Home AMX User Forum AMX General Discussion

can this CAM SITE be cracked?

GSLogicGSLogic Original MemberPosts: 562
There is a new company that will be hosting almost all the traffic cameras around the US. Its designed with a timer and a registation key to limit the number of hits. Is there is an IP wiz out there that knows a way around this?

http://www.trafficland.com/

This is the TP dynamic address, but it only work for a limited time and a PC has to hit it first.
http://pub2.camera.trafficland.com
/image/live.jpg?system=mdot&webid=8440&
size=full&pubtoken=d83dfcef3ecd0033c58a5b0bafd4dfaa&1218979952578


If you wish to except this mission...

Comments

  • Spire_JeffSpire_Jeff Formerly Caffeinated Programmer Posts: 1,917
    It looks like they do resell the services. Have you made contact to find out how much they want to charge for this? If you explain that this will be used in a residential setting and it will be fairly low bandwidth, maybe they will agree to a reasonable fee on a yearly or monthly term?

    Just a thought :)

    OR (* LIGHT BULB! *) Maybe AMX could workout a deal with them and offer the service to dealers??? :)


    Jeff
  • GSLogicGSLogic Original Member Posts: 562
    Spire_Jeff wrote: »
    It looks like they do resell the services. Have you made contact to find out how much they want to charge for this? If you explain that this will be used in a residential setting and it will be fairly low bandwidth, maybe they will agree to a reasonable fee on a yearly or monthly term?

    $500 a month!!!!!!!!!!!!!!!!!!!
  • Spire_JeffSpire_Jeff Formerly Caffeinated Programmer Posts: 1,917
    Ummmm.... OUCH! :) I guess that leaves AMX working out a deal in which they get the feeds and then sell them to dealers at a more manageable rate.

    Ohh, and I'm sure that this just an exercise for academic purposes and you would never try to circumvent security measures in order to obtain the data in ways that are not approved by the content provider, but you may want to make sure this is clear. I would hate to see an attempt to gain knowledge in IP communications result in an experience to gain knowledge of court proceedings ;)

    Jeff
  • GSLogicGSLogic Original Member Posts: 562
    Spire_Jeff wrote: »
    Ummmm.... OUCH! :) I guess that leaves AMX working out a deal in which they get the feeds and then sell them to dealers at a more manageable rate.

    Ohh, and I'm sure that this just an exercise for academic purposes and you would never try to circumvent security measures in order to obtain the data in ways that are not approved by the content provider, but you may want to make sure this is clear. I would hate to see an attempt to gain knowledge in IP communications result in an experience to gain knowledge of court proceedings ;)
    Jeff

    I was challenged by the owner, he said it couldn't be done and of course it's only for fun!
  • PetarPetar Junior Member Posts: 14
    Well... all the image have a unique image name...

    So you first need to 'touch' the page to get the pubtoken en then you can request the image...

    Pretty good idea to protect your content I must say:)
  • GSLogicGSLogic Original Member Posts: 562
    Petar wrote: »
    Well... all the image have a unique image name...
    So you first need to 'touch' the page to get the pubtoken en then you can request the image...

    If you set it up like that, after a while it stops working. They have more going on then just the pubtoken. Every time you have to request the main site first then hold the unique id number and you have to repeat this every time... very cleaver $
  • Chip MoodyChip Moody Junior Member Posts: 727
    So....... The idea is to get the .jpg URL to a G4 touch panel and set it to refresh itself every couple of seconds, right? The valid (tokenized) URL is in the HTML returned when your browser connects to something like "http://www.trafficland.com/city/NYC/camera/2322/index.html", right?

    If you determine how long the token lasts, I would try setting up a program that does an IP_CLIENT connection to the hosting page every so often, and scrape the image's URL from the data that comes back, then pass that URL on to your touch panel. They probably have some HTTP elements required that are normally supplied by a traditional browser, so you'd have to monitor the HTTP header sent by your browser and have your Netlinx program emulate that.

    Or did I miss/gloss over something there?

    - Chip
  • jjamesjjames Just another dude Posts: 2,905
    Chip Moody wrote: »
    If you determine how long the token lasts, I would try setting up a program that does an IP_CLIENT connection to the hosting page every so often, and scrape the image's URL from the data that comes back, then pass that URL on to your touch panel. They probably have some HTTP elements required that are normally supplied by a traditional browser, so you'd have to monitor the HTTP header sent by your browser and have your Netlinx program emulate that.

    That's what I was thinking but . . . I'm without a master right now, so I couldn't test the theory.
  • viningvining X Member Posts: 4,368
    I had to do something similiar in the module posted here;

    http://amxforums.com/showthread.php?t=4080&highlight=Ethernet+power+controller

    maybe you could borrow some parts or some ideas. It sounds like you need to sit down with WireShark (Ethereal) and collect all the data going back and forth during a PC session. Set the filter to just the website. That's basically what I had to do in this module which has to retirieve a cookie. The username and password with MD5 encryption is not likely required but it does sound like you need to collect a cookie in your initial GET and use it in subsequent GETs or Posts.
  • GSLogicGSLogic Original Member Posts: 562
    I've been using HttpAnalyzer, it's software like Vining mentioned.
    I can see everything being sent over the connection but I can't figure it out... yet! I need to spend more time to analyze it all.

    Thanks for the ideas!
  • yuriyuri Junior Member Posts: 861
    What i've done once is use the picture from an online teletext resource (http://teletekst.nos.nl/) and display that on a touchpanel.
    I used php to mimic HTTP requests to the webserver, because it would only show the image if you connected with a webbrowser.

    I could then display the image returned from the php script as a dynamic image. Worked pretty good, the only thing was, it had "static" image names. (page 101 had image name 101.gif or something)

    I can't find the php script at the moment, but i used Curl commands (http://curl.haxx.se/) for the HTTP request mimicing.
    Maybe this would be a nice start to actually retrieve the images from the webserver :)
Sign In or Register to comment.