ONVIF

ONVIF is an open industry forum for the development of a global standard for the interface of IP-based physical security products.

Profiles

ONVIF:ProfileA - 광범위한 접근 제어 구성에 관한 Profile A
ONVIF:ProfileC - IP 기반 접근 제어 시스템에 관한 Profile C
ONVIF:ProfileG - 에지 스토리지 및 녹화에 관한 Profile G
ONVIF:ProfileQ
ONVIF:ProfileS - 스트리밍 비디오에 관한 Profile S
ONVIF:ProfileT - 고급 비디오 스트리밍에 관한 Profile T
ONVIF:ProfileM - 분석 애플리케이션의 메타 데이터에 대한 Profile M

ONVIF Device Manager

ONVIF Device Manager (ODM)
Xeoma
Shinobi
Zoneminder
Shinobi CE: (GPLv3 + AGPLv3) Shinobi is the Open Source CCTV Solution written in Node.JS. Designed with multiple account system, Streams by WebSocket, and Save to WebM. Shinobi can record IP Cameras and Local Cameras.
Revere

Examples

Genivia - gSOAP ONVIF Examples (gSOAP)
ONVIF:Example:FindDevice - 네트워크 상의 카메라를 ONVIF로 찾아내고 통신하는 방법
ONVIF:Example:Client - zeep을 사용한 간단한 명령행 클라이언트.

Libraries

zeep - Python 에서 강추!
libONVIF Yet another ONVIF library
agsh/onvif - ONVIF node.js implementation
- https://github.com/agsh/onvif
python-onvif - ONVIF Client Implementation in Python
- https://github.com/quatanium/python-onvif
python-onvif-zeep - ONVIF Client Implementation in Python 2+3 (using zeep¹ instead of suds as SOAP client)
- https://github.com/FalkTannhaeuser/python-onvif-zeep
onvif2-zeep - Python Client for ONVIF2 Camera
- https://pypi.org/project/onvif2-zeep/
Valkka - Create video surveillance, management and analysis programs with PyQt
- https://github.com/elsampsa/valkka-core
- https://elsampsa.github.io/valkka-examples/_build/html/index.html
pyOnvif - Simple Onvif camera client
- https://pypi.org/project/pyOnvif/
- https://github.com/koodaamo/pyOnvif
camera-discovery - A package to discover all onvif cameras on your network
- https://pypi.org/project/camera-discovery/

ONVIF Application Programmer's Guide

ONVIF Application Programmer's Guide (PDF) ²
ONVIF™ Core Specification (PDF)

WSDL Spec

ONVIF 의 WSDL 스팩은 다음 사이트에서 받을 수 있다.

wsse 를 사용한 인증 방법

요청 때 인증 방법 및 실패시 대응 방법:

HTTP Body 의 SOAP Header 에 <UsernameToken>를 포함시키되 평문 패스워드를 사용한다.
1. 이 경우 <wsse:Password>의 Type속성 URI 마지막에 #PasswordText 가 추가된다.
HTTP Body 의 SOAP Header 에 <UsernameToken>를 포함시킨되 Digest 패스워드를 사용한다.
1. 이 경우 <wsse:Password>의 Type속성 URI 마지막에 #PasswordDigest 가 추가된다. (인코딩 방법은 [프로그래머 가이드] 참조)
  - 예를 들면: <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">...</wsse:Password>
<UsernameToken> 와 함께 HTTP Authorization Header 의 Basic 인증을 포함한다.
<UsernameToken> 와 함께 HTTP Authorization Header 의 Digest 인증을 포함한다.
- 이 경우 <UsernameToken> 에 사용되는 패스워드는 Digest를 사용해야 한다.

실제 요청(Request) 패킷:

POST /onvif/device_service HTTP/1.1
Host: 192.168.0.202
User-Agent: UserAgentFS
Content-Type: application/soap+xml; charset=utf-8
Content-Length: 749
Authorization: Digest username="admin", realm="iPolis", nonce="399190d0cef9db75b7bd", uri="/onvif/device_service", response="59b44e9a2b4b1a8f35a7267eb062cc3a", opaque="dda4084c", qop=auth, nc=00000001, cnonce="19b0d833"

<?xml version="1.0" ?>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope">
    <s:Header xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <wsse:Security>
            <wsse:UsernameToken>
                <wsse:Username>admin</wsse:Username>
                <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">iZq+wmgOB3ixwTA/EvXEgQRtWwM=</wsse:Password>
                <wsse:Nonce>Mzg4NTg0NDY1MDQyNzE5MA==</wsse:Nonce>
                <wsu:Created>2000-08-09T17:11:43Z</wsu:Created>
            </wsse:UsernameToken>
        </wsse:Security>
    </s:Header>
    <s:Body xmlns:tds="http://www.onvif.org/ver10/device/wsdl">
        <tds:GetDeviceInformation/>
    </s:Body>
</s:Envelope>

실제 응답(Response) 패킷:

HTTP/1.1 200 OK
Set-Cookie: TRACKID=b6b576ae163c45dd4cb8de0c3042d541; Secure; HttpOnly
Server: gSOAP/2.8
Content-Type: application/soap+xml; charset=utf-8
Content-Length: 3329
Connection: close
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Date: Wed, 09 Aug 2000 17:11:44 GMT

<?xml version="1.0" ?>
<SOAP-ENV:Envelope
    xmlns:SOAP-ENV="http://www.w3.org/2003/05/soap-envelope"
    xmlns:SOAP-ENC="http://www.w3.org/2003/05/soap-encoding"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
    xmlns:c14n="http://www.w3.org/2001/10/xml-exc-c14n#"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
    xmlns:wsa5="http://www.w3.org/2005/08/addressing"
    xmlns:xmime="http://tempuri.org/xmime.xsd"
    xmlns:xop="http://www.w3.org/2004/08/xop/include"
    xmlns:fc="http://www.onvif.org/ver20/analytics/humanface"
    xmlns:bd="http://www.onvif.org/ver20/analytics/humanbody"
    xmlns:ttr="http://www.onvif.org/ver20/analytics/radiometry"
    xmlns:axt="http://www.onvif.org/ver20/analytics"
    xmlns:tt="http://www.onvif.org/ver10/schema"
    xmlns:wsrf-bf="http://docs.oasis-open.org/wsrf/bf-2"
    xmlns:wstop="http://docs.oasis-open.org/wsn/t-1"
    xmlns:wsrf-r="http://docs.oasis-open.org/wsrf/r-2"
    xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
    xmlns:axt3="http://www.onvif.org/ver20/analytics/wsdl/RuleEngineBinding"
    xmlns:axt4="http://www.onvif.org/ver20/analytics/wsdl/AnalyticsEngineBinding"
    xmlns:axt2="http://www.onvif.org/ver20/analytics/wsdl"
    xmlns:tds="http://www.onvif.org/ver10/device/wsdl"
    xmlns:tev1="http://www.onvif.org/ver10/events/wsdl/NotificationProducerBinding"
    xmlns:tev2="http://www.onvif.org/ver10/events/wsdl/EventBinding"
    xmlns:tev3="http://www.onvif.org/ver10/events/wsdl/SubscriptionManagerBinding"
    xmlns:tev="http://www.onvif.org/ver10/events/wsdl"
    xmlns:tev4="http://www.onvif.org/ver10/events/wsdl/PullPointSubscriptionBinding"
    xmlns:tev5="http://www.onvif.org/ver10/events/wsdl/NotificationConsumerBinding"
    xmlns:tev6="http://www.onvif.org/ver10/events/wsdl/PullPointBinding"
    xmlns:tev7="http://www.onvif.org/ver10/events/wsdl/CreatePullPointBinding"
    xmlns:tev8="http://www.onvif.org/ver10/events/wsdl/PausableSubscriptionManagerBinding"
    xmlns:wsnt="http://docs.oasis-open.org/wsn/b-2"
    xmlns:timg="http://www.onvif.org/ver20/imaging/wsdl"
    xmlns:tmd="http://www.onvif.org/ver10/deviceIO/wsdl"
    xmlns:tptz="http://www.onvif.org/ver20/ptz/wsdl"
    xmlns:tpv="http://www.onvif.org/ver10/provisioning/wsdl"
    xmlns:tr2="http://www.onvif.org/ver20/media/wsdl"
    xmlns:trc="http://www.onvif.org/ver10/recording/wsdl"
    xmlns:trp="http://www.onvif.org/ver10/replay/wsdl"
    xmlns:trt="http://www.onvif.org/ver10/media/wsdl"
    xmlns:tse="http://www.onvif.org/ver10/search/wsdl"
    xmlns:tth="http://www.onvif.org/ver10/thermal/wsdl"
    xmlns:tns1="http://www.onvif.org/ver10/topics"
    xmlns:ter="http://www.onvif.org/ver10/error"
    xmlns:env="http://www.w3.org/2001/12/soap-envelope"
    xmlns:tnssamsung="http://www.samsungcctv.com/2011/event/topics"
>
    <SOAP-ENV:Header/>
    <SOAP-ENV:Body>
        <tds:GetDeviceInformationResponse>
            <tds:Manufacturer>Samsung Techwin</tds:Manufacturer>
            <tds:Model>XNP-9300RW</tds:Model>
            <tds:FirmwareVersion>2.01.07_20220429_R440</tds:FirmwareVersion>
            <tds:SerialNumber>ZS5F6V4TC0000QZ</tds:SerialNumber>
            <tds:HardwareId>XNP-9300RW</tds:HardwareId>
        </tds:GetDeviceInformationResponse>
    </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

Scan 방법

ethernet - Find IP address from a IP-Camera (Ubuntu) - Super User
nmap을 사용하면 된다.
공식적인 방법은 WS-Discovery를 사용하면 된다.

If the camera is configured to obtain it's address via DHCP, and you plug it into your network. You could run nmap on your ubuntu box to scan the network. There are a myriad of options to nmap - but you could try something like:

nmap -A -T4 192.168.1.*

Obviously, change the ip range to suit your network. namp will attempt to figure out what OS is running on each of the IPs it finds, so you should be able to work out what one the camera is.

또 다른 답변

Use nmap to find all devices with RTSP (port 554) streams (replace IP range with your network's applicable IPs):

nmap --open -p 554 10.0.0.1-254 -oG - | grep "/open"

Look in /proc/net/arp to see any applicable IPs for MAC address you know:

cat /proc/net/arp

Use brute force with nmap to find the stream URLs (replace 10.0.0.198 with whatever you found in previous command):

nmap --script rtsp-url-brute -p 554 10.0.0.198

Favorite site

ONVIF web site
[추천] ONVIF 2.0 Service Operation Index
ONVIF ( 온비프 ) 와 SOAP 그리고 웹서비스 ³
ONVIF Application Programmer's Guide (PDF) ⁴
ONVIF™ Core Specification (PDF)
[추천] ONVIF ( 온비프 ) 와 SOAP 그리고 웹서비스 ⁵ (ONVIF, SOAP)

References

https://github.com/mvantellingen/python-zeep ↩
ONVIF_WG-APG-Application_Programmers_Guide-1.pdf ↩
Onvif_and_soap_and_web_service.pdf ↩
ONVIF_WG-APG-Application_Programmers_Guide-1.pdf ↩
ONVIF_and_SOAP_and_web_service.pdf ↩