Motion Detection and MQTT #78
Conversation
|
@thirtythreeforty So I am currently trying to get neolink to pick up the motion messages with id =33 and could use some advice if you are free If I run wireshark with the official client
If I run with neolink
I think there may be some sort of send me motion please being issues by the client but when I read all message that the official client send there is nothing obvious. Is there anything you can think of? |
|
Offical client sends:
<?xml version="1.0" encoding="UTF-8" ?>
<body>
<LoginUser version="1.1">
<userName>...</userName>
<password>...</password>
<userVer>1</userVer>
</LoginUser>
<LoginNet version="1.1">
<type>LAN</type>
<udpPort>0</udpPort>
</LoginNet>
</body>
<?xml version="1.0" encoding="UTF-8" ?>
<Extension version="1.1">
<userName>...</userName>
</Extension>
<?xml version="1.0" encoding="UTF-8" ?>
<Extension version="1.1">
<channelId>0</channelId>
</Extension>
<?xml version="1.0" encoding="UTF-8" ?>
<Extension version="1.1">
<channelId>0</channelId>
</Extension>
<?xml version="1.0" encoding="UTF-8" ?>
<body>
<Preview version="1.1">
<channelId>0</channelId>
<handle>0</handle>
</Preview>
</body>
<?xml version="1.0" encoding="UTF-8" ?>
<body>
<LoginUser version="1.1">
<userName>...</userName>
<password>...</password>
<userVer>1</userVer>
</LoginUser>
</body> |
|
These are matched pairs of client send, cam reply
<?xml version="1.0" encoding="UTF-8" ?>
<Extension version="1.1">
<userName>...</userName>
</Extension>
<?xml version="1.0" encoding="UTF-8" ?>
<body>
<AbilitySuppport version="1.1">
<userName></userName>
<system>1</system>
<streaming>1</streaming>
<record>1</record>
<network>1</network>
<PTZ>1</PTZ>
<IO>0</IO>
<alarm>1</alarm>
<image>1</image>
<video>1</video>
<audio>1</audio>
<security>1</security>
<replay>1</replay>
<disk>1</disk>
</AbilitySuppport>
<UserList version="1.1">
<User>
<userId>0</userId>
<userName>...</userName> <!-- User and pass completly plain text! -->
<password>...</password>
<userLevel>1</userLevel>
<loginState>0</loginState>
<userSetState>none</userSetState>
</User>
<User>
<userId>0</userId>
<userName>...</userName>
<password>...</password>
<userLevel>0</userLevel>
<loginState>0</loginState>
<userSetState>none</userSetState>
</User>
<User>
<userId>0</userId>
<userName>...</userName>
<password>...</password>
<userLevel>1</userLevel>
<loginState>1</loginState>
<userSetState>none</userSetState>
</User>
</UserList>
</body>Seems to reply with users capabilities and a full list of other user with passwords (I am hoping the full list is only when admin but even so...) |
<?xml version="1.0" encoding="UTF-8" ?>
<body>
<Support version="1.1">
<IOInputPortNum>0</IOInputPortNum>
<IOOutputPortNum>0</IOOutputPortNum>
<diskNum>0</diskNum>
<channelNum>1</channelNum>
<audioNum>1</audioNum>
<ptzMode>pt</ptzMode>
<ptzCfg>0</ptzCfg>
<B485>0</B485>
<autoUpdate>0</autoUpdate>
<pushAlarm>1</pushAlarm>
<ftp>0</ftp>
<ftpTest>1</ftpTest>
<email>1</email>
<wifi>5</wifi>
<record>0</record>
<wifiTest>1</wifiTest>
<rtsp>0</rtsp>
<onvif>0</onvif>
<audioTalk>1</audioTalk>
<rfVersion>0</rfVersion>
<rtmp>0</rtmp>
<noExternStream>1</noExternStream>
<timeFormat>1</timeFormat>
<ddnsVersion>1</ddnsVersion>
<emailVersion>3</emailVersion>
<pushVersion>1</pushVersion>
<pushType>1</pushType>
<audioAlarm>1</audioAlarm>
<apMode>0</apMode>
<cloudVersion>30</cloudVersion>
<replayVersion>1</replayVersion>
<mobComVersion>0</mobComVersion>
<syncTime>1</syncTime>
<netPort>1</netPort>
<videoStandard>0</videoStandard>
<smartHome>
<version>1</version>
<item>
<name>googleHome</name>
<ver>1</ver>
</item>
<item>
<name>amazonAlexa</name>
<ver>1</ver>
</item>
</smartHome>
<item>
<chnID>0</chnID>
<ptzType>3</ptzType>
<ptzPreset>0</ptzPreset>
<ptzPatrol>0</ptzPatrol>
<ptzTattern>0</ptzTattern>
<ptzControl>0</ptzControl>
<rfCfg>0</rfCfg>
<noAudio>0</noAudio>
<autoFocus>0</autoFocus>
<videoClip>0</videoClip>
<battery>0</battery>
<ispCfg>0</ispCfg>
<osdCfg>1</osdCfg>
<batAnalysis>0</batAnalysis>
<dynamicReso>0</dynamicReso>
<audioVersion>15</audioVersion>
<ledCtrl>1</ledCtrl>
<motion>1</motion>
</item>
</Support>
</body>Seems to be a list of things the camera can do |
<?xml version="1.0" encoding="UTF-8" ?>
<body>
<WifiSignal version="1.1">
<signal>-40</signal>
</WifiSignal>
</body>Seems to be a send reply on signal strength |
|
The following do not seem to have a reply from the camera
<?xml version="1.0" encoding="UTF-8" ?>
<Extension version="1.1">
<channelId>0</channelId>
</Extension>One of this might request the motion stream |
<?xml version="1.0" encoding="UTF-8" ?>
<body>
<SystemGeneral version="1.1">
<timeZone>-25200</timeZone>
<osdFormat>DMY</osdFormat>
<year>2020</year>
<month>9</month>
<day>27</day>
<hour>16</hour>
<minute>18</minute>
<second>9</second>
<deviceId>0</deviceId>
<timeFormat>0</timeFormat>
<language>English</language>
<deviceName>Cammy02</deviceName>
</SystemGeneral>
<Norm version="1.1">
<norm>NTSC</norm>
</Norm>
</body>Seems to be camera timezone info |
<?xml version="1.0" encoding="UTF-8" ?>
<Extension version="1.1">
<channelId>0</channelId>
</Extension>
<?xml version="1.0" encoding="UTF-8" ?>
<body>
<TalkAbility version="1.1">
<duplexList>
<duplex>FDX</duplex>
</duplexList>
<audioStreamModeList>
<audioStreamMode>followVideoStream</audioStreamMode>
</audioStreamModeList>
<audioConfigList>
<audioConfig>
<priority>0</priority>
<audioType>adpcm</audioType>
<sampleRate>16000</sampleRate>
<samplePrecision>16</samplePrecision>
<lengthPerEncoder>1024</lengthPerEncoder>
<soundTrack>mono</soundTrack>
</audioConfig>
</audioConfigList>
</TalkAbility>
</body>This is the back channel audio I think where we can send sound to play at the camera |
|
I see the official client shot of this packet which may be the trigger for alarm messages? |
|
Interesting. I haven't seen that packet but sometimes I miss other packets too so maybe the Mac packet taping method isnt reliable. Could you post the part with the BC packet header. It's a little difficult to read in your picture. |
|
0000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx 45 00 There is several magic's in there. |
|
How interesting multiple magics... Neolink is not designed to send Extension XML let alone multiple headers. This will need some doing to test out. I wonder if it is one header per requested token in the extension. Seems to be 6 headers and 6 tokens. If we can do the same with just one header one token XML that would be easier. |
|
This is that packet going to a Reolink RLC-410 The dissector doesn't like this packet and is likely why you miss it. |
|
RLC-410 4mp version (encrypted): |
|
I have found a few moer seems the dissector won't spot multiple header packets. Thanks for the heads up maybe I can make the dissector look for array of headers |
|
I've modified the dissector to find multi header packets. Still not perfect as I can see more packets (single header) that haven't been picked up either. I am wondering if the cam is just bundling some messages together of if it's supposed to be these header all share the same XML data |
|
You know how we had to make the media packets a stream that could cross packet boundaries. I am thinking that all of the BC packets are an embedded stream.... |
|
@thirtythreeforty Do you think it is possible that it is not just the media packets that are an embedded stream but all messages? |
|
So my dissector now reassebles over packets and that causes it to fully build the media packets as one set and for it to break at the reassembled bounaries. I have also had some cases where a new message starts right after an old one without a packet brake (first message modern with xml second video mesage) |
|
I think the encryption flag is not what we think it is This packet Has an encryption flag as false, BUT it is clearly encrypted xml |
|
Maybe the encryption flag is another layer of obfuscation. The person that invented the protocol which tries to hide the username and password with md5 and nonce etc. If you didn't see the initial correct encrypted status you would need to test a packet for if the xml portion looked like <?xml or other instead of simply looking at the encrypted flag. Or the encrytped flag is only ever actually set by the cam in its first response. |
|
Here is my updated dissector maybe you can have a go and see if it behaves for you. It seems to work for me to pick up multi messages per packet and will also still try and reassemble messages split over multiple packets |
|
It also will always test the first four bytes of the xml to see if its encrypted |
|
I get this message you do now
<?xml version="1.0" encoding="UTF-8" ?>
<Extension version="1.1">
<userName>...</userName>
<token>system, network, alarm, record, video, image</token>
</Extension>yay will keep looking into the packets and then test various things |
|
This is the reply to 151 from the camera <?xml version="1.0" encoding="UTF-8" ?>
<body>
<AbilityInfo version="1.1">
<userName>...</userName>
<system>
<subModule>
<abilityValue>general_rw, norm_rw, version_ro, uid_ro, autoReboot_rw, restore_rw, reboot_rw, shutdown_rw, dst_rw, log_ro, performance_ro, upgrade_rw, export_rw, import_rw, bootPwd_rw</abilityValue>
</subModule>
</system>
<network>
<subModule>
<abilityValue>port_rw, dns_rw, email_rw, ipFilter_rw, localLink_rw, pppoe_rw, upnp_rw, wifi_rw, ntp_rw, netStatus_rw, ptop_rw, autontp_rw</abilityValue>
</subModule>
</network>
<alarm>
<subModule>
<channelId>0</channelId>
<abilityValue>motion_rw</abilityValue>
</subModule>
</alarm>
<image>
<subModule>
<channelId>0</channelId>
<abilityValue>ispBasic_rw, ispAdvance_rw, ledState_rw</abilityValue>
</subModule>
</image>
<video>
<subModule>
<channelId>0</channelId>
<abilityValue>osdName_rw, osdTime_rw, shelter_rw</abilityValue>
</subModule>
</video>
</AbilityInfo>
</body>Seems to be a list of capabilities for the requested tokens |
|
Love the updated dissector. I'm sure some coder will yell and say we should version control these changes and not just attach random zip's! |
|
Haha yes don't worry it is version controlled in this branch just hasent been pushed yet. I add the extra XML and a few changes he's myself right after I sent the zip. Ill merge your zip changes in too (I wonder if I can commit your changes under your name... version control expert will probably tell me theres a way to send diffs with names and commit messages too) correct method is probably to make a PR against my branch |
|
I'm going to try and write up and markdown file that contains example messages that Ive seen and add those too. Might help me find the way to start the motion if I have them all layed out. |
|
So I have added a documentation with all the messages I observed during normal operation. This does not change any settings or anything special just connect and watch what was sent between client and camera. You can see the current version here |
Added a reboot command to neolink
Split bc and bcmedia into seperate modules Add bcmedia serialisation and remove redundent data from the bcmedia model
Bug fix to TalkConfig
Bug fix to adpcm serde
Slow talk to sample rate
Update gstreamer-rs
Also remove gio and glib in favor of gstreamer::{glib, gio} to ensure
always using comapt version
Add TalkAbility protocol and update talk to use it. Also add a `talk_stream` method
Use `talk_stream` and gstreamer to play other types of audio
Add microphone and volume to talk command
Don't decode adpcm
Debug print the error when camera fails to stream
Use correct adpcm block size
Allow retries during read in deserlisation
Use TalkReset messages after talk finishes
Update talk sources to use new input format Quick fix to input sources
|
@QuantumEntangledAndy Can you indicate the state of Motion Detection and MQTT. I had some compile errors on your mqtt branch with I would like this functionality to be able to send a motion on/off commands from the neolink to Motioneye. On the Motion/MotionEye side, it probably also needs some work to get motion(eye) to react on these (MQTT) commands. |
|
mqtt is still not in master. If #185 gets merged I will add it as a formal extension using sub commands. If I get time I'll try and see if I can get this branch to compile for you |
|
@QuantumEntangledAndy thanks for the quick reply. I managed to compile the |
|
The lexical core issue is already fixed in master. I just need to bring this mqtt up to date. I am going to add it as a subcommand to the #185 so it will be useable as neolink mqtt --config=...Might take a week though as I've got a few work commitments coming up. |
|
Don't hurry. I will do my testing now with the |
QuantumEntangledAndy
force-pushed
the
mqtt
branch
from
6f8061b
to
cc51758
Compare
|
Ok so I have something if you want to test it out. This branch of mqtt is used like this neolink mqtt --config=config.tomlThe motion and status messages from the camera to the mqtt are the same. There are the following mqtt control commands from mqtt to the camera
|
|
Closed in favor of #197 |
This is more of a proposal for comments than something I want to merge just yet, but we can do motion detection event publishing using MQTT.
Currently I have:
The subscription to both 3 and 33 is not quite working as expected but I am working on it
Works towards #58
Update: This started off as just a simple motion detection and MQTT however in the process it was found that our undestanding of the protocol needed updating and that the bc_protocol and the serde needed updating. Sorry for that...