Hacking the Stem iZON Camera

(initially kicked off by this meh.com forum thread)


The Stem iZON was a cheap camera that Meh.com sold a while back. What they couldn't sell, they unloaded in Fukobukuro bags of clearance goods, which is how I got mine.

iZON has since closed down, so these cameras can't be used through the manufacturer's terrible app-as-a-service any more, but the on-board system is still wide open for personal use - you just need to hack around the bits that the app used to do for you.

Getting started

Plug the camera into a power source. The light on the front should turn on solid orange for about a minute, then start flashing in a pattern of green-green-orange-orange.

If your camera doesn't start flashing in this pattern, it's probably configured for an old network: push a paperclip/pin into the "Reset" hole on the back for ten seconds to reset it.

Connecting the camera to you

The first thing we need to do is set up the camera to connect to your network. There are two ways to do this: showing the camera a QR code, or connecting to the camera's own temporary network.

Approach 1: QR Code

Enter the SSID (Wi-Fi network name) and passphrase for your 2.4GHz Wi-Fi network (if your access point puts out both, this would be the one that isn't the 5GHz one), then point the camera at the QR code below:

Note that SSIDs or passphrases containing a semicolon will likely trip up the camera, especially if there are multiple consecutive semicolons, or if the semicolon is at the end of the passphrase. The presumptive spec for this kind of QR code specifies a way to escape them, but the official IZON app doesn't do this (it diverges from the spec in a number of ways, really), meaning that the camera probably can't handle them, either.

When the camera sees the QR code, its light should start quickly blinking green, then turn off, come back on solid orange, and then slowly blink green. (It might only start blinking green once you've connected in the next step.)

Approach 2: Hotspot

If you can't get the QR code to work (or just don't want to bother), connect to the "STEM" wifi network the camera creates while it waits for a connection (if you do want it to connect to your network, you will need to configure it for your network from the interface we connect to in the next step).

Accessing the camera's interface

If you connected the camera to your Wi-Fi network, it will obtain an IP address via DHCP: you'll need to go to your router's list/table of client devices that have connected to the wireless network and been assigned an IP address via DHCP to find the address of the camera (look for a MAC address that begins 00-12-2A).

If you connected directly to the camera's hotspot, the camera's IP address will be once you configure it to connect to your Wi-Fi network, you'll need to go back and find the IP address from the DHCP table as described in the previous paragraph.

Once you've found the camera's IP, you'll want to connect to /mobileye on that camera, with the username and password admin: if the camera's IP address is , then that link will be http://admin:[email protected]/mobileye.

(If you want to connect the camera to another Wi-Fi network, the page to do that is at http://admin:[email protected]/mobileye/settings/settings-wifi.html.)

From there, what you do with the camera is up to you: if you're looking for ideas, beyond the Meh thread linked at the top of the page, there's this presentation from 2014 that details some other ways you can get into the camera and mess around with it. Feel free to email me or submit a pull request with any further suggestions (especially if someone makes/ports some kind of open-source firmware like OpenIPC to this).