Dahua Enable Telnet

cor35vet

IPCT Contributor
Joined
Jun 23, 2016
Messages
337
Reaction score
246
But as long as it's just a different firmware for the same exact camera, then the same utelnetd will work?



So if I patched the new firmware (that has signature) then I could not load this firmware through the web interface like normal?

My hesitation to try the new firmware is because another poster had problems with it. I would be willing to try it if I could easily downgrade back to the old firmware if I had the same problems...If I'm understanding correctly, there's no way (other than a serial cable connection) to downgrade the signed firmware to older non-signed? Not even a TFTP connection alone could downgrade it to an unsigned firmware?
Yeah the same utelnetd works on the same camera, well in theory Dahua could change the libc being used but that doesn't happen.

I can modify the new firmware and remove the signature check, done it before pretty easy. Then you can flash back via the webui too.
 

wxman

Pulling my weight
Joined
Feb 15, 2015
Messages
631
Reaction score
163
Location
Southern United States
I can modify the new firmware and remove the signature check, done it before pretty easy. Then you can flash back via the webui too.
Would you be willing to remove the signature check on the new NTSC firmware? Hate to put you to any trouble. If I knew how to do it, I would do it myself.
 

cor35vet

IPCT Contributor
Joined
Jun 23, 2016
Messages
337
Reaction score
246
Would you be willing to remove the signature check on the new NTSC firmware? Hate to put you to any trouble. If I knew how to do it, I would do it myself.
Sure, I can do that today.
 

wxman

Pulling my weight
Joined
Feb 15, 2015
Messages
631
Reaction score
163
Location
Southern United States
Sure, I can do that today.
Thanks! Appreciate it more than you know.

What about the other poster that upgraded to the new firmware and is having problems? Since signature check is already in his cam now, his only option for downgrading would be to take the unit down and connect a serial cable? or could he just TFTP the old firmware?
 

cor35vet

IPCT Contributor
Joined
Jun 23, 2016
Messages
337
Reaction score
246
Thanks! Appreciate it more than you know.

What about the other poster that upgraded to the new firmware and is having problems? Since signature check is already in his cam now, his only option for downgrading would be to take the unit down and connect a serial cable? or could he just TFTP the old firmware?
Once I get that printenv info this method can be used: Dahua IPC EASY unbricking / recovery over TFTP
 

cor35vet

IPCT Contributor
Joined
Jun 23, 2016
Messages
337
Reaction score
246
Since he and I both have the exact same model camera, would the printenv output on mine be the same as his? or would he have to get telnet access first and check the printenv on his unit?
The info I need would be the same, some stuff would be different like the serial number - but as I said not important
 

wxman

Pulling my weight
Joined
Feb 15, 2015
Messages
631
Reaction score
163
Location
Southern United States
The info I need would be the same, some stuff would be different like the serial number - but as I said not important
Ok, I'll point him this direction and let him know that the downgrade is doable. He may not even want to take the time to mess with it and rather just put up with the firmware bugs.

Interestingly, I see the latest "PTZ" firmware has added a "sign.img" file too. The other poster had to upgrade that PTZ firmware first before his unit would accept the new PAL/NTSC firmware. Ever tried removing the signature from the PTZ firmware part?
 

cor35vet

IPCT Contributor
Joined
Jun 23, 2016
Messages
337
Reaction score
246
Ok, I'll point him this direction and let him know that the downgrade is doable. He may not even want to take the time to mess with it and rather just put up with the firmware bugs.

Interestingly, I see the latest "PTZ" firmware has added a "sign.img" file too. The other poster had to upgrade that PTZ firmware first before his unit would accept the new PAL/NTSC firmware. Ever tried removing the signature from the PTZ firmware part?
You can't just "remove the signature". You can remove the check from a firmware, but then the signature doesn't match anymore and the camera won't accept it.
If you are on a firmware that checks the signature then you can only flash signed firmware and only dahua can sign it because only they have the private key.
And the only way then is to flash through the bootloader, either by using serial or the upgrade_info file.
 

wxman

Pulling my weight
Joined
Feb 15, 2015
Messages
631
Reaction score
163
Location
Southern United States
You can't just "remove the signature". You can remove the check from a firmware, but then the signature doesn't match anymore and the camera won't accept it.
If you are on a firmware that checks the signature then you can only flash signed firmware and only dahua can sign it because only they have the private key.
And the only way then is to flash through the bootloader, either by using serial or the upgrade_info file.
Ok, makes sense. Well then can the "signature check" be just as easily removed from the PTZ firmware too? For my unit, I'm currently on the January 2017 PTZ version which does not do a security check. Apparently, the latest version of it (May 2017) does do a security check. The other poster said his cam would not accept the latest PAL/NTSC (September 2017) firmware until he first upgraded to the PTZ firmware to the May-2017. I really would not want to update the PTZ version of mine either unless there was an easy way to revert it back too if it caused issues.

In other words, my current setup is:
  • PTZ Firmware: Jan 2017 (no security check)
  • NTSC Firmware: Nov 2016 (No security check)
I would like to be able to update to:
  • PTZ Firmware: May 2017 (Has security check)
  • NTSC Firmware: Sept 2017 (Has security check)
Providing the security check could be removed from both where I could downgrade both back to the current versions using the web interface if there were problems.
 

cor35vet

IPCT Contributor
Joined
Jun 23, 2016
Messages
337
Reaction score
246
Ok, makes sense. Well then can the "signature check" be just as easily removed from the PTZ firmware too? For my unit, I'm currently on the January 2017 PTZ version which does not do a security check. Apparently, the latest version of it (May 2017) does do a security check. The other poster said his cam would not accept the latest PAL/NTSC (September 2017) firmware until he first upgraded to the PTZ firmware to the May-2017. I really would not want to update the PTZ version of mine either unless there was an easy way to revert it back too if it caused issues.

In other words, my current setup is:
  • PTZ Firmware: Jan 2017 (no security check)
  • NTSC Firmware: Nov 2016 (No security check)
I would like to be able to update to:
  • PTZ Firmware: May 2017 (Has security check)
  • NTSC Firmware: Sept 2017 (Has security check)
Providing I could downgrade both back to the current version using the web interface if there were problems.
There is only one firmware, the different versions PAL/NTSC PTZ?? don't mean much, at least it doesn't matter for me - no clue if they have different functions / options.
Anyways send me the firmware you want me to modify.
 

wxman

Pulling my weight
Joined
Feb 15, 2015
Messages
631
Reaction score
163
Location
Southern United States
There is only one firmware, the different versions PAL/NTSC PTZ?? don't mean much, at least it doesn't matter for me - no clue if they have different functions / options.
Anyways send me the firmware you want me to modify.
From what I was told, the PTZ firmware (small file size) was for the housing and it's pan/tilt motors, where the PAL/NTSC firmwares (larger file size) was for the zoom module....Example I was given was "2 cameras use the same housing and pan/tilt motors but different style zoom modules....Both cameras use the same PTZ firmware since they have the same housing & pan/tilt motors but each use separate PAL/NTSC firmware because they have different zoom modules...If that was accurate, I have no clue..On the web user interface, it gives your current version of both...It lists the PAL/NTSC as "software version" and the PTZ as "PTZ Version"....See picture for screen shot...It shows I'm on the software version 2.422 and the PTZ version is 3.02.20......Latest software version is 2.600 where the latest PTZ version is 3.02.93.....

Anyway, I'll upload both for you to look at....The SD-Mao-Rhea V2.600.0000.2.R is the one I would like to have the security check removed and Telnet access added......

If you can at least take a look at the other PTZ software (3.02.93) to see if there's any sign of a security check that could be removed. May not be anything that can be done with that file, though..
 

Attachments

wxman

Pulling my weight
Joined
Feb 15, 2015
Messages
631
Reaction score
163
Location
Southern United States
The PTZ firmware is for some other chip I guess, it's just some tiny blob.
And here's the patched main firmware: https://i.botox.bz/DH_SD-Mao-Rhea_EngSpnFrn_N_Stream3_IVS_V2.600.0000.2.R.20170905.bin
Removed the signature check, the region check and added telnet on port 2300.
Thanks! I'm trying the first one you did out now...It took the firmware and the cam seems to be working properly. Trying Telnet on port 2300 I'm getting to the login screen (couldn't do that before!)....But I'm getting an "invalid name/password" error when trying to log in....
 

cor35vet

IPCT Contributor
Joined
Jun 23, 2016
Messages
337
Reaction score
246
Thanks! I'm trying the first one you did out now...It took the firmware and the cam seems to be working properly. Trying Telnet on port 2300 I'm getting to the login screen (couldn't do that before!)....But I'm getting an "invalid name/password" error when trying to log in
Are you using the info from this thread? It should work unless Dahua changed something, in which case I'll look at it later.
 

wxman

Pulling my weight
Joined
Feb 15, 2015
Messages
631
Reaction score
163
Location
Southern United States
Scratch that...Just tried for a 3rd time and it accepted. Must have been typing something wrong...Now let me see if I can do some exploring around in this thing without fucking anything up! lol
 

wxman

Pulling my weight
Joined
Feb 15, 2015
Messages
631
Reaction score
163
Location
Southern United States
I see printenv in the /bin directory, but says "applet not found".....:


/bin # ls
whoami sync mv ipaddr date
who stat mount ip cut
vi sleep more hush cp
unzip sh mknod head chown
unlzma seq mkdir grep chmod
uname sed mdev fsync chgrp
umount rmdir ls free cat
udpsvd rm login flash_eraseall busybox
udhcpd pwd ln find bash
touch ps less fgrep ash
top printenv killall5 env arping
tftpd pkill killall egrep [[
tftp ping6 kill echo [
test ping iptunnel du
telnet nslookup iprule dmesg
tcpsvd nice iproute df
tail netstat iplink dd
/bin #
/bin # printenv
printenv: applet not found
/bin #
 

cor35vet

IPCT Contributor
Joined
Jun 23, 2016
Messages
337
Reaction score
246
I see printenv in the /bin directory, but says "applet not found".....:


/bin # ls
whoami sync mv ipaddr date
who stat mount ip cut
vi sleep more hush cp
unzip sh mknod head chown
unlzma seq mkdir grep chmod
uname sed mdev fsync chgrp
umount rmdir ls free cat
udpsvd rm login flash_eraseall busybox
udhcpd pwd ln find bash
touch ps less fgrep ash
top printenv killall5 env arping
tftpd pkill killall egrep [[
tftp ping6 kill echo [
test ping iptunnel du
telnet nslookup iprule dmesg
tcpsvd nice iproute df
tail netstat iplink dd
/bin #
/bin # printenv
printenv: applet not found
/bin #
Well.... You have to do printenv in the u-boot shell xd
but you can do this instead: cat /proc/mtdinfo and look for hwid
cat /dev/mtd1ro (when mtd1 is hwid in mtdinfo) and you should basically get what printenv does
 

cor35vet

IPCT Contributor
Joined
Jun 23, 2016
Messages
337
Reaction score
246
I have never heard about that problem and I have no clue what is causing it or how to fix it.
But I do know that NFS works fine for me...
I guess you've turned off the delete option in the settings? I think it's next to the auto reboot setting.
 

cor35vet

IPCT Contributor
Joined
Jun 23, 2016
Messages
337
Reaction score
246
Holy Crap, could that be all that it is? Freaking a. Crazy paranoid ranting and it was just a cool setting built into the camera?? Note to self....
And thanks. I'm really embarrassed.
Good job. I didn't dare to ask at first because it seemed kinda obvious to check the settings lmao.
 
Top