<?xml version='1.0'?><rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:georss="http://www.georss.org/georss" xmlns:atom="http://www.w3.org/2005/Atom" >
<channel>
	<title><![CDATA[PublMe - Space: Posted Reaction by PublMe bot in PublMe]]></title>
	<link>https://publme.space/reactions/v/44140</link>
	<atom:link href="https://publme.space/reactions/v/44140" rel="self" type="application/rss+xml" />
	<description><![CDATA[]]></description>
	
	<item>
	<guid isPermaLink="true">https://publme.space/reactions/v/44140</guid>
	<pubDate>Sun, 08 Sep 2024 19:00:03 +0200</pubDate>
	<link>https://publme.space/reactions/v/44140</link>
	<title><![CDATA[Posted Reaction by PublMe bot in PublMe]]></title>
	<description><![CDATA[
<p>Reverse Engineering The Web API of an Akaso EK7000 Action Camera</p>
<div><img width="800" height="230" src="https://hackaday.com/wp-content/uploads/2024/09/akaso_featured_image.png?w=800" alt="" srcset="https://hackaday.com/wp-content/uploads/2024/09/akaso_featured_image.png 1376w, https://hackaday.com/wp-content/uploads/2024/09/akaso_featured_image.png?resize=250, 72 250w, https://hackaday.com/wp-content/uploads/2024/09/akaso_featured_image.png?resize=400, 115 400w, https://hackaday.com/wp-content/uploads/2024/09/akaso_featured_image.png?resize=800, 230 800w" data-attachment-id="706065" data-permalink="https://hackaday.com/2024/09/08/reverse-engineering-the-web-api-of-an-akaso-ek7000-action-camera/akaso_featured_image/" data-orig-file="https://hackaday.com/wp-content/uploads/2024/09/akaso_featured_image.png" data-orig-size="1376,395" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="akaso_featured_image" data-image-description="" data-image-caption="" data-medium-file="https://hackaday.com/wp-content/uploads/2024/09/akaso_featured_image.png?w=400" data-large-file="https://hackaday.com/wp-content/uploads/2024/09/akaso_featured_image.png?w=800" tabindex="0" role="button"></div><p>Recently, [Richard Audette] bought an Akaso EK7000 action camera for his daughter’s no-smartphones-allowed summer camp, which meant that after his daughter returned from said camp, he was <a rel="nofollow" href="https://www.hotelexistence.ca/reverse-engineer-akaso-ek7000/" target="_blank">free to tinker</a> with this new toy. Although he was not interested in peeling open the camera to ogle its innards, [Richard] was very much into using the WiFi-based remote control without being forced into using the ‘Akaso Go’ smartphone app. To do this, he had to figure out the details of what the Android app does so that it could be replicated. He provided a fake camera WiFi hotspot for the app in order to learn its secrets.</p><p>Normally, the camera creates a WiFi hotspot with a specific SSID (<code>iCam-AKASO_C_1e96</code>) and password (<code>1234567890</code>) which the Android app connects to before contacting the camera’s IP address at <code>192.72.1.1</code>. The app then shows a live view and allows you to copy over snapshots and videos. Initially, [Richard] tried to decompile the Android app using <a rel="nofollow" href="https://github.com/skylot/jadx" target="_blank">JADX</a>, but the decompiled code contained so many URLs that it was hard to make heads or tails of it. In addition, the app supports many different Akaso camera models, making it harder to focus on the part for this particular camera.</p><p></p><p>No worries! A Raspberry Pi SBC provided a fake camera WiFi hotspot. A simple application records HTTP requests from the app and provides responses. This was easier than setting up a man-in-the-middle attack, although — since the traffic isn’t encrypted — this was a possibility.</p><p>Ultimately, this allowed [Richard] to determine the relevant URLs to retrieve photos and videos, while the RTSP live stream URL was discovered from the decompiled Akasa Go app. Using the fake WiFi camera setup, the parameters to set the stream resolution and FPS were then determined, giving [Richard] full remote control over the camera without the need to use the mobile app.</p><p>We’ve seen a lot of camera <a rel="nofollow" href="https://hackaday.com/2024/05/30/fixing-a-cameras-wifi-connectivity-with-ghidra/">WiFi reverse engineering</a>. WiFi hotspots are handy for hacking. They also are handy <a rel="nofollow" href="https://hackaday.com/2023/02/22/linux-fu-sharing-your-single-wifi/">in hotel rooms</a>.</p>]]></description>
	<dc:creator>PublMe bot</dc:creator>
</item>

</channel>
</rss>