Eufy HomeKit Secure Video Integration Guide | HKSV with Scrypted

Why I Started This Project (Spoiler: Pure Frustration)

So there I was, sitting with my fancy Eufy security cameras that cost a small fortune, staring at my iPhone Home app, wondering why the hell I couldn’t get HomeKit Secure Video working.

I mean, these cameras are good. No subscription fees, local storage, decent video quality. But try integrating them with HomeKit? Nope. Not happening.

And it gets worse. I discovered that Eufy cameras use ancient OpenSSL encryption from like 2015. We’re talking encryption methods so old that modern Node.js (v18+) literally refuses to talk to them. It’s like trying to get your iPhone 15 to sync with a Windows 95 PC via dial-up.

The Brutal Reality Check

Here’s what I was dealing with:

  • ❌ Modern Node.js literally can’t connect – Those encryption methods? Ripped out for being insecure
  • ❌ Can’t just use old Node.js – Sure, let me open my home network to every CVE from 2019. Great idea.
  • ❌ Eufy won’t add HomeKit support – They’ve been “considering it” for years
  • ❌ Vendor lock-in hell – Stuck with their mediocre app and zero automation

I wasn’t about to replace perfectly good cameras. So I did what any reasonable developer would do: I decided to build a bridge myself. How hard could it be? (Narrator: It was very hard)

The Goal: HomeKit Secure Video or Bust

My mission was simple (ha!): Get my Eufy cameras working with HomeKit Secure Video without compromising security or performance.

Why I Wanted HKSV So Badly

HomeKit Secure Video is honestly the best smart camera integration out there:

  • πŸ“Ή Your HomeKit hub analyzes everything locally – No cloud AI spying on you
  • πŸ”’ Actually encrypted – Unlike Eufy’s “cloud encryption” that turned out to be… questionable
  • πŸ”” Smart notifications – Knows the difference between my cat and a burglar
  • πŸ“± Works everywhere – iPhone, iPad, Mac, Apple Watch. It just works.
  • 🏠 One app to rule them all – No more juggling 47 different smart home apps

But first, I had to solve the encryption nightmare.

The Solution: When Old Meets New (A Two-Tier Architecture)

After a week of banging my head against OpenSSL docs, I had an epiphany: What if I just… don’t let modern Node.js talk to Eufy directly?

Here’s the architecture I came up with:

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”    β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”    β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚   Scrypted      β”‚    β”‚  Eufy Security   β”‚    β”‚  Eufy Devices   β”‚
β”‚   (Modern       │◄──►│  WebSocket       │◄──►│  (Legacy        β”‚
β”‚   Node.js 20+)  β”‚    β”‚  Server          β”‚    β”‚  OpenSSL)       β”‚
β”‚                 β”‚    β”‚  (Legacy Node)   β”‚    β”‚                 β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜    β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜    β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
        β”‚
        β–Ό
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚   HomeKit       β”‚
β”‚   Secure Video  β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

Breaking It Down (Because I Know You’re Skeptical)

Layer 1: The Modern Scrypted Plugin (where I live)

  • Runs on Node.js 20+ with all the latest security patches
  • Talks to HomeKit, does the video transcoding magic
  • Handles all the UI and automation stuff
  • This is the safe code

Layer 2: The Legacy Bridge (the dirty work)

  • Stuck in a Docker container like the security risk it is
  • Runs old Node.js with --openssl-legacy-provider
  • Handles all communication with Eufy’s ancient protocols
  • Exposes a nice, clean WebSocket API

Why This Is Actually Genius:

  • βœ… Main app stays secure with modern Node.js
  • βœ… Legacy stuff is isolated and contained
  • βœ… If Eufy ever updates their protocols, I only touch Layer 2
  • βœ… Works with ALL Eufy devices (even the crusty old ones)
  • βœ… Performance is actually really good (more on that later)

It’s like having a translator who speaks both modern English and Old English. You never have to touch the Old English yourself.

The Technical Nightmares I Solved (So You Can Sleep Better)

Nightmare #1: “Why Won’t You Just CONNECT?!”

The Problem: Node.js 18+ literally says “nope” to Eufy’s encryption. Like, won’t even try.

What I Did: Okay, so I spun up a separate container running Node.js 16 with the --openssl-legacy-provider flag (which is developer-speak for “please use the insecure old stuff”). But here’s the key: this container is isolated. It’s in Docker jail, can only talk WebSocket, and if it gets compromised, it can’t touch anything else.

The main plugin never touches the legacy protocols. It’s like hiring a sketchy locksmith but making them work through a really thick window.

Nightmare #2: Video Streaming Is Hard, Actually

The Problem: Eufy’s H.264 stream is… creative. They package it in a proprietary format that makes FFmpeg cry.

What I Did: I built a custom TCP streaming server that:

  • Parses H.264 NAL units in real-time (sounds fancy, basically frame-by-frame analysis)
  • Caches SPS/PPS headers (the “instruction manual” for the video codec)
  • Handles multiple viewers watching the same stream (my wife and I can both watch the doorbell)
  • Detects keyframes so playback starts instantly

I spent like two weeks reading H.264 specs. Did you know a single corrupted byte can brick your entire stream? Because I do. Now. Painfully.

Nightmare #3: Device Discovery Hell

The Problem: Eufy has cameras, doorbells, sensors, and “HomeBase” stations that all talk to each other in weird ways.

What I Did: Built a whole discovery system that:

  • Auto-detects everything on your network
  • Understands that HomeBase “owns” certain devices
  • Syncs properties in real-time (when battery hits 20%, you know immediately)
  • Handles motion events, doorbell presses, all that good stuff

The hierarchy was the tricky part. Turns out some cameras are controlled through their station, not directly. Thanks for documenting that, Eufy. Oh wait.

Nightmare #4: Authentication is a Disaster

The Problem: Eufy makes you solve CAPTCHAs, handle 2FA, manage sessions… it’s like they don’t want you to use their API.

What I Did: Created an auth flow that:

  • Shows you the CAPTCHA image (when Eufy decides to be annoying)
  • Handles 2FA codes from your email/SMS
  • Maintains the session automatically
  • Reconnects when you lose connection

Fun fact: I implemented a state machine for this. An actual state machine. For authentication. For security cameras.

Nightmare #5: Memory Leaks Are Real

The Problem: Streaming video 24/7 will eat your RAM and crash your server at 3 AM. Ask me how I know.

What I Did: Implemented smart memory management:

  • Configurable thresholds (don’t use the defaults, trust me)
  • Automatic cleanup before things explode
  • Lazy loading (only stream when someone’s watching)
  • Session reuse (one stream, multiple viewers)

I learned about Node.js garbage collection the hard way. So. Many. Crashed. Servers.

How I Built It: A Monorepo Story

I’m a sucker for organization, so I built this as a monorepo with four packages. Yes, I’m that person.

Package 1: @caplaz/eufy-security-scrypted

This is the main plugin. The star of the show. What users actually install.

Does all the important stuff:

  • Discovers your devices automatically
  • Integrates with HomeKit Secure Video
  • Streams video with FFmpeg
  • Handles motion events, doorbell presses, all that jazz

Tests: 160 (because bugs at 3 AM suck)

Package 2: @caplaz/eufy-security-client

The WebSocket client library. This is the thing that talks to that sketchy bridge server we containerized earlier.

Written in TypeScript because I value my sanity:

  • Manages WebSocket connections (with auto-reconnect because networks are trash)
  • Sends commands (“start stream”, “take snapshot”, “please work”)
  • Handles events (motion detected, doorbell pressed)
  • Negotiates API schemas (yes, Eufy has versions. Yes, they break.)

Tests: 184 with 100% pass rate (I’m weirdly proud of this)

Package 3: @caplaz/eufy-stream-server

Custom video streaming server because off-the-shelf solutions didn’t cut it.

This baby:

  • Streams raw H.264 (no audio complexity to deal with)
  • Parses video frames in real-time
  • Handles multiple viewers simultaneously
  • Gives you streaming stats (because data is beautiful)

Tests: 22 tests (video streaming is hard to test, okay?)

Package 4: @caplaz/eufy-security-cli

The developer tool I built to test everything without launching the full plugin every time.

Super useful for:

  • Streaming video directly to VLC (great for debugging)
  • Querying device info (when you forget what you named things)
  • Monitoring in real-time (tail -f for cameras)
  • Scripting automations (if you’re into that)

Tests: 83 tests for reliability

Key Features Achieved

βœ… Complete Device Support

  • Cameras: Indoor, Outdoor, Floodlight, PTZ models
  • Doorbells: Video Doorbell series with two-way audio
  • Sensors: Motion, contact, temperature sensors
  • Base Stations: HomeBase 1/2/3 with full security system control

βœ… HomeKit Secure Video Compatible

Through Scrypted’s HomeKit integration:

  • Native HomeKit camera support
  • Live video streaming to iOS/macOS
  • Motion-triggered recordings to iCloud
  • Rich notifications with AI object detection
  • Secure end-to-end encryption

βœ… Advanced Video Features

  • Live Streaming: Real-time H.264 video (up to 2K resolution)
  • Two-Way Audio: AAC stereo support
  • Low Latency: ~1-3 second typical delay
  • Multi-Viewer: Multiple concurrent streams
  • Snapshots: High-quality JPEG captures

βœ… Smart Device Controls

  • PTZ Cameras: Pan/tilt/zoom control
  • Floodlight Cameras: Light on/off and brightness
  • Doorbell Events: Press notifications and visitor detection
  • Security System: Arm/disarm modes via HomeBase
  • Battery Monitoring: Real-time battery levels and charging status

βœ… Home Automation Integration

Beyond HomeKit, works with:

  • Home Assistant: Full integration via Scrypted
  • Google Home: “Show front door camera”
  • Amazon Alexa: “Show backyard camera on TV”
  • Custom Automations: Node-RED, Homebridge compatible

SEO-Worthy Results: Real-World Impact

Performance Metrics

  • Stream Latency: 1-3 seconds (competitive with cloud services)
  • Memory Efficiency: 85-150MB typical usage
  • Concurrent Streams: 4+ simultaneous viewers
  • Uptime: 99.5%+ with automatic reconnection

User Experience Improvements

  • Setup Time: 5-10 minutes (vs. hours of troubleshooting alternatives)
  • Maintenance: Zero after initial setup
  • Cost Savings: No cloud subscription required ($99/year saved per location)
  • Privacy: 100% local processing option (no Eufy cloud required)

Open Source Impact

Since releasing this project on GitHub:

  • ⭐ Growing community adoption
  • πŸ› Active bug reports and feature requests
  • 🀝 Community contributions
  • πŸ“š Documentation improvements from users

Lessons Learned (The Hard Way)

1. Modular or Die

Each package does ONE thing. That’s it.

  • Client talks
  • Server streams
  • Plugin integrates
  • CLI tests

When something breaks (and it will), you know exactly where to look. Saved me SO many hours of debugging.

2. TypeScript is Your Friend

I used TypeScript everywhere. Everywhere.

That type-safe WebSocket client? Caught probably 200+ bugs before they hit production. The compiler yells at you, but it’s the good kind of yelling.

// This won't even compile if the types are wrong
// Future me thanks past me constantly
interface DeviceEvent {
  type: "motion_detected" | "doorbell_pressed";
  deviceId: string;
  timestamp: number;
}

3. Test Everything (Yes, Everything)

318 tests across the codebase. Some people think that’s overkill. Those people have never debugged a production issue at 2 AM because they skipped tests.

Every time I refactor something, tests catch the stupid mistakes. Every. Single. Time.

4. Documentation is Not Optional

I spent probably 20% of development time on docs. README files, architecture diagrams, troubleshooting guides, code examples.

Worth it. Totally worth it. Fewer “how do I…” questions, easier onboarding, and honestly, it helps me remember what I was thinking six months ago.

5. Containers Are Security

That legacy protocol handling? Locked in a container like it owes me money.

If it gets compromised (and old OpenSSL is definitely a risk), it can’t touch my main app, my network, or anything important. This wasn’t just good engineeringβ€”it was essential for security.

Want to Help?

This is open source (MIT License), which means you can:

  • Test it with your weird Eufy devices
  • Submit bug reports (please include logs!)
  • Contribute code (PRs welcome!)
  • Make the docs better (I know they need work)

Seriously, if you have a Eufy device I haven’t tested, I want to hear from you.

GitHub: github.com/caplaz/eufy-security-scrypted

Try It Yourself (Seriously, Do It)

Ready to get your Eufy cameras working with HomeKit? Let’s go:

The 5-Minute Setup

Step 1: Install Scrypted

# Docker is easiest (trust me)
docker run -d --name scrypted \
  -p 10443:10443 \
  -p 11080:11080 \
  -v ~/.scrypted:/server/volume \
  koush/scrypted

Step 2: Fire Up the Bridge Server

# This is the "legacy protocol jail" container
docker run -d --name eufy-security-ws \
  -p 3000:3000 \
  -e USERNAME=your_email@example.com \
  -e PASSWORD=your_eufy_password \
  bropat/eufy-security-ws

Step 3: Install the Plugin

  • Open Scrypted at https://localhost:10443
  • Go to Plugins β†’ Search “Eufy Security”
  • Hit Install
  • Set WebSocket URL to ws://localhost:3000

Step 4: Add to HomeKit

  • Install the HomeKit plugin in Scrypted
  • Scan the QR code with your iPhone
  • BOOM. Your Eufy cameras are now HomeKit cameras.

Seriously, that’s it. If I can do it while half asleep, you can too.

The Bottom Line

Look, I didn’t set out to become the “Eufy HomeKit guy.” I just wanted my cameras to work with my smart home. But after three months of fighting legacy protocols, reading OpenSSL docs at midnight, and debugging memory leaks at 3 AM, I built something that actually works.

And now you can use it too.

What You Get

  • βœ… HomeKit Secure Video on your existing Eufy cameras
  • βœ… Actually secure code (modern Node.js, containerized legacy stuff)
  • βœ… Local processing (no cloud required)
  • βœ… Works with Home Assistant, Google Home, Alexa too
  • βœ… Open source (fork it, break it, fix it, whatever)

Why This Matters

Vendor lock-in sucks. Proprietary apps suck. Being forced to replace perfectly good hardware because of software limitations really sucks.

This project proves you don’t have to accept that. With some clever architecture and a stubborn refusal to give up, you can make things work the way they should have from the start.

Come Build With Me

I’m just one developer who got frustrated with cameras. Imagine what we could do as a community.

Find me on GitHub: github.com/caplaz/eufy-security-scrypted

Star the repo, open issues, submit PRs, or just tell me if it worked for you. Every bit helps make this better for everyone.

Now go make your cameras do what you want. You paid for them, after all.

Resources (The Good Stuff)

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top