Jump to content

Foxi352

Members
 View Profile  See their activity

  • Content Count

    23

  • Joined

  • Last visited

Posts posted by Foxi352

  1. Posted

    After a long time for wait I get my new VTO

     

    I've tested some achievements from here and it seems to work well.

     

    But I still get no Video on my Android App (Zoiper, Linphone or Bria) and didn't get a call on 3G, only on WiFi.

    These two things I'm still missing for turning my VTO to productive.

     

    Can anyone help me to solve the problems?

     

    I would like to use myfritz.net for DynDns.

     

    I have video running out of the box with linphone, that should work without problems if config is right. To get a call on 3G you need to use TCP and not UDP because linphone need to keep up a connection (stay registered) with your asterisk @ home. That leads us to the next problem: On Fritz!Box you can't redirect port 5060 to an internal computer. The Fritz!Box wants to keep that port for it's own VOIP usage. The solution was to run asterisk on port 5061 and redirect that port to your asterisk.

     

    Here is the general section of my sip.conf that works with linphone:

    [general]
videosupport=yes
language=de
bindport=5061
realm=<my_realm_name>
externhost=<my_external_dyndns_hostname>
externrefresh=10
context=default
type=friend
externrefresh=30
nat=force_rport,comedia
srvlookup=yes
tcpenable=yes
transport=udp,tcp
localnet=192.168.0.0/255.255.0.0
stunaddr=<my_providers_stun_server>
directmedia=no
srvlookup=yes
allowguest=no
alwaysauthreject=yes

    Here is the linphone relevant part:

    [linphone]
type=friend
host=dynamic
secret=<mypassword>
context=users
disallow=all
allow=ulaw
allow=h264
nat=force_rport,comedia

    On my linphone under proxy i added ":5061" and under Transport i chose "TCP".

  2. Posted

    By the way, it is also the solution to find the hard coded telnet password. I mean the first part which you put in front of your self set password.

    If you use the strings command on telnetd you find the following two lines:

    Password:
7ujMko0

    So whenever Dahua changes this (without changing the method to store it) we just need to unpack the firmware with the firmware-mod-kit and look into telnetd.

  3. Posted

    I unpacked the sonia binary and read through the strings contained in the binary.

    What tools do have used to unpack it and how did you do that?

    First i looked for strings in the packed sonia file: 

    strings sonia

    While analysing the result i found the following lines:

    $Info: This file is packed with the UPX executable packer http://upx.sf.net $
$Id: UPX 3.08 Copyright (C) 1996-2011 the UPX Team. All Rights Reserved. $

    Then i googled a bit how to unpack a UPX packed file and found the solution:

    apt install upx-ucl
upx -d sonia

    The resulting file expands from originally 4MB to 12MB.

    Then i searched again for contained strings and found a lot of them. To filter out the web API ones i used grep:

    strings sonia | grep cgi-bin

    Et voilà ...

  4. Posted

    Hi Guys,

     

    I unpacked the sonia binary and read through the strings contained in the binary. By that way i found out a lot of commands of the http API that i want to share with you. I didn't test all commands, so some are probably not working. The firmware seems to be +/- the same for their cameras, so a lot of commands don't make sense on a doorbell. But one is particulary interesting: The one to get a snapshot of the camera.

     

    To launch a command with the browser you have to type in:

    http://{USERNAME}:{PASSWORD} @{CAMERA_IP}/{COMMAND}
example:
http://admin:admin@192.168.1.110/cgi-bin/snapshot.cgi

    To use it form command line, for example to use in a script, use curl for example:

    curl --user {USERNAME}:{PASSWORD} —digest http://{CAMERA_IP}/{COMMAND}
example:
curl --user admin:admin --digest http://192.168.2.10/cgi-bin/magicBox.cgi?action=getMachineName

    Here's the list:


    • /cgi-bin/configFileExport.backup?action=All&sessionId=*
      /cgi-bin/Snapshot.cgi*
      /cgi-bin/audio.cgi?action=postAudio*
      /cgi-bin/*
      /cgi-bin/snapshot.cgi
      /cgi-bin/snapManager.cgi?action=attachFileProc
      /cgi-bin/eventManager.cgi?action=attach
      /cgi-bin/RPC_Loadfile
      /cgi-bin/loadfile.cgi?action=startLoad
      /cgi-bin/Config.backup?action=All
      /cgi-bin/Log.backup?action=All
      /cgi-bin/mjpg/video.cgi
      /cgi-bin/playBack.cgi?action=
      /cgi-bin/realmonitor.cgi?action=
      /cgi-bin/audio.cgi?action=getAudio
      /cgi-bin/deviceDiscovery.cgi?action=attach
      /cgi-bin/VideoTalkPeer.cgi?action=attachState
      /cgi-bin/configManager.cgi?action=getConfig
      /cgi-bin/configManager.cgi?action=setConfig
      /cgi-bin/configManager.cgi?action=restore
      /cgi-bin/userManager.cgi?action=getGroupInfo&
      /cgi-bin/userManager.cgi?action=getGroupInfoAll
      /cgi-bin/userManager.cgi?action=getUserInfo&
      /cgi-bin/userManager.cgi?action=getUserInfoAll
      /cgi-bin/userManager.cgi?action=getActiveUserInfoAll
      /cgi-bin/userManager.cgi?action=addUser
      /cgi-bin/userManager.cgi?action=deleteUser
      /cgi-bin/userManager.cgi?action=modifyUser
      /cgi-bin/userManager.cgi?action=modifyPassword
      /cgi-bin/ptz.cgi?action=start
      /cgi-bin/ptz.cgi?action=stop
      /cgi-bin/ptz.cgi?action=getProtocolList
      /cgi-bin/ptz.cgi?action=getStatus
      /cgi-bin/ptz.cgi?action=getCurrentProtocolCaps
      /cgi-bin/ptz.cgi?action=reset
      /cgi-bin/ptz.cgi?action=moveAbsolutely
      /cgi-bin/ptz.cgi?action=moveRelatively
      /cgi-bin/ptz.cgi?action=moveDirectly
      /cgi-bin/ptz.cgi?action=moveContinuously
      /cgi-bin/ptz.cgi?action=moveStop
      /cgi-bin/ptz.cgi?action=isMoving
      /cgi-bin/ptz.cgi?action=setFocusMode
      /cgi-bin/ptz.cgi?action=setFocusPoint
      /cgi-bin/ptz.cgi?action=focusManually
      /cgi-bin/ptz.cgi?action=setIrisMode
      /cgi-bin/ptz.cgi?action=setIrisValue
      /cgi-bin/ptz.cgi?action=adjustIris
      /cgi-bin/ptz.cgi?action=setPreset
      /cgi-bin/ptz.cgi?action=getPresets
      /cgi-bin/ptz.cgi?action=gotoPreset
      /cgi-bin/ptz.cgi?action=removePreset
      /cgi-bin/ptz.cgi?action=setHomePosition
      /cgi-bin/ptz.cgi?action=gotoHomePosition
      /cgi-bin/ptz.cgi?action=setTour
      /cgi-bin/ptz.cgi?action=getTours
      /cgi-bin/ptz.cgi?action=removeTour
      /cgi-bin/ptz.cgi?action=addTourPoint
      /cgi-bin/ptz.cgi?action=removeTourPoint
      /cgi-bin/ptz.cgi?action=tourStart
      /cgi-bin/ptz.cgi?action=autoTour
      /cgi-bin/ptz.cgi?action=tourStop
      /cgi-bin/ptz.cgi?action=patternRecordStart
      /cgi-bin/ptz.cgi?action=patternRecordStop
      /cgi-bin/ptz.cgi?action=getPatterns
      /cgi-bin/ptz.cgi?action=removePattern
      /cgi-bin/ptz.cgi?action=patternReplayStart
      /cgi-bin/ptz.cgi?action=patternReplayStop
      /cgi-bin/ptz.cgi?action=menuControl
      /cgi-bin/ptz.cgi?action=auxControl
      /cgi-bin/alarm.cgi?action=getInSlots
      /cgi-bin/alarm.cgi?action=getOutSlots
      /cgi-bin/alarm.cgi?action=getInState
      /cgi-bin/alarm.cgi?action=getOutState
      /cgi-bin/eventManager.cgi?action=getEventIndexes
      /cgi-bin/magicBox.cgi?action=reboot
      /cgi-bin/magicBox.cgi?action=shutdown
      /cgi-bin/magicBox.cgi?action=getDeviceType
      /cgi-bin/magicBox.cgi?action=getDeviceClass
      /cgi-bin/magicBox.cgi?action=getVendor
      /cgi-bin/magicBox.cgi?action=getHardwareVersion
      /cgi-bin/magicBox.cgi?action=getSerialNo
      /cgi-bin/magicBox.cgi?action=getMachineName
      /cgi-bin/magicBox.cgi?action=getLanguageCaps
      /cgi-bin/magicBox.cgi?action=getSystemInfo
      /cgi-bin/magicBox.cgi?action=getProductDefinition&name=MaxExtraStream
      /cgi-bin/magicBox.cgi?action=getSoftwareVersion
      /cgi-bin/magicBox.cgi?action=getBuildDate
      /cgi-bin/netApp.cgi?action=getInterfaces
      /cgi-bin/netApp.cgi?action=getUPnPStatus
      /cgi-bin/netApp.cgi?action=getVirtualServiceStatus
      /cgi-bin/encode.cgi?action=getConfigCaps
      /cgi-bin/encode.cgi?action=getCaps
      /cgi-bin/recordManager.cgi?action=getCaps
      /cgi-bin/eventManager.cgi?action=getCaps
      /cgi-bin/storage.cgi?action=getCaps
      /cgi-bin/snapManager.cgi?action=getCaps
      /cgi-bin/devVideoInput.cgi?action=getCaps
      /cgi-bin/global.cgi?action=getCurrentTime
      /cgi-bin/global.cgi?action=setCurrentTime&time=
      /cgi-bin/log.cgi?action=startFind
      /cgi-bin/log.cgi?action=doFind
      /cgi-bin/log.cgi?action=stopFind
      /cgi-bin/log.cgi?action=clear
      /cgi-bin/mediaFileFind.cgi?action=factory.create
      /cgi-bin/mediaFileFind.cgi?action=findFile
      /cgi-bin/mediaFileFind.cgi?action=findNextFile
      /cgi-bin/mediaFileFind.cgi?action=close
      /cgi-bin/mediaFileFind.cgi?action=destroy
      /cgi-bin/storageDevice.cgi?action=factory.getCollect
      /cgi-bin/storageDevice.cgi?action=factory.getPortInfo
      /cgi-bin/workGroup.cgi?action=factory.getCollect
      /cgi-bin/workDirectory.cgi?action=factory.getCollect
      /cgi-bin/devVideoInput.cgi?action=getCurrentWindow
      /cgi-bin/devVideoInput.cgi?action=setCurrentWindow
      /cgi-bin/ddns.cgi
      /cgi-bin/localSearch.cgi?
      /cgi-bin/localPlayback.cgi?
      /cgi-bin/split.cgi?action=getMode
      /cgi-bin/split.cgi?action=setMode
      /cgi-bin/split.cgi?action=enableTour
      /cgi-bin/devVideoInput.cgi?action=autoFocus
      /cgi-bin/devVideoInput.cgi?action=adjustFocusContinuously
      /cgi-bin/devVideoInput.cgi?action=adjustFocus
      /cgi-bin/devVideoInput.cgi?action=getFocusStatus
      /cgi-bin/devVideoAnalyse.cgi?action=getcaps
      /cgi-bin/wlan.cgi?action=scanWlanDevices
      /cgi-bin/IntervideoManager.cgi?action=getVersion
      /cgi-bin/storageDevice.cgi?action=getDeviceAllInfo
      /cgi-bin/storageDevice.cgi?action=setDevice
      /cgi-bin/devVideoInput.cgi?action=getCollect
      /cgi-bin/devAudioInput.cgi?action=getCollect
      /cgi-bin/devAudioOutput.cgi?action=getCollect
      /cgi-bin/trafficSnap.cgi?action=getParkingSpaceStatus
      /cgi-bin/trafficParking.cgi?action=getAllParkingSpaceStatus
      /cgi-bin/LogicDeviceManager.cgi?action=getCameraAll
      /cgi-bin/split.cgi?action=getScene
      /cgi-bin/monitorWallManager.cgi?action=addMonitorWall
      /cgi-bin/matrix.cgi?action=getCards
      /cgi-bin/matrix.cgi?action=getCardInfo
      /cgi-bin/split.cgi?action=setSource
      /cgi-bin/split.cgi?action=setRect
      /cgi-bin/split.cgi?action=openWindow
      /cgi-bin/split.cgi?action=closeWindow
      /cgi-bin/monitorWallManager.cgi?action=remove
      /cgi-bin/monitorWall.cgi?action=getScene
      /cgi-bin/monitorWall.cgi?action=setScene
      /cgi-bin/monitorWall.cgi?action=addBlock
      /cgi-bin/monitorWall.cgi?action=delBlock
      /cgi-bin/monitorWall.cgi?action=loadCollection
      /cgi-bin/monitorWall.cgi?action=saveCollection
      /cgi-bin/fastControl.cgi?action=addAreaCamera
      /cgi-bin/fastControl.cgi?action=delAreaCamera
      /cgi-bin/accessControl.cgi?action=openDoor
      /cgi-bin/accessControl.cgi?action=getDoorStatus
      /cgi-bin/recordFinder.cgi?action=doSeekFind
      /cgi-bin/recordFinder.cgi?action=getQuerySize
      /cgi-bin/recordFinder.cgi?action=find
      /cgi-bin/recordUpdater.cgi?action=insert
      /cgi-bin/recordUpdater.cgi?action=update
      /cgi-bin/recordUpdater.cgi?action=remove
      /cgi-bin/RadiometryManager.cgi?action=getCaps
      /cgi-bin/RadiometryManager.cgi?action=getRandomPointTemper
      /cgi-bin/RadiometryManager.cgi?action=getTemper
      /cgi-bin/VideoTalkPeer.cgi?action=detachState
      /cgi-bin/VideoTalkPeer.cgi?action=invite
      /cgi-bin/VideoTalkPeer.cgi?action=answer
      /cgi-bin/VideoTalkPeer.cgi?action=refuse
      /cgi-bin/VideoTalkPeer.cgi?action=cancel
      /cgi-bin/VideoTalkPeer.cgi?action=hangup

     

    edit1: Added complete list

    edit2: Added even more complete list

  8. Posted

    Danke !

     

    I will have a lock when i have time. For now i have telegram working. As soon as everything works i will try to tune and tweak.

     

    I think i have nearly everything working i wanted:

    • Phones on Fritz!Box, Asterisk soft-phones and our 2 GSM phones are ringing all together when someone rings the doorbell
    • On my soft-phone apps (linphone) i see live video
    • I can now open the door with '55'
    • I get a picture via telegram to our two GSM phones
    • I have modified these horrible pseudo-english mp3's

     

    Is there something still missing that makes sense ?

  9. Posted

    I was not 100% sure, that Version is really set to 3 in build.py...

    But now i can sleep quiet.

    If you want to sleep really quiet just double check. cd into the build directory on use the file command on the img.raw file like so:

    serge@srvdevel:~/Dahua-Firmware-Mod-Kit/General_VTO2000A_Eng_P_16M_SIP_V1.200.1000.0.R.20160505.bin.extracted/build$ file user-x.cramfs.img.raw 
user-x.cramfs.img.raw: Squashfs filesystem, little endian, version 3.1, 5856508 bytes, 197 inodes, blocksize: 131072 bytes, created: Tue Oct 18 07:40:14 2016

    Here you can clearly see that the build file is in squashfs 3.1 format and not in the 4 format.

  10. Posted

    Hey !!! I am able to unlock my door via my SIP phones !!!

     

    Here is an example of how i configured my VTO (8801), my xLite Softphone and my SIP trunk (fritzbox). I can open the door with xlite and with my IP phones connected to my fritz!box. I am 99,99% sure the magic is done by the "dtmfmode=info" statement in my VTO configuration (8001). After pushing 55 (the unlock code i defined in VTO webgui) it takes about 3 seconds before i hear the relay clicking and the "The door is unlocked" mp3 ...

     

    [fritzbox]
type=peer
qualify=yes
nat=no
secret=xxxxxxxx
username=626
host=fritz.box
dtmfmode=rfc2833
insecure=port,invite
fromuser=626
fromdomain=fritz.box
context=incoming

[xlite]
type=friend
host=dynamic
secret=xxxxxxxx
context=users
deny=0.0.0.0/0
permit=192.168.1.0/16

[8001]
type=friend
host=dynamic
pedantic=no
username=8001
callerid=Türklingel
secret=xxxxxxxx
dtmfmode=info
context=users
disallow=all
allow=ulaw
allow=h264

  11. Posted

    Can you explain me please, how it works wit the unsquashfs or better with the mksquashfs?

    The squash tools 3.4 installs only a binary mksquashfs3 in /usr/local/bin. So when i start build.py he call mksquashfs and can't find it, because there is no mksquashfs (without 3 at the end) yet.

    When we install the squash-tools package from debian he install mksquashfs, that can be used, but is in version 4. Is this not the wrong version? So how... and when build.py start the right one (v3)?

    For the extract script all this is not important. The important part is that the new firmware is build with the right version, so let's only focus on build.py

    The script checks if mksquashfs exists because at the beginning of the script it has the line 

    DEPENDENCIES = ["sudo", "mksquashfs", "mkimage"]

    All these binaries must be there or else the script does exit with an error. Even though in our case the mksquashfs is not needed it still checks for it here:

    def CheckDependencies(self):
   Ret = 0
   for dependency in self.DEPENDENCIES:
           if not distutils.spawn.find_executable(dependency):
                   self.Logger.error("Missing dependency: '%s'", dependency)
                   Ret = 1
   return Ret

    Then the part where the magic you asked for happens:

            def Handle_SquashFS(self, Key):
[... not importand...]
               # Read SquashFS header to figure out compression and blocksize of the original file.
               OrigFile = open(OrigPath, "rb")
               Header = SquashFS.parseHeader(OrigFile)
               OrigFile.close()
[... not importand...]
               Version = "" if Header == 4 else str(Header["s_major"])
[... not importand...]
               Result = subprocess.call(["sudo", "mksquashfs" + Version, ExtractedDir, DestPath] + ConOpts)

    If you try to understand the lines above you can see it does:

    1. Open the original squashfs file extracted previously
    2. Read the header and check if the squashfs version originaly was v3.4 or v4.0
    3. Write that in a variable called 'Version' which then is "3" if it was v3.4 and "" (empty) if it was v4
    4. It calls the mksquashfs binary and appends the previously set 'Version' variable which is 3 or

    Was my explanation clear ? If not just tell me where it was not and i will try to edit it.

  12. Posted

    P.S. By me, he don't found mkimage, so installed addtitionaly u-boot-tools. Is this correct?

    Absolutely. Sorry, i forgot that one as it was already installed on my system. I updated the post. Thank you for this ons.

     

    And in /usr/loca/bin i found only unsquashfs3, but extract.py need unsquashfs, so i make symbilc link in /usr/local/bin for unsquashfs. The same for mksquashfs3 an mksquashfs. Is it ok?

    It probably is in your case and when using a VTO. But the right way is to install the squashfs-tools package. I also added that one to my previous post. Both tool versions have to be installed, the 3.4 and the 4.0 ones. The scripts pick the ones that it needs.

     

    Is it normal, that i become a slightly smaller file - about 718 bytes (without changes in the firmware - only repackaged)?

    Yes, this is probably due to newer zip version with better compression. I had the same.

     

    One more thing: Be carefull when extracting and even more important when building that the script shows you the following line:

    WARNING	Autodetected config: VTO

  13. Posted · Edited by Guest

    Ok, here we go. These instructions are based on a Debian 8 system. But this should work on most distributions i guess, only the package installation will be different.

    You must have root rights for this to work !

     

    1. Install Python 3: 
      apt install python3


    2. Install needed tools for next steps: 
      apt install build-essential wget unzip cramfsprogs u-boot-tools squashfs-tools


    3. IMPORTANT: Install modified squashfs3 tools as our old VTO Linux kernel does not support squashfs4 (that is how you can easily brick your VTO)
      cd
wget https://github.com/BotoX/squashfs-tools/archive/v3.4.zip
unzip v3.4.zip
cd squashfs-tools-3.4/squashfs-tools
make install


    4. Download the firmware-mod-tools:
      cd
wget https://github.com/BotoX/Dahua-Firmware-Mod-Kit/archive/master.zip
unzip master.zip


    5. Extract / Unpack the firmware. Be sure the extract script says "WARNING Autodetected config: VTO":
      cd Dahua-Firmware-Mod-Kit-master
cp ~/General_VTO2000A_Eng_P_16M_SIP_V1.200.1000.0.R.20160505.bin .    <------ copy your img file into this directory, this line must of course be adapted
./extract.py General_VTO2000A_Eng_P_16M_SIP_V1.200.1000.0.R.20160505.bin


    6. Make your modifications. Sound files for example are in General_VTO2000A_Eng_P_16M_SIP_V1.200.1000.0.R.20160505.bin.extracted/data-x.cramfs.img.extracted/Sounds
    7. Go back to Dahua-Firmware-Mod-Kit-master root folder. If you followed step by step it should be in your home directory:
      cd ~/Dahua-Firmware-Mod-Kit-master


    8. Repack the firmware. Be sure the build script says "WARNING Autodetected config: VTO":
      ./build.py General_VTO2000A_Eng_P_16M_SIP_V1.200.1000.0.R.20160505.bin.extracted


    9. The newly packed firmware is now in the General_VTO2000A_Eng_P_16M_SIP_V1.200.1000.0.R.20160505.bin.extracted/build subdirectory:
      cd General_VTO2000A_Eng_P_16M_SIP_V1.200.1000.0.R.20160505.bin.extracted/build
ls -la

drwxr-xr-x 2 root root     4096 Oct 17 17:59 .
drwxr-xr-x 9 root root     4096 Oct 17 17:59 ..
-rw-r--r-- 1 root root    12352 Oct 17 17:59 custom-x.cramfs.img
-rw-r--r-- 1 root root    12288 Oct 17 17:59 custom-x.cramfs.img.raw
-rw-r--r-- 1 root root   901184 Oct 17 17:59 data-x.cramfs.img
-rw-r--r-- 1 root root   901120 Oct 17 17:59 data-x.cramfs.img.raw
-rw-r--r-- 1 root root   255584 Oct 17 17:59 dm365_ubl_boot_16M.bin.img
-rw-r--r-- 1 root root 13073267 Oct 17 17:59 General_VTO2000A_Eng_P_16M_SIP_V1.200.1000.0.R.20160505.bin       <----------------
-rw-r--r-- 1 root root      467 Oct 17 17:59 Install
-rw-r--r-- 1 root root  1686604 Oct 17 17:59 kernel-x.cramfs.img
-rw-r--r-- 1 root root    45120 Oct 17 17:59 pd-x.cramfs.img
-rw-r--r-- 1 root root    45056 Oct 17 17:59 pd-x.cramfs.img.raw
-rw-r--r-- 1 root root  3117120 Oct 17 17:59 romfs-x.cramfs.img
-rw-r--r-- 1 root root  3117056 Oct 17 17:59 romfs-x.cramfs.img.raw
-rw-r--r-- 1 root root  5857344 Oct 17 17:59 user-x.cramfs.img
-rw-r--r-- 1 root root  5857280 Oct 17 17:59 user-x.cramfs.img.raw
-rw-r--r-- 1 root root  1441856 Oct 17 17:59 web-x.cramfs.img
-rw-r--r-- 1 root root  1441792 Oct 17 17:59 web-x.cramfs.img.raw

    That's it. This should work .....

     

    Flash it and light a candle before rebooting

     

    edit1: added mkimage

    edit2: added squashfs-tools

    edit3: added info about config file autodetection

     

    Serge

  14. Posted · Edited by Guest

    If someone rings the bell of VTO, I want ringing the VTH1550CH, ringing my FritzFon (over Fritzbox) and when I'm not at home, my Android-Smartphone should ringing to. And everything with Video. Well ringing with Videostream over Fritzbox will not work because the Fritzbox doesn't support SIP Video. But there is a possibility to use Snapshots instead.
    Regarding that part i have a solution now that should work, but i don't see a picture on my Fritz!Fon iOS APP nor a request by Fritz!Box in my apache'2 logfiles.

     

    What i did is add the snapshot solution which i already posted to the dialplan, liks so:

    exten=>9901,1,Ringing()
exten=>9901,n,Answer()
exten=>9901,n,TrySystem(avconv -i 'rtsp://admin:xxxxx@192.168.xx.xx' -f image2 -vframes 1 -pix_fmt yuvj420p /tmp/snapshot.jpg)
exten=>9901,n,TrySystem(chmod 666 /tmp/snapshot.jpg)
exten=>9901,n,Dial(SIP/11@fritzbox&SIP/linphone,30,r)
exten=>9901,n,Hangup()

    That rings my linphone iOS app and my Fritz!box. The Fritz!Box for now only rings my iOS Fritz!Fon app.

     

    Then i added the following to my apache'2 default site config:

    Alias /snapshot.jpg /tmp/snapshot.jpg
<Directory /tmp/snapshot.jpg>
   Require all granted
</Directory>

    After i ring the doorbell i can point my browser to my apache2 (same machine as my asterisk) using the URL http://192.168.xx.xx/snapshot.jpg and i can see the snapshot.

    On my Fritz!Box i then entered that .jpg link into the "Live-Bild" fields but looking on my apache's logfiles i can't see any request from my Fritz!Box to my webserver when i ring the doorbell.

     

    With this solution the snapshot is there, but as i don't have hardware fritz!fon's i can't help any further. But maybe this helps you on your way.

    I for my part will now try to send a telegram or whatsapp message with the snapshot whenever someone rings the bell.

     

    edit1: Removed dialgroups and add SIP targets with &

  16. Posted

    When I'm back from Vacation I'll trying the Dahua Firmware Mod Kit

    Until now I've only unpacked Firmware with binwalk and analyzed just a little bit. But I don't know how to repack it. Hope it's working well.

    If it works well I will try to analyze it just more. Maybe we're able to make the firmware even better

    I had a chat today with BotoX, the author of the Dahua Firmware Mod Kit. Sadly we worked in parallel and he already finished the same changes as i did, they were only not yet pushed to the repo. So we decided to close my PR and worked together via IRC to get it working. I sent him the Firmware that we use ( the 2016 05 05 SIP) and created a VTO config file as BotoX doesn't own a VTO. He did a fantastic job and i am happy to announce you that we nailed it !

     

    With the current devel version here: https://github.com/BotoX/Dahua-Firmware-Mod-Kit/tree/devel i was able to unpack the firmware, repack it again and after flashing that newly packed firmware to my VTO it still booted up and worked, well at least the web gui worked. Due to lack of time i wasn't able to do more testing.

     

    I will be off until sunday. As soon as i can i will do the same but this time change one or two MP3's and really try if everything still works.

     

    If anyone of you feels an urgent need to test already tomorrow feel free to do so and report back Be prepared for some Adrenaline while booting the first time after flashing a firmware packed by yourself

     

    Serge

  17. Posted

    Yes, this works. BUT it is not SIP-Compatible. This is the App for the P2P-Push Solution and this works only with the nonSIP-Firmware.

    I think (and i hope ) that you are at least partially wrong. I downloaded iDMSS Lite from appstore yesterday and was able to see live picture of my VTO and to unlock the door (i heard the relay clicking inside the VTO). And i have SIP firmware. As soon as i have time i will sniff my iPhone traffic to see if i can catch the needed packet.

  18. Posted

    I had a bit of spare time this morning and contributed a PR to the project that:

    - adds support for multiple config files

    - includes a VTO2000A sample config file

    - adds cramfs support for extract.py

     

    As soon as i have a bit more time i will work on cramfs support for build.py and then try to build a modified FW for our VTO's ...

     

    Meanwhile if someone wants to test to extract the FW and familiarise yourself with the file system structure you can pull my work here:

     

    https://github.com/Foxi352/Dahua-Firmware-Mod-Kit.git

     

    Don't forget to switch to the vto2000a branch.

     

    Serge

  20. Posted

    I started analyzing the firmware to replace mp3 files. I think i am pretty close to be able to replace them.

     

    The firmware file, for example General_VTO2000A_Eng_P_16M_SIP_V1.200.1000.0.R.20160505.bin, is a zip file of u-boot files in cramfs fs.

    unzip General_VTO2000A_Eng_P_16M_SIP_V1.200.1000.0.R.20160505.bin 

Archive:  General_VTO2000A_Eng_P_16M_SIP_V1.200.1000.0.R.20160505.bin
file #1:  bad zipfile offset (local header sig):  0
 inflating: dm365_ubl_boot_16M.bin.img  
 inflating: kernel-x.cramfs.img     
 inflating: romfs-x.cramfs.img      
 inflating: user-x.cramfs.img       
 inflating: web-x.cramfs.img        
 inflating: data-x.cramfs.img       
 inflating: pd-x.cramfs.img         
 inflating: custom-x.cramfs.img

    The sound files are in the data image file. u-boot uImage files have a header of 64 bytes, so you can mount the cramfs file simply by skipping the header:

    mount -t cramfs -o loop,offset=64 data-x.cramfs.img /mnt

    ls /mnt
Fonts  gbkpy.mb  Http  ProductInfo  Skins  Sounds  Strings

    As soon as i have more time i will try to create a new data uImage with different mp3's for testing. I will just have to find out if the main zip file is a standard zip file or if it also has a special header, which is probably the case. In that case it will need some more investigation work to reproduce a working image ...

     

    Everyone that has some it skills is invited to play around and share experiences

     

    Serge

  21. Posted

    Also, has anyone been able to get the VTO to make ringing sounds when the button is pressed and it waits for someone to answer? I have tried a few things, but no luck. It would be good if the VTO could emit some rings or beeps while waiting for the other extensions to answer, rather than just a voice saying 'Calling..' (from what i remember) and then silence until someone answers, or until it times out. If all else fails, I will try to wire up a simple speaker (or cheap doorbell simply to make noise throughout the house) and see if I can get Asterisk to execute a shell script when the VTO initiates a call, in order to activate the speaker/doorbell. Not sure if that's possible with Asterisk, but worth investigating.

     

    If i understand your request right it should not be difficult at all. I tested with the following dialplan:

     

    exten=>9901,1,Ringing()
exten=>9901,n,Answer()
exten=>9901,n,Dial(SIP/linphone,30,m)
exten=>9901,n,Hangup()

     

    And i have MusicOnHold playing on my VTO2000A while my linphone is ringing. The magic is done by the ",m" in the dial command.

    Edit: if you use 'r' instead of 'm' you have a ringing tone instead MOH I suppose this is exactly what you wanted ?

     

    exten=>9901,n,Dial(SIP/linphone,30,r)

     

    Does that answer your question ?

     

    Serge

  23. Posted

    As i am new to Dashua i just got it working as a Doorbell (audio only) using the VTO <-> Asterisk <-> Fritz!Box path.

    Now i am starting to investigate video possibilities. Of course running Linphone as SIP client on Asterisk (without Fritz!Box) works, the VTO sends a videocall and i can see live video feed on my softphone.

     

    With my old legacy doorbell i have it configured that whenever someone rings i get a Prowl Notification on my iPhone. When i'll put my VTO into production i want a message with a picture (Snapshot) on my iPhone. I don't know yet how i will transfer that picture. Maybe Whatsapp or Telegram.

     

    I want to document here what i already found out concerning video.

     

    - You have an RTSP stream listening on port 554. So by connecting to rtsp://admin:admin@192.168.xx.xx using a client like VideoLan (VLC) you can get the livestream (all the time, even when no-one rings).

     

    - Knowing this i installed libav on my Debian 8 HomeAutomation box with 

    sudo apt install libav-tools

    I was then able to create a snapshot by using the following command line:

     

    avconv -i 'rtsp://admin:admin@192.168.xx.xx' -f image2 -vframes 1 -pix_fmt yuvj420p test.jpg

     

    The IP address is of course the one of your VTO. So know i can create a snapshot whenever i want. Next step will be to choose a way to send that screenshot together with the notification to my iPhone. As far as i know Prowl can't send pictures. But this should probably be the easy part

     

    If someone knows more ways to access the video stream or to get a snapshot directly out of the VTO don't hesitate to complete...

     

    Serge

×