Jump to content

Welcome to Smart Home Forum by FIBARO

Dear Guest,

 

as you can notice parts of Smart Home Forum by FIBARO is not available for you. You have to register in order to view all content and post in our community. Don't worry! Registration is a simple free process that requires minimal information for you to sign up. Become a part of of Smart Home Forum by FIBARO by creating an account.

 

As a member you can:

  •     Start new topics and reply to others
  •     Follow topics and users to get email updates
  •     Get your own profile page and make new friends
  •     Send personal messages
  •     ... and learn a lot about our system!

 

Regards,

Smart Home Forum by FIBARO Team


  • 0

earto
 Share

Question

IP camera support on Fibaro is about to become history.

I love my HC2 but unless Fibaro implement simple "digest authentication" for IP cameras, support is about to die off.

 

Here's why:

  • Recent vulnerabilities have forced some IP camera manufacturers to REMOVE basic authentication.
  • Fibaro ONLY supports basic authentication.
  • Digest authentication has been around since the 90's and is one step above basic or "plain text" authentication (visible in packet captures).
  • It is becoming more difficult to upgrade or buy new cameras that support basic authentication.

 

Dahua

- Since early 2017, basic authentication is now disabled in Dahua firmware.

- In 2016, Dahua started signing its firmware which stops downgrades to unsigned versions.

- So there's no solution once you have newer firmware installed. :(

 

Not to mention the lack of support for RTSP, with MJPEG becoming obsolete.

Digest auth is needed just to keep existing functionality.

Beware of upgrading your IP cameras!

Link to comment
Share on other sites

9 answers to this question

Recommended Posts

  • 1

there is a workaround... using  

Please login or register to see this link.

 as a camera proxy. The main idea is that all your cameras stay on your LAN without internet access (router rules) and then using  

Please login or register to see this link.

 to controll all them (using web camera services...) Then Fibaro can connect to  

Please login or register to see this link.

 web server, rather than directly to cameras.

 

PROS:

-  Lets FIBARO to connect to almost *any* camera throught  

Please login or register to see this link.

 (that supports hundreds of models, including super recent models, and it is updated very often)

 

CONS:

- A bit amused work and. You need also an extra hardware running 24/7 (Android Phone, tablet, TVbox...). I trying a Rpi3 box too with Android distro, more update soon

 

I wrote a guide here:

 

  • Like 1
Link to comment
Share on other sites

  • 0

Well, it seems that Fibaro likes to play Apple's game, being secretive on anything they are about to do. What I'm writing, they are secretive even on just published firmwares usually not putting important changes on the change log list ;-) 

 

Problem is that Apple game works well with releasing new hardware like iPhone or iPad, but this definitely doesn't work well with home automation system where software plays most important role.

 

Hiding from users future development in this case can direct users to go with other solutions.

Link to comment
Share on other sites

  • 0
  • Inquirer
  • Totally agree.

    I suspect this one is on their radar after reading some of the other forum posts.

     

    There's no way in hell Fibaro would use plain text authentication for their own products.

    So only allowing plain text authentication towards IP cameras is madness.

    Link to comment
    Share on other sites

    • 0

    Come on Fibaro, are  the cameras with digest authentication really dead for the HC2 integration???

    you got to be kidding me.

    more than 1k in cameras and cant use them with the HC2. ridiculous !!!

    Edited by Janko22
    Link to comment
    Share on other sites

    • 0

    Hello Fibaro

    anyone listening?

    got 12 dahua cameras and cant use a single one to stream the feed to my fibaro tablet !!!

    please solve this, pleaseeee !!!

    Link to comment
    Share on other sites

    • 0

    Hello,

    I have same trouble with my Dahua cam. No jpg or mjpg picture, video.

     

    But at new API documentation is about authentication written this:

     

    3.5 Authentication
    Video products support either basic authentication or digest authentication. If the http request does not provide valid
    “Authorization” information, video products would return HTTP status code 401 and information for authentication. Video
    products return the required resource only if authorization correct.
    For example:
    1. When basic authentication fails, response is:
    HTTP/1.1 401 Unauthorized
    WWW-Authenticate: Basic realm=”XXXXXX”
    The client encodes the username and password with base64, and then sends it to server. A valid Authorization like this:
    Authorization: Basic VXZVXZ
    2. When digest authentication fails, response is:
    HTTP/1.1 401 Unauthorized
    WWW-Authenticate: Digest realm="DH_00408CA5EA04", nonce="000562fdY631973ef04f77a3ede7c1832ff48720ef95ad",
    stale=FALSE, qop="auth"
    The client calculates the digest authorization using information like username, password, nonce, HTTP method and URI
    with MD5, and then sends it to server.
    For example:
    Authorization: Digest username="admin", realm="DH_00408CA5EA04", nc=00000001, cnonce="0a4f113b", qop="auth",
    nonce="000562fdY631973ef04f77a3ede7c1832ff48720ef95ad", uri="/cgi-bin/magicBox.cgi?action=getLanguageCaps",
    response="65002de02df697e946b750590b44f8bf"

     

     

    Get mjpg stream

    http://<server>/cgi-bin/mjpg/video.cgi[?channel=<ChannelNo>&subtype=<typeNo>]

    Subtype 0 cannot have mjpg stream, only subtype 1, it must be set at camera setting.

    Link to comment
    Share on other sites

    • 0

    Hello, something new at digest authorization? I need it for camera integration and Lua api.

    Thank you

    Link to comment
    Share on other sites

    • 0

    I'm interested too for camera support with digest.
    Now I'have temporary resolved the problem with a raspberry (apache & php).

    On this device I have write a php script that accept basic auth request from HC2 and forward to it the stream downloaded with digest auth from the cameras.

     

    This is a very ugly solution because I need to have an extra devices 24h/24h in addition of HC2 only for run a task that is done in 15 lines of php code.

     

    Please fibaro, add digest support or in alternative give us the possibility to write proxy script for camera in LUA directly inside HC2

     

    Thank you

    Link to comment
    Share on other sites

    • 0

    Hi !

     

    The only solution i founded for the moment is to use my Synology NAS for getting the image... and store it and use it in LUA or PHP code...

    If you want the code, here it is !

    (my camera is a doorbell VTO-2111)

     

    Now i'll try to make a notification in HC2 (pop-up) by using this image.

     

    Please login or register to see this code.

     

    Link to comment
    Share on other sites

    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.

    Guest
    Answer this question...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

     Share

    ×
    ×
    • Create New...