added ptz

2018-01-18 20:43:20 +01:00
parent 309076b34f
commit 9bed919678
2 changed files with 91 additions and 2 deletions
--- a/README.md
+++ b/README.md
@@ -2,10 +2,12 @@

 This is a log of simple hacks for the cheap m1x. For now, this is only about to bring wifi up without using the app, setting the correct time(-zone) and installing an ssh server in place for the shipped telnetd.

-Out of the box, this cam features:
+Out of the box, this cam "features":
 - open telnet access as root (at least on this firmware `Linux goke 3.4.43-gk #56 PREEMPT Fri Sep 29 00:24:56 PDT 2006 armv6l GNU/Linux`)
+- ONVIF should be accessible at port 5000. Due to the android app tinyCam Monitor, it is supposed to use ONVIF `Profile S` (but as well as a lot of other people, I couldn't get it to work in other software). 
 - rtsp access with user `admin`, pw `20160404` at port `554` and path `/onvif1` (respectively `/onvif2` with lower quality), e.g. `vlc rtsp://admin:20160404@<your-cams-ip>/onvif1`
- ONVIF should be accessible at port 5000. Due to the android app tinycam, it is supposed  to use ONVIF `Profile S` (but as well as a lot of other people, I couldn't get it to work in other software). I have dumped some network traffic between tinycam and the cam but didn't had the time to investigate that so far.
+
+Using these rtsp parameters, I could get it to manually work in every software I tried so far, except out of the box PTZ (e.g. [Synology Surveillance Station](https://www.synology.com/de-de/surveillance), [Shinobi](https://github.com/ShinobiCCTV/Shinobi) or [Home Assistant](https://home-assistant.io/)).

 Of course: Everything at your own risk here…

@@ -32,6 +34,7 @@ Thx thomas (https://github.com/ant-thomas/zsgx1hacks) for pre-compiling dropbear

 Generate your own password hash with `openssl passwd -1` (follow the prompt) and add it to `do.sh`
 For a public key authentication to work, add your public key(s) in `npc/root-home/.ssh/authorized_keys`
+Then execute `do.sh` and everything should be setup. To make this persistent, add `sh /npc/do.sh` to `/npc/boot.sh` (skip this if you already copied the file to the cam). You should however always make sure that your script is working. Otherwise the cam could get inaccessible from the network.


 ## Persistency
@@ -72,6 +75,62 @@ As rdate is very uncommon these days, you have to find a sync server that suppor
 For the correct time to show up, add your corresponding timezone file inside a persistent folder (e.g. `/npc/zoneinfo`). You will find those files on most linux systems in `/usr/share/zoneinfo/`. It is important to not only copy the actual binary timezone file, but also to create the folder it is residing in and symlink that to `/etc/localtime`, for example for Berlin `ln -s /npc/zoneinfo/Europe/Berlin /etc/localtime`.


+## PTZ
+
+I do not assume this cam is following the official ONVIF standard as most ONVIF clients are not working with it (although I do not have any clue about the ONVIF standard).
+Using the android app [tinyCam Monitor](https://play.google.com/store/apps/details?id=com.alexvas.dvr&hl=de) and [packet capture](https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture&hl=de)), I could monitor all pan and tilt actions and quickly reverse engineered the appropriate commands. ~~Please note that so far I didn't have a closer look into how the password and nonce is managed~~ , authentication is not done at all…, see the example request.
+For pan and tilt, send a SOAP request with the following body to port 5000 on path `/onvif/device_service`, e.g. for moving to the left (see [ptz_request.xml](ptz_request.xml) or listing below):
+
+`curl -H "Content-Type: application/soap+xml" -X POST -d "@ptz_request.xml" http://$your-cams-ip:5000/onvif/device_service`
+
+And the plain xml body:
+```
+<v:Envelope 
+    xmlns:i="http://www.w3.org/2001/XMLSchema-instance" 
+    xmlns:d="http://www.w3.org/2001/XMLSchema" 
+    xmlns:c="http://www.w3.org/2003/05/soap-encoding" 
+    xmlns:v="http://www.w3.org/2003/05/soap-envelope">
+    <v:Header>
+        <Security v:mustUnderstand="1" 
+            xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+            <UsernameToken 
+                xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+                <Username>admin</Username>
+                <Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">tada_your_non_exisisting_password=</Password>
+                <Nonce>non_existing_nonce</Nonce>
+                <Created 
+                    xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2018-01-16T11:43:32Z
+                </Created>
+            </UsernameToken>
+        </Security>
+    </v:Header>
+    <v:Body>
+        <ContinuousMove 
+            xmlns="http://www.onvif.org/ver20/ptz/wsdl">
+            <ProfileToken>IPCProfilesToken0</ProfileToken>
+            <Velocity>
+                <PanTilt 
+                    xmlns="http://www.onvif.org/ver10/schema" x="-1.0" y="0.0"/>
+            </Velocity>
+        </ContinuousMove>
+    </v:Body>
+</v:Envelope>
+
+```
+Specification: https://www.onvif.org/ver20/ptz/wsdl/ptz.wsdl
+
+Table of possible movements
+
+| x    | y    | Action            |
+|------|------|-------------------|
+| 0.0  | -1.0 | move down         |
+| 0.0  | 1.0  | move up           |
+| 1.0  | 0.0  | move to the right |
+| -1.0 | 0.0  | move to the left  |
+
+
+
+
 ## TODO 
  - scp: link scp from dropbearmulti to $PATH?
  - disable internet access using hosts file?
--- a/ptz_request.xml
+++ b/ptz_request.xml
@@ -0,0 +1,30 @@
+<v:Envelope 
+    xmlns:i="http://www.w3.org/2001/XMLSchema-instance" 
+    xmlns:d="http://www.w3.org/2001/XMLSchema" 
+    xmlns:c="http://www.w3.org/2003/05/soap-encoding" 
+    xmlns:v="http://www.w3.org/2003/05/soap-envelope">
+    <v:Header>
+        <Security v:mustUnderstand="1" 
+            xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+            <UsernameToken 
+                xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+                <Username>admin</Username>
+                <Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">tada_your_non_exisisting_password=</Password>
+                <Nonce>non_existing_nonce</Nonce>
+                <Created 
+                    xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2018-01-16T11:43:32Z
+                </Created>
+            </UsernameToken>
+        </Security>
+    </v:Header>
+    <v:Body>
+        <ContinuousMove 
+            xmlns="http://www.onvif.org/ver20/ptz/wsdl">
+            <ProfileToken>IPCProfilesToken0</ProfileToken>
+            <Velocity>
+                <PanTilt 
+                    xmlns="http://www.onvif.org/ver10/schema" x="-1.0" y="0.0"/>
+            </Velocity>
+        </ContinuousMove>
+    </v:Body>
+</v:Envelope>