Monday, November 16, 2020

Access your Hikvision NVR or Camera on Android devices

How to access your HikVision NVR or Camera on Android devices 

Closed-circuit television (CCTV), also known as video surveillance, is the use of video cameras to transmit a signal to a specific place, on a limited set of monitors. It differs from broadcast television in that the signal is not openly transmitted, though it may employ point-to-point (P2P), point-to-multipoint (P2MP), or mesh wired or wireless links but transmit a signal to a specific place only. Not for open to all. This article I write just for HikVision Lover only. Personally I am not support to install Hikvision/Dahua product or OEMN product. Technically 100% unsafe your personal video data.

Day by Day increase hacking of video surveillance camera. Now cyberattacks on CCTV systems making news headlines on a weekly basis of late, there is a good deal of concern and uncertainty about how at risk these systems are, as well as why they are being attacked.

In 2014, a US ally observed a malicious actor attacking the US State Department computer systems. In response the NSA traced the attacker’s source and infiltrated their computer systems gaining access to their CCTV cameras from where they were able to observe the hackers’ comings and goings.

In October 2016, 600,000 internet connected cameras, DVR’s, routers and other IoT devices were compromised and used to for a massive Bot Net to launch what was the largest Denial of Service (DOS) attack the internet had experienced to date.

In the lead up to the 2017 US Presidential inauguration, 65 per cent of the recording servers for the city of Washington CCTV system were infected with ransomware. How did the attack take place? Whilst unknown, it most likely occurred by the same means as other common PC hacks such as infected USB keys, malicious web sites, or phishing attacks.

May, 2018, over 60 Canon cameras in Japan were hacked with “I’m Hacked. bye2” appearing in the camera display text. How did the attack take place? Simple. IP cameras were connected to the internet and were left on default credentials. It appears that the hackers logged into the cameras and changed the on-screen display. What was the impact? Other the defacement of the camera displays and some reputational damage, there doesn’t seem to have been much impact from these attacks.

On Aug 13, 2018, The US President has signed the 2019 NDAA into law, banning the use of Dahua and HikVision (and their OEMs) for the US government, for US government-funded contracts and possibly for 'critical infrastructure' and 'national Security’ usage.

US government is effectively blacklisting Dahua and HikVision products, this will have a severe branding and consequentially purchasing impact. Many buyers will be concerned about:

What security risks those products pose for them

What problems might occur if they want to integrate with public / government systems

What future legislation at the state or local level might ban usage of such systems

On Jun 06, 2019 Hanwha Techwin is dropping Huawei Hisilicon from all of their products. Its belongs to China’s origin. Backdoor entry is open on product.

China's Wuhan Institute of Virology, the lab at the core of coronavirus. The institute is home to the China Centre for Virus Culture Collection, the largest virus bank in Asia which preserves more than 1,500 strains ( https://www.livemint.com/news/world/china-s-wuhan-institute-of-virology-the-lab-at-the-core-of-a-virus-controversy-11587266870143.html ). Result Corona has infected people in 185 countries. Its spread has left businesses around the world counting the costs. Global economy impact. Recession increase. Now people avoid to get china factory made product, electronics goods importing has stopped from china to other country. People looking for product except china. Now come to Video surveillance, access control equipment.

The ban that prohibits the purchase and installation of video surveillance equipment from Hikvision, Dahua and Hytera Communications in federal installations – passed on year 2018 National Defense Authorization Act (NDAA). In conjunction with the ban’s implementation, the government has also published a Federal Acquisition Regulation (FAR) that outlines interim rules for how it will be applied moving forward. Like NFPA, now NDAA law accept globally.

Rules outlined in this FAR include:

  • A “solicitation provision” that requires government contractors to declare whether a bid includes covered equipment under the act;
  • Defines covered equipment to include commercial items, including commercially available off-the-shelf (COTS) items, which the rule says, “may have a significant economic impact on a substantial number of small entities;”
  • Requires government procurement officers to modify indefinite delivery contracts to include the FAR clause for future orders;
  • Extends the ban to contracts at or below both the Micro-Purchase Threshold ($10,000) and Simplified Acquisition Threshold ($250,000), which typically gives agencies the ability to make purchases without federal acquisition rules applying.
  • Prohibits the purchase and installation of equipment from Chinese telecom giants Huawei and ZTE Corporation. This would also presumably extend to Huawei subsidiary Hisilicon, whose chips are found in many network cameras;
  • And, gives executive agency heads the ability grant a one-time waiver on a case-by-case basis for up to a two-year period.

Specifically, NDAA Section 889 creates a general prohibition on telecommunications or video surveillance equipment or services produced or provided by the following companies (and associated subsidiaries or affiliates):

  • Huawei Technologies Company; or
  • ZTE Corporation

It also prohibits equipment or services used specifically for national security purposes, such as public safety or security of government facilities, provided by the following companies (and associated subsidiaries or affiliates):

  • Hytera Communications Corporation;
  • Hangzhou Hikvision Digital Technology Company; or
  • Dahua Technology Company

While the prohibitions are initially limited to the five named companies, Section 889 authorizes the Secretary of Defense, in consultation with the Director of National Intelligence or the Director of the FBI, to extend these restrictions to additional companies based on their relationships to the Chinese Government. The prohibitions will take effect for executive-branch agencies on August 13, 2019, one year after the date of the enactment of the 2019 NDAA, and will extend to beneficiaries of any grants, loans, or subsidies from such agencies after an additional year.

The provisions of Section 889 are quite broad, and key concepts are left undefined, such as how the Secretary of Defense is to determine what constitutes an entity that is “owned or controlled by, or otherwise connected to” a covered foreign country, or how the head of an agency should determine whether a component is “substantial,” “essential,” or “critical” to the system of which it is part. The statute also fails to address the application of the prohibitions to equipment produced by U.S. manufacturers that incorporate elements supplied by the covered entities as original equipment manufacturers (“OEMs”) or other kinds of supplier relationships.

Section 889 contains two exceptions under which its prohibitions do not apply:

(1) It allows Executive agencies to procure services that connect to the facilities of a third party, “such as backhaul, roaming, or interconnection arrangements.” This likely means telecommunications providers are permitted to maintain common network arrangements with the covered entities.

(2) It permits covered telecommunications equipment that is unable to “route or redirect user data traffic or permit visibility into any user data or packets” it might handle, meaning a contractor may still be able to provide services to the Government so long as any covered equipment provided is unable to interact or access the data it handles.

Now we come to short process. First of all we need to find the IP address of the Hikvision device we want to connect too. First of all download SADP. This program will scan your network for Hikvision devices connected on your network.

Older Hikvision devices are shipped with a static IP address of 192.64.0.0, whereas new devices are shipped with DHCP enabled which means they will automatically be assigned an IP address that corresponds to your local network. If you're camera is set to a static IP address you will need to find out what range it needs to be changed to. To find out your local IP address follow the steps below.

  1. click start > control panel
  2. click network and internet
  3. Click network sharing center
  4. click Local area Connection
  5. Look at your IPv4 Default Gateway, it is usually either 192.168.1.1 or 192.168.0.1, however it can differ.

Once you know the default gateway you can set a new IP address for your device. You only want to change the last three digits of the IP address. I would recommend starting the last three digits at 100, so you don't conflict with anything else on your network such as a printer or phone.

If you're not responsible for your network, make sure to check with your IT department or administrators that the IP address isn't already taken.

An example of a set IP address would be 192.168.1.100.

Once you know what IP address to set your device too, you will need the password of the device to set it.
By default the password is 12345 for Hikvision devices.

For a quick overview of what you should see in SADP, check the image below. In the example the IP address is 192.168.1.212, this is because we have a variety of different cameras and devices on our network.

Once all this is set up, your cameras or NVR will be properly configured with your Local Network. You should be able to go into your browser and type in the IP address of the camera/NVR, and it will come up with a log in page.

Getting everything to work in the app


First of all, head on to the play store, as you need to install the iVMS4500 android app. Once you have downloaded the app, go ahead and launch it.

The first time you start up the app you will have to go through a small tutorial, which will show you a variety of cameras in china. Once the tutorial is over, tap the menu tab in the top right corner of the app and then tap the devices tab. from here there will be a plus sign in the top right hand corner. Tap this to add your Hikvision Device.

When you click the plus button you will see the following screen (Minus some information I have already entered) I will explain the options further below.

Alias - what you want to call the device you're adding. Useful for organisation. The alias is exclusive to the app, and doesn't change any actual camera settings.

Register mode - Set this to IP/Domain to add the device via it's IP address properly.

Address - The IP address of the device goes here

Port - usually leave this the same.

Username - admin
Password - 12345

Camera no. - Ignore this part, it will change depending on what device you are adding.

Tap the floppy Disk Icon to save the device.

Now go back, you will return to the devices tab. Uncheck the "Hangzhou, China" device, and check the device you added. From here click live view and you are ready to view your cameras on your local network.

From this point onwards, you will be able to view your Hikvision device on your android device, as long as you are on the same network.

Port-Forwarding, and accessing your devices from anywhere

If you want to access your cameras, or NVR remotely (From anywhere) You will need to have the devices port-forwarded. Port-forwarding is different for each router, but the ports that must be opened remain the same. For more information on Port-Forwarding, and a guide on how to set up your specific router, please head tohttp://portforward.com/.

When port forwarding a Hikvision camera, the ports that should be opened are

Port 80 - HTTP Protocol
Port 8000 - Client Software Port
Port 554 - RTSP Port
Port 1024 - 3G/4G Port, for access via a 3G or 4G mobile connection

Once you have successfully port forwarded your Hikvision device, follow the steps above, relevant to the OS you're using, and then insert the port-forwarded address of the device where the IP option goes.

This view may be slightly choppier, it depends on the speed of your current internet connection.

Q. What is the driving issue behind the National Defense Authorization Act (NDAA),
formerly known as HR5515?
A.     Cybersecurity concerns. In particular, cybersecurity of telecommunications and video surveillance products from specific companies that have deep relationships with a “covered foreign country” government, the People’s Republic of China.

Q.The named companies that are banned by the NDAA are based in China. Does the NDAA ban all video surveillance and telecommunications products and components made in China?
A: No. The NDAA does not ban all products and components that are designed or manufactured in China.
As per NDAA Section 889, f – definitions, 3 – Covered Telecommunications [and Video Surveillance] Equipment or Services, items A through D calls out specifically-named companies “that the Secretary of Defense, in consultation with the Director of the National Intelligence or the Director of the Federal Bureau of Investigation, believes to be an entity owned or controlled by, or otherwise connected to, the government of a covered foreign country [The People’s Republic of China]”.
Hence, the NDAA does not ban products manufactured in China by companies that are headquartered and owned by entities that are not based in China.

Sunday, November 1, 2020

Understand the Basic concept of BMS system

Understand the Basic concept of BMS system 

What is a BMS or Building Management System?
In a nutshell, BMS otherwise called as BAS or building automation is computer-based control system which reduces the manpower, automate the system, and saving the energy consumption in building by monitoring and controlling the mechanical and electrical equipment in modern day buildings or any industrial plants.
Not only that but BMS helps to
·        Increasing productivity.
·        Increasing the equipment lifetime and better performance.
·        Identifying the systems faults earliest.
·        Managing the hotel tenants in an effective manner.
Nowadays any modern-day buildings built with BMS to support facilities management to accomplish the maintenance and save the energy in building from one place of computers.

Any BMS software or system must provide the following facility to the operator

  • Monitoring and controlling connected equipment in the building. 
  • The alarm should be a popup in operator workstation for any critical faults in the system. 
  • Any types of equipment on, off status and alarm should be logged or stored in PC to retrieve later.
  • Scheduling the equipment to on and off automatically by preset time. 
  • User interface graphics should be available in order to visualize the field equipment to monitor for BMS operator easily. 

BMS or BAS system monitor and/or controls the following system in buildings

  • HVAC (Heating, Ventilation, and Air-conditioning or all supply and exhaust fans, ACs etc). 
  • Lighting control system. 
  • Fire alarm system. 
  • Firefighting system. 
  • Security control system. 
  • CCTV system.
  • Lift control system. 
  • Pumping system. 
  • Water tanks level. 
  • Irrigation system. 
  • Electrical meters.
  • Water Leak detection system.
  • Split units. 
  • UPS units.
  • VFD-Variable frequency drives. 
  • VRF/VRV-Variable refrigerant flow or volume (both are same but each term copyrighted by a different vendor) 
  • And any other system which has provision for BMS to control and monitor. 

Main components of the BMS System

1.     Hardware
·        DDC-Direct digital controller
·        Sensors
·        Actuators
·        Cables to connect sensors, actuators to DDC.
·        HMI display-Human machine interface.
·        PC Workstation
·        Server to save the large database.
  1. Software
  1. Networking protocols
·        Programming or configuration tools.
·        Graphics or User interface.
·        TCP/IP– Transfer control protocols/Internet Protocol.
·        BACnet– Building automation controller network-ASHRAE
·        Modbus
·        LONworks
·        CANbus
·        and numerous protocols available.
Don’t worry about the various protocols, this all protocol doing the same task to transfer data from one device to another device. 

BMS System architecture in the modern-day building

However, BMS System controls and monitor all the electrical and mechanical systems in buildings from BMS workstation or HMI(Human Machine Interfaces), but not directly because each system has its own functionality and unique purpose like

  • HVAC System helps to facilitate and provide comfortable and healthy air conditioning to tenants.
  • The lighting control system which has a variety of lightings in buildings that needs to be on and off effectively and save energy while tenants not available.
  • CCTV helps to facility management to secure the building
  • Access control systems may also be used to control access into certain areas located within the interior of buildings.
  • A fire alarm system is the life safety system to warn people by audio and visual to protect their lives from fires, smoke, carbon mono oxide and other toxic elements for the human.
  • In case of fire Firefighting system aims to protect human life and property in the building by a large amount of water and other gas.
  • UPS is to provide to the uninterrupted power supply in the building for electrical equipment.
  • Pumping system used in the building to pump the water to the required area.
  • still tons of systems evolved in the modern-day building to facilitate the people.

All systems have its own controllers and processing system due to the different functionality of each system.

So BMS controllers or device designed for controlling and monitoring the HVAC system and other small systems and integrate all other systems through dedicated networking protocols like BACnet, Modbus etc.

General BMS System architecture with Levels

  • Management Level: This is the front end for operator and engineer used to visualize the graphics for controlling and monitoring the systems which have computer workstation, server, web browser, printers.
  • Automation Level: BMS Router and other main controllers connected in building network integrate third-party system and connect BMS devices
  • Field devices Level: this is Level where BMS controllers connect to field systems sensors, actuators, and other panel circuits to monitor and control.

Simple Real Time example for BMS System

Any modern day building client provides huge specifications for BMS System, whereas here I am going to take simple requirement to monitor and control the sequence of Air Handling unit. 

Let us see below the requirement of the client to monitor and control the sequence in BMS System.

Before we go detailed about how to design the BMS System for the requirement. let us see some basics components of the AHU-Air handling unit.

AHU is an HVAC system which consists of the duct, fan, filter, cooling coil, heating element,humidifier, sound attenuators, dampers, valves and many more to regulate the air into the room by heating, ventilation and conditioning to distributes the conditioned air through the building and returns it to the AHU and also called as centralised AC in modern-day building.

Duct – It is the collection of metallic tubes that interconnected and distributes the heated/cooled air to the required rooms.

In order to monitor the duct air temperature in fresh, return and supply duct. we have to install the duct temperature sensor in the duct.

Fan Motor– Blower is used to circulate the air from fresh and return duct to the supply duct.

This fan motor controlled and monitored by the separate electrical panel by the designed electrical circuit with help of electrical relay and contactor and providing an option to BMS system to
  • On/Off the fan.
  • Monitor the fan running status.
  • Monitor the Fan motor overload fault status and many more.

Filter– It is one of the main components in AHU to prevent the dust and dirt particles to enter in the AHU.

When the AHU fan motor started, the fresh outside air supplied into the duct where filter components used to filter the dirty particles continuously and in order to monitor the filter extreme dirty condition,

DPS switch is used to install across the filter and provide a signal to BMS when the filter gets dirty(technically DPS-Differential pressure switch will send the signal to BMS when the pressure reached more than pre-set across the filter and this same function can be used to monitor the fan status.

Now we Read about How DPS used to monitor fan and filter status

Heating/Cooling element- It is used to cool or heat the water that entered in the coil so that air in the duct can be heated or cooled based on the user requirement.

Either heating or cooling water enters into the coils are controlled and monitored by valves on the pipe with help of valve actuator.

Dampers- An HVAC damper is a movable plate, located in the ductwork, that regulates airflow and directs it to areas that need it most.

Damper opening and closing position controlled electrically with the help of damper actuators and this actuators have terminal for control from BMS and terminal to monitor the feedback of position.

System Description:

The variable speeds Air Handling Units are used to serve air conditioning need for all area of buildings

The Air Handling Unit comprises:

·        Variable Speed Supply Fan

·        Chilled water coil with the 2-Way modulating control valve

·        Duct mounted supply air pressure sensor

·        Outdoor & re-circulating Air modulating damper

·        Carbon dioxide sensor.

·        Supply and Return Air temperature sensors

·        Supply air differential pressure switch

·        Differential pressure switches for 2 set of filters

System Monitoring and Alarm:

      ·        Software alarms shall be generated at the operator workstation whenever the run status of the supply fan (with differential pressure switch) does not match the current command state.
·        A failure alarm shall occur when the run status of the load shows no operation and the load has been commanded to be on.
·        An advisory alarm shall occur when the run status of the load shows operation and the load has been commanded to be off. All alarms shall be recorded in an alarm log for future review. Provide 15 seconds (adjustable) time delays before generating an alarm.

The sequence of Operation

a. Auto Mode:

When the AHU start is in AUTO mode (i.e. selector switch installed in the MCC must be in Auto Position), the unit is started and stopped from the BMS via a time schedule or BMS override command. When the start for the AHU is initiated, the control program residing in the controller follows the following sequence

Start-Up:

The following sequence follows with a preset time interval per interlock equipment start-up:
1) Check Supply fan trip signal – Normal State
2) Supply Air Damper –Open Position
3) Outdoor Air Damper –Open Position
4) Return Air Damper – Open Position

5) Once the above conditions are satisfied, AHU is enabled to start in Auto mode or using a plant enable button on the graphics in manual mode by the operator. Once enabled, BMS will automatically command supply fan to start.

6) Supply Fan shall start and it’s associated Interlock equipment in sequence. Through the signal from the Diff. Airflow Switch, if airflow is detected, the System will continuously run, if No airflow is detected by the DP Switch, the Supply Fan will de-activated and send an Alarm to the DDC – for “No Airflow” and shut down the whole system including its associated interlocks. If the Air flow switch signal is proved ‘ON’ then BMS will enable control loops.

b. Shutdown Mode:

When the shutdown command for the AHU is initiated, the control program residing in the controller follows the following sequence.
1) Send Stop command to stop the supply fan
2) The outdoor air, return and supply air damper move to close
3) Move chilled water valve to close position

c. Manual (Hand) Mode:

When the AHU is the manual mode, the fans are started and stopped from the AHU control panel. Other control except for fan on/off control shall function as per the Auto mode.

d. Fire / Smoke Mode:

Fire condition is determined by the Fire Alarm Control Panel. AHU will automatically shutdowns the whole system with associated interlocks.

AHU Control

The control program, on the feedback of air handling unit operation, initiates the control algorithm. This algorithm consists of three controls. Each temperature, pressure and ventilation control has its own control loop. The pressure control loop is used to modulate the speed of the supply air fan hence supply air flow. The control loops design to function as per following explanation:

a. Temperature Control loop:

The supply air temperature installed in the duct will relay the measured signal (temperature) to the DDC controller, the DDC controller compares this signal with set-point (adjustable by the operator from BMS central) and generates an analog output to the 2-way modulating cooling valve. Based on the difference between the two values, a proportional-integral program will determine the percentage of the cooling coil valves opening to achieve the desired condition. The default set-point value for the supply air temperature is 13ºC (Adjustable).

b. Pressure Control loop:

The supply air pressure sensor shall be installed in the duct  will relay the measured signal (static pressure) to the DDC controller, the DDC controller compares this signal with the set-point (adjustable by the operator from BMS central) and generates an analog output to the variable frequency drive (VFD) of the supply air fan. Based on the difference between the two values, a Proportional-Integral program will determine the percentage of the fan speed to achieve the desired pressure. The set-point value for the supply air pressure for each AHU shall be adjusted.

c. Ventilation Control loop:

Demand control ventilation employs return air carbon dioxide controlling strategy.

A single carbon dioxide sensor sense carbon dioxide concentration in the return air duct and sent to the DDC controller, the DDC controller compares the signals with return air carbon dioxide concentration (Default carbon dioxide level difference value 400 ppm).

Then DDC controller generates an analogue output to the outside air dampers and returns air damper to modulate, based on the difference between the values, the Proportional integral program will determine the percentage of the modulation of outdoor and return air dampers.

Minimum outdoor air quantity shall be governed either by building pressurization requirement (Input from Building differential pressure sensor) or 20% of the Maximum outdoor requirement of the AHU.

Alarms:

The following minimum alarms shall be generated on BMS
1) Filter Dirty Alarm: This is generated when pressure drop on each filter exceeds the set value to indicate dirt accumulate at filters.
2) Fan Trip Alarm: A normally open “NO” volt free contact at the MCC panel when closed will generate an alarm at the BMS indicating that the fan is tripped
3) Fan Fail: In case the supply air fan fails to start or if the differential pressure switch across

supply fan is not giving the signal according to the command due to any reason then alarm shall be generated. In case of a fan fail alarm on the BMS, due to abnormal behaviour, the DDC controller will latch the alarm. The operator has to acknowledge (reset) the alarm on the BMS once the trouble has been checked and removed. The operator shall not be able to start the AHU until the alarm s acknowledged and reset.

4) Temperature High & Low: Temperature HIGH and LOW alarms shall be generated if the supply/return air temperature rises above or falls below the supply /return air temperature alarm limit.

List of Input and output points are required for the above-discussed sequence of operation for AHU

Some basic terms of digital electronics

  • Analog Input: Analog inputs can come from a variety of sensors and transmitters. You can measure a whole bunch of different things. The job of the sensor or transmitter is to transform that into an electrical signal. Here are a few of the things you can measure with analog sensors:

·        Level

·        Flow

·        Distance

·        Viscosity

·        Temperature

  • Digital Input: It allows a microcontroller to detect logic states either 1 or 0 otherwise called as VFC-Volt free contact.
  • Analog Output: In automation and process control applications, the analogue output module transmits analogue signals (voltage or current) that operate controls such as hydraulic actuators, solenoids, and motor starters.
  • Binary Output: it is nothing but relay output from the controller to trigger on and off any equipment.

Now its time to choose the DDC controllers based on the above input and output point list.

Any BMS controllers manufacturer must have the basic controllers types of analogue input-output, binary input, and output controllers either dedicated controllers or mixed of all types in a single controller.

For the above applications, we need to choose controllers that should accommodate 17 AI, 6 BI, 5 AO, and 1 BO(Note that temperature and humidity are two different analogue input)

Once controllers are designed, we need to calculate power load for each controller (available in controller datasheet) and field devices to choose the right transformer rating for our DDC panel.

Next things are to write a program for our controllers to accomplish the above sequence,

First, we need to change English words into the flowchart then we can change it later on the different programming language that required for BMS vendors either ladder logic or functional block or plain English and etc.

Whatever it is any BMS program functionality that will not go beyond the basic digital logic gates.

Flowchart for AHU Control sequence of operation