Reverse Engineering cheap chinese “VRCAM” protocol

The Hardware

Let’s first start with the hardware itself. It’s a 2 Megapixel sensor with 1280x960 video resolution. It features 3 IR Lamps (same model as the raspberry cam), has bidirectional audio (you can send audio to the camera, and receive it from it). It supports both wifi and ethernet connections and features a “Auto PTZ” (which is just a software remapping of the image). It is very cheap (in local brazillian market you can find it for R$90 which is US$23, consider that usually things has a 60% tax over it, and you will see how cheap that is) and as always I wanted to give a try.

The main board
The secondary board
RTL8188FTV

Let’s find out what it does

The first thing I wanted to try is to reverse the VRCAM android application (https://play.google.com/store/apps/details?id=com.generalcomp.vrcam). Java applications are usually easy to decompile and reverse engineer, and even if it does have native libraries, developers are usually lazy to obfuscate them. The issue is that specifically the VRCAM developer was too damn lazy and included TOO many libraries inside the application. That should give you a rough idea (there are more folders):

Huawei + Xiaomi + Amazon + Aliplay + Alibaba. WTH?

The Protocol

When the phone sends the login packet, it sends back a SOUP packet with the result of the login. In case of success

Setting up the video channel

That’s pretty simple tough, after authenticating in the channel you can just send:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Lucas Teske

Lucas Teske

Programming, Hacking, SDR, Satellites. Basically everything technology related. Everything is also posted on my site https://lucasteske.dev/