2

I just bought a cheap WiFi camera called SriCam SP009 (just to test it). To set it up you have to install an app on your phone. In this app you enter the WiFi password and an ID number for the camera. Then automatically the camera connects to your WiFi. My question is: How is this possible?

What I do know:

  1. I did a packet capture and there are UDP packets from the app to Chinese IP addresses.
  2. It did not work on my openWRT router. But it does work on a standard tp-link
  3. I can’t see it setting up any wlan of it’s one. Like for example the chromecast.
CharlieRB
  • 22,566
  • 5
  • 56
  • 105
user1930848
  • 131
  • 3
  • 2
    A simple implementation would be 1- get wlan credentials from the user via app(already done) 2- connect to the camera's preconfigured ad-hoc network 3- set up the camera 4- reset. – conquistador Feb 10 '17 at 11:38
  • So you think the phone connects to the adhoc network? I did not think android could do that. And that should not be stopped by me having a openWRT router. – user1930848 Feb 10 '17 at 11:48
  • 1
    For android, AOSP doesn't support ad-hoc but OEMs and modified distros like CM do. I don't know if iOS does. Also same method can be used via wi-fi direct. – conquistador Feb 10 '17 at 11:56
  • Does it happen to have bluetooth? – Blaine Feb 10 '17 at 15:00
  • It could be using wifi direct. A lot of wifi speaker use this for their setup process. – Patrick R. Feb 10 '17 at 17:23
  • No bluetooth.. The camera also works with Iphone which does not support wifi direct as far as I know. And if it was wifi direct that should have worked when I was testing whit the openWRT router as well. Since that should not depend on the router used – user1930848 Feb 10 '17 at 19:28

2 Answers2

1

I figured it out :) It's using something called "smart connection" by mediatek. You can find a tutorial for it here https://docs.labs.mediatek.com/resource/mt7687-mt7697/en/tutorials/digital-clock-part-2

user1930848
  • 131
  • 3
1

I would like to point out this method. Here, the SSID and passphrasse are encoded into the length of UDP packets send by the phone to the access point.

http://www.espressif.com/sites/default/files/30b-esp-touch_user_guide_en_v1.1_20160412_0.pdf

It is implemented and called ESP-TOUCH in the esp8266 WiFi microcontroller.

Wallfacer
  • 11
  • 2