i renamed the config file to config.inc and then i ran ./remote_install.sh and i keep getting an error that says

cp: cannot stat './FIRMWARE_660R.bin': No such file or directory
Found local config file, including into firmware update archive...
Upgrade/config.inc
Requirement already satisfied: requests in /usr/lib/python3/dist-packages (2.22.0)
python3: can't open file './wyze_updater.py': [Errno 2] No such file or directory

I am unable to install. I unzip the appropriate files and edit the config file. I go through the install process and the voice prompts. Then the installation fails and the log returns:

Starting wyze hack installer...
Enabling telnetd...
umount: can't umount /etc: Invalid argument
Current Wyze software version is 4.9.5.111
Installing WyzeHacks version 0.3.00
Configuration file not found, aborting...

Please help.

What's the best way to restart the camera if the NFS is not working?

For now,I am using if ! timeout -t 10 df -h | grep -q /media/mmcblk0p1 ; then reboot -f -d 10;fi to reboot if NFS connection is stale or if my NFS server had restarted. However, if NFS is unreachable for a while then there is a reboot loop unless there is a local file to keep track of restarts.

Is there a better way to test if an NFS share is available again after a disruption and only then restart the camera. Normally you could do this with showmount, but that does not exist on the wyzecam.

I verified that the NFS share is mounted on the camera with telnet and on my server using the logs. I cant enable local recording in the app because it doesnt think there is an sd card installed. I tried it on a 4tb drive, and then I went down to a 500gb drive hoping it would fix. What troubleshooting steps can I take?

I have the latest firmware installed on my Wyze cams and i also have the latest hack installed on the cameras but the cameras show SD Card not available when trying to view playback. Telnet shows the share is mounted and it will update the share with the Mac and IfConfig files. The share is around 40TB. It used to work before the update.

This is the first time I am attempting to install WyzeHacks on my cameras.

WyzeCam2
FW: 4.9.6.104 (beta)

I have followed the install procedure. A 32 GB SD card is formatted for FAT32, and the only files on the root are:

• FIRMWARE_660R.bin
• version.ini
• config.inc (configured)
• install.sh

When the SD card is inserted after a few seconds the camera will chime twice (I believe this is the normal "card inserted" notification). After that there is never a voice announcement. If I go to the camera in the Wyze app it lists the SD card as available and in use for local recording. If I then eject the card and check it there are new folders for the recording files but no log or other changes.

I have attempted to install WyzeHacks on several of my cameras with the same results.

Other things to note:

The cameras are running beta firmware. It has recently started frequently losing connection with Wyze servers (app says they are offline but it can successfully directly connect to them regardless). This is fixed for about 24 hours by physically power-cycling them (reboot commend in the app does not work at this point). This is likely a bug in the beta FW and I will be rolling back, but it is not obvious if the incompatibility with the WyzeHacks install is due to a bug or an intentional change in the FW.

I already rolled back the beta Wyze app, as it was frequently freezing when opening camera settings.

I was looking through the firmware, running strings on the iCamera binary and saw "KeyN:" and "KeyE:" followed by a series of hex strings. I recognized the terms as being related to RSA. I took the hex strings and with a little python found they are very likely for a private key. I have no idea what it is used for, but I thought you might have an idea or find it interesting.

-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDhC+pJHrxrZd4OKzI2b8qKUSvswWj39YKe8mBHOsJ1en6kMtg3
Hnoq8Kzv6sihKMeXjEX8k00Z623KJjTMmLQtTUWq6ylKzr/0u5Q4xL12o+rbS7eu
GLyZqVsKoWty08S1LxC4ocXrYJaRYVQIZa7PwWqHKF/FIFKFIda+JEThHwIDAQAB
AoGAWI2Ttwn9IlWHNxQQQhNjI2IlYpgIcemNaHX/JIgelJOK2ZmYMrgvYk4p/o3o
PGILh7qOn4Bmylg1b2HxTMCZxKyt90/lGYzUu8i+jvxvcsvrwejJwVluk4bXhGJC
pw4brXNQzngIBHstPhjfo6aiQXKpK3a+dSL9q1ooxE7CgoECQQD4TkLthpW3oQsd
fceIrszD+sD8vfqTUlrXL8/XBONejmkCmVUMe6WHlMzAHrpCib+jb0K4mznsLOzY
Igk1sm7vAkEA6AUlOPSw3K/hvZfGdXOR+gA+9DSRTPNPKrA4gnVl9H11mXuzEjAj
vwU/8WblUwOgr69xYyk+1IBOJ2+1c+yw0QJBAK31VlpGQbnGb50Xs6UEoZxjnrTy
/AweVFoRuxCu8gQazWLuvXDjZ1KXYuLuJBvdmY8MsbfXuDrINp4tKjqeaa0CQFN4
LmjsFoh+Oc70QDBW0GhJGFzQYIl3ar6nwNymEXTAgcMirkxXxzRcViGpa8zOnEs3
6anL18+pDPTBCl1XBFECQHcXY2P8emOGbZzI6Mz2nEOwV3HdQ0YzNZHlF7yqtVtv
ky3Air5FKHWoFNu1pOGwTxyllxMCwhP0EtBY3SHHPvk=
-----END RSA PRIVATE KEY-----

Just a note: I'm fairly confident the numbers I found are a private key since the python script I used didn't require inputting the exponents, but if you run openssl rsa -text -in wyze_private.pem, the exponents match. Meaning the hex strings are internally consistent with those stored in a private key struct.

I want to use ZoneMinder to monitor for motion. Is there any way to create an option that will create a JPEG snapshot with the same filename at given interval and overwrite each time. This would allow zoneminder to monitor motion file source.

https://wiki.zoneminder.com/How_to_use_ZoneMinder_with_cameras_it_may_not_directly_support

How difficult would it be to make a fork that leaves the SD card intact but runs an FTP server so that we get both local storage and the opportunity to grab the recordings for more redundancy instead of relying on the NFS share availability?

There are multiple reports that on certain setups the NFS share is mounted correctly, some files are created, however, no video recordings. I suspect this has something to do with the NFS share size but will need more information on this since I don't have a large enough NFS share to test this out.

I've flashed the hack multiple times and each time with a different response. Seems as though the hack runs into errors and doesn't have an error catch. Sometimes I flash the hack on 4.9.5.36 and get telnetd and NFS but not mounted in the SDCARD location, other times I get only telnetd and other times the camera reboots without applying anything.

Not really sure what's needed or how to execute the hack when I get the camera to boot again with only telnetd. I've tried to look through the source code here trying to apply the hack manually at times when I only get telnet but I have not had success.

Updating to 4.9.6.207 beta firmware causes the camera to not detect the NFS connection as an SD card even though the mount is still active and valid.

Downgrading to 4.9.6.199 works fine.

Hello @HclX, thanks for your work.

I have a small suggestion, adding optional support to the RTSP server in your hack will be awesome.

If the problem is space, you can store it on NFS.

not an issue, but I wonder if this will work on RTSP firmware, I saw someone asked this before but no answers.

Thanks.

I was checking the latest update and noticed that it's using a rather complicated approach which causes wyzehack no longer persist through the update, will looking for solutions.

At this moment, I think the solution would be re-install the hack: for camv2 the telnet interface should still open after update so you can simply telnet into it and install the hack. However, for cam pan, even though the telnet is still active, the credential is unknown so you will have to use the SD card method.

Does the firmware ship with sshd and ssh? I would love to use sftp to upload files to my NAS, and ssh rather than telnet to connect to it.

I've noticed a very strange behavior on every recent firmware regarding record deletion. It periodically removes old mp4 even if there is a plenty of space. The root cause is in the math how they count free SD space and it's % compared to total space.
First of all there is a nice QWORD->DWORD conversion (uint overflow) when firmware counts total/free/available bytes:
(uint)((ulonglong)stack.f_bsize * (ulonglong)stack.f_blocks);
which, according to an unsigned overflow rule, literally comes to TotalBytes % 0x100000000 resulting wrong numbers in log when SD size > 4GB. It looks like a leftover from older versions and later in code they recalculate sizes in KB, so theoretically up to 4TB sizes should be supported, BUT:
Secondly, when a firmware decides whether to clean space or not it checks sizes in KB:
if ((0x32000 < (uint)FreeKB) && ((uint)TotalKB < (uint)FreeKB * 0x1e)) then return else delete
meaning 'run cleanup if less then either ~204MB or 1/30 left free' <- here is the issue.
obviously, (uint)FreeKB * 0x1e will overflow DWORD if FreeKB > 0x888888, or roughly 136GB, leaving a 4-byte register with only a little remainder, making the condition false and starting a records cleanup.

Since wyze has no feedback form or bug hunting, let's fix in this lib.

This looks really great. I have a XiaoFang WiFi Camera..
Any idea if your firmware is compatible with this hardware?

Is it possible to add a small MQTT client to trigger messages based on detections?

These two lines needs commented out. If not it throws an error. I would fix it but I am mobile right now.

Just decided to share my experience, it might be useful for somebody. Also, there might be a bug with perms.

Goal: make some changes in hack sources (specifically, apply the change to adjust the volume via config from dev branch), build and upgrade some cam.

I've made some changes, then bumped version in wyze_hack/hack_ver.inc, then run build.sh script. Everything worked smooth, I've got release/<MY_NEW_VER>.

I tried the way with remote install, it worked pretty neatly for me for the initial install. So, I've run remote_install.sh in a new folder with a new version, run the process, it worked fine. But it didn't upgrade anything on camera.

So, I've tried the way with telnet install. I've copied the folder into NFS, and from camera run telnet_install.sh from that NFS folder. Then I saw this error:
/tmp/Upgrade/upgraderun.sh: line 8: /tmp/Upgrade/wyze_hack.sh: Permission denied
So, I went to telnet_install.sh and added one line:

chmod +x /tmp/Upgrade/wyze_hack.sh
/tmp/Upgrade/upgraderun.sh

Then I run it again and it worked this time. The camera rebooted and I've got updated stuff in /tmp/run/wyze_hack/hack_ver.inc and all other files.

I've seen multiple cases that the NFS share being unmounted. There is no specific pattern or anything predictable so far. It seems that the latest firmware will think the "SD card" is not working so it dismounts it.

Hi - As of 0.4.02 there was the addition of a voice prompt when network connection is lost. Is it possible to adjust the volume / remove the prompt? Some cameras are placed indoors and the volume seems high for something that could go off at night.

Thanks!

I can confirm WyzeHacks is working well on these firmware versions.

Working:

4.28.4.49
4.9.6.224
4.9.6.232

Hi, not an issue, just a suggestion.
I've noticed there is a dev trace left from cam tuning:
/system/bin/impdbg

it's a simply encoder on-the-fly setup (I used recommended calculated bitrate for 1080p 15fps)

/system/bin/impdbg --enc_rc_s 0:28:4:2240
/system/bin/impdbg --enc_rc_s 0:40:4:1

to increase compression quality and bitrate. Please be aware - you have to provide strong wifi connection to handle more data.

Hope you can include that into sh and make configurable. Just in case.

HD->SD and back setting via app change will reset this hack, unfortunately.

Install works, folder appears on NAS, however the SD card shows a capacity of 0.05 GB instead of the 14TB that the others show. Still shows the same after rebooting a dozen times.

Running Wyze Cam v2 on latest commit on newest Wyze firmware (4.9.5.35)

What is the root default password? Or do I have to generate one in order to use telnet?

The voice alerts are very loud (ex: when network connectivity is lost).

Is there a way to make these alerts quieter? or completely disable them?

Now that I've gotten this working quite well on my cameras, one glaring issue I see is relying on just the MAC address for naming of the stored folder on the NFS share and making it hard to track down if going in manually and not through the Wyze app.

I imagine the MAC is pulled on-camera after it has been flashed and used internally during the NFS mounting/writing process. Is it possible the 'friendly name' per the Wyze app is stored on camera somewhere and can be used? Maybe an additional config option for people to choose how they want it named. Or I'd even be happy with something like '_'.

This is a weird one: I noticed when log syncing is enabled the camera reboots quite often. It seems to have something to do with log syncing because the reboot is quite unpredictable and is really hard to notice without log syncing enabled.

I'm using the newest commit, never had any hacks installed. Followed instruction, once SD card is removed, Wyze cam shows no SD card inserted.

So I have a few v2's in my house, about half have SD cards, the others do not. So far tested on 2 cams with no SD cards installed (one cannot due to, I assume, a failed SD card slot or connecting hardware. The rest of the cam is fully functional). After doing some trial and error I have come as far as having the remote_installer script work and confirming the cam has pulled the firmware from the local server but the camera doesn't reboot, no audible announcements, and the live feed from the Wyze app continues to run.

Currently operating from an Ubuntu WSL install on my Windows 10 v2004 machine. All dependencies properly installed, python 3.8.2.

I started with the most recent FW version, 4.9.6.199 for the v2's but even downgraded to the noted last confirmed working version on the README page of 4.9.6.156 just to rule things out. Both do the same. Even tried rebooting the cams amidst all this. Here's a snippet below of the script on one cam I have attempted to hack.

Device type: Camera (WYZEC1-JZ)
Device name: Kitchen
Firmware version: 4.9.6.156
IP Address: 192.168.1.167

Pushing firmware to this device? [y/N]:y
INFO:root:Serving firmware file './firmware.bin' as 'http://192.168.1.107:11808/firmware.bin', md5=68e279ca2d3208bbb55111ac6d38c432
192.168.1.167 - - [24/Oct/2020 15:31:51] "GET /firmware.bin HTTP/1.1" 200 -
INFO:root:Checking device, mac=XXXXXXXXXX

Any thoughts on where I should look next or additional troubleshooting steps I can try? Ultimately I'd like to remove the SD cards altogether and just have everything fed over NFS and leave it at that.

feature request:

set the hostname variable in config.inc and have it set on boot

I really like the idea of storing the files on a NFS mount. I tried with v 0.4.03 then with v04.04 and both get to the "installation finished" voice and reboot but no NFS mount or telnet access. I've tested the NFS mount (EXT2, 700GB Avail) from my workstation and it's works from there. I'm using the default config template with only the NFS line updated.

The install log was created the first time. Which I didn't save :( Now every install since it hasn't created the install log.

Suggestions?

So I was updating my cameras and wyzehack where uninstalled. I still have access to telnet and I was wondering if I could reinstall the hack without having to take down my cameras. I still have access to telnet and I was able to wget the files to system folder but I can't seem to finish the install as it can't find my configuration files which causes it to abort the install. Is there a way to get around this and then later re insert the configuration files.

This is what my console shows when running the install.sh

wyze_hack/
wyze_hack/app_ver.inc
wyze_hack/auto_archive.sh
wyze_hack/auto_reboot.sh
wyze_hack/bin/
wyze_hack/bin/audioplay
wyze_hack/bin/blkid
wyze_hack/bin/dummy_mmc.ko
wyze_hack/bin/mount
wyze_hack/bin/reboot
wyze_hack/bin/uevent_recv
wyze_hack/bin/uevent_send
wyze_hack/bind_etc.sh
wyze_hack/hack_ver.inc
wyze_hack/hook_init.sh
wyze_hack/install.sh
wyze_hack/log_sync.sh
wyze_hack/mount_nfs.sh
wyze_hack/playwav.sh
wyze_hack/run.sh
wyze_hack/snd/
wyze_hack/snd/begin.wav
wyze_hack/snd/failed.wav
wyze_hack/snd/finished.wav
Starting wyze hack installer...
Enabling telnetd...
Current Wyze software version is 4.9.5.111
Installing WyzeHacks version 0.3.00
Configuration file not found, aborting...

Are there any changes that need to be made for the RTSP firmware or will this "work" as is?

Is it possible within the current config file to enable telnet access only, without making other modifications? I’m wanting to poke around the camera OS a bit, without losing the ability to record to the local SD card. If not, could this be considered for a later enhancement?

So I went through the complete process, and all seems to be good. I am able to connect to the camera, and confirmed the NFS share is mounted. However, video is not being recorded to the NFS share. I did confirm the "Continues Recording" option is selected. I can see in the folder "Alarm" images are being recorded so it seems it is not a permissions issue. But I do not see video anywhere. Also, then I go to video playback it shows no video is available. I'm assuming this is user error in some way shape or form but I do not know where to look to resolve. Can someone shed some light on what the issue may be? Thanks in advance.

Does this work with the latest firmware update?

I can mount my NFS manually with mount -o port=2049,nolock,proto=tcp 192.168.10.20:/volume1/cameras /tmp/test via telnet in the camera. However, whenever I try to modify mount_nfs.sh to add the required options, I always get permission denied when I try to run the script. Not sure if i'm just not editing the script correctly.

I can't create a directory in /mnt as it's read-only, wondering if that's the issue (though I can mount by hand)? Really want to take advantage of this hack, any help would be appreciated.

I have noticed with 4.0.0 that if I rename the folder on the NFS share, it persists till I reboot the camera. After I reboot it, it creates the folder with the MAC again.

This is to track this issue.

I have enabled the person detection and am recording to nfs, in the event of a person detected I would like to be able to execute a custom script. Do you have any idea where the events are recorded?

I got one of my cameras updated to WyzeHacks firmware. But I was having some problems.

So I decided to go back to factory 4.9.5.36. After following official instructions https://support.wyzecam.com/hc/en-us/articles/360031490871-How-to-flash-firmware-manually, I noticed that I can still telnet into the camera. But now with the default root password. I'm definitely back on the stock firmware, because there is no /tmp/boot.log like there was with the WyzeHacks firmware. So it seems like my cam is on a mix of this and factory firmware? How do I get all the way back to factory firmware? Or at least turn off telnet?

Are you using FAT32 or NTFS for your NFS share. I can get my share to mount but no record folder is created. I run 'df -h' I get the error 'Value too large for defined data type'. This leads me to think large file support is not part of the Wyze firmware. Any thoughts?

I am using NFS4 with a 8 TB drive.

I think I followed the instructions correctly to update my WyzeCam v2, but putty telnet says "connection refused". Probably user error on my part, but I can't spot my problem.

More details ...

1. Started with WyzeCam v2 running stock 4.9.5.36 firmware.

2. Copied the appropriate files from https://github.com/HclX/WyzeHacks/tree/master/release into the root folder of an empty 2GB sd card with FAT32 format. Including rename+edit of config.inc.TEMPLATE, the root of the sd card looks like this:

g:\>dir
 Volume in drive G is SD2GB
 Volume Serial Number is 5CBA-50FE

 Directory of g:\

12/31/2019  12:42 PM           112,640 FIRMWARE_660R.bin
12/31/2019  12:42 PM                65 version.ini
12/31/2019  12:34 PM             1,347 config.inc
               3 File(s)        114,052 bytes
               0 Dir(s)   1,969,696,768 bytes free

3. With WyzeCam unplugged from power, inserted SD card.

4. Plugged in WyzeCam, waited for solid blue light

5. After solid blue light, camera working fine in app.

6. Used app's "device info" to get IP address of cam.

7. Used putty to try and telnet to that IP address. Result is "connection refused"

==============

Issue is probably user error on my part, but I can't spot what I'm doing wrong.

Hello,

After much headache, I've found a solution for hosting a NFS share on Windows and getting Wyze Hacks to work with it. I'm hoping this info could be added to the setup information somewhere.

Grab a copy of haneWIN NFS Server for Windows:
https://www.hanewin.net/nfs-e.htm

Edit the "exports" file, and place a # at the beginning of each line (to comment out the default lines).
Add a new line similar to the `following:

A:\NFS -name:nfsroot -umask:000 -public -mapall:0

(Edit/Change "A:\NFS" to the folder you want to be the root of your NFS share.

Run "nfssrv.exe" to start the NFS Server.
Edit > Preferences
NFS tab:
----- Change "Maximum NFS transfer size (bytes)" to 32768
Server tab:
----- Check "Save attributes/uid/gid on NTFS volumes"

For your cam, edit the /params/wyze_hack.cfg and set the following:

export NFS_ROOT='192.168.1.147:/nfsroot'
(Edit/Change "192.168.1.147" to the IP of your NFS Server's IP)

export NFS_OPTIONS='-o nolock -o tcp -o rsize=32768,wsize=32768'

You should now have a fully functional NFS Share on Windows 😎

Edit:
I was having issues with my NFS server randomly dying or failing to start. I found out this is because Windows has "float" ports, where Windows will use some of the needed ports for it's own operations randomly. To stop this, we have to reserve (exclude) the ports listed blow that are needed for NFS so that they won't be used by the Windows subsystem:

111 (TCP & UDP) - PortMapper Service
1058 (TCP & UDP) - Mount Daemon Port
2049 (TCP & UDP) - NFS Server Port

Run the following commands from an Administrative command prompt to reserve ports on both protocols:
netsh int ipv4 add excludedportrange protocol=tcp startport=111 numberofports=1
netsh int ipv4 add excludedportrange protocol=udp startport=111 numberofports=1
netsh int ipv4 add excludedportrange protocol=tcp startport=1058 numberofports=1
netsh int ipv4 add excludedportrange protocol=udp startport=1058 numberofports=1
netsh int ipv4 add excludedportrange protocol=tcp startport=2049 numberofports=1
netsh int ipv4 add excludedportrange protocol=udp startport=2049 numberofports=1

I was getting connection refused error while trying to mount my nfs server when I tried to manually mount my NFS drive. I thought it was an error on my linux server, so I tried my old NAS and that still showed a problem. Other clients were connecting, but WyzeCamPan was not connecting.

I forced it to connect via UDP using -o port=2049,nolock,proto=tcp and this mounted the drive immediately.

I followed your instructions

cd /system/bin/

cat mount.sh
#mount -o nolock,rw 192.168.31.218:/home/xuxuequan/Ingenicwork/sharenfs /mnt

Looks like my NFS from the config file was ignored??

I have prepared the SD card as indicated in the README. Format FAT32. Extract the release to the root of the card, modify config.inc.

The instructions are slightly less clear on what to do next. I've tried the following.

1. With the camera powered on, just insert the card and wait. Nothing happens.

2. With the camera off, insert the card. Then power the camera. Firmware does not get installed.

3. With the camera off, insert the card. Then hold "RESET" while powering the camera until the LED changes colors. After a very long time, this resulted in the "Installation complete. Remove SD Card" message.

If step 3 is the correct procedure, the README should be updated to reflect that.

Continuing from 3, the instructions say to remove the card. I removed it, but was unable to connect via telnet. So then I restarted the camera, and I'm still unable to connect.

Having the same issue as documented here: #18 but mine hasn't gone away.

I see a time_lapse, alarm directory and a few text files in the target NFS share- so I know its writing files fine. within the alarm directory, I see new directories created every day, with a couple of jpgs in them.

Any idea what gives?
thanks