![]() Dissecting traffic with WiresharkĪlways, always spend time developing debug or analysis tools. Time to extract what I could-the header layout was correct-and move on. The payload appeared to be encrypted in my captures.įurthermore, the code wouldn’t even run due to some questionable pointer juggling. On a lark, I Googled this, and actually found a project on GitHub from 2015 which was attempting to retrieve data from Swann cameras!Ī quick look at the code told me that although they share the sync word and packet header, the protocols for my camera and these older cameras were very different. The only thing that jumped out to me was the appearance of a sync word at the beginning of each packet, 0xf0debc0a. The end result is a new piece of open-source software called Neolink, which allows Blue Iris, Shinobi, or other NVR software to receive video from unmodified Reolink cameras.Īs a first step, I fired up Wireshark and captured traffic between the camera and its official Reolink PC client 1. Most non-triumphant.īogus enough that I decided to pwn the camera, reverse engineer the protocol, and write my own software to get the video stream. This was, in the immortal words of Bill and Ted, bogus. Then, barely outside my return window, Reolink updated their support page to say that the cameras would only work with their 8-channel NVR or proprietary viewer apps. However, I bought these cameras because I believed they supported open standards such as ONVIF, so I’d just swap the NVR for a copy of Blue Iris running on my server.Īt the time, the Reolink support page clearly indicated that all of their non-battery-powered cameras supported RTSP.Īfter the system was installed, it became apparent that the cameras did not in fact support RTSP-the only port open on them was port 9000. Unfortunately, the NVR is pretty anemic: it’s clearly an existing model with slight changes to support 4K cameras, and it struggles to support more than one viewer at a time. It came in a “kit” of six cameras and an NVR (a dedicated recording box that also powers the cameras). It’s fairly nice hardware, actually-it has a 4K video sensor, a microphone, power over Ethernet, and is nominally waterproof. Way back in late 2019, I dissected a Reolink B800 IP camera to demonstrate the various parts of an embedded Linux system. A brief history of the Baichuan protocol.If anyone has any ideas as to what could be going on – or how I can investigate further – then I would be very grateful. It also seems odd that neither this port nor this activity is not mentioned in the Reolink manual. I could understand if this happened once a day, but not each and every 20 seconds. However, the frequency of connection attempts makes this seem unlikely. I also thought that maybe the camera is perhaps trying to contact to the Reolink app to see if there is a firmware upgrade or suchlike. I thought that maybe it is trying to connect to my Linux machine because it is the one running the Reolink software. My firewall log on this Linux machine records that the camera tries to connect to port 3000 every twenty seconds, regardless of whether the app is scheduled to be recording.Īccording to the firewall log, the source port on the camera is 38706 and the protocol is UDP.Ī Google for both the source and destination ports doesn’t help me understand why the camera is trying to connect to port 3000 all the time. The app is set-up to record motion-triggered events during daylight hours.īecause the Linux machine has a firewall, I have opened the usual media, RTSP and RTMP ports (etc). I have the Reolink app running in a Wine environment on a Linux machine. The camera is attached to a POE switch on my LAN via ethernet. I have a Reolink camera that is repeatedly trying to connect to a computer on my LAN and I was wondering if anybody had any suggestions as to what may be going on. ![]()
0 Comments
Leave a Reply. |