#Syma x8w hacking

Dernière modification : 2017/01/23 00:09

La caméra wifi du drone X8W propose un hotspot nommé FPV_SYMA_ALEATOIRE

Pour utiliser la caméra du X8W, il faut se connecter au hotspot FPV_SYMA_XXXX, sans authentification.
Une fois la connexion établie sur le hotspot, démarrer l'APK

nmap port scan


rg@hoboto-AMILO-Xi-3650:~$ nmap -p 1-65535 -T4 -A -vv 192.168.1.1

Starting Nmap 6.40 ( http://nmap.org ) at 2017-01-22 16:59 CET
NSE: Loaded 110 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 2) scan.
NSE: Starting runlevel 2 (of 2) scan.
Initiating Ping Scan at 16:59
Scanning 192.168.1.1 [2 ports]
Completed Ping Scan at 16:59, 0.01s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 16:59
Completed Parallel DNS resolution of 1 host. at 17:00, 13.00s elapsed
Initiating Connect Scan at 17:00
Scanning 192.168.1.1 [65535 ports]
Discovered open port 80/tcp on 192.168.1.1
Discovered open port 2345/tcp on 192.168.1.1
Completed Connect Scan at 17:05, 322.60s elapsed (65535 total ports)
Initiating Service scan at 17:05
Scanning 2 services on 192.168.1.1
Completed Service scan at 17:05, 7.03s elapsed (2 services on 1 host)
NSE: Script scanning 192.168.1.1.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 17:05
Completed NSE at 17:06, 30.07s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Nmap scan report for 192.168.1.1
Host is up (0.010s latency).
Scanned at 2017-01-22 16:59:57 CET for 373s
Not shown: 65533 closed ports
PORT     STATE SERVICE VERSION
80/tcp   open  http?
|_http-favicon: Unknown favicon MD5: 003B3BB995C2451098869088630871DF
|_http-title: Site doesn't have a title (text/plain).
2345/tcp open  unknown
2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port80-TCP:V=6.40%I=7%D=1/22%Time=5884D853%P=i686-pc-linux-gnu%r(GetReq
SF:uest,10A,"HTTP/1\.1\x20200\x20Not\x20Found\r\nAccess-Control-Allow-Orig
SF:in:\x20\*\r\nAccess-Control-Allow-Methods:\x20POST,\x20GET\r\nServer:\x
SF:20Boa/0\.94\.14rc21\r\nDate:\x20Sat,\x2001\x20Jan\x202005\x2000:10:05\x
SF:20GMT\r\nContent-Type:\x20text/plain\r\nContent-Length:\x2015\r\nCache-
SF:Control:\x20no-cache\r\nConnection:\x20close\r\n\r\nFile\x20not\x20foun
SF:d\.")%r(FourOhFourRequest,10A,"HTTP/1\.1\x20200\x20Not\x20Found\r\nAcce
SF:ss-Control-Allow-Origin:\x20\*\r\nAccess-Control-Allow-Methods:\x20POST
SF:,\x20GET\r\nServer:\x20Boa/0\.94\.14rc21\r\nDate:\x20Sat,\x2001\x20Jan\
SF:x202005\x2000:10:05\x20GMT\r\nContent-Type:\x20text/plain\r\nContent-Le
SF:ngth:\x2015\r\nCache-Control:\x20no-cache\r\nConnection:\x20close\r\n\r
SF:\nFile\x20not\x20found\.");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port2345-TCP:V=6.40%I=7%D=1/22%Time=5884D853%P=i686-pc-linux-gnu%r(Gene
SF:ricLines,4,"\0\x01\0\0")%r(GetRequest,4,"\0\x01\0\0")%r(HTTPOptions,4,"
SF:\0\x01\0\0")%r(RTSPRequest,4,"\0\x01\0\0")%r(RPCCheck,4,"\0\x01\0\0")%r
SF:(DNSVersionBindReq,4,"\0\0\0\0")%r(DNSStatusRequest,4,"\0\0\0\0")%r(Hel
SF:p,4,"\0\x01\0\0")%r(SSLSessionReq,4,"\x0b\0\0\0")%r(Kerberos,4,"\0\0\0\
SF:0")%r(SMBProgNeg,4,"\0\0\0\0")%r(X11Probe,4,"\0\x01\0\0")%r(FourOhFourR
SF:equest,4,"\0\x01\0\0")%r(LPDString,4,"\0\x01\0\0")%r(LDAPBindReq,4,"\0\
SF:x01\0\0")%r(SIPOptions,4,"\0\x01\0\0")%r(LANDesk-RC,4,"\0\x01\0\0")%r(T
SF:erminalServer,4,"\x0b\0\0\0")%r(NCP,4,"\0\x01\0\0")%r(NotesRPC,4,"\0\0\
SF:0\0")%r(WMSRequest,4,"\0\x01\0\0")%r(oracle-tns,4,"\0\0\0\0")%r(afp,4,"
SF:\0\0\0\0")%r(kumo-server,4,"\0\x01\0\0");

NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 2) scan.
NSE: Starting runlevel 2 (of 2) scan.
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 374.08 seconds


En se connectant sur http://192.168.1.1 , on accède à un "file not found" sur le serveur de la caméra.

un "lynx http://192.168.1.1/../../../etc/passwd"

renvoie "Http dir attack !?""

Cette réponse rechercée sur Google mène à :
http://forum.hardware.fr/hfr/HardwarePeripheriques/webcam-camera-ip/camera-home-confort-sujet_64109_7.htm
https://www.utest.com/articles/iot-security-hacking-a-drone-camera-to-spread-malware-part-1

Pas très intéressant au premier abord. Cependant, après avoir téléchargé http://static.symatoys.com/upload/201701/20/201701201636522455.apk , renommé le fichier .apk en .zip et ouvert son contenu,on retrouve dans les fichiers de configuration le chemin direct d'accès aux images et beaucoup plus, login (admin) et mot de passe, accéder aux paramètres, modifier, sauvegarder, redémarrer la caméra ou même activer le serveur telnet.

http://192.168.1.1:80/get_params.cgi?comm_baud=&user=admin&pwd=&json=1
http://192.168.1.1:80/set_params.cgi?comm_baud=6&user=admin&pwd=&reboot=1&save=1
http://192.168.1.1:80/snapshot.cgi?user=admin&pwd=

Une doc http://teciel.free.fr/bina/ipcam_cgi_sdk.pdf donne de nombreuses commandes :
http://192.168.1.1/set_misc.cgi?led_mode=2
http://192.168.1.1/set_params.cgi?telnetd=0&save=1&reboot=1
http://192.168.1.1/videostream.cgi?user=admin&pwd=&camera_quality=100&stream1_fps=30&save=1
http://192.168.1.1/videostream.cgi?user=admin&pwd=&stream1_quality=80&stream1_fps=25


http://192.168.1.1/get_params.cgi renvoie


var id='3C3300FBC54B';
var alias='IPC-3C3300FBC54B';
var clock=0;
var ntp=1;
var ntp_svr='time.nist.gov';
var tz=0;
var dst=0;
var dst_offset=0;
var user1='admin';
var pwd1='';
var group1=131071;
var user2='';
var pwd2='';
var group2=0;
var user3='';
var pwd3='';
var group3=0;
var user4='';
var pwd4='';
var group4=0;
var user5='';
var pwd5='';
var group5=0;
var user6='';
var pwd6='';
var group6=0;
var user7='';
var pwd7='';
var group7=0;
var user8='';
var pwd8='';
var group8=0;
var mac='';
var dhcp=1;
var ip='192.168.0.188';
var mask='255.255.255.0';
var gateway='192.168.0.1';
var dns1='8.8.8.8';
var dns2='4.4.4.4';
var port=80;
var https=0;
var upnp=0;
var pppoe=0;
var pppoe_service='';
var pppoe_user='';
var pppoe_pwd='';
var pppoe_auto_mtu=1;
var pppoe_mtu=1492;
var wifi=2;
var wifi_country=1;
var wifi_ssid='';
var wifi_type=0;
var wifi_auth=0;
var wifi_encrypt=0;
var wifi_defkey=1;
var wifi_keytype=0;
var wifi_key1='';
var wifi_key2='';
var wifi_key3='';
var wifi_key4='';
var wifi_wpapsk='';
var ap_ssid='FPV_WIFI__C54B';
var ap_safe=0;
var ap_wpapsk='88888888';
var ap_ip='192.168.1.1';
var ap_mask='255.255.255.0';
var dhcpd_start_ip='192.168.1.100';
var dhcpd_end_ip='192.168.1.200';
var telnetd=0;
var da_defense=1;
var da_retry_times=10;
var da_retry_period=5;
var da_denied_period=60;
var rule1=0;
var rule1_begin_ip='192.168.0.0';
var rule1_end_ip='192.168.0.255';
var rule2=0;
var rule2_begin_ip='192.168.0.0';
var rule2_end_ip='192.168.0.255';
var rule3=0;
var rule3_begin_ip='192.168.0.0';
var rule3_end_ip='192.168.0.255';
var rule4=0;
var rule4_begin_ip='192.168.0.0';
var rule4_end_ip='192.168.0.255';
var rule5=0;
var rule5_begin_ip='192.168.0.0';
var rule5_end_ip='192.168.0.255';
var rule6=0;
var rule6_begin_ip='192.168.0.0';
var rule6_end_ip='192.168.0.255';
var rule7=0;
var rule7_begin_ip='192.168.0.0';
var rule7_end_ip='192.168.0.255';
var rule8=0;
var rule8_begin_ip='192.168.0.0';
var rule8_end_ip='192.168.0.255';
var av_schedule=0;
var av_schedule_sun1=0;
var av_schedule_sun2=0;
var av_schedule_sun3=0;
var av_schedule_mon1=0;
var av_schedule_mon2=0;
var av_schedule_mon3=0;
var av_schedule_tue1=0;
var av_schedule_tue2=0;
var av_schedule_tue3=0;
var av_schedule_wed1=0;
var av_schedule_wed2=0;
var av_schedule_wed3=0;
var av_schedule_thu1=0;
var av_schedule_thu2=0;
var av_schedule_thu3=0;
var av_schedule_fri1=0;
var av_schedule_fri2=0;
var av_schedule_fri3=0;
var av_schedule_sat1=0;
var av_schedule_sat2=0;
var av_schedule_sat3=0;
var stream1_resolution=6;
var stream1_codec=0;
var stream1_bitrate=2048;
var stream1_fps=30;
var stream1_gop=30;
var stream1_rate_ctrl=1;
var stream1_quality=70;
var stream2_resolution=15;
var stream2_codec=2;
var stream2_bitrate=1024;
var stream2_fps=30;
var stream2_gop=30;
var stream2_rate_ctrl=1;
var stream2_quality=70;
var stream3_resolution=13;
var stream3_codec=2;
var stream3_bitrate=512;
var stream3_fps=30;
var stream3_gop=30;
var stream3_rate_ctrl=1;
var stream3_quality=70;
var stream4_resolution=12;
var stream4_codec=2;
var stream4_bitrate=256;
var stream4_fps=30;
var stream4_gop=30;
var stream4_rate_ctrl=1;
var stream4_quality=70;
var snapshot_quality=90;
var sender='';
var receiver1='';
var receiver2='';
var receiver3='';
var receiver4='';
var smtp_svr='';
var smtp_port=25;
var smtp_user='';
var smtp_pwd='';
var smtp_auth=1;
var smtp_tls=0;
var mail_inetip=0;
var ddns_service=0;
var ddns_param=0;
var ddns_svr='';
var ddns_port=0;
var ddns_user='';
var ddns_pwd='';
var ddns_host='';
var osd=0;
var osd_msg='';
var osd_pos=0;
var osd_color=0;
var osd_mask=0;
var osd_mask_left=0;
var osd_mask_top=0;
var osd_mask_right=0;
var osd_mask_bottom=0;
var brightness=4;
var contrast=4;
var hue=0;
var saturation=3;
var sharpness=0;
var powerfreq=0;
var ev=0;
var scene=0;
var flip=0;
var resolution=4;
var ir=0;
var ir_sensitivity=50;
var ir_saturation_correction=1;
var sensor_direction=0;
var md_armed=0;
var md_win_left=0;
var md_win_top=0;
var md_win_right=0;
var md_win_bottom=0;
var md_win1_valid=0;
var md_win1_left=0;
var md_win1_top=0;
var md_win1_right=0;
var md_win1_bottom=0;
var md_win2_valid=0;
var md_win2_left=0;
var md_win2_top=0;
var md_win2_right=0;
var md_win2_bottom=0;
var md_win3_valid=0;
var md_win3_left=0;
var md_win3_top=0;
var md_win3_right=0;
var md_win3_bottom=0;
var md_sensitivity=4;
var md_mode=0;
var md_compensation=0;
var md_osd=0;
var md_osd_color=3;
var trigger_armed=0;
var trigger_level=0;
var sd_armed=0;
var sd_sensitivity=4;
var sd_threshold_base=2000;
var sd_threshold_step=400;
var temperature_armed=0;
var temperature_low=0;
var temperature_high=0;
var humidity_armed=0;
var humidity_low=0;
var humidity_high=0;
var arm_schedule=0;
var arm_schedule_sun1=0;
var arm_schedule_sun2=0;
var arm_schedule_sun3=0;
var arm_schedule_mon1=0;
var arm_schedule_mon2=0;
var arm_schedule_mon3=0;
var arm_schedule_tue1=0;
var arm_schedule_tue2=0;
var arm_schedule_tue3=0;
var arm_schedule_wed1=0;
var arm_schedule_wed2=0;
var arm_schedule_wed3=0;
var arm_schedule_thu1=0;
var arm_schedule_thu2=0;
var arm_schedule_thu3=0;
var arm_schedule_fri1=0;
var arm_schedule_fri2=0;
var arm_schedule_fri3=0;
var arm_schedule_sat1=0;
var arm_schedule_sat2=0;
var arm_schedule_sat3=0;
var alarm_ioout=0;
var alarm_ioout_level=0;
var alarm_preset=0;
var alarm_url='http://push.reecam.cn:8080/api/push.php?cameraid=$sid$&msg=$salarm_msg$';
var alarm_mail=0;
var alarm_mail_images=5;
var alarm_mail_image_resolution=11;
var alarm_period=60;
var record=0;
var record_location=0;
var smb_svr='';
var smb_folder='';
var smb_subfolder='';
var smb_user='';
var smb_pwd='';
var record_auto_del=0;
var record_time_threshold=1440;
var record_size_threshold=1024;
var alarm_record=0;
var alarm_record_time=60;
var manual_record_time=60;
var record_schedule_sun1=0;
var record_schedule_sun2=0;
var record_schedule_sun3=0;
var record_schedule_mon1=0;
var record_schedule_mon2=0;
var record_schedule_mon3=0;
var record_schedule_tue1=0;
var record_schedule_tue2=0;
var record_schedule_tue3=0;
var record_schedule_wed1=0;
var record_schedule_wed2=0;
var record_schedule_wed3=0;
var record_schedule_thu1=0;
var record_schedule_thu2=0;
var record_schedule_thu3=0;
var record_schedule_fri1=0;
var record_schedule_fri2=0;
var record_schedule_fri3=0;
var record_schedule_sat1=0;
var record_schedule_sat2=0;
var record_schedule_sat3=0;
var record_stream=0;
var record_audio=1;
var pt_rate=4;
var t_patrol_rate=4;
var p_patrol_rate=4;
var track_patrol_rate=4;
var preset1=0;
var preset2=0;
var preset3=0;
var preset4=0;
var preset5=0;
var preset6=0;
var preset7=0;
var preset8=0;
var preset9=0;
var preset10=0;
var preset11=0;
var preset12=0;
var preset13=0;
var preset14=0;
var preset15=0;
var preset16=0;
var preset17=0;
var preset18=0;
var preset19=0;
var preset20=0;
var preset21=0;
var preset22=0;
var preset23=0;
var preset24=0;
var preset25=0;
var preset26=0;
var preset27=0;
var preset28=0;
var preset29=0;
var preset30=0;
var preset31=0;
var preset32=0;
var track_node1_preset=0;
var track_node1_stay=0;
var track_node2_preset=0;
var track_node2_stay=0;
var track_node3_preset=0;
var track_node3_stay=0;
var track_node4_preset=0;
var track_node4_stay=0;
var track_node5_preset=0;
var track_node5_stay=0;
var track_node6_preset=0;
var track_node6_stay=0;
var track_node7_preset=0;
var track_node7_stay=0;
var track_node8_preset=0;
var track_node8_stay=0;
var track_node9_preset=0;
var track_node9_stay=0;
var track_node10_preset=0;
var track_node10_stay=0;
var track_node11_preset=0;
var track_node11_stay=0;
var track_node12_preset=0;
var track_node12_stay=0;
var track_node13_preset=0;
var track_node13_stay=0;
var track_node14_preset=0;
var track_node14_stay=0;
var track_node15_preset=0;
var track_node15_stay=0;
var track_node16_preset=0;
var track_node16_stay=0;
var patrol_schedule=0;
var patrol_schedule_sun1=0;
var patrol_schedule_sun2=0;
var patrol_schedule_sun3=0;
var patrol_schedule_mon1=0;
var patrol_schedule_mon2=0;
var patrol_schedule_mon3=0;
var patrol_schedule_tue1=0;
var patrol_schedule_tue2=0;
var patrol_schedule_tue3=0;
var patrol_schedule_wed1=0;
var patrol_schedule_wed2=0;
var patrol_schedule_wed3=0;
var patrol_schedule_thu1=0;
var patrol_schedule_thu2=0;
var patrol_schedule_thu3=0;
var patrol_schedule_fri1=0;
var patrol_schedule_fri2=0;
var patrol_schedule_fri3=0;
var patrol_schedule_sat1=0;
var patrol_schedule_sat2=0;
var patrol_schedule_sat3=0;
var boot_preset=0;
var cam1_id='';
var cam1_model=1;
var cam1_mode=0;
var cam1_https=0;
var cam1_p2p_user='';
var cam1_p2p_pwd='';
var cam1_host='';
var cam1_port=80;
var cam1_user='';
var cam1_pwd='';
var cam1_alias='';
var cam2_id='';
var cam2_model=1;
var cam2_mode=0;
var cam2_https=0;
var cam2_p2p_user='';
var cam2_p2p_pwd='';
var cam2_host='';
var cam2_port=80;
var cam2_user='';
var cam2_pwd='';
var cam2_alias='';
var cam3_id='';
var cam3_model=1;
var cam3_mode=0;
var cam3_https=0;
var cam3_p2p_user='';
var cam3_p2p_pwd='';
var cam3_host='';
var cam3_port=80;
var cam3_user='';
var cam3_pwd='';
var cam3_alias='';
var cam4_id='';
var cam4_model=1;
var cam4_mode=0;
var cam4_https=0;
var cam4_p2p_user='';
var cam4_p2p_pwd='';
var cam4_host='';
var cam4_port=80;
var cam4_user='';
var cam4_pwd='';
var cam4_alias='';
var cam5_id='';
var cam5_model=1;
var cam5_mode=0;
var cam5_https=0;
var cam5_p2p_user='';
var cam5_p2p_pwd='';
var cam5_host='';
var cam5_port=80;
var cam5_user='';
var cam5_pwd='';
var cam5_alias='';
var cam6_id='';
var cam6_model=1;
var cam6_mode=0;
var cam6_https=0;
var cam6_p2p_user='';
var cam6_p2p_pwd='';
var cam6_host='';
var cam6_port=80;
var cam6_user='';
var cam6_pwd='';
var cam6_alias='';
var cam7_id='';
var cam7_model=1;
var cam7_mode=0;
var cam7_https=0;
var cam7_p2p_user='';
var cam7_p2p_pwd='';
var cam7_host='';
var cam7_port=80;
var cam7_user='';
var cam7_pwd='';
var cam7_alias='';
var cam8_id='';
var cam8_model=1;
var cam8_mode=0;
var cam8_https=0;
var cam8_p2p_user='';
var cam8_p2p_pwd='';
var cam8_host='';
var cam8_port=80;
var cam8_user='';
var cam8_pwd='';
var cam8_alias='';
var cam9_id='';
var cam9_model=1;
var cam9_mode=0;
var cam9_https=0;
var cam9_p2p_user='';
var cam9_p2p_pwd='';
var cam9_host='';
var cam9_port=80;
var cam9_user='';
var cam9_pwd='';
var cam9_alias='';
var cam10_id='';
var cam10_model=1;
var cam10_mode=0;
var cam10_https=0;
var cam10_p2p_user='';
var cam10_p2p_pwd='';
var cam10_host='';
var cam10_port=80;
var cam10_user='';
var cam10_pwd='';
var cam10_alias='';
var cam11_id='';
var cam11_model=1;
var cam11_mode=0;
var cam11_https=0;
var cam11_p2p_user='';
var cam11_p2p_pwd='';
var cam11_host='';
var cam11_port=80;
var cam11_user='';
var cam11_pwd='';
var cam11_alias='';
var cam12_id='';
var cam12_model=1;
var cam12_mode=0;
var cam12_https=0;
var cam12_p2p_user='';
var cam12_p2p_pwd='';
var cam12_host='';
var cam12_port=80;
var cam12_user='';
var cam12_pwd='';
var cam12_alias='';
var cam13_id='';
var cam13_model=1;
var cam13_mode=0;
var cam13_https=0;
var cam13_p2p_user='';
var cam13_p2p_pwd='';
var cam13_host='';
var cam13_port=80;
var cam13_user='';
var cam13_pwd='';
var cam13_alias='';
var cam14_id='';
var cam14_model=1;
var cam14_mode=0;
var cam14_https=0;
var cam14_p2p_user='';
var cam14_p2p_pwd='';
var cam14_host='';
var cam14_port=80;
var cam14_user='';
var cam14_pwd='';
var cam14_alias='';
var cam15_id='';
var cam15_model=1;
var cam15_mode=0;
var cam15_https=0;
var cam15_p2p_user='';
var cam15_p2p_pwd='';
var cam15_host='';
var cam15_port=80;
var cam15_user='';
var cam15_pwd='';
var cam15_alias='';
var manufacturer_platform_service=0;
var manufacturer_platform_param=0;
var manufacturer_platform_svr='';
var manufacturer_platform_port=0;
var manufacturer_platform_user='';
var manufacturer_platform_pwd='';
var manufacturer_platform_host='';
var skype_user='';
var skype_pwd='';
var skype_contact1_user='';
var skype_contact1_group=0;
var skype_contact2_user='';
var skype_contact2_group=0;
var skype_contact3_user='';
var skype_contact3_group=0;
var skype_contact4_user='';
var skype_contact4_group=0;
var skype_contact5_user='';
var skype_contact5_group=0;
var skype_contact6_user='';
var skype_contact6_group=0;
var skype_contact7_user='';
var skype_contact7_group=0;
var skype_contact8_user='';
var skype_contact8_group=0;
var alarm_skype_message='';
var alarm_skype_phonenumbers='';
var alarm_skype_sms_recipients='';
var alarm_skype_sms_body='';
var onvif_port=8080;
var rtsp_port=554;
var tutk=0;
var tutk_id='';
var tutk_av_user='';
var tutk_av_pwd='';
var hekai=0;
var hekai_id='';
var hekai_pwd='';
var hekai_svr='';
var hekai_port=0;
var hekai_lan=0;
var hekai_lpwd='';
var hekai_lport=0;
var hekai_net=0;
var comm=1;
var comm_baud=6;
var comm_data_bits=3;
var comm_stop_bits=0;
var comm_parity=0;
var comm_flow_control=0;
var p2p_svr='p2p.reecam.cn';
var p2p_port=9418;
var p2p_id='';
var idk_uuid='';
var idk_protocol='';
var idk_port_min=13900;
var idk_port_max=14000;
var idk_upnp_max_errors=50;
var alarm_music=0;
var music_playlist=[];
var ap_channel=0;
var test_mail_subject='';
var test_mail_body='';
var inetip_mail_subject='';
var inetip_mail_body='';
var alarm_mail_subject='';
var alarm_mail_body='';
var led=1;
var spk_volume=20;
var mic_volume=20;
var p2p_id_type=0;
var p2p_forward_data=0;
var alarm_msg='';
var dropbox_appkey='';
var dropbox_app_secret='';
var dropbox_oauth_access_token='';
var dropbox_oauth_access_token_secret='';
var armed_delay_time=0;
var video_on_always=1;
var sosocam_url='';
var sosocam_id='';
var idk_icam_run_interval=3600;
var comm_armed=0;
var hardware_stamp_id_tmp=2;
var light_ic_disable=0;
var wired_disable=0;
var wifi_switch=0;
var ptz_t_revease=1;
var ptz_p_revease=1;
var ptz_t_lsw=1;
var ptz_p_lsw=1;
var ptz_func=1;
var ptz_max_t_paces=0;
var ptz_max_p_paces=0;
var audio_aec=0;
var audio_anr=1;
var audio_alc=1;
var mic_gain=0;
var wifi_mac='3C3300FBC54B';
var camera_quality=12;
var device_ssid_prifix='FPV_WIFI__';
var device_alias_prifix='IPC-';
var enable_video=1;
var enable_audio=1;
var ap_channel_range=7;
var lamp_list=[];
var stream_bandwidth=300;
=============================================



Article intéressant sur le sujet:
https://www.utest.com/articles/iot-security-hacking-a-drone-camera-to-spread-malware-part-1