[HN Gopher] Disassembling an Amazon Blink Mini camera
___________________________________________________________________
Disassembling an Amazon Blink Mini camera
Author : bo0tzz
Score : 136 points
Date : 2022-11-20 17:35 UTC (5 hours ago)
(HTM) web link (astrid.tech)
(TXT) w3m dump (astrid.tech)
| prattcmp wrote:
| I don't trust Amazon Alexa's privacy standard, let alone a video
| camera.
| walterbell wrote:
| Amazon's Blink motion-detecting cameras don't have a hardware
| power switch..
|
| https://safetywish.com/how-to-disable-blink-cameras/
| asddubs wrote:
| i mean that kind of makes sense for a security camera, right?
| walterbell wrote:
| For an indoor camera used by consumers? Perhaps they only
| want the security camera turned on when they are not at
| home.
|
| Is there any other camera without an off switch, consumer
| or enterprise?
| jibe wrote:
| I have a bunch of different cameras, nest, Wyze, Amazon -
| none have on/off switches. Just plug in USB for power and
| they start up.
| walterbell wrote:
| At least they can be unplugged.
| formerly_proven wrote:
| If you get close enough to a CCTV camera that you can
| remove the panel covering the reset switch and network
| connection, you can just put tape over the lens.
| andrepd wrote:
| I sometimes wonder what would the great dystopian writers of
| the 20th century make of the fact that people would one day say
| "hey telescreen, show me recipes for spaghetti" after buying it
| for the low low price of 49.99.
| deanCommie wrote:
| Can I ask why?
|
| You have every reason not to want a smart speaker that learns
| about your questions and prompts to give you better targeted
| ads.
|
| You also have every reason not to want to buy a piece of
| hardware fundamentally dependent on a server-side service the
| company could choose to turn off at any moment leaving you with
| a brick.
|
| But people seem to treat these smart speakers with the kind of
| suspicion that would only be appropriate if you actually
| thought the speaker was listening all the time to your everyday
| conversations to truly INVADE your privacy.
|
| Which - maybe you would think about a random piece of junk from
| a disreputable company (if you ignore the monumental amount of
| bandwidth this would involve that would likely be infeasible).
|
| But I feel like you can probably trust weirdly enough companies
| like Amazon and Facebook NOT to do this because of the colossal
| news story it would be.
|
| The other reason I can imagine technologists on here to not
| trust smart devices is that they might be used as a weakspot to
| hack into your network. Again - I can see not trusting that
| from a random 3rd party, but Amazon knows how to create strong
| secure systems. If you trust Cisco or Asus or 3Com to buy a
| router from them, it's really no different.
| devmor wrote:
| The problem isn't even intentional spying, it's what data
| about you becomes available via the metadata saved from every
| day filtering.
| formerly_proven wrote:
| Nice blogpost not withstanding I dunno why anyone would bother
| with these, all consumer CCTV cameras are garbage as far as the
| hardware goes and that's what produces the image you presumably
| want to be using. A nice 1/1.8" or 1/1.2" Sony sensor costs some
| money, and a high resolution, achromatic (vis to ~1 um) and fast
| lens does not stand up to the fractional-penny-shaving applied to
| consumer products. So you get shitty 1/3" or smaller sensors made
| by some backwater company with the cheapest lens someone could
| come up with.
| everyone wrote:
| I really hate how no big tech company is just making excellent
| hardware/software that people buy cus it's excellent.
| _Everything_ (by big tech) seems to be some sort of sleazy scam
| nowadays.
| walterbell wrote:
| When the Linux port is ready, Apple M1 laptops will
| (relatively) qualify as excellent perf/watt and interop with
| non-Apple OS.
|
| There are cheap used HP/Dell thin clients based on the
| venerable AMD Puma SoC family found in the coreboot-based PC
| Engines APU2 (an excellent classic device which even has ECC
| memory).
|
| Hardkernel (small company from Korea) ODROID M1 is a capable
| Linux SBC /w NVME.
| everyone wrote:
| If you're a tech-nerd then of course you can use your
| expertise to cobble together something excellent in the
| current milieu.
|
| My point is that big tech FAANG-like corps never seem to sell
| anything nowadays that's just simply good out of the box
| without any sleazy scam-like caveats. That's a pretty sorry
| state of affairs.
|
| It feels like we've taken one step forwards, one step
| backwards. Like in 80's you could buy a C64 which was just
| pure excellent right out of the box, but you had to be a bit
| of a tech nerd to buy one in the 1st place. Nowadays if
| you're a regular person and buy some popular computer you're
| buying into some sort of scam. You need to be tech-nerd to
| avoid the scam and get something good.
|
| In 80's tech nerds had C64 and bbc micro and so on, and
| everyone else had nothing and just missed out competely on
| the magic of computing. Nowadays tech nerds have their own
| pc's and everyone else has iOS and Android and _almost_
| completely misses out on the magic of computing.
| walterbell wrote:
| Sadly, modern businesses are often selling services rather
| than hardware.
|
| _> everyone else has iOS and Android and almost completely
| misses out on the magic of computing_
|
| If some of the iOS/iPadOS/Android people bought a ~$100
| used PC, RPi or Linux SBC, they could use it as a
| relatively libre home "server/cloud" for learning. With
| Ubuntu and search engines, it's still somewhat possible to
| take vacations from walled gardens to visit magic computing
| castles that are open to user mods.
| PaulsWallet wrote:
| This still assumes the person in question has the time or
| desire to tinker around with stuff. Not everyone is a
| tech geek who wants to tinker around with stuff. What the
| parent post is saying is these things are off-limits to
| those people.
| walterbell wrote:
| Freedom isn't free. See Tim Wu's book "The Master
| Switch", with early telecom networks as a precedent, to
| understand why the glory days of general purpose
| computing were always likely to end,
| https://archive.ph/9BJ20
|
| _> "History shows a typical progression of information
| technologies," he writes, "from somebody's hobby to
| somebody's industry; from jury-rigged contraption to
| slick production marvel; from a freely accessible channel
| to one strictly controlled by a single corporation or
| cartel -- from open to closed system." Eventually,
| entrepreneurs or regulators smash apart the closed
| system, and the cycle begins anew. The story covers the
| history of phones, radio, television, movies and,
| finally, the Internet. All of these businesses are
| susceptible to the cycle because all depend on
| networks.._
|
| On a positive note, the current U.S. FTC has been making
| antitrust noises about tech companies and platforms,
| after years of relative inaction. There's a nascent
| global effort to enshrine "right to repair" in consumer
| hardware regulations, which aligns with circular economy
| initiatives and hardware shortages.
|
| On a negative note, humans have deployed IoT "slave
| helmets" for realtime geofencing and control of
| construction workers with few legal rights, i.e.
| restricting not just the computing hardware, but the
| human body of the user,
| https://news.ycombinator.com/item?id=33675370
|
| On a cage match note, banks and tech companies are at a
| 2023 global regulatory crossroads on the future of
| digital currencies, including crypto and CBDCs. The
| music/film industries led to DRM restrictions on consumer
| hardware. Now we have bank-vs-tech competition to be
| legal and physical custodian of private keys for digital
| currency wallets. How will that change computing hardware
| and supply chain security regulation?
| everyone wrote:
| Thats interesting. That theory seems to fit with my
| experience at least. I will read that book cheers.
| crazygringo wrote:
| ... Apple? People are certainly buying iPhones and M1/2 laptops
| due to sheer hardware excellence. And whatever criticisms you
| might have of Apple, "sleazy scam" seems hard to apply.
|
| As for software, that's more a matter of personal opinion that
| people just disagree over. One person's excellence is another
| person's hard-to-use, another person's super-secure is yet
| another person's too-locked-down. There's really no winning.
| Danieru wrote:
| Apple charges 30%! That's an even bigger scam for a typical
| app store user than the bink single camera upcharge.
|
| At least with Bink you get a service for that. With Apple you
| still need to pay the remaining 70% for the apps themselves.
| crazygringo wrote:
| Well I was talking about the hardware side.
|
| But no, charging 30% isn't a "scam". I mean, is Microsoft
| scamming people on Xbox games by taking an equivalent 30%?
| Is Sony also scamming with their 30% for Playstation games?
|
| 30% is industry-standard for app store distribution tied to
| hardware. And while you can argue maybe the percentage
| should be different, it's not a _scam_.
| lgats wrote:
| Internal Photos from FCC ID, available without disassembly
| https://fccid.io/2AF77-H1931660/Internal-Photos/Exhibit-C-In...
| jacob019 wrote:
| What are the chances that the firmware is signed?
| bodangly wrote:
| Near 100%. If you look at the binwalk output in his later posts
| you can clearly see certificates as one of the first things in
| the binary. I'll be shocked if this guy ever actually gets his
| own firmware to run here.
| azalemeth wrote:
| I've never really understood why Amazon doesn't want people
| hacking with their devices. If I were them, making a Really
| Hacker Friendly Device would _boost_ sales hugely, as people
| would start making 'cool things' with it. All of their
| devices are incredibly tied down, however, despite the
| promise of relatively cheap computing (I don't own any of
| them, out of privacy concerns).
| jdiez17 wrote:
| They don't make a profit on device sales. They want you to
| use their cloud services.
| mgsk wrote:
| Her.
| withinboredom wrote:
| The easiest thing would be to buy some flash, desolder the
| existing flash and install their own flash. Certs won't
| matter then.
| Matthias247 wrote:
| If some form of secure boot is used, then replacing the
| flash won't work either. There is one-time writable storage
| inside the SoC itself is used for verification. You won't
| be able to get it back into a state where it accepts non-
| signed firmware without also replacing the SoC.
| no_time wrote:
| Firmware signature verification is almost done in mask ROM
| exactly to prevent this.
| Namidairo wrote:
| You're assuming that flash storage is the only thing to be
| concerned about in a secure boot scenario.
|
| Assuming that the platform is even secure boot capable,
| you'd blow a fuse or similar at the factory to put it into
| production mode.
|
| However even then, secure boot isn't infallible. Either
| they're implemented shoddily, or you end up power glitching
| past verification.
|
| (I've seen a certain vendor who's name starts with
| Qualco... fail because they didn't remember that u-boot
| was... configurable.)
| jgalt212 wrote:
| > visible and infrared light
|
| Can this render a nude body like Sony's did (by accident???)
|
| http://www.aparchive.com/metadata/youtube/ad99e1a3930185817a...
| Calvin02 wrote:
| I hope the author will make the firmware available to others for
| research.
| glitchc wrote:
| The author hasn't been able to pull the firmware off, and it's
| unclear if they possess the technical ability to extract the
| firmware over SPI.
| bodangly wrote:
| The later posts show binwalk output and there are certs at
| the top of the binary. He's never getting his own firmware to
| run. Fun hobby project for him I'm sure though.
| _whiteCaps_ wrote:
| *she / her
| no_time wrote:
| Does it have some sort of "secure" boot? If it doesn't, I might
| pick up a few to try to de-amazon it. The hardware does indeed
| look pretty cool.
| fullstop wrote:
| In part 4 they try to figure out what BUND means, and have some
| really odd thoughts. It's probably just Bundle.
| mwint wrote:
| I was hoping this was going to end with "look, it runs embedded
| linux and here's how to get root, on a $20 camera". That would
| solve this problem:
|
| Does anyone know of a good way to have a camera stream video over
| WiFi to my server, which can then forward it to the Internet,
| without passing through a third party? And, ideally, without
| opening ports. Burned too many times by buying cameras with
| streaming systems that are shut down two years later.
|
| I think if I could get root on embedded linux on a WiFi camera, I
| could set up an SSH tunnel and go from there. But with the
| current IP camera I wasn't smart enough to get root (or a shell
| at all, IIRC) and it wouldn't take firmware updates.
|
| So right now I have a terrible hacky solution where it FTPs an
| image to me every ten seconds, and then I put serve that... but a
| real stream would be way better.
| jtchang wrote:
| I wrote this for Wyze v2 cameras:
| https://github.com/openmiko/openmiko
| solardev wrote:
| This is awesome, thank you! I have a few Wyze cameras and
| their hardware and pricing are great, but their app is pretty
| bad. Would be lovely to be able to use them outside the app.
| walterbell wrote:
| See Reolink+Neolink,
| https://news.ycombinator.com/item?id=33091698
| yellow_postit wrote:
| Pair with a coral (if you can find one) and you get decent
| home network AI detection as well. Blue Iris, Frigate etc for
| a home NVR setup.
| scrivna wrote:
| I use a Reolink camera, my one supports a standard video stream
| or jpeg output accessible via a url on the device itself, no
| cloud required (though they're iOS app presumably uses cloud
| for its connectivity, but it's optional to use the apps).
| Combined with a Tailscale node in the house could provide
| external access without open ports.
| fimdomeio wrote:
| This might interest you.
| https://github.com/EliasKotlyar/Xiaomi-Dafang-Hacks
| noja wrote:
| > Does anyone know of a good way to have a camera stream video
| over WiFi to my server,
|
| with a battery life of a year? there is no competition. if you
| achieve this, please post it here!
| 3guk wrote:
| Lots of RTSP cameras available - which would do exactly what
| you want and leaves you fairly open to whatever software you
| choose to implement on the server to share the feed.
|
| I use lots of the Ubiquiti Cameras - I've had lots of success
| using them without the UniFi Protect controller app purely as
| RTSP devices.
| js2 wrote:
| Scrypted is what you want. I'm using it to stream an Amcrest
| AD410 doorbell camera to my NAS and forward it to HomeKit
| Secure Video with a local copy of the video saved on my NAS.
| It's rock solid. It uses a plugin architecture and HKSV is just
| a Scrypted plugin (as is saving the video locally). The
| developer is very responsive.
|
| https://github.com/koush/scrypted
| aegis4244 wrote:
| I'd start by looking at the esp32cam.
| pyrolistical wrote:
| part 2: https://astrid.tech/2022/07/13/0/blink-mini-dumping/
|
| part 3: https://astrid.tech/2022/08/03/0/blink-mini-fw-analysis/
|
| part 4: https://astrid.tech/2022/08/06/0/blink-mini-4/
| walterbell wrote:
| Blink cameras can run on battery for a year! A worthy platform to
| be liberated from app/cloud.
|
| https://awesomeopensource.com/projects/camera/firmware
|
| Thanks for the supply chain diagram:
| https://astrid.tech/_/2022/08/03/0/blink-companies.svg
|
| Microsoft's ThreadX RTOS was also used on RPi GPU,
| https://en.wikipedia.org/wiki/VideoCore#Linux_support
| fillskills wrote:
| I use a Blink Camera in an semi active zone (backyard) and it
| lasted 1.5 years without battery change. Blew my mind since it
| offered almost the same functionality with better performance
| thank top of the market competitors.
| ilamont wrote:
| There are several security camera manufacturers making long
| battery life claims. I found Eufy's "6 month battery" claims to
| be grossly overstating the reality (1-2 months in normal
| conditions using various units) and would be suspicious of 365
| day claims made by Eufy, Blink, and others.
| walterbell wrote:
| Blink has custom silicon, which may be forcing competitors
| with generic SoCs to exaggerate. Blink's claims are precise,
| https://support.blinkforhome.com/en_US/f-a-q/how-long-do-
| the...
|
| _> Blink Video Doorbell, Outdoor and Indoor (gen 2), and XT2
| cameras can expect battery life of up to 2 years, based on
| 5,882 seconds of Live View, 43,200 seconds of motion-
| activated recording and 4,788 seconds of Live View with two-
| way talk. This is roughly 70 seconds per day. For the Indoor
| (gen 1) and XT cameras, 2 years of typical use is defined as
| 40,000 seconds of Motion Clips and Live View. This is
| approximately 50 seconds per day._
| NavinF wrote:
| > 43,200 seconds of motion-activated recording
|
| Ahh 6 hours of continuous recording. That's a lot more
| reasonable. You could build something similar by combining
| a low power PIR sensor with a camera
| stu432 wrote:
| I have several Blink camera's, can attest they do indeed last
| more than a year. Front of house that gets more than usual
| traffic has lasted around 2 years between battery changes,
| back of house around 3 years so far. Using Duracell batteries
| if that makes a difference.
| ihaveajob wrote:
| Same here. The squirrels in the backyard are definitely a
| drain on the batteries. Another reason to hate them (the
| main one is that they eat my nectarines).
| xchip wrote:
| That's why HN rocks
| phh wrote:
| Nice write-up. Still a lot to go through, I hope the author have
| the will to continue further (they already put a lot of courage
| in it.)
|
| If I may, regarding the "BUND" magic. I'm sorry to disappoint,
| but it's likely just "fourcc" (as in, a stirng that fits in an
| int32) for "bundle".
| carvking wrote:
| Try duckduckgo or other search sites - google filters a lot of
| info.
___________________________________________________________________
(page generated 2022-11-20 23:00 UTC)