Annoying camera auth feature. TV-IP751WC
Posted: Sun Dec 14, 2014 4:51 am
So i have a few TV-IP751WC cameras that don't work in zoneminder do to some newer authentication method that seam to require inital connection then a second one with the username/password and key all hashed together(response=) along with a key(nonce=).
This is the first time i have seen this i am wondering if zm already has a way to get around this. I have been out of the look on cctv stuff for a while. It seams like this kinda auth could be more common in newer cameras to prevent cross site scripting, and protecting user logins(to an extent).
IF no one has time to think about this issues can you point me to the parts of zm that something liek this woudl be added to so I can see if I add support.
http://en.wikipedia.org/wiki/Cryptographic_nonce
Then after the browser will send the login to the page with the nonce key as well. IN this case the username is admin and the password is adminadmin
This is the first time i have seen this i am wondering if zm already has a way to get around this. I have been out of the look on cctv stuff for a while. It seams like this kinda auth could be more common in newer cameras to prevent cross site scripting, and protecting user logins(to an extent).
IF no one has time to think about this issues can you point me to the parts of zm that something liek this woudl be added to so I can see if I add support.
http://en.wikipedia.org/wiki/Cryptographic_nonce
Code: Select all
GET /mjpeg.cgi HTTP/1.1
Host: 10.0.0.251
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.0 401 Authorization Required
Server: alphapd
Date: Sat Dec 13 20:24:05 2014
Pragma: no-cache
Cache-Control: no-cache
Content-type: text/html
WWW-Authenticate: Digest realm="TV-IP751WC",qop="auth", [b]nonce="e8194cde8b06e04c3d0100b8bb8a80ca"[/b]
<html><body><h2>Error: Authorization Required</h2>
<p>Authentication was requested</p></body></html>
Code: Select all
GET /mjpeg.cgi HTTP/1.1
Host: 10.0.0.251
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Authorization: Digest username="admin", realm="TV-IP751WC", nonce="e8194cde8b06e04c3d0100b8bb8a80ca", uri="/mjpeg.cgi", response="8e8dd3c52e73515203ae3f311d4e08cf", qop=auth, nc=00000001, cnonce="738a55949209777a"
HTTP/1.0 200 OK
Server: alphapd
Date: Sat Dec 13 20:24:19 2014
Pragma: no-cache
Cache-Control: no-cache
Content-Type: multipart/x-mixed-replace;boundary=--video boundary--
Content-length: 18785
Date: 12-13-2014 08:24:19 PM IO_00000000_PT_005_000
Content-type: image/jpeg
.....^...........................................W.......!1.AQa."2.q...#BRb...3r..$CS..4.........