Hikvision FIRMWARE TOOLS - change language, extract files and create own firmware

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
can anyone help me by teamviewer about my problem, and anyother method of flash firmware of ds-7332hghi-sh with rs-232.
You probably just need to fix the tftp updater setup.
From your other post:
ip of my laptop is 192.0.0.128
But the screenshot shows that the laptop is using 192.168.10.12
Are you using WiFi on the laptop?
 

Habib

n3wb
Joined
Oct 31, 2017
Messages
7
Reaction score
1
sorry i was using tftp without router direct from dvr to pc. Now my problem is resolved. Thank you very much alastairstevenson.
I have another issue with my another dvr that customer added serial no with an id and now he forget id in which he added dvr serial no for online. Now when serial no added to any mobile it shows that device is already added. with factory reset also not solved this problem.
 

habeschi

n3wb
Joined
Oct 27, 2017
Messages
21
Reaction score
0
Hi There

i have a HikVision OEM (ANNKE) DVR.
ANNKE send me the latest firmware (digicap.dav).
I just want to change the logo/image which you can see if there is no camera connected.
How can i do this? Because I couldn't find an image file in the firmware

Thanks
 

nM7B

n3wb
Joined
Nov 11, 2017
Messages
3
Reaction score
0
Location
UK
Hello everyone,

I am new on here, and have decided to share my concerns looking for getting some help.

I have purchased 2 x DS-2CD2135F-IWS from an eBay seller, where I was told they are Multi-language models, which basically means, they are Chinese with an "firmware mod" to be able to show several languages in Web GUI.
One of the cameras came with firmware version 5.4.0 build 160401 ( serial number containing AA and CH ) and the other one is 5.4.24 build 170303 ( serial with AA and WR ). Seller told me repeatedly not to update the firmware, otherwise, it would revert to chinese language only. Also told me that Hikvision recommend to not update firmware unless if any problem comes up, which I think is false, because manufacturers usually recommend to use the latest versions in order to fix security issues or improve some features.

As both cameras are Wireless, both are also vulnerable to the recent WPA2 security hole named KRACK. Hikvision states that some models, where the 2xx5 is included, are vulnerable to this problem if using 5.4.0 firmware. They have fixed this issue on later versions like 5.4.5, however, I can not use the European or US firmware file to update my cameras, as I am afraid they may get bricked.
So I have searched on Hikvision Chinese web site, and found out a file that matches my model, which is "IPC_G0_CN_STD_5.4.41_170710".
Here's the direct link : 海康威视是以视频为核心的物联网解决方案提供商

My question is : As the file was downloaded from CN website, can I use it without any problem to update my cameras ? To get Multi-language GUI again, do I need to modify the file "before" or "after" to proceed the update ?

All help would be much appreciated :)

Many thanks
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
As both cameras are Wireless, both are also vulnerable to the recent WPA2 security hole named KRACK. Hikvision states that some models, where the 2xx5 is included, are vulnerable to this problem if using 5.4.0 firmware. They have fixed this issue on later versions like 5.4.5,
Where did you read this? Please provide a link.
As far as I know, the most recent security advisories from Hikvision relate to the 'Hikvision backdoor' privilege escalating vulnerability which is fixed in 5.4.41 and later firmware, example : http://hikvision.com/us/about_10807.html
My question is : As the file was downloaded from CN website, can I use it without any problem to update my cameras ?
That firmware linked has only CN ('zh') language files within it.
 

nM7B

n3wb
Joined
Nov 11, 2017
Messages
3
Reaction score
0
Location
UK
Where did you read this? Please provide a link.
Hi, as you should know, all Wireless devices are vulnerable to KRACK attacks, such as Routers, Phones, IP cameras, TV's, etc.... there are many threads over the internet, but you can check in this one for example: www.draytek.co.uk/information/our-technology/wpa2-krack-vulnerability

So unless manufacturers fix this issue with a firmware update, all Wifi devices keep vulnerable to this attack, which lead attacker to gain administration access of the victim device's. I think Hikvision have fixed this issue on 5.4.5 firmware, but maybe I might be wrong ?



Regarding the firmware file I mentioned, I had no idea that it has only Chinese language on it. What file should I use and where exactly can I get to update my cameras and keep with Multi-language web interface ? Because I only found the one that matches my model at the Chinese page....

Thank you
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
Hi, as you should know, all Wireless devices are vulnerable to KRACK attacks, such as Routers, Phones, IP cameras, TV's, e
Certainly very many - but by no means all. It depends on which specific code has been used in the embedded device.
They have fixed this issue on later versions like 5.4.5, however,
But it was actually this quote I was asking about - stating that Hikvision have fixed this.
Where did you read this?
 

nM7B

n3wb
Joined
Nov 11, 2017
Messages
3
Reaction score
0
Location
UK
Certainly very many - but by no means all. It depends on which specific code has been used in the embedded device.

But it was actually this quote I was asking about - stating that Hikvision have fixed this.
Where did you read this?

Well as far as I read (....Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks....) except some particular cases, very few ones. I did not read that Hikvision cameras are vulnerable to this attack, but as firmware is based in Linux and they mention "all Wifi cameras are vulnerable", hence why I have assumed Hikvision as well

Regarding the firmware, unfortunately, I am not able to get the Multi-Language file to my cameras. May I need to get it from Hikvision USA or Europe ?
 

habeschi

n3wb
Joined
Oct 27, 2017
Messages
21
Reaction score
0
After i extracted the cramfs file i get some .tar.lzma files.
i cant extract these files (tried in with windows and ubuntu).
any idea how i can extract them?
 
Joined
Nov 27, 2017
Messages
5
Reaction score
0
Where did you read this? Please provide a link.
As far as I know, the most recent security advisories from Hikvision relate to the 'Hikvision backdoor' privilege escalating vulnerability which is fixed in 5.4.41 and later firmware, example : Hikvision USA

That firmware linked has only CN ('zh') language files within it.
Also new here, I have a DS-2CD3325-I20160113AACH with V5.3.8 build 160108 firmware on it, camera keeps resetting all changes made to it in the GUI after about 8-10 hours, hik-connect says device is offline,however the IP adress doesn't change neither is the password ( I changed my gateway from 192.168.178.x to the adress that is default in the camera 192.168.1.64.......reserved the mac adress from the camera to get 192.168.1.64 specific and put that adress in the DMZ of the router) .
however cam still keeps resetting date/colour/eventdetection etc.... drives me crazy!
I also only found a new firmware version on the same chinese website ( V5.4.41/V5.5.2 )
can I upgrade?... doesn't matter if the GUI converts to chinese.... I can dream the layout of it....
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
can I upgrade?... doesn't matter if the GUI converts to chinese.... I can dream the layout of it....
I'm guessing - and it is a guess - that your CN camera will be OK with the CN firmware.
And you can do the configuration in the language of your PC with the Batch Configuration Tool from here : Hangzhou Hikvision Digital Technology Co. Ltd.
Hopefully you don't have the camera connected to an NVR which if the camera changes to CN would reject it with 'language mismatch'.

On the cause of the problem - presumably malicious access from the internet may be the cause - it may be worth checking what ports are actually open versus what you think are open by doing a full port scan using ShieldsUp! here : GRC | ShieldsUP! — Internet Vulnerability Profiling  
 
Joined
Nov 27, 2017
Messages
5
Reaction score
0
I'm guessing - and it is a guess - that your CN camera will be OK with the CN firmware.
And you can do the configuration in the language of your PC with the Batch Configuration Tool from here : Hangzhou Hikvision Digital Technology Co. Ltd.
Hopefully you don't have the camera connected to an NVR which if the camera changes to CN would reject it with 'language mismatch'.

On the cause of the problem - presumably malicious access from the internet may be the cause - it may be worth checking what ports are actually open versus what you think are open by doing a full port scan using ShieldsUp! here : GRC | ShieldsUP! — Internet Vulnerability Profiling
Alastair tnx for the reply, Cam not connected to an NVR, just for watching on Desktop ( i-mac) and tablet/phone......

did a portscan on my IP adress:

Open TCP Port: 80 http
Open TCP Port: 554 rtsp
Open TCP Port: 8000 irdmi
Open TCP Port: 8200 trivnet1
Open TCP Port: 9010
Open TCP Port: 9020 tambora
Open TCP Port: 49152
Open TCP Port: 61894
Open TCP Port: 62127
Open TCP Port: 62571

this is the result of your link GRC ShieldsUP..: THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
Joined
Nov 27, 2017
Messages
5
Reaction score
0
Did you try the 'full port scan'?

It looks like there might be 2 choices - which one gave an 'incompatible' result?
海康威视是以视频为核心的物联网解决方案提供商
海康威视是以视频为核心的物联网解决方案提供商
The first link is the correct one ( for the 2ds3xx5 series ) the second link is for the 2 series...
The download resulted in 3 firmware versions...
1: IPCR_E3_CN_STD_5.5.2_171013 zip
2: IPC_G0_CN_STD_5.4.41_170710 zip
3: IPC_G0_CN_STD_5.5.41_170717 zip
none of them digicap files worked....." The type of upgrade file mismatches. " ........:(
 
Last edited:
Joined
Nov 27, 2017
Messages
5
Reaction score
0
Surprisingly enough after lowering the quality of the video feed ( medium instead of highest and bitrate variable with 1024 max. bitrate the Cam now has not resetted for about 12-14 hours.... could it be a ' overload ' or network issue ? I have a 280MBit internet connection ...

DAMN...next morning, everything resetted again!
 
Last edited:

arenaMTG

n3wb
Joined
Dec 5, 2017
Messages
1
Reaction score
0
pls recommented International firmware for DS-7808N-K2

thank you .
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
i get the message "file not encrypter"
i tried the tar.lzma files and the new_10.bin
same result
By using what commands?

Here is a worked example:
Code:
alastair@PC-I5 ~/cctv/NVRFirmware/3.4.96/NVR_K41_BL_ML_STD_V3.4.96_170921/contents/cramfs_files $ ll
total 15904
drwxr-xr-x 2 alastair alastair    4096 Dec 22 20:22 ./
drwxr-xr-x 3 alastair alastair    4096 Oct 21 19:49 ../
-rw-r--r-- 1 alastair alastair 2425872 Jan  1  1970 gui_res.tar.lzma
-rw-r--r-- 1 alastair alastair     616 Jan  1  1970 new_10.bin
-rw-r--r-- 1 alastair alastair    2968 Jan  1  1970 start.sh
-rw-r--r-- 1 alastair alastair 6867720 Jan  1  1970 sys_app.tar.lzma
-rw-r--r-- 1 alastair alastair 3183432 Jan  1  1970 uImage
-rw-r--r-- 1 alastair alastair 3780896 Jan  1  1970 webs.tar.lzma
alastair@PC-I5 ~/cctv/NVRFirmware/3.4.96/NVR_K41_BL_ML_STD_V3.4.96_170921/contents/cramfs_files $ hd -n 128 new_10.bin
00000000  e8 9a f3 81 c6 3e c2 7c  86 d5 28 92 76 c2 77 c6  |.....>.|..(.v.w.|
00000010  86 d5 28 92 76 c2 77 c6  86 d5 28 92 76 c2 77 c6  |..(.v.w...(.v.w.|
00000020  90 c4 ad 95 42 4f 53 b0  11 c5 14 30 83 50 b7 ac  |....BOS....0.P..|
00000030  86 d5 28 92 76 c2 77 c6  86 d5 28 92 76 c2 77 c6  |..(.v.w...(.v.w.|
*
00000060  86 d5 28 92 76 c2 77 c6  a2 cb c9 55 5a 8b 98 b1  |..(.v.w....UZ...|
00000070  b0 2d f7 b1 df f5 22 84  dd 02 65 35 44 3a f5 b0  |.-...."...e5D:..|
00000080
alastair@PC-I5 ~/cctv/NVRFirmware/3.4.96/NVR_K41_BL_ML_STD_V3.4.96_170921/contents/cramfs_files $ hikpack_2.5 -t k41 -d new_10.bin -o dec_new_10.bin
alastair@PC-I5 ~/cctv/NVRFirmware/3.4.96/NVR_K41_BL_ML_STD_V3.4.96_170921/contents/cramfs_files $ hd -n 128 dec_new_10.bin
00000000  06 06 16 20 00 00 00 00  00 00 00 00 00 00 00 00  |... ............|
00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000020  00 00 00 00 05 00 00 00  72 6f 6f 74 0a 00 00 00  |........root....|
00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000060  00 00 00 00 00 00 00 00  54 68 75 20 53 65 70 20  |........Thu Sep |
00000070  32 31 20 32 30 3a 31 33  3a 35 34 20 32 30 31 37  |21 20:13:54 2017|
00000080
alastair@PC-I5 ~/cctv/NVRFirmware/3.4.96/NVR_K41_BL_ML_STD_V3.4.96_170921/contents/cramfs_files $
 
Top