Ok, didn't receive any time-saving pointers. I tinkered around a bit more.
Got dropbear working, so that was it for item 2. For item 3, I unpacked /dev/mtd1, changed the admin username and repacked it, Had to compile a new busybox with the flashcp command to be able to write that back to mtd1. All good there.
Closing the ports in point 1 was the hardest one. First I tried to compile iptables matching the kernel version (3.0.8), all OK but I couldn't insmod the modules because there was an "Unknown symbol nf
_register_hooks", and "nf_unregister_hooks" in the x_tables.ko module, meaning the kernel was originally compiled with netfilter disabled. A real problem because there are no sources and there is custom code in the kernel from Hik, so the standard 3.0.8 kernel would most likely not work. If anyone knows how to insert those missing symbols in the kernel or have a workaround to get iptables working I'm all ears.
In the meantime, I took the "master" file on IDA and started debugging with a statically-compiled GDB server to see if I could patch it to close all the ports except the RTSP one which is the only one I need.
This is the original netstat output:
Code:
[root@dvrdvs ~] # netstat -anp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:53000 0.0.0.0:* LISTEN 913/master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 894/dropbear
tcp 0 0 0.0.0.0:30960 0.0.0.0:* LISTEN 913/master
tcp 0 0 127.0.0.1:47075 127.0.0.1:53000 ESTABLISHED 913/master
tcp 0 0 127.0.0.1:53000 127.0.0.1:47075 ESTABLISHED 913/master
tcp 0 0 192.168.1.187:22 192.168.1.101:1143 ESTABLISHED 900/dropbear
tcp 0 0 :::8000 :::* LISTEN 913/master
tcp 0 0 :::554 :::* LISTEN 913/master
tcp 0 0 :::80 :::* LISTEN 913/master
udp 0 0 0.0.0.0:7989 0.0.0.0:* 913/master
udp 0 0 0.0.0.0:3702 0.0.0.0:* 913/master
udp 0 0 239.255.255.250:37020 0.0.0.0:* 913/master
udp 0 0 0.0.0.0:43957 0.0.0.0:* 913/master
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 2671 887/iscsid @ISCSIADM_ABSTRACT_NAMESPACE
unix 2 [ ACC ] STREAM LISTENING 3081 913/master /var/cmd.socket
unix 2 [ ] DGRAM 190 580/udevd @/org/kernel/udev/udevd
unix 2 [ ACC ] STREAM LISTENING 978 913/master /var/dhcp.socket
unix 2 [ ACC ] STREAM LISTENING 984 913/master /var/master
unix 3 [ ] STREAM CONNECTED 992 913/master /var/cl.0x11da0
unix 3 [ ] STREAM CONNECTED 2767 913/master
unix 3 [ ] STREAM CONNECTED 2766 913/master
unix 3 [ ] STREAM CONNECTED 2765 913/master
unix 3 [ ] STREAM CONNECTED 2764 913/master
unix 3 [ ] STREAM CONNECTED 2763 913/master
unix 3 [ ] STREAM CONNECTED 2762 913/master
unix 3 [ ] STREAM CONNECTED 2761 913/master
unix 3 [ ] STREAM CONNECTED 2760 913/master
unix 3 [ ] STREAM CONNECTED 1024 913/master
unix 3 [ ] STREAM CONNECTED 1023 913/master
unix 3 [ ] STREAM CONNECTED 1022 913/master
unix 3 [ ] STREAM CONNECTED 1021 913/master
unix 3 [ ] STREAM CONNECTED 2757 913/master
unix 3 [ ] STREAM CONNECTED 2756 913/master
unix 3 [ ] STREAM CONNECTED 2755 913/master
unix 3 [ ] STREAM CONNECTED 2754 913/master
unix 3 [ ] STREAM CONNECTED 2693 913/master /var/master
unix 3 [ ] STREAM CONNECTED 983 913/master
unix 3 [ ] STREAM CONNECTED 982 913/master
unix 3 [ ] STREAM CONNECTED 981 913/master
unix 3 [ ] STREAM CONNECTED 980 913/master
Port 3702 was open even if uPnP was disabled in the configuration.
Ports 7989 and multicast 37020 were related to a "sadp_search" function.
Port 43957 I think it was related to functions "ipcPnpCtrlTask" / "ipc_poe_ctrl"
Port 53000 was activated in a "master_create" function which created some sort of "loopback" connection on startup, but the port was open broadly instead of locally and I don't like that.
Port 30960 was activated in a "slave_create" function, also open broadly.
I also closed some strange "stream" sockets I found along the way.
This is my current netstat output with the patched "master":
Code:
[root@dvrdvs ~] # netstat -anp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 895/dropbear
tcp 0 64 192.168.1.187:22 192.168.1.101:1148 ESTABLISHED 944/dropbear
tcp 0 0 :::554 :::* LISTEN 897/master
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 634 888/iscsid @ISCSIADM_ABSTRACT_NAMESPACE
unix 2 [ ACC ] STREAM LISTENING 815 897/master /var/dhcp.socket
unix 2 [ ] DGRAM 111 580/udevd @/org/kernel/udev/udevd
unix 3 [ ] STREAM CONNECTED 854 897/master
unix 3 [ ] STREAM CONNECTED 853 897/master
unix 3 [ ] STREAM CONNECTED 852 897/master
unix 3 [ ] STREAM CONNECTED 851 897/master
unix 3 [ ] STREAM CONNECTED 2886 897/master
unix 3 [ ] STREAM CONNECTED 2885 897/master
unix 3 [ ] STREAM CONNECTED 2884 897/master
unix 3 [ ] STREAM CONNECTED 2883 897/master
unix 3 [ ] STREAM CONNECTED 820 897/master
unix 3 [ ] STREAM CONNECTED 819 897/master
unix 3 [ ] STREAM CONNECTED 818 897/master
unix 3 [ ] STREAM CONNECTED 817 897/master
Everything I need seems to be working, so I guess that's it for now.