Hub Firmware Release Notes - OTA - 16.9 - V2

So is this fixed and will it be rolling out today?

1 Like

i think they are west coast, they are not even awake yet. lol with that said you can push mine today. I am working from home so if it goes wonky I can deal with it.

Push mine too, just completed last requirement for PhD in EECS and have lots of time to play around with any problems that arise… Plus im bored

1 Like

I am pretty sure there is a joke in there about the Fifth Harmony song.

What kind of devices do you have? Have you thought about building the newest, coolest SmartApp that takes the community by storm? I could really use a connected blender (which would also double as an alarm clock…) - just sayin…

1 Like

On top of all the normal things I have a bunch of random things I’m trying to integrate through various controllers/methods, my baby is my 2015 f150 fx4. I’m working on connecting Sync (well a slightly modified version… Kind of a sync/android hybrid) to ST so that presence, temperature, time, engine state, and a couple others can be used as triggers or be triggered. Device handler is about 1700 lines long and growing but I am able to connect without IFTTT channels or extra anything.

Also working on connecting Night Owl Cameras. Already have Arlo and with them plus skybell I was able to record all video to local media server using plex … which means no extra money for cloud services and I can view the clips right from ST


The new firmware would be really helpful…
(Bluetooth would too!!!)


does this mean you can push it to me?


How did you get Arlo to record locally?

Brute force…sort of.
Initially I was checking for security vulnerabilities and stumbled across this. By gaining access to the the UDP-based RSTP stream that contains actual camera footage I was able to redirect it to my media server. I wrote an article on this but its based more on the vulnerability than the local storage work around.

An open source boot manager based on modified linux that requires no credentials to login allowing easy root access through BusyBox. When exploring you will find that when a factory reset is performed on system the default passphrase becomes 12345678 and a “random” SSID in the format “NTGR_VMB_<10 digit numbers>“.

loaddefault finished
Passphrase – 12345678
BurnPassphrase OK
SSID – NTGR_VMB_1462245431

This operation is performed by an executable that is run on the system by default “/bin/vzdaemon”. The following disassembly shows the routine performs the passphrase and SSID reset operation – the SSID reset is based upon the current date and time of the systemAfter the factory reset, you can confirm that the wpa_psk and other values are reset to the default 12345678 string.

# nvram show|grep 12345
size: 25206 bytes (40330 left)

Then join the network
As you know the passphrase for this network, after collecting Wi-Fi packets from this network, decrypt the traffic to an unencrypted state which contained various JSON traffic between the base station and ARLO cameras. Beyond this basic communications traffic, capture RTSP traffic – this is a protocol that carries the images and video stream from the ARLO cameras.

To perform this Wi-Fi packet decryption, you need to capture Wi-Fi packets using monitoring mode. After that, generate PSK string using the wpa_passphrase tool from Linux. With the Wi-Fi packet dumps opened from Wireshark, select Edit -> Preferences -> Protocols -> IEEE 802.11 -> Edit menu and add the PSK generated from the previous command. With the Wi-Fi packet dumps opened from Wireshark, select Edit -> Preferences -> Protocols -> IEEE 802.11 -> Edit menu and add the PSK generated from the previous command. That will allow you to see the unencrypted connections between cameras and base. You will see various JSON traffic data, but on destination port 554 of the cameras, the base station actually sends RTSP requests.

From the RTSP protocol session, identify the UDP-based RSTP stream that contains actual camera footage, use example

SETUP rtsp:// RTSP/1.0
CSeq: 3
Transport: RTP/AVP;unicast;client_port=1038-1039
If-Modified-Since: Thu, 01 Jan 1970 00:00:00 GMT

RTSP/1.0 200 OK
CSeq: 3
Server: NgcRtspService/1.0
Date: Tue, Jul 16 2014 20:10:37 GMT
Transport: RTP/AVP/UDP;unicast;client_port=1038-1039;server_port=9418-
Session: 1103527590;timeout=60
Content-Length: 0

From the list from UDP RTP sessions locate the matching session. Each UDP packets are sending RTP packets using standard RTP format.

I found that there is no easy or straightforward way to convert Wireshark PCAP data to a video file (MP4 file) and wrote a simple python script that functions as an RTSP and RTP server.

If I missed something let me know, that was a lot to write on my phone


Thanks. That’s all way over my head. I was hoping you came up with an app
of some kind that I could easily install. I did find an automated way to
download all videos daily to a local PC. That way I don’t have to pay the
subscription fees to archive videos.

I’m trying but an app that creates a security vulnerability isn’t something most people like haha. There is another (one time payment) alternative, you could buy the arlo pro hub which supports local storage along with a few other fixes (laggy motion detection and recording via camera firmware upgrade)

Something else that is quick, easy, and money saved is converting cameras to wired and hooking them to small solar panels or a/c converter, 1 cameras worth of batteries is about equal to total cost.

You so 1337! (seriously, awesome work!)

I tried to do something like this with my Kuna, but am either not good enough (probably) or their encrypted video feed REALLY IS encrypted, which I usually don’t believe with this kind of thing.

A buddy of mine is a proffesional penetration tester, now you scare me like he does. :innocent:


Probably my way of thinking, but this didn’t sound decent … with a little jealousy thrown in, LOL.


Yeah, I noticed that right after I posted, thought I’d just leave it and see if nobody noticed. :slight_smile:



I haven’t tried Kuna yet but I’m going to have to. So far Ive successfully accessed foscam, nest , arlo, and lorex. There are other iot things as well but some people probably wouldn’t like to see that list.

1 Like

I ended up with a mobotix camera instead of Ring, Kuna, et al.

Natively can record locally and to a NVR. Very complex, but incredibly flexible.

Crazy work on the arlos, I like the idea of arlos, but dislike everything is forced cloud - especially cameras and microphones in our homes. Ick.

This is the problem with Kuna, even when I’m at home, viewing is still through the cloud and isnt’ always great. It’s not my network either, kicked all devices off and just had it on a 60x4 and it was stuttering, sometimes won’t load, it’s a PIA. Kuna support has been good and tried to help, but it’s just their cloud junk…


The mobotix is amazing, but you will invest significant money and time to get the equivalent of a ‘cloud’ cam like ring/kuna…

Mine is cloud as well, just my own private cloud… :slight_smile:


Thanks, and not a big fan of cams/mics inside either. Mine are all outside with exception of the 2 by main entrances but while I was in interface I was able to add extra parameters to give me more control over what was recorded and when.


I have zero of either IN the home, just the kuna with mic, and 6 security cams outside. My wife would divorce me if I put any kind of cam indoors, even if just local access…We had a foscam for about 3 months while we trained our cats in the cat bathroom to use the toilet, then it came down, and was blocked from accessing anything but my wife’s phone on the local network.

It scares me how many people have indoor cams connected to the internet, there is no external security, anyone that thinks so is ignoring the obvious, but inside, you can be secure if you try.

1 Like

WOW we went off topic, any word about the update?