evanok
New Member
- Joined
- Nov 13, 2017
- Messages
- 1
- Reaction score
- 1
- Country
- Ireland
hello. nice work. if you have not already done so...please open my user profile in this forum and see all my posts in this thread. you might find something useful there. cheers.
I went through all of your posts, I came across some useful information using wireshark, nping, nmap, jadx and apktool.
Using nmap (nmap -v -A -sV 192.168.100.1) I've found that
Port 55 is dnsmasq
Port 80 is your regular http running on jdbhttp/0.1.1
Port 6666 is using tcpwrapper so it could be nothing or it could be used during communication (unknown right now)
The protocols connection seems to always involve a library called libipcamera.so , I have yet to find the C source code for this to see how it works.
I see a couple of projects use it, but haven't found the source code yet
I tried using arm-linux-armeabi-objdump to see if I can get anything from it, but It's fairly hard to read out.
You can find the library in both XDV-360 and Wimius XDV in the libs folder of the android apk (use jadx to get readable java code, apktool to get everything else)
One of the first things that popped out of XDV-360 was a GET request , which using pcap2curl generated this
curl 'http://192.168.100.1/system/build.prop' -X GET \
-H 'X-Unity-Version: 5.3.5p4' \
-H 'User-Agent: Dalvik/2.1.0 (Linux; U; Android 6.0.1; SM-A520F Build/MMB29K)' \
-H 'Host: 192.168.100.1' \
-H 'Connection: Keep-Alive' \
-H 'Accept-Encoding: gzip'
the response being
HTTP/1.1 200 OK
Server: jdbhttpd/0.1.0
Content-Type: application/octet-stream
Content-Length: 1566
Connection: Keep-alive
# begin build properties
# autogenerated by buildinfo.sh
ro.build.id=JDQ39
ro.build.display.id=fuxin360imx179s_sdv-eng 4.2.2 JDQ39 eng.fjj.20160921.190039 test-keys
ro.build.version.incremental=eng.fjj.20160921.190039
ro.build.version.sdk=17
ro.build.version.codename=REL
ro.build.version.release=4.2.2
ro.build.date=2016... 09... 21... ......... 19:01:00 CST
ro.build.date.utc=1474455660
ro.build.type=eng
ro.build.user=fjj
ro.build.host=sunchip-To-be-filled-by-O-E-M
ro.build.tags=test-keys
ro.product.model=SoftwinerEvb
ro.product.brand=softwinners
ro.product.name=fuxin360imx179s_sdv
ro.product.device=fuxin360imx179s-sdv
ro.product.board=pluto
ro.product.cpu.abi=armeabi-v7a
ro.product.cpu.abi2=armeabi
ro.product.manufacturer=unknown
ro.wifi.channels=
ro.board.platform=exDroid
# ro.build.product is obsolete; use ro.product.device
ro.build.product=fuxin360imx179s-sdv
# Do not try to parse ro.build.description or .fingerprint
ro.build.description=fuxin360imx179s_sdv-eng 4.2.2 JDQ39 eng.fjj.20160921.190039 test-keys
ro.build.fingerprint=softwinners/fuxin360imx179s_sdv/fuxin360imx179s-sdv:4.2.2/JDQ39/eng.fjj.20160921.190039:eng/test-keys
ro.build.characteristics=sdv
# end build properties
#
# ADDITIONAL_BUILD_PROPERTIES
#
ro.feature.http=1
sys.usb.config=mass_storage,adb
ro.font.scale=1.0
ro.hwa.force=true
rw.logger=0
ro.sys.bootfast=true
ro.cdr.debug=false
ro.aw.sensordiscard=8
ro.product.modelcx=v3-xdv360
ro.product.brandcx=sunchip
rw.chipidcx=8888
ro.kernel.android.checkjni=1
net.bt.name=CamLinux
dalvik.vm.stack-trace-file=/data/anr/traces.txt
If I find the libipcamera.so source code, connecting to the device will be much easier.
I found that the higher res cameras use p2p streaming (I'm also trying to reverse engineer the samsung 360 camera)
If anyone has any extra info, it would be great to get this working without the apks