DavidVentura
commented
2 months ago These strings can be uploaded to the camera; and indeed, my camera was the one generating the requests. This is the 'feature' used to be able to see your live streams over the internet. I've not investigated how to overwrite these values, instead I block all outgoing traffic from the cameras
adrcunha
Background/extra info
The "Spyware" section in the README mentions 4 IPs where a HELLO message is sent to, and they're stored inside the YsxLite app APK. The README also mentions other IPs, some already extracted in the
dec_svr.pyfile. Right now, they map to the following:SWPNPDPFLVAOLNSXPHSQPIEOPAIDENLXHXEHIFLKPGLRHUARSTLQEEEPSUIHPDLSPEAOICLOSQEMLPPALNIBIAERHZLKHXEJHYHUEIEHELEEEKEG
PFLXLSTBLKHYLPLRHUEHIEEGEEARLQPLIHIAEKAOSTLVEOSQPDHZLNPAICIFEREJLKEMENHUHXIBEPEEEHEIEL
EKTDROREHXHURHRKRMCXEEKPRNKKUZPNLXNYNOHYAONRNUNWRJSQGZNXGUNTIHKIJYEHPAKBHTKEKGKDLKJVKHKFERGSGIEIHUGLEDGOGQGNEEGFGRGP
EKPNHXIDAUAOEHLOTBSQEJSWPAARTAPKLXPGENLKLUPLHUATSVEESTPFHWIHPDIEHYAOLVEISQLNEGLPPALQHXERELIALKEHEOHZHUEKIFEEEPEJ
PFLXLNPKSULKLVPEHUHXHWLPEEPGEHIHARENLQAOSTLOIFSQHZIAPAPDLUIEERLNEOHYLKEPEIHUHXEGEJEEEKEH
SVLXLNENPGLKHXLOLVHUPFLQEEEHPKLUIHIALPAOARHYIESQSTEKIBPAPDEIHZERLNEJIFLKHXEOEMHUEHELHWEEEPEG
I found a subset of the exact strings in the FtyCampro app:
EKPNHXIDAUAOEHLOTBSQEJSWPAARTAPKLXPGENLKLUPLHUATSVEESTPFHWIHPDIEHYAOLVEISQLNEGLPPALQHXERELIALKEHEOHZHUEKIFEEEPEJ
PFLXLNPKSULKLVPEHUHXHWLPEEPGEHIHARENLQAOSTLOIFSQHZIAPAPDLUIEERLNEOHYLKEPEIHUHXEGEJEEEKEH
SVLXLNENPGLKHXLOLVHUPFLQEEEHPKLUIHIALPAOARHYIESQSTEKIBPAPDEIHZERLNEJIFLKHXEOEMHUEHELHWEEEPEG
SVLXLNENPGLKHXLOLVHUPFLQEEEHPKLUIHIALPAOARHYIESQSTEKIBPAPDEIHZERLNEJIFLKHXEOEMHUEHELHWEEEPEG
SWPNPDPFLVAOLNSXPHSQPIEOPAIDENLXHXEHIFLKPGLRHUARSTLQEEEPSUIHPDLSPEAOICLOSQEMLPPALNIBIAERHZLKHXEJHYHUEIEHELEEEKEG
These generic catch-all camera apps seem to be all derived from the same source, changing just the UI and some bits of behavior.
Ping origin: camera or app?
I don't have a setup to trace the attempts to send the HELLO messages to these IPs, but they're found in the APKs and the README states that "connecting the camera to a network, it tries to send a HELLO". I'd like to confirm the source of the messages, so the documentation can be updated about optionally blocking these IPs on the router (but hopefully they're sent by the app and thus using cam-reverse is totally safe).
@DavidVentura were you able to confirm the source of the messages, if they are sent by the app or by the camera firmware?