Onvif

From I Will Fear No Evil
Revision as of 14:36, 28 May 2023 by Chubbard (talk | contribs)
Jump to navigation Jump to search

Things to remember when with ONVIF

Generic notes and reminders since onvif compatible systems are usually not documented well and have different syntax. Also some manufacturers LIE, the bastards!

First NMAP the subnet looking for the camera 

sudo nmap 192.168.15.218
Starting Nmap 7.80 ( https://nmap.org ) at 2023-05-28 11:22 PDT
Nmap scan report for 192.168.15.218
Host is up (0.013s latency).
Not shown: 997 closed ports
PORT     STATE SERVICE
554/tcp  open  rtsp
8800/tcp open  sunwebadmin
8899/tcp open  ospf-lite
MAC Address: B4:FB:E3:A4:FC:BB (Unknown)

Attempt to retrieve onvif data. This should return SOMETHING if it is at least somewhat compatible.

There is a good chance that you will have to try each of the ports to see which responds to the curl command 

curl -L http://192.168.15.218:8899/onvif
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Fault xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsdd="http://schemas.xmlsoap.org/ws/2005/04/discovery" xmlns:chan="http://schemas.microsoft.com/ws/2005/02/duplex" xmlns:wsa5="http://www.w3.org/2005/08/addressing" xmlns:c14n="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:xmime="http://tempuri.org/xmime.xsd" xmlns:xop="http://www.w3.org/2004/08/xop/include" xmlns:tt="http://www.onvif.org/ver10/schema" xmlns:tds="http://www.onvif.org/ver10/device/wsdl" xmlns:tev="http://www.onvif.org/ver10/events/wsdl" xmlns:wsnt="http://docs.oasis-open.org/wsn/b-2" xmlns:timg="http://www.onvif.org/ver20/imaging/wsdl" xmlns:tmd="http://www.onvif.org/ver10/deviceIO/wsdl" xmlns:tptz="http://www.onvif.org/ver20/ptz/wsdl" xmlns:trc="http://www.onvif.org/ver10/recording/wsdl" xmlns:trt="http://www.onvif.org/ver10/media/wsdl"><faultcode>SOAP-ENV:Client</faultcode><faultstring>HTTP GET method not implemented</faultstring></SOAP-ENV:Fault>

From what I have seen even the crap cameras at least honor rtsp being on port 554 and vendors dont get too cute with that.

Attempting to get the motion controls working. This is where the real PITA comes into play. Every vendor seems to implement the commands in their own unique way. I suspect it has to do with a basic vendor lock so you are stuck with their crap software on your phone. TCPDUMP is useful in this case as well as simply poking at the camera until you get a response.

In Zoneminder, you can attempt to poke at the cam using the zmonvif-probe.pl, and sometimes get good info back. 

root@5c0161bd77e2:/# /usr/bin/zmonvif-probe.pl -v profiles http://192.168.15.218:8899/onvif/device_service 1.1 USERNAME PASSWORD -v
No results from GetCapabilities: <Fault xmlns="http://schemas.xmlsoap.org/soap/envelope/"><faultcode>SOAP-ENV:Client</faultcode><faultstring>End of file or no input: Operation interrupted or timed out</faultstring></Fault>
Received message:
<GetProfilesResponse xmlns="http://www.onvif.org/ver10/media/wsdl"><Profiles token="stream0_0" fixed="false"><Name xmlns="http://www.onvif.org/ver10/schema">stream0_0</Name><VideoSourceConfiguration xmlns="http://www.onvif.org/ver10/schema"><Name>VideoSourceConfiguration0</Name><UseCount>2</UseCount><SourceToken>VideoSource0</SourceToken><Bounds x="0" y="0" width="1920" height="1080"></Bounds></VideoSourceConfiguration><VideoEncoderConfiguration xmlns="http://www.onvif.org/ver10/schema"><Name>VideoEncoderConfiguration0_0</Name><UseCount>2</UseCount><Encoding>H264</Encoding><Resolution><Width>1920</Width><Height>1080</Height></Resolution><Quality>5</Quality><RateControl><FrameRateLimit>15</FrameRateLimit><EncodingInterval>1</EncodingInterval><BitrateLimit>1400</BitrateLimit></RateControl><H264><GovLength>60</GovLength><H264Profile>High</H264Profile></H264><Multicast></Multicast><SessionTimeout>PT0S</SessionTimeout></VideoEncoderConfiguration><PTZConfiguration xmlns="http://www.onvif.org/ver10/schema"><Name>Anv_ptz_0</Name><UseCount>2</UseCount><NodeToken>Anv_ptz_node_0</NodeToken><DefaultContinuousPanTiltVelocitySpace>http://www.onvif.org/ver10/tptz/PanTiltSpaces/VelocityGenericSpace</DefaultContinuousPanTiltVelocitySpace><DefaultContinuousZoomVelocitySpace>http://www.onvif.org/ver10/tptz/ZoomSpaces/VelocityGenericSpace</DefaultContinuousZoomVelocitySpace><DefaultPTZTimeout>PT0H0M0.010S</DefaultPTZTimeout></PTZConfiguration></Profiles><Profiles token="stream0_1" fixed="false"><Name xmlns="http://www.onvif.org/ver10/schema">stream0_1</Name><VideoSourceConfiguration xmlns="http://www.onvif.org/ver10/schema"><Name>VideoSourceConfiguration1</Name><UseCount>2</UseCount><SourceToken>VideoSource0</SourceToken><Bounds x="0" y="0" width="640" height="480"></Bounds></VideoSourceConfiguration><VideoEncoderConfiguration xmlns="http://www.onvif.org/ver10/schema"><Name>VideoEncoderConfiguration0_1</Name><UseCount>2</UseCount><Encoding>H264</Encoding><Resolution><Width>640</Width><Height>480</Height></Resolution><Quality>5</Quality><RateControl><FrameRateLimit>25</FrameRateLimit><EncodingInterval>1</EncodingInterval><BitrateLimit>640</BitrateLimit></RateControl><H264><GovLength>60</GovLength><H264Profile>Main</H264Profile></H264><Multicast></Multicast><SessionTimeout>PT0S</SessionTimeout></VideoEncoderConfiguration><PTZConfiguration xmlns="http://www.onvif.org/ver10/schema"><Name>Anv_ptz_1</Name><UseCount>2</UseCount><NodeToken>Anv_ptz_node_1</NodeToken><DefaultContinuousPanTiltVelocitySpace>http://www.onvif.org/ver10/tptz/PanTiltSpaces/VelocityGenericSpace</DefaultContinuousPanTiltVelocitySpace><DefaultContinuousZoomVelocitySpace>http://www.onvif.org/ver10/tptz/ZoomSpaces/VelocityGenericSpace</DefaultContinuousZoomVelocitySpace><DefaultPTZTimeout>PT0H0M0.010S</DefaultPTZTimeout></PTZConfiguration></Profiles></GetProfilesResponse>
stream0_0, stream0_0, H264, 1920, 1080, 15, rtsp://192.168.15.218/live/ch00_1
stream0_1, stream0_1, H264, 640, 480, 25, rtsp://192.168.15.218/live/ch00_0

Take the XML output and drop it in a file. Then run it through xml2 so it is readable. 

at /tmp/xml | xml2 
/GetProfilesResponse/@xmlns=http://www.onvif.org/ver10/media/wsdl
/GetProfilesResponse/Profiles/@token=stream0_0
/GetProfilesResponse/Profiles/@fixed=false
/GetProfilesResponse/Profiles/Name/@xmlns=http://www.onvif.org/ver10/schema
/GetProfilesResponse/Profiles/Name=stream0_0
/GetProfilesResponse/Profiles/VideoSourceConfiguration/@xmlns=http://www.onvif.org/ver10/schema
/GetProfilesResponse/Profiles/VideoSourceConfiguration/Name=VideoSourceConfiguration0
/GetProfilesResponse/Profiles/VideoSourceConfiguration/UseCount=2
/GetProfilesResponse/Profiles/VideoSourceConfiguration/SourceToken=VideoSource0
/GetProfilesResponse/Profiles/VideoSourceConfiguration/Bounds/@x=0
/GetProfilesResponse/Profiles/VideoSourceConfiguration/Bounds/@y=0
/GetProfilesResponse/Profiles/VideoSourceConfiguration/Bounds/@width=1920
/GetProfilesResponse/Profiles/VideoSourceConfiguration/Bounds/@height=1080
/GetProfilesResponse/Profiles/VideoEncoderConfiguration/@xmlns=http://www.onvif.org/ver10/schema
/GetProfilesResponse/Profiles/VideoEncoderConfiguration/Name=VideoEncoderConfiguration0_0
/GetProfilesResponse/Profiles/VideoEncoderConfiguration/UseCount=2
/GetProfilesResponse/Profiles/VideoEncoderConfiguration/Encoding=H264
/GetProfilesResponse/Profiles/VideoEncoderConfiguration/Resolution/Width=1920
/GetProfilesResponse/Profiles/VideoEncoderConfiguration/Resolution/Height=1080
/GetProfilesResponse/Profiles/VideoEncoderConfiguration/Quality=5
/GetProfilesResponse/Profiles/VideoEncoderConfiguration/RateControl/FrameRateLimit=15
/GetProfilesResponse/Profiles/VideoEncoderConfiguration/RateControl/EncodingInterval=1
/GetProfilesResponse/Profiles/VideoEncoderConfiguration/RateControl/BitrateLimit=1400
/GetProfilesResponse/Profiles/VideoEncoderConfiguration/H264/GovLength=60
/GetProfilesResponse/Profiles/VideoEncoderConfiguration/H264/H264Profile=High
/GetProfilesResponse/Profiles/VideoEncoderConfiguration/Multicast
/GetProfilesResponse/Profiles/VideoEncoderConfiguration/SessionTimeout=PT0S
/GetProfilesResponse/Profiles/PTZConfiguration/@xmlns=http://www.onvif.org/ver10/schema
/GetProfilesResponse/Profiles/PTZConfiguration/Name=Anv_ptz_0
/GetProfilesResponse/Profiles/PTZConfiguration/UseCount=2
/GetProfilesResponse/Profiles/PTZConfiguration/NodeToken=Anv_ptz_node_0
/GetProfilesResponse/Profiles/PTZConfiguration/DefaultContinuousPanTiltVelocitySpace=http://www.onvif.org/ver10/tptz/PanTiltSpaces/VelocityGenericSpace
/GetProfilesResponse/Profiles/PTZConfiguration/DefaultContinuousZoomVelocitySpace=http://www.onvif.org/ver10/tptz/ZoomSpaces/VelocityGenericSpace
/GetProfilesResponse/Profiles/PTZConfiguration/DefaultPTZTimeout=PT0H0M0.010S
/GetProfilesResponse/Profiles
/GetProfilesResponse/Profiles/@token=stream0_1
/GetProfilesResponse/Profiles/@fixed=false
/GetProfilesResponse/Profiles/Name/@xmlns=http://www.onvif.org/ver10/schema
/GetProfilesResponse/Profiles/Name=stream0_1
/GetProfilesResponse/Profiles/VideoSourceConfiguration/@xmlns=http://www.onvif.org/ver10/schema
/GetProfilesResponse/Profiles/VideoSourceConfiguration/Name=VideoSourceConfiguration1
/GetProfilesResponse/Profiles/VideoSourceConfiguration/UseCount=2
/GetProfilesResponse/Profiles/VideoSourceConfiguration/SourceToken=VideoSource0
/GetProfilesResponse/Profiles/VideoSourceConfiguration/Bounds/@x=0
/GetProfilesResponse/Profiles/VideoSourceConfiguration/Bounds/@y=0
/GetProfilesResponse/Profiles/VideoSourceConfiguration/Bounds/@width=640
/GetProfilesResponse/Profiles/VideoSourceConfiguration/Bounds/@height=480
/GetProfilesResponse/Profiles/VideoEncoderConfiguration/@xmlns=http://www.onvif.org/ver10/schema
/GetProfilesResponse/Profiles/VideoEncoderConfiguration/Name=VideoEncoderConfiguration0_1
/GetProfilesResponse/Profiles/VideoEncoderConfiguration/UseCount=2
/GetProfilesResponse/Profiles/VideoEncoderConfiguration/Encoding=H264
/GetProfilesResponse/Profiles/VideoEncoderConfiguration/Resolution/Width=640
/GetProfilesResponse/Profiles/VideoEncoderConfiguration/Resolution/Height=480
/GetProfilesResponse/Profiles/VideoEncoderConfiguration/Quality=5
/GetProfilesResponse/Profiles/VideoEncoderConfiguration/RateControl/FrameRateLimit=25
/GetProfilesResponse/Profiles/VideoEncoderConfiguration/RateControl/EncodingInterval=1
/GetProfilesResponse/Profiles/VideoEncoderConfiguration/RateControl/BitrateLimit=640
/GetProfilesResponse/Profiles/VideoEncoderConfiguration/H264/GovLength=60
/GetProfilesResponse/Profiles/VideoEncoderConfiguration/H264/H264Profile=Main
/GetProfilesResponse/Profiles/VideoEncoderConfiguration/Multicast
/GetProfilesResponse/Profiles/VideoEncoderConfiguration/SessionTimeout=PT0S
/GetProfilesResponse/Profiles/PTZConfiguration/@xmlns=http://www.onvif.org/ver10/schema
/GetProfilesResponse/Profiles/PTZConfiguration/Name=Anv_ptz_1
/GetProfilesResponse/Profiles/PTZConfiguration/UseCount=2
/GetProfilesResponse/Profiles/PTZConfiguration/NodeToken=Anv_ptz_node_1
/GetProfilesResponse/Profiles/PTZConfiguration/DefaultContinuousPanTiltVelocitySpace=http://www.onvif.org/ver10/tptz/PanTiltSpaces/VelocityGenericSpace
/GetProfilesResponse/Profiles/PTZConfiguration/DefaultContinuousZoomVelocitySpace=http://www.onvif.org/ver10/tptz/ZoomSpaces/VelocityGenericSpace
/GetProfilesResponse/Profiles/PTZConfiguration/DefaultPTZTimeout=PT0H0M0.010S

Generic PTZ Cameras that I have figured the settings out for https://wiki.zoneminder.com/Netcat 

Controllable 	checked
Control Type 	Netcat ONVIF
Control Device 	NONE/ Profile_1/ Profile????/ETC
Control Address user:pass@!IP:port / IP:port
Auto Stop Timeout 	none/0.50/1.00
Retrieved from "https://wiki.iwillfearnoevil.com/mediawiki/index.php?title=Onvif&oldid=278"