FOSS Tapo C210
Go to file
xfarrow fdda37dca9
Update README.md
2023-09-15 22:25:14 +02:00
hardware-specifications Update README.md 2023-08-24 16:08:28 +02:00
how-to-connect-to-foss-NVR Update README.md 2023-08-28 15:51:16 +00:00
secret-apis Update README.md 2023-09-15 22:25:14 +02:00
LICENSE Initial commit 2023-08-23 15:28:10 +02:00
README.md Update README.md 2023-08-28 15:54:06 +00:00

README.md

Tapo camera

IP Cameras are a nightmare for our privacy. For this reason I am reverse engineering a Tp-Link Tapo C210's firmware and its relative app in order to prevent them from sending any data to untrusted servers. There are better resources than mine: see https://github.com/nervous-inhuman/tplink-tapo-c200-re and https://drmnsamoliu.github.io/.

In particular, I will focus on

  • the reverse engineering of the app in order to be able to use the camera without a Tp-Link account;
  • the reverse engineering of the firmware to strip off the portions of code sending the video stream to their servers.

How these cameras were designed to work

  1. You download a proprietary app (Tp-Link Tapo) and create an account without which the camera can not work;
  2. You use said app to instruct the camera to use a specified Wi-Fi AP;
  3. The camera sends the video stream not end-to-end encrypted to servers we have no control over;
  4. You have the possibility to update the camera's firmware through its app. This expands the attack surface for a hacker or from the company itself to push a malicious update.

What we can do

As of today, we have:

  • Libre NVR solutions (iSpy, ZoneMinder, ...);
  • A collection of open source software to control these cameras through undocumented APIs, see my collection.

Nonethless, you still need the proprietary app and a Tp-Link account the first time you boot the camera up and NVRs will not stop the camera from sending the video stream to their servers without using a firewall.

This repository aims to resolve these issues.