Hikvision 5.2.5 & 5.2.8 Full English (INC DAYS OF WEEK) mtd Hack

But you have not, downgraded it, it was already downgraded by seller?
 
That's correct and it is different from this hack. I had a look at the mtd5,6 and the language code =02.
 
Thats correct we still don't know how the Chinese are managing to load what ever firmware they want, we need to know more so now with, 5.3.0
As soon as I get a 5.3.0 with 5.2.5 loaded I will see if the MTD hack still works and if we can get it to english.
As no one has posted if they have managed this yet.
 
Hi whoslooking,

I have a Chinese cam with 5.2.5 loaded but 5.3.0 on the label. Would it be helpful to try your mtd hack and see if it still boots? Or is there any other test that would be helpful in knowing how to hack the 5.3.0 firmware in the future?

cheers
 
As Alastair has has backup all your mtd blocks first, do the hack make sure to balance the checksum.
 
Hi guys,

Performed the mtd hack on the 5.3.0 labelled with 5.2.5 loaded. Still booted ok after the mtd hack which was expected.

tried to upgrade the camera the 5.3.0 firmware with the mtd hack still place. The en version loaded but stuck in reboot loop. Chinese version loads but errors flashing the dav_sec area.

you cannot reload the original mtd files as you cannot get back into the camera via any method via telnet, even after the tftp process has completed. At this point, the camera reverts from 192.0.0.64 to 192.168.1.64 and is in the protected environment.

i have access to the camera also via it serial console but there are no commands that work in this protected environment.

if anybody else has any ideas, let me know.

p.s. Camera was purchased for test purposes only,so happy to experiment with it...
 
It sounds like the 5.3.0 firmware messes with the bootloader. That's a first. I suppose when the release notes say the default / recovery IP address has been changed to 192.168.1.64 that's to be expected.
A couple of weeks back I created a modified version of the 5.3.0 firmware, with SSH permanently activated and the psh Protect Shell inhibited, and an updated busybox. But I didn't have a camera to test it on, so @alexander.omiz kindly tried it for me, but it didn't work, though I'm not sure why. He was able to recover OK thank goodness. The camera I bought to test out the 5.3.0 firmware has an error in the kernel flash area which the 5.3.0 objects to, so I can't play with it.
 
Last edited by a moderator:
Yes, It does appear that the bootloader and the update process are different. I have noticed that if you unpack the digicap.dav with the hiktools program and then repack without making any modifications, then this is enough to cause the flash write to fail. So the update process is checking maybe the digicap.dav checksum or header checksum, I don't know.
At least we know if the Chinese can still load 5.2.5 onto the camera, there is a way which we will hopefully discover soon.
 
#alastairstevenson
I have a DS-CD2632F-IS Cam with CN 5.3.0 firmware. Can you tell me to send test your modified firmware?
dannach I of Amazone a DS-CD2632F-I with 5.2.0. Bought ML firmware in, of which I have secured all mtdblocks. (In mtdblock5 / 6 is the region code 1)


# davo22
bie me is also canceled on the serial console of the flash process with the message digicap.dav Packet Error.
Unfortunately I have no CD2xx2 5.2.5 / 5.2.8 in CN version for maybe possible downgrade available.


with thanks in advance


translated with googel
 
From the playing I have done, it seem the recovery block on 5.2.0 updraded to 5.3.0 does not change, but on a later 5.2.5 onwards it does. On the 5.20 with 5.30 everything is still there and working full busybox ftpd and telnet in recovery mode.
now to find the full boot to change forcing the image to load, this being done via tftp from the digicap not by changing the cameras files, the boot is checking a checksum somewhere in the boot. This is the key but balancing a whole firmware is a bit harder than 1bit.
 
@ alastairstevenson , whoslooking
Just type to test the modified firmware ago.
Have 2 cameras where I can test this.
As Alexander omiz
Greeting CSM
 
Hi guys,

Performed the mtd hack on the 5.3.0 labelled with 5.2.5 loaded. Still booted ok after the mtd hack which was expected.

tried to upgrade the camera the 5.3.0 firmware with the mtd hack still place. The en version loaded but stuck in reboot loop. Chinese version loads but errors flashing the dav_sec area.

you cannot reload the original mtd files as you cannot get back into the camera via any method via telnet, even after the tftp process has completed. At this point, the camera reverts from 192.0.0.64 to 192.168.1.64 and is in the protected environment.

i have access to the camera also via it serial console but there are no commands that work in this protected environment.

if anybody else has any ideas, let me know.

p.s. Camera was purchased for test purposes only,so happy to experiment with it...

Probably a silly question, but would the reset button on the cam revert it back to the original chinese 5.2.3 that was factory-loaded on the cam? Or does the reset button not completely convert it back to factory condition?
 
It will reset all firmware settings to default, it won't change the tftp flashed to the camera
 
  • Like
Reactions: wxman
@whoslooking
Hey! I changed it on 4 cameras. It worked great, thanks a lot!

Just 1 question: When i change 02 to 01 i am only able to use english language and not other languages. Which firmware do i have to flash after changing it to 01?
 
Last edited by a moderator:
@whoslooking
Hey! I changed it on 4 cameras. It worked great, thanks a lot!

Just 1 question: When i change 02 to 01 i am only able to use english language and not other languages. Which firmware do i have to flash after changing it to 01?

Replace the IEfile with a multi-language file, theres a post somewhere in the forum about this.
 
Last edited by a moderator:
can i somehow download the mtd files from my camera that have english language and put it in to my other camera with chinese language?
there both the [h=1]DS-2CD2132F-IS[/h]model.

thank you