I’m new to HA with RPi4,
I have an EZVIZ DB1 and I’m trying to understand your script which is still difficult for me and I don’t even know where it goes! (including the function that Pihole has that I don’t know about). Do you have a way to create a step-by-step configuration manual to activate an “input_boolean” for inexperienced people like me?
Edit 1: Updated to use xtail to account for the way Opnsense handles rotating logs
Replicated this for opnsense using a combination of the op by @fversteegen and additions by @DaLass.
Steps:
- Login to Opnsense
- Ensure that Circular Logs are disabled by going to System > Settings > Logging
Check disable circular logs - Go to Services > Unbound DNS > Advanced
- Tick Log Queries and save
- Login to Opnsense via SSH. (Refer to Link if you need instructions on enabling SSH)
- Install xtail (needs to be installed from the Opnsense ports)
- Open Shell then make a new file in
/usr/local/etc/rc.syshook.d/start(I named it100-db1doorbell) - In the file enter the following then save the file:
#!/usr/local/bin/bash
xtail /var/log/resolver|while read;do echo "$REPLY"|grep -q "alarm.use.s3.amazonaws.com" && curl -X POST -H "Authorization: Bearer LONGLIVEDACCESSTOKENFROMHOMEASSISTANT" -H "Content-Type: application/json" -d '{"entity_id": "input_boolean.THENAMEOFTHEHELPERINPUTBOOLEAN"}' http://HOMEASSISTANTIP:8123/api/services/input_boolean/turn_on;done
- Make the file executable by running
chmod +x FILENAME - Restart Opnsense.
Since the script is in a folder monitored by opensense at startup the script will automatically be started.
Note: It seems ezviz uses a different url depending on region. I’m in Canada and my doorbell uses alarm.use.s3.amazonaws.com but others may use the same url as op alarm.eu.s3.amazonaws.com or perhaps something totally different.
2 Likes
eu = Europe
use = US East
YMMV
Nice i use dns option to capture the door press and open ivms-4500 in tablet running home assistant in kiosk mode. I have also managed to add edb1c as ffmeg camera and show a flat image on lovelace with these options( auto mode showing new image every 10sec- video filter works only for image not the video stream)
configuration.yaml:
- platform: ffmpeg
name: Doorbell
input: -rtsp_transport tcp -i rtsp://admin:[email protected]:554/Streaming/Channels/102
extra_arguments: -vf 'crop=in_w-28:in_h-28:28:28','v360=input=fisheye:output=e:ih_fov=145:iv_fov=145:pitch=3:yaw=0:roll=0','crop=w=in_w-347-345:h=in_h-179-140:x=347:y=179'
- platform: ffmpeg
name: DoorbellFHD
input: -rtsp_transport tcp -i rtsp://admin:[email protected]:554/Streaming/Channels/101
extra_arguments: -vf 'crop=in_w-76:in_h-76:76:76','v360=input=fisheye:output=e:ih_fov=145:iv_fov=145:pitch=3:roll=0:yaw=0','crop=in_w-920-920:in_h-460-380:920:460'
picture glance card:
entities:
- entity: binary_sensor.front_gate_contact
- entity: binary_sensor.front_door_contact
- entity: light.front_entrance
- entity: binary_sensor.doorbell_dns
tap_action:
action: more-info
type: picture-glance
camera_image: camera.doorbell
entity: camera.doorbell
aspect_ratio: '16:9'
camera_view: auto
Since recently this hack stopped working. I suspect somehow a firmware update was done by the camera. Tried re-installing the 200321 firmware (https://ipcamtalk.com/threads/new-rca-hsdb2a-3mp-doorbell-ip-camera.31601/page-101), but that didn’t solve the issue. If I now look in the DNS logs the camera connects to litedev.eu.ezvizlife.com, but no specific URL on keypress…
Back to drawing board I guess 
@fversteegen FWIW, I just completed some detailed traffic analysis of the 200321 firmware, and I definitely still see DNS queries for alarm.eu.s3.amazonaws.com every time the button is pushed. In case it helps, I have details on how I installed that firmware in my post below. In my traffic analysis I also see predictable TCP and UDP connections opened every time the button is pushed, but I don’t think you could intercept these with Pihole (although you might find it possible to intercept them from your firewall). Alternatively, the doorbell reliably uploads a camera snapshot to AWS S3 when the button is pressed, which you could potentially intercept with DNS spoofing. If it helps, I can DM you a PCAP traffic capture of all the traffic generated between rebooting the doorbell and pressing the button.
Anyway, the approach I chose was a €11 Shelly Uni, powered off the existing doorbell circuit. I posted a link to my detailed blog post on the forums over here (and I would welcome comments and feedback about my approach in that thread):
So funny to see you also swapped the button for a white one (I was also fed up with people pushing the camera thinking it was the button 
)
If it still connects to that Amazon URL then most probably the DB1 doesn’t get the right DNS server pushed. Will have a look. Thanks for pointing me into the right direction!
Thanks for this - modified the script slightly for my Ad Guard Home setup and seems rock solid!
I’m using the AdGuard add on with HASSOS, could you please explain what you changed in the script and how you accessed the AdGuard log file?
Not sure how to do that in HASSOS i’m afraid but on my router I setup a script that tailed the AdGuard Log and posted a webhook
The trick is finding where the querylog.json file is located in home assistant and then figuring out how to run the script.
Also you need to change Adguard’s settings file so that it writes directly to the disk as by default it stores a portion of the log in memory before writing to a file, which causes a massive delay.
tail -F -fn0 /opt/etc/AdGuardHome/data/querylog.json | while read;do echo "$REP>
curl -k --header "Content-Type: application/json" \
--request POST \
--data '{"pressed": true}' \
http://192.168.1.50:8123/api/webhook/doorbell_123321;done
1 Like
Did anyone else experience the situation in which the doorbell no longer connects to that s3 url on button press? Only thing that is in the DNS logs is litedev.eu.ezvizlife.com, but that is a periodical connection
I found that the doorbell stopped hitting the aws if I played with it too much, trying to get detection zones working etc etc… upon reboot it reliably hits that DNS for me 100%
posted here also.
My doorbell magically started working again. I have got the feeling it was due to a router (and Pihole) reboot.
Hello everyone,
I’m trying to intercept the DNS query on the pihole log but I get an error, does it still work?
When my script runs I get an error on the tail function.
Jan 06 21:10:49 pihole systemd[1]: Started Monitor doorbell chime in pihole log.
Jan 06 21:10:49 pihole 100-db1doorbell.sh[800]: /home/100-db1doorbell.sh: 3: read: arg count
Jan 06 21:11:42 pihole 100-db1doorbell.sh[799]: tail: write error: Broken pipe
Jan 06 21:11:42 pihole 100-db1doorbell.sh[799]: tail: write error
Jan 06 21:11:42 pihole systemd[1]: doorbell.service: Succeeded.
My script
#! /bin/sh
tail -fn0 /var/log/pihole.log | while read;do echo "$REPLY" | grep -q "alarm.use.s3.amazonaws.com" &&
curl -k --header "Content-Type: application/json" \
--request POST \
--data '{"pressed": true}' \
http://10.0.0.10:8123/api/webhook/luBxZysbPIXdGSmZGRheH1FwSM02QXyH;done
I found the issue; I had to replace “#! /bin/sh” by “#! /bin/bash”
#! /bin/bash
tail -fn0 /var/log/pihole.log | while read;do echo "$REPLY" | grep -q "alarm.use.s3.amazonaws.com" &&
curl -k --header "Content-Type: application/json" \
--request POST \
--data '{"pressed": true}' \
http://10.0.0.10:8123/api/webhook/luBxZysbPIXdGSmZGRheH1FwSM02QXyH;done
Not sure if anyone is still running into issues… I have spent some time tonight fixing my “DNS Hack” setup and I have found you must open inbound traffic to port 31006 for the doorbell IP. Don’t need to open anything else, and as far as I can tell this is not sending photos to the cloud and doesn’t allow you to access the camera from the hikvision app… But it is required for it to call that URL.
without the port opened , you can ring the doorbell as many times as you want it will never make the call to alarm.use.s3.amazonaws.com , Yet the moment you open port 31006, it starts to call for this URL after pressed.
Edit…
So even after testing with clearing / resting firewall states , this was working… Now over night, this AM it is no longer calling the alarm.use.s3… when the doorbell is pressed.
This is very strange… I am still on legacy FW as well
Hello everyone, I’m reactivating this thread to ask if the DNS address changed for you? It’s now “ali-alarm-us.oss-us-east-1.aliyuncs.com” instead “alarm.use.s3.amazonaws.com”.
I wonder how it’s possible, I didn’t do any update on the doorbell…
https://www.reddit.com/r/Adguard/comments/15zckqs/adguard_updated_query_logs/
Looks like the default configuration stores the last 1000 query log entries in memory before writing it to a file, so that’s why the difference in the data.
To remove this and get query logs updated as soon as there’s a new query you need:
- Stop AdGuard by doing
./AdGuardHome -s stop - Edit
AdGuardHome.yaml - Change
size_memory: 1000tosize_memory: 0inside thequerylog:section - Save file and start AdGuard again
./AdGuardHome -s stop
With this you will get the querylog.json file updated to the second