IPCamera binding doing erroneous ISAPI request to Hikvision camera

Add-ons Bindings
1

Hi,

Running OH 3.4.4 with the IP Camera add-on. Camera is Hikvision DS-2CD2143G2-I.
After I add Hikvision camera as thing, openhab.log starts to get flooded with following error messages:

2023-06-18 22:41:56.282 [WARN ] [ipcamera.internal.MyNettyAuthHandler] - 403 Forbidden: Check camera setup or has the camera activated the illegal login lock?
2023-06-18 22:42:04.276 [WARN ] [ipcamera.internal.MyNettyAuthHandler] - 403 Forbidden: Check camera setup or has the camera activated the illegal login lock?
2023-06-18 22:42:12.386 [WARN ] [ipcamera.internal.MyNettyAuthHandler] - 403 Forbidden: Check camera setup or has the camera activated the illegal login lock?

I checked with tcpdump and the add-on makes several successful requests but the error message comes from the add-on trying to make the following request to the camera:
GET /ISAPI/System/IO/inputs/1/status HTTP/1.1

The camera responds

    HTTP/1.1 403 Forbidden
    Date: Sun, 18 Jun 2023 22:51:49 GMT
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    X-XSS-Protection: 1; mode=block
    Cache-Control: no-cache
    Content-Length: 284
    Connection: close
    Content-Type: application/xml
    
    <?xml version="1.0" encoding="UTF-8"?><ResponseStatus version="2.0" xmlns="http://www.hikvision.com/ver20/XMLSchema">
    <requestURL></requestURL>
    <statusCode>4</statusCode>
    <statusString>Invalid Operation</statusString>
    <subStatusCode>invalidOperation</subStatusCode>
    </ResponseStatus>

What is going on here? Any way to disable this request since obviously it’s not working.

Best Regards,
Tommi

2

You may have entered the login details we wrongly and your now locked out of the camera. To fix you need to check user and pass is correctly and then power cycle the camera. You can also disable the illegal login check but that should not be necessary as it gets triggered when the password is wrong and tried multiple times.

3

Hi,

The login details are correct and illegal login check is disabled. I tested this with curl and got same 403 response. Other ISAPI requests work just fine with the same curl format. The way I see it that hikvisio camera doesn’t have any IO outputs and therfore throws 403 response to the request.

Here is working curl request

curl -i --digest -X GET  http://admin:xxx@192.168.1.35/ISAPI/System/IO/capabilities
HTTP/1.1 401 Unauthorized
Date: Mon, 19 Jun 2023 09:11:28 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 178
Content-Type: text/html
Connection: close
WWW-Authenticate: Digest qop="auth", realm="IP Camera(J5964)", nonce="xxx", stale="FALSE"

HTTP/1.1 200 OK
Date: Mon, 19 Jun 2023 09:11:28 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache
Content-Length: 173
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="UTF-8"?>
<IOCap  version="2.0" xmlns="http://www.hikvision.com/ver20/XMLSchema">
<isSupportStrobeLamp>false</isSupportStrobeLamp>
</IOCap>

And here is the failing request.

curl -i --digest -X GET  http://admin:xxx@192.168.1.35/ISAPI/System/IO/outputs/1/status 
HTTP/1.1 401 Unauthorized
Date: Mon, 19 Jun 2023 09:14:02 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 178
Content-Type: text/html
Connection: close
WWW-Authenticate: Digest qop="auth", realm="IP Camera(J5964)", nonce="xxx", stale="FALSE"

HTTP/1.1 403 Forbidden
Date: Mon, 19 Jun 2023 09:14:02 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache
Content-Length: 284
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="UTF-8"?><ResponseStatus version="2.0" xmlns="http://www.hikvision.com/ver20/XMLSchema">
<requestURL></requestURL>
<statusCode>4</statusCode>
<statusString>Invalid Operation</statusString>
<subStatusCode>invalidOperation</subStatusCode>

EDIT: Updated the formatting so that full responses are visible.

Best Regards,
Tommi

4

I suspect your correct, it has been on my to do list to remove channels that a camera reports that it does not support. It appears you have supplied the API call to check if the camera supports the IO features and given the response already, can you confirm it is complete as it looks cut short. That is all I need to complete this.

For example mine gives

http://admin:xxx@192.168.1.35/ISAPI/System/IO/capabilities

<?xml version="1.0" encoding="UTF-8"?>
<IOCap  version="2.0" xmlns="http://www.hikvision.com/ver20/XMLSchema">
<IOInputPortNums>0</IOInputPortNums>
<IOOutputPortNums>0</IOOutputPortNums>
<isSupportStrobeLamp>false</isSupportStrobeLamp>
</IOCap>

EDIT: @Tommo it would also be smart to install the latest firmware, see the link I get them from if the camera is an older model. Mine is on firmware 5.6.6

5

Hi,

Below is the XML response to the /ISAPI/System/IO/capabilities.
Looks like the response is missing the IOInputPortNums and IOOutputPortnums values that your camera is responding.

<?xml version="1.0" encoding="UTF-8"?>
<IOCap  version="2.0" xmlns="http://www.hikvision.com/ver20/XMLSchema">
<isSupportStrobeLamp>false</isSupportStrobeLamp>
</IOCap>

Camera Firmware is V5.7.13 build 230504

Best Regards,
Tommi

6

a PR to address this has been made here:

7

Hi,

I tested out 4.2.0.202401261129 snapshot version and can confirm the issue is resolved.
Thank you.

Best Regards,
Tommi

1 Like