Help with reverse engineering WebRTC with VicoHome Camera

Hardware
1

Hello,

I got a few of the Monkey Vision Cube Cameras from Bunnings.
Bunnings Link
Aliexpress Link
Manufactures Link?

They work with the VicoHome or Simple Monkey Vision App (same app, different service)

I’m trying to integrate them with Home Assistant.

Although they beep when scanned by the Tuya app, it doesn’t look compatible.

With the help of this article, I’ve been able to find the API calls to be able to interact with the API. Decrypting Android App SSL Traffic: A Practical Guide for Security Researchers

I’ve created a copy of the APK that allows User Certificates, otherwise it fails to connect when sniffing.

I’ve reached a dead end. It tasks about Turn/Stun/Ice, and I’m not sure where to go now.

I’ve been able to get to this point, but I can’t seem to get any further:
(I’ve obsucated the results as there’s credentials inside)
From the API: “/device/getWebrtcTicket”

traceId               : webrtc-NswDc9j1txxxxxxx
groupId               : 2f701774e1ce08acxxxxxxx
role                  : viewer
id                    : 13xxxxxxx
iceServer             : {@{url=turn:p-coturn-xxxxxxx.smartvideogo.com:5349; username=1999999989:199999961; credential=Rxxxxxxxxxxxxxxxistk=; ipAddress=152.99.999.999}}
signalServer          : wss://p-signal-99999999.smartvideogo.com
signalServerIpAddress : 54.99.99.99
sign                  : b4623d1735455xxxxxxxxxxxxd
signalPingInterval    : 2
maxAllocationLimit    : 32
appStopLiveTimeout    : 20
deviceSleepTimeout    : 30
time                  : 1702119689105
expirationTime        : 1702378889105
websocketPath         : 
accessToken           :

From WireShark, it seems to be streaming on UDP, but I can’t seen to find any RSTP feed. I’m not as proficient in WireShark as I would like.

I’m not entirly sure what WebRTC is either, or how it works through the Turn/Stun/Ice.

If anyone can point me to the right direction I would appreciate. I’m ultimatley looking to get it into Frigate, or similar.

Thankyou.

2

Ask their support Contact Us - Monkey Vision

3

Hi Tom,

I’ve asked both Monkey Vision and VicoHome support regarding any API or feeds, and they both don’t offer anything. VicoHome said they may add something in the future.

4

It’s worth an ask Michael. My guess is as far as “easy” methods go, they seem to encrypt everything within that stream from port 8765 and our only hope is a bootloader method. Must admit I’m suprised how responsive the local view (on app) is if it is all going via cloud and then back to the app, which initially made me think there was some P2P comms going between the cam and client - but no proof so far.

5

WireShark shows direct UDP stream from the camera to the phone :thinking:

6

I’ve been trying to work through this same problem. I see the same direct UDP stream in Wireshark that you’ve described, but it seems the video is being displayed through WebRTC. With WebRTC, the camera (and the connecting device) are each a random port greater than 37000 or so for the duration of the stream. If you end the stream and start it again, the ports will change. I’m guessing this functionality is built directly into the camera to create a local stream?

At any rate, I’m afraid I’m at a dead end. I’ve also tried scanning the camera with nmap, but it shows no open ports, so no easy way to grab a video feed there. VicoHome does advertise some integration with Google Assistant/Alexa, so it’s not completely closed off, but there doesn’t seem to be much documentation.

I’d be very interested if there was any further development on this topic.

7

I have a bird feeder with cg122 caméra from vicohome.
Interrested in any progress

Laurent

1 Like
8

Same here.

1 Like
9

Any luck on this? I am also trying to integrate Vison Well camera that works with VicoHome app.

10

same here. Vicohome.
Works?