Manage to extract, modify and build the firmware successfully, but failed to upgrade on device. Dahua does a checksum on recently firmware so that modifying firmware is not easy to achieve.
You mean the sign.img file right? No way to crack/bypass the check where it is used.
Sorry but this firmware is using UBIFS which I can't be arsed to add support for.
Yes. It's returns OK in browser. But putty not connect (connection refused). Should i reboot camera after that API Call?
Try to enable telnet on NVR4xxx-4ks2 but got error Internal Server Error
Connecting three wires isn't as hard as you make it out to be
Ok @cor35vet, you make me change my mind. But the most important thing is that I did not know where to wire, he he. Can you show me? I suspect the 4 pins jack in white plastic?Connecting three wires isn't as hard as you make it out to be
And yeah 3800 is only available when the main application crashes or something like that ...
Thank you @cor35vet . I have a question, if I connect VCC pin to the ground of serial port, what will happen? Do I burn sthing? Because when trying to detect the port, I accidentially connect the vcc pin to the ground (the metal pointer of multimetters is too big compared to posion of 2 pins vcc and ground too near together on serial port) and Nvr is rebooted...... did I brick the nvr?
the voltage just drops to 0 and thus the NVR reboots, usually these things are short-circuit protected so nothing happens.
When vcc and ground pins were shorted, i heard small voice of sthing like a click (or maybe my heartbeat lol), I thought nvr is bricked but it booted up again. I checked and it seemed it still could connect to camera and hdd, record video, etc... Everything seems fine. Actually, I shorted those pins 2 times =)), my hand is so shaking...
Dump the flash with backup_mtd.sh in the thread here and PM it to me.Just come across this really interesting thread! - I have been messing around with some Lorex camera's as they are now discontinued in a store in the UK and sold off at a reduced price.
I picked up a bullet and a dome camera and trying so hard to figure out what the actual Dahua model of them are so I can somehow flash Generic firmware.
The Lorex model numbers are:
Mini Dome - LNE3142
Bullet - LNE3143
I've had a look with telnet and can see its running a Ambarella S2L CPU, it's sold as a 1080P camera but one thing that seems a bit strange is the max bit-rate is 10240
Looking at the Lorex Docs it's listed as having an actual resolution as H: 2048 V: 1536 which says to me it might have a 3mp sensor - However 1080P is the only available resolution, but I can select 10240 bit rate.
Specs here: https://www.lorextechnology.com/downloads/ip-cameras/LNE3142/LNE3142B_Specs_R2.pdf
But the bullet is listed as 1920x1080 and states a Sony Exmor Sensor, however that also has a 10240 bit rate and the image quality is identical to the dome.
Specs for that here:
https://www.lorextechnology.com/downloads/ip-cameras/LNB3153/LNB3153_Series_Specs_R5.pdf
The image quality seems really good on these and FAR better than a HFW-1200S I have here, it is also really good in low light.
If anyone can tell me any way to find out what the actual Dahua model is and especially a way to get a generic firmware on it would be gratefully appreciated.
I don't mind tinkering at all with it and no stranger to hacking devices and getting serial access on things.
If there are any commands I can type or tools I can use then please let me know
Thanks for your reply, I'll do that shortly
Backing up cut: applet not found (cut: applet not found)
cp: can't stat '/dev/cut: applet not foundro': No such file or directory Currently defined functions:
[, [[, ash, bash, cat, chmod, cp, dmesg, echo, egrep, env, fgrep,
fsync, getty, grep, halt, ifconfig, init, insmod, ip, ipaddr, iplink,
iproute, iprule, iptunnel, kill, killall, linuxrc, ln, login, ls,
lsmod, lzcat, lzma, mkdir, mknod, mount, mv, netstat, ping, ping6,
poweroff, ps, pwd, reboot, rm, rmmod, route, sed, seq, sh, sleep, sync,
telnet, telnetd, test, tftp, tftpd, top, touch, ubiattach, ubidetach,
ubimkvol, ubirmvol, ubirsvol, ubiupdatevol, udhcpc, umount, unlzma,
unzip/var/tmp/nfs1 # cat /proc/mtd
dev: size erasesize name
mtd0: 00040000 00010000 "MinBoot"
mtd1: 00040000 00010000 "U-Boot"
mtd2: 00020000 00010000 "hwid"
mtd3: 00010000 00010000 "partition"
mtd4: 00180000 00010000 "Kernel"
mtd5: 00150000 00010000 "romfs"
mtd6: 00210000 00010000 "web"
mtd7: 00830000 00010000 "user"
mtd8: 00030000 00010000 "updateflag"
mtd9: 00070000 00010000 "config"
mtd10: 00010000 00010000 "product"
mtd11: 00020000 00010000 "custom"
mtd12: 000e0000 00010000 "backupker"
mtd13: 00050000 00010000 "backupfs"
Nope sorry, this is just so chinese cameras can be flashed to the latest english firmware.