Closed wangjia184 closed 1 year ago
Interesting, thanks for the detailed report.
What model & firmware version is this? It must not be all Dahua cameras; I have a couple that are working.
it seems VLS is trying an alternative approach to compute digest and then succeeded.
MD5(HA1:nonce:HA2)
is the older RFC 2069 style. The http-auth
crate which retina
uses tries this form of calculation if there's no qop
specified in the 401 response's WWW-Authenticate
header. Interesting if VLC tries both.
Hmm, but it can't be computing in the newer style, because it's not passing along the other necessary parameters like nc
and cnonce
. Huh. I don't know what other calculation they'd be doing, and (in a quick skim of vlc and live555 code) I didn't see the code that would do it. Puzzling.
@scottlamb It is a sub-brand of Dahua, IMOU indoor camera TF5
Dont think it is MD5-sess
as I dont see cnonce
in the request. I tried to compute hash manually in several way and cannot get the result f6cbb524ce35db485250b8b88445365c
. Asking this question on SO: https://stackoverflow.com/questions/72774182/rtsp-digest-authentication-in-vlc
I hope you get an answer on SO. It might also be worth trying live555's own commandline client to narrow down the code involved to a single codebase that's easier to build and add debugging code to.
Did you get this figured out? I just clicked the SO link and got "This question was voluntarily removed by its author."
yep, I found the reason, VLC was trying to use some password from system for retry. so my password was wrong. closing this issue
I have a Dahua camera serving RTSP at
rtsp://192.168.8.20:554/cam/realmonitor?channel=1&subtype=0
I tried with correct username and password to connect to, it fails with authentication error.
Password are masked in above screenshot, but I can ensure the password is 100% correct. I tried to sniffer the communication between retina client and camera, and here is what I captured.
While the same RTSP url and credentials work fine in VLC. I also sniffered the communication between VLC and camera, the following are the captured packets.
You may notice VLC actually attempted twice.
DESCRIBE
(CSeq=4) andDESCRIBE
(CSeq=7). Thenonce
username
uri
are the same. but theirresponse
are different. The firstDESCRIBE
failed and the later one succeeded.I tried to compute digest using the following approach.
I got
f7d5cde2d331183cb1710e50d9738971
, this is the reponsed in VLC's first attempt but failed.And in its second attempt, VLC produced
f6cbb524ce35db485250b8b88445365c
for response, it seems VLS is trying an alternative approach to compute digest and then succeeded.