There are several issues on these SoCs and I've complained to Huawei Europe on several occasions about the GPL violations in HiSilicon devices without much effect
Running «strings» on the Sofia binary is «educational» — there are even RSA private keys in there! — along with other stuff that shows XiongMai's complaints about «software piracy» are extremely hypocritical.
Perhaps a project to reverse engineer and replace Sofia might be worthwhile. This is a Monolithic «thing» that seems to be stripped, but at the same time appears not to be — and it would be worth seeing what it is doing as well as removing the nasty «activeX» stuff and the insistence on using the XMeye tunnel that quite effectively backdoors your private network if you are not careful.
For what it's worth: The information I've been able to find is that XiongMai were contracted to write this DVR software by Huawei/HiSilicon, so it is probably correct to blame them both for this mess — however one of the biggest problems is that whils the code is very poor (so are Huawei's switches) they are too «proud» to listen to suggestions from «outsiders»
One way of solving that would be to rewrite the implementation to be secure, much smaller/faster and GPL (which will embarrass them)
Running «strings» on the Sofia binary is «educational» — there are even RSA private keys in there! — along with other stuff that shows XiongMai's complaints about «software piracy» are extremely hypocritical.
Perhaps a project to reverse engineer and replace Sofia might be worthwhile. This is a Monolithic «thing» that seems to be stripped, but at the same time appears not to be — and it would be worth seeing what it is doing as well as removing the nasty «activeX» stuff and the insistence on using the XMeye tunnel that quite effectively backdoors your private network if you are not careful.
For what it's worth: The information I've been able to find is that XiongMai were contracted to write this DVR software by Huawei/HiSilicon, so it is probably correct to blame them both for this mess — however one of the biggest problems is that whils the code is very poor (so are Huawei's switches) they are too «proud» to listen to suggestions from «outsiders»
One way of solving that would be to rewrite the implementation to be secure, much smaller/faster and GPL (which will embarrass them)