Alternative way of recovering HikVision NVR password

airborneaussie said:
I'm not sure whether my config file is ok as I was unable to get my camera in an 'inactive' state before plugging it in to the NVR and dumping the config.
Click to expand...
Unfortunately - that doesn't work to extract the NVR password. The camera needs to be 'Inactive' so the NVR needs use it's own password to Activate.

When the NVR tries to add a camera under 'Plug&Play', it first tries the original default passwords of 12345 and 123456789abc and if that works OK, which it will when a camera firmware is old enough not to be 'Inactive' when reset to defaults, it doesn't need to use the NVR password to apply to the camera.
The extracted password for your DS-2CD2032 camera is 12345 - the old default password.

A suggestion though, that will work OK :
Update the camera firmware to 5.3.0 or higher such that when it's reset to defaults, it goes to an 'Inactive' state.
If it's a China region camera, you'll need to convert it to EN to avoid 'bricking' it with the updated firmware.
See the brickfixV2 method here :
R0 / DS-2CD2x32 BrickfixV2 brick recovery and full upgrade tool - enhanced.
 
  • Like
Reactions: airborneaussie
alastairstevenson said:
Unfortunately - that doesn't work to extract the NVR password. The camera needs to be 'Inactive' so the NVR needs use it's own password to Activate.

When the NVR tries to add a camera under 'Plug&Play', it first tries the original default passwords of 12345 and 123456789abc and if that works OK, which it will when a camera firmware is old enough not to be 'Inactive' when reset to defaults, it doesn't need to use the NVR password to apply to the camera.
The extracted password for your DS-2CD2032 camera is 12345 - the old default password.

A suggestion though, that will work OK :
Update the camera firmware to 5.3.0 or higher such that when it's reset to defaults, it goes to an 'Inactive' state.
If it's a China region camera, you'll need to convert it to EN to avoid 'bricking' it with the updated firmware.
See the brickfixV2 method here :
R0 / DS-2CD2x32 BrickfixV2 brick recovery and full upgrade tool - enhanced.
Click to expand...

Thanks for the help Alastair - I'll do as you suggested. I haven't played around with this camera for some time.... It was originally a Chinese version cam with firmware 5.2.3 and I somehow managed to flash English firmware 5.1.6 onto it (not sure how I did this exactly). At any rate, I'd love to be able to upgrade it in future with current English firmware without fear of bricking the thing. I'm keenly aware of the backdoor vulnerability that exists with the older Hikvision firmware!

Just to be clear, I should be able to launch straight in to the instructions that you posted in your brickfix thread without fear of causing any grief from the current firmware?
 
One more question.... Am I safe to install camera firmware 5.4 or newer after the password has been extracted from the config file? Will I need to do anything beyond renaming the (new) firmware 'digicap.dav' and completing the steps outlined in your Brickfix post (below)? To confirm, the edits made using the Hex editor during the brickfix process are permanent?

Again - thank you so much for your help. You are a true asset to the Internet and society in general.

How To Upgrade

  1. Rename the firmware to digicap.dav
  2. Put the firmware under the same folder of this TFTP
  3. Set the IP of computer as 192.0.0.128
  4. Camera's IP can be anyone.
  5. Run the tftpserv.exe
  6. Power off and power on the DVR/DVS/IPC. The device will search the new firmware and upgrade it automatically.
  7. Please wait until TFTP shows "Device [192.0.0.64] system update completed!" It takes about 5 minutes.
  8. Close the TFTP before the camera reboots.
  9. DVR/DVS/IPC will restart automatically after upgrading.
 
I am trying to work out the password for my DVR. I have 2CD2146G2-ISU camera with firmware 5.5.130. I cannot there use the exploit method. Can I downgrade the firmware on this model? What do I need to download.

Once the camera is flash back to a earlier version, will it copy the admin password from the NVR to the camera - which can then be read from the camera?
 
jase_31 said:
I have 2CD2146G2-ISU camera with firmware 5.5.130. I cannot there use the exploit method. Can I downgrade the firmware on this model?
Click to expand...
Unfortunately - neither that version of firmware nor that camera series has the specific security vulnerability that supports this 'trojan horse method' of recovering the NVR password.
Also - quite some time ago, Hikvision introduced a rollback block that inhibits rolling back all but minor versions of firmware.

What's the model of DVR (or NVR)?
 
You must log in or register to reply here.
Top Bottom