Recent content by montecrypto

Repack of the 5.5.53 firmware (R6 EN cameras) with the following changes: * Full-featured busybox * SSH access enabled * PSH (protected shell) disabled * Dropbear host key persists between reboots * Customizable init script IPC_R6_EN_STD_5.5.53_180730_mcr.zip — RGhost — файлообменник Enjoy.

This was tested on DS-7616NI-I2

It's been a while, time to upgrade. Here is the repack of the latest K51 NVR firmware. - full-featured busybox - persistent ssh keys - PSH removed NVR_K51_BL_ML_STD_V4.1.70_181114_mcr.zip — RGhost — файлообменник

The segfault during decryption in version 2.5 of Hikpack is a bug. It was fixed in 2.6 The current version is 2.8, but the last published was 2.5 I was planning to improve the decryption routine to take a password as an option, and then publish it, but never got to do that. Hikvision improved...

G1 can be downgraded relatively easily because its bootloader is not signed and its firmware update app can be manipulated to accept any firmware verson. I think I posted the recovery image that can flash unsigned firmware. I don't remember if it was also patched to accept major versions lower...

I need no credit. I need to be able to trust my cameras. :)

Neutrally-toned, paywalled article, outdated information, too much credit to DHS, no mentioning of researchers, published 6 months too late... Typical WSJ.

A new, direct communications channel is actually good news. Assuming there are humans on the other side, the best strategy here is to use it. Everyone with a question, start dialing. Take notes, and after the call, publish them online and describe your experience, good or bad. They will have to...

Fascinating. You seem to have discovered (accidentally, of course - I understand) a den of russian voyeuristic perverts who collaboratively use camera vulnerabilities to exercise their hand and arm muscles. It was very thoughtful of them to choose .hk domain for their home. Well, it was expected...

Repacked IPC_G1_EN_STD_5.4.5_170124 firmware with PSH disabled. You can load it after you install modified G1 minisystem (search this forum). It won't load via web GUI or through stock minisystem. IPC_G1_EN_STD_5.4.5_170124_mc.zip — RGhost — файлообменник Enjoy.

New file attached to OP. The minisystem can now load unsigned firmware, for example this one: IPC_G1_EN_STD_5.4.5_170124_mc.zip — RGhost — файлообменник This is IPC_G1_EN_STD_5.4.5_170124 modified to disable PSH. No other changes.

Attached is PSH-free minisystem image for G1. You can use it to get full filesystem access. The image comes with a full-featured busybox. The image allows loading unsigned firmware The image will work with U-Boot 3.1.6-279309 (May 11 2017-13:36:13) or earlier. to install rooted minisystem: -...

Just received a G1. Contrary to popular belief, G1 is not an english equivalent of G0. It is a different camera platform based on Ambarella S3L. It resembles R2 -- the amboot does not have any firmware parsing code, it boots a minisystem that flashes digicap.dav. Good news -- amboot does not...

It is possible, I just need to order a G1 to dump AES keys. I already have a pile of cameras I don't use... :) You won't be able to do much with it, unless you gain root access or modify the uboot to accept unsigned firmware. They now check signatures everywhere: - in the bootloader - in...

There are no hidden commands in uboot except "go." that loads sec.bin file from tftp. That file contains the rest of the u-boot, including all the commands you need to directly access ubifs filesystem or memory. Hikvision is obviously not interested in sharing sec.bin, but there have been leaks...