Zosi Smart Account

0 views

Skip to first unread message

Jennifer Leos

unread,

Aug 4, 2024, 6:40:31 PM8/4/24

to akereqhe

ZosiSmart Password Rules provide a comprehensive list of guidelines to ensure the security and protection of user information and devices. These rules cover a wide range of topics such as email address, mobile phone, correct password usage, third-party software restrictions, and the risks associated with reverse engineering. It emphasizes the importance of setting a strong password for login credentials and the potential issues that may arise from default or blank passwords.

The guidelines also touch upon the importance of registering a Zosi Smart App account and implementing proper security measures for IP cameras and other surveillance equipment. Additionally, it provides insights into network configurations, remote viewing capabilities, and the proper setup of devices for optimal performance. By following these rules, users can safeguard their personal and sensitive information from potential security threats. Source: Zosi Technology website

Zosi Smart Password Rules include a list of comma delimited keywords focusing on NVR password security and access to Zosi Technology products. These rules emphasize the importance of strong passwords, such as not leaving the password blank or easily guessing it. It also highlights the need to keep the password in mind and to retry it carefully if necessary. Registering for a Zosi Smart App Account and utilizing security IP cameras are advised for maximum protection.

The guidelines cover a range of topics from cellular-based security cameras to network protocols and third-party software. Users are encouraged to set up their cameras for remote viewing via port forwarding and to ensure proper firewall and proxy settings for added security. The paragraph demonstrates the comprehensive approach Zosi takes towards safeguarding user accounts and devices against potential threats. Source: zositech.com

I have a Zosi ZR08ZM10 DVR that I got from Amazon cheap for black friday. I was hoping to replace my previous cheap Floureon DVR but I have an issue I'm trying to resolve. Both the Zosi and Floureon seem to be running that same software that it seems all cheap Chinese DVRs run, but the Zosi is much faster and less buggy (and clearly a newer version). The Zosi, however, will not provide any standard video streaming mechanisms (RTSP, MJPG/HTTP, etc) despite there being port settings in the configuration. Zosi support has confirmed that this model doesn't support that.

[*]The stream to my PC via their proprietary software is using UDP and may have some non-standard handshake, but I would be surprised if the final stream wasn't a standard one (not sure how I could tap into that)

I've downloaded their Windows app (called AVSS) Aand began dissecting it to see how the stream is established (via Windows Message Analyzer, Wireshark, disassembling / debugging it with x64dbg, and strings.exe). It seems to be using some "p2p" libraries to communicate via UDP. It's hitting several external servers, to do so. I have a feeling that once the connection has been established, it may be a standard stream and perhaps I could tap into it.

@wymangr No I haven't. I sorta gave up. I'm in the process of moving into a new house, and I'm going to be setting this up again in the next week or two there. As a result, I foresee a renewed interest in hacking this coming up on the horizon lol.

My bet is that they just closed the ports, and now establish an outgoing connection to their cloud services, to create a tunnel, which just connects to the same port 5000 service that way. EDIT: Seems not.

Also, I'm seeing UDP broadcast traffic from the cameras that are connected to the box's ethernet ports leaking into the LAN. I wonder if the box will route the traffic somehow. This after the box broadcasts 51a80000000000000000000000000000 from port 18153 to 18152. The camera message comes from port 18152 to port 18153.

Hi, I am new on this forum and I know this is an old post but I would like to resurrect it for the sake of those who have to deal with zosi support (if you call it that) anyway I too hit all the brick walls and I was able to ascertain that the avss program can be run in linux as I do not use windows anything, zosi support said it could never be done, so if I can achieve that I am sure we can get into this box. I was interested in a serial connection, I built a server on a pogoplug using this same technique and since I am now retired I find more time to dink around with this stuff when the spirit moves me. The connection for that device is pretty straight forward and I may have to open up the the unit to see if I can dissect it further. If I can find the serial connector on the board I can use the usb to serial adapter I have and run picocom on my linux terminal and hopefully I see something, I will get back on here later with results even if they fail, just putting stuff down so I remember to try them. If anyone here found a way to save some time regarding the zosi backdoor I would really appreciate it:) Anyway my reason for access is because they tell me my IP cam is digital and will not connect to the dvr because it cannot run wifi, well I installed the wifi and it is connected but the ddns refuses to connect to my NOIP account no matter what I try and I am stumped and the best way to achieve this is to look at the inside of the programming. Any thoughts? Thanks in advance! Echo

I'd certainly like to Hear about this, I just got hired to Extract data from the System, Zosi tells me I have to use a fat32 thumb drive no larger than 64gb.... can you imagine moving 2tb of data 64gb at a time?

I'm making a byte-to-byte copy of the drive using a Ubuntu computer with the dd command.

I found a bunch of UDP Ports open using NMAP and tried some packet captures on Wireshark.

The two devices are on a direct connect network.

Does anyone know how to use the "device CMD" in the ZOSI "AVSS" pc application? I tried some commands like "ls -a, pwd, cd /" but none of them show any responses.

I can only assume the system is running Linux of some type, but the HDD seems to have its own filesystem because even my Linux machine can't recognize the filesystem format, and its got support for almost any filesystem you can imagine.

Open ports

Hello everyone,

I just ordered a ZOSI 8 channel BNC Analog DVR (Model name: ZR08VM) for my 8 analog cameras, and managed to find the RTSP streams!

The RTSP stream is located at rtsp://192.168.x.x/video9 of course replacing the IP address with your DVR's IP. (May appear as Ansjer Electronics on your router's device list or an nmap scan)

For some reason the channel numbers start at 9, so for me channel 1 was found at URL ending with video9, channel 2 at URL ending with video10 and so on. It also seems there's no security, so even if you setup a password on the box, the rtsp stream can be accessed without it. For that reason, I would recommend using a server to act as a firewall between the box and the internet, so that the streams are never directly exposed to the network without authentication.

On this model only port 554 (RTSP) was open, and after many hours of toying with nmap I started just trying common RTSP URLs suggested online. I noticed that most of the time the connection would close immediately, but when I tried rtsp://192.168.x.x/video1 it simply got stuck trying to connect, but didn't close instantly. I figured this was a good sign, and tried different changing that last number until I found the correct range (9-16) which may be different for you depending on the model.

Since BNC PCIe cards are expensive (and for security reasons), I wanted to just use this DVR solely for its BNC ports to feed the streams to my home server where I'll actually manage the cameras. Thankfully, I can now do that easily with RTSP while bypassing the crappy firmware on the box!