logo elektroda
logo elektroda
X
logo elektroda
Advanced Search
logo elektroda

Cheap IP camera - freedom from the cloud

pixel7 11688 53
ADVERTISEMENT
Treść została przetłumaczona polish » english Zobacz oryginalną wersję tematu
Report a violation of the law
Reply | New topic
Notify about new articles
📢 Listen (AI):
  • Good morning!

    Below I will present a brief technical description of the device itself and steps to free it from the manufacturer`s cloud without changing the firmware.

    White rotating camera with WiFi antenna and mounting plate.

    I bought the camera on a well-known auction site, it cost PLN 75 then, now it costs PLN 85.

    Product image of an Asato outdoor rotating IP camera on an e-commerce platform.


    TECHNICAL DESCRIPTION

    Technical data according to the seller:
    Quote:

    Waterproof: IP65 - the camera is resistant to rain, snow and other difficult weather conditions.
    Connection type: WiFi - wireless connection of the camera to the home Internet network, providing easy access and remote control.
    Recording resolution: 1080p (Full HD) - provides high-quality, detailed video image.
    Zoom function: digital 4x
    Antenna: 5dBi - provides a strong and stable WiFi signal, increasing the range and reliability of the wireless connection.
    WiFi standard: 2.4GHz - compatible with most home routers, offering easy configuration and stable connection.
    Camera program: Ease Life - an intuitive mobile application that allows you to easily manage your camera.
    Power supply: DC 5V/2A
    Infrared diodes: 21x IR LED - allow for clear viewing in complete darkness, also at night.
    Recording function: microSD card / cloud - offers flexible options for saving recordings, both locally on a microSD card and remotely in the cloud.
    Supported cards: microSD up to 128GB
    Photo function: yes


    To install the camera, use the appropriate application (Aview) available for mobile devices.
    Using it, we can connect it to the home WiFi network (STA) or use it in AP mode (connect to its hotspot).
    To be able to connect to the camera remotely, we need to log it into the Alibaba cloud (CN) and everything that happens to it goes through their servers (!).
    This creates a huge danger because we have a foreign device in our LAN with full access to the network, and I don`t need to explain what can be done in such a configuration..

    The device can be easily disassembled, 3 screws connect the balls to the camera and the whole thing is suspended on the ears of the rotating mechanism (1 screw).
    I had to disassemble it to replace the power cable - the original one was a 15 cm cable with a plug, I replaced it with a longer one.
    I don`t want to go into the details of the construction - one note, the rotation mechanisms do not have information about the position, everything is based on the number of rotation steps,
    at startup, full-range calibration must occur in both axes.

    Below are some photos of the interior.
    Main board:
    View of the interior of an IP camera with visible main circuit board and wiring.

    WiFi module:
    Interior of an IP camera with visible main board and WiFi module

    Motor controls and their appearance:
    Close-up of a camera's main circuit board with wires.
    Interior of an IP camera with visible circuit board and wiring. Close-up of the interior of a camera showing the motor and wiring.

    LISTENING TO THE PROTOCOL

    The camera, like most, supports the RTSP protocol, enabling the transfer of image, sound and more (duplex).
    I haven`t found any description of the specific addressing of this device on the Internet, but after scanning its available ports, the most interesting one is
    554 turned out to be open - but none of the popular address combinations worked.

    I decided to listen to her communication using PCAPdroid (on the phone), but the communication with the external cloud was immediately secured by TLS, so I didn`t learn much.
    Frame examples:

    Screenshot showing network data of TCP and TLS packets.

    Changing the connection mode to AP helped, I reset to the factory and connected directly.
    It turned out that the application easily uses only RTSP for communication and without encryption.
    I saved sample packets from the phone while I was working and analyzed them.

    Screenshot showing network traffic analysis results using the RTSP protocol.

    IMAGE STREAM

    After initial analysis, I used a simple python script to capture the video stream.
    Just use the ready-made openCV (it can natively decode this stream):

    Code: Python
    Log in, to see the code


    The above example takes image frames, scales to, and previews on screen.
    Once prepared, we can use it freely, save it as a bitmap or paste a movie on the fly.
    In my case, they go to rpi where AI analyzes the data and recordings (NVR) are created.

    CONTROL OF CAMERA MECHANISMS

    The camera has a rotating mechanism. I also discovered access to it in the RTSP transmission logs.
    It turns out that the camera has the ability to read and respond to feedback messages. While working, I managed to call up a list of its parameters:
    Quote:

    1 Up_Start
    2 Down_Start
    3 Left_Start
    4 Right_Start
    5 Right_Up_Start
    6 Right_Down_Start
    7 Left_Up_Start
    8 Left_Down_Start
    9 PT_Stop
    10 Zoom_Tele - max zoom 12
    11 Zoom_Wide - min zoom 1
    12 Zoom_Stop
    13 Focus_Near
    14 Focus_Far
    15 Focus_Stop
    17 IRIS_CLOSE
    18 IRIS_Stop


    To manage these settings, you must send the appropriate frame with the command.
    Surprisingly, the control commands run without logging in!

    The rotation is in 2 stages, first start:
    Code: Bash
    Log in, to see the code


    then stop rotation:
    Code: Bash
    Log in, to see the code


    The -cmd parameter indicates the type of action (as listed above)
    The time between sending packets is also dependent on the -data2 55 parameter (speed).

    Another example, setting the date and time:
    Code: Bash
    Log in, to see the code


    Below is an example class for handling rotation (up - down), which I wrote after understanding the command structure, and I am gradually adding new ones.

    Code: Python
    Log in, to see the code


    As I mentioned above, the camera can be rotated by controlling the rotation time and speed, and due to the lack of position information, you have to remember their number for each position change.
    It certainly saves the last ones itself, because it sets them after a restart.

    class="notranslate"> DISCONNECTING FROM THE MANUFACTURER`S CLOUD

    Being able to freely control the camera, I left it connected to my LAN, but blocked its access to the Internet on the router. In this situation, the manufacturer`s application does not see the camera, it considers its status as offline and no data is sent.
    However, this means that there is no access from the outside.
    In my case it doesn`t matter, the camera is controlled by rpi, the image is sent to it, I have another way of viewing it - restream via my internal www.
    Additionally, I have a public IP, my own openVPN server, and my devices (telephone, computer, etc.) are usually connected when I am outside, so they behave like in a LAN.

    CONCLUSIONS

    The camera generates quite a good image both during the day and at night, and additionally has LED illumination (white and IR).
    I have virtually full access to it and the ability to control its parameters.
    Currently, the image from it goes to rpi, where it is analyzed by AI. The camera observes the road in front of the house. Recognizes movement, its direction, moving objects (person, car), works on tracking and following the object, etc.

    Probably most of these types of cheap IP cameras can be used without the original and UNSAFE manufacturer`s software, but then you need your own additional software.

    Mr.
    About Author
    pixel7
    Level 24  
    Offline 
    pixel7 wrote 656 posts with rating 160, helped 53 times. Live in city warszawa. Been with us since 2007 year.
  • ADVERTISEMENT
  • #2 20959744
    gulson
    System Administrator
    Posts: 29368
    Help: 148
    Rate: 6050
    Thanks for presenting the solution to disconnecting from the cloud and being independent!
    If you write to Paczkomat, I will send you a small gift.
  • #3 20959790
    prosiak_wej
    Level 39  
    Posts: 5273
    Help: 501
    Rate: 1459
    pixel7 wrote:
    The camera generates quite a good image both during the day and at night, and additionally has LED illumination (white and IR).


    Well, maybe some samples?
  • #4 20959889
    chemik_16
    Level 27  
    Posts: 1000
    Help: 75
    Rate: 128
    Peel off the plate from the CPU. But generally speaking, I see that it`s an ingenic board, so you can upload openipc there.
    They come in various configurations, even with 3 cameras
  • #5 20960807
    siewcu
    Level 35  
    Posts: 3805
    Help: 133
    Rate: 458
    Please tell me what could be so dangerous that such a camera could do. I`m curious, people keep saying that it`s so dangerous and I wonder what harm Alibaba can do to me. Will they come from China and rob the house? I`m asking seriously, because you only wrote Chinese = dangerous, without any specifics.
  • #7 20960910
    pixel7
    Level 24  
    Posts: 656
    Help: 53
    Rate: 160
    prosiak_wej wrote:
    Well, maybe some samples?
    : :

    Yes, I will post examples in the evening.

    chemik_16 wrote:
    Peel off the plate from the CPU. But generally speaking, I see that it`s an ingenic board, so you can upload openipc there.


    I didn`t know there was an alternative to this processor, I didn`t even care what it was like.
    It meets my needs, so I didn`t interfere that much.

    siewcu wrote:
    Please tell me what could be so dangerous that such a camera could do. I`m curious, people keep saying that it`s so dangerous and I wonder what harm Alibaba can do to me. Will they come from China and rob the house? I`m asking seriously, because you only wrote Chinese = dangerous, without any specifics.


    With the system logged into a FOREIGN network, I can:
    1. Cause an attack outside this network (DDOS, etc.), be included in a troll farm - the owner will be blamed.
    2. Scan, collect information about devices, extract passwords floating around LAN, etc., e.g. in many (commercial!) systems, login and pass to SQL are in CLEAR text.
    3. Would you install one in your bedroom, for example?

    I don`t understand this approach to today`s technology. Users lack imagination. The Chinese may not be evil to the core, but unlike others, their imagination is exceptionally extensive. They have a lot of experience with painting. Their society has accepted surveillance, do we want it too?


    This is the beginning of the Privacy Policy of this app. Who read and agreed?
    Screen displaying the Chinese privacy policy of the AView app with publication and effective dates.
  • #8 20960953
    Anonymous
    Level 1  
  • #9 20960975
    pixel7
    Level 24  
    Posts: 656
    Help: 53
    Rate: 160
    michał_bak wrote:
    Moreover, I am curious whether such interference with the software is not a copyright infringement.


    In this case, there is no interference with the device. I only use the data created by the manufacturer. Can be used in AP mode to not send anything outside.
    Besides, you don`t have to eat just soup with a tablespoon. And I`ve seen much more interesting uses of it. I don`t think the manufacturer has any influence on this, no one has bent the spoon, cut it, etc...
  • #10 20961155
    dktr
    Level 26  
    Posts: 937
    Help: 45
    Rate: 729
    I always cut off access to the Internet on routers for cameras, light bulbs, vacuum cleaners, and basically everything that doesn`t need it, sometimes I only leave access to the time server. People don`t realize that these devices are normal computers that can, for example, set up an L2TP tunnel and give someone access to our Internet.
  • ADVERTISEMENT
  • #11 20961656
    kris8888
    Level 41  
    Posts: 6940
    Help: 532
    Rate: 1891
    pixel7 wrote:
    With the system logged into a FOREIGN network, I can:
    1. Cause an attack outside this network (DDOS, etc.), be included in a troll farm - the owner will be blamed.
    2. Scan, collect information about devices, extract passwords floating around LAN, etc., e.g. in many (commercial!) systems, login and pass to SQL are in CLEAR text.

    I`m asking out of curiosity, because I don`t know much about it, whether some smart home devices, such as detectors, switches operating under the supervision of servers and the Chinese Tuya cloud, also carry the same danger?
    And if so, is there a way to free yourself from the cloud?

    Is it really possible to break into a foreign network through an innocent motion detector or smart switch?
  • #12 20961720
    chemik_16
    Level 27  
    Posts: 1000
    Help: 75
    Rate: 128
    Sure. The same principle - each detector is a microcontroller - a computer connected to your local network.

    All controllers used in Tuya`s iot are currently supported by alternative software, the rest of which is extensively described here on the forum.
    Tasmota/ openbeken etc.
  • #13 20961751
    operator5wp
    Level 16  
    Posts: 340
    Help: 1
    Rate: 134
    I also suggest checking whether the camera can be connected to the rx/tx serial board (baud 115200) via a USB converter, so that you can see what the system is like and the ability to send commands via putty.
  • #14 20961806
    kris8888
    Level 41  
    Posts: 6940
    Help: 532
    Rate: 1891
    chemik_16 wrote:
    Sure. The same principle - each detector is a microcontroller - a computer connected to your local network.

    Well, you`ve got me a little worried. Does this mean that such a detector can monitor and collect all traffic from the local network and then send it anywhere in the world without my knowledge?
    Can this be limited somehow without giving up the tuya cloud? For example, by installing a separate router or creating a separate, separate subnet in my local network, intended only for communication with all Tuya detectors and switches?
  • #15 20962066
    Janusz_kk
    Level 39  
    Posts: 5791
    Help: 220
    Rate: 1449
    kris8888 wrote:
    Does this mean that such a detector can monitor and collect all traffic from the local network and then send it anywhere in the world without my knowledge?

    You have :)
    " Nicole Eagan, president of the cybersecurity company Darktrace, revealed that one of the American casinos had fallen victim to hackers. There would be nothing extraordinary about it if it were not for the fact that they used a smart thermometer to monitor the water in the lobby. aquarium. Hackers managed to steal information from the casino`s valuable database, i.e. transaction messages, as well as employees` private data.
    - The attackers entered the network "through a thermometer," Eagan said in an interview with the Wall Street Journal. - Then they found the database and copied it to the cloud through the gateway of the aquarium device.
    Because IoT devices are usually relatively simple, they often do not contain any special security measures beyond the typical Wi-Fi solution - WPA2, which in itself is not a very strong line of defense.

    https://mlodytechnik.pl/news/29289-wlamanie-do-kasyna-prze-termometr-w-akwarium
  • #16 20962132
    kris8888
    Level 41  
    Posts: 6940
    Help: 532
    Rate: 1891
    On the other hand, does such potential surveillance of a local network using smart devices such as detectors or cameras connected to the cloud differ that much from surveillance by Microsoft, Google or Apple, often with the full consent of users?
    Even if my Internet activity or the name and password of my WiFi network are transferred to the Tuya cloud, nothing should happen.
    I do not share the resources of local disks of computers connected to the network with each other, the computers do not "see" each other, so such smart devices probably do not have access to it either. Unless such access can be easily broken.

    Well, what should users of Chinese solar inverters, e.g. Sofar, also controlled and managed via the cloud (e.g. Solarman application) say? There are thousands of them.
    Not to mention Chinese smartphones from Xiaomi, Huawei and others. This is a completely open window to everything.
  • #17 20962217
    analog_6
    Level 16  
    Posts: 319
    Help: 6
    Rate: 144
    kris8888 wrote:
    I do not share the resources of local disks of computers connected to the network with each other, the computers do not "see" each other, so such smart devices probably do not have access to it either. Unless such access can be easily broken.
    A long time ago I purchased a Lenovo network drive, which is not a bush. the disk did not have access to the Internet. It was connected to the LAN, of course, but it did not have a configured gateway, which did not have an obvious address. And I was quite surprised when this disk started informing me about available updates... So... Since then, all the important things I store on that disk are encrypted with truecrypt (the still secure version).
    Quote:
    Well, what should users of Chinese solar inverters, e.g. Sofar, also controlled and managed via the cloud (e.g. Solarman application) say? There are thousands of them.
    They probably can`t say anything, they can at least create an independent network for this device.
    Quote:
    Not to mention Chinese smartphones from Xiaomi, Huawei and others. This is a completely open window to everything.
    That`s true. I use the "relegated" P40pro myself, because it has become unwanted in the family, and it would be a pity to sell such a solid and fancy device for pennies. But I don`t have anything on it except my Google account, which I use for "important" purposes such as emails on the Internet... :) And of course, no cloud syncing, no consent for anything beyond the basics. To what extent this is possibly respected is a separate topic... I would be more afraid of apps installed even from the Google store.
    On a side note, Samsung also tracks and collaborates well via smart TV, as I recently discovered.
    PS Monitoring, although from the domestic company BCS, because it uses Chinese servers, is running on a network completely separate from the home LAN. Their only common contact is the common 230V phase and the UPS of the modems :)
    I wouldn`t connect any smart crap to my home network FOR ANYTHING. That`s why I opened this thread, because I don`t even touch on similar topics.
    This is probably not the rule, but I think that the flood of the world with Chinese smart home devices is intentional and controlled, perhaps even sponsored. A bit like the Catholic Church cultivating followers when the children don`t speak well yet and their sister is already teaching the beads in kindergarten. Chacha was imbued with the only true religion from childhood, and then 80% of the nation`s followers...
  • ADVERTISEMENT
  • #18 20962291
    dktr
    Level 26  
    Posts: 937
    Help: 45
    Rate: 729
    Quote:
    A long time ago I purchased a Lenovo network drive, which is not a bush. the disk did not have access to the Internet. It was connected to the LAN, of course, but it did not have a configured gateway, which did not have an obvious address. And I was quite surprised when this disk started informing me about available updates... So... Since then, all the important things I store on that disk are encrypted with truecrypt (the still secure version).


    And everything was fine, the disk itself did not have access to the Internet, but the computer from which you logged in to the disk configuration panel already had access and at this stage information was provided that there was a new update.
  • #19 20962301
    elektryku5
    Level 39  
    Posts: 6299
    Help: 460
    Rate: 1053
    dktr wrote:
    And everything was fine, the disk itself did not have access to the Internet, but the computer from which you logged in to the disk configuration panel already had access and at this stage information was provided that there was a new update.


    This could have been the case, but another mechanism that I encountered in the rice router could also have worked, i.e. a fixed LAN IP was set, working in AP mode, and it still downloaded a different address via DHCP.
    Besides, there has been a lack of success with routers lately, in the past, any router I could get used to run DD-WRT or OpenWRT, and now it`s very hard to find one, because modern routers can have less RAM and flash than the old ones that used to have it, and besides, Open doesn`t work I really like Realtek and MediaTek...
  • #20 20962312
    pixel7
    Level 24  
    Posts: 656
    Help: 53
    Rate: 160
    kris8888 wrote:
    I`m asking out of curiosity, because I don`t know much about it, whether some smart home devices, such as detectors, switches operating under the supervision of servers and the Chinese Tuya cloud, also carry the same danger?


    As mentioned earlier - yes, EVERY such device is like an old tin computer. Imagine how many of these there are in your home...
    Moving them to a separate, isolated subnet will protect them from being recognized by other devices. but they themselves perfectly describe your behavior at home - what and how you use it.

    Today it may not be important, but this type of metadata builds huge databases of social behavior and people`s lives.
    Images from such cameras can be used to train networks by building a virtual environment in which they are located. They don`t even have to have goggle cars! We provide their data ourselves and pay for the devices...

    kris8888 wrote:
    Well, what should users of Chinese solar inverters say?


    So producers will have precise information on how much energy is used, when, where and by whom. In case of conflict, it is easy to attack critical areas.

    I would like to add that I would like to manage a cloud of such devices and sell services "under the counter", just like it is done on the market. There are plenty of offers and customers.
  • #21 20962484
    Anonymous
    Level 1  
  • #22 20962805
    Nepto
    Level 24  
    Posts: 563
    Help: 57
    Rate: 246
    kris8888 wrote:
    Is it really possible to break into a foreign network through an innocent motion detector or smart switch?

    Yes.

    An interesting example was the theft of data from a casino through a hack that started with an automated aquarium (!).
    More information e.g. here: https://www.forbes.com/sites/leemathews/2017/...cked-a-fish-tank-to-steal-data-from-a-casino/
    In short,
    Quote:
    Here`s one of the most unconventional: a fish tank. Not just an ordinary fish tank, mind you, but a fairly high-tech one that featured Internet connectivity. That connection allowed the tank to be remotely monitored, automatically adjust temperature and salinity, and automatic feedings. It also allowed hackers to swipe 10 gigabytes of data (..).

    By translating
    Quote:

    And here is one of the most unconventional: an aquarium. Not an ordinary aquarium, but very technologically advanced with Internet connection. This connection enabled remote monitoring of the aquarium, automatic temperature and salinity adjustment, and automated feeding. It also allowed 10 gigabytes of data to be stolen (...)


    Edit: @Janusz_kk: oh, I see that we remember the same case :)
  • #23 20962830
    Anonymous
    Level 1  
  • #24 20962843
    tzok
    VIP Meritorious for electroda.pl
    Posts: 38698
    Help: 3163
    Rate: 6466
    Most "mid-range" routers and above have the option of creating multiple WiFi networks, with the option of separating them into a separate VLAN (AP isolation or guest AP, it is usually called). Connecting a camera or any other IoT element gives it access to the Internet (cloud), but not to the local network. Of course, it is still a programmable electronic device with a radio module and Internet access placed in our home/business.
  • #25 20963061
    kris8888
    Level 41  
    Posts: 6940
    Help: 532
    Rate: 1891
    analog_6 wrote:
    On a side note, Samsung also tracks and collaborates well via smart TV, as I recently discovered.

    You set a good example with these smart TVs. After all, these are quite fancy "computers" permanently connected to the local network. The devil knows what they download and what they send to the outside network without the user`s knowledge. Especially the Chinese ones TCL and Hisense.
    It seems to me that we will not be able to completely escape from cloud solutions and some surveillance of user activity. It`s a matter of being aware of this and protecting your privacy as much as possible.

    It is known that the most doubts and controversies concern these cameras in the cloud. And in fact, I would never connect such a device to my network at home. And these ordinary smart sensors or switches operating, e.g. in the Tuya cloud, are probably not that dangerous. It`s true that I don`t have a permanent, public IP address, but maybe for peace of mind I`ll move all my detectors and switches to a separate VLAN in the router and separate them from the rest of the local network.
    analog_6 wrote:
    This is probably not the rule, but I think that the flood of the world with Chinese smart home devices is intentional and controlled, perhaps even sponsored.

    It`s definitely sponsored. After all, who would benefit from maintaining and powering servers that control millions of smart devices around the world for free? Therefore, Tuya is "free" for users.
  • ADVERTISEMENT
  • #26 20963102
    Anonymous
    Level 1  
  • #27 20963155
    Janusz_kk
    Level 39  
    Posts: 5791
    Help: 220
    Rate: 1449
    kris8888 wrote:
    Well, what should users of Chinese solar inverters, e.g. Sofar, also controlled and managed via the cloud (e.g. Solarman application) say? There are thousands of them.

    You can choose not to plug in the WiFi module, that`s what I did. I don`t need remote reading, so no one will break into it.
    I recently read about popular inverters in Germany, where a man discovered a fairly trivial way to hack into them and either make a fool of the user or create an army of bots, because for this purpose hackers most often use devices such as routers, cameras and similar small items permanently connected to the network. There are scripts combing the web and trying to hack into standard passwords. Therefore, it is essential to change your password to a strong one.

    analog_6 wrote:
    On a side note, Samsung also tracks and collaborates well via smart TV, as I recently discovered.

    Here, a good solution is to cut it off from the network, either completely or block Samsung`s websites, I have the TV completely disconnected and connected to the network and I have it connected
    "Xiaomi Mi TV Stick SMART 8 GB media player" is also Chinese, but at least it does not have access to the camera from the TV :)
    This also has the advantage that the original TV software becomes outdated quite quickly for e.g. new codecs or vod company applications, and it is easier to update such a pen.
  • #28 20963200
    Anonymous
    Level 1  
  • #29 20963322
    tzok
    VIP Meritorious for electroda.pl
    Posts: 38698
    Help: 3163
    Rate: 6466
    A VPN server with a fixed IP is a sure and constant target of attacks ;)

    Janusz_kk wrote:
    to the network and I have "Xiaomi Mi TV Stick SMART 8 GB Media Player" plugged in
    You know this thing has a built-in microphone ;)
  • #30 20963335
    Anonymous
    Level 1  
Reply | New topic
Notify about new articles
📢 Listen (AI):
Report a violation of the law

Topic summary

✨ The discussion centers on a low-cost IP camera that requires connection to the Alibaba cloud for remote access, raising significant privacy and security concerns due to potential unauthorized network access and data collection. The original poster describes a method to disconnect the camera from the cloud without firmware modification, using AP mode to avoid external data transmission. Participants highlight risks such as the device being exploited for network attacks (e.g., DDoS), local network scanning, and metadata collection. The conversation extends to similar IoT devices, including Tuya-based smart switches and detectors, which also pose security risks when connected to cloud services. Alternative firmware options like OpenIPC and Tasmota are mentioned for devices with Ingenic or Tuya chipsets to regain local control and enhance security. Network segmentation strategies, such as VLANs and isolated subnets, are recommended to limit device access and mitigate threats. Examples of real-world breaches via IoT devices, such as a casino hack through a smart aquarium thermometer, illustrate the severity of these vulnerabilities. The debate also touches on broader concerns about embedded backdoors in hardware, manufacturer privacy policies, and the challenges of fully securing consumer IoT devices. Users emphasize the importance of strong passwords, disabling unnecessary internet access, and cautious use of cloud-dependent features. The discussion includes references to common Chinese brands and devices, the use of VPNs for secure remote access, and the limitations of current security measures in consumer electronics.
Generated by the language model.
Today's popular

FAQ

TL;DR: For buyers of cheap cloud cameras, a PLN 75 unit can be used locally without reflashing: block Internet access, keep RTSP on port 554, and control PTZ directly. As the author showed, "the control commands run without logging in," so you can keep video inside your LAN or OpenVPN instead of the vendor cloud. [#20959686]

Why it matters: This FAQ shows how to keep a low-cost Ease Life/Aview camera usable while reducing cloud dependence and limiting exposure of your home network.

Option Firmware change Internet required Remote access Effort
Stock firmware + vendor cloud No Yes Yes, via vendor app Low
Stock firmware + RTSP on LAN No No Only through LAN/OpenVPN/restream Medium
OpenIPC on Ingenic board Yes No Your own method Higher

Key insight: The thread's most practical path is not reflashing. Keep the stock firmware, discover the RTSP stream and PTZ commands, then block WAN access at the router so the camera stays useful but stops talking to the vendor cloud. [#20959686]

Quick Facts

  • The camera was bought for PLN 75, later listed at PLN 85; seller specs included 1080p, 2.4 GHz Wi‑Fi, 5 V / 2 A power, 21 IR LEDs, and microSD up to 128 GB. [#20959686]
  • The most useful open service was RTSP on port 554. Common URL patterns failed, but packet capture in AP mode revealed working stream and control traffic. [#20959686]
  • The sample video path used rtsp://admin:Kamera1@192.168.1.192:554/stream1/track2, and the sample PTZ speed value was 55. [#20959686]
  • The pan/tilt mechanics have no position sensors; after power-up the unit must do full-range calibration on both axes, then infer position from counted steps. [#20959686]
  • A practical isolation pattern from the discussion is guest Wi‑Fi, VLAN, or AP isolation for IoT, while still allowing Internet only if the cloud is truly required. [#20962843]

How do I free a cheap Ease Life/Aview WiFi IP camera from the manufacturer's cloud without changing its firmware?

Use the stock firmware, switch the camera onto your LAN, discover its RTSP stream, then block its Internet access at the router. The author used the Aview app only for setup, kept local RTSP on port 554, and then let a Raspberry Pi handle viewing, AI analysis, and NVR recording. 1. Pair the camera and confirm local access. 2. Test RTSP and PTZ locally. 3. Deny WAN access so the vendor app shows it as offline. [#20959686]

What is RTSP and how is it used to access video and audio streams from a low-cost IP camera?

"RTSP" is a network protocol that controls media streams, letting a client open, play, and manage live video or audio from devices such as IP cameras over a known URL and port. In this thread, RTSP carried the camera image, sound, and even duplex communication, with port 554 exposed and a working local stream path discovered from captured traffic. [#20959686]

How can I find the correct RTSP URL for an unknown Chinese IP camera when common address patterns do not work?

Capture the app-to-camera traffic and read the actual RTSP requests. The author first scanned ports, saw 554 open, then found that popular URL patterns failed. After resetting the unit and switching to AP mode, PCAPdroid showed unencrypted RTSP traffic, which exposed a working path: /stream1/track2 with admin and password Kamera1. [#20959686]

What is AP mode in an IP camera, and why did switching from STA mode to AP mode make traffic analysis easier with PCAPdroid?

"AP mode" is a camera operating mode that makes the device create its own Wi‑Fi hotspot, so a phone connects directly to the camera instead of through the home router or cloud path. In STA mode, the app's external communication was quickly protected by TLS. In AP mode, the same app used plain RTSP locally, which made packet capture and URL discovery much easier in PCAPdroid. [#20959686]

How do I capture and view an RTSP stream from this type of camera in Python with OpenCV?

OpenCV can read the stream directly with cv2.VideoCapture() and display frames in a loop. The thread used rtsp://admin:Kamera1@192.168.1.192:554/stream1/track2, resized frames to 1440 × 810, and quit on the q key. That is enough for live preview, bitmap saving, or forwarding the stream to a Raspberry Pi that creates recordings and runs AI analysis. [#20959686]

What RTSP control commands are needed to move the camera up, down, left, right, and stop using pelcod20ctrl?

Send RTSP CMD frames containing pelcod20ctrl actions. The discovered command list mapped 1=Up_Start, 2=Down_Start, 3=Left_Start, 4=Right_Start, and 9=PT_Stop. A typical move used pelcod20ctrl -type 1 -cmd 1 -data2 55, then a second frame with -cmd 9 to stop. The thread also notes that the same interface exposed zoom, focus, and iris actions. [#20959686]

Why do some PTZ cameras lose exact position after reboot and require full-range calibration on both axes?

They lose exact position because the mechanism has no position feedback sensors. This camera bases movement on counted motor steps, not on absolute encoders. At startup it must sweep its full range on both axes to re-establish a reference, and later movements depend on remembered step counts and speed or time values rather than a true measured position. [#20959686]

How should I block a cloud camera's Internet access on my router while still using it safely inside my LAN or through OpenVPN?

Block only the camera's WAN access and keep local LAN access allowed. In the thread, that made the vendor app mark the camera offline, while the owner still used RTSP locally, restreamed video on an internal web page, and reached the home network remotely through a public IP plus OpenVPN. This keeps control and viewing inside your own network path instead of the vendor cloud. [#20959686]

What are the practical security risks of putting cloud-connected cameras, Tuya detectors, switches, and other IoT devices on a home network?

The practical risks are abuse of the device itself and lateral visibility into your network. Posters named DDoS use, botnet participation, scanning of LAN devices, harvesting poorly protected credentials, and cloud-mediated access paths. One reply summarized the core issue clearly: each detector or switch is "a computer connected to your local network." The thread also cites the well-known aquarium-device casino breach as an example of IoT entry into a larger network. [#20961720]

How do VLANs, guest WiFi, and AP isolation help separate cameras and other IoT devices from the rest of a local network?

They place IoT on a separate network so cameras and switches can reach the Internet or cloud without directly reaching your main PCs and phones. One poster recommended mid-range routers that create multiple Wi‑Fi networks and separate them with VLAN or guest AP functions. That does not make an IoT device harmless, but it limits local-network exposure if the cloud or device is compromised. [#20962843]

OpenIPC vs keeping the stock firmware with RTSP access — which approach is better for an Ingenic-based camera?

Keep the stock firmware if local RTSP and PTZ already meet your needs; choose OpenIPC only if you want deeper firmware control. A forum reply identified the board as Ingenic and said OpenIPC could be uploaded, but the original author did not need it because the stock system already exposed video, PTZ, and local use without cloud access. Lower risk and less work favored stock firmware here. [#20959889]

How can I check whether an IP camera exposes a serial console over RX/TX at 115200 baud, and what can I learn from it?

Open the camera, find the board header, and test the RX/TX pins with a USB serial adapter at 115200 baud. A poster suggested this exact method to reveal what system is running and whether you can issue commands from a terminal such as PuTTY. If the console is active, you may learn boot logs, chipset details, login behavior, and possible maintenance or debugging access. [#20961751]

Why would one Tuya motion detector show a different public IP address in the Tuya Smart app than my other devices on the same router?

The simplest explanation is stale cloud-side data or a software bug in that detector. One poster answered that the device may still display an older public IP from a previous registration, even after the household WAN address changed. The same user also reported that this detector registered poorly to the cloud and sometimes falsely changed its output state, which supports a firmware or cloud-data issue. [#20967662]

How can I use an Ease Life app camera with tinyCam Monitor, and what connection details or RTSP path do I need?

Use tinyCam only if it accepts a manual RTSP source, because the thread exposed the camera through RTSP rather than through the Ease Life cloud. You need the camera's local IP, RTSP port 554, username, password, and the correct path discovered from traffic capture. In the working example, those were admin, Kamera1, and /stream1/track2, which should be entered as a custom RTSP stream in any compatible viewer. [#20959686]

What's the simplest beginner-friendly way to make this kind of cloud camera save recordings to a home network drive or surveillance/NVR system?

The simplest path is to stop relying on the vendor app and feed the RTSP stream into a local recorder. The author sent the stream to a Raspberry Pi, where AI analyzed events and NVR recordings were created. A beginner can follow the same logic: 1. Confirm the RTSP URL works. 2. Add that stream to an NVR or network-drive workflow. 3. Block the camera's Internet access after local recording works. [#20959686]
Generated by the language model.
ADVERTISEMENT