What encryption that Dahua cameras use?

[dmc]

I'm trying to understand the protocol that Dahua ConfigTool uses to setup a camera. Below are some packets from ConfigTool that I captured.





As you see in the first packet, the camera sends a challenge with:

38:af:29:d4:22:11IPCrealm:Login to 4H0693CPAA95AAE
random:da72da72
encryption: Default​

And in the second packet, ConfigTool replies with:

38:af:29:d4:22:11IPCuserName:admin
password:AF7D0BF2FFFCA9AF7AD315A5B68844C8
authorityType: Default​

Can anyone please help me to understand what protocol is used here? In the first packet, the encryption is 'Default'. What is Default? And in the second packet, password is sent in a hash (that I guess is an MD5 hash). How would I generate that hash?
Basically, I would like to know how I would construct the 2nd packet?

Thanks,

DM

 

[alastairstevenson]

Can anyone please help me to understand what protocol is used here?

That could just be a form of digest authentication, with a nonce (one-time-code) used by the client to generate an MD5 hash from the supplied password and other values.

Loads of resources on the internet describing web authentication methods - suggest a bit of googling.

 

[dmc]

That could just be a form of digest authentication, with a nonce (one-time-code) used by the client to generate an MD5 hash from the supplied password and other values.

Loads of resources on the internet describing web authentication methods - suggest a bit of googling.

Thanks @alastairstevenson,

I did try with Web Digest before posting for help here. One suggestion was:

HA1 = MD5(username:realm: password)
HA2 = MD5(method:digestURI)
response = MD5(HA1:nonce:HA2)​

For this method, I know how to get HA1 but have no idea of how to calculate HA2. For http request, I know the method and digestURI, but here I have no clue about those values. And I guess nonce is the random value in packet 1.

Could you explain it a little bit in more details?

Cheers,

DM