Alternative way of recovering HikVision NVR password

ceba1962

n3wb
Joined
Jan 13, 2020
Messages
3
Reaction score
1
Location
Australia
Thanks so much, that was the password that I put originally, but the system does not respond to that password it says that the password is incorrect (cameras and NVR). Any ideas what could be happening?
Regards
Carlos
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
the system does not respond to that password it says that the password is incorrect (cameras and NVR). Any ideas what could be happening?
The password extracted from the camera should work on the camera, and by default it will also be the NVR password, if the camera was added to the NVR PoE port in Plug&Play mode - and if the optional 'alternate camera password' has not been set in the NVR VGA/HDMI Camera Management interface.

Did you reset the camera to an Inactive (reset to defaults) state and then connect it to an NVR PoE port?
Or did you just extract the configuration file with the camera in its normal running state?

To confirm that the password works or not in the camera - suggestion :
Set the PC IP address to a value as used by the NVR PoE ports, usually in the range 192.168.254.x so maybe 192.168.254.100
Connect the PC to an unused NVR PoE port.
Use SADP to confirm the IP address of the camera, double-click on the camera IP address in SADP.
This will launch the browser.
Check if you can log in with admin/Admin1234
 

ceba1962

n3wb
Joined
Jan 13, 2020
Messages
3
Reaction score
1
Location
Australia
Bingo, that was a very clear way to explain, Yep I could log into the camera and now the NVR. Now I'm going to change passwords and hopefully everything will be more secure now.
I really appretiate your time and thanks again
Regards
Carlos
 
Joined
Feb 24, 2020
Messages
1
Reaction score
0
Location
Erbil
Hi,
I'm new to this. Need some help from experts. I have forgot the NVR admin password. Herewith I have attached the details and SADP exported file.
Device Information
Firmware Version*:V3.4.90build 160926
Complete Device Serial Number*:DS-9664NI-I81620151130CCRR559857238WCVU
Current date on device* :2020-02-23
Device start time & date on SADP* :(2-23-2020 12:50:51 AM)

Appreciate if you can help me to rest the password.
 

Attachments

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
That reset file needs Hikvision private data for a response.

But if you have a Hikvision PoE-connected camera on the NVR, the configuration file can be extracted given the right version of firmware, as per the guide in this thread.
 

sfitz527

Getting the hang of it
Joined
Apr 25, 2016
Messages
24
Reaction score
34
Great information here! @alastairstevenson Would you be able to view the password in the attached configuration file. I believe I followed the correct steps with an older DS-2CD2032F, running V5.3.0 with a reset button! The NVR I am trying to make use of was an eBay purchase where the seller doesn't know the password.

Thanks,
Sean
 

Attachments

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
Hello Sean,
I should be able to do that for you, but it will have to be tonight as I'm away from home base just now.
Catch you later.
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
I believe I followed the correct steps with an older DS-2CD2032F, running V5.3.0 with a reset button!
It looks like you have!
The admin password for the HIKVISION DS-2CD2032F-I - 603357533
camera is :
justinjordan1

Hopefully the NVR settings will have been the default where it uses it's own password to 'Activate' Plug&Play cameras.
Good luck!
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
Not THE Justin Jordan!
Justin Jordan is an American comics writer. He is known for co-creating The Strange Talent of Luther Strode and its two sequels, and for writing 22 issues of Green Lantern: New Guardians.
More likely just a fan of his.
Or even more likely a namesake.

1584224172698.png

The NVR I am trying to make use of was an eBay purchase
Hopefully not one of the many that I was watching.
The last one I bought cost £2.70 plus shipping.
It sort of works but needs a replacement flash chip, as the existing one is slightly unstable.
Need to find my CH341A.
 

sfitz527

Getting the hang of it
Joined
Apr 25, 2016
Messages
24
Reaction score
34
@alastairstevenson Thank you, that did the trick! It was a September buy for a project that got sidelined, so rest assured I didn't snatch this one from you.
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
hoping you can spare a little time to help me out with a DS-2CD2332-I that the password was lost on.
Of course, always fun to do that, and see what interesting passwords get used ...

The good news :
The password for admin is
asdf1234

The bad news :
Your camera has been hacked.
That's one of the passwords that the hackbots use.

The camera is presumably accessible from the entire internet, and is very vulnerable to being exploited.
This puts your LAN, the devices on it, and your data, at risk of being compromised.

If you have not deliberately configured 'port forwarding' - turn off UPnP in the router, and the camera, to stop the camera itself allowing the external access.
If you have configured port forwarding for remote access - it's a big risk, despite it being easy and convenient.
Take the time to check out and implement a VPN remote access solution, as many have done on this forum.
Lots of how-tos and user experiences on here, do some searches.
 

xerophile

n3wb
Joined
Mar 16, 2020
Messages
3
Reaction score
0
Location
USA
Thanks so much! Ugh, that explains why no one could get into it. Really odd though, no port forwarding set up at all. Will need to investigate further.
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
Check for external access being allowed with something like ShieldsUp! - use the full port scan.

Really odd though, no port forwarding set up at all.
UPnP is / was on by default in Hikvision cameras.
Best turn it off, check the networking configuration.
And it would have to also be on in the router.
Best disable that also.
 

xerophile

n3wb
Joined
Mar 16, 2020
Messages
3
Reaction score
0
Location
USA
Must have been UPnP. Port scan came up clear as did all the other tests on GRC. (Cool site, I had not used that one before).

Turned off now!

Thanks again!
 

sfitz527

Getting the hang of it
Joined
Apr 25, 2016
Messages
24
Reaction score
34
@alastairstevenson How complicated is the process to decrypt the configuration files/is there a way to make that process not too complex? I found a few steps on the Google that involve downloading ubuntu subsystem and installing openssl. I am not familiar with either but would be willing to play around with. Do those steps sound like the correct path to venture down?

Knowing this method exists would make purchasing used NVR's much less frightening as I've spent quite a fair share of time negotiating with tech support to reset a device because I didn't purchase from an authorized dealer (ebay). If you have time in the week I have two additional Hik OEM NVRs that have unknown passwords. They fed the password to an inactivated camera just as expected. These NVRs might have been on your watch list, as I am pretty happy to pick-up a 16ch 4k NVR for less than $100 :) Please no rush to take your time.
 

Attachments

Oleglevsha

Getting the hang of it
Joined
Jan 25, 2015
Messages
299
Reaction score
77
Location
Россия г.Волгоград
There is an easy way to decrypt the configuration file. Follow the link and enter your file into the web form presented online on the page, after which you will receive a decrypted file.
See Method 3
The file that you downloaded from the server should be uploaded to the site with the online HEX editor, and enter the camera login in the Search window. Nearby you will see the password for the camera.
 
Top