Dahua and Tapo cameras: two-way not working for Frigate and HA

[derekcentrico]

I have Tapo and Dahua cameras. I set them up with Frigate based upon their documentation. However, two-way communication doesn't work at all. Dahua shows the mic icon but doesn't transmit. Tapo doesn't even show the mic icon. I am using HTTPS. They referred me here and I've been tinkering ever since.

• Block domains n-device-api.tplinkcloud.com and security.iot.i.tplinknbu.com

@mofman thank you for the info. Blocked and configured with tapo://.. TAPO C120 now works with 2-way audio in Home Assistant.

@mofman and @rici44 would you be kind enough to provide Frigate go2rtc and camera configs, and maybe any card configuration data from HA?

Anyone else with thoughts I'd be grateful.

This is what I got going currently:

Frigate

go2rtc:
  streams:
    garage:  # Dahua camera
      - rtsp://admin:[email protected]:554/cam/realmonitor?channel=1&subtype=0#backchannel=0
      - rtsp://admin:[email protected]:554/cam/realmonitor?channel=1&subtype=0
    garage_sub: # Dahua camera
      - rtsp://admin:[email protected]:554/cam/realmonitor?channel=1&subtype=2#backchannel=0
      - rtsp://admin:[email protected]:554/cam/realmonitor?channel=1&subtype=2

    kitchen: # Tapo C120
      - ffmpeg:rtsp://tapocam:[email protected]:554/stream1#audio=aac#video=copy
      - tapo://[email protected]
    kitchen_sub: # Tapo C120
      - ffmpeg:rtsp://tapocam:[email protected]:554/stream2#audio=aac#video=copy
      - tapo://[email protected]

cameras:
  garage:
  ....
    ffmpeg:
      output_args:
        record: preset-record-generic-audio-aac
      inputs:
        - path: 
            rtsp://admin:[email protected]:554/cam/realmonitor?channel=1&subtype=0
          input_args: preset-rtsp-restream
          roles:
            - record
        - path: 
            rtsp://admin:[email protected]:554/cam/realmonitor?channel=1&subtype=2
          input_args: preset-rtsp-restream
          roles:
            - detect
            - audio
      hwaccel_args: preset-vaapi
  ....
  kitchen:
  ....
    ffmpeg:
      output_args:
        record: preset-record-generic-audio-copy
      inputs:
        - path: rtsp://tapocam:[email protected]:554/stream2
          roles:
            - detect
          input_args: preset-rtsp-restream-low-latency
        - path: rtsp://127.0.0.1:8554/kitchen
          input_args: preset-rtsp-restream
          roles:
            - record
            - audio
#      hwaccel_args: preset-vaapi
    live:
      stream_name: kitchen
  ....

Home Assistant Card:

type: grid
cards:
  - type: custom:frigate-card
    cameras:
      - camera_entity: camera.kitchen_2
        go2rtc:
          modes: []
        webrtc_card: {}
        live_provider: go2rtc
    view:
      update_force: true
      update_seconds: 0
    menu:
      buttons:
        mute:
          enabled: true
        play:
          enabled: true
        microphone:
          enabled: true
          type: momentary
          alignment: matching
      style: overlay
    live:
      preload: true
      controls:
        thumbnails:
          media: clips
      auto_play: all
      auto_mute: all
      microphone:
        always_connected: true
    media_viewer:
      auto_mute: never
      controls:
        next_previous: {}
    image:
      mode: camera

type: custom:frigate-card
cameras:
  - camera_entity: camera.garage
    live_provider: auto
    go2rtc:
      modes:
        - webrtc
    image:
      refresh_seconds: 2
view:
  default: image
  camera_select: live
  update_seconds: 2
image:
  mode: camera
  refresh_seconds: 2
performance:
  profile: low
dimensions:
  aspect_ratio_mode: dynamic

[mofman]

Showing you the part of the config which need to get right,

you need admin: and your tapo account password sha256 hashed in upper case (the password you use to login to tapo services)

your ffmpeg line is wrong too

go2rtc:
  streams:
    Kitchen:
      - tapo://admin:XXXB3B88C3CA41847092362896109AC1EA681A2E82ED40BFD25C8E25EEFDFXXX@192.168.0.240
      - ffmpeg:Kitchen#audio=aac#audio=opus

[derekcentrico]

Showing you the part of the config which need to get right,

you need admin: and your tapo account password sha256 hashed in upper case

your ffmpeg line is wrong too

go2rtc:
  streams:
    Kitchen:
      - tapo://admin:XXXB3B88C3CA41847092362896109AC1EA681A2E82ED40BFD25C8E25EEFDFXXX@192.168.0.240
      - ffmpeg:Kitchen#audio=aac#audio=opus

Thanks, I'll tweak that. How do you have the URL for the actual cameras?

[mofman]

You mean the ip address?

[rici44]

@derekcentrico For this setup I use only go2rtc and Custom: WebRTC Camera card in HA

go2rtc config

cam4: 
  - tapo://admin:[email protected]

Custom: WebRTC Camera

type: custom:webrtc-camera
streams:
  - url: cam4
    mode: webrtc
    media: video,audio,microphone

[derekcentrico]

You mean the ip address?

@mofman Like the camera section in Frigate config.

cameras:  
kitchen:
  ....
    ffmpeg:
      output_args:
        record: preset-record-generic-audio-copy
      inputs:
        - path: rtsp://tapocam:[email protected]:554/stream2
          roles:
            - detect
          input_args: preset-rtsp-restream-low-latency
        - path: rtsp://127.0.0.1:8554/kitchen
          input_args: preset-rtsp-restream

[mofman]

go2rtc:
  streams:
    Kitchen:
      - tapo://admin:XXXB3B88C3CA41847092362896109AC1EA681A2E82ED40BFD25C8E25EEFDFXXX@192.168.0.240
      - ffmpeg:Kitchen#audio=aac#audio=opus

cameras:
  Kitchen:
    ffmpeg:
      inputs:
        - path: rtsp://127.0.0.1:8554/Kitchen
          roles:
            - detect
      output_args:
        record: preset-record-generic-audio-aac
    detect:
      enabled: true
    objects:
      track:
        - person
        - cat
        - dog
    motion:
      mask: 0,0.046,0.359,0.047,0.358,0,0,0.002

Assuming its running on the location and the dafault port, use rtsp://127.0.0.1:8554/Kitchen - keep the name the same.

[derekcentrico]

@mofman and @rici44 thank you both.

I revised my cameras. Oddly, I get this error when using the go2rtc URL for the camera:

rtsp://127.0.0.1:8554/kitchen: Invalid data found when processing input

Cloud password is the password that goes to the Tapo app, correct? I tried that one and the tapocam:password from the RTSP setup just for kicks. No go.

2024-11-15 17:56:35.141980187  [2024-11-15 17:56:35] frigate.video                  ERROR   : portable: Unable to read frames from ffmpeg process.
2024-11-15 17:56:35.142058459  [2024-11-15 17:56:35] frigate.video                  ERROR   : portable: ffmpeg process is not running. exiting capture thread...
2024-11-15 17:56:35.157629698  17:56:35.157 WRN [rtsp] error="streams: 401 Unauthorized, exec: rtsp://127.0.0.1:8554/kitchen?audio: Invalid data found when processsing input\n" stream=kitchen
2024-11-15 17:56:35.243087508  [2024-11-15 17:56:35] audio.kitchen                  ERROR   : ffmpeg process is not running, restarting...

I have firmware 1.1.3 flashed to it, using the very last release of 1.1.3 available as a bin.

Did y'all have an issue with a password or anything?

[derekcentrico]

LOL now I get "2024-11-15 18:31:15.077453990 18:31:15.077 WRN [rtsp] error="streams: Expected StatusCode to be 401, received 200, exec: rtsp://127.0.0.1:8554/kitchen?video&audio: Invalid data found when processing input\n" stream=portable" using "Tapo_C120v1_en_1.1.3_Build_230930_Rel.56236n_up_boot-signed_1697192563556.bin" instead of "Tapo_C120v1_en_1.1.3_Build_230930_Rel.56236n_up_boot-signed_1697194362284.bin"

[mofman]

Did you block the domains I suggested?

[derekcentrico]

Did you block the domains I suggested?

Yeah I blocked them via pihole.

My firewalla shows only one domain it's hitting, 5 times. aps1-relay-dcipc-beta.i.tplinknbu.com

[mofman]

Are you familiar with python?

If so

Can you try this code, install pytapo via pip then create the script below replacing with your values and let me know what your response is when you run it

pip3 install pytapo

from pytapo import Tapo

user = "admin" # leave this variable as 'admin'
password = "XXXXXXXXX" # password for your **tapo account** in plain text (not hashed)
host = "192.168.0.1" # ip of the camera, example: 192.168.1.52

tapo = Tapo(host, user, password)

print(tapo.getBasicInfo())

[derekcentrico]

@mofman Sure, so here is the resulting matter:

Traceback (most recent call last):
  File "/home/derek/Desktop/pytest", line 7, in <module>
    tapo = Tapo(host, user, password)
  File "/home/derek/.local/lib/python3.10/site-packages/pytapo/__init__.py", line 86, in __init__
    self.basicInfo = self.getBasicInfo()
  File "/home/derek/.local/lib/python3.10/site-packages/pytapo/__init__.py", line 1091, in getBasicInfo
    return self.executeFunction(
  File "/home/derek/.local/lib/python3.10/site-packages/pytapo/__init__.py", line 491, in executeFunction
    data = self.performRequest(
  File "/home/derek/.local/lib/python3.10/site-packages/pytapo/__init__.py", line 532, in performRequest
    self.ensureAuthenticated()
  File "/home/derek/.local/lib/python3.10/site-packages/pytapo/__init__.py", line 108, in ensureAuthenticated
    return self.refreshStok()
  File "/home/derek/.local/lib/python3.10/site-packages/pytapo/__init__.py", line 418, in refreshStok
    return self.refreshStok(loginRetryCount)
  File "/home/derek/.local/lib/python3.10/site-packages/pytapo/__init__.py", line 418, in refreshStok
    return self.refreshStok(loginRetryCount)
  File "/home/derek/.local/lib/python3.10/site-packages/pytapo/__init__.py", line 423, in refreshStok
    raise Exception("Invalid authentication data")
Exception: Invalid authentication data

Seems like I'm stuck in what the other issue thread is about. Hoping @rici44 sends me the blob filename for 1.2.2 so I can download/flash it. 🥇

[mofman]

1.2.2 is just the latest version available from the app,

Go through this checklist

• Block domains using pihole
• Factory reset camera
• Test using python script, ensure you are using admin and your tapo account password (not password for device)

[derekcentrico]

Domains blocked. No flows are going through to any of those domains.

Py script started giving results after factory reset:
{'device_info': {'basic_info': {'device_type': 'SMART.IPCAMERA', 'device_info': 'C120 1.0 IPC', 'features': 3, 'barcode': '', 'device_model': 'C120', 'sw_version': '1.1.3 Build 230930 Rel.56236n', 'device_name': 'C120 1.0', 'hw_version': '1.0', 'device_alias': 'portable', 'mobile_access': '0', 'mac': '20-23-51-0F-3E-87', 'dev_id': '80217D748F6B96A0F9EA4CF5B1BE329722B9C457', 'hw_id': 'F0F676D5F47CAFF56B203949B1FAC42C', 'oem_id': 'CDE31B10524EC3E6E74A09A9D7B57FD8', 'hw_desc': '00000000000000000000000000000000', 'manufacturer_name': 'TP-LINK', 'region': 'US', 'ffs': False, 'is_cal': True, 'avatar': 'Cat tree', 'has_set_location_info': 1, 'longitude': -773812, 'latitude': 389611}}}

I tried the tapo:// combinations of plain text password, admin:MD5 and admin:shasum256. None work. Generated those using the same password used in the py script.

[mofman]

You're really close now that you're successfuly getting authenticated. Try all these combos below, you can try them all at once.

Then go to your go2rtc web client and see if it creates any producers http://192.168.0.XXX:1984/

    Kitchen:
      - tapo://[email protected] #plaintext
      - tapo://XXXX3B88C3CA41847092362896109AC1EA681A2E82ED40BFD25C8E25EEFXXXX4@192.168.0.195  #sha256 UPPERCASE
      - tapo://[email protected] #md5 UPPERCASE
      - tapo://admin:XXXX3B88C3CA41847092362896109AC1EA681A2E82ED40BFD25C8E25EEFXXXX4@192.168.0.195 #admin + sha256 UPPERCASE
      - tapo://admin:[email protected] #admin + md5 UPPERCASE
      - ffmpeg:Kitchen#audio=aac#audio=opus

[derekcentrico]

@mofman So, added all those and boom something works because it is in Frigate now. Thanks!!!

[mofman]

No problem, you should be able to identify which is the working line is using a process of elimination.

[rici44]

@derekcentrico proper camera reset and proper blocked domains are necessary steps. I block domains with IP addresses of those domains (nslookup) but IPs changed and I had to reset camera again and block with domain names.

[derekcentrico]

@rici44 yeah so I used pihole to null route the recommended domains and I monitored the network flows with my Firewalla. All good for 2 cameras. The 3rd one appears to be bricked upon flashing. Blinking red for 30 minutes after the reboot. Siiiigh

[mofman]

@AlexxIT I’m wondering if it might be worth considering a mechanism where the user could simply enter their Tapo account password, for example:

• tapo://[email protected]

When go2rtc attempts to connect, it could try various combinations automatically, such as admin:md5, admin:sha256, etc., eliminating the need for users to figure out which combination works.

This should be feasible to implement without disrupting existing setups...

[AlexxIT]

@mofman go2rtc supports password as plaint text for tapo source:
https://github.com/AlexxIT/go2rtc?tab=readme-ov-file#source-tapo