Evening.
Looking for some advice re password recovery on a Hikvision NVR DS-7204HQHI-F1. Parents in law's box shows in SADPTool but they're locked out. Supplier no longer around and Hikvision UK (understandably) not forthcoming with admin password from XML file extracted using SADPTool.
Can remote control his mac and run things there but not sure best way forward and looking for advice.
The installed software version is v3.4.81 build 170227 and so far I've tried:
(1) Every variation of his usual passwords I can think ok
(2) Default admin password of 12345
(3) Factory reset (hoping that would get us back to default pwd - didn't sadly)
(4) Couple of versions of the backdoor exploit.
(5) hikvision-decrypter-1.0 - said it had successfully decrypted but what it saved wasn't illuminating (code looks to be an AES128 decrypt followed by some XOR stuff) - from GitHub - WormChickenWizard/hikvision-decrypter: A simple cross platform program written in C++ used for decrypting the configuration files created by Hikvision Security Cameras. Successor to my hikvision-xor-decrypter. Pages online suggest a file which when opened in hex editor will have admin then shortly afterwords the admin password. Can't see "admin" in there.
Some posts here suggest that there are 2 versions of the exported XML format - one with 2 extra bytes which muck up the OpenSSL decrypt.
So... looking for a bit of advice if anyone can help.
Should that hikvision-decrypter code work on the XML exported by SADPTool?
If not, is there other code out there which will (happy in C, C++, Python etc etc).
If not, is there an online tool (or service) which will do the trick?
If not, is best bet just to pull the CMOS battery out, reboot and use the default password?
Any advice gratefully received.
Woolybear
Looking for some advice re password recovery on a Hikvision NVR DS-7204HQHI-F1. Parents in law's box shows in SADPTool but they're locked out. Supplier no longer around and Hikvision UK (understandably) not forthcoming with admin password from XML file extracted using SADPTool.
Can remote control his mac and run things there but not sure best way forward and looking for advice.
The installed software version is v3.4.81 build 170227 and so far I've tried:
(1) Every variation of his usual passwords I can think ok
(2) Default admin password of 12345
(3) Factory reset (hoping that would get us back to default pwd - didn't sadly)
(4) Couple of versions of the backdoor exploit.
(5) hikvision-decrypter-1.0 - said it had successfully decrypted but what it saved wasn't illuminating (code looks to be an AES128 decrypt followed by some XOR stuff) - from GitHub - WormChickenWizard/hikvision-decrypter: A simple cross platform program written in C++ used for decrypting the configuration files created by Hikvision Security Cameras. Successor to my hikvision-xor-decrypter. Pages online suggest a file which when opened in hex editor will have admin then shortly afterwords the admin password. Can't see "admin" in there.
Some posts here suggest that there are 2 versions of the exported XML format - one with 2 extra bytes which muck up the OpenSSL decrypt.
So... looking for a bit of advice if anyone can help.
Should that hikvision-decrypter code work on the XML exported by SADPTool?
If not, is there other code out there which will (happy in C, C++, Python etc etc).
If not, is there an online tool (or service) which will do the trick?
If not, is best bet just to pull the CMOS battery out, reboot and use the default password?
Any advice gratefully received.
Woolybear