Annke CZ400 software setup
There are multiple ways to control the camera, but I went with Annke Vision Android app.
We’ll need to go through a setup wizard to select the region, create an account with an email or phone number, before being able to add a new device. After taping on Add Device, we can scan the bar code on the periphery of the camera to add it to the app.
Despite getting a serial number, we have still being asked to select the device type (Wired Camera), and connect to the network over DHCP.
We’ll create two passwords one for the camera, and one to encrypt the video. Note the passwords, as they’ll be needed later. At this point setup is complete.
Standard Features
We can now use CZ400 like any other camera. The first time the camera pointed down, but since it’s a PTZ camera it’s easy enough to orient the camera properly, and even define presets for different views.
By default, the app uses basic resolution which may look blurry, and once we switch to HD resolution it’s much better.
I’ve blurred out the registration number from the registration place, but you can still easily read the province name on the plate, that is provided you can read the Thai language… Two-way audio does not work, as I have not connected a speaker, but audio is recorded in the video capture thanks to the buill-in microphone. There’s also a 4X optical zoom that does its job.
That’s all good, except my MicroSD card was not detected, so it would not record anything, and only live view was possible… So I had to remove the camera from the “ceiling”, disconnect the power and Ethernet, and reopen the camera…
… in order to check out the MicroSD which was indeed formatted with FAT32. But I used it with Pico Maker board, so maybe existing files confused the camera.
So I reformatted the partition and gave it another try…
Note that the camera record videos continuously, and the 16GB MicroSD card I used with the camera only stores about 6 hours of video data, so a bigger MicroSD card is needed, or ideally the camera should be connected to an NVR system.
But events are still not detected… So I first changed the motion detection sensitivity
No still no luck, so I asked the company:
My team told me that you need to configure the camera settings on the web interface. It might be a little bit of hassle but it’s essential for cyber security concerns. So that other unauthorized devices will not gain liveview access from the camera.
Please follow it here. https://help.annke.com/hc/en-us/articles/900002445586
That’s a pain because one of the steps is to install SADPTool, a Windows program. So I dug up an old Windows 10 PC stick and installed the program.
It turns out the camera was already set up just fine in the Android app, and that step is not needed. That also means a Windows computer is not needed, although recommended as we’ll see below…
We can now access the web interface from a web browser using the IP address of the camera to configure things like ONVIF support among other things.
It’s also possible to access the live view from the web interface, but a plugin (exe program) must be installed, and that only works in Windows. The screenshot below shows the live view in Firefox.
A big downside is that I can’t access the configuration tab after the plugin is installed. Strangely, the live view did not on Microsoft Edge, so I just decided to carry on the configuration with Firefox in Ubuntu 20.04.
Before we can use motion detection in the Android app it must be configured in Annke web interface, in Event->Basic Event.
We also need to tap on the Linkage Method tab to at least select “Notify surveillance center” and “upload to FTP/memory card/…” to save the video, and tick A1 in Trigger Recording.
At this point, we can go back to the Android app to enable notifications, push notifications, and set a notification schedule before finally get our first Motion Detection Alarm. That was really a pain to set up…
But at least standard motion detection is nowworking, and the camera will keep a one-minute video once motion is detected.
Jean-Luc started CNX Software in 2010 as a part-time endeavor, before quitting his job as a software engineering manager, and starting to write daily news, and reviews full time later in 2011.
Support CNX Software! Donate via cryptocurrencies, become a Patron on Patreon, or purchase goods on Amazon or Aliexpress
Thanks for an extensive review!
Requires IE for it’s features? Will never buy!
I would be much more concerned by the fact both camera and app have to be connected to someone else’s server running in a data center somewhere in the world and by the usual sort of security nightmares all these surveillance products (or IoT in general) are plagued with, see https://seclists.org/fulldisclosure/2017/Sep/23 for example.
For reference, those are the ports open on my camera: sudo nmap -sS 192.168.1.8 Starting Nmap 7.80 ( https://nmap.org ) at 2021-03-22 19:54 +07 Nmap scan report for 192.168.1.8 (192.168.1.8) Host is up (0.0016s latency). Not shown: 994 closed ports PORT STATE SERVICE 80/tcp open http 443/tcp open https 554/tcp open rtsp 8000/tcp open http-alt 8443/tcp open https-alt 9010/tcp open sdr 123456789101112 sudo nmap -sS 192.168.1.8Starting Nmap 7.80 ( https://nmap.org ) at 2021-03-22 19:54 +07Nmap scan report for 192.168.1.8 (192.168.1.8)Host is up (0.0016s latency).Not shown: 994 closed portsPORT STATE SERVICE80/tcp open http443/tcp open https554/tcp open rtsp8000/tcp open http-alt8443/tcp open https-alt9010/tcp… Read more »
I used Wireshark to capture packets, and I can see the user is passed in the clear, but the password appears to be encoded. Still not good as it is done over HTTP
It’s not using the same URLs as in the 2017 thread posted above.
The password string looks like a SHA256 hash.
Anyway, a ‘security device’ that needs to talk encrypted to someone else’s server on the Internet is something that can be opened from the outside at any time.
An IoT fleet talking to some server under someone else’s control is already the technical equivalent to a botnet talking to ‘its’ command and control servers.
UPnP doesn’t need to be open on the device to be a problem. It’s UPnP combined with IGD (Internet Gateway Device) / PCP (Port Control Protocol) Interworking Function on a NAT router that might enable an unauthorised IoT device to open ports on the router to be accessible from everywhere.
You can tell Jean-Luc is a classy guy as he has the H8 book.
/me has the Japanese version of the H8 and SuperH books as a monitor stand..
Can it detect opposums and cats? Thats what we really need.
So is the face detection feature acts as “human detection” so alarms are triggered only if someone is here?
Yes correct, alarms are only triggered is a face is detected. But as I mentionned in the review, the subject must be static, and not wear any face covering (cap, face mask…)
–