├── BlackvueCloudStream.cpp
├── HTTPGET_URLs
├── LICENSE
├── README.md
└── simpledump.sh


/BlackvueCloudStream.cpp:
--------------------------------------------------------------------------------
  1 | #include <windows.h>
  2 | #include "winhttp.h"
  3 | 
  4 | #include <stdio.h>
  5 | #include <string.h>
  6 | #include <time.h>
  7 | 
  8 | #include "sha256.h" // http://www.zedwood.com/article/cpp-sha256-function
  9 | 
 10 | std::string get_from_reg(const char * name)
 11 | {
 12 |     std::string res;
 13 |     HKEY hKey = 0;
 14 |     if (RegOpenKeyA(HKEY_CURRENT_USER, "Software\\PittaSoft\\BlackVue", &hKey) == ERROR_SUCCESS)
 15 |     {
 16 |         DWORD dwType = REG_SZ;
 17 |         DWORD len = 0;
 18 |         RegQueryValueEx(hKey, name, NULL, &dwType, NULL, &len);
 19 |         if (len > 1)
 20 |         {
 21 |             char * user_token = (char *)malloc(len+1);
 22 |             if (user_token == NULL)
 23 |             {
 24 |                 printf( "Cannot allocate %u bytes\n", len+1);
 25 |             }
 26 |             else
 27 |             {
 28 |                 RegQueryValueEx(hKey, name, NULL, &dwType, (LPBYTE)user_token, &len);
 29 |                 res.assign(user_token);
 30 |                 free(user_token);
 31 |             }
 32 |         }
 33 |         RegCloseKey(hKey);
 34 |     }
 35 |     return res;
 36 | }
 37 | 
 38 | std::string get_user_token()
 39 | {
 40 |     return get_from_reg("user_token");
 41 | }
 42 | 
 43 | void set_user_token(const char * user_token)
 44 | {
 45 |     HKEY hKey = 0;
 46 |     if (RegOpenKeyA(HKEY_CURRENT_USER, "Software\\PittaSoft\\BlackVue", &hKey) == ERROR_SUCCESS)
 47 |     {
 48 |         RegSetKeyValueA(hKey, NULL, "user_token", REG_SZ, user_token, strlen(user_token)+1);
 49 |         RegCloseKey(hKey);
 50 |     }
 51 | }
 52 | 
 53 | int hash_hex(char *hex, int hex_len, const char * str, int str_len)
 54 | {
 55 |     unsigned char digest[SHA256::DIGEST_SIZE];
 56 |     memset(digest, 0, SHA256::DIGEST_SIZE);
 57 |  
 58 |     SHA256 ctx = SHA256();
 59 |     ctx.init();
 60 |     ctx.update((const unsigned char *)str, str_len);
 61 |     ctx.final(digest);
 62 | 
 63 |     int offset = 0;
 64 |     for (int i=0; i < SHA256::DIGEST_SIZE; ++i)
 65 |     {
 66 |         offset += sprintf_s(&hex[offset], hex_len - offset, "%02X", digest[i]);
 67 |     }
 68 |     return offset;
 69 | }
 70 | 
 71 | std::string request(const char * server, const char * url, const char * body, bool bIsJson, int * status)
 72 | {
 73 |     std::string res;
 74 |     *status = 0;
 75 | 
 76 |     if (server == NULL)
 77 |     {
 78 |         server = "api.blackvuecloud.com";
 79 |     }
 80 | 
 81 |     printf( "Request: %s%s\n", server, url);
 82 |     if (body != NULL)
 83 |     {
 84 |         printf( "%s\n", body);
 85 |     }
 86 | 
 87 |     char bcsDate[128];
 88 |     {
 89 |         __time64_t t = _time64(NULL);
 90 |          struct tm _tm;
 91 |          _localtime64_s(&_tm, &t);
 92 |          strftime(bcsDate, 128, "%Y%m%dT%H%M%SZ", &_tm);
 93 |     }
 94 | 
 95 |     char bcsToken[] = "hH751PfkmHdktlkNUmS8qDaCGZrdXxMbw8qT2oy78dB3jhebz0n6IvnA4C788Cts";
 96 | 
 97 |     char bcsSignature[8192];
 98 | 
 99 |     int bcsSignature_len = sprintf_s(bcsSignature, sizeof(bcsSignature), "%s&%s&%s&%s&%s&%s", 
100 |         (body != NULL) ? "POST" : "GET",
101 |         server,
102 |         url, 
103 |         bcsToken,
104 |         bcsDate,
105 |         "1077a134d84ab47c9ed82e7f4874f4802340a289cd0401ba27a6ebf74bceb8a6");
106 | 
107 |     char bcsSignatureHEX[65];
108 |     hash_hex(bcsSignatureHEX, sizeof(bcsSignatureHEX), bcsSignature, bcsSignature_len);
109 | 
110 |     char headers[8192];
111 |     sprintf_s(headers, sizeof(headers), "Content-Type: application/%s\r\nbcsToken: %s\r\nbcsSignature: %s\r\nbcsDate: %s\n", 
112 |         bIsJson ? "json" : "x-www-form-urlencoded",
113 |         bcsToken, 
114 |         bcsSignatureHEX,
115 |         bcsDate);
116 | 
117 |     HINTERNET hSession = WinHttpOpen(L"BlackVue C win32", WINHTTP_ACCESS_TYPE_NO_PROXY, WINHTTP_NO_PROXY_NAME, WINHTTP_NO_PROXY_BYPASS, 0);
118 |     if (hSession == NULL)
119 |     {
120 |         printf( "WinHttpOpen failed, error %d\n", GetLastError());
121 |     }
122 |     else
123 |     {
124 |         WinHttpSetTimeouts(hSession, 20000, 20000, 20000, 20000);
125 | 
126 |         bool bSecure = true;
127 |         char _server[256];
128 |         wchar_t w_server[256];
129 |         if (strncmp(server, "https://", 8) == 0)
130 |         {
131 |             strcpy_s(_server, &server[8]);
132 |         }
133 |         else if (strncmp(server, "http://", 7) == 0)
134 |         {
135 |             strcpy_s(_server, &server[7]);
136 |             bSecure = false;
137 |         }
138 |         else
139 |         {
140 |             strcpy_s(_server, server);
141 |         }
142 | 
143 |         int port = 443;
144 |         char * p = strchr(_server, ':');
145 |         if (p != NULL)
146 |         {
147 |             *p = '\0';
148 |             port = atoi(&p[1]);
149 |         }
150 | 
151 |         MultiByteToWideChar(CP_ACP, 0, _server, -1, w_server, _countof(w_server));
152 | 
153 | 
154 |         HINTERNET hConnect = WinHttpConnect(hSession, w_server, port, 0);
155 |         if (hConnect == NULL)
156 |         {
157 |             printf( "WinHttpConnect failed, error %d\n", GetLastError());
158 |         }
159 |         else
160 |         {
161 |             wchar_t w_url[8192];
162 |             MultiByteToWideChar(CP_ACP, 0, url, -1, w_url, _countof(w_url));
163 | 
164 |             HINTERNET hRequest = WinHttpOpenRequest(hConnect, (body != NULL) ? L"POST" : L"GET", w_url, NULL, WINHTTP_NO_REFERER, 
165 |                                    WINHTTP_DEFAULT_ACCEPT_TYPES, 
166 |                                    (bSecure ? WINHTTP_FLAG_SECURE /* 0xFF800000 */ : 0) | WINHTTP_FLAG_BYPASS_PROXY_CACHE );
167 | 
168 |             if (hRequest == NULL)
169 |             {
170 |                 printf( "WinHttpOpenRequest failed, error %d\n", GetLastError());
171 |             }
172 |             else
173 |             {
174 |                 DWORD body_len = ((body == NULL) ? 0 : strlen(body));
175 |                 wchar_t w_headers[8192];
176 |                 MultiByteToWideChar(CP_ACP, 0, headers, -1, w_headers, _countof(w_headers));
177 |                 if (!WinHttpSendRequest(hRequest, w_headers, -1, (LPVOID)body, body_len, body_len, NULL))
178 |                 {
179 |                     printf( "WinHttpSendRequest failed, error %d\n", GetLastError());
180 |                 }
181 |                 else
182 |                 {
183 |                     if (!WinHttpReceiveResponse(hRequest, NULL))
184 |                     {
185 |                         printf( "WinHttpReceiveResponse failed, error %d\n", GetLastError());
186 |                     }
187 |                     else
188 |                     {
189 |                         DWORD dwStatus = 0;
190 |                         DWORD dwContentLenght = 0;
191 |                         DWORD dwSize = 4;
192 |                         WinHttpQueryHeaders(hRequest, WINHTTP_QUERY_FLAG_NUMBER | WINHTTP_QUERY_STATUS_CODE, NULL, &dwStatus, &dwSize, 0);
193 |                         printf( "Response (%u):\n", dwStatus);
194 | 
195 |                         *status = dwStatus;
196 | 
197 |                         // dwSize = 4;
198 |                         // WinHttpQueryHeaders(hRequest, WINHTTP_QUERY_FLAG_NUMBER | WINHTTP_QUERY_CONTENT_LENGTH, NULL, &dwContentLenght, &dwSize, 0);
199 | 
200 |                         if (!WinHttpQueryDataAvailable(hRequest, &dwSize))
201 |                         {
202 |                             printf( "WinHttpQueryDataAvailable failed, error %d\n", GetLastError());
203 |                         }
204 |                         else
205 |                         {
206 |                             char * buffer = (char *)malloc(dwSize+1);
207 |                             if (buffer == NULL)
208 |                             {
209 |                                 printf( "Cannot allocate %u bytes\n", dwSize);
210 |                             }
211 |                             else
212 |                             {
213 |                                 DWORD dwRead = 0;
214 |                                 while(dwRead < dwSize)
215 |                                 {
216 |                                     DWORD _dwRead = 0;
217 |                                     if (!WinHttpReadData(hRequest, &buffer[dwRead], dwSize - dwRead, &_dwRead))
218 |                                     {
219 |                                         printf( "WinHttpReadData failed, error %d\n", GetLastError());
220 |                                         break;
221 |                                     }
222 |                                     else
223 |                                     {
224 |                                         dwRead += _dwRead;
225 |                                     }
226 |                                 }
227 |                                 buffer[dwRead] = '\0';
228 | 
229 |                                 printf( "%s\n\n", buffer);
230 |                                 res.assign(buffer);
231 |                                 free(buffer);
232 |                             }
233 |                         }
234 |                     }
235 |                 }
236 | 
237 |                 WinHttpCloseHandle(hRequest);
238 |             }
239 |             WinHttpCloseHandle(hConnect);
240 |         }
241 |         WinHttpCloseHandle(hSession);
242 |     }
243 | 
244 |     return res;
245 | }
246 | 
247 | std::string get_json_value(std::string json, const char * name)
248 | {
249 |     std::string res;
250 |     char substr[256];
251 |     sprintf_s(substr, sizeof(substr), "\"%s\":\"", name);
252 |     const char * s1 = strstr(json.c_str(), substr);
253 |     if (s1 != NULL)
254 |     {
255 |         s1 += strlen(substr);
256 |         const char * s2 = strchr(s1, '\"');
257 |         if (s2 != NULL)
258 |         {
259 |             int len = (int)(s2 - s1);
260 |             res.assign(s1, len);
261 |         }
262 |     }
263 |     return res;
264 | }
265 | 
266 | std::string login(const char * email, const char * passwd)
267 | {
268 |     std::string user_token;
269 | 
270 |     char mobile_uuid[13] = {0};
271 |     {
272 |         // GetAdaptersInfo()    // MAC address
273 |         strcpy_s(mobile_uuid, sizeof(mobile_uuid), "ffffffffffff");
274 |     }
275 | 
276 |     char mobile_name[16] = {0};
277 |     {
278 |         DWORD len = 15;
279 |         GetComputerNameA(mobile_name, &len);
280 |         if (mobile_name[0] == '\0')
281 |         {
282 |             GetComputerNameExA(ComputerNameDnsHostname, mobile_name, &len);
283 |             if (mobile_name[0] == '\0')
284 |             {
285 |                 strcpy_s(mobile_name, sizeof(mobile_name), "WIN_BLACKBUE");
286 |             }
287 |         }
288 |     }
289 | 
290 |     int time_interval = 24 * 60 * 60;
291 | 
292 |     char * server = NULL; // "https://pitta.blackvuecloud.com:443";
293 |     char * url = "/BCS/user_login.php"; // "/app/user_login.php";
294 | 
295 |     char body_login[8192];
296 |     int offset = sprintf_s(body_login, sizeof(body_login), "email=%s&passwd=", email);
297 |     offset += hash_hex(&body_login[offset], sizeof(body_login) - offset, passwd, strlen(passwd));
298 |     offset += sprintf_s(&body_login[offset], sizeof(body_login) - offset, "&mobile_uuid=%s&mobile_name=%s&mobile_os_type=%s&app_ver=%s&time_interval=%d",
299 |            mobile_uuid,
300 |            mobile_name,
301 |            "win32_blackvue",
302 |            "1.00",
303 |            time_interval / 60);
304 |     
305 |     int status;
306 |     printf("Login...\n");
307 |     std::string res = request(server, url, body_login, false, &status);
308 | 
309 |     std::string resultcode = get_json_value(res, "resultcode");
310 | 
311 |     if (status == 406 || (status == 200 && strcmp(resultcode.c_str(), "BC_ERR_DUPLICATED") == 0))
312 |     {
313 |         std::string id = get_json_value(res, "id");
314 | 
315 |         printf("Logout...\n");
316 |         char body_logout[8192];
317 |         sprintf_s(body_logout, sizeof(body_logout), "%s&logout_id=%s", body_login, id.c_str());
318 |         res = request(server, url, body_logout, false, &status);
319 |         if (status == 200)
320 |         {
321 |             printf("Login again...\n");
322 |             res = request(server, url, body_login, false, &status);
323 |         }
324 |     }
325 |     if (status == 200)
326 |     {
327 |         user_token = get_json_value(res, "user_token");
328 |         if (!user_token.empty())
329 |         {
330 |             set_user_token(user_token.c_str());
331 |         }
332 |     }
333 |     return user_token;
334 | }
335 | 
336 | int main(int argc, char * argv[])
337 | {
338 |     std::string email = get_from_reg("email");
339 |     std::string passwd = get_from_reg("passwd");
340 | 
341 |     if (argc < 2)
342 |     {
343 |         printf("Usage: BlackvueCloudStream.exe [email=...] [password=...] [ch=1|2] [my|bookmark|shared]\n\n");
344 |     }
345 | 
346 |     int list_index = 0;
347 |     int channel = 1;
348 | 
349 |     for (int i=1; i<argc; ++i)
350 |     {
351 |         char *s = argv[i];
352 |         if (strcmp(s, "bookmark") == 0)
353 |         {
354 |             list_index = 1;
355 |         }
356 |         else if (strcmp(s, "shared") == 0)
357 |         {
358 |             list_index = 2;
359 |         }
360 |         else if (strncmp(s, "email=", 6) == 0)
361 |         {
362 |             email.assign(&s[6]);
363 |         }
364 |         else if (strncmp(s, "passwd=", 7) == 0)
365 |         {
366 |             passwd.assign(&s[7]);
367 |         }
368 |         else if (strncmp(s, "ch=", 3) == 0)
369 |         {
370 |             channel = atoi(&s[3]);
371 |         }
372 |     }
373 | 
374 |     if (email.empty() || passwd.empty())
375 |     {
376 |         return 1;
377 |     }
378 | 
379 |     std::string user_token = get_user_token();
380 |     if (user_token.empty())
381 |     {
382 |         user_token = login(email.c_str(), passwd.c_str());
383 |     }
384 |     if (!user_token.empty())
385 |     {
386 |         char body_list[8192];
387 |         sprintf_s(body_list, sizeof(body_list), "email=%s&user_token=%s", email.c_str(), user_token.c_str());
388 | 
389 |         int status;
390 |         char * list_url[3] = {
391 |             "/BCS/device_list.php",
392 |             "/BCS/device_bookmark_list.php",
393 |             "/BCS/device_shared_bk_list.php"
394 |         };
395 |         std::string res = request(NULL, list_url[list_index], body_list, false, &status);
396 |         if (status == 200)
397 |         {
398 |             std::string resultcode = get_json_value(res, "resultcode");
399 |             if (strcmp(resultcode.c_str(), "BC_ERR_AUTHENTICATION") == 0)
400 |             {
401 |                 set_user_token("");
402 |                 user_token = login(email.c_str(), passwd.c_str());
403 |                 if (!user_token.empty())
404 |                 {
405 |                     res = request(NULL, list_url[list_index], body_list, false, &status);
406 |                 }
407 |             }
408 |         }
409 |         if (status == 200)
410 |         {
411 |             std::string resultcode = get_json_value(res, "resultcode");
412 |             if (strcmp(resultcode.c_str(), "BC_ERR_OK") != 0)
413 |             {
414 |                 std::string message = get_json_value(res, "message");
415 |                 printf("\nError: %s\n", message.c_str());
416 |             }
417 |             else
418 |             {
419 |                 std::string lb_server_name = get_json_value(res, "lb_server_name");
420 |                 std::string lb_rtmp_port = get_json_value(res, "lb_rtmp_port");
421 | 
422 |                 // Use first registered camera
423 |                 std::string psn = get_json_value(res, "psn");
424 | 
425 |                 if (!lb_server_name.empty() && !lb_rtmp_port.empty() && !psn.empty())
426 |                 {
427 |                     char rtmps[8192];
428 |                     sprintf_s(rtmps, sizeof(rtmps), "rtmps://%s:%s/live?email=%s&user_token=%s&psn=%s&direction=%u/blackvue",
429 |                         lb_server_name.c_str(), lb_rtmp_port.c_str(), email.c_str(), user_token.c_str(), psn.c_str(), channel);
430 |                     
431 |                     char ffmpeg[8192];
432 |                     sprintf_s(ffmpeg, sizeof(ffmpeg), "ffmpeg.exe -i \"%s\" -c copy -y blackvue%d.ts", rtmps, channel);
433 | 
434 |                     printf("Now run:\n%s\n\n", ffmpeg);
435 | 
436 |                     system(ffmpeg);
437 |                 }
438 |             }
439 |         }
440 |     }
441 | 
442 |     return 0;
443 | }
444 | 


--------------------------------------------------------------------------------
/HTTPGET_URLs:
--------------------------------------------------------------------------------
 1 | # This is a simple list of the HTTP URLs that have been observed during the use of the Android app to
 2 | # connect to a BlackVue camera directly.
 3 | #
 4 | # Note that the Cloud connectivity is different; the URLs in this file have to be accessed via a wifi
 5 | # client connected directly to the camera.
 6 | #
 7 | # The camera appears to take IP address 10.99.77.1 and present an address within 10.99.77.0/24 to the client
 8 | # - at least on my camera - please change this if you observe otherwise.
 9 | # Only one wifi/DHCP client can connect at any one time.
10 | 
11 | # Alive check - confirm BlackVue version
12 | http://10.99.77.1/Config/version.bin
13 | 
14 | # Config file
15 | http://10.99.77.1/Config/config.ini
16 | 
17 | # Video file listing (filename format n:{URL},s:1000000 - need to work out what this means!)
18 | http://10.99.77.1/blackvue_vod.cgi
19 | http://10.99.77.1/blackvue_vod.cgi?path=d:/Record/ # the default
20 | http://10.99.77.1/blackvue_vod.cgi?path=d:/        # see what else exists, only directories and .mp4 files 
21 | 
22 | # Video and metadata file for download via HTTP
23 | # (note .thm file doesn't seem to do anything; have yet to find GPS/G-force data)
24 | http://10.99.77.1/Record/{filename}.mp4
25 | http://10.99.77.1/Record/{filename}.thm
26 | 
27 | # Video on demand - returns a constantly refreshing JPEG stream
28 | # - front camera
29 | http://10.99.77.1/blackvue_live.cgi
30 | # - rear camera
31 | http://10.99.77.1/blackvue_live.cgi?direction=R
32 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) 2016 Digital-Nebula
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # hackvue
2 | Hacks and docs for the popular BlackVue dashcams
3 | 


--------------------------------------------------------------------------------
/simpledump.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Simple script to dump contents of Blackvue's recorded videos to a local folder
 4 | # NOTE, no support for the following, though I'd like to add these things and make the tool more useful in future!
 5 | # - GPS data (can't find this anywhere on the HTTP interface)
 6 | # - Deleting old files
 7 | # - Selecting NF/PF/EF/MF files separately and treating them in different ways 
 8 | 
 9 | BASE_URL=http://{URL}:{PORT}
10 | 
11 | # Basically the solution does this:
12 | # {get download of folder structure} | {look for 'Record' to weed out file names} |
13 | # {remove the other fields in csv} | {get rid of the N: prefix} | {Append URL back in} |
14 | # {Download these files, resuming and not replacing if we already have the file}
15 | wget $BASE_URL/blackvue_vod.cgi -q -O - | grep Record | awk -F, '{print $1}' | awk -F: '{print $2}' | xargs -i wget -q -c -N $BASE_URL'{}'
16 | 


--------------------------------------------------------------------------------