Welcome to MerkCamFirm β a repository that contains the firmware dumped from the Merkury MI-CW051 1080p IP camera. This project is for anyone interested in exploring, reverse-engineering, or performing security research on the firmware of IoT devices.
The firmware here was extracted using a CH341A SPI programmer and the flashrom utility. The resulting firmware image, merkury.bin, is shared in its raw form, enabling anyone to dive into static analysis, emulation, or any other form of research.
The goal of this project is to offer a transparent look into the firmware of a widely used consumer device. As part of my ongoing reverse engineering efforts, I will continue to add insights, static and dynamic analysis results, and modifications to this repository.
Whether youβre a Linux enthusiast, a security researcher, a reverse engineer, or a hacker, this project aims to provide useful resources to help uncover how the firmware operates and potentially identify vulnerabilities, security flaws, or other points of interest.
- flashrom: To interface with the SPI chip.
- strings: For gathering information from the binary.
- binwalk: For unpacking and extracting files from the firmware.
- ch341a_spi bios/eeprom spi flash chip programmer
- Computer running Linux (kali Linux, Ubuntu)
π± Click here to expand
Probe for the flash chip:
flashrom --programmer ch341a_spiRead and dump the firmware:
flashrom --programmer ch341a_spi --chip [Chip Name] --read merkury.binTo gather basic strings and identify potential embedded information in the firmware before performing further analysis: Commands:
file merkury.bin # Determine the file type
binwalk merkury.bin # Ran with no options, binwalk will scan the image and print the results to the screen
strings -n 10 merkury.bin # Strings will print any sequences of "human-readable" characters, that are atleast 10 characters long (-n 10)
hexdump -C | head # Looking for signatures in the headerTo unpack the firmware and extract embedded files or hidden elements, I used binwalk:
binwalk merkury.bin # Ran with no options, binwalk will scan the image and print the results to the screen
binwalk -E merkury.bin # Calculates file entropy which tells us whether the firmware is encrypted or not
binwalk -eM merkury.bin # Extract known file types (-e), and recursively scan extracted files (-M)This repository contains the following files and directories:
-
merkury.bin: The raw firmware dump from the Merkury IP Camera's SPI flash chip.
-
'Merkury' Directory: Contains images of the camera, the circuit board, and various tools used during the extraction process.
-
hashes.txt: A file containing various hashes of the merkury.bin firmware, useful for verifying the integrity of the binary.
-
User Manual: A copy of the Merkury IP Camera's user manual, obtained via its FCC ID, to provide additional context for the device.
This is an open project, and I welcome contributions and feedback from the community. If you have insights, improvements, or additional findings related to the firmware, please feel free to submit issues or pull requests.
Your thoughts, questions, and feedback are greatly appreciated! Feel free to open an issue or leave a comment. Letβs collaborate and make this project even better.
Thank you for checking out MerkCamFirm. Stay tuned for future updates, and happy reverse engineering!
