IP Cam Talk

Welcome to the new IPCT! If you are having an issue logging in, please clear your cookies / cache.

Recent content by montecrypto

  1. M

    [MCR] R6 firmware IPC_R6_EN_STD_5.5.53_180730 -PSH +SSH +BUSYBOX

    Repack of the 5.5.53 firmware (R6 EN cameras) with the following changes: * Full-featured busybox * SSH access enabled * PSH (protected shell) disabled * Dropbear host key persists between reboots * Customizable init script IPC_R6_EN_STD_5.5.53_180730_mcr.zip — RGhost — файлообменник Enjoy.
  2. M

    [MCR] K51 firmware NVR_K51_BL_ML_STD_V4.1.70 -PSH +BUSYBOX

    This was tested on DS-7616NI-I2
  3. M

    [MCR] K51 firmware NVR_K51_BL_ML_STD_V4.1.70 -PSH +BUSYBOX

    It's been a while, time to upgrade. Here is the repack of the latest K51 NVR firmware. - full-featured busybox - persistent ssh keys - PSH removed NVR_K51_BL_ML_STD_V4.1.70_181114_mcr.zip — RGhost — файлообменник
  4. M

    [MCR] Hikvision packer/unpacker for 5.3.x and newer firmware

    The segfault during decryption in version 2.5 of Hikpack is a bug. It was fixed in 2.6 The current version is 2.8, but the last published was 2.5 I was planning to improve the decryption routine to take a password as an option, and then publish it, but never got to do that. Hikvision improved...
  5. M

    $500 for downgrade 5.5.0 --> 5.4.5, anyone?

    G1 can be downgraded relatively easily because its bootloader is not signed and its firmware update app can be manipulated to accept any firmware verson. I think I posted the recovery image that can flash unsigned firmware. I don't remember if it was also patched to accept major versions lower...
  6. M

    Hikvision backdoor? (WSJ article)

    I need no credit. I need to be able to trust my cameras. :)
  7. M

    Hikvision backdoor? (WSJ article)

    Neutrally-toned, paywalled article, outdated information, too much credit to DHS, no mentioning of researchers, published 6 months too late... Typical WSJ.
  8. M

    Backdoor found in Hikvision cameras

    A new, direct communications channel is actually good news. Assuming there are humans on the other side, the best strategy here is to use it. Everyone with a question, start dialing. Take notes, and after the call, publish them online and describe your experience, good or bad. They will have to...
  9. M

    Backdoor found in Hikvision cameras

    Fascinating. You seem to have discovered (accidentally, of course - I understand) a den of russian voyeuristic perverts who collaboratively use camera vulnerabilities to exercise their hand and arm muscles. It was very thoughtful of them to choose .hk domain for their home. Well, it was expected...
  10. M

    [MCR] G1 firmware IPC_G1_EN_STD_5.4.5_170124 -PSH

    Repacked IPC_G1_EN_STD_5.4.5_170124 firmware with PSH disabled. You can load it after you install modified G1 minisystem (search this forum). It won't load via web GUI or through stock minisystem. IPC_G1_EN_STD_5.4.5_170124_mc.zip — RGhost — файлообменник Enjoy.
  11. M

    Unrestricted root shell on G1 cameras

    New file attached to OP. The minisystem can now load unsigned firmware, for example this one: IPC_G1_EN_STD_5.4.5_170124_mc.zip — RGhost — файлообменник This is IPC_G1_EN_STD_5.4.5_170124 modified to disable PSH. No other changes.
  12. M

    Unrestricted root shell on G1 cameras

    Attached is PSH-free minisystem image for G1. You can use it to get full filesystem access. The image comes with a full-featured busybox. The image allows loading unsigned firmware The image will work with U-Boot 3.1.6-279309 (May 11 2017-13:36:13) or earlier. to install rooted minisystem: -...
  13. M

    G0/G1 - 2CD2145F CN to English conversion (work-in-progress)

    Just received a G1. Contrary to popular belief, G1 is not an english equivalent of G0. It is a different camera platform based on Ambarella S3L. It resembles R2 -- the amboot does not have any firmware parsing code, it boots a minisystem that flashes digicap.dav. Good news -- amboot does not...
  14. M

    [MCR] Hikvision packer/unpacker for 5.3.x and newer firmware

    It is possible, I just need to order a G1 to dump AES keys. I already have a pile of cameras I don't use... :) You won't be able to do much with it, unless you gain root access or modify the uboot to accept unsigned firmware. They now check signatures everywhere: - in the bootloader - in...
  15. M

    G0/G1 - 2CD2145F CN to English conversion (work-in-progress)

    There are no hidden commands in uboot except "go." that loads sec.bin file from tftp. That file contains the rest of the u-boot, including all the commands you need to directly access ubifs filesystem or memory. Hikvision is obviously not interested in sharing sec.bin, but there have been leaks...
Top