Dahua Firmware Mod Kit + Modded Dahua Firmware

Maybe this ftp://ftp.asm.cz/Dahua/kamerove_systemy/_Firmware/05SD/PTZ_Firmware/SD6C8XE-GN/1506/

And this is ftp://ftp.asm.cz/Dahua/kamerove_systemy/_Firmware/04IPC/IPC-HX8XXX-Nova/DH/160824/ FW now working on my hfw8630.
 
That sounds good. I really don't understand why telnet would not work however.....
I can't know what is causing sonia to die without you having telnet access or UART serial console.

As to what firmware to flash, someone here said they had the same problem with the current one and used the previous beta one here: https://i.botox.bz/DH_IPC-HX4XXX-Eos_BETA.bin
Hi Cor35vet,

Today I red the whole history in this thread and saw that I didn't flashed this firmware. So I did flashed it a few minutes ago and I can revert back to english now. The upgrade went well and did it via the web browser.

Thank you for this firmware.
 

Attachments

  • version.JPG
    version.JPG
    13.7 KB · Views: 80
  • language.JPG
    language.JPG
    18.3 KB · Views: 69
Last edited:
  • Like
Reactions: nayr and cor35vet
Can any one confirm if theDH_IPC-HX4XXX-Eos_Chn_EngHARD_PN_Stream3_V2.420.0000.22.R.20161209_BETA1.bin posted here will work with the HDBW4431R-ZS model?

From an earlier part of the thread, it appears that these models are a different partition format. Just trying to find the latest firmware for this model.

Thanks
Nope, the HDBW4431R-ZS has bigger flash and different partition layout - hwid check won't let you flash that firmware ^ if it did your camera would become a brick.
This is the older version that works on HDBW4431R-ZS Dahua Firmware Mod Kit + Modded Dahua Firmware
Has been built by dumping the firmware from a chinese camera, modifying that and building an upgrade image.
(PM'd the same to you, just as an info for other people)
 
Got the HDBW4431R-ZS cameras in and they're running english firmware version, 2.420.0000.21.R, Build Date: 2016-07-24

Do you recall what version this above build was? Everything works with the camera and Dahua NVR (DHI-NVR52A16-16P-4KS2) with the exception of lens zoom using the PTZ controls.

I can control the lens zoom with the web client but no response when trying from the NVR. Anyone have any thoughts? Maybe a NVR firmware issue? Strange that all other controls work without issue.

Is there any way to extract the firmware off of the camera to save as a backup?

Thanks
 
the vairfocals dont work w/normal PTZ controls.. just set it and forget it.
 
Ok, see the version on my camera is the same as the build posted here.

I been looking at this zoom issue all day, and soon as I posted the question, I came across a selection right below the PTZ ( right-click menu) on this NVR, "Image". Had not even looked there as I "assumed" that it was for image settings. What do you know, there are zoom and focus buttons there as well that will let me control it. Hope this saves someone some time.

Looking at the china Dahua site trying to figure out if there is a later image, kind of hard to determine. Trying to go by the filename part that shows the 420.0000.21, anyone have any pointers to figuring out if there is newer firmware? There seems to be a 420.0000.22.R.20161209

Thanks for the support guys.
 
***SNIP***
Censored my previous post, not sure if posting how I crack dahuas stuff here is a smart move? They might be reading...
Anyways, figured out how they check the camera region - not 100% sure but I can patch it ^^

Also, too many people are PM'ing me asking for help or custom images, I don't really have that much free time on my hands... I provided the tool now go figure out how to use it :vvv
 
Last edited:
  • Like
Reactions: nayr
Censored my previous post, not sure if posting how I crack dahuas stuff here is a smart move? They might be reading...
It's a bit of a quandary, isn't it?
On the one hand, there is probably some benefit to some people from sharing this sort of stuff.
On the other hand, for sure Dahua and Hikvision spies will be watching with interest and what they see may well influence future developments.
I can certainly see this in the earlier Hikvision NVR firmware, with tit-for-tat changes being made following exposure of some 'interesting' details on here and elsewhere.

We (IPVM) are doing an article next week on your Hikvision packer/unpacker.
Does anyone know what tone / stance the IPVM article has taken / will take?
For sure, Hikvision take notice of IPVM.
@john-ipvm Your comments would be interesting.
 
@alastairstevenson our main question we are trying to figure out is what the legality of this packing / unpacking software is. We have been trying to see what Hikvision's EULA / agreement is but the one on their firmware page is either incomplete or unclear. Thoughts there?
 
our main question we are trying to figure out is what the legality of this packing / unpacking software is. We have been trying to see what Hikvision's EULA / agreement is but the one on their firmware page is either incomplete or unclear
There are multiple firmware download sources provided by Hikvision.
The most comprehensive source is the Hikvision Europe site, which has no EULA in the downloads section.
The Hikvision China site is in, well, Chinese.

To be honest, in my view a more interesting, admittedly linked, topic would be Hikvision's actions that deliberately damage the operation of the products their customers have purchased.
Hikvision freely publish firmware updates for IPCs and NVRs.
Many customers will be used to doing updates to products that have 'deferred design' capabilities by the use of firmware and software.
The normal expectation is that the updates provide bug fixes, extra functionality, and, topically, security fixes and improvements.
What they don't expect is that Hikvision incorporate deliberate changes such as 'language mismatch' code that renders the devices inoperable in the way they are intended to be used.
Those actions are in my view certainly immoral, and in some jurisdictions would fall foul of Trading Standards and Competition legislation, given their underlying anti-competitive purpose.
 
  • Like
Reactions: john-ipvm
if its legal to jailbreak your phone (hint: it is) it should be legal to hack your Hikvision.. regardless what EULA stipulates, you own it.. its your device and your not doing it for any infringing purposes.

your also exempt from DMCA for research purposes like we are participating in, were not trying to sell grey market cameras or anything with the knowledge.. if others do its not our problem: DMCA security research exemption for consumer devices | Federal Trade Commission

where's a list of all the GPL software Hikvision is using and links to source/code licenses? Ive seen no license terms accompanied with any firmware or software from Hikvision or any of the software it uses.. Ive looked.. are they not distributing the software directly from there website?
 
You guys forgot about the numerous GPL violations these companies are doing.
For example on a dahua camera there is a modified version of U-Boot, Busybox and the Linux Kernel. Maybe more, who knows. They are building their products on top of these free projects making millions of profit but fail to make source code available. I've sent them an email and their response was: "Who are you?" I told them that I was a student interested in their products and they haven't responded after this.
The GPL license forces them to make the source code available if they distribute binaries (which they do in the .bin files). This has actually been my main motivation for working on this firmware

@nayr You should come back online on IRC, also tried to send you an email on admin@ since I can't message you on the forums.
 
  • Like
Reactions: john-ipvm and nayr
im on my laptop for now with the office remodel; sleeps too much for IRC.. suppose I could fire up a proxy.

added you to list of ppl who can message me
 
All, thanks for the feedback, very interesting and we will incorporate it on the packing / unpacking post.
Good points on the GPL. We will definitely look into that and I have put that on our queue for upcoming topics.
 
Can anyone with working telnet access on a IPC-HDBW4431R-ZS get the HWID you have by issuing the following command after logging in?

cat /proc/dahua/bootpara

Just need the HWID string from the output.

Thanks
 
Does anybody have any idea what could be wrong with some HDBW4431R-S models I got from Aliexpress? These have 2.420.0000.21.R, Build Date: 2016-07-24 installed and English is the only language option available in the GUI.

I am assuming these are Chinese HW that's been hacked but I can't load the official Dec 2016 Chinese software update from the Dahua site onto these cameras - I can flash it using port 3800 and the camera is discoverable and I can telnet into it but have no web interface. The official English Eos update doesn't work either. Both custom Eos versions on here (2016-07-24 release the beta) also don't work. They will flash but don't give a web interface. I can flash the 2016-07-24 Chinese firmware back onto the device and it comes back to life.
 
Question out of ignorance but what does "dh_keyboard 0" do exactly? I've enabled telnet and poked around a little (gently) and run this command without setting any variable - it psits some info that looks to be related to flashing? Am mostly curious and like to poke at things :) Expecting to get myself some nice Starlight cameras to put up when the new year holiday is over...

This is a IPC-HFW4431M-AS-I2 with 2.420.0000.21.R, Build Date: 2016-07-24 firmware loaded.