I have been looking for a good mid range Dash cam for my car. I was thinking to integrate this to my custom build infotainment system. For this, there need to be some option to get live stream. I bought this DDPAI Mini Car Dash Camera from Amazon Link (Official site Link), but I was not sure whether I can access the live stream or not. The product looks good, companion app works smooth also, and there is live stream in the app. My goal was to figure out a way to get live stream so that I can use it in my program. May be have a look at it’s firmware and do some little hack if possible.

DDPAI

In the officail site, they have mentioned about Hi3516E. it is an SoC buid by HISILICON that runs on Linux-3.18 (probably running Huawei LiteOS Link). Looking into the datasheet Link, it supports following encodings,

  • H.264 BP/MP/HP
  • H.265 Main Profile
  • MJPEG/JPEG baseline

But from the official site, it’s mentioned H.264. So most probably the stream will be in this format. This came handy later in the process.

Once powered, camera starts a WiFi AP. Client can connect to this using default password 1234567890 and use companion app to configure. Put your WiFi interface to monitor mode and start listening on the traffic.

Initial traffic

I could see a lot of HTTP traffic between companion app and 193.168.0.1 which is the camera device. So they have some kind of REST API service running on port 80. Let’s look into the flow.

Flow

To get a sessionid they are calling POST /vcam/cmd.cgi?cmd=API_RequestSessionID. This set a Cookie and they are reusing it for further communication. Then they are synching the time. Why do they need imei number for that? Strange. let’s look the subsequent requests.

POST /vcam/cmd.cgi?cmd=API_GetBaseInfo HTTP/1.1
Accept-Encoding: gzip
sessionid: sjqPqaCL9GPT8WanzOn1THq4T1iSKLm
Cookie: SessionID=sjqPqaCL9GPT8WanzOn1THq4T1iSKLm
Content-Type: application/x-www-form-urlencoded
User-Agent: ****************************************
Host: 193.168.0.1
Connection: Keep-Alive
Content-Length: 0

HTTP/1.1 200 OK
Server: VYOU_HTTP_SERVER/2.1.3 CAM WEB 1.0
Content-Type: text/plain; charset=UTF-8
Date: Wed, 09 Oct 2019 21:54:41 GMT
Last-Modified: Wed, 09 Oct 2019 21:54:41 GMT
Connection: Keep-Alive
Cache-Control: no-cache,no-store
Content-Length: 651

{"errcode":0,"data":"{\"nickname\":\"vYou_DDPai_MINI\",\"password\":\"1234567890\",\"ordernum\":\"DDPaiMin\",\"model\":\"DDPai miniONE_LITE_Overseas\",\"version\":\"v4.7.0.22\",\"uuid\":\"*****-****-****-****-********\",\"sn\":\"\",\"macaddr\":\"**:**:**:**:**:**\",\"chipsn\":\"\",\"legalret\":1,\"btnver\":3,\"totalruntime\":7471,\"sdcapacity\":31158784,\"sdspare\":24202912,\"sdbrand\":\"\",\"hbbitrate\":10240,\"hsbitrate\":2048,\"mbbitrate\":10240,\"msbitrate\":2048,\"lbbitrate\":10240,\"lsbitrate\":2048,\"default_user\":\"A1000030EBAA94\",\"is_neeed_update\":0,\"edog_model\":\"\",\"edog_version\":\"\",\"edog_status\":2,\"cid\":\"\"}"}

GET /record.log HTTP/1.1
Accept-Encoding: User-Agent: ****************************************
Host: 193.168.0.1
Connection: Keep-Alive

HTTP/1.1 200 OK
Server: VYOU_HTTP_SERVER/2.1.3 CAM WEB 1.0
Content-Type: text/plain; charset=UTF-8
Date: Wed, 09 Oct 2019 21:54:41 GMT
Last-Modified: Wed, 09 Oct 2019 21:54:41 GMT
Connection: Keep-Alive
Cache-Control: no-cache,no-store
Content-Length: 4329

{"nickname":"vYou_DDPai_MINI","password":"1234567890","ordernum":"DDPaiMin","model":"","version":"v4.7.0.22","uuid":"***********************","sn":"","macaddr":"**:**:**:**:**:**","chipsn":"","legalret":1,"btnver":3,"totalruntime":7471,"sdcapacity":31158784,"sdspare":24202912,"sdbrand":"","hbbitrate":10240,"hsbitrate":2048,"mbbitrate":10240,"msbitrate":2048,"lbbitrate":10240,"lsbitrate":2048,"default_user":"A1000030EBAA94","is_neeed_update":0,"edog_model":"","edog_version":"","edog_status":2,"cid":""}
....

POST /vcam/cmd.cgi?cmd=APP_AvCapSet HTTP/1.1
Accept-Encoding: gzip
sessionid: sjqPqaCL9GPT8WanzOn1THq4T1iSKLm
Cookie: SessionID=sjqPqaCL9GPT8WanzOn1THq4T1iSKLm
...
Read more »