Annoying camera auth feature. TV-IP751WC

Forum for questions and support relating to the 1.28.x releases only.
Locked
User avatar
kingofkya
Posts: 1110
Joined: Mon Mar 26, 2007 6:07 am
Location: Las Vegas, Nevada

Annoying camera auth feature. TV-IP751WC

Post by kingofkya »

So i have a few TV-IP751WC cameras that don't work in zoneminder do to some newer authentication method that seam to require inital connection then a second one with the username/password and key all hashed together(response=) along with a key(nonce=).

This is the first time i have seen this i am wondering if zm already has a way to get around this. I have been out of the look on cctv stuff for a while. It seams like this kinda auth could be more common in newer cameras to prevent cross site scripting, and protecting user logins(to an extent).

IF no one has time to think about this issues can you point me to the parts of zm that something liek this woudl be added to so I can see if I add support.

http://en.wikipedia.org/wiki/Cryptographic_nonce

Code: Select all

GET /mjpeg.cgi HTTP/1.1
Host: 10.0.0.251
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.0 401 Authorization Required
Server: alphapd
Date: Sat Dec 13 20:24:05 2014
Pragma: no-cache
Cache-Control: no-cache
Content-type: text/html
WWW-Authenticate: Digest realm="TV-IP751WC",qop="auth", [b]nonce="e8194cde8b06e04c3d0100b8bb8a80ca"[/b]
<html><body><h2>Error: Authorization Required</h2>
<p>Authentication was requested</p></body></html>
Then after the browser will send the login to the page with the nonce key as well. IN this case the username is admin and the password is adminadmin

Code: Select all

GET /mjpeg.cgi HTTP/1.1
Host: 10.0.0.251
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Authorization: Digest username="admin", realm="TV-IP751WC", nonce="e8194cde8b06e04c3d0100b8bb8a80ca", uri="/mjpeg.cgi", response="8e8dd3c52e73515203ae3f311d4e08cf", qop=auth, nc=00000001, cnonce="738a55949209777a"

HTTP/1.0 200 OK
Server: alphapd
Date: Sat Dec 13 20:24:19 2014
Pragma: no-cache
Cache-Control: no-cache
Content-Type: multipart/x-mixed-replace;boundary=--video boundary--
Content-length: 18785
Date: 12-13-2014 08:24:19 PM IO_00000000_PT_005_000
Content-type: image/jpeg

.....^...........................................W.......!1.AQa."2.q...#BRb...3r..$CS..4.........
bbunge
Posts: 2930
Joined: Mon Mar 26, 2012 11:40 am
Location: Pennsylvania

Re: Annoying camera auth feature. TV-IP751WC

Post by bbunge »

User avatar
kingofkya
Posts: 1110
Joined: Mon Mar 26, 2007 6:07 am
Location: Las Vegas, Nevada

Re: Annoying camera auth feature. TV-IP751WC

Post by kingofkya »

I think its the updated firmware but this one wont let you turn auto off anymore. and the image path is different /mjpeg.cgi now now no /video/


Anyways i did some poking around in git hub looks like they just added the digest auth into zm a few weeks ago. So might try compiling the current git copy.
https://github.com/ZoneMinder/ZoneMinder/pull/588
User avatar
iconnor
Posts: 2880
Joined: Fri Oct 29, 2010 1:43 am
Location: Toronto
Contact:

Re: Annoying camera auth feature. TV-IP751WC

Post by iconnor »

You will have to run our master dev branch. It has the fix. We may include it in 1.28.1
Locked