Set PIR fails with `Service Unavailable` for Argus Eco

[fmarzocca]

My camera is an Argus Eco. I am trying to switch OFF the PIR:

./neolink pir --config=neolink_config.toml giardino off
[2023-03-31T07:56:20Z INFO  neolink] Neolink 4fcaf4d538dc6e05434690bdf7f3a3bc22b077e3 release
[2023-03-31T07:56:20Z INFO  neolink::utils] giardino: Connecting to camera at UID: 95270004YFGE16SE
[2023-03-31T07:56:22Z INFO  neolink_core::bc_protocol] Relay success 95270004YFGE16SE at 35.180.129.86:51736
[2023-03-31T07:56:22Z INFO  neolink::utils] giardino: Logging in
[2023-03-31T07:56:24Z INFO  neolink::utils] giardino: Connected and logged in
Error: Unable to set camera PIR state

Caused by:
    Camera responded with Service Unavaliable

[QuantumEntangledAndy]

Enable trace level logging and try again.

export RUST_LOG=trace

Then post the log here so I can see what the camera sent in reply.

[fmarzocca]

Here it is.

[QuantumEntangledAndy]

As far as I can tell the camera is replying that it lacks the capability to set what we requested. I think perhaps we have to send a different set of commands for this model. I'll try capturing the command with my eco2e maybe it's the same as the eco.

[QuantumEntangledAndy]

Just to confirm this is what we want to turn on/off

[QuantumEntangledAndy]

This is the message for controlling this:

• Client

Magic	Message ID	Message Length	Encryption Offset	Status Code	Message Class	Payload Offset
f0 de bc 0a	d5 00 00 00	04 05 00 00	00 00 00 1a	00 00	14 64	5e 00 00 00

Meta Payload:

<?xml version="1.0" encoding="UTF-8" ?>
    <Extension version="1.1">
    <rfId>0</rfId>
    </Extension>

Main Payload:

<?xml version="1.0" encoding="UTF-8" ?>
    <body>
    <rfAlarmCfg version="1.1">
    <rfID>0</rfID>
    <enable>0</enable>
    <sensitivity>1</sensitivity>
    <sensiValue>21</sensiValue>
    <reduceFalseAlarm>0</reduceFalseAlarm>
    <timeBlockList>
    <timeBlock>
    <enable>1</enable>
    <weekDay>Sunday</weekDay>
    <beginHour>0</beginHour>
    <endHour>23</endHour>
    </timeBlock>
    <timeBlock>
    <enable>1</enable>
    <weekDay>Monday</weekDay>
    <beginHour>0</beginHour>
    <endHour>23</endHour>
    </timeBlock>
    <timeBlock>
    <enable>1</enable>
    <weekDay>Tuesday</weekDay>
    <beginHour>0</beginHour>
    <endHour>23</endHour>
    </timeBlock>
    <timeBlock>
    <enable>1</enable>
    <weekDay>Wednesday</weekDay>
    <beginHour>0</beginHour>
    <endHour>23</endHour>
    </timeBlock>
    <timeBlock>
    <enable>1</enable>
    <weekDay>Thursday</weekDay>
    <beginHour>0</beginHour>
    <endHour>23</endHour>
    </timeBlock>
    <timeBlock>
    <enable>1</enable>
    <weekDay>Friday</weekDay>
    <beginHour>0</beginHour>
    <endHour>23</endHour>
    </timeBlock>
    <timeBlock>
    <enable>1</enable>
    <weekDay>Saturday</weekDay>
    <beginHour>0</beginHour>
    <endHour>23</endHour>
    </timeBlock>
    </timeBlockList>
    <alarmHandle>
    <item>
    <channel>0</channel>
    <handleType>snap,rec,push</handleType>
    </item>
    </alarmHandle>
    </rfAlarmCfg>
    </body>

p.s. This is just for reference so I can search in github when then was reverse enginned and why

• Camera No reply (not even an OK)

[fmarzocca]

Just to confirm this is what we want to turn on/off

I have a different image:

[fmarzocca]

This is the message for controlling this:

Let me know if I can make some test for you, to query the commands list

[QuantumEntangledAndy]

Best thing would be wireshark. Do you know how to use wireshark?

If so have wireshark running on your computer capturing the network traffic then open the official client (on the same computer as wireshark) and disable/enable the pir using that. It will record the packets sent. Filter the packets to only save those going to/from the camera then send the dump to me as a pcap.

[fmarzocca]

Attached. ArgusEco.pcap.zip

[QuantumEntangledAndy]

Thanks but unfortunalty your your wireshark dump only contain 18 packets and dosen't have anything to do with either login or changing the PIR. Maybe you filtered out too much or started the capture after already opening the offical client.

[fmarzocca]

Weird. I commonly use wireshark. I have filtered for packets going to/from the camera IP. And I started recording before I switched the PIR.

i can try another capture.

[QuantumEntangledAndy]

Perhaps you can install our wireshark dissector. It will let you filter on baichuan protocol packets

[QuantumEntangledAndy]

This is my current filter

baichuan.msg_id && baichuan.msg_id != 3 && baichuan.msg_id != 234 && baichuan.msg_id != 115 && baichuan.msg_id != 33

it will remove al lot of the data we are not interested in like camera feeds and motion detection and wifistatus updates etc

[QuantumEntangledAndy]

This is the message for reqesting the status this:

• Client

Magic	Message ID	Message Length	Encryption Offset	Status Code	Message Class	Payload Offset
f0 de bc 0a	d4 00 00 00	5e 00 00 00	00 00 00 13	00 00	14 64	5e 00 00 00

Meta Payload:

<?xml version="1.0" encoding="UTF-8" ?>
<Extension version="1.1">
<rfId>0</rfId>
</Extension>

• Camera

Magic	Message ID	Message Length	Encryption Offset	Status Code	Message Class	Payload Offset
f0 de bc 0a	d4 00 00 00	a6 04 00 00	00 00 00 13	c8 00	00 00	00000000

Main Payload:

<?xml version="1.0" encoding="UTF-8" ?>
    <body>
    <rfAlarmCfg version="1.1">
    <rfID>0</rfID>
    <enable>1</enable>
    <sensitivity>0</sensitivity>
    <sensiValue>21</sensiValue>
    <reduceFalseAlarm>0</reduceFalseAlarm>
    <timeBlockList>
    <timeBlock>
    <enable>1</enable>
    <weekDay>Sunday</weekDay>
    <beginHour>0</beginHour>
    <endHour>23</endHour>
    </timeBlock>
    <timeBlock>
    <enable>1</enable>
    <weekDay>Monday</weekDay>
    <beginHour>0</beginHour>
    <endHour>23</endHour>
    </timeBlock>
    <timeBlock>
    <enable>1</enable>
    <weekDay>Tuesday</weekDay>
    <beginHour>0</beginHour>
    <endHour>23</endHour>
    </timeBlock>
    <timeBlock>
    <enable>1</enable>
    <weekDay>Wednesday</weekDay>
    <beginHour>0</beginHour>
    <endHour>23</endHour>
    </timeBlock>
    <timeBlock>
    <enable>1</enable>
    <weekDay>Thursday</weekDay>
    <beginHour>0</beginHour>
    <endHour>23</endHour>
    </timeBlock>
    <timeBlock>
    <enable>1</enable>
    <weekDay>Friday</weekDay>
    <beginHour>0</beginHour>
    <endHour>23</endHour>
    </timeBlock>
    <timeBlock>
    <enable>1</enable>
    <weekDay>Saturday</weekDay>
    <beginHour>0</beginHour>
    <endHour>23</endHour>
    </timeBlock>
    </timeBlockList>
    <alarmHandle>
    <item>
    <channel>0</channel>
    <handleType>snap,rec,push</handleType>
    </item>
    </alarmHandle>
    </rfAlarmCfg>
    </body>

[fmarzocca]

A better wireshark capture.... attached ArgusEco2.pcap.zip

[fmarzocca]

Perhaps you can install our wireshark dissector. It will let you filter on baichuan protocol packets

don't know how

[QuantumEntangledAndy]

This is the file https://github.com/QuantumEntangledAndy/neolink/blob/master/dissector/baichuan.lua

It need to be put in the right folder. In mac/linux it is ${HOME}/.local/lib/wireshark/plugins/baichuan.lua

On windows it is %APPDATA%\Wireshark\plugins

[QuantumEntangledAndy]

Looking at your dump there are a few interesting packets 299 and 342. They seem to be sent right after you request the PIR status and before the setting of the PIR. However I cannot decrypt there contents without a password. Perhaps you could set a dummy password during the dump of 123456 and then capture it again. I will need the login message too (id 1) to get the nonce too since the AES encryption key it PASSWORD-NONCE

[fmarzocca]

You can use 140289 to decrypt. I have changed the password.

[QuantumEntangledAndy]

299

• Client

f0debc0a2b010000680000002f0000000000146468000000

Meta Payload:

<?xml version="1.0" encoding="UTF-8" ?>
<Extension version="1.1">
<channelId>0</channelId>
</Extension>

• Camera: No reply

342

• Client

f0debc0a56010000eb000000300000000000146468000000

Meta Payload:

<?xml version="1.0" encoding="UTF-8" ?>
<Extension version="1.1">
<channelId>0</channelId>
</Extension>

Main Payload:

<?xml version="1.0" encoding="UTF-8" ?>
<body>
<AiDetectCfg version="1.1">
<chn>0</chn>
<type>people</type>
</AiDetectCfg>
</body>

Notes: Theres more than one possible payload. This has also been observed:

<?xml version="1.0" encoding="UTF-8" ?>
<body>
<AiDetectCfg version="1.1">
<chn>0</chn>
<type>vehicle</type>
</AiDetectCfg>
</body>

• Camera

f0debc0a560100006e03000030000000c800000000000000

Main Payload:

<?xml version="1.0" encoding="UTF-8" ?>
<body>
<AiDetectCfg version="1.1">
<chn>0</chn>
<type>people</type>
<sensitivity>69</sensitivity>
<stayTime>0</stayTime>
<minTargetHeight>0.30354199</minTargetHeight>
<minTargetWidth>0.17060199</minTargetWidth>
<maxTargetHeight>0</maxTargetHeight>
<maxTargetWidth>0</maxTargetWidth>
<width>72</width>
<height>40</height>
<area>AAAD8AB4AAxgAAAD8AAAAABgAAAD8AAAAAABAAAD//gAAAADAEAD//gAAAAAAAAf//4AAAAAAAAf//8AAAAAAAAf//+AOAABAAAf///AAAABAAD////4AAABAAH////+AAABAAP/////wBAAAAf/////+AAAAA///////gAAAA///////4AAkB///////+AA//////////gA//////////4A//////////8D//////////8B//////////+B///////////x////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////</area>
</AiDetectCfg>
</body>

---

Other differences:

212 (AlarmCfg)

You had no reply for your AlarmCfg message

[QuantumEntangledAndy]

You didn't seem to get a reply about the PIR detector in the same way I did. But you did get one about AI detection. Do you know if your camera has PIR or does it detect just by AI on vid feed

[fmarzocca]

It has a large PIR on the front:

image

[fmarzocca]

What are msgs 192 and 319?

[fmarzocca]

. But you did get one about AI detection.

Vehicle detection is disabled, so it should not be correctly decoded.

[QuantumEntangledAndy]

Vehicle detection decodes ok. It's just marked as disabled in the return message from the camera.

Just to confirm you did turn the PIR on and off during your wireshark right? I think so given what's in the pcap but best to confirm anyways

I'll check the other messages maybe I missed something.

[fmarzocca]

Yes, I did.

• Sent from my mobile phone. Sorry for typos -

Il Sab 1 Apr 2023, 16:05 Andrew King @.***> ha scritto:

Vehicle detection decodes ok. It's just marked as disabled in the return message from the camera.

Just to confirm you did turn the PIR on and off during your tests right.

I'll check the other messages maybe I missed something.

— Reply to this email directly, view it on GitHub https://github.com/QuantumEntangledAndy/neolink/issues/51#issuecomment-1492979724, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACBCQ3WFLQZ3QJOBAWOXKLDW7AY2TANCNFSM6AAAAAAWOJU5DU . You are receiving this because you authored the thread.Message ID: @.***>

[fmarzocca]

Could you pls check if the attached 2 messages could be PIR ON and PIR OFF? (213 382) Argus_Eco_3.pcap.zip

[QuantumEntangledAndy]

Yes 213 is pir on off. It's the message that we already send. When we send the use the neolink pir on/off command. 382 was if I recall header only with no data attached, so it's hard to know what it is for.

[fmarzocca]

But if 213 is PIR, why I found it in the stream but it doesn't work if I send from noelink?

[QuantumEntangledAndy]

That's what we are trying to figure out. I have a test build I'm working on that more closely follows the format of Reolink. Will hopefully send it to you later

[QuantumEntangledAndy]

OK the PR to address this is here #53. Once it comiples you can get the builds from here https://github.com/QuantumEntangledAndy/neolink/actions/runs/4594196290

[QuantumEntangledAndy]

If this fails to work please capture the packets sent by neolink and we will compare them to the offical

[fmarzocca]

OK the PR to address this is here #53. Once it comiples you can get the builds from here https://github.com/QuantumEntangledAndy/neolink/actions/runs/4594196290

Thanks! How much does it normally take to build?

[QuantumEntangledAndy]

Looks like it is already built. The artefacts are at the bottom on that link (make sure your logged in to GitHub)

[fmarzocca]

Doesn't work either. How can I grab Wireshark streams? neolink is on a Raspberry in the LAN, not on the computer from which Wireshark is initiated.

[fmarzocca]

I figured it out, with tcpdump. But I got only few packets. Attached. tcp.pcap.zip

[fmarzocca]

I don't see any 213 msg in the stream...

[fmarzocca]

This is another stream with 213 msg! I verified that randomly the command works, but not every time. Some time it fails, and some other it works. tcp.pcap.zip

[QuantumEntangledAndy]

Does it always fail with CameraServiceUnavaliable or is there a new message. Now the first pcap you sent seems to be successful. I'll check the second one now.

p.s. You can now also use

neolink pir --config=config.toml

witout on/off to see the current status without setting

[QuantumEntangledAndy]

Sorry other way around your second pcap is successful.

Your first seems to fail to get the current PIR status

[QuantumEntangledAndy]

With status code 400. Which is bad request suggesting an error in the format we send. Can I get the password for this so I can decrypt it?

[fmarzocca]

When it fails, it fails with the "Service Unavailable" message.

Then:

./neolink pir giardino --config=neolink_config.toml
[2023-04-03T10:03:54Z INFO  neolink] Neolink 99c624137263503aa3f2fc254d89c5189947a0b6 release
[2023-04-03T10:03:54Z INFO  neolink::utils] giardino: Connecting to camera at UID: 95270004YFGE16SE
[2023-04-03T10:03:56Z INFO  neolink_core::bc_protocol] Relay success 95270004YFGE16SE at 35.180.129.86:51824
[2023-04-03T10:03:56Z INFO  neolink::utils] giardino: Logging in
[2023-04-03T10:03:57Z INFO  neolink::utils] giardino: Connected and logged in
Error: Unable to get camera PIR state

Caused by:
    Camera responded with Service Unavaliable

[fmarzocca]

After 2 or 3 times:

./neolink pir giardino --config=neolink_config.toml
[2023-04-03T10:04:47Z INFO  neolink] Neolink 99c624137263503aa3f2fc254d89c5189947a0b6 release
[2023-04-03T10:04:47Z INFO  neolink::utils] giardino: Connecting to camera at UID: 95270004YFGE16SE
[2023-04-03T10:04:47Z INFO  neolink_core::bc_protocol] Local discovery success 95270004YFGE16SE at 192.168.1.42:22034
[2023-04-03T10:04:47Z INFO  neolink::utils] giardino: Logging in
[2023-04-03T10:04:48Z INFO  neolink::utils] giardino: Connected and logged in
<?xml version="1.0" encoding="utf-8"?><RfAlarmCfg version="1.1"><rfID>0</rfID><enable>1</enable><sensitivity>0</sensitivity><sensiValue>12</sensiValue><reduceFalseAlarm>0</reduceFalseAlarm><timeBlockList /><alarmHandle /></RfAlarmCfg>

[QuantumEntangledAndy]

I have an idea. Please wait for next build

[fmarzocca]

Password 123456 tcp.pcap.zip

[QuantumEntangledAndy]

I noticed in our extension xml neolink does this

<?xml version="1.0" encoding="UTF-8" ?>
<Extension version="1.1">
<channelId>0</channelId>
</Extension>

while reolink does this

<?xml version="1.0" encoding="UTF-8" ?>
<Extension version="1.1">
<rfId>0</rfId>
</Extension>

Just swapped it to rfID in the next build here https://github.com/QuantumEntangledAndy/neolink/actions/runs/4595507575

[QuantumEntangledAndy]

Not sure if there is a better way to get this rdId field then just setting it to the channelId. Maybe need to look for that

[fmarzocca]

I noticed that once opened the Reolink client, this camera needs few seconds to get connected and operative online. Maybe you should introduce some delay? Anyway, I am waiting for the new build and will let you know.

[fmarzocca]

I noticed that once opened the Reolink client, this camera needs few seconds to get connected and operative online. Maybe you should introduce some delay? Anyway, I am waiting for the new build and will let you know.

I said this because if I keep opened the Reolink client, than send neolink command, it will never fail.

[fmarzocca]

This is a GIF showing the connection time when I launch the Reolink Client