海康威视设备发现sdp原理

首先,sdp是向239.255.255.250:1900发送udp消息以达到局域网广播目的。

海康的sdp并没有像标准的ssdp那样包含:M-SEARCH,NOTIFY等关键字,也没有向1900端口发送,而是采用自定义的xml字符串作为其私有协议,并且向37020端口发送udp数据。

打开海康威视设备网络工具:

海康威视设备发现sdp原理

 

我用wireshark抓包得出:

我得机器ip是172.16.7.211 

在wireshark中输入过滤器ip.dst==239.255.255.250 and ip.src == 172.16.7.211

海康威视设备发现sdp原理

 

1.客户端发起:搜索设备

<?xml version="1.0" encoding="utf-8"?>
<Probe>
<Uuid>B1D9AE01-1117-477F-98AB-F2FFEFA7B5F3</Uuid>
<Types>inquiry</Types>
</Probe>


2.设备发起:摄像机回应

 
<?xml version="1.0" encoding="UTF-8"?>
<ProbeMatch>
<Uuid>4980C8A1-5F6D-427B-979A-D11FF5BA053B</Uuid>
<Types>inquiry</Types>
<DeviceType>140071</DeviceType>
<DeviceDescription>DS-2CD5026EFWD-A</DeviceDescription>
<DeviceSN>DS-2CD5026EFWD-A20171214AACH147955970</DeviceSN>
<CommandPort>8000</CommandPort>
<HttpPort>80</HttpPort>
<MAC>64-db-8b-08-cf-45</MAC>
<IPv4Address>192.168.66.24</IPv4Address>
<IPv4SubnetMask>255.255.255.0</IPv4SubnetMask>
<IPv4Gateway>192.168.66.254</IPv4Gateway>
<IPv6Address>::</IPv6Address>
<IPv6Gateway>::</IPv6Gateway>
<IPv6MaskLen>64</IPv6MaskLen>
<DHCP>false</DHCP>
<AnalogChannelNum>0</AnalogChannelNum>
<DigitalChannelNum>1</DigitalChannelNum>
<SoftwareVersion>V5.5.0build 170914</SoftwareVersion>
<DSPVersion>V7.3 build 170818</DSPVersion>
<BootTime>1970-02-10 05:19:22</BootTime>
<Encrypt>true</Encrypt>
<ResetAbility>false</ResetAbility>
<DiskNumber>0</DiskNumber>
<Activated>true</Activated>
<PasswordResetAbility>true</PasswordResetAbility>
<PasswordResetModeSecond>true</PasswordResetModeSecond>
<SupportSecurityQuestion>true</SupportSecurityQuestion>
<SupportHCPlatform>true</SupportHCPlatform>
<HCPlatformEnable>flase</HCPlatformEnable>
<IsModifyVerificationCode>true</IsModifyVerificationCode>
<Salt>21ea877fbac71d715a34f28e194d39b80ed9965e96e26bb0a6b00d6240e1dc3b</Salt>
<DeviceLock>true</DeviceLock>
</ProbeMatch>


3.客户端发起:修改相机IP为192.168.66.25

<?xml version="1.0" encoding="utf-8"?>
<Probe>
<Uuid>AC2CEC98-C7FA-42B9-A9AE-23608F923E78</Uuid>
<Types>update</Types>
<PWErrorParse>true</PWErrorParse>
<MAC>64-db-8b-08-cf-45</MAC>
<Password bSalt="true">kFnsMaQrzmGi89g+6txepC1RNnZMSi/fA16x+UdjFOmqBmoVCc/zeZ8X6oZmLBdWaXnvwTxjLIQBsLsDP0xjHw==</Password>
<IPv4Address>192.168.66.25</IPv4Address>
<CommandPort>8000</CommandPort>
<IPv4SubnetMask>255.255.255.0</IPv4SubnetMask>
<IPv4Gateway>192.168.66.254</IPv4Gateway>
<IPv6Address>::</IPv6Address>
<IPv6Gateway>::</IPv6Gateway>
<IPv6MaskLen>64</IPv6MaskLen>
<DHCP>false</DHCP>
<HttpPort>80</HttpPort>
</Probe>

4.设备发起:修改成功后相机192.168.66.25主动回复


<?xml version="1.0" encoding="UTF-8"?>
<ProbeMatch>
<Uuid>AC2CEC98-C7FA-42B9-A9AE-23608F923E78</Uuid>
<Types>update</Types>
<Result>success</Result>
<DeviceType>140071</DeviceType>
<DeviceDescription>DS-2CD5026EFWD-A</DeviceDescription>
<DeviceSN>DS-2CD5026EFWD-A20171214AACH147955970</DeviceSN>
<CommandPort>8000</CommandPort>
<HttpPort>80</HttpPort>
<MAC>64-db-8b-08-cf-45</MAC>
<IPv4Address>192.168.66.25</IPv4Address>
<IPv4SubnetMask>255.255.255.0</IPv4SubnetMask>
<IPv4Gateway>192.168.66.254</IPv4Gateway>
<IPv6Address>::</IPv6Address>
<IPv6Gateway>::</IPv6Gateway>
<IPv6MaskLen>64</IPv6MaskLen>
<DHCP>false</DHCP>
<AnalogChannelNum>0</AnalogChannelNum>
<DigitalChannelNum>1</DigitalChannelNum>
<SoftwareVersion>V5.5.0build 170914</SoftwareVersion>
<DSPVersion>V7.3 build 170818</DSPVersion>
<BootTime>1970-02-10 05:19:22</BootTime>
<Encrypt>true</Encrypt>
<ResetAbility>false</ResetAbility>
<DiskNumber>0</DiskNumber>
<Activated>true</Activated>
<PasswordResetAbility>true</PasswordResetAbility>
<PasswordResetModeSecond>true</PasswordResetModeSecond>
<SupportSecurityQuestion>true</SupportSecurityQuestion>
<SupportHCPlatform>true</SupportHCPlatform>
<HCPlatformEnable>flase</HCPlatformEnable>
<IsModifyVerificationCode>true</IsModifyVerificationCode>
<Salt>21ea877fbac71d715a34f28e194d39b80ed9965e96e26bb0a6b00d6240e1dc3b</Salt>
<DeviceLock>true</DeviceLock>
</ProbeMatch>

原理剖析:

为了防止被抓包破解密码,原理一定是由随机+用户名密码数生成密钥,设备收到这个密钥进行比对,如果吻合则判断密码正确。

1.通过UUID+用户名+密码,组成一串md5<uuid,uid,pwd>的字符串,摄像机收到这个字符串后,发现UUID是自己发送的,则可以进行参数配置等操作。

2.UUID的更新--每次查询设备都会生成一个UUID,如果要操作设备,UUID必须是由设备生成,如果不匹配则会失败,例如:用上一次的UUID进行当前设置,则失败。

上一篇:Android11 SDP


下一篇:SRS4.0之RTMP转WebRTC04 ---- WebRTC交互流程