DHI-NVR5216-16P-4KS2 - HTPP API (web fw 3.2.3.1829) -No Snapshot.cgi function

[psycik]

I've got a service that on my 4104 NVR could get all the channel names. The request was:
http://<ip>/cgi-bin/configManager.cgi?action=getConfig&name=ChannelTitle

With this new one that request gets a 500 error. Looking through the IPC 1.67 http api document there are some options the work (replacing the name=ChannelTitle), like name=Multicastm, name=VideoInMode, but a lot of the other functions in that document don't work any more.

Anyone know if there's a later http api? or know how to pull all the possible values (someone decoded the fw or something?)

 

[psycik]

Or does anyone know how to decode the backups as they seem to be zipped and encoded in something.

 

[tangent]

Post all of the versions listed on the information page not just the "web" version which describes the plugin version.

 

[psycik]

Here's what's on the info page:
Type: DHI-NVR5216-16P-4KS2
Record Channel:16
Alarm In:4
Alarm Out:2
SN:<redacted>
Web:3.2.3.1829
System Version:3.210.0002.0, Build Date: 2017-07-08

 

[tangent]

v 2.12 of the HTTP API is also from 2017 and should be accurate for your nvr.
https://s3.amazonaws.com/amcrest-files/Amcrest+HTTP+API+3.2017.pdf

Not all devices support all functions in the api docs.

 

[psycik]

v 2.12 of the HTTP API is also from 2017 and should be accurate for your nvr.
https://s3.amazonaws.com/amcrest-files/Amcrest+HTTP+API+3.2017.pdf

Not all devices support all functions in the api docs.

Yeah but if there's no listing in the api doc between what is and isn't supported on various devices, the api document becomes less and less relevant.

The attach to events still works:
/cgi-bin/eventManager.cgi?action=attach&codes=
but
snapshot.cgi doesn't
and given snapshot is probably one of the most useful calls and with no mention in the document with any changes to it, I'm not sure where to head.

 

[tangent]

Not sure what's going wrong on your end, but http://192.168.1.108/cgi-bin/snapshot.cgi?channel=1 (use your nvr's ip address) should work in a web browser. Change the channel to view different cameras 1-16 on your nvr.

If for some reason that doesn't work, reboot your NVR. It is possible to crash the webserver with malformed requests.

 

[psycik]

Yeah I have no idea either.

So rebooted as suggested. Same deal.

http://192.168.10.66/cgi-bin/snapshot.cgi?channel=1(channel 1 is populated)

But:
Error
ErrorID=5, Detail=Server internal error!

I do see when I did into the vide the following extras on the URL, but no joy here either.
http://192.168.10.66/cgi-bin/snapshot.cgi?channel=1&sessionId=1627357673&timeout=60

 

[psycik]

If I could get telnet working I’d have more of a dig. But those instruction, while they show me that telnet is false, I can’t change it.

At least then I might be able to see some of the low level logs.

 

[tangent]

Close and reopen your browser, try a different window, or try a private window.

Is this NVR exposed to the internet through port forwarding or UPnP forwarding rules? NVRs and cameras shouldn't be exposed to the internet.
Your firmware version may be vulnerable to some very common attacks.

Telnet is insecure and has been removed from newer firmware, not sure if this version still has it. SSH is crippled in newer firmware.
I don't think you need either to solve your problem.

 

[psycik]

Even curl does it.


drogo:~$ curl --digest -u admin:admin -v http://192.168.10.66:80/cgi-bin/snapshot.cgi?channel=1
* Trying 192.168.10.66...
* TCP_NODELAY set
* Connected to 192.168.10.66 (192.168.10.66) port 80 (#0)
* Server auth using Digest with user 'admin'
> GET /cgi-bin/snapshot.cgi?channel=1 HTTP/1.1
> Host: 192.168.10.66
> User-Agent: curl/7.55.1
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< WWW-Authenticate: Digest realm="Login to 3F01EEFPAZE6193",qop="auth",nonce="748832619",opaque="1401dd1dbaf7968d91e40d4197ad95e6b74197c8"
< Connection: close
< CONTENT-LENGTH: 0
<
* Closing connection 0
* Issue another request to this URL: 'http://192.168.10.66:80/cgi-bin/snapshot.cgi?channel=1'
* Hostname 192.168.10.66 was found in DNS cache
* Trying 192.168.10.66...
* TCP_NODELAY set
* Connected to 192.168.10.66 (192.168.10.66) port 80 (#1)
* Server auth using Digest with user 'admin'
> GET /cgi-bin/snapshot.cgi?channel=1 HTTP/1.1
> Host: 192.168.10.66
> Authorization: Digest username="admin", realm="Login to dijhdkjhdjjhdjhb", nonce="748832619", uri="/cgi-bin/snapshot.cgi?channel=1", nonce=“zNhNzdmZWQ=", nc=00000001, qop=auth, response="e6b5859eadc12ce0", opaque="1401dd15e6b74197c8"
> User-Agent: curl/7.55.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-type: text/plain;charset=utf-8
< CONNECTION: close
< CONTENT-LENGTH: 47
<
Error
ErrorID=5, Detail=Server internal error!
* Closing connection 1


And no it’s not exposed to the internet. This has really got me stumped.

 

[psycik]

Could there be a setting somewhere that’s stopping it? Or a permission, But you can see I’m using the primary admin account

 

[tangent]

Try making another admin account with a different username and use that one to request the snapshot.

 

[psycik]

I’ve got anither full admin account, and a read only account. Both get the same error.

 

[psycik]

Any other ideas for getting the snapshots back? Is there an RPC2 method for doing this?

 

[psycik]

So I ended up gambling and trying the updated 216 firmware. After doing this I was able to access the camera (snapshot.cgi function and the ConfigManager.cgi?action=GetConfing&name=ChannelTitle).

Must have been something wrong with the existing firmware on the box.