Dahua IPC-HFW4300S
Bought from amazon for $110USD (via Youshop).
I have decided to go with Dahua as replacement of my recently purchased Hikvision DS-2CD2032-I, due to severe stream errors (shitty firmware?) on DS-2CD2032-I.
UPDATE: firmware update fixed the errors with DS-2CD2032-I.
UPDATE: the stream errors are due to nature of these cameras and UDP. The TCP stream is perfect.
Youshop managed to “lose” it, I had to “recover” it from unclaimed pile.
The camera described here was sourced from Amazon.
It came in a retail box, but with Chinese labels. The instructions where also Chinese.
The camera came with preconfigured IP address of 192.168.1.108.
The default username is admin, password is also admin.
WebUI
The web interface is somewhat OK, no video stream visible in any browser on Linux (requires ActiveX?). Typical shitty Chinese webUI.
The video settings do work.
The config Export does not work.
“Live” tab (or anything having video output) is completely useless without even bothering to tell me that “plugin” is missing.
When these idiots will learn that not everyone uses IE6?
The camera has exactly same issues with RTSP and UDP, when used with ffmpeg as . When used with -rtsp_transport tcp
flag the stream is stable.
The image quality is good (very close if not better than Hikvision DS-2CD2032-I).
Streams
The camera has 3 streams (configured via webUI, 3rd stream disabled).
The trick was to find out the stream URL that works without authentication.
Main stream: rtsp://{CAMERA_IP}:554/cam/realmonitor?channel=1&subtype=0&proto=Onvif
Sub stream: rtsp://{CAMERA_IP}:554/cam/realmonitor?channel=1&subtype=1&proto=Onvif
Sub stream (disabled by default): rtsp://{CAMERA_IP}:554/cam/realmonitor?channel=1&subtype=2&proto=Onvif
Note: proto=Onvif
is the key to bypass authentication.
The snapshot URL is: EDIT: the 9989 port access is unreliable, the reliable snapshot URL is: http://{CAMERA_IP}:9989/
http://{CAMERA_IP}/cgi-bin/snapshot.cgi
Interesting that switch to/from IR is gradual.
Another very good thing about this camera is that it runs High profile on their h264 streams:
Metadata:
title : RTSP Session/2.0
Duration: N/A, start: 0.009967, bitrate: N/A
Stream #0.0: Video: h264 (High), yuvj420p, 1920x1080 [PAR 1:1 DAR 16:9], 25.33 fps, 100 tbr, 90k tbn, 49.95 tbc
/proc/cpuinfo
:
Processor : ARMv6-compatible processor rev 5 (v6l)
BogoMIPS : 526.25
Features : swp half fastmult edsp java
CPU implementer : 0x41
CPU architecture: 6TEJ
CPU variant : 0x1
CPU part : 0xb36
CPU revision : 5
Hardware : Coconut
Revision : 13ec300a
Serial : 0000000000000000
kernel:
Linux version 2.6.38.8 (jenkins@localhost.localdomain) (gcc version 4.6.1 (Sourcery CodeBench Lite 2011.09-70) ) #1 PREEMPT Tue Sep 30 18:53:02 CST 2014
free -m:
total used free shared buffers
Mem: 131 83 47 0 0
-/+ buffers: 83 47
Swap: 0 0 0
df -h:
Filesystem Size Used Available Use% Mounted on
ubi0:romfs 4.9M 4.9M 4.0K 100% /
devtmpfs 65.6M 0 65.6M 0% /dev
tmpfs 65.7M 576.0K 65.2M 1% /var
ubi1_0 21.1M 14.3M 6.8M 68% /usr
ubi2_0 708.0K 60.0K 648.0K 8% /mnt/custom
ubi3_0 708.0K 72.0K 636.0K 10% /mnt/pd
ubi4_0 4.9M 3.3M 1.5M 68% /mnt/web
ubi5_0 708.0K 84.0K 552.0K 13% /mnt/syslog
ubi6_0 708.0K 232.0K 404.0K 36% /mnt/mtd
ubi7_0 708.0K 44.0K 592.0K 7% /mnt/backup
Similar to Hikvision DS-2CD2032-I this camera runs very "hot" CPU wise: sitting around loadavg 10.
In all aspects IPC-HFW4300S is very similar to DS-2CD2032-I hardware wise. Same CPU, same clock frequency, similar amount of RAM (128MB for Dahua and 96MB for Hikvision).
Linux wise they run same kernel version (2.6.38.8). Although Dahua runs older busybox version (v1.18.4 vs Hikvision v1.19.3).
Both of these manufacturers violate GPL badly..
It looks like the developers at Dahua use Jenkins, specifically this error message gives it away:
00:00:08|[prc] ERROR (/home/jenkins/jk_slave_centos6/workspace/IPC_DH3.S0507_IPCAmbarella2.420/tmp_build_dir/PRC_A5S/build/platbuild/../../src/module/submod/i2c/prc_i2c.c|I2C_isr|454): I2C0 dev0x68 wait ack timeout
Even though Dahua are very protective with the firmware, I found newer firmware here (will install once I get shell on the camera):
http://wrightwoodsurveillance.com/forum/thread-89.html
I have upgraded firmware from:
Software Version 2.210.0000.11.R, build : 2014-01-15 WEB Version 3.2.1.164499
to:
Software Version 2.420.0003.0.R, build : 2014-09-30 WEB Version 3.2.1.223527
without any issues...
The rest
Now for the shitty part of the camera:
The camera is configured with telnet.
There is no SSH service. It does not look like telnet can be disabled from WebUI (or SSH enabled).
Trying to login to telnet with default admin password fails.
I have managed to extract root hash from firmware file (see here):
$1$jSqQv.uP$jgz4lwEx2pnDh4QwXkh06/
Googling it reveals nothing.
After running JtR for a few hours on GPU, I got the password as 'vizxv' (without the quotes).
The password did not work for any of user combinations...
Still trying to access the telnet...
UPDATE: as per these findings telnet username is admin
and password is 7ujMko0{webui_admin_password}
, so if webUI admin password is admin
then the telnet password is 7ujMko0admin .
Pros:
Good picture quality.
Solid metal construction.
High profile is available for h264 streams.
Cons:
Really shitty support.
No official firmware available.
Windows-centric Web UI.
Telnet is always ON.
Telnet is set up with a different, hard coded root password (Dahua back door).
RTSP urls are a bit long.
UPDATE: after upgrading the firmware the "Live" tab now has controls, as well as option to download plugin. Well almost, the download link http://{camera_ip}/webplugin.tar.bz2
gives you nice 404. Fucking idiots.
The config import/export still does not work.
NOTE: if camera is used with OpenCV make sure to add ?tcp at the end of the url!!! This camera is even more buggy than Hikvision DS-2CD2032-I and it drops UDP packets on even small sub streams. Here is example of the url needed for OpenCV to work reliably:
rtsp://{camera_ip}:554/cam/realmonitor?channel=1&subtype=0&proto=Onvif?tcp