Dahua Firmware Mod Kit + Modded Dahua Firmware

[andycctv]

Hi All

I'm just trying to setup a NVR that isn't on the list and am wondering where the "size" of the image is obtained from? Please see below part copy of python script from config.

DAHUA_FILES = OrderedDict([
("Install.lua", {
"required": True,
"type": DAHUA_TYPE.Plain
}),
("u-boot.bin.img", {
"required": True,
"type": DAHUA_TYPE.Plain,
"size": 0x00300000
}),
("uImage.img", {
"required": True,
"type": DAHUA_TYPE.Plain,
"size": 0x00a00000
}),
("romfs-x.squashfs.img", {
"required": True,
"type": DAHUA_TYPE.uImage | DAHUA_TYPE.CramFS,
"size": 0x03600000

Many thanks

 

[Speed666]

watchful_ip,
I patched all of this and made a uncrippled firmware for 59225 PTZ cam. But new series like 5442 has secureboot fuse burnt and even that i cracked all of this - there is no way to load it into camera. Now i have a good paper brick

 

[watchful_ip]

Speed666

Yeah I could see that both the bootloader and kernel were referencing SecureBoot. If the boot loading chain has to be signed from the very beginning (starting with a key one time burnt in the processor), then unless there is a software vulnerability somewhere. or you get can hold of a signing private key only way is to replace the processor which doesn't sound very viable

Like you I like to run my own software on my own cameras (we paid for them after all). So I'd never buy these cameras because of that.

 

[hieppro310899]

Can anyone help me pls my prob listed in this thread : Need help with adding language for camera !

 

[Dahua_Chn]

watchful_ip,
I patched all of this and made a uncrippled firmware for 59225 PTZ cam. But new series like 5442 has secureboot fuse burnt and even that i cracked all of this - there is no way to load it into camera. Now i have a good paper brick

Can you still run uboot? or you have to remove flash rom to flash file to rom.

 

[wifi75]

Hello to all, I have camera
Dahua mode:
IPC-HFW4431M-I2
Software Version2.420.0000.21.R, Build Date: 2016-07-24

with which mod firmware i can update it?

 

[gohigher123]

Hi ,

Do you have a correct working firmware version for this camera IPC-HDW4631C-A?

Because there's a problem with the time zone always going up and down.

 

[alastairstevenson]

Do you have a correct working firmware version for this camera IPC-HDW4631C-A?

Maybe check out this thread -

Advice on Camera

Greetings, I am a noob with all of this and am thrilled to have found this site. Thank you all for the information here I am setting up a system for my office. I am looking for 2 cameras for a couple of rooms where interviews will be taking place. The participants will be aware of the audio...

ipcamtalk.com

 

[Ratfink11]

watchful_ip,
I patched all of this and made a uncrippled firmware for 59225 PTZ cam. But new series like 5442 has secureboot fuse burnt and even that i cracked all of this - there is no way to load it into camera. Now i have a good paper brick

Speed666,

Can I get a copy of the image you made for the 59225 PTZ Camera? I now have 18 of these cameras... I really like them, just tired of the firmware issues. And need them to work on my property correctly. Frustrating at times.

I also wanted to inquire on your thoughts in dealing with the newer cameras like the 5442PTZ Cams. Is there anyway around the secureboot fuse? Personally I would have no problems replacing with a new processor. They arent that expensive. Is this something that is a possible solution to get around secureboot fuse?

 

[gohigher123]

Maybe check out this thread -

Advice on Camera

Greetings, I am a noob with all of this and am thrilled to have found this site. Thank you all for the information here I am setting up a system for my office. I am looking for 2 cameras for a couple of rooms where interviews will be taking place. The participants will be aware of the audio...

ipcamtalk.com

I know that it's a model from china. But i don't care. I just need a correct working firmware for it. Maybe a patched firmware?
Or a way to copy the firmware from an camera ( same model , just other seller ) to this camera.
If i get some proper instructions , i can do it myself.

 

[lodeon1337]

Hello, is it possible to go back from a "new" version V2.620.0000.0.R.20170620 to an old version 2.400.0000.34.R, Build Date: 2016-08-01?
(IPC-HDW4421EM-AS)
I can install different 2.6xx versions, but no longer the old 2.4000.
The old version of the first page of this thread had more IVS features, that's why I'm asking.
Thanks to the great forum, greetings from Germany.

 

[n0risc]

Am I wasting my time extract.py Dahua Amcrest Firmware and trying to build.py them with this method? Or have they patched up this backdoor making custom firmware with this method?

Thank you for a response.

n0risc

 

[Speed666]

Good news.
The AI series with SecureBoot is hackable Root and firmare exchange, SSH with root access is still accessible.

 

[alastairstevenson]

The AI series with SecureBoot is hackable

implementation flaw?

 

[wasabi]

hello all,

do you have 2.420.0000.22.R, Build Date: 2016-12-09 for IPC-HDW4431C-A-V2 camera ? and is it ok to flash this model ?

thanks

 

[alastairstevenson]

do you have 2.420.0000.22.R, Build Date: 2016-12-09 for IPC-HDW4431C-A-V2 camera ?

There are multiple tweaked variants of that firmware version.
The one attached is probably as useful as any.

is it ok to flash this model ?

There is some risk - that's a Chinese camera.
What problem are you trying to solve?

 

[nonix]

Hi guys,

I am sorry if I am stealing this thread, but this thread seems so helpful and I hope some can help me out, too.
I have (or had ) IPC-HDBW4631R-ZS, it was multilang fw but couldn't get it working with mac nor Win10 so I thought to upgrade fw.
I've used web upgrade after downloading DH_IPC-HX5X3X-Rhea_MultiLang_PN_Stream3_V2.800.0000013.0.R.191202.bin

This (as expected) bricked the cam, than I've tried to use the Dahua_TFTPBackup toolset which did flash the fw but cam was still dead.
I've tried one more time, but that left the cam in total dark. Now the Ethernet will not light up at all.
Package content:
custom-x.squashfs.img
kernel.img
partition-x.cramfs.img
pd-x.squashfs.img
romfs-x.squashfs.img
upgrade_info_7db780a713a4.txt
user-x.squashfs.img
web-x.squashfs.img

Commands:
CRC:4050037456
MagicString:c016dcd6-cdeb-45df-9fd0-e821bf0e1e62
run dr
run dk
run du
run dw
run dp
run dc
tftp 0x82000000 pd-x.squashfs.img; flwrite
tftp 0x82000000 .FLASHING_DONE_STOP_TFTP_NOW
sleep 5

Using UART dongle to serial port, all I get now is:
U-Boot 2010.06-svn6390 (Nov 27 2019 - 18:32:23)
after a few minutes it will repeat. No matter how long I hold the "*" key down during power up.

Am I completly screwed or is there a hope to recover?

Can someone please advice? Thank you kindly,
N.

 

[iTuneDVR]

You have all chance recover your ipc.
At new firwmware if var dh_keyboard = then silent mode at boot.
Check you Tx, Gx & be sure that all your connect pin is real good.

 

[jeroenvtec]

Yes, you can, but you cant downgrade, because fiwmrare is full signed with bootloader.
If you have full dump & programmer - so it's possible get back.

Are there full dumps available ? I already flashed it to the "new" version.
since I have a new nvr he won't accept the chinese cam, the old one did fine.

 

[kobebeef]

Dahua NVR fiwmrare 4.0
Can't unsquashfs


Dahua NVR fiwmrare 3.2