Set up with Serial Number option

Have some questions or having issues with Amcrest View Pro, Post them here for the mods and other users to assist you.
Post Reply
IPcamers
Posts: 2
Joined: Thu Nov 25, 2021 2:39 pm

Set up with Serial Number option

Post by IPcamers »

Could someone please explain how exactly the setup option using serial number works? Are the IP camera or NVR hard coded to send the local IP along with the port number and other device specific information to an Amcrest server automatically each time you plug the device into a internet-connected router? Tech support at Amcrest could not answer this question.
User avatar
Revo2Maxx
Site Admin
Posts: 3581
Joined: Sat Jun 15, 2019 3:05 pm

Re: Set up with Serial Number option

Post by Revo2Maxx »

Sorry not sure I understand what you mean. But I will try to answer the question to what I think your asking about..

P2P or Port Opening and Forwarding..

Using the Cameras SN to setup in your App this is giving the camera a way to Punch a hole in your network and contact a World order of Servers setup for using the P2P method. Then your camera sends a Ping to a Server that says Hello I am alive this is my UUID and I am looking for anyone that wants to connect to me. Then your Phone or even your computer with ASP installed when using P2P method of access will also send a Ping out when you open the app, This ping is asking the Servers if there is a UUID that matches the ones your camera has and that server says Yes I have your connection and here it is. This hands that connection to you and you then have to put in the right user name and password. If your user name and password are right then you have a connection just as if you were connected at home using an IP.. I mean it still will have a lot to do with your home internet connection speeds but most people today are far beyond that anyway..

Next Port Opening and Forwarding. This method is not a very good idea in General. However knowing what your IP is or having a service you pay for to keep a connection and maybe even a name you would connect to. Like Mine used to be revo2maxx.noip dot com and I could just type that in and I would have access to my Network be it when I had my Server online and I would then go off that for connections to my home or if I had it setup to go to my DVR/NVR.. The Problem with this is that someone and I had many however someone would Port Scan my Ip and could tell if that was online. With my Server they had to have info about server and issues like maybe holes that were dug up if I didn't get UPdates up to date. Or they would try to force connections and things like that. Either way this method isn't as safe. While there are somethings that can happen and some things that I did to help protect my connection there was always ways to try even with that.. Main thing I did was changed from 10 times to connect to 3 this would alert me to someone trying to gain access as by default the try is 10..

Out of the 2 the P2P is much better. There is no outside access that is open to the common passer by Even though it sends info out to the Server that server only has access to your UUID once your app either the AVP on your phone or ASP on your computer asks if there is any pending connections that Server hands off the connection and there is no flow any longer to the server it is only P2P that means your app and your DVR/NVR or Camera are with access. You enter your password only your Device knows that info the server never collects that..

Even 1 step more and I might not know for sure what or how.. All I know is using Port Sniffing software I can't find my Connection in my Network using P2P from access to the outside. I have on a different platform from 2010 that I had to setup access to a Server P2P I found a connection on my local side. However using any of my Devices from Amcrest using P2P I have not found any link in my Network to my NVR DVR or cameras that would let me snag packets for trying to get info about how or why the P2P is working. To be honest it almost feels like Magic However having an open port and access to the devices though that port I can with a 3rd party device or software snag and take things that were maybe not mine to take..

P2P is like Magic and does stand for Peer to Peer
Thanks to all that has helped out others on the Forum
GoodLuck
jack7
Posts: 751
Joined: Tue May 29, 2018 7:46 pm

Re: Set up with Serial Number option

Post by jack7 »

@Revo2Maxx
You wrote:
"Even 1 step more and I might not know for sure what or how.. All I know is using Port Sniffing software I can't find my Connection in my Network using P2P from access to the outside. I have on a different platform from 2010 that I had to setup access to a Server P2P I found a connection on my local side. However using any of my Devices from Amcrest using P2P I have not found any link in my Network to my NVR DVR or cameras that would let me snag packets for trying to get info about how or why the P2P is working."
---------------------

I'm not exactly sure what you did with sniffer, but you might find this interesting.  I recently went to ASP Device Config, selected a P2P camera, and clicked on Link to WEB.  It went to browser and put in an IP address:port (127.x.x.x:xxxxx) that is unrelated to my network .  The P2P camera Web UI worked. Maybe this would help in your network sniffing.  I used a local P2P camera, not a remote one if that makes any difference.

I wonder if data going between the P2P supplied connection for ASP and camera is encrypted?
User avatar
Revo2Maxx
Site Admin
Posts: 3581
Joined: Sat Jun 15, 2019 3:05 pm

Re: Set up with Serial Number option

Post by Revo2Maxx »

Yes I know where the data moves. I just like the Magic as most people won't find it no matter how hard they look without some deep looking and yes it is Encrypted also 127.x.x.xxx is a personal Local Host IP in general you will find it in many things even in your NVR logs it can be there from the NVR itself.

However what I will say is that people with open ports have easier way to find data.. P2P not so easy by remote. There is so many things one would need to start, and to be honest I would guess they would have to be Local. Open Port without a Firewall, Without IP Filtering, without back up email to a msn, yahoo, gmail or something that don't help an attacker to your personal web site that might lead to clues Also there is just more Data out of the gate that can come off the SALT, HASH and so many other data areas.. Should change 10 Illegal Login to 5 and 20min lockout to 120 turn on buzzer and log and enable the event also Sending an email. With a Recorder in the Web open is like IMHO like leaving your Purse or wallet sitting on the hood of your car. Or leaving your homes window open while you run to the store.. Sure most people around you won't even think about it, it is just that one time...

P2P is like they know you live in USA but where to start looking is a different story. I mean sure if you give out your SN then that is 1 part of the Puzzle that might make things little different, Having a Good Pass and nothing simple is a good start.
Thanks to all that has helped out others on the Forum
GoodLuck
User avatar
Revo2Maxx
Site Admin
Posts: 3581
Joined: Sat Jun 15, 2019 3:05 pm

Re: Set up with Serial Number option

Post by Revo2Maxx »

The cool thing is for me anyway is that even if someone was to find it the hand shake between the server and the Recorder and phone or ASP encrypted info is a 1 time deal. So the next time someone makes a connection the Key password runs as a 1 time deal. The next time the info is totally different. Kind of like Code Hopping in a Car Alarm system. Pressing the button makes a code once and runs if the info matches the expected number then it works if it didn't then it is rejected as not valid.

So lets say that you were logging in on your phone for the first time and put in the pass wrong. When it connects and test that pass it will know that it was wrong and fail. Now looking at the data it does show for user even though it isn't in plain txt it is the same each time unless you using a different user name the pass is different each attempt to connect. Looking at the data for wrong pass it still sends out info different each time. Looking at the incoming data goes out one Port in a different and pass data is just a key if the return key is on the wrong port or wrong key is returned then no connection. Have mine setup for 5 fails seeing that is the lowest I could set it for and locks out for 120min max time I could set it for.

Now on P2P there is only 1 thing I don't like when it comes to logging the wrong pass lock out. It does with the NVR's local Host ip of 127.0.0.1. However when someone is on the Web it will show the Connected IP of the person from the web. Over P2P it will log the Invalid name or password but show the local host IP. See picture below.

So not that I would try but take my 4216E-AI NVR, it is really a new device and within the last year there are only 5 connected open to the Internet. Out of the 5 there are only 3 that are running secure socket and 2 that are not. To me that is just kind of Risky. Someone tries to log in with admin and gets the account locked now when you want to connect you can't until the Reset time has passed lol Yeah I will pass.

One of the 2 has port 88 being open and the other has 8000 however with the router secure ssl installed but not for the NVR First thing I would do and did when I had my Ports open I had 2 different main admin accounts for when someone locked out my main I could still have access with my second. Now that I have Amcrest I no longer have my system Open to the Internet. My main old system didn't have P2P so had to have it open.

Now just have my old system as a boat anchor lol JK. But don't use it anymore.
Screenshot (1600).png
Screenshot (1600).png (23.25 KiB) Viewed 350 times
Thanks to all that has helped out others on the Forum
GoodLuck
jack7
Posts: 751
Joined: Tue May 29, 2018 7:46 pm

Re: Set up with Serial Number option

Post by jack7 »

Are you are saying that only the ID/PW is encrypted (a "one time deal") in the client-server P2P connection stream, and the video stream is not encrypted? 
So if someone could intercept the unuseable encrypted ID/PW, then they could possibly intercept the un-encrypted video stream using the same tools?
User avatar
Revo2Maxx
Site Admin
Posts: 3581
Joined: Sat Jun 15, 2019 3:05 pm

Re: Set up with Serial Number option

Post by Revo2Maxx »

No Sorry it is all Encrypted. Even though the UUID is constant each time the pass is different. Then once it is connected yes that data that is passed is done in a different port then expected and also is Encrypted. Only time I have been able to look at data and change from Code to Jpg is when I have connected Local over IP. If I connect on my ASP over SN nothing transmitted can be translated. Also what was weird was moving from a connection with my 841v3 to another stream also P2P connected when it went back to the 841v3 the encryption changed it wasn't same as the feed before also change Port it was sent from and returned too. It is crazy (Magic) how something like P2P could be so complex when it feel so easy.. (Easy to setup) anyway :) Unlike Port forwarding and opening ports and keeping track of your WAN IP if you don't have a Static one.. P2P turn on, make sure your system connected to internet with good DNS servers in the device and Magic
Thanks to all that has helped out others on the Forum
GoodLuck
Post Reply