- Telnet username
- Telnet password
Four years ago to the day, I wrote an exposé of the hideous security failings of Sercomm IP Cameras. The blog has since attracked 200 comments - as people try to unlock their cameras, and find out what flaws they have.
Despite my best efforts at contacting Sercomm - the OEM who manufactures the cameras - and the "security" resellers who irresponsibly sell them to unsuspecting customers, the flaws remain unpatched.
Most of the Sercomm cameras have a custom firmware which locks them down. As documented in my previous blog post, resetting the cameras is depressingly easy.
- Stick paperclip in the reset hole for a few seconds.
- The default login name is "
- There is no password set!
Turning on Telnet
The process for enabling Telnet was first published in 2011. It depends on the firmware that Sercomm have pre-loaded, but you just need to visit the specially crafted URl:
Over on my GitHub repo of Sercomm API commands, you'll find a copy of the firmware for the iCamera 1000.
A contributor to the blog, Paul Chambers, describes how he deciphered the firmware.
The firmware is a modified SquashFS filesystem.
Inside, it contains a symlink from
/etc/passwd -> /mnt/ramdisk/tmp/passwd
/etc/rc.sethostcontains the string
Running rc.sethost does various things including writing a passwd file to
Inside that, I saw
9sXicXdz8JrVkis a traditional DES based hash
rc.sethostto skip the call to
crypt. Then I got:
I double-checked it was correct by running
squashfs-root$python -c "import crypt;print crypt.crypt('Aq0+0009', '9s')"
So the username is
rootand the password is
There you have it. Different cameras may have different firmwares with different passwords - but I'd guess that they all follow a similar pattern. This particular password works on Firmware version
18 thoughts on “Telnet and Root on the Sercomm iCamera2”
Dennis A Vitali says:
Thanks , Was on the same hunt for my ebay NV412a, justb wanted to get Zoom function to work via FW upgrade from later Sercomm camera!!
I would be very interested in learning how he managed to unpack, modify, and repack the firmware. I’ve been wracking my brain trying to figure it out for the iCamera-1000 model, and unfortunately, the pre-loaded comcast firmware doesn’t dump the full FW image when you do a dump from the device. That means my only recourse is to find an original full sercomm firmware for it, or hack around with the partial images being shoved out by comcast.
You can actually just tell the camera to install whatever firmware you want. Just use the API command below and substitute the firmware version you want to install.
iCamera1000 Firmware Files (only ones I have found)
He probably dumped it with a ch341a reader. When you hack the camera you have root access and can change stuff but ever wonder why when it reboot those changes don’t stick? Don’t have access to write to the Rom, if you use the dump method you dump the entire fw can unpack it edit and modify whst you want repack it and install it or flash it back to the chip and wala. You now have modified fw that has your changes
Robert Monsen says:
I just tried your telnet enable + root username/password pair on my iCamera2 from xfinity, and was able to get in. Sigh. What a bunch of losers. It's January, 2019
This root user name and password works, however you can generate your own and it works just fine.
Richard Amiss says:
Hello there! Thank you for the blog posts. I was wondering, in all your travels have you ever found any version of firmware for the iCamera2 ? I am able to get into the web interface on the modded ones either way, but I have 8 of them, some new with non modded firmware and some from old xfinity accounts and it would be so nice to get them all on the same firmware. Any leads, hints or links to the dark web are welcome!
Jaye diggs says:
This page has some info. Good luck!
prince noor says:
hi bro if you know about the upgrade version of rc4551 oc821 rc8221 so please let me inform i have 3000 thousand cameras in stock all have the F/W version problem please some body help me thanks to every one
Aseem Patnaik says:
I need some help. I have 2 of these cameras that i purchased thinking i could hook them up. I was able to connect both cameras to my router (hardwire and via wifi). However i do not see an IP address assigned to them to get in and get this thing figured out. From the little bit i know , without an IP i do not think i can do much. Are there any options for me or are these just paper weights?
You need to hold the button on the back for about 5 seconds then press wps on your router.
Just wanted to add that the CA cert installed on the camera is still good till next year!
Common Name: XMPP
Organization Unit: OpenHome
Locality: Redwood City
Valid From: November 18, 2011
Valid To: November 15, 2021
Issuer: XMPP, iControl
Thanks for sharing
Hi – I keep getting 404 whenever I try to save any config changes. This is same with API calls or GUI. I believe my camera is reset. Any insight will be greatly appreciated!
Rick McLeod says:
I have 3 iCamera2's from when I had an Xfinity security system. I have two of them working with the Windows IP Camera Viewer. But when I use the Android IP Cam Viewer Lite app, I can only view one of them. They both used to work. They both show up when I do an 'arp -a'. Not sure why the one works with the Windows app, but not the Android app.
The third camera doesn't show up at all when I 'arp -a', but it seems to go through the same sequence of led's ending with just one blinking on and off. I have pressed and held the reset button for more than 10 seconds, but no joy there. What can I try next?
I have a telstra branded icamera2. It was part of a now discontinued service from telstra.
If I try http:/[ip] I get Error 404. Is there a path I need to add ?
From looking through various other's responses I tried http://[ip]/img/media.sdp and it pops up asking for username and password, so something is alive in there. No suggested user/pwd combos work.
I've tried reset with power on and holding button for 10+secs but it reconnects to my wifi so I am imagining that I am failing the reset, perhaps that is disabled.
This camera is powered via the cat5 connector so I can't do a wired connection.
If it is powered over ethernet, you should be able to buy a PoE splitter which will let it connect to the ethernet port of your computer. That should stip it trying to connect to the wifi.
Jason anderson says:
So is there an app that I can connect this sercomm icamera2 to? I have access to the interface, figured that part out, but would really like to have an app to see. Any suggestions?
I use this app for Android - https://play.google.com/store/apps/details?id=com.alexvas.dvr.pro