Menu
What's new

R0 / DS-2CD2x32 BrickfixV2 brick recovery and full upgrade tool - enhanced.

P

Pilaf

n3wb
Joined
Jul 11, 2014
Messages
1
Reaction score
0
Thank you, just updated 3 Hikvision 2132 mini domes from 5.1.2 to 5.4.5.
Great job and perfect tutorial on Youtube...and after the final reboot there was a huge surprise, no english language but dutch...thumbs up.

Update: had a problem with 5.4.5 RTSP connection both on synology and livecams pro app. After reading some tips from other topics the problem is solved by changing the admin password, the one I created after the update was (how strange) to complicated. Password is now, 1 character, 1 capital letter, some small letters and numbers but less than 15 in total.
 
Last edited:
P

Plasman

Young grasshopper
Joined
Apr 2, 2016
Messages
49
Reaction score
3
Were the DS-2CD2335-i cameras (Chinese origin firmware 5.3.6) subject to the backdoor exploit. I ask because suddenly 3 of my 10 cameras are not connecting to Blue Iris with a password error. I see the cameras in SADP but can no longer log in. Have I been hacked?
 
alastairstevenson

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,946
Reaction score
6,784
Location
Scotland
That specific model frequently has hacked firmware of indeterminate version origin. But stock firmware of 5.4.0 and almost all earlier versions had the backdoor vulnerability.
So yes, they could have been hacked, if you have allowed inbound access from the internet. Or if both your router and the cameras have UPnP enabled.
To fix this you could use the @bp2008 updated password reset tool in the sticky, or you could do a forum search for a method of extracting the configuration file, decrypting and decoding it to reveal the changed password.
 
P

Plasman

Young grasshopper
Joined
Apr 2, 2016
Messages
49
Reaction score
3
alastairstevenson said:
That specific model frequently has hacked firmware of indeterminate version origin. But stock firmware of 5.4.0 and almost all earlier versions had the backdoor vulnerability.
So yes, they could have been hacked, if you have allowed inbound access from the internet. Or if both your router and the cameras have UPnP enabled.
To fix this you could use the @bp2008 updated password reset tool in the sticky, or you could do a forum search for a method of extracting the configuration file, decrypting and decoding it to reveal the changed password.
Click to expand...
Thanks very much. You and @bp2008 saved the day!! I first failed with ver 1.0 but then found bp2008's latest 1.1 reset tool and it worked!! So I must have been hacked. So for these Chinese cameras, is there a way to update to 5.4.1 or later (in English) to avoid this problem again?
 
Last edited:
F

fraatti

n3wb
Joined
Dec 26, 2015
Messages
4
Reaction score
0
It's a long time ago when I read this forum last time. More than year ago I asked is it possible to upgrade my cam to safer firmware. Then it wasn't possible. Is anything changed with this? It is littebit difficult to start reading this thread from beginning. Thank you!

Camera model is DS-2CD-2035-I and current FW if (chinese hacked english?) V5.3.6_151215. Platform is G1

I have found following firmwares from european sites:
V5.4.41_Build170310/
V5.4.4_Build161116/
V5.4.4_Build170112/
V5.4.5_Build170124/
V5.4.6_Build170427 (only for vari focal models 26, 27, 2H)/
V5.5.0_Build170725/
V5.5.2_Build170905/
V5.5.3_Build171018/
V5.5.3_Build171025/
V5.5.4_Build171206/
V5.5.51_Build180314/
V5.5.51_Build180326 (Released) Focus issue/
ftp://ftp.hikvisioneurope.com/Product%20Firmware%202018/Front-ends/IP%20Camera/G1%20platform%20(DS-2CD2XX5,DS-2CD2XX3G0)/2XX5%202XX3(non-Fisheye)%20MultiLanguage/
 
Last edited:
O

osamielec

n3wb
Joined
Sep 3, 2015
Messages
24
Reaction score
2
maybe it will be useful. THANKS


This metod works to my new cam DS-2CD2142FWD-I ( v5.5.5)? must downgrade to 5.4.5
Help :)
 

Attachments

Last edited:
R

ryanpeiris

n3wb
Joined
Dec 13, 2016
Messages
5
Reaction score
0
Dear @alastairstevenson,

I desperately need your support. I made a stupid move. While I was following your guide on
"R0 / DS-2CD2x32 BrickfixV2 brick recovery and full upgrade tool - enhanced" I started with Hikvision TFTP update everything was going well. But when I see the message "Completed file "C:\...\digicap.dav" Transmitted" I accidentally closed the TFTP tool thinking everything is completed, without waiting for "system update completed"

After realizing I have made a terrible mistake I tried to reinstall. But I can't seem to get the firmware reinstalled using Hikvision TFTP tool just stays on [192.0.0.128] initialized.
(Firewall is OFF)

When I ran Wireshark I can see ARP broadcast as "42 Who has 192.0.0.128? Tell 0.0.0.0 but TFTP doesn't seem to respond

Also if I had a continuous ping running I can see replies coming from 192.0.0.64 2-3 times after power on.

Why is my TFTP not responding..?
After about good 5 mins SADP tool shows up my camera in IP 192.168.1.64 | port 8000 | software V4.0.xxx | HTTPport : N/A

I tried running TFTP with changing my computer IP to 192.168.1.128. No luck

Please help !!!


Capture.PNGPing.PNGSADP.PNG
 
alastairstevenson

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,946
Reaction score
6,784
Location
Scotland
ryanpeiris said:
But when I see the message "Completed file "C:\...\digicap.dav" Transmitted" I accidentally closed the TFTP tool thinking everything is completed, without waiting for "system update completed"
Click to expand...
I doubt if that would cause any problem - I wouldn't have thought that the update program needs to maintain a channel to the tftp updater in order to process the update.
ryanpeiris said:
When I ran Wireshark I can see ARP broadcast as "42 Who has 192.0.0.128? Tell 0.0.0.0 but TFTP doesn't seem to respond
Click to expand...
It's not the tftp updater that should respond to the ARP request - it's the Windows OS that should do that, independent of what programs are running.
ryanpeiris said:
Why is my TFTP not responding..?
Click to expand...
At a low network level - the camera and PC have not connected.

ryanpeiris said:
After about good 5 mins SADP tool shows up my camera in IP 192.168.1.64 | port 8000 | software V4.0.xxx | HTTPport : N/A
Click to expand...
This is indicative of the camera watchdog timer not being reset by the main davinci program, and triggering a reboot into min-system mode.
But with an IP address of 192.168.1.64 as opposed to the usual 192.0.0.64

Are the camera and the PC connected as normal to a switch / router, ie not connected directly (which can be troublesome with the tftp updater)?
Are you powering the camera with a 12v DC supply - which can work better with the tftp updater than the usual POE connection ?

Suggestion:
Power on the camera, and with the PC IP address set to 192.168.1.128 wait the 5 mins or so until the min-system state appears in SADP and see if a telnet connection to 192.1.168.64 connects.
I'm wondering if the min-system kernel in the camera is set to use 192.168.1.64 instead of the usual 192.0.0.64
I don't recall if that is set by the bootloader environment variables, which could easily be modified.
 
R

R H

n3wb
Joined
Jul 12, 2018
Messages
1
Reaction score
0
Location
UK
Thanks for this, I've unbricked my camera successfully.

I used a Mac - for the initial upload I used the python tftp server here which handles the port 9978 handshake - scottlamb/hikvision-tftpd

This can't receive files, but I found my Mac had a built-in tftp server. It was a bit quirky, as it can't receive files if they don't exist so I had to create 0 byte files to be able to receive them then chmod it 777 so the server could write to it. I found a free GUI to start/stop the server in the Mac's App Store. The hex editor I used didn't support Checksum-16, but I found an old Windows netbook and used HxD in the end for that.
 
R

ryanpeiris

n3wb
Joined
Dec 13, 2016
Messages
5
Reaction score
0
[QUOTE="
Suggestion:
Power on the camera, and with the PC IP address set to 192.168.1.128 wait the 5 mins or so until the min-system state appears in SADP and see if a telnet connection to 192.1.168.64 connects.
I'm wondering if the min-system kernel in the camera is set to use 192.168.1.64 instead of the usual 192.0.0.64
I don't recall if that is set by the bootloader environment variables, which could easily be modified."[/QUOTE]

Dear @alastairstevenson
Sorry, I tried what you've suggested (when camera stars detecting on SASP set computer IP to 192.168.1.128) still no luck.
Also Telnet does not connect to 192.168.1.64.

Yes I have connected camera directly to computer with 12v adaptor. With the same setup I was able to do the TFTP transfer initially, before I closed it. that time it communicated through IP 192.0.0.64

Any other other brilliant ideas I can try out..


I am so thankful to you for the support you are doing for the community.
 
redstorm666

redstorm666

n3wb
Joined
Jul 19, 2018
Messages
2
Reaction score
1
Location
France
Hi,
Many thanks to the author of this brillant procedure.. I've successfuly unbricked my chineese camera (2CD2032F-I) and I'm now running the latest 5.4.5 firmware.
I've bricked it trying to flash the firmware (to fix backdoor issue, as my logs shows illegal access to my cams from Ukrainian hosts..).
Now that my first cam is back to life, I'll update the 2 others ;)

Thanks for putting it all in a nice package/script.. the time you spent is much appreciated, as my afternoon could have ended with a bricked cam without you help.
cheers.
 
alastairstevenson

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,946
Reaction score
6,784
Location
Scotland
redstorm666 said:
I've successfuly unbricked my chineese camera (2CD2032F-I) and I'm now running the latest 5.4.5 firmware.
Click to expand...
Another good result! Well done, and thanks for posting.

But you might want to re-consider the external access - even with the updated firmware, there are considerable risks in allowing access to the whole internet.
 
You must log in or register to reply here.
Top