0

I am trying to reverse engineer a surveillance system. The system contains a stand alone "box" which connects the cameras and records the video to an internal drive in the "box". The system connects by Ethernet to a windows system which controls it. Video from the respective cameras can be seen in the Panasonic controller software on the windows system.

I want to find a way to capture periodic frames from the video. Since the video is actually saved to the "box", and can not be accessed from the computer as a disk, I am researching if there is a way to somehow find where the video is buffered on the local system or otherwise stored in order to be displayed on the computer. My hope is that, somewhere, there is a MJPEG temp file that I can carve JPEGs out of.

I have tried using process explorer to find where the Panasonic application is accessing files but cant find anything with timestamps that are updating and/or seem to contain JPEG headers, etc. I have scoured c:\ProgramData, Program Files, Program Files(x86), \User\Application Data, \AppData, etc.

Because the IP cameras are connected to the "box" they are not accessible directly either.

Doing a screen capture is not practical due to the system being in use for other purposes as well as not getting the full resolution of the underlying file.

Maybe if someone can give me a detailed explanation of what to look for in Process Explorer or how to "sort" all currently active files on the system? Not sure where else to begin. Thanks for any help.

I'm programming in c#.

rune711
  • 351
  • 1
  • 11
  • Do the cameras, or does the "box" implement [ONVIF](https://en.wikipedia.org/wiki/ONVIF)? Worth checking if you haven't already, because if the cameras are compatible with even part of the spec it could make accessing this stuff a whole lot easier. Second thought failing that is to see if there is unencrypted IP traffic between the application and the device. Try Wireshark for this. I don't think you'll necessarily see any files written to temp locations on your Windows drive for this, it could just be buffered in memory. – pcdev Mar 02 '18 at 03:45
  • Another thing to try is see if the box has a web server running, perhaps there is an easy way to capture video/stills from the box directly? Final thought is that if all this fails and Panasonic really don't want you to access the video stream in any way other than through their app, they have every right to do so and you can't ask for cracking help here: Buy new cameras instead (seriously, good IP cameras can be had for very cheap these days, forget any with a proprietary box) – pcdev Mar 02 '18 at 03:49
  • Thanks for the input. I thought about using a simple network sniffer and inspecting packets for the frames, but, this is not only complicated, but the users this is going to be implemented for would need admin rights (or at least I'm pretty sure they would). I can't just buy new cameras as it's sort of a legacy situation with multiple units, although, in the long term, it looks like it's going to be the probable only solution. I will look into the ONVIF thing. Thanks! – rune711 Mar 02 '18 at 06:14
  • Wireshark is only for the reverse engineering - if it's unencrypted then you should be able to see what's being sent and received across the wire. From there you might see that it's a simple REST or SOAP request, and if the format is simple enough then you can look at developing your own app to mimic it - but save the video stream and/or capture stills. And then you have to take a step back and think how much time that will take you, and what your time is worth, and how many cameras might need replacing... Good luck! – pcdev Mar 02 '18 at 06:19

0 Answers0