Difference between revisions of "Ring Doorbell"

From Exploitee.rs
Jump to navigationJump to search
(Created page with "__FORCETOC__ {{Disclaimer}} 100px|left|thumb Category:Cameras This page will be dedicated to a general overview, descriptions, and information r...")
 
Line 7: Line 7:
== About ==
== About ==
The Ring Doorbell is a wifi connected doorbell with an attached HD camera.
The Ring Doorbell is a wifi connected doorbell with an attached HD camera.
== Disassembly ==
Ring Doorbell Disassembly coming soon.
== Hardware Pinouts ==
Below is a pinout diagram of the debug pin headers on the Ring Doorbell. The labels correspond to the various Datasheets for the misc ICs.
<gallery>
File:Ring-Doorbell-Pinouts.jpg
</gallery>
== Stealing WiFi Credentials ==
Prior to the start of 2016 it was possible to steal a users WiFi credentials if they had a connected Ring Doorbell. This was done by putting the device into "AP Mode", connecting to the "RING-####" provisioning network, then accessing a specific URL which was left over from the GainSpan SDK.  The video below demonstrates the bug
{{#ev:youtube|bFJFOxVm7uU}}
== Gainspan SDK Pages ==
The Ring Doorbell contains a number of pages still left in from the GainSpan SDK. The following pages are available after accessing the Ring's AP by pressing the connect button on the back of the doorbell.
* /gainspan/system/sslcertupload - '''Upload new SSL Cert'''
* /gainspan/system/fwuploc - '''Upload new FW'''
* /gainspan/system/config/network - '''Network Connection Info'''
* /gainspan/system/config/httpd - '''HTTPD Config Info'''
* /gainspan/system/config/id - '''Hostname and UID/MAC'''
* /gainspan/system/config/otafu - '''OTA Firmware Update Info'''
* /gainspan/system/prov/ap_list - '''List Access points and WiFi info'''
* /gainspan/system/prov/scan_params - '''Wifi scanning parameters'''
* /gainspan/system/prov/wps - '''WPS setup'''
* /gainspan/system/fsupload - '''File System Upload'''
* /gainspan/system/firmware/version - '''Gainspan Firmware Version Info'''
* /gainspan/system/api/version - '''Gainspan API Version'''
* /eapcerts.html - '''EAP Certificate Upload'''
* /gsap.html - '''Gainspan AP Configuration'''
* /gsclient.html - '''Gainspan Client Network Settings'''
* /gsprov.html - '''Gainspan Network Device Setup'''
* /otafu.html - '''OTA Firmware Update'''
* /smartplug.html - '''Gainspan Smartplug Web Application'''
* /sslcert.html - '''SSL Certificate Upload'''
* /tls.html - '''TLS Web App'''
== Gainspan SDK Pages Video ==
Below is a video showing the pages accessible on the Ring Doorbell which are mostly just remnants from the GainSpan SDK.
{{#ev:youtube|wOFPfeYrlKo}}

Revision as of 09:14, 15 January 2016

"Although the information we release has been verified and shown to work to the best our knowledge, we cant be held accountable for bricked devices or roots gone wrong."

Ring-doorbell.jpg

This page will be dedicated to a general overview, descriptions, and information related to the Ring Doorbell.

About

The Ring Doorbell is a wifi connected doorbell with an attached HD camera.

Disassembly

Ring Doorbell Disassembly coming soon.

Hardware Pinouts

Below is a pinout diagram of the debug pin headers on the Ring Doorbell. The labels correspond to the various Datasheets for the misc ICs.

Stealing WiFi Credentials

Prior to the start of 2016 it was possible to steal a users WiFi credentials if they had a connected Ring Doorbell. This was done by putting the device into "AP Mode", connecting to the "RING-####" provisioning network, then accessing a specific URL which was left over from the GainSpan SDK. The video below demonstrates the bug

Gainspan SDK Pages

The Ring Doorbell contains a number of pages still left in from the GainSpan SDK. The following pages are available after accessing the Ring's AP by pressing the connect button on the back of the doorbell.

  • /gainspan/system/sslcertupload - Upload new SSL Cert
  • /gainspan/system/fwuploc - Upload new FW
  • /gainspan/system/config/network - Network Connection Info
  • /gainspan/system/config/httpd - HTTPD Config Info
  • /gainspan/system/config/id - Hostname and UID/MAC
  • /gainspan/system/config/otafu - OTA Firmware Update Info
  • /gainspan/system/prov/ap_list - List Access points and WiFi info
  • /gainspan/system/prov/scan_params - Wifi scanning parameters
  • /gainspan/system/prov/wps - WPS setup
  • /gainspan/system/fsupload - File System Upload
  • /gainspan/system/firmware/version - Gainspan Firmware Version Info
  • /gainspan/system/api/version - Gainspan API Version
  • /eapcerts.html - EAP Certificate Upload
  • /gsap.html - Gainspan AP Configuration
  • /gsclient.html - Gainspan Client Network Settings
  • /gsprov.html - Gainspan Network Device Setup
  • /otafu.html - OTA Firmware Update
  • /smartplug.html - Gainspan Smartplug Web Application
  • /sslcert.html - SSL Certificate Upload
  • /tls.html - TLS Web App

Gainspan SDK Pages Video

Below is a video showing the pages accessible on the Ring Doorbell which are mostly just remnants from the GainSpan SDK.