install issue

[beefyfoot]

I got the remote_install to run with the following output but I did not hear anything on the camera nor I think it is doing anything. What could be wrong? Please note, I have RTSP firmware on wyze v2 cameras. Appreciate that.

Device type: Camera (WYZEC1-JZ)
Device name: Porch Cam
Firmware version: 4.28.4.49
IP Address: 192.168.88.170

Pushing firmware to this device? [y/N]:y
INFO:root:Serving firmware file './firmware.bin' as 'http://s3-us-west-2.amazonaws.com/wuv2/upgrade/WLPP1/firmware/1.2.0.80a.bin', md5=ed4d8396792cb7ee65583d558b2b6c25
INFO:root:Checking device, mac=2CAA8E562C6C

Device type: Camera (WYZEC1-JZ)
Device name: Garage Cam
Firmware version: 4.28.4.49
IP Address: 192.168.88.171

Pushing firmware to this device? [y/N]:y
Press Ctrl+C when all the updates are done...
...............................................................................................................................................

p/s I did the dns spoofing and the patch -- #132 (comment)

[virmaior]

looks like they aren't attempting to download it from your device.

1. what's the output look like with debug on ?
2. are you sure the cameras themselves are getting the spoofed DNS and not just your local computer?

This could also be a result of more aggressive work from Wyze to stop this such that the check whether or not that's a safe firmware that happens before the camera tries to download anything is failing.

[beefyfoot]

Yes, the DNS is spoofed on the entire local network.

Here is the debug output:

Found local config file, including into firmware update archive...
Upgrade/config.inc
Requirement already satisfied: requests in /usr/lib/python3/dist-packages (2.25.1)
send: b'POST /app/v2/device/get_device_list HTTP/1.1\r\nHost: api.wyzecam.com\r\nUser-Agent: okhttp/3.8.1\r\nAccept-Encoding: gzip, deflate\r\nAccept: /\r\nConnection: keep-alive\r\nContent-Length: 495\r\nContent-Type: application/json\r\n\r\n'
send: b'{"access_token": "lvtx.L4YLMGHE/jIRlQ9oJBwyxV4lxgucaAPG5x+KcANL/5e7utZTvg62paas/f0+bVnswstWqtWv7b91G+ohnG68wIChU9MzRfT3JQeq1riFhvGozBB1HEbjk5i8Se8yThccTZSuYAcsWzZ2F0YNxa4Bgmm43OeAK50EVk0qCcJ6XukNPzEBUHdZn+0c5tmDBvRt3N2EqwAhg==", "app_name": "com.hualai", "app_version": "2.11.40", "phone_system_type": "2", "app_ver": "com.hualai___2.11.40", "phone_id": "bc045543-0cb4-4a21-9b03-cc50f3c31d41", "sc": "a626948714654991afd3c0dbd7cdb901", "sv": "f0ef3f988133430aaf14f8f00add6d2d", "ts": 1630067079000}'
reply: 'HTTP/1.1 200 OK\r\n'
header: Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Cache-Control, Accept, authorization, content-type
header: Access-Control-Allow-Methods: POST,GET,OPTIONS
header: Access-Control-Allow-Origin: *
header: Cache-Control: no-cache
header: Content-Type: application/json; charset=utf-8
header: Date: Fri, 27 Aug 2021 12:24:39 GMT
header: Expires: -1
header: Pragma: no-cache
header: Server: Microsoft-IIS/8.5
header: X-AspNet-Version: 4.0.30319
header: X-Powered-By: ASP.NET
header: Content-Length: 2112
header: Connection: keep-alive
send: b'POST /app/v2/device/get_device_info HTTP/1.1\r\nHost: api.wyzecam.com\r\nUser-Agent: okhttp/3.8.1\r\nAccept-Encoding: gzip, deflate\r\nAccept: /\r\nConnection: keep-alive\r\nContent-Length: 552\r\nContent-Type: application/json\r\n\r\n'
send: b'{"access_token": "lvtx.L4YLMGHE/jIRlQ9oJBwyxV4lxgucaAPG5x+KcANL/5e7utZTvg62paas/f0+bVnswstWqtWv7b91G+ohnG68wIChU9MzRfT3JQeq1riFhvGozBB1HEbjk5i8Se8yThccTZSuYAcsWzZ2F0YNxa4Bgmm43OeAK50EVk0qCcJ6XukNPzEBUHdZn+0c5tmDBvRt3N2EqwAhg==", "app_name": "com.hualai", "app_version": "2.11.40", "phone_system_type": "2", "app_ver": "com.hualai___2.11.40", "phone_id": "bc045543-0cb4-4a21-9b03-cc50f3c31d41", "sc": "a626948714654991afd3c0dbd7cdb901", "sv": "81d1abc794ba45a39fdd21233d621e84", "ts": 1630067079000, "device_mac": "2CAA8E305155", "device_model": "Unknown"}'
reply: 'HTTP/1.1 200 OK\r\n'
header: Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Cache-Control, Accept, authorization, content-type
header: Access-Control-Allow-Methods: POST,GET,OPTIONS
header: Access-Control-Allow-Origin: *
header: Cache-Control: no-cache
header: Content-Type: application/json; charset=utf-8
header: Date: Fri, 27 Aug 2021 12:24:39 GMT
header: Expires: -1
header: Pragma: no-cache
header: Server: Microsoft-IIS/8.5
header: X-AspNet-Version: 4.0.30319
header: X-Powered-By: ASP.NET
header: Content-Length: 2593
header: Connection: keep-alive

Device type: Camera (WYZEC1-JZ)
Device name: Porch Cam
Firmware version: 4.28.4.49
IP Address: 192.168.88.170

Pushing firmware to this device? [y/N]:send: b'POST /app/v2/auto/run_action HTTP/1.1\r\nHost: api.wyzecam.com\r\nUser-Agent: okhttp/3.8.1\r\nAccept-Encoding: gzip, deflate\r\nAccept: /\r\nConnection: keep-alive\r\nContent-Length: 771\r\nContent-Type: application/json\r\n\r\n'
send: b'{"access_token": "lvtx.L4YLMGHE/jIRlQ9oJBwyxV4lxgucaAPG5x+KcANL/5e7utZTvg62paas/f0+bVnswstWqtWv7b91G+ohnG68wIChU9MzRfT3JQeq1riFhvGozBB1HEbjk5i8Se8yThccTZSuYAcsWzZ2F0YNxa4Bgmm43OeAK50EVk0qCcJ6XukNPzEBUHdZn+0c5tmDBvRt3N2EqwAhg==", "app_name": "com.hualai", "app_version": "2.11.40", "phone_system_type": "2", "app_ver": "com.hualai___2.11.40", "phone_id": "bc045543-0cb4-4a21-9b03-cc50f3c31d41", "sc": "a626948714654991afd3c0dbd7cdb901", "sv": "011a6b42d80a4f32b4cc24bb721c9c96", "ts": 1630067083000, "provider_key": "WYZEC1-JZ", "action_key": "upgrade", "instance_id": "2CAA8E305155", "custom_string": "", "action_params": {"url": "http://s3-us-west-2.amazonaws.com/wuv2/upgrade/WLPP1/firmware/1.2.0.80a.bin", "md5": "52dd42193695d28cb2a9ddea1e9879a4", "model": "WYZEC1-JZ"}}'
reply: 'HTTP/1.1 200 OK\r\n'
header: Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Cache-Control, Accept, authorization, content-type
header: Access-Control-Allow-Methods: POST,GET,OPTIONS
header: Access-Control-Allow-Origin: *
header: Cache-Control: no-cache
header: Content-Type: application/json; charset=utf-8
header: Date: Fri, 27 Aug 2021 12:24:43 GMT
header: Expires: -1
header: Pragma: no-cache
header: Server: Microsoft-IIS/8.5
header: X-AspNet-Version: 4.0.30319
header: X-Powered-By: ASP.NET
header: Content-Length: 182
header: Connection: keep-alive
send: b'POST /app/v2/device/get_device_info HTTP/1.1\r\nHost: api.wyzecam.com\r\nUser-Agent: okhttp/3.8.1\r\nAccept-Encoding: gzip, deflat
e\r\nAccept: /\r\nConnection: keep-alive\r\nContent-Length: 552\r\nContent-Type: application/json\r\n\r\n'
send: b'{"access_token": "lvtx.L4YLMGHE/jIRlQ9oJBwyxV4lxgucaAPG5x+KcANL/5e7utZTvg62paas/f0+bVnswstWqtWv7b91G+ohnG68wIChU9MzRfT3JQeq1riFhvGozB
B1HEbjk5i8Se8yThccTZSuYAcsWzZ2F0YNxa4Bgmm43OeAK50EVk0qCcJ6XukNPzEBUHdZn+0c5tmDBvRt3N2EqwAhg==", "app_name": "com.hualai", "app_version": "
2.11.40", "phone_system_type": "2", "app_ver": "com.hualai___2.11.40", "phone_id": "bc045543-0cb4-4a21-9b03-cc50f3c31d41", "sc": "a6269487
14654991afd3c0dbd7cdb901", "sv": "81d1abc794ba45a39fdd21233d621e84", "ts": 1630067087000, "device_mac": "2CAA8E562C6C", "device_model": "U
nknown"}'
reply: 'HTTP/1.1 200 OK\r\n'
header: Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Cache-Control, Accept, authorization, content-type
header: Access-Control-Allow-Methods: POST,GET,OPTIONS
header: Access-Control-Allow-Origin: *
header: Cache-Control: no-cache
header: Content-Type: application/json; charset=utf-8
header: Date: Fri, 27 Aug 2021 12:24:47 GMT
header: Expires: -1
header: Pragma: no-cache
header: Server: Microsoft-IIS/8.5
header: X-AspNet-Version: 4.0.30319
header: X-Powered-By: ASP.NET
header: Content-Length: 2680
header: Connection: keep-alive

Device type: Camera (WYZEC1-JZ)
Device name: Garage Cam
Firmware version: 4.28.4.49
IP Address: 192.168.88.171

Pushing firmware to this device? [y/N]:send: b'POST /app/v2/auto/run_action HTTP/1.1\r\nHost: api.wyzecam.com\r\nUser-Agent: okhttp/3.8.1
r\nAccept-Encoding: gzip, deflate\r\nAccept: /\r\nConnection: keep-alive\r\nContent-Length: 771\r\nContent-Type: application/json\r\n\r
n'
send: b'{"access_token": "lvtx.L4YLMGHE/jIRlQ9oJBwyxV4lxgucaAPG5x+KcANL/5e7utZTvg62paas/f0+bVnswstWqtWv7b91G+ohnG68wIChU9MzRfT3JQeq1riFhvGozB
B1HEbjk5i8Se8yThccTZSuYAcsWzZ2F0YNxa4Bgmm43OeAK50EVk0qCcJ6XukNPzEBUHdZn+0c5tmDBvRt3N2EqwAhg==", "app_name": "com.hualai", "app_version": "
2.11.40", "phone_system_type": "2", "app_ver": "com.hualai___2.11.40", "phone_id": "bc045543-0cb4-4a21-9b03-cc50f3c31d41", "sc": "a6269487
14654991afd3c0dbd7cdb901", "sv": "011a6b42d80a4f32b4cc24bb721c9c96", "ts": 1630067102000, "provider_key": "WYZEC1-JZ", "action_key": "upgr
ade", "instance_id": "2CAA8E562C6C", "custom_string": "", "action_params": {"url": "http://s3-us-west-2.amazonaws.com/wuv2/upgrade/WLPP1/f
irmware/1.2.0.80a.bin", "md5": "52dd42193695d28cb2a9ddea1e9879a4", "model": "WYZEC1-JZ"}}'
reply: 'HTTP/1.1 200 OK\r\n'
header: Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Cache-Control, Accept, authorization, content-type
header: Access-Control-Allow-Methods: POST,GET,OPTIONS
header: Access-Control-Allow-Origin: *
header: Cache-Control: no-cache
header: Content-Type: application/json; charset=utf-8
header: Date: Fri, 27 Aug 2021 12:25:01 GMT
header: Expires: -1
header: Pragma: no-cache
header: Server: Microsoft-IIS/8.5
header: X-AspNet-Version: 4.0.30319
header: X-Powered-By: ASP.NET
header: Content-Length: 182
header: Connection: keep-alive
Press Ctrl+C when all the updates are done...
......................................................................................................

[virmaior]

I only have V3s (so both a different model and no RTSP firmware). I have no knowledge of whether it ever worked on RTSP firmware.
Does the camera go into "firmware-receptive" mode? (i.e., does the status light flash red and it eventually reboot).

[Vendo232]

I only have V3s (so both a different model and no RTSP firmware). I have no knowledge of whether it ever worked on RTSP firmware.
Does the camera go into "firmware-receptive" mode? (i.e., does the status light flash red and it eventually reboot).

Hi
I`m trying to do the DNS hack, what am I doing wrong?

the dnsmaq is running from 192.168.1.245
PC where the script is running from is 192.168.1.76
V3 is 192.168.1.174

V3 while in this DNSMASQ loop is blinking orange ( red + blue )

[Vendo232]

is DNS spoofing still working?

[HclX]

Wyze blocked DNS spoofing in latest firmware by adding https checks. Their server side is still pushing the update link to the device, but device will not download firmwares if the download link is http, or https but with invalid certificate.

[mosin]

Is there any way to install this anymore? The NFS solution was so much better than setting up a RTSP server.

[Vendo232]

As of December 28 2021 the WyzeCameraLiveStream still works

just downgraded from RTSP firmare to 4.36.0.228 to run WyzeCameraLiveStream

installed DNS server using Dnsmasq following this guide: dnsmasq spoofing

my dns server: 192.168.1.245 ( raspberry pi 4 using raspbian lite )
running script: 192.168.1.143 ( Ubuntu in VM ) here I installed wyze_hacks_0_5_08.zip

run dnsmasq or some other DNS server and spoof s3-us-west-2.amazonaws.com to the computer you will run the script from. In my case, I used a rasbperry pi for dns serving. This involved (1) adding a line to hosts of s3-us-west-2.amazonaws.com 192.168.11.4 (2) changing the DNS server choice on the DHCP server to the ip of your spoofing DNS server (in my case 192.168.11.11)

Manually set the url inside the to http://s3-us-west-2.amazonaws.com/wuv2/upgrade/WLPP1/firmware/1.2.0.80a.bin

The port used must be port 80 (since it's checking urls I doubt it will work with another port). Note that the default port if you use remote_install.sh is not 80 On OSX, I had to use sudo to avoid getting "PermissionError: [Errno 13] Permission Denied"

Flashing command: sudo python3 ./wyze_updater.py --token ~/.wyze_token --debug update -m WYZEC1-JZ -m WYZECP1_JEF -m WYZE_CAKP2JFUS -m WYZEDB3 -f ./firmware.bin -p 80