[chbot] New outdoor security cameras for sale.

Richard Jones richard.jones.1952 at gmail.com
Tue Oct 27 08:56:44 GMT 2020 

I had a similar experience with an AliExpress supposedly compliant ONVIF
video camera, and used login and password gleaned by searching the internet
and a bit of trial and error to play the video stream using omxplayer or
vlc. e.g.
omxplayer rtsp://admin:12345@192.168.178.49
Note that using vlc from the command line shows no gui buttons (like close)
on the display.
Also a linux login using telnet to the camera was available (this flags a
security hole)
  localhost login: root
  Password: cxlinux
The camera is no longer available, but here is the link:
https://www.aliexpress.com/item/IP-wifi-Security-Camera-1080-wi-fi-IP-Wireless-Mini-P2P-Cloud-Storage-camera-PTZ-Onvif/32836521386.htm
Attached are the notes that I took at the time, up to the point where I
shelved the project because I did not have the patience to figure out the
pan,tilt,zoom and sound features.

Richard Jones
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ourshack.com/pipermail/chchrobotics/attachments/20201027/5667adac/attachment.html>
-------------- next part --------------
0. Install Care Home on phone from app store
   Wifi config using QR codes does not seem to work
   Reset camera and configure camera using wired ethernet & QR code on camera base
   Configure wifi
   
1. Using info from 
     here: https://camlytics.com/camera/eyeplus
   and 
     here https://www.youtube.com/watch?v=g06bU3eMitw
   and 
     here https://www.ispyconnect.com/man.aspx?n=Eyeplus
   and some guesswork!

   View stream using vlc under raspian linux
   a. Select Media -> Open Network Stream -> rtsp://192.168.178.49:554/ch0_0.h264 -> Play
      Username: admin
      Password: 12345
     or
   b. Select Media -> Open Network Stream -> rtsp://admin:12345@192.168.178.49:554/ch0_0.h264 -> Play
     or 
   c. At the command line: 
        $ omxplayer rtsp://admin:12345@192.168.178.49:554/ch0_0.h264
	$ omxplayer rtsp://admin:12345@192.168.178.49:554/tcp/av0_0
          ( use alt+F4 to quit)
     or
   d. rtsp://192.168.178.49:554/tcp/av0_0
     or 
   e. from the command line:
      $ vlc rtsp://admin:12345@192.168.178.49:554/ch0_0.h264 (has no close or max/min buttons)
      $ vlc rtsp://admin:12345@192.168.178.49:554/tcp/av0_0

2.0 Viewing and recording choices:
    https://shinobi.video/
	pm2 unstartup # to disable
        cd ~/projects/Shinobi; sudo INSTALL/start.sh # start
    https://reolink.com/connect-raspberry-pi-to-ip-cameras/
    https://obsproject.com/ 
    https://www.ispyconnect.com/features.aspx
    https://forum.videolan.org/viewtopic.php?t=107702
    https://www.ubuntupit.com/linux-camera-software-ip-webcam-cctv-security-camera-software/
    https://www.bluecherrydvr.com
    MotionEye, MionEyeOS
    or
    install Android on RPi using LineageOS and then install CareHome from Playstore

3.0 nmap
    pi at raspberrypi4 ~ $ nmap 192.168.178.49
    Starting Nmap 7.70 ( https://nmap.org ) at 2020-07-05 02:15 NZST
    Nmap scan report for 192.168.178.49
    Host is up (0.89s latency).
    Not shown: 993 closed ports
    PORT     STATE SERVICE
    23/tcp   open  telnet
    80/tcp   open  http
    554/tcp  open  rtsp - real time streaming protocol
    843/tcp  open  unknown
    5050/tcp open  mmcc - multi media conference control
    7103/tcp open  unknown
    8001/tcp open  vcom-tunnel
Nmap done: 1 IP address (1 host up) scanned in 1.30 seconds
pi at raspberrypi4 ~ $ 
pi at raspberrypi4 ~ $ nmap -p- 192.168.178.49
Starting Nmap 7.70 ( https://nmap.org ) at 2020-09-09 22:40 NZST
Nmap scan report for 192.168.178.49
Host is up (0.00074s latency).
Not shown: 65525 closed ports
PORT     STATE SERVICE
23/tcp   open  telnet
80/tcp   open  http
554/tcp  open  rtsp
843/tcp  open  unknown
3201/tcp open  cpq-tasksmart
5050/tcp open  mmcc
6670/tcp open  irc
7101/tcp open  elcn
7103/tcp open  unknown
8001/tcp open  vcom-tunnel

Nmap done: 1 IP address (1 host up) scanned in 7.78 seconds



4.0 Telnet!
	Ref: https://github.com/ant-thomas/zsgx1hacks
	Ref: https://github.com/edsub/Goke_GK7102
	Ref: https://github.com/bolshevik/goke-GK7102-customizer
$ telnet 192.168.178.49
  Trying 192.168.178.49...
  Connected to 192.168.178.49.
  Escape character is '^]'.

  localhost login: root
  Password: cxlinux


  BusyBox v1.20.2 (2017-11-07 11:47:24 CST) built-in shell (ash)
  Enter 'help' for a list of built-in commands.

  # help
  Built-in commands:
  ------------------
        . : [ [[ alias bg break cd chdir command continue echo eval exec
        exit export false fg getopts hash help jobs kill let local printf
        pwd read readonly return set shift source test times trap true
        type ulimit umask unalias unset wait

# ls /tmp | grep -F 3. -> Software version 3.4.0.1017
pi at raspberrypi4 ~/projects/VideoCamera $ telnet 192.168.178.49
Trying 192.168.178.49...
Connected to 192.168.178.49.
Escape character is '^]'.

localhost login: root
Password: cxlinux


BusyBox v1.20.2 (2017-11-07 11:47:24 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.

# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
tcp        0      0 0.0.0.0:telnet          0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:5050            0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:7101            0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:7103            0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:8001            0.0.0.0:*               LISTEN - Not found returned from http://192.168.178.49:8001/onvif/device_service
tcp        0      0 0.0.0.0:3201            0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:554             0.0.0.0:*               LISTEN - Not found returned from http://192.168.178.49:554/onvif/device_service
tcp        0      0 0.0.0.0:843             0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:6670            0.0.0.0:*               LISTEN      
tcp        0      0 localhost:9008          0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:www             0.0.0.0:*               LISTEN      
tcp        0      0 192.168.178.49:telnet   raspberrypi4.fritz.box:44390 ESTABLISHED 
tcp        0      0 192.168.178.49:48670    65.9.139.4:https        TIME_WAIT   
tcp        0      0 192.168.178.49:49785    ecs-159-138-234-125.compute.hwclouds-dns.com:50920 ESTABLISHED 
tcp        0      0 192.168.178.49:45929    ec2-52-53-60-16.us-west-1.compute.amazonaws.com:https TIME_WAIT   
tcp        0      0 192.168.178.49:48667    65.9.139.4:https        TIME_WAIT   
udp        0      0 0.0.0.0:7998            0.0.0.0:*                           
udp        0      0 0.0.0.0:8001            0.0.0.0:*                           
udp        0      0 0.0.0.0:8002            0.0.0.0:*                           
udp        0      0 0.0.0.0:3702            0.0.0.0:*                           
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING        265 /tmp/aaa
unix  3      [ ]         DGRAM                       216 /var/run/tees.sock
unix  2      [ ACC ]     STREAM     LISTENING        247 /tmp/systemcall.sock
unix  2      [ ]         DGRAM                       277 
# 



5. ONVIF Port 8001 Wireshark:
  Capture network traffic on camera port using: http://fritz.box/html/capture.html
  I83	0.293747903	192.168.178.44	192.168.178.49	HTTP/XML	1125	POST /onvif/device_service HTTP/1.1 
  85	0.295380957	192.168.178.49	192.168.178.44	HTTP	205	HTTP/1.1 404 Not Found

More information about the Chchrobotics mailing list