomm powerline Y cable adapters plugged in, but they were only using the power ports on these to connect to the camera's ac power. i guess they used this as a backup for power, but i'm not really sure. the cameras are sercomm OC-432's. there is also the DLC-100 unit with another sercomm powerline, but i'm ignoring that one for now. i have one POE (rp131) connecting to my new internet router, with the ethernet from that going into one of the cameras. the camera's light goes green, so i think it's connected. the 2nd POE isn't connecting to my router yet, so the camera connected to that is just flashing blue right now. the problem here is that the POE units are not showing up with an IP on my router. i can find the powerline units with an IP, which is interesting, but no ip from the rp131 unit. if i plug the ethernet from the powerline into that camera, it doesn't seem to connect (stays blue flashing light). has anyone had experience with any of this hardware? do you have any suggestions on that to try next? i feel like it's just a matter of forcing a reset on these, but the reset button doesn't feel like it goes down any when i stick anything in that hole.
    Reply

    1. @edent says:

      I suggest contacting AT&T or the people you purchased the house from. If that fails, try holding reset for 30 seconds. Good luck!
      Reply

      1. josh says:

        i ended up disassembling the camera entirely and realized the tools i was using to push reset weren't even making it all the way to the actual button on the circuit board. cameras are reset and accessible now! now to figure out how to view it remotely (off the network)..
        Reply

        1. paul says:

          I reset my camera and can see it show up as a wifi cam in my router connections, but can’t connect to it via the ip address. Have you had any luck? I have the same camera.
          Reply

  69. Cabana says:

    Hello. I have a RC8221W camera (like in this picture https://img01-olxro.akamaized.net/img-olxro/100783850_1_644x461_camera-de-supraveghere-wifi-sercomm-rc8221w-targu-jiu.jpg). I have a problem to enter its configuration. When I enter the address 192.168.x.x in the browser, the camera automatically redirects me to https://homescope.sfr.fr/local However, when I type in the browser 192.168.x.x/adm, a window appears in which I must enter the username and password. Unfortunately, none of the passwords that are given here work. After entering http: //192.168.x.x/util/query.cgi? Extension = yes in the browser I get this: hostname=SFRCAM_0AFCA2 description= defname=SFRCAM_0AFCA2 mjpeg_resolution2=640 h264_resolution=1280 h264_resolution3=320 mic_in=on speaker_out=on ptctrl=on irled=on serial=off resolutions=1280720,640480,320240,160120 mac=00:0e:8f:0a:fc:a2 privacy_button=on pir_sensor=on wps_pin_code=07200342 ioctrl=on company_name=Sercomm model_number=WIFICAM_SFR_RC8221 wireless=on fw_ver=V1.0.18 ip_addr=192.168.100.2 netmask=255.255.255.0 gateway= timezone=29 current_time=07/01/2015 07:06:32 http_port=80 rtsp_port=554 Can I somehow get to the configuration of this camera? Maybe someone has a file with the original software? I could upload it to a flash memory programmer.
    Reply

      1. marcelo says:

        hi there. have you managed to unlock the camera? i have the same one and same problema
        Reply

    2. apb says:

      Hi! I'm try to find firmware for RC8221 and soft for rewrite =). Have you firmware fo this model?
      Reply

  71. Bob says:

    I have several of the iCamera 1000s and find them to be pretty versatile for the $30.00 ea they've been going for on eBay. One think I found in addition to the wealth of knowledge above, is not only can you force 1280720 in H264 (http://"IP"/adm/set_group.cgi?group=H264&resolution=4) and get high resolution JPEGS (http://"IP"/adm/set_group.cgi?group=JPEG&resolution=4) but you can also stream in 1280720 in MJPEG! I don't know the command line, but if you use "Inspect Element" on the Video Streamings page you can see the hidden resolutions. Really easy to figure out, right click, edit as HTML, delete a few characters at the beginning and end of each string so they look like the others and voila. 1280*720 appears in the drop down box. Select, save, & have a beer. There are also other hidden menu items in other versions of the firmware for other cameras. I/O config, De-warping, Speaker set up.... Have fun!
    Reply

  72. Kelsey says:

    Hey, I have a few Sercomm cameras and have been able to reset them and get them up and working via the API. I've come across a snag, though, when trying to set up motion detection and have it email me an alert. The email is setup correctly (I've already tested that) and the cameras are triggering the email when motion is detected. My problem is that they are skipping the email for some reason? The log says this.... "Action(EMAIL) of event name(event_pir) has been skipped because system resource is busying now.[event type: pir (bundle motion)] Event triggered by pir (bundle motion)." I'm not sure why it is saying the "system resource is busying now"? What's odd is that I had this working at one point where it would send me a recording of the motion detection via email but now it's not working. Could anyone shed some light on how to fix this issue?
    Reply

        1. Kelsey says:

          I had originally turned off a few of the streams on the "streamings" settings page. I activated all four once again and set the clock to the correct time since it was off by a minute or two which can cause trouble.
          Reply

  74. Bart says:

    Does anyone have a full UI firmware that I can flash on the OC810 and RC8221?
    Reply

  75. farid says:

    RC8221 OC821_ RC8230 hi bro i have these 3 kind of models but none of works or connect to my nvr will please if you can help me to guide how to connect my these ip cameras to my dvr or nvr thanks
    Reply

  76. Krimou8049 says:

    Hello here I have a camera Sercomm model RC8221W Good opportunity I could not configure it
    Reply

  77. Erik Finskas says:

    Hi all. Reading these threads with great interest trying to reverse engineer a RC8221-based camera used in Finland for a closed system which shut down. Now quite a big pile of cameras are doing nothing. I've gathered up now that it would make most sense to flash the camera with the EyeSpy247 firmware with the Bus Pirate, but still after quite extensive crawling I did not find the firmware to download. If you have the firmware, I'd like to receive it and put the soldering iron on 🙂 Thanks, Erik com dot google at finskas dot erik
    Reply

  78. Charles says:

    I got 2 new RC8230 IP Cameras but no software CD with them to install. Where can I download the software to do all the settings for them. If anyone can please help me I will really appreciate it
    Reply

  79. says:

    [SOLVED] FACTORY RESET THE CAMERA. Reset the camera by pressing the reset button on the back of the camera for 20-30 seconds. The manuals say "10 seconds" but mine didn't successfully reset after 15 seconds, so I eventually just held for 30 seconds and that worked. You'll know it works because the red LED lights (on mine, anyways) flashed once, then the device reboot. If the green light starts blinking, it failed - try again. GET THE IP OF THE CAMERA I got mine by logging into my router and looking at all the client list. LOGIN TO THE ADMIN UI Go to http://192.168.1.99/adm/enable_ui.cgi (replace 192.168.1.99 with your camera IP) -- Most comments say going to http://192.168.1.99/ they could login -- that gave me a 404. Go to http://192.168.1.99/adm/enable_ui.cgi and login with username "administrator" and empty password. IF the login doesn't work, then your device wasn't successfully reset in step 1, start over. Thanks to all whose comments helped! 🙂
    Reply

    1. Eugen says:

      This does not work for example on such a camera: hostname=RC8221D46459 description= defname=SCD46459 h264_resolution=640 mic_in=on speaker_out=off ptctrl=off wlled=off irled=on serial=off resolutions=1280960,640360,320180,16090 mac=00:0e:8f:d4:64:59 privacy_button=on pir_sensor=on wps_pin_code=39193216 ioctrl=on company_name=Elisa model_number=RC8221 wireless=on fw_ver=V1.0.10R00 ip_addr=192.168.0.47 netmask=255.255.255.0 gateway=192.168.0.1 timezone=26 current_time=01/01/2010 03:50:50 http_port=80 rtsp_port=554 What to do? Are there any ideas or firmware to read and look for a password file there? Thank!
      Reply

      1. DaninFuchs says:

        Not sure if you're still looking -- dump the firmware file from the camera and read the CONFIG partition with a hex editor. If you're unable to figure those items out, contact me via email and I'll see if I can help. (If you're still looking for this.)
        Reply

        1. VO says:

          I pulled the chip out on one of these Elisa RC8221 cameras and managed to get the admin username and password. If you are still playing with these things and would like to have the firmware, I could send it to you. Never would have got this thing working without your instructions. Thanks!
          Reply

  80. Chris Phillips says:

    has anyone successfully reset a camera like this OC810? No luck for me using the "administrator" user_id & null pw. Tried many other combinations too. hostname=DukeOutdoor description=NextView defname=SC93C4C9 resolution=640 mpeg4_resolution2=640 mjpeg_resolution=320 h264_resolution3=640 mic_in=off speaker_out=off ptctrl=off wlled=off irled=on serial=off resolutions=640480,320240,160*120 mac=00:0e:8f:93:c4:c9 privacy_button=off pir_sensor=on wps_pin_code=96841693 ioctrl=off company_name=NextAlarm model_number=OC810 wireless=on sw_pppoe=yes fw_ver=V1.0.02R00 ip_addr=192.168.0.41 netmask=255.255.255.0 gateway=192.168.0.1 timezone=4 current_time=03/19/2019 22:26:41 http_port=80 rtsp_port=554
    Reply

    2. paLINKrk says:

      Where is the sd card slot located? I found the mic option and there seems to be an sd card storing function but when i took the back plate off, I didn't see any slot for an sd card. This is for the sercomm oc432 cam.
      Reply

      1. says:

        Not all Sercomm cameras have an SD card slot. The API may have it as an option - but that doesn't mean it is physically present in the hardware.
        Reply

  82. Sid says:

    Hi, I have an RC8221 from Lowe's that I am able to get into after resetting. I want it to send me an http request when it detects motion. I see from the logs that the motion is detected, "Alert: Detected motion." but then "Alert: There is no action for this event." I can't seem to get it to trigger anything. I have been using "adm/set_group.cgi?group=EVENT&event_mt=" but no matter what I try as a value string, I get "Error: Unable to set Motion Detect configuration" My configs look like: [EVENT] event_trigger=1 event_schedule=1 event_define1= event_define2= event_define3= event_define4= event_define5= event_define6= event_define7= event_define8= event_define9= event_define10= event_interval=2 event_in1= event_in2= event_mt= event_pir= event_httpc= event_attach=avi,1,5,5 event_mpeg4=3,0,1 event_jpeg=1,0,1 [HTTP_NOTIFY] http_notify=1 http_url=http://...URL here http_proxy= http_proxy_no=80 http_method=1 http_user= http_password= proxy_user= proxy_password= event_data_flag=0 Can anyone show me what I'm doing wrong?
    Reply

    1. Sid says:

      Hi, answered my own question. On the RC8221 from Lowe's, the value string seems to be different from the one Terence shows on github (https://github.com/edent/Sercomm-API) The one from github would give: adm/set_group.cgi?group=EVENT&event_mt=email:0;ftpu:0;httpn:1;httppost:0;smbc:0 but this gives an error (at least on my camera) a string that works is: adm/set_group.cgi?group=EVENT&event_mt=email:0;ftpu:0;op1:0;httpn:1;smbc:0;sd:0 Now I'm getting: Alert: PIR & Motion Detection (bundle) triggered. HTTP-NOTIFY:Send notification successfully. In the logs! Thanks for all the info on this blog.
      Reply

    1. says:

      You will need to speak to Vodafone. You can try resetting it with a pin - follow the instructions in this blog - but I do not know what the login details are.
      Reply

  84. Gene D says:

    I got to the end...WOW, what a wealth of information in here. I am determined to open up my camera, even though it works in iSpy, I want to be able to get into the admin area. Its a newer model, honeywell "ipcam-WL" But a http:///util/query.cgi?extension=yes reveals it is a RC3026D (sercomm). One thing i know with absolute certainty is that the default password is not anything that was posted in this blog, not a single one works. I have reset this thing 100 times. I get the prompt if I go to any of the /adm pages. I don't think I have a choice but to try and dump the firmware and binwalk it. Unless....someone here has the magic combination of username/password?
    Reply

  85. JJ says:

    Does anyone know what the following log entry means - "Network: Lan activated." I have an icamera2, and periodically that will show up on the log screen. I get the gist of the rest of logs, like DHCP lease renewal, NTP synchronization, and when someone connects to it. But that one doesn't make sense to me. Doesn't "lan" suggest a cable connection? As opposed to wifi, because the log does have another line entry that says "Network: wireless activated." But there has never been (at least not to my knowledge - ergo my concern) a cable connected to the camera since after the first day when it was initially set-up. I admit I get a little paranoid about shit like this, so if someone could put my mind at ease it would be much appreciated.
    Reply

    1. says:

      LAN simply means "Local Area Network". Once it has connected to WiFi, it is part of your LAN. Other devices on your network - whether wired or wireless - can talk to it. So you have nothing to worry about. Although you can fill the Ethernet port with glue to stop people plugging in cables, if that's bothering you.
      Reply

  86. eFix says:

    I have 4 OC810 that are setup to send me an email when motion is detected. It was working very well until few weeks ago. Now the log says 'SMTP: Failed to send E-mail' and when I use the 'Test the Server' button on the E-Mail settings page, I get the following error message: 'Mail server(smtp.comcast.net) is unavailable:sender address is invalid'. I have tried multiple email accounts (Comcast, Google ...) nothing works. Anybody has any idea why it suddenly stopped working? I suspect a change in the Comcast-Xfinity Router-Modem but I can't find what caused it to stop working.
    Reply

  87. Kris says:

    I have several RC8221 camera's set up with synology surveillance station, the streaming works well, but it would be nice if I could get some extra features of the camera working: motion sensor of the camera sound the digital inputs of the camera Did anybody had luck with these features? login for my camera's was superadmin / superadmin, but I had to block internet traffic for the camera's because they always want to go back to their supplier after a reset
    Reply

  88. MK says:

    Hello -- I am unable to add my XCAM2 to Synology NAS Surveillance Station. It used to be Xfinity camera and I have hard reset it already. I am able to login and view via browser. However, I am not able to change any admin settings, such as changing SSID etc. - it always returns 404 whenever I try to change any setting and save. I cant use WPS since my router doesn't support it. Has anyone had the same issue?
    Reply

    1. Antoine Lovelace says:

      Could you tell me how you were able to log in? I am at the point where I have reset my xcam2 but not sure how to log in and view.
      Reply

  89. Dan Roman says:

    Anyone have a wiring diagram for the XCAM? I have the camera but not the XW3 or dongle and would like to make my own Y-adapter to provide 12V and the Ethernet connection so I can hardwire it. Not sure if it uses a standard pin-out? Thanks.
    Reply

    1. ta6point6litre says:

      I'm sorry, but without the power brick (XW3) the camera will not function. Even if you could get it to power up, the camera firmware is locked by Xfinty and will only work with their system (as far as I know). I have several of them and have not been able to unlock one (or find anyone online who has) yet. Let us know if you figure it out.
      Reply

    2. oops says:

      Blue wire is 12v + and brown/white wire is 12v - on Xfinity Sercomm cameras. I think the XCAM is also a Sercomm camera.
      Reply

    3. says:

      I would like too know as well!! I think I'm going to attempt to plug an ethernet cable in the power adapter and check which pins are 12v+ and 12v-, cut the end, crimp two ends on (one end on to the power supply for 12v and another end to the ethernet side) and see if it functions in standard Cat5e wiring configuration minus the two power wires.
      Reply

  90. oops says:

    Other Xfinity (Sercomm) cameras use the blue wire for 12v + and the brown/white wire for 12v -. I splice into CAT5e cable and add 12v from a common power source creating my own POE cables. That setup is way cheaper than buying a POE switch or having a bunch of wall warts plugged in.
    Reply

    1. ta6point6litre says:

      Xcam only uses 4 wires. Orange-white, orange, green-white, and green on pins 1, 2, 3, and 6.
      Reply

      1. oops says:

        I was referring to injecting power to the XCam through the Cat5 ethernet cable. I'm assuming all cat5 cables use the same color code. Information in the XCam user manual shows that the XCam does have a standard rj45 port (dongle) and power is injected into the camera through the use of a Y cable and power adapter, just like most of the other Serrcom cameras. Also the XCam can be used with internet connectivity through the rj45 Ethernet connection instead of the wifi connection. The XCam is a Serrcom camera and I have used this setup before on other Serrcom cameras. It's really simple to test if my method works on your cameras. Take a cat5 patch cord and slice into it. Cut the blue and the white/ brown wires. Connect a 12v power supply to the cut wires on the side of the cable that plugs into the camera --> 12v+ on the blue wire and 12v- on the brown/white wire. Connect the end of the cat5 cable where you spliced in the power to the Xcam rj45 dongle. Connect the other end to your computer. Power everything up and you should see a light come on on the camera (if it has a status light). There's lots of references on this blog to guides on how to reset your camera to factory specs, how to access the camera's settings and how to view the camera from a browser or media player.
        Reply

        1. oops says:

          I'm sorry. Connect the powered end of your cat5 cable to your XCam AND THE OTHER END TO YOUR NETWORK ROUTER OR SWITCH (not your computer - my bad). Then you access your XCam through a browser. The XCam will show up in your router as a new device and display its IP address. Use the IP address of the XCam in your browser's address bar.
          Reply

        2. Krytos says:

          Xcam has a hardwired cord that only has 4 wires in it. It does use a standard cat5 connection on the end that plugs into the power brick but only uses 4 wires. Orange-white, orange, green-white, and green on pins 1, 2, 3, and 6. There are no blue or brown wires. Xcam may use Sercomm software (that I do not know) but it is designed and built by Xfinity and is locked out for any changes to the settings. If anyone know how to hack one to be used on Blue Iris or some other IP camera software PLEASE let us know.
          Reply

  91. says:

    I have similar cameras from sercomm running on my synology nas with surveillance station. Its working well and im wondering if there is a way to get an updated firmware to solve the old ssl cert and low crypto settings.
    Reply

    1. says:

      Sadly, these cameras have been completely abandoned. I suggest buying something more modern. Sorry.
      Reply

  92. Johnny says:

    I have several of the icamera 2's that when i place them in the front of my house, after some period of time.. maybe like 1 year or so, they start going into a reboot loop when switching from day to night mode. Its only happening to the cameras i place in this one location though. Wondering if maybe its getting direct sunlight and its damaging the lens or something. But im going through a new camera like every 12-16 months in just this one spot. Anyone else see anything like this? thanks
    Reply

  93. Johnny says:

    Does anyone know of a similar camera to the Sercom Icamera 1/2 ? I realize these cameras are old and unsupported now but they were the best design/price point for me. I havent really found anything similar. Anyone know of any modern/new camera that has similar features? Day/Night (IR) Mode 720P or better Small footprint Works with all the camera apps (tinycam, blue iris, IP Cam Viewer, etc.) Wired or wireless operation Single wire for power (Icamera can use a single flat CAT5 cable from the camera. Easily can close in window frame) Indoor or Outdoor I'm yet to find anything new that meets the above criteria. If you know of any please let me know!! thanks guys
    Reply

  94. ian says:

    I have an old telstra branded icamera2 (sercomm) which I have hit reset on and reconnected using WPS. If I just go http://[ip] I get 404. Is there a path I need to add to get to log in? I saw a suggestion for /img/media.flv and tried that and it is downloading a large file as I write 40mb+
    Reply

      1. Church says:

        Thanks for the update post, i was having the same problem with my old Telstra icamera2. Now i just gotta figure out how to integrate it into my google home setup...
        Reply

      2. fawmum says:

        I am having similar issue even after enabling ui I am not able to get in. I tried to login thru ip after enabling it. any suggestions
        Reply

  95. Seano says:

    Does anyone monitor this thread? I’ve a rc8221v2 I’ve read out the flash chip and gained the administrator password. It’s an ADT- South Africa version. I’m after alternative firmware if anyone has any lying around. The eye247 one looked promising but nothing comes up on google and the Dropbox is a dead end. It’s more a Curiosity project, I’ve only recently starting meddling with spi and flashroms.
    Reply

    1. @edent says:

      What was the username and password you discovered? These are very old cameras - this thread is nearly a decade old! So I doubt that there are alternative firmware files to be found.
      Reply

  96. seano says:

    I did see it's a little blast from 2014 onwards, these cameras pop up from time to time on eBay, I got mine for a £5 😂 one raspberryPi and some of the worst soldering I had it hooked up via spi and used flashrom to read the firmware. for an idiot with very little understanding some of the guys aboves links and such provided a wealth of where to begin, was fun and that's the main point 😀 I was bored and had it lying around as a paperweight. now it works and I can use it, isn't the greatest image but serves a purpose. surprised it lived my butchery. the password I got was TyC0711@DmIn14 the admin gui is stripped out, you have to go the hard way round to get to the config panels, but its workable.
    Reply

  97. Mihai says:

    Does anyone uses the Sercomm icamera2 successfully using an SMTP server? If not what other options are out there? Thanks.
    Reply

What links here from around this blog?

  1. YHDO Security Camera Review
  2. Smart Lights - Dumb Decisions
  3. Terence Eden speaking at the ThingMonk conference. The (Connected) House Of Horrors
  4. Edent Shouting into a microphone. Radio 4 IoT Talk
  5. A web browser displaying the message "Open Telnet Daemon successfully!" Telnet and Root on the Sercomm iCamera2

What are your reckons?

All comments are moderated and may not be published immediately. Your email address will not be published.

Allowed HTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <p> <pre> <br> <img src="" alt="" title="" srcset="">