alastairstevenson
Staff member
That probably explains why I couldn't get it to boot from it Dohh.
Hikvision G1 5.5+ firmware Exploring the Cam & attempting unlock
- Thread starter rearanger
- Start date
rearanger
Getting the hang of it
For it to truly to boot totally from sdcard i think you would need to patch uboot.
Last edited:
rearanger
Getting the hang of it
i was hoping someone would recode and update then release into public domain. i have leecher's original source and a compiled version that does many of the hik cams.
rearanger
Getting the hang of it
you can modify the web gui to call the original minisys unprotected update routine. And install the unprotected update from the sdcard.
brainslayer
n3wb
@rearanger yes , but that means that you need to modifiy davinci again. davinci itself contains the update routine and is the webserver and i patched it to ignore the rsa signature if its invalid (you still see the error, but it will still work. if you talk about something different, just tell me
rearanger
Getting the hang of it
minisys also has an update routine. If i remember correctly you can utilize the update routine that minsys uses while the cam is live. From a modified web gui or from the shell prompt. You still need to pack the new digicap.dav(without key)
i could be wrong its been a while since i messed with the cam lol
(i remember i needed a method to update a modified firmware without tftp)
i could be wrong its been a while since i messed with the cam lol
(i remember i needed a method to update a modified firmware without tftp)
brainslayer
n3wb
but this isnt neccessary if everything is already modifed you can flash it anyway. he standard minisys has a update routing. but it has a rsa check too. so whatever you want do, you need to modify it.
the only way i know is booting the modified minishell and flashing with tftp (format/update). if the modified variant is one time flashed you are safe
the only way i know is booting the modified minishell and flashing with tftp (format/update). if the modified variant is one time flashed you are safe
valentin.30395
n3wb
Hi.Does any one have IPC_G1_EN_STD_5.6.5_200316 unpacked? Maybe someone can send the unpacked filesystem?
brainslayer
n3wb
yes i have it unpacked and i also modified it to fix the nas storage issue and to disable the certificate check. i also enable ssh and console access at all. and i flashed 6 cameras already with it
valentin.30395
n3wb
Sir can you please help or maybe just put me in right way on how to unpack this. I PM you
watchful_ip
Pulling my weight
Are you sure you are in the US? Without trying to cause offense, your writing style doesn't match someone living there. I could be wrong of course, but also a US person would put location as US not Us.
brainslayer
n3wb
the author of the unpack tool who sended me the material which allowed me todo the modifications does not want to publish his work officially since some resellers try to buy cheap chinese variants to sell them rebranded for higher prices with international firmwares which is not good for resident companies and it will also lead to even more increased security measures by hikvision. the typical writing style i just know from asian countries gives me a warning here. in addition the unpack tool will not help you in any way since you need to break several security checks. so reverse engineering skills in assembly language are required.
hi dear Rearanger
can you share the hik_repack10 as zip file with me?
rearanger
Getting the hang of it
NO author does not want it shared
mrpeenut24
n3wb
Thanks @rearanger and @montecrypto for the mImage! Got some new G1 cube cams (DS-2CD2455FWD-IW) and got root/ash in under a day. The updated mImage worked on my uboot version 3.1.6-540659. Can someone point me in the right direction for rebuilding the firmware with the newer busybox posted? I've scp'd it in, but it disappears upon reboot, hoping for something longer term. Is it possible to repack it into digicap.dav?
rearanger
Getting the hang of it
just use a script to copy it across or install from the sd card. think there is an old montecrypto repacked digicap.dav in the forum.
mrpeenut24
n3wb
didn't even think of the SD card. I should hang around here more often. With the executable binaries on that, I'm not sure I even need to bother rebuilding. Thanks.rearanger
Getting the hang of it
You can dump it on the cam if you do not have sdcard, but you will need to clear space.
mrpeenut24
n3wb
I ended up rebuilding the digicap.dav anyway with this modified initrun.sh:
Bash:
if [ -f /mnt/mmc01/busyboxG1-2 ] ; then
cp /mnt/mmc01/busyboxG1-2 /bin/busybox2
fi
if [ -f /bin/busybox2 ] ; then
for a in `/bin/busybox2 --list`; do
if [ -f /bin/$a ] ; then
/bin/busybox2 rm /bin/$a
fi
/bin/busybox2 ln -s /bin/busybox2 /bin/$a
done
fi
sed -i 's/psh/sh/g' /etc/passwdjaceiondalen
n3wb
I'm waiting on another 4 pin 1.0mm adapter... so I have about 40 coming. I'm sure I'll lose them all again.
Showbox jiofi.local.html tplinklogin
Showbox jiofi.local.html tplinklogin