Hikvision camera admin password reset tool

Yup, it is simply being hacked. Whether the hackers are hijacking your cameras for botnetting purposes or just resetting the passwords to wake up the owners, who can say.

There are several things you should do to prevent this from happening again.

1) In your router's web interface, check if any ports are being forwarded to the camera. If so, delete the forwarding rules to the camera.
2) Find your router's UPnP (Universal Plug and Play) and turn it OFF. This so-called "feature" enables devices like your camera to automatically forward ports to themselves without your knowledge, and is responsible for a huge amount of camera hacking.
3) If your router has any access control feature capable of preventing internet access for single IP addresses or IP ranges, use it to block internet access for your camera. This is a safety measure in case your camera has been left infected with a program that makes it part of a botnet, that program will be unable to function if the camera can't get online.
4) In all existing cameras and all cameras you get in the future, turn off their UPnP feature. This is a bit redundant if the router has UPnP disabled already, but it will help if you get a new router and forget to turn off UPnP right away.


If doing all this disables your remote access to the camera(s) then you should learn about VPN and set up a VPN server. This is the secure way to remotely access things. VPN Primer for Noobs
 
Thank you...It did not even occur to me that the camera (of 3) is possibly being hacked.

Forgive my ignorance, but I really thought that the Hikvision password/reset method was "THE safeguard"; then why the this particular method? Do other vendors do this?

I did go to the website to download the latest firmware, but there was nothing available...only a message saying "COMING SOON."

bp2008:

Thank you for the steps you provided...I will implement those recommendations ASAP and will see how it goes from there; very much appreciate it and the tool you developed that is helping me in this situation.
 
Forgive my ignorance, but I really thought that the Hikvision password/reset method was "THE safeguard"; then why the this particular method?
If you mean that setting a strong password should be good enough protection - no, that is not correct.
Many exploits, and in particular the recent Hikvision backdoor vulnerability that can be exploited to do loads of things - do not depend on any user-created password. The backdoor exploit requires no authentication. Just think what the password reset managed to do, without you giving it any info from the camera.
 
alastairstevenson:

I was mostly referring to the process of having to contact and depend on Hikvision to reset the password, I have never come across a vendor before that required this...however, you make an excellent point that my camera(s) are still vulnerable despite Hikvision's reset method.

bp2008:

Before I make the changes you recommend, I should provide additional info about the configuration that may add or change your suggestions.

There is no NVR. The cameras are primarily used for monitoring a remote location.

We are using NO-IP DDNS, and have considered purchasing a static IP instead from the ISP. Is the static IP a better option?

Based on my search on the website, I don't think I am able to update the firmware for now.

Thanks again
 
DDNS is fine. You don't need a static IP. My suggestion is to not even try to update the firmware. Once the camera can't reach the internet and is only accessible by VPN, it won't matter what firmware version you have.

No NVR, no problem. NVRs have their own vulnerabilities to worry about, making it best to access them through a VPN too.
 
I was mostly referring to the process of having to contact and depend on Hikvision to reset the password, I have never come across a vendor before that required this
Yes, it's a dumb idea. And probably a stick for the back of the support folks. And a nice little challenge for the hackers.
Especially as they mostly refuse to help their customers who did not purchase via 'authorised channels'.

The current NVR and camera firmware now has a quite good 'self-service password reset' facility enabled by security questions and/or a one-time token, which the user sets up on installation. So much more sensible and effective.
 
No, sorry. Everyone who has claimed to have such a solution has been unwilling to share.

Hi BP.
The old firmware can easly resetted with tool at first page, but how about the newer FW? Till what version is it possible to still reset by using upgrade by tftp? ( was it possible till 3.4.90 ?
So my question is actually, which newer firmware versions, can be resetted by doing upgrade/downgrade by using tftp
 
Just had your application style option work for a camera running the "grey version" of 5.4.20 that randomly wouldn't take it's password and that HikUSA wouldn't help with since it was "grey". Worked like a champ thanks!
 
I am seeking your help - my camera apparently is from newegg and therefore deemed not supported by HikVision USA. I had my camera running for a while and accessible in a browser and in Blue Iris. All worked fine. Suddenly I could not access this anymore, btw - i have no port forwarding.
Some details:
Camera - DS-2CD2735F
Start Date - 1970-02-17
Firmware - v5.4.20build 160726

I tried first US Hikvision support with obvious rejection, I tried the Techsupport through newegg, no response yet, I tried the tool posted on this forum - unfortunately its not working. Any advice?

When I opened the camera there seems to be a button in the camera - does anyone know if this would be a factory reset button? What is the procedure for it?

In addition - I found the backdoor access to the camera and downloaded the configurationFile. Montecrypto included the encryption password in his article but I am not sure how to -decrypt this file. I tried using gpp but cant make it happen. Any advice on this end?
 
Last edited:
ziomek,
this worked now! For some reason I always pressed the rest button when it was powered on or just a moment after. This time I followed your process and it worked - thanks. Everything went back to default.