Warm greetings!

Pin_Guy

n3wb
Joined
Feb 11, 2021
Messages
3
Reaction score
4
Location
Argentina
Hello, I am new to the forum. I aquired some "XM530" ipcams for home (which are very cheap, powerful and nice) and after seeing that the "ICSee" app that comes with them asked me to "open" the GPS just to add the camera to the network, I got upset and decided to get into the job of modifying that.

Screenshot_20210214-145918.png

The app uses a custom protocol for transmitting the "encrypted" credentials over the air, using an interesting "broadcasting" method which I will hopefully describe later (I reversed it already and got a small python implementation after two days of analysis and debugging).
But anyway not only that, the Sofia software inside the camera (which is quite known in the market as it has been around for years on these kind of cameras/DVRs) leaks data everywhere, and has some hardcoded admin access credentials inside (user: root password: 34547USn). Plus the 9530 port that receives the OpenTelnet command to open telnetd (via tothi/hs-dvr-telnet), the generic "unchangeable without reflashing" xmhdipc root password... The ONVIF server that leaks the admin's access password after a POST to the GetStreamUri command with the username set as blank (all ONVIF commands actually work unauthenticated), the long list of chinese IPs that the camera and the app try to connect to constantly, even after disabling the so called "Cloud" via the "NatEnable: false" option, and the list goes on largely... I am a bit "techie", but I think I will need a bit of help from experienced users around here to address some of these flaws. TIA!
 

sebastiantombs

Known around here
Joined
Dec 28, 2019
Messages
11,511
Reaction score
27,690
Location
New Jersey
:welcome:

Welcome to the enchanted land of video surveillance lunatics, good guys, nut jobs and miscreants (yes, I fit into at least three categories). There are a lot of knowledgeable people on here and knowledge and experience are shared constantly. That's how I got to be a lunatic (already a nut job and miscreant).

Start out by looking in the WiKi in the blue bar at the top of the page. There's a ton of very useful information in there and it needs to be viewed on a computer, not a phone or tablet. The Cliff Notes will be of particular interest although the camera models listed there are a generation old at this point. The best way to determine what kind of camera you need in each location and where each location should really be is to buy one varifocal camera first and set up a test stand for it that can be easily moved around. Test using that, viewing using the web interface of the camera, during the day and at night. Have someone walk around behaving like a miscreant and see if you can identify them. There is also information for choosing hardware and securing the system along with a whole bunch of other good stuff.

Don't chase megapixels unless you have a really BIG budget. General rule of thumb is that a 4MP camera will easily outperform an 8MP camera when they both have the same sensor size. Reason being that there are twice as many pixels in the 8MP versus the 4MP. This results in only half the available light getting to each pixel in an 8MP that a pixel in the 4MP "sees".

A dedicated PC doesn't need to be either expensive to purchase or to run. A used business class machine can be had from eBay and various other sources. The advances made in Blue Iris make it easily possible to run a fairly large system on relatively inexpensive hardware which also makes power consumption low, as in under 50 watts in many cases. The biggest expenses turn out to be hard drives for storing video and a PoE switch to power the cameras and, of course, the cameras themselves.

Three rules
Rule #1 - Cameras multiply like rabbits.
Rule #2 - Cameras are more addictive than drugs.
Rule #3 - You never have enough cameras.

Quick guide -

The smaller the lux number the better the low light performance. 0.002 is better than 0.02
The smaller the "F" of the lens the better the low light performance. F1.4 is better than F1.8
The larger the sensor the better the low light performance. 1/1.8" is better (bigger) than 1/2.7"
The higher the megapixels for the same size sensor the worse the low light performance. A 4MP camera with a 1/1.8" sensor will perform better than a 8MP camera with that same 1/1.8" sensor.

Don't believe all the marketing hype no matter who makes the camera. Don't believe those nice night time captures they all use. Look for videos, with motion, to determine low light performance.

Read the reviews here, most include both still shots and video.

Rule of thumb, the shutter speed needs to be at 1/60 or higher to get night video without blurring.

Lens size, focal length, is another critical factor. Many people like the wide, sweeping, views of a 2.8mm lens but be aware that identification is problematic with a lens that wide. Watch this video to learn how to analyze each location for appropriate lens size and keep in mind that it may take two cameras to provide the coverage you need or desire.

The 5442 series of cameras by Dahua is the current "king of the hill". They are 4MP and capable of color with some ambient light at night. The 2231 series is a less expensive alternative in 2MP and does not have audio capabilities, no built in microphone, but is easier on the budget. The 3241T-ZAS has similar spcs as the 2231 and has audio. There are also cameras available from the IPCT Store right here on the forum and from Nelly's Security who has a thread in the vendors section.

5442 Reviews

Review - Loryata (Dahua OEM) IPC-T5442T-ZE varifocal Turret

Review - OEM IPC-B5442E-ZE 4MP AI Varifocal Bullet Camera With Starlight+

Review-OEM 4mp AI Cam IPC-T5442TM-AS Starlight+ Turret

Review IPC-T5442TM-AS-LED (Turret, Full Color, Starlight+)

Review: IPC-HDBW5442R-ASE-NI - Dahua Technology Pro AI Bullet Network Camera

2231 Review
Review-OEM IPC-T2231RP-ZS 2mp Varifocal Turret Starlight Camera

3241T-ZAS Review

Less expensive models -

VPN Information Thread
 

laka1

Getting the hang of it
Joined
Jan 22, 2021
Messages
30
Reaction score
39
Location
Denver
Hello, I am new to the forum. I aquired some "XM530" ipcams for home (which are very cheap, powerful and nice) and after seeing that the "ICSee" app that comes with them asked me to "open" the GPS just to add the camera to the network, I got upset and decided to get into the job of modifying that.

View attachment 82616

The app uses a custom protocol for transmitting the "encrypted" credentials over the air, using an interesting "broadcasting" method which I will hopefully describe later (I reversed it already and got a small python implementation after two days of analysis and debugging).
But anyway not only that, the Sofia software inside the camera (which is quite known in the market as it has been around for years on these kind of cameras/DVRs) leaks data everywhere, and has some hardcoded admin access credentials inside (user: root password: 34547USn). Plus the 9530 port that receives the OpenTelnet command to open telnetd (via tothi/hs-dvr-telnet), the generic "unchangeable without reflashing" xmhdipc root password... The ONVIF server that leaks the admin's access password after a POST to the GetStreamUri command with the username set as blank real money casinos Top 5 Real Money Online Casinos in Canada - Real Money Casinos gambling online (all ONVIF commands actually work unauthenticated), the long list of chinese IPs that the camera and the app try to connect to constantly, even after disabling the so called "Cloud" via the "NatEnable: false" option, and the list goes on largely... I am a bit "techie", but I think I will need a bit of help from experienced users around here to address some of these flaws. TIA!
Welcome!
 
Top