Document how to run Cameradar on Android (no Nethunter) without root

[boo6ster]

Udocker can be installed on Android in Termux.

Is it possible to run Cameradar using Udocker on Android 10 without rooting a smartphone?
https://github.com/indigo-dc/udocker

documentation:
https://indigo-dc.github.io/udocker/

Or maybe you know another way?

[Ullaakut]

Hi @Robin6464 !

You should be able to run it on Android without root, it's been done before my some community contributors if I recall correctly. I'm not sure if they compiled it from source or ran it in Docker though.

[boo6ster]

However, udocker is not the solution for me. I followed the directions from #290 and it's still bad. I installed a golang in a termux. Command go get github.com/Ullaakut/cameradar downloads the old version 3x to go/pkg/mod/github.com/!ullaakut/cameradar. I deleted the directory !ullaakut along with its subdirectories. I created a new catalog "Ullaakut". In go/pkg/mod/github.com/Ullaakut I used git clone https://github.com/Ullaakut/cameradar. Now I had the newest version of cameradar in go/pkg/mod/github.com/Ullaakut/cameradar. After cd $GOPATH/pkg/mod/github.com/Ullaakut/cameradar (used this command from main path $myhome - localhost:~#) I have an error cd: can't cd to $GOPATH/pkg/mod/github.com/Ullaakut/cameradar : not found.

[boo6ster]

I took it a step further and used "go install" in go/pkg/mod/github.com/Ullaakut/cameradar/cmd/cameradar. There is a cameradar binary in the go/bin directory. I tried to run it go/bin/./cameradar -t IPaddress and got an error: no $GOPATH was found ... Unable to load credentials dictionary file at "/src/github.com/Ullaakut/cameradar/dictionaries/credentials.json": no such file or directory. There is some progress because the binary has been created and it works like this :) luckily, only $GOPATH and dictionaries are missing. Parameters -r and -c indicating the path to routes and credentials.json files had no effect. I even created a directory structure and copied the cameradar to go/src/github.com/Ullaakut/cameradar. So the path go/src/github.com/Ullaakut/cameradar/dictionaries/credentials.json are exist and also no effects. How to fix this?

[boo6ster]

It finally worked. I need to run Cameradar like this:
go/bin/./cameradar - v /tmp/dictionaries:/tmp/dictionaries -c tmp/dictionaries/credentials.json - r tmp/dictionaries/routes -t IP

For now, I'm doing it with the wrong version of curl because I have to deal with downgrading the curl version than the one already installed by default in termux 7.79.1. It detects routes well, but in one case it does not detect stream for ip 78.10.235.123 (Scanning the network...ok x no stream found; debug mode found 0 RTSP streams), in the docker on the PC detect stream well. I don't think the reason was the wrong version of the curl, what could be wrong? nmap in termux detect stream well nmap -Pn --script rtsp-url-brute -p 554 78.10.235.123

After a few scans on the PC in the docker and on the termux of the same IPs, I noticed that the problem of not detecting the stream is more frequent.

[Ullaakut]

Hi @Robin6464 !

The two first errors you encountered were, as they described it, due to the $GOPATH variable not being set in your environment.

Using the wrong version of curl (any version above 7.64.0) will result in failures to deal with digest authentication. It should have no impact for cameras that use basic authentication, though.

The reason for the failure could be due to latency/timeout issues, in which case I'd recommend trying to set a higher --timeout value.

Let me know if that works for you!

[boo6ster]

It's not about the stream password. RTSP on port 554 on android is not detected at the specified IP address that I gave. On the PC docker, the cameradar detects RTSP on port 554 at the same IP address. This should have nothing to do with the curl version, because the cameradar first checks for RTSP with nmap, and then checks for credentials and routes with curl.

I have installed in termux proot-distro which includes distro-alpine. The installation of the cameradar was carried out in the same way and it was launched. Installed in alpine curl, libcurl, cul-dev 7.64.0, nmap, nmap-scripts, nmap-nselibs. The effect is the same, it cannot detect RTSP on port 554. On the computer in docker, it detects RTSP on port 554.

For some reason, if I run cameradar on computer in docker and on android in termux scanning the same camera, android does not detect RTSP, docker on computer detects RTSP. For some cameras android does not detect RTSP. Besides, the cameradar in termux on alpine works fine.

Maybe you would like to add instructions for installing cameradar for adroid without root which excludes the use of docker?

[Ullaakut]

@Robin6464 I'd love to but I don't even have an Android phone so it'd be difficult for me to provide detailed instructions for that. I also really don't have time at the moment unfortunately :(

Based on what you're describing, I have no idea why nmap would behave differently on Android and PC. I guess it must be a known issue though, no?

[boo6ster]

I don't think it's nmap's fault because if I use nmap on android --script rtsp-url-brute for a camera whose android cameradar doesn't detect RTSP on port 554, nmap detects RTSP. Perhaps the fault lies in the android itself, libraries or golang. You would have to check it yourself and trace it to the IP address of the camera I gave you.

[Ullaakut]

Since Cameradar uses nmap and just parses its output, it's an extremely strange bug you got there if nmap by itself works just fine 😅

Cameradar does not use the RTSP URL Brute script however, it just uses nmap for discovery. Can you try running nmap -A <target> from android and see if service discovery works as expected? I suspect that might be the issue. The nmap script might run even if it does not discover an RTSP service, while Cameradar will never attempt to attack anything unless it is sure that its target is exposing an RTSP service.

[boo6ster]

Adding the -A parameter changes everything. Nmap has been standing still for several minutes and nothing is happening :)

[Ullaakut]

Aha, so that's the issue. Apparently root privileges are required for service discovery :(

https://askubuntu.com/a/560706

[boo6ster]

Sorry.

The difference is that with the -A parameter nmap shows: 554 / tcp open rtsp?
However, routes are detected

Without the -A parameter, nmap shows: 554 / tcp open rtsp
The routes are the same.

The difference is the sign "?" at rtsp

[boo6ster]

With root, nmap doesn't work at all. I had to create a new user in proot distro-alpine and only then run the cameradar. Nmap version 7.92

[boo6ster]

Maybe it's nmap's fault, because in docker nmap is not installed in the virtual machine. The cameradar image uses an internal nmap? what version?