70Mai M300 API

[forcegk]

Hello there! I was attempting to solve a problem the 70mai M300 dashcam has. Overall, great camera, specially for the value, but it has a problem that bothers me, and it is the lack of frame-based timelapse mode while driving.

That could be easily solved taking a photo every second and then storing it on the device calling the API. Problem? There is a "signkey", which decompiling the app seems to be made from the URL it calls to. Petitions are replayable, which means you can take many photos while not varying the timestamp, and also get it from the SD no problem.

Also, there is the rtsp server, as explained on the link below, but I really want to do a 1 frame / 1 second framelapse video.

70mai Pro RTSP stream & photo capture

First post here and I'd like to share some information I've discovered about 70mai pro. After installing firmware with ssh I've been tinkering with various fs files and apps, here are some interesting info: RTSP stream url: rtsp://192.168.0.1:554/livestream/12 It does not require any...

dashcamtalk.com

So. Problems here:

1- Get the signkey algorithm. We are working on it, but any help is appreciated.
2- When a photo is taken, a very annoyin *chreeeeeek* camera sound plays, which takes down the whole schema here.
3- Access via telnet with "root":"" (no passwd) crashes the system, which btw is read only.

Possible solutions:

1- Access the firmware, unpack, replace, and repack the new firmware with no camera sound (found in /customer/audio/photo_start.aac)
2- Access to creating custom signkeys. This one would be awesome because it would enable us to also DELETE the photos from the camera, making this process take virtually no space (around 500kB for 3 o 4 buffered images in the sd). Also this way we could try soft-disabling the camera photo shot sound via software (if that can be achieved)
3- A combination of both.

Some screenshots:



And some other resources on the topic:

How to disable power-up sound

Hello, my dashcam has just been delivered to me and I noticed that the power-up sound doesn't rely on the speaker volume settings. Is there ANY way of getting rid of it? It's so annoying that I'm even willing to disconnect the speaker in device's hardware, if needed. Thank you for any advice!

dashcamtalk.com

does any has the lastest firmware for 70MAI M300 international version?

does any has the lastest firmware for 70MAI M300 international version?

dashcamtalk.com

Hope anyone here has some ideas and/or experience. See ya!

 

[lisabon_Q3]

Hope anyone here has some ideas and/or experience. See ya!

Hello. Why do you need to take 1 frame per second while driving? If you manage to do this, will you give up the usual video (30FPS) or do you want to use them at the same time?

I have an idea how to make telnet work. The reason for the reboot is that during a new session (telnet), "shell - sh" is started next "/bootconfig/demo.sh" and the registrar freezes, because it tries to start the demons again. Do you understand?

Solution:
Delete the lines in "\etc\profile":

if [ -e /bootconfig/demo.sh ]; then
    /bootconfig/demo.sh
fi;

Replace to "\etc\inittab"

::sysinit:/etc/init.d/rcS
::respawn:-/bin/sh

on

::sysinit:/etc/init.d/rcS
::respawn:-/bin/sh /etc/ui.sh

Create "ui.sh" in "/etc":

#!/bin/sh

if [ -e /bootconfig/demo.sh ]
then
    /bootconfig/demo.sh
fi

while true
do
   sleep 10
done

More information to raise the FTP server to the root of the device. Maybe it will be useful to download images and delete them (yes)
Add to the file "\etc\init.d\rcS"

tcpsvd -vE 0.0.0.0 21 ftpd -w /&

FTP settings: 192.168.0.1, 21 port, login root, no pass

Good luck!

 

[forcegk]

Hello. Why do you need to take 1 frame per second while driving? If you manage to do this, will you give up the usual video (30FPS) or do you want to use them at the same time?

I have an idea how to make telnet work. The reason for the reboot is that during a new session (telnet), "shell - sh" is started next "/bootconfig/demo.sh" and the registrar freezes, because it tries to start the demons again. Do you understand?

Solution:
Delete the lines in "\etc\profile":

if [ -e /bootconfig/demo.sh ]; then
    /bootconfig/demo.sh
fi;

Replace to "\etc\inittab"

::sysinit:/etc/init.d/rcS
::respawn:-/bin/sh

on

::sysinit:/etc/init.d/rcS
::respawn:-/bin/sh /etc/ui.sh

Create "ui.sh" in "/etc":

#!/bin/sh

if [ -e /bootconfig/demo.sh ]
then
    /bootconfig/demo.sh
fi

while true
do
   sleep 10
done

More information to raise the FTP server to the root of the device. Maybe it will be useful to download images and delete them (yes)
Add to the file "\etc\init.d\rcS"

tcpsvd -vE 0.0.0.0 21 ftpd -w /&

FTP settings: 192.168.0.1, 21 port, login root, no pass

Good luck!

Hi! That's a very nice guide, thank you for your reply. Unfortunately, I fail to see how would I do this:

- The rootfs is read only
- Whenever I try to access it via telnet, I have like 1 second grace period to do anything. I could script the changes with ed, but I don't think it would do anything, as changes are reverted on reboot.

Maybe I should edit the firmware file? (if you know how to do so). How would you recommend me to proceed in order to do those changes?
Thank you!!

 

[lisabon_Q3]

Yes, the best solution is to edit the firmware...

The firmware header (1.0.8) specifies the address and size of the root files:
# File section: rootfs
mk r.info rootfs
sf probe 0
sf erase ${sf_part_start} ${sf_part_size}
fatload mmc 0 0x21000000 $(SdUpgradeImage) 0x3c3000 0x190000
sf write 0x21000000 ${sf_part_start} 0x3C3000

address (hex): 190000
size: 3c3000

Ok now you can cut it out of the firmware...and save as rootfs.squashfs
It's a SquashFS image, it's very easy to unpack it, install squashfs-tools (https://github.com/plougher/squashfs-tools)
Unpack: unsquashfs.exe -d rootfs_ex rootfs.squashfs
(rootfs_ex - folder)
edit files in rootfs_ex folder

Pack it:
mksquashfs.exe rootfs_ex rootfs_new.squashfs -comp xz

rootfs_new.squashfs - this is your new rootfs file. Insert it into the firmware at the same address via hex (190000)

Also, at the beginning of the firmware, edit the PackTime date via hex editor, for example
#PackTime 202109
on
#PackTime 202110

This is so that if you have firmware 1.0.8 installed now, then he will manually install firmware 1.0.8 with the same date (202109). The registrar needs newer firmware. Therefore, I changed one digit to a larger one. You can bet even 22 years.

Good luck to you! If you're not sure, don't do it. There is no way to return the brick.

 

[ygQ0ytUX]

Hi! I hope this message find you well!

I just finished refactoring https://github.com/XuZhen86/70MaiM300Toolbox and looks like it would be useful in your case!
It's a Python script I use to download footage using my raspberry pi.

Your observation is correct, the sign key is an md5 hash of command, params, timestamp, and the Connect Key.
I see you already have Wireshark working and it's awesome! All you need to do is to capture the packages during the initial pairing process and you can find the connect key there.

As of the Timelapse while driving, maybe you could let the dashcam do the normal 30fps recording, download videos to your computer, and run commands like ffmpeg to generate the Timelapse.
This way you have both the 30fps video and the Timelapse.
I have no idea on how to modify the firmware but this is the solution I could come up with.

I wish this is helpful. Have a great day!