As many other parents we have bought a baby monitor and even though it has not been of much use yet, I got to play with some new technology so it has been more of my toy than anything else so far.
It is very clear that the producer has not put much effort into the development for Android but the iOS apps for phone and tablet are okay. It is possible to talk to the child, initiate lullaby songs and enable monitoring with threshold values for temperature, humidity, noise and so on. So it is easy to understand why Withings, the producer, has added “smart” in the product name but there is room for improvement.
It is possible to watch the live stream via Withings’ website but a slightly geeky parent would of course like to be able to decide for oneself how that livestream is consumed. Maybe via VLC or in your own web portal or a mobile app of your choice? When you buy a Raspberry Pi and their Pi NoIR camera for a third of the cost you get higher resolution and can access the live stream in any way you want, so it is clear that the Smart Baby Monitor needed an IQ boost to fight the competitors.
There is not much on Internet about where to start but this blogpost was helpful when I did some initial research. I did the same thing as that other guy, and took a look with Wireshark and the developer tools that comes with Firefox and Chrome. It is obvious that the monitor produces an RTMP video stream which easily can be consumed in VLC and for example Flowplayer (which is the same Javascript player that Withings use on their website so it is easy to find inspiration in their Javascript code). The video is encoded with h264 and the audio with aac so that is not too bad if you ask me, but it is of course possible to transcode with libav or VLC or similar.
The RTMP stream is exposed via a URL that contains a hash which gets updated so if one could retrieve that hash in an automatic way, the problem is more or less solved. I don’t know yet when or how the hash is regenerated but it does not matter much if we easily can get to know the current hash before starting to consume the stream. As outlined in the blog post I read, the relevant hash is the “kd_hash” that is returned as response in the POST request to “https://healthmate.withings.com/baby/service/presence”. My addition to the research in this area would be how that hash is retrieved. I used curl in a quick-and-very-dirty php script (download and rename extension to php). It is not beautiful but it will return the hash as output when mail, password and device id parameters are set appropriately. The device id is also found when logging in “normally” on withings.com and by inspecting the network traffic or via Wireshark. It should be easy for someone to rewrite it in Python or as a shell script if that would fit better. I might revisit the script to clean it up later. Probably next time Withings decide to change their login procedure or change the way the hash is retrieved…