Hikvision camera admin password reset tool

Discussion in 'Hikvision' started by bp2008, Mar 11, 2015.

Share This Page

  1. LightningNZ

    LightningNZ n3wb

    Joined:
    Sep 24, 2015
    Messages:
    7
    Likes Received:
    0
    Location:
    New Zealand
    See attached screenshot.
    Thanks!
     

    Attached Files:

  2. LightningNZ

    LightningNZ n3wb

    Joined:
    Sep 24, 2015
    Messages:
    7
    Likes Received:
    0
    Location:
    New Zealand
    What I did:
    1) hooked up all cameras to the NVR
    2) connected the LAN port to my internet router
    3) connected a Video port to my internet router
    4) installed iVMS
    5) Started iVMS and set a users

    When I looked at the SADP tool the cameras came online as inactive and then automatically activated
     

    Attached Files:

    Last edited: Oct 2, 2018
  3. LightningNZ

    LightningNZ n3wb

    Joined:
    Sep 24, 2015
    Messages:
    7
    Likes Received:
    0
    Location:
    New Zealand
    OK, quick update, I was able to get everything going. I pieced the solution together from a lot of information found here.

    1) the NVR -> I was able to access the NVR directly, I probbably had set a passwor a while ago when I installed the HDD, but I forgot it. However I was able to log in and reset the NVR to defaults, which allowed me to then reactivate the NVR once it came up again.
    2) The Cameras -> Firmware 5.5. I downloaded the same firmware and the TFTP utility and flashed them manually. Again that reset the whole camera and I was able to activate them with a new password. So back to normal again.
    Now the setup fun begins.
    Cheers.
     
  4. alastairstevenson

    alastairstevenson Staff Member

    Joined:
    Oct 28, 2014
    Messages:
    10,884
    Likes Received:
    3,413
    Location:
    Scotland
    Well done, you got there!
    Worth using is the self-service 'Forgot password' facilities both on the camera and the NVR.
    The GUID and Security Questions methods both work well.
    A useful addition to the firmware.
     
  5. LightningNZ

    LightningNZ n3wb

    Joined:
    Sep 24, 2015
    Messages:
    7
    Likes Received:
    0
    Location:
    New Zealand
    Exactly, I set the 'Forgot password' facility now on all devices.
     
  6. fcolao

    fcolao n3wb

    Joined:
    Nov 15, 2014
    Messages:
    3
    Likes Received:
    0
    Location:
    New York
    Thank you for this!!!!
    Worked for my camera, DS-2CD6412FWD-20 20160516CCWR602147169, with 5.3.4 FW a surveillance peephole type camera installed in my front door. Nice not having to email Hikvision every time it gets dimentia!! An annoying random event.
    Will not be upgrading the FW so I can use this reset tool. Might brick the camera anyway if it's a Chinese cam.

    But, the bigger question is are the new Hikvision cams having this reset problem as well?
     
  7. alastairstevenson

    alastairstevenson Staff Member

    Joined:
    Oct 28, 2014
    Messages:
    10,884
    Likes Received:
    3,413
    Location:
    Scotland
    A common cause for this type of symptom is when external access is allowed to the cameras and an internet bot messes with the camera by exploiting the 'Hikvision backdoor' vulnerability that's in that version of firmware. There are also brickerbots that try to brick the camera, not just change the password.

    External access would be possible if 'port forwarding' has been explicitly configured on your router so you can access when away from home, or inadvertently when UPnP is enabled on the router, and the camera, where it is enabled by default.
    If you don't think there should be any external access, you can easily check using a service such as ShieldsUp! GRC | ShieldsUP! — Internet Vulnerability Profiling
    Do the full port scan,. not the UPnP check.

    Firmware versions after 5.4.41 are not vulnerable to the Hikvision backdoor, and don't spontaneously have their passwords reset.

    It might be interesting, next time this password problem occurs, to extract a copy of the configuration file, using the backdoor vulnerability.
    This does not require a password to do.
    Simply put this URL in your browser, replacing the IP address with that of the camera :
    http://<camera_IP_address>/System/configurationFile?auth=YWRtaW46MTEK
    Then zip up the file and attach it here.
    We can decrypt and decode it and extract the password.

    Alternatively, a common password that the hackerbots set is 1111aaaa
    If that works for you - it's a reasonable confirmation the camera has been hacked.
     
    vasycara, fenderman and fcolao like this.
  8. fcolao

    fcolao n3wb

    Joined:
    Nov 15, 2014
    Messages:
    3
    Likes Received:
    0
    Location:
    New York
    @alastairstevenson Thanks for that info. I've got some homework to do!
     
  9. chrisc90

    chrisc90 n3wb

    Joined:
    Oct 28, 2018
    Messages:
    10
    Likes Received:
    0
    Location:
    UK
    Hi all

    Hopefully someone here might be able to help us.

    A friend has a NVR 7616 and unfortunately when he acquirred the system left in a premises by the previous owner someone has changed the password from the default and there is no way to find it out.

    It looked like the box is wanting the XML file method to send away and upload the new tweaked version from HIK, however, is there any way round the XML file method if HIKvision dont/wont get back to us? Is there a way to upgrade/reset the firmware via TFTP?

    I seen someone has mentioned you can download the config file off it via TFTP or maybe a internal factory reset switch held whilst powering the system on.

    Unfortunately, cant remember the firmware number as it was last weekend and forgot to make a note and only had a quick look at the methods to try reset things.
     
  10. alastairstevenson

    alastairstevenson Staff Member

    Joined:
    Oct 28, 2014
    Messages:
    10,884
    Likes Received:
    3,413
    Location:
    Scotland
    It's possible to reset to defaults using a tftp firmware update, usually to the same version.
    But if it is a CN model that will break it.
    So you need the full model number, and the existing firmware version, before making any changes.
    SADP is your friend for those.

    Also - see if the 'lost password' link at the web GUI is new enough to have any security questions set up.
     
  11. chrisc90

    chrisc90 n3wb

    Joined:
    Oct 28, 2018
    Messages:
    10
    Likes Received:
    0
    Location:
    UK
  12. dannieboiz

    dannieboiz Getting the hang of it

    Joined:
    May 13, 2015
    Messages:
    285
    Likes Received:
    32
    Can this tool be used to reset NVR? I tried to use it on a 7608NI-E2/8 with no success.
     
  13. alastairstevenson

    alastairstevenson Staff Member

    Joined:
    Oct 28, 2014
    Messages:
    10,884
    Likes Received:
    3,413
    Location:
    Scotland
    Those instructions are reasonably OK.
    A couple of comments :
    Best to have the PC and the camera / NVR each wired to the usual switch / router, not connected directly together.
    Best to power a camera with 12v as opposed to PoE - the timing of PoE connections can be a bit troublesome with the Hikvision tftp updater.
    The first time the tftp updater is executed, there should be a Windows firewall 'allow' popup.
    Be sure to click OK to allow inbound packets to the tftp updater program.
     
  14. chrisc90

    chrisc90 n3wb

    Joined:
    Oct 28, 2018
    Messages:
    10
    Likes Received:
    0
    Location:
    UK
    Seems fairly easy then. I read online that the newer firmware has stopped the 192.0.0.128 connection? is that true?

    Will the TFTP method work on the latest software should the box have the latest one on it? Just makes it easier for me as I can pre-load the TFTP server onto my laptop and then its just a case of downloading the firmware from hikvision
     
  15. chrisc90

    chrisc90 n3wb

    Joined:
    Oct 28, 2018
    Messages:
    10
    Likes Received:
    0
    Location:
    UK
    Model: DS-7616NI-E2/16p
    Serial:537851xxx. (3numbers to replace the xxx)
     
  16. alastairstevenson

    alastairstevenson Staff Member

    Joined:
    Oct 28, 2014
    Messages:
    10,884
    Likes Received:
    3,413
    Location:
    Scotland
    For clearing the configuration via the tftp update in case of a lost password it's probably best to stick with the same firmware version as is currently installed.
    When updating firmware - it's best to use the web GUI as there is more validation, and a better chance of the configuration database being converted correctly.
     
  17. chrisc90

    chrisc90 n3wb

    Joined:
    Oct 28, 2018
    Messages:
    10
    Likes Received:
    0
    Location:
    UK
    It’s v3.3.4 build150616. With the IP changed to the local network the router is on. 192.168.1.73 on the nvr

    I tried the tftp method and comes up with a econt _Vision-AV2000. Failure

    Apparently the NVR tftp different to the cameras?
     
  18. chrisc90

    chrisc90 n3wb

    Joined:
    Oct 28, 2018
    Messages:
    10
    Likes Received:
    0
    Location:
    UK
    GOt it flashed with the 192.0.0.128 IP on my laptop which has allowed me to create a new password for the NVR once it had booted back up and the pattern, so i guess its completed.

    Now just need to add the cameras back on
     
  19. alastairstevenson

    alastairstevenson Staff Member

    Joined:
    Oct 28, 2014
    Messages:
    10,884
    Likes Received:
    3,413
    Location:
    Scotland
    That's a good result, well done.
    When you've added the cameras, and configured as needed, you can export both the device and IPC configuration and save the files somewhere safe.
    If/when you do upgrade the NVR firmware, there is a good built-in self-service password reset feature that uses several methods.
    The 'security questions' method works well.
     
  20. chrisc90

    chrisc90 n3wb

    Joined:
    Oct 28, 2018
    Messages:
    10
    Likes Received:
    0
    Location:
    UK
    yeah, will get that done.

    Struggling to add the cameras at the minute.

    The POE ports on the NVR have the address 192.168.254.2-16/24 however I dont know what the camera IP is.

    Ive tried plugging it into the back of the router to try see if it auto assigns a IP which i can forward to the POE switch however there is no external power to the camera, just the POE off the NVR so not sure whether the router has enough to power the camera up to allow settings to be changed.

    Is there anyway to scan for the cameras whilst the NVR is connected to the router on one network?

    I tried the SADP tool, however its just bringing up the NVR device on the network.