Jump to content
Guides for the Forum Read more... ×
Poradniki na Forum Read more... ×
FIBARO Home Center App 1.0.0 - release Read more... ×
FIBARO Home Center App 1.0.0 - wydanie Read more... ×

Question

IP camera support on Fibaro is about to become history.

I love my HC2 but unless Fibaro implement simple "digest authentication" for IP cameras, support is about to die off.

 

Here's why:

  • Recent vulnerabilities have forced some IP camera manufacturers to REMOVE basic authentication.
  • Fibaro ONLY supports basic authentication.
  • Digest authentication has been around since the 90's and is one step above basic or "plain text" authentication (visible in packet captures).
  • It is becoming more difficult to upgrade or buy new cameras that support basic authentication.

 

Dahua

- Since early 2017, basic authentication is now disabled in Dahua firmware.

- In 2016, Dahua started signing its firmware which stops downgrades to unsigned versions.

- So there's no solution once you have newer firmware installed. :(

 

Not to mention the lack of support for RTSP, with MJPEG becoming obsolete.

Digest auth is needed just to keep existing functionality.

Beware of upgrading your IP cameras!

Share this post


Link to post
Share on other sites

6 answers to this question

Recommended Posts

  • 0

Well, it seems that Fibaro likes to play Apple's game, being secretive on anything they are about to do. What I'm writing, they are secretive even on just published firmwares usually not putting important changes on the change log list ;-) 

 

Problem is that Apple game works well with releasing new hardware like iPhone or iPad, but this definitely doesn't work well with home automation system where software plays most important role.

 

Hiding from users future development in this case can direct users to go with other solutions.

Share this post


Link to post
Share on other sites
  • 0
  • Inquirer
  • Totally agree.

    I suspect this one is on their radar after reading some of the other forum posts.

     

    There's no way in hell Fibaro would use plain text authentication for their own products.

    So only allowing plain text authentication towards IP cameras is madness.

    Share this post


    Link to post
    Share on other sites
    • 0

    Come on Fibaro, are  the cameras with digest authentication really dead for the HC2 integration???

    you got to be kidding me.

    more than 1k in cameras and cant use them with the HC2. ridiculous !!!

    Edited by Janko22

    Share this post


    Link to post
    Share on other sites
    • 0

    Hello Fibaro

    anyone listening?

    got 12 dahua cameras and cant use a single one to stream the feed to my fibaro tablet !!!

    please solve this, pleaseeee !!!

    Share this post


    Link to post
    Share on other sites
    • 0

    there is a workaround... using  

    Please login or register to see this link.

     as a camera proxy. The main idea is that all your cameras stay on your LAN without internet access (router rules) and then using  

    Please login or register to see this link.

     to controll all them (using web camera services...) Then Fibaro can connect to  

    Please login or register to see this link.

     web server, rather than directly to cameras.

     

    PROS:

    -  Lets FIBARO to connect to almost *any* camera throught  

    Please login or register to see this link.

     (that supports hundreds of models, including super recent models, and it is updated very often)

     

    CONS:

    - A bit amused work and. You need also an extra hardware running 24/7 (Android Phone, tablet, TVbox...). I trying a Rpi3 box too with Android distro, more update soon

     

    I wrote a guide here:

     

    • Like 1

    Share this post


    Link to post
    Share on other sites
    • 0

    Hello,

    I have same trouble with my Dahua cam. No jpg or mjpg picture, video.

     

    But at new API documentation is about authentication written this:

     

    3.5 Authentication
    Video products support either basic authentication or digest authentication. If the http request does not provide valid
    “Authorization” information, video products would return HTTP status code 401 and information for authentication. Video
    products return the required resource only if authorization correct.
    For example:
    1. When basic authentication fails, response is:
    HTTP/1.1 401 Unauthorized
    WWW-Authenticate: Basic realm=”XXXXXX”
    The client encodes the username and password with base64, and then sends it to server. A valid Authorization like this:
    Authorization: Basic VXZVXZ
    2. When digest authentication fails, response is:
    HTTP/1.1 401 Unauthorized
    WWW-Authenticate: Digest realm="DH_00408CA5EA04", nonce="000562fdY631973ef04f77a3ede7c1832ff48720ef95ad",
    stale=FALSE, qop="auth"
    The client calculates the digest authorization using information like username, password, nonce, HTTP method and URI
    with MD5, and then sends it to server.
    For example:
    Authorization: Digest username="admin", realm="DH_00408CA5EA04", nc=00000001, cnonce="0a4f113b", qop="auth",
    nonce="000562fdY631973ef04f77a3ede7c1832ff48720ef95ad", uri="/cgi-bin/magicBox.cgi?action=getLanguageCaps",
    response="65002de02df697e946b750590b44f8bf"

     

     

    Get mjpg stream

    http://<server>/cgi-bin/mjpg/video.cgi[?channel=<ChannelNo>&subtype=<typeNo>]

    Subtype 0 cannot have mjpg stream, only subtype 1, it must be set at camera setting.

    Share this post


    Link to post
    Share on other sites

    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

    ×