Move Over Dahua, Xiongmai Is The Real Botnet King

Well... Damn.

Here I was ready to take all the shots necessary for my team >.>

That doesn't mean we can relax though. I'm still gonna hammer Dahua to get on a gigantic cybersecurity kick...in addition to making sure their smart codec isn't some weird proprietary isolated thing... and adding Control4 compatibility across the board.

Dahua...can you please hire more programmers and get your code on GitHub?

*sigh*

Good find, good share.

Some more info on XiongMai. The reason why XiongMai is so poorly known is that they provide modules / kits like so:

Here's a list of their IP All-In-One IP camera modules.

XiongMai, according to the people I spoke to, is the biggest provider in this space, and the most common provider for small 'manufacturers' / 'assemblers' that want a low cost / simple option.

What I have not figured out is how to determine who is using XiongMai (has to be a lot but not sure who). One person suggested tracking down MAC addresses / OUIs. I did a reverse OUI lookup with a few variants of XiongMai's name but did not see any matches.

Anyone have any input of who's using XiongMai?

Dahua really has been surpassed by XiongMai, take a look at this copy:

After the speech, discussion went into a climax state, wonderful summit forum ignited the sparks of thinking. The president of Hikvision Yangzhong Hu, CEO of Dahua LeiLiang, Chairman of Chuanggao security ChenLi, Chief engineer of Shideanlegrand were discussing fiercely around the theme of “ how to play when the intelligent household into <free> mode”. For the market of intelligent household is mess, what is the real meaning to the users?

The president of Hik and CEO of Dahua were fiercely sparking in a climatic discussion?

About how to play in the household? Sounds interesting.

Longse / Cantonk just sent a mailer emphasizing supporting XiongMai (XM):

Cantonk IP Camera Advantage:

*Hikvision & XM private protocol support

What I am not sure about is whether Longse / Cantonk uses XiongMai. Also, not sure how Longse / Cantonk is allowed to support Hikvision's private procotol. Any one with info here?

John,

Test results from 3 different XM camera modules might shed some light on why you couldn't find XM in the OUI database.

Each camera module tested identified its vendor as H264DVR while the OUI lookup did not.

Model OUI Company (as per Wireshark OUI Lookup Tool)
IPG-50H10-S 00:12:13 Metrohm AG
IPG-53H20-S 00:3E:0B "No Matches"
IPG-54H20PL-S 00:12:15 iStor Networks, Inc.

3 different modules with 3 different OUIs and none of them registered to XM.

(Note that even though the modules were obtained from 3 different sources, all 3 modules were received complete with attached XM part numbers, model numbers and bar codes.)

XM camera modules are easy to find on eBay also - there are many vendors. Searching for the XM model number will give you some direct hits. Searching for the SoC & imager part numbers (which you can get from the XM website) will give you many more.

Does anyone have an explanation for the XM OUIs?

Even if XM is actually manufacturing for Metrohm AG and iStor Networks (and therefore allowed to use their OUIs), what would be the explanation for the unlisted OUI (00:3E:0B)?