{"version":"https://jsonfeed.org/version/1.1","title":"Jaryl Chng's Knowledge Base","home_page_url":"https://kb.jarylchng.com","feed_url":"https://kb-jarylchng-com.pages.dev/json/","description":"<p>Welcome to the index page of my knowledge base, if you haven't done so, do visit my website at <a href=\"https://jarylchng.com\" rel=\"noopener noreferrer\" target=\"_blank\">https://jarylchng.com</a>.</p><p>I will mainly use this site to document stuff, most of which will likely be in the public domain.</p>","icon":"https://kb-static.jarylchng.com/kb-jarylchng-com/production/images/channel-c68f1f55f856ab833b4365991609dbec.png","favicon":"https://kb-static.jarylchng.com/kb-jarylchng-com/production/images/favicon-b94914f57599a477f9f72dab6bc71001.png","authors":[{"name":"Jaryl Chng"}],"language":"en-us","items":[{"id":"rykxH8CCzDk","title":"Home Automation - Jovision CloudSEE Doorbell Trigger to Telegram Chat","url":"https://kb.jarylchng.com/i/home-automation-jovision-cloudsee-doorbell-trigg-rykxH8CCzDk/","content_html":"<p>The doorbell, according to the MAC address, is by China Dragon Technology Limited</p><p>The reason for this is because this model is from China and requires me to install HUAWEI Push Kit to receive notifications. But I did not want that and needed an alternative.</p><p>Now this may seem like a very simple integration, trust me it is not. The doorbell itself has all ports closed and it only communicates with their own cloud servers.</p><h2>Intercepting Traffic with Zanti Man-in-the-Middle (MitM) Attack</h2><p>I tried many ways to intercept traffic and see the requests sent by the doorbell when the alarm button is triggered. I settled onto my trusty Android device with <a href=\"https://www.zimperium.com/zanti-mobile-penetration-testing\" rel=\"noopener noreferrer\" target=\"_blank\">Zanti Penetration Testing Application</a>.</p><p>Here's a sample request sent according to Zanti where they upload an image to their cloud servers when the button is pressed.</p><pre class=\"ql-syntax\" spellcheck=\"false\">URL: http://oss-cn-hangzhou.aliyuncs.com/xw-cloudstorage/ecateye/7days/(CAMERA_ID)/20210613/A01142912.jpg\nDate: Sun Jun 13 14:29:10 GMT+08:00 2021\nMethod: PUT\nAuth: null\nCookie: null\nUser Agent: (CAMERA_ID)\nMime Type: null\n\nHeaders:\ndate : Sun, 13 Jun 2021 06:29:19 GMT\nauthorization : OSS (AUTH_KEY)\ncontent-length : 20857\nhost : oss-cn-hangzhou.aliyuncs.com\ncontent-type : application/octet-stream\nuser-agent : (CAMERA_ID)\n\nForm params:\n</pre><h2>DNS \"Poisoning\" with AdGuard Home DNS Server</h2><p>Since my entire household is under <a href=\"https://github.com/AdguardTeam/AdGuardHome\" rel=\"noopener noreferrer\" target=\"_blank\">AdGuard Home DNS</a> (previously <a href=\"https://github.com/pi-hole/pi-hole\" rel=\"noopener noreferrer\" target=\"_blank\">PiHole</a>) and the device doesn't seem to be using any custom DNS servers, I have decided to reroute traffic going to oss-cn-hangzhou.aliyuncs.com to my <a href=\"https://www.nginx.com/\" rel=\"noopener noreferrer\" target=\"_blank\">NGINX</a> server.</p><p><img src=\"https://kb-static.jarylchng.com/kb-jarylchng-com/production/media/rich-editor/items/rykxH8CCzDk/image-f5b9b669278c565672cfb493541f8ed0.png\"></p><h2>Proxying and Mirroring with NGINX</h2><p>Luckily for me, the device uses insecure HTTP connection and I don't have to worry about any certificate checks. I pinged the address to find out that the IP address is 118.31.219.251. It may be a CDN IP but it's a low priority for me to keep up with it. I used the mirror keyword to route traffic to a webhook trigger on my local <a href=\"https://n8n.io/\" rel=\"noopener noreferrer\" target=\"_blank\">N8N.io</a> instance</p><pre class=\"ql-syntax\" spellcheck=\"false\">server {\n  listen 80;\n  listen [::]:80;\n\n  server_name oss-cn-hangzhou.aliyuncs.com;\n\n  location / {\n    mirror /mirror;\n    mirror_request_body on;\n    proxy_pass http://118.31.219.251;\n  }\n  location /mirror {\n    internal;\n    proxy_method POST;\n    proxy_pass http://(N8N_IO_HOSTNAME)/webhook/(WEBHOOK_ID)/;\n  }\n}\n</pre><h2>Handling request with <a href=\"http://N8N.io\" rel=\"noopener noreferrer\" target=\"_blank\">N8N.io</a></h2><p><img src=\"https://kb-static.jarylchng.com/kb-jarylchng-com/production/media/rich-editor/items/rykxH8CCzDk/image-4cb96c45acc8a28add5ea0779e9f1964.png\"></p><ol><li>Grabs the request body from POST webhook (make sure to enable Binary Data option)</li><li>Sends the image data captured in data binary object to my personal <a href=\"https://min.io/\" rel=\"noopener noreferrer\" target=\"_blank\">MinIO</a> server</li><li>Sends the photo and a message to my family's Telegram channel</li></ol><h2>Final output</h2><p>It's time to press the doorbell!</p><p><img src=\"https://kb-static.jarylchng.com/kb-jarylchng-com/production/media/rich-editor/items/rykxH8CCzDk/image-3c74d614c8c4b7f3beef59a3ce1248c3.png\"></p>","content_text":"The doorbell, according to the MAC address, is by China Dragon Technology\nLimited\n\nThe reason for this is because this model is from China and requires me to\ninstall HUAWEI Push Kit to receive notifications. But I did not want that and\nneeded an alternative.\n\nNow this may seem like a very simple integration, trust me it is not. The\ndoorbell itself has all ports closed and it only communicates with their own\ncloud servers.\n\n\nINTERCEPTING TRAFFIC WITH ZANTI MAN-IN-THE-MIDDLE (MITM) ATTACK\n\nI tried many ways to intercept traffic and see the requests sent by the doorbell\nwhen the alarm button is triggered. I settled onto my trusty Android device with\nZanti Penetration Testing Application.\n\nHere's a sample request sent according to Zanti where they upload an image to\ntheir cloud servers when the button is pressed.\n\nURL: http://oss-cn-hangzhou.aliyuncs.com/xw-cloudstorage/ecateye/7days/(CAMERA_ID)/20210613/A01142912.jpg\nDate: Sun Jun 13 14:29:10 GMT+08:00 2021\nMethod: PUT\nAuth: null\nCookie: null\nUser Agent: (CAMERA_ID)\nMime Type: null\n\nHeaders:\ndate : Sun, 13 Jun 2021 06:29:19 GMT\nauthorization : OSS (AUTH_KEY)\ncontent-length : 20857\nhost : oss-cn-hangzhou.aliyuncs.com\ncontent-type : application/octet-stream\nuser-agent : (CAMERA_ID)\n\nForm params:\n\n\n\nDNS \"POISONING\" WITH ADGUARD HOME DNS SERVER\n\nSince my entire household is under AdGuard Home DNS (previously PiHole) and the\ndevice doesn't seem to be using any custom DNS servers, I have decided to\nreroute traffic going to oss-cn-hangzhou.aliyuncs.com to my NGINX server.\n\n[https://kb-static.jarylchng.com/kb-jarylchng-com/production/media/rich-editor/items/rykxH8CCzDk/image-f5b9b669278c565672cfb493541f8ed0.png]\n\n\nPROXYING AND MIRRORING WITH NGINX\n\nLuckily for me, the device uses insecure HTTP connection and I don't have to\nworry about any certificate checks. I pinged the address to find out that the IP\naddress is 118.31.219.251. It may be a CDN IP but it's a low priority for me to\nkeep up with it. I used the mirror keyword to route traffic to a webhook trigger\non my local N8N.io instance\n\nserver {\n  listen 80;\n  listen [::]:80;\n\n  server_name oss-cn-hangzhou.aliyuncs.com;\n\n  location / {\n    mirror /mirror;\n    mirror_request_body on;\n    proxy_pass http://118.31.219.251;\n  }\n  location /mirror {\n    internal;\n    proxy_method POST;\n    proxy_pass http://(N8N_IO_HOSTNAME)/webhook/(WEBHOOK_ID)/;\n  }\n}\n\n\n\nHANDLING REQUEST WITH N8N.IO\n\n[https://kb-static.jarylchng.com/kb-jarylchng-com/production/media/rich-editor/items/rykxH8CCzDk/image-4cb96c45acc8a28add5ea0779e9f1964.png]\n\n 1. Grabs the request body from POST webhook (make sure to enable Binary Data\n    option)\n 2. Sends the image data captured in data binary object to my personal MinIO\n    server\n 3. Sends the photo and a message to my family's Telegram channel\n\n\nFINAL OUTPUT\n\nIt's time to press the doorbell!\n\n[https://kb-static.jarylchng.com/kb-jarylchng-com/production/media/rich-editor/items/rykxH8CCzDk/image-3c74d614c8c4b7f3beef59a3ce1248c3.png]","date_published":"2024-04-06T16:21:20.775Z","_microfeed":{"web_url":"https://kb-jarylchng-com.pages.dev/i/home-automation-jovision-cloudsee-doorbell-trigg-rykxH8CCzDk/","json_url":"https://kb-jarylchng-com.pages.dev/i/rykxH8CCzDk/json/","rss_url":"https://kb-jarylchng-com.pages.dev/i/rykxH8CCzDk/rss/","guid":"rykxH8CCzDk","status":"published","itunes:episodeType":"full","date_published_short":"Sat Apr 06 2024","date_published_ms":1712420480775}}],"_microfeed":{"microfeed_version":"0.1.2","base_url":"https://kb-jarylchng-com.pages.dev","categories":[{"name":"Technology"}],"subscribe_methods":[{"name":"RSS","type":"rss","url":"https://kb-jarylchng-com.pages.dev/rss/","image":"https://kb-jarylchng-com.pages.dev/assets/brands/subscribe/rss.png","enabled":true,"editable":false,"id":"sQbXXExV58H"},{"name":"JSON","type":"json","url":"https://kb-jarylchng-com.pages.dev/json/","image":"https://kb-jarylchng-com.pages.dev/assets/brands/subscribe/json.png","enabled":true,"editable":false,"id":"nC8cjLCnOOi"}],"description_text":"Welcome to the index page of my knowledge base, if you haven't done so, do visit\nmy website at https://jarylchng.com.\n\nI will mainly use this site to document stuff, most of which will likely be in\nthe public domain.","copyright":"©2024","itunes:type":"episodic","items_sort_order":"newest_first"}}