DNS Bug / Bad Library

PFFT · March 11, 2022, 3:42pm

I don’t think that Wyze really pays attention to complaints. Calling support is like talking to a brick wall where they run the same script over and over again.

DNS over TLS causes Wyze cams to drop ‘offline’ from the perspective of the app the thumbnails say offline, but when you click on them you can view the camera, also recording breaks. After doing extensive testing I found the following:

For me, this only breaks if:

the record is not cached (they have a really low TTL)
you have blocked devices from getting to 8.8.8.8 to bypass your cache/filtering/privacy settings.

Here’s a cached packet which the cam can process although the TTL is less than 1 minute so the cache will never bee there when the camera needs it:

; <<>> DiG 9.16.1-Ubuntu <<>> api.wyzecam.com @192.168.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25936
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;api.wyzecam.com.		IN	A

;; ANSWER SECTION:
api.wyzecam.com.	19	IN	CNAME	core-prod-cloud-gateway-1340290424.us-west-2.elb.amazonaws.com.
core-prod-cloud-gateway-1340290424.us-west-2.elb.amazonaws.com.	19 IN A	44.228.53.38
core-prod-cloud-gateway-1340290424.us-west-2.elb.amazonaws.com.	19 IN A	52.26.7.89
core-prod-cloud-gateway-1340290424.us-west-2.elb.amazonaws.com.	19 IN A	54.189.218.68
core-prod-cloud-gateway-1340290424.us-west-2.elb.amazonaws.com.	19 IN A	54.189.12.237

;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Thu Mar 10 20:43:10 UTC 2022
;; MSG SIZE  rcvd: 184



25936+ [1au] A? api.wyzecam.com. (56)
	0x0000:  4500 0054 761b 0000 4011 8089 c0a8 01a3  E..Tv...@.......
	0x0010:  c0a8 0101 cb0e 0035 0040 8446 6550 0120  .......5.@.FeP..
	0x0020:  0001 0000 0000 0001 0361 7069 0777 797a  .........api.wyz
	0x0030:  6563 616d 0363 6f6d 0000 0100 0100 0029  ecam.com.......)
	0x0040:  1000 0000 0000 000c 000a 0008 6638 a02e  ............f8..
	0x0050:  a824 d89d                                .$..
25936 5/0/1 CNAME core-prod-cloud-gateway-1340290424.us-west-2.elb.amazonaws.com., A 44.228.53.38, A 52.26.7.89, A 54.189.218.68, A 54.189.12.237 (184)
	0x0000:  4500 00d4 1bbd 0000 4011 da67 c0a8 0101  E.......@..g....
	0x0010:  c0a8 01a3 0035 cb0e 00c0 c268 6550 8180  .....5.....heP..
	0x0020:  0001 0005 0000 0001 0361 7069 0777 797a  .........api.wyz
	0x0030:  6563 616d 0363 6f6d 0000 0100 01c0 0c00  ecam.com........
	0x0040:  0500 0100 0000 1300 4022 636f 7265 2d70  ........@"core-p
	0x0050:  726f 642d 636c 6f75 642d 6761 7465 7761  rod-cloud-gatewa
	0x0060:  792d 3133 3430 3239 3034 3234 0975 732d  y-1340290424.us-
	0x0070:  7765 7374 2d32 0365 6c62 0961 6d61 7a6f  west-2.elb.amazo
	0x0080:  6e61 7773 0363 6f6d 00c0 2d00 0100 0100  naws.com..-.....
	0x0090:  0000 1300 042c e435 26c0 2d00 0100 0100  .....,.5&.-.....
	0x00a0:  0000 1300 0434 1a07 59c0 2d00 0100 0100  .....4..Y.-.....
	0x00b0:  0000 1300 0436 bdda 44c0 2d00 0100 0100  .....6..D.-.....
	0x00c0:  0000 1300 0436 bd0c ed00 0029 0500 0000  .....6.....)....
	0x00d0:  0000 0000                                ....

And here’s a packet that is not cached, that is a new response via DNS over TLS from 1.1.1.1 you can see the packet is much bigger (447 vs 184) because instead of summarizing all 4 IP’s for the discovered CNAME record, it lists the CNAME 4 times with the IP after each occurrence. The camera doesn’t process this properly even though it is a proper DNS response that is processed just fine from other devices.

; <<>> DiG 9.16.1-Ubuntu <<>> api.wyzecam.com @192.168.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28450
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;api.wyzecam.com.		IN	A

;; ANSWER SECTION:
api.wyzecam.com.	30	IN	CNAME	core-prod-cloud-gateway-1340290424.us-west-2.elb.amazonaws.com.
core-prod-cloud-gateway-1340290424.us-west-2.elb.amazonaws.com.	30 IN A	54.189.12.237
core-prod-cloud-gateway-1340290424.us-west-2.elb.amazonaws.com.	30 IN A	54.189.218.68
core-prod-cloud-gateway-1340290424.us-west-2.elb.amazonaws.com.	30 IN A	52.26.7.89
core-prod-cloud-gateway-1340290424.us-west-2.elb.amazonaws.com.	30 IN A	44.228.53.38

;; Query time: 28 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Thu Mar 10 20:42:58 UTC 2022
;; MSG SIZE  rcvd: 447


28450+ [1au] A? api.wyzecam.com. (56)
	0x0000:  4500 0054 7421 0000 4011 8283 c0a8 01a3  E..Tt!..@.......
	0x0010:  c0a8 0101 dfe1 0035 0040 8446 6f22 0120  .......5.@.Fo"..
	0x0020:  0001 0000 0000 0001 0361 7069 0777 797a  .........api.wyz
	0x0030:  6563 616d 0363 6f6d 0000 0100 0100 0029  ecam.com.......)
	0x0040:  1000 0000 0000 000c 000a 0008 4f01 8e77  ............O..w
	0x0050:  9708 c16d                                ...m
28450 5/0/1 CNAME core-prod-cloud-gateway-1340290424.us-west-2.elb.amazonaws.com., A 54.189.12.237, A 54.189.218.68, A 52.26.7.89, A 44.228.53.38 (447)
	0x0000:  4500 01db 099e 0000 4011 eb7f c0a8 0101  E.......@.......
	0x0010:  c0a8 01a3 0035 dfe1 01c7 863f 6f22 8180  .....5.....?o"..
	0x0020:  0001 0005 0000 0001 0361 7069 0777 797a  .........api.wyz
	0x0030:  6563 616d 0363 6f6d 0000 0100 0103 6170  ecam.com......ap
	0x0040:  6907 7779 7a65 6361 6d03 636f 6d00 0005  i.wyzecam.com...
	0x0050:  0001 0000 001e 0040 2263 6f72 652d 7072  .......@"core-pr
	0x0060:  6f64 2d63 6c6f 7564 2d67 6174 6577 6179  od-cloud-gateway
	0x0070:  2d31 3334 3032 3930 3432 3409 7573 2d77  -1340290424.us-w
	0x0080:  6573 742d 3203 656c 6209 616d 617a 6f6e  est-2.elb.amazon
	0x0090:  6177 7303 636f 6d00 2263 6f72 652d 7072  aws.com."core-pr
	0x00a0:  6f64 2d63 6c6f 7564 2d67 6174 6577 6179  od-cloud-gateway
	0x00b0:  2d31 3334 3032 3930 3432 3409 7573 2d77  -1340290424.us-w
	0x00c0:  6573 742d 3203 656c 6209 616d 617a 6f6e  est-2.elb.amazon
	0x00d0:  6177 7303 636f 6d00 0001 0001 0000 001e  aws.com.........
	0x00e0:  0004 36bd 0ced 2263 6f72 652d 7072 6f64  ..6..."core-prod
	0x00f0:  2d63 6c6f 7564 2d67 6174 6577 6179 2d31  -cloud-gateway-1
	0x0100:  3334 3032 3930 3432 3409 7573 2d77 6573  340290424.us-wes
	0x0110:  742d 3203 656c 6209 616d 617a 6f6e 6177  t-2.elb.amazonaw
	0x0120:  7303 636f 6d00 0001 0001 0000 001e 0004  s.com...........
	0x0130:  36bd da44 2263 6f72 652d 7072 6f64 2d63  6..D"core-prod-c
	0x0140:  6c6f 7564 2d67 6174 6577 6179 2d31 3334  loud-gateway-134
	0x0150:  3032 3930 3432 3409 7573 2d77 6573 742d  0290424.us-west-
	0x0160:  3203 656c 6209 616d 617a 6f6e 6177 7303  2.elb.amazonaws.
	0x0170:  636f 6d00 0001 0001 0000 001e 0004 341a  com...........4.
	0x0180:  0759 2263 6f72 652d 7072 6f64 2d63 6c6f  .Y"core-prod-clo
	0x0190:  7564 2d67 6174 6577 6179 2d31 3334 3032  ud-gateway-13402
	0x01a0:  3930 3432 3409 7573 2d77 6573 742d 3203  90424.us-west-2.
	0x01b0:  656c 6209 616d 617a 6f6e 6177 7303 636f  elb.amazonaws.co
	0x01c0:  6d00 0001 0001 0000 001e 0004 2ce4 3526  m...........,.5&
	0x01d0:  0000 2904 d000 0000 0000 00              ..)........

Seriously Wyze, I appreciate your products are cheap, but at least make them follow standards! Fix your DNS library so that these larger responses work and don’t take your devices offline! A lot of people are moving to DoT and also blocking generic public resolvers.

SeaStream · March 17, 2022, 11:25pm

Interesting. I’ve not looked at much deeper really but there’s definitely issues where the regular stream gets interrupted.

RTSP appears to not have any issue for me though which I’ve been testing (available by them).

I do wonder if using the RTSP with its firmware by Wyze would do it instead of the stuff you end with mentioning.

Personally, RTSP works better for me as I can block the internet access of the camera that way which has tested good.

Edit on that: Apparently, over a relatively short time disabling the internet on the camera results in it acting weird and freezing rtsp based on something I just noticed today. Though a bit early, this is what it looks like as it immediately unfroze after I re-enabled internet for the camera. Nothing else was necessary. Could have been a super coincidence but no issues happened before I did that the other day.

My guess is that its checking and then each failure results in something else and over time it builds up. Bugs. If failures add up to cause issues then they might also contribute to the camera being knocked off as well.

DroidST · October 2, 2022, 12:43am

Issues still for Video Doorbell (wired), Cam Outdoor, Bulb and Cam v2