Dahua NVR, DMSS and P2P - How are they connected?

bigredfish

bigredfish

Known around here
Sep 5, 2016
22,394
60,359
Back in Florida!
So this is just a thread on my own testing/research of Dahua NVRs and how they interact with Dahua P2P and the DMSS app. YMMV
It can get quite complicated....and I caution that there have been different results from past versions of the DMSS app. SO, if you're using an old version of the app you may see different results.


Part #1)
Testing Remote Push Notifications

Lets start with how a Dahua NVR (older model NVR5216-16P-4K2SE) interacts with the DMSS app (Version - 1.99.842 / 11/12/2024 - reasonably new) to send you push alerts
I have no reason to believe that newer NVRs do this any differently.

Assumptions:
I was always under the impression that Dahua P2P had to be enabled on the NVR along with an active login in the Dahua app account were required to receive push messages (iphone 13)
------Not So!
  • It seems that even with P2P disabled on your NVR, AND logged out of the Dahua account on the DMSS app, AND even remote from your wifi on a cellular connection, you still receive Dahua push notifications to your phone based on having the "Mobile Push Notifications"box checked on your NVR. (image 1)
    • You must have subscribed to the specific rules you want alerts for in the DMSS app under "Multichannel Alarm Subscriptions" (image 2,3)
    • You must also have added your NVR to the DMSS app via the Serial # or QR code method. Alerts were not pushed via a profile in DMSS using the same NVR but instead added to DMSS using its LAN IP address (192.168.1.X in my case) even while on Wifi *SEE Part #3 below
    • You DO NOT have to be logged into the Dahua account on the DMSS App (image 4) to receive push notifications
Image 1
MobilePush.jpg

Image 2----------- Image 3
IMG_8125.PNG IMG_8126.PNG


Image 4
IMG_8123.PNG

These push notifications come through as alert banners with a link to the snapshot and video clip of the event within the DMSS app. (image 5)
So you get the push notification, *however when you tap it and try to see the actual snapshot/video clip associated with the pushed notification, they do not play and timeout.
*** The snapshot image and video clip of the event that triggered the notification *are separate from the notification and are not visible unless you enable P2P on the NVR.
With P2P enabled, you can now see/play the snapshot and video clip of the subscribed notification.

Image 5
IMG_8119.PNG


So how does the NVR connect to your phone with P2P disabled, not logged into the Dahua account in DMSS, and on a remote cell connection????
Here's a hint from the firewall logs (image 6)
(*Also note that I turned off P2P approx 10:15am the day before. The last P2P ping was at 10:07am the previous day)

Image 6
IMG_8122.PNG
(Ignore the entries for pop.oxcs.hostingplatform - those are my NVR sending emails to my mail server)

Notice the entries for " push.messagepush.org" ? These show that the NVR is sending a message to that server with a push notification intended for the DMSS app on my phone.
NO P2P enabled, NO Dahua Account logged in, and I'm on cellular (not local to wifi) and I still get these push messages to my phone, as long as the NVR profile in DMSS is added using a serial number/QR code

Image 5 again
IMG_8119.PNG
 
Last edited:
  • Like
Reactions: johnfitz and samplenhold
Part#2) Lets talk about UPnP

I have two profiles on my iphone DMSS app -
  • One I label HOME which is added to DMSS via IP/Domain - using the LAN IP of my NVR 192.168.1.110
  • The 2nd profile is HOMEREMOTE - which is added to DMS via the NVR serial number
I had never noticed but the default for the serial number method has a tick box for UPnP on the Details screen, which by default is turned ON
*( Note: I have UPnP turned OFF on the NVR and my router as should you)

As I mentioned in my first post, with P2P OFF on the NVR as well as being logged OUT of the Dahua account, and on a cell connection I was still able to get push messages through the HOMEREMOTE profile.

I turned UPnP OFF on the HOMEREMOTE profile and am still able to get push messages through that profile while on cell connection AND on Wifi.
So on the HOMEREMOTE profile, UPnP On/Off had no effect. Was still receiving push messages via this profile both on cell and wifi connections with P2P off and logged out of the Dahua account.

**This UPnP option is NOT available and does not appear on the profile added via IP address.



Part#3)

I wanted to test the HOME profile using the LAN IP method of adding the NVR to DMSS. In my case, the NVR details show 192.168.1.110 - my internal LAN IP of my NVR

So to be sure nothing from the HOMEREMOTE (serial number added method) profile was interfering, I deleted it and waited 4 hours for any residual P2P connection pinging to stop.
  • Testing via wifi (local) as well as cellular (5G no wifi) yields same results.
  • I DO get push messages to the DMSS app whether connected to local wifi OR cell/5G with P2P OFF, Dahua Account OFF
  • The only difference, as was expected, is that I can't see the snapshot or video clip in DMSS even though I get the push alert, unless I'm connected to local Wifi

*I found that with both profiles existing on the DMSS app, the HOMEREMOTE or profile (added via serial number), always took precedence in receiving alerts over the HOME profile using my LAN IP method. With this test, removing the Serial Number profile completely, I was able to isolate just the LAN IP profile and found I got the same results as in Part#1 above.

**So again the question is how is the alert being generated and how does it find the app on my phone if P2P is off, account is off, and I'm on an external cell/5G connection with a profile that only knows my internal LAN IP address????
 
Last edited:
Reserved
 
I am guessing that the DMSS app must make a connection to Dahua servers regardless of whether someone checked UPnP or P2P or not and by inputting the NVR into DMSS by the serial number or scanning the QR code, it now has access to the NVR to send out push notifications.

That raises 3 immediate questions:
  • Was that intentional to reduce the number of calls "why is my push notifications not working" or
  • Unintentional bad coding that allowed this to happen "against" someone's wishes to not make that connection or
  • Nefarious coding to give China (or hackers) access to everything?

Then that leads to a follow-up question. You said even with P2P disabled and logged out of the DMSS account you still got push notifications, so is the serial number all that is needed for a hacker to access the system? In other words, could someone like the delivery driver simply take a screenshot of the serial number on the outside of the box and wait a few days for you to set up the NVR and then simply download the DMSS app and key in the serial number and gain access without user/pw or a DMSS account?
 
All good questions!

Still testing but yeah I had similar thoughts

The DMSS profile still needs the NVR creds which are of course part of the DMSS profile. Without the creds it wont finish setup and after creds are entered, it connects to the NVR (over wifi or P2P) to verify before it creates and allows the profile to be used. So no, the delivery guy couldnt just use the serial number, he'd have to have the login/pass combo as well.

But if DMSS is still pinging a server with P2P and Dahua account off (in this case push.messagepush.org) and doing a handshake of some kind to verify itself as belonging to a specific serial # NVR mate, then like practically ALL messaging platforms, its essentially doing a P2P handshake to allow discovery of its mate. From that point on, like most P2P, I assume the traffic is device to device.

So really if I'm right, No NVR login credentials need to be passed but perhaps some other unknown identifier that allows the 3rd party server (messagepush.org) to make the match between the two.

I dunno :idk:

I suspect this was part of the issue with SmartPSS only it was transmitting un-encrypted (or easily hacked weak encrypted) login credentials to the P2P servers, which I surmise was the root of the "hacks", not the P2P server itself or protocol per se, but bad implementation of how the handshake was made.
Remember, DMSS and its predecessors were/are developed by a 3rd party, not Dahua directly.
 
Last edited:
Good detective work. I never thought about it this way, that the NVR can send out anything it wants unless there's a firewall that explicitly stops it. It's only accepting incoming traffic that can be a hassle.
 
  • Like
Reactions: bigredfish
I’m not there yet. Had to put research aside today.

I’m guessing I’m going to get to a point where Dahua doesn’t exactly want us to know the details…
 
  • Like
Reactions: samplenhold
I will throw a wrench into this. I'm having all the same issues but I did not scan a QR code or enter the NVR serial #. I used the "Search on LAN" method when setting up the DMSS app. When doing this though the NVR will be available for selection & it shows the serial number.
 
Last edited:
In the app , go to device details. At the top does it show an internal LAN IP address or a serial number?

IMG_8167.png
 
  • Like
Reactions: Revo2Maxx
I have enabled a push for testing in my DMSS and after I disabled P2P mine did stop at first no but they did after I turned off the camera from having access in my router.. Now giving the camera access again. Turning on P2P and it shows online the app still no PUSH lol.. Seems fixed lol but not able to get it back yet what the heck.. lol I even back on my local wifi and turned off the event and turned it back on still no push lol. About 20 cars since back on and I know I get the event because they show in my AI view on my NVR.. Geez fixed it good they did..
 
  • Haha
Reactions: AMarkham40 and bigredfish
Keep in mind Im testing cameras plugged into the PoE ports of a Dahua NVR. I think this represents the majority of installations when you look at the shere numbers of installs many Pros do. I guarantee they arent installing and educating homeowners on the fine points of VPNs and external switches
 
Something else I don't understand is when you log out of the DMSS app the NVR is still listed, viewable & push notifications come through. What is the point of having an account? If you log out of your account then the NVR should disappear in the app until you log back in, IMO.
 
AMarkham40 said:
It shows the internal IP address only under Device Details. If you attempt to add your NVR via the LAN method you will see it lists both the internal IP & serial number when it finds the NVR for selection.
Click to expand...

Crap, my firewall isnt liking that. I get an "Abnormal Network" warning when I try to add by LAN

Do you choose IP or Serial number or just choose the device?
 
AMarkham40 said:
Something else I don't understand is when you log out of the DMSS app the NVR is still listed, viewable & push notifications come through. What is the point of having an account? If you log out of your account then the NVR should disappear in the app until you log back in, IMO.
Click to expand...

No, the account has nothing to do with whether you see NVR profiles, it gives some abilities to do things that you cant otherwise do, thats part of the test this weekend. It doesnt log you out of being able to use the core function of Live view/playback... its very much optional
 
Last edited:
Revo2Maxx said:
LOL I just looked at my cameras icon is showing when my camera was connected in the backyard.. It has been in the front of house for over a year now what the heck lol..
Click to expand...

Thats the last image it saved. There are variables at play as to when it saves a thumbnail or not
 
  • Like
Reactions: Revo2Maxx
AMarkham40 said:
I just choose the device. It lists the device, internal IP & serial number all in one selection box.
Click to expand...

Perfect, then theory is still intact. The app knows your serial number
 
  • Like
Reactions: AMarkham40
I added an image up.. There was a thumbnail for the events before,, It was the ones after I disabled p2P that the next ones came in with old IMage lol.. Again now with p2p enabled again still no PUSH my Amcrest AVP2 is pushing again after it also stopped for a short time after I turned it off and turned it back on.. I was like geez both broke now lol.. But Amcrest is pushing again..
 
  • Like
Reactions: bigredfish
You must log in or register to reply here.
Top Bottom