I got a DS-2TD2617 at my hands running 5.5.64 build 230207 which seems to be from May 2023. Out of interest I wanted to analyze the firmware of the device a bit. I found this (GitHub - HaToan/Decrypt-Firmware-Hikvision) decrypter and got it running, unfortunately they keys do not work any longer. Due to the protected shell, it is not easily possible to get a full shell. I then played with the environment variable of the bootloader, but realized that apart from the dbg environment variable, it does not seem possible any longer to modify the other ones, thus making it impossible to modify the init paramter to boot into a real shell.
Having a look at the PCB I did not see any obvious debugging interface like JTAG, also there seems to be no datasheet available for the SoC.
It seems to me that the emmc is only used to store image/video data. Is that correct?
Do you guys have any ideas how to get a full shell on the device?
One idea that came to my mind was, to exchange the bootloader. But without a build environment this seems impossible.
Having a look at the PCB I did not see any obvious debugging interface like JTAG, also there seems to be no datasheet available for the SoC.
It seems to me that the emmc is only used to store image/video data. Is that correct?
Do you guys have any ideas how to get a full shell on the device?
One idea that came to my mind was, to exchange the bootloader. But without a build environment this seems impossible.
Last edited: