search

QuantumEntangledAndy / neolink

An RTSP bridge to Reolink IP cameras
GNU Affero General Public License v3.0
330 stars 45 forks source link

Subcommand to modify port settings #225

Closed daurnimator closed 5 months ago

daurnimator commented 6 months ago

Is your feature request related to a problem? Please describe.

Describe the solution you'd like

A subcommand that would be the equivalent of the reolink port settings page documented at https://support.reolink.com/hc/en-us/articles/900000627703-Which-Default-Ports-Used-by-Reolink-Cameras-should-be-Allowed-to-Go-Through-the-Firewall/ image

QuantumEntangledAndy commented 6 months ago

I don't have a camera with those ports (it's the whole reason for neolink so I can get rtsp). Id need to have access to a camera and observe the official Reolink commands to change this.

endreszabo commented 6 months ago

hey @QuantumEntangledAndy, I can give you access to my RLC-843A so that you can check this.

endreszabo commented 6 months ago

I've made a packet capture upon editing these settings (along with a screen recording for timing) with the Windows application, if that's easier for you to parse.

endreszabo commented 6 months ago

Please find the pcap attached. I installed the Wireshark dissector, but it does not seem to be able to decode the XML for this message type properly.

QuantumEntangledAndy commented 6 months ago

We have a dissector capable of unpacking the packets but it needs to see the login packet with the nonce and it needs the user password to decrypt the packets

QuantumEntangledAndy commented 6 months ago

Perhaps try this:

Change password

Capture full login and changes of setting in app (start wireshark before app)

Change password back

Post pcap and password here

endreszabo commented 6 months ago

Thanks for your prompt reply.

I uploaded a new file with the login details. This time, it is from an RLC-811A; their arch should be the same.

rlc-811a-port-settings-filtered.pcap.gz

endreszabo commented 6 months ago

(by -filtered I mean I used the following filter in Wireshark to get rid of the non-relevant and video payload packets: baichuan && !(baichuan.msg_id == 3))

endreszabo commented 6 months ago

user and pass used is: test / foobar

QuantumEntangledAndy commented 6 months ago

Ok looks like this is the XML

<?xml version="1.0" encoding="UTF-8" ?>
<body>
<ServerPort version="1.1">
<serverPort>9000</serverPort>
<enable>0</enable>
</ServerPort>
<HttpPort version="1.1">
<httpPort>80</httpPort>
<enable>0</enable>
</HttpPort>
<HttpsPort version="1.1">
<httpsPort>443</httpsPort>
<enable>0</enable>
</HttpsPort>
</body>
QuantumEntangledAndy commented 6 months ago

If your using our latest dissector with aes support then you can also check it with

right click packet->Protocol Preferences->Baichaun/Reolink....->Decryption Key

Screenshot 2024-04-05 at 15 02 15
QuantumEntangledAndy commented 6 months ago

The request for current values seems to be on

ID: 37

<?xml version="1.0" encoding="UTF-8" ?>
<body>
<ServerPort version="1.1">
<serverPort>9000</serverPort>
<enable>1</enable>
</ServerPort>
<HttpPort version="1.1">
<httpPort>80</httpPort>
<enable>0</enable>
</HttpPort>
<HttpsPort version="1.1">
<httpsPort>443</httpsPort>
<enable>1</enable>
</HttpsPort>
<RtspPort version="1.1">
<rtspPort>554</rtspPort>
<enable>1</enable>
</RtspPort>
<RtmpPort version="1.1">
<rtmpPort>1935</rtmpPort>
<enable>1</enable>
</RtmpPort>
<OnvifPort version="1.1">
<onvifPort>8000</onvifPort>
<enable>1</enable>
</OnvifPort>
</body>

Whereas the write is on ID 36

<?xml version="1.0" encoding="UTF-8" ?>
<body>
<ServerPort version="1.1">
<serverPort>9000</serverPort>
<enable>0</enable>
</ServerPort>
<HttpPort version="1.1">
<httpPort>80</httpPort>
<enable>0</enable>
</HttpPort>
<HttpsPort version="1.1">
<httpsPort>443</httpsPort>
<enable>0</enable>
</HttpsPort>
</body>

The write seems to not change the rtsp ports in the same messgae but later

<?xml version="1.0" encoding="UTF-8" ?>
<body>
<RtspPort version="1.1">
<rtspPort>554</rtspPort>
<enable>1</enable>
</RtspPort>
<OnvifPort version="1.1">
<onvifPort>8000</onvifPort>
<enable>1</enable>
</OnvifPort>
<RtmpPort version="1.1">
<rtmpPort>1935</rtmpPort>
<enable>1</enable>
</RtmpPort>
</body>

I suspect it is only sending changes and these are the order you clicked on them

endreszabo commented 6 months ago

Nice dissecting there.

I first disabled all of them, then enabled rstp, then onvif, then https, then rtmp. I did not change any actual port numbers, just used the defaults.

endreszabo commented 6 months ago

Minor thing to note: ONVIF can't be enabled without RTSP being enabled. At least on the GUI.

endreszabo commented 6 months ago

right click packet->Protocol Preferences->Baichaun/Reolink....->Decryption Key

Wow, thanks for the detailed howto. It works.

QuantumEntangledAndy commented 6 months ago

Well I will work up a basic command to turn things on/off maybe can finish off before the rest of the day catches up with me

endreszabo commented 6 months ago

This easily can lead to neolink becoming an infrastructure-as-a-code provisioning solution for Reolink cameras. One could define their per-camera configuration preferences, and neolink would apply those settings to the cameras.

QuantumEntangledAndy commented 6 months ago

This feature is now being added in #231.

If the build succeds then binaries for testing can be found at https://github.com/QuantumEntangledAndy/neolink/actions/runs/8569588415

I've tested what I can on my camera. But since my camera lack this feature I cannot be sure it works. For my E1 and Argus2E it accepts the commands but no changes happen as there is no HTTP etc. I can however query the ports and that does work. I can also see the packet being sent correctly in wireshark

So please if anyone can test it that would be nice