If you’ve purchased a piece of consumer electronics in the last few years, there’s an excellent chance that you were forced to use some proprietary application (likely on a mobile device) to unlock its full functionality. It’s a depressing reality of modern technology, and unless you’re willing to roll your own hardware, it can be difficult to avoid. But [krishnan793] decided to take another route, and reverse engineered his DDPAI dash camera so he could get a live video stream from it without using the companion smartphone application.
Like many modern gadgets, the DDPAI camera creates its own WiFi access point that you need to connect to for configuration. By putting his computer’s wireless card into Monitor mode and running Wireshark, [krishnan793] was able to see that the smartphone was communicating with the camera using some type of REST API. After watching the clear-text exchanges for awhile, he not only discovered a few default usernames and passwords, but the commands necessary to configure the camera and start the video stream.
After hitting it with the proper REST messages, an nmap
scan confirmed that several new services had started up on the device. Unfortunately, he didn’t get any video when he pointed VLC to the likely port numbers. At this point [krishnan793] checked the datasheet for the camera’s Hi3516E SoC and saw that it supported H.264 encoding. By manually specifying that as the video codec when invoking VLC, it was able to play a video stream from port 6200. A little later, he discovered that port 6100 was serving up the live audio.
Technically that’s all he wanted to do in the first place, as he was looking to feed the video into OpenCV for other projects. But while he was in the area, [krishnan793] also decided to find the download URL for the camera’s firmware, and ran it through binwalk to see what he could find out. Not surprisingly the security turned out to be fairly lax through the entire device, so he was able to glean some information that could be useful for future projects.
Of course, if you’d rather go with the first option and build your own custom dash camera so you don’t have to jump through so many hoops just to get a usable video stream, we’ve got some good news for you.
Cool, I have that same camera in my car. Though I don’t see that this info is going to help me much
Most stuff with forced app has a native protector on the app and encryption on the stream.. I’ve even seen it on cheap camera drone apps..
Why would someone building stuff like this want to keep the stuff secret and force you to use their app? What’s so special about a video stream comming from a dash cam or a drone or some other recording device that they want to lock you into their own app? Are they charging extra for certain features? Are there things its possible to do with the hardware that the app won’t do? (maybe because they want to keep that feature for a more expensive model)
I have a feeling it has more to do with making you run their app so they get access to your phone.
^this^
“Just because you’re paranoid, it doesn’t mean someone isn’t out to get you.”
Except it takes seconds to confirm they are using a native protector on their .apk and the stream is encrypted so it’s not really a [anything you care to mention here]-theory….
Nobody is out their auditing Chinese drone apps for exfiltration of data, and even Android 10 has privilege token that cover broad access so just looking at app-perms won’t help you..
Having a glutton-convenience to tech is why malware is still using propagation techniques from the eighties to hack basically everything..
My annoyance is not so much having to use proprietary software to make a device useful, it is the almost universal lack of quality those applications have!
(and the spyware they infect your PC/device with)
The one thing I want in my dashcam (Blackvue DR750S-2CH) is the ability to run a script on my NAS to connect and download all the video each day.
Apparently it can be done with some Blackvue cameras, but I’ve never had any luck.
maybe apply his hacking methods to the firmware to see if you come up with anything, I’ve found binvis.io + binwalk will dump loads of unknown info about a device. there’s also this https://gadgetblogist.wordpress.com/2014/10/16/dashcam-hacking/
https://github.com/drewwells/blackvue
good luck
darkspr1te
I plan on buying a DR900S-2CH soon to replace the GoPro I’ve been using and that’d be a great hack
I have a BlackVue DR650GW 2CH Dashcam which I’m sure has planned obsolescence build into. Throwing out all that cloud crap and fixing the many shortcommins of the software would have been cool, however I didn’t want to invest time in reversing it.
I wish that I could write GPS data along with the video on my dash cam.