Skip to content

Cameras: GW Security

Jump to bottom Edit New page
Scott Lamb edited this page May 26, 2021 · 5 revisions

GW4089IP

Not recommended. Unreliable, insecure, and buggy, with no available firmware updates or support from the manufacturer.

Sold on Amazon individually or as part of a bundle.

Other names: These cameras' MAC addresses start with 30:57:AC, an OUI registered to IRLAB Ltd. That suggests they're a rebranded version of one of IRLAB's cameras, although I don't know which.

Security: completely insecure. Most cheap cameras are insecure and untrustworthy. This one takes it to a whole new level: the RTSP URIs don't require authentication at all, even though the UI does. Don't expose this camera to the Internet. Think twice about exposing it to the rest of your LAN.

ONVIF:

  • address: This is not on the standard HTTP port 80 along with the configuration UI. By default, it appears to be on port 85; this is configurable in the UI.
  • support is unreliable and poor. Many types of requests fail (dropping the HTTP connection with no response) more than half the time. It's awkward to determine which APIs ever work at all. I suspect the ONVIF server code is buggy and crashing, perhaps with some sort of memory error.

RTSP URIs:

  • no authentication is required to view the RTSP URIs. Never expose these cameras to the Internet!
  • main stream: rtsp://address:5050/H264?channel=0&subtype=0&unicast=true&proto=Onvif (sometimes port 8554; or whatever RTSP port is configured in the URI).
  • sub stream: rtsp://address:5049/H264?channel=0&subtype=1&unicast=true&proto=Onvif (the port number appears to be the RTSP port number shown in the UI minus one).
  • many bizarre bugs in the RTSP implementation. For example, it advertises an audio stream when it doesn't appear to actually have a microphone or any audio configuration in the UI. Enabling this stream (with SETUP command using an interleaved RTSP channel) sends corrupt RTP packets.

Configuration UI:

  • doesn't work well in a modern web browser (as of 2019, this is common for many cheap cameras).
  • when given the correct credentials, shows a pop-up that says "Login Faild [sic], Please check Username and Password", then (eventually) logs in successfully.
  • doesn't work well with a SOCKS proxy server.
  • mostly works under Internet Explorer with the downloadable ActiveX plugin on a Windows 10 virtual machine. Motion detection setup doesn't appear to work even there.

Video encoding:

  • use the H.264 codec. Moonfire NVR doesn't support H.265 yet; see issue #33.
  • always set FPS to 30 for both main and sub streams. These cameras have a strange bug: they appear to report that video frames last 1/30th of a second, even when the FPS is set to something else. Thus, if the frame rate is set to 10 fps, the video clock will advance at 1/3rd of the normal rate, and Moonfire NVR can end up adding recordings that are days behind the current time.

Audio encoding: Moonfire NVR currently lacks support for audio (issue #34. These cameras don't appear to have a microphone, even though they advertise one over RTSP (see above).

Reliability: some of these cameras appear to lose their connection several times per day when in IR mode, perhaps due to overheating. Moonfire NVR is typically able to reconnect after about five seconds.

On-camera motion detection:

  • not supported. A Wireshark packet capture of a working setup with GW Security's own NVR might help.
  • ONVIF PullPoint: doesn't appear to work. These requests return quickly with no notifications at first, then just close the HTTP connection.
  • ONVIF/RTSP vnd.onvif.metadata streams: apparently unsupported. GetMetadataStreams returns no streams, and I don't see any way to create one. (AddMetadataStream adds an existing stream to a profile; it doesn't create a stream.)
  • proprietary event monitoring API: I can't find any documentation about one.
Add a custom footer
Add a custom sidebar
Clone this wiki locally