blob: 636a0ad534ea7038c895a915b65a53aa848c5065 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
#!/usr/bin/python3
import sys
import hashlib
import base64
from bluepy.btle import UUID, Peripheral
dev_name_uuid = UUID(0x2A00)
class BleCam(object):
def __init__(self, address, pincode):
self.pincode = pincode
self.periph = Peripheral(address)
#print(self.periph)
self.ipcamservice()
self.dumpchars()
self.experiment()
def ipcamservice(self):
try:
print("getting IPCam service")
self.service = self.periph.getServiceByUUID(0xD001)
except BTLEEException:
print("no IPCam service found for %s" % periph.address)
def dumpchars(self):
handles = self.service.getCharacteristics()
print("dumping %s" % handles)
for h in handles:
print("%s - Properties=%s Handle=%#06x " % (h.uuid, h.propertiesToString(), h.getHandle()))
def experiment(self):
auth = self.service.getCharacteristics(0xa001)[0]
tmp = auth.read().decode().split(";", 10)
for t in tmp:
if t.startswith("C="):
self.challenge=t.split("=",2)[1]
print("challenge is %s" % self.challenge)
name = self.periph.getCharacteristics(uuid=dev_name_uuid)[0].read().decode() # "DCS-8000LH-CC73"
hashit = name + self.pincode + self.challenge
print("will hash %s" % hashit)
self.key = base64.b64encode(hashlib.md5(hashit.encode()).digest())[:16]
print ("key is %s" % self.key)
try:
auth.write("M=0;K=".encode() + self.key, True)
except:
print("write failed")
print("ip config is %s" % self.service.getCharacteristics(0xa104)[0].read())
if __name__ == '__main__':
if len(sys.argv) < 3:
print("Usage: {} <addr> <pincode>".format(sys.argv[0]))
sys.exit(1)
BleCam(sys.argv[1], sys.argv[2])
print("Done.")
|