Decrypting CCTV UDP/TCP packets MITM

Encryption
1

Been trying to decrypt my own CCTV traffic as a hobby where I’ve used various tools (wirehshark, ffcode and some other tutorials) but seems either my stream is very secure, or I’m not trying hard enough. The configuration is as follows if some can figure it out:
-DVR connected via ethernet to router
-router connected to Internet
-cameras are NOT IP ones
-DVR user/pass is used (no VLC solutions please unless you know the accounts)
-video streams stored on DVR and be be viewed directly on DVR or via remote Apps (iOS, Windows,etc) as long as you know the IP url/User/pass

ideas?

2

The process of message encryption and decryption during client-server communication using UDP server is as follows:

  • The client requests the server with a file name.
  • The corresponding file is opened by the server and sends the file using datagram socket.
  • The sender sends the encrypted text (Xoring) with a fixed length key.
  • The receiver receives the encrypted text (cipher text).
  • The receiver decrypts the file using the same key (private key).

This program is made in C

Client Side Program


// Client side code
#include <netinet/in.h>
#include <stdio.h>
#include <string.h>
#include <sys/socket.h>
 
// Driver code
int main()
{
    int clientSocket, portNum, nBytes;
    char file_buffer[3000], path[1024], buffer[3000];
 
    // This key array stores the hidden key
    char const key[3000] = "HIDDENKEY";
    struct sockaddr_in serverAddr;
    socklen_t addr_size;
    int i;
    clientSocket = socket(PF_INET, SOCK_DGRAM, 0);
 
    serverAddr.sin_family = AF_INET;
    serverAddr.sin_port = htons(5004);
    serverAddr.sin_addr.s_addr = inet_addr("127.0.0.1");
    memset(serverAddr.sin_zero, '\0', sizeof serverAddr.sin_zero);
 
    addr_size = sizeof serverAddr;
 
    while (1) {
        printf("Specify file name: \n");
        gets(path);
 
        // printf("%s\n", path);
        FILE* fp;
        fp = fopen(path, "r");
        if (fp == NULL) {
            printf("file does not exist\n");
        }
 
        fseek(fp, 0, SEEK_END);
        size_t file_size = ftell(fp);
        fseek(fp, 0, SEEK_SET);
 
        if (fread(file_buffer, file_size, 1, fp) <= 0) {
            printf("unable to copy file into buffer\n");
            exit(1);
        }
 
        if (sendto(clientSocket, file_buffer, 3000, 0, (struct sockaddr*)&serverAddr,
                                                                    addr_size) < 0) {
            printf("error in sending the file\n");
            exit(1);
        }
 
        bzero(file_buffer, sizeof(file_buffer));
 
        nBytes = recvfrom(clientSocket, buffer, 1024, 0, NULL, NULL);
 
        printf("Received from server: \n");
 
        // printing some of the character to have a feel of encryption
        for (i = 0; i < 15; ++i)
            printf("%02X ", buffer[i]);
        printf("\n");
 
        char x[3000];
        for (i = 0; i < nBytes - 1; ++i)
            x[i] = (char)(buffer[i] ^ key[i]);
 
        // printing some of the character to have a feel of decryption
        printf("Decrypted message: (First 15 characters)\n");
        for (i = 0; i < 11; ++i)
            printf("%c ", x[i]);
 
        printf("\n");
    }
 
    return 0;
}

Server Side Program


// C server code
#include <memory.h>
#include <netinet/in.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
 
// Driver code
int main()
{
    int udpSocket, nBytes;
    char buffer[3000], xor[3000];
    char const key[1024] = "HIDDENKEY";
    struct sockaddr_in serverAddr, clientAddr;
    struct sockaddr_storage serverStorage;
    socklen_t addr_size, client_addr_size;
    int i;
 
    udpSocket = socket(PF_INET, SOCK_DGRAM, 0);
 
    serverAddr.sin_family = AF_INET;
    serverAddr.sin_port = htons(5004);
    serverAddr.sin_addr.s_addr = inet_addr("127.0.0.1");
    memset(serverAddr.sin_zero, '\0', sizeof serverAddr.sin_zero);
 
    bind(udpSocket, (struct sockaddr*)&serverAddr, sizeof(serverAddr));
 
    addr_size = sizeof serverStorage;
    puts("Waiting for client :");
    int count = 0;
 
    while (1) {
        nBytes = recvfrom(udpSocket, buffer, 3000, 0, (struct sockaddr*)&serverStorage,
                                                                            &addr_size);
        printf("Message no : %d\n", ++count);
 
        for (i = 0; i < nBytes - 1; i++) {
            if (buffer[i] != '\n')
                xor[i] = (char)(buffer[i] ^ key[i]);
            else
                xor[i] = buffer[i];
        }
 
        printf("Encrypted message stored in file : (First 15 characters)\n");
 
        // printing some of the character to have a feel of encryption
        for (i = 0; i < 15; ++i)
            printf("%02X ", xor[i]);
        printf("\n");
 
        FILE* fp;
        fp = fopen("temp.txt", "w+");
 
        for (i = 0; i < nBytes - 1; i++) {
            if (xor[i] != '\n')
                fprintf(fp, "%X", xor[i]);
            else
                fprintf(fp, "%c", xor[i]);
        }
 
        fclose(fp);
        sendto(udpSocket, xor, nBytes, 0, (struct sockaddr*)&serverStorage,
                                                                 addr_size);
    }
 
    return 0;
}

I hope you found this useful.

1 Like
3

hi C_J, thanks for this code but can you give me some tips on how to run the code on my network against my DVR?

What i know:
my DVR IP (10.0.0.105)
my local IP (10.0.0.100)
my router (10.0.0.1)
Pretend I don’t have admin credentials to the DVR either. just the network.

I’m pretty good on linux overall and wireshark, but when it comes to execution of C code on Kali, maybe you can advise?
So does something need to be installed as well on Server side as well or does all this work from client side since I won’t be able to install anything on my DVR OS level.
Purpose of all this was to intercept packets that are encrypted and then be able to look at .mp3 or .mpeg files by “sniffing” them out on the network.
thank you