Hikvision camera admin password reset tool

[thelawnet]

I am looking at a DS-7604NI-Q1/4P NVR someone is selling. There is a photo of the box code with firmware 3.4.100_180310, though this might have been updated obviously.

They are selling it with the warning 'forgotten password'.

I am wondering if this is risky to buy, or can I for sure unlock it?

 

[Skyking]

All,

I have quite a curious development. I have two identical HIKVISION DS-2CD2032-I cameras connected to my LAN. They have worked flawlessly for several years. Suddenly I cannot log into one of them. I get a message that the password is incorrect when I try via a browser and iPhone apps will not load that camera. Here is the really curious part - It loads fine on a computer running it through Blue Iris. So Blue Iris somehow gets into it, but browsers and iPhone apps will not.

I have downloaded the latest SADP tool and get all the info OK:

DS-2CD2032-I20150618CCCH525283946
V5.2.5build 141201
5/22/2019 12:28:00 PM

When I go to the page to generate a password reset I enter just the serial number (20150618CCCH525283946) and using that and the date (which matches the date above) it generates a code of RyyRS9RRSQ. When I enter that code I get the error message that the "Password recovery failed." My serial number is good, I have firmware that is old enough that it should work in this manner, but it is not. Other than climbing a ladder and opening it up to hit the reset switch, in the process losing all of the other info, can anyone suggest an option? And can anyone explain why Blue Iris works just fine in playing and recording the stream?...

Much thanks,

Phillip

 

[alastairstevenson]

Suddenly I cannot log into one of them. I get a message that the password is incorrect when I try via a browser and iPhone apps will not load that camera.

That's been quite a common experience with Hikvision cameras running old firmware that has the 'Hikvision backdoor' and having a router that has UPnP enabled.
They may have been hacked ...

There are a couple of things you could do:
Here are 2 passwords to try that have been commonly set on hacked cameras : 1111aaaa and asdf1234

And if they don't work - the camera configuration file can be extracted with no credentials needed.
And I could decrypt and decode the file for you, and extract the password.
All you'd need to do is point this URL at the camera using your browser, changing the IP address to suit.
Then zip up the resulting file and attach it here -
http://<camera_IP_address>/System/configurationFile?auth=YWRtaW46MTEK

 

[Skyking]

That's been quite a common experience with Hikvision cameras running old firmware that has the 'Hikvision backdoor' and having a router that has UPnP enabled.
They may have been hacked ...

There are a couple of things you could do:
Here are 2 passwords to try that have been commonly set on hacked cameras : 1111aaaa and asdf1234

And if they don't work - the camera configuration file can be extracted with no credentials needed.
And I could decrypt and decode the file for you, and extract the password.
All you'd need to do is point this URL at the camera using your browser, changing the IP address to suit.
Then zip up the resulting file and attach it here -
http://<camera_IP_address>/System/configurationFile?auth=YWRtaW46MTEK

alastairstevenson,

I have to say, you are a genius. OK, it was hacked and the second password above was the one they reset it to. What do I need to change in my router to keep this from happening again? I am stunned to near disbelief that someone found my camera and did that to it. And I use the same password on a lot of my networked gear, so how can I block them from doing this to all of my other non-HIKVISION cameras? Wow... THANK YOU!

Added: And here is a curious observation - Only one camera had its password changed...

Phillip

 

[bp2008]

@Skyking How to Secure Your Network (Don't Get Hacked!) | IP Cam Talk

 

[alastairstevenson]

What do I need to change in my router to keep this from happening again?

As indicated in the useful link that @bp2008 supplied above -
If you are not deliberately doing 'port forwarding' (a very insecure thing to configure) on your router to provide access when you are away, then the cameras will have configured it themselves via UPnP.
This is often enabled by default on routers, and also on the cameras.
Go into the router admin and camera admin and disable UPnP.

I am stunned to near disbelief that someone found my camera and did that to it.

The scanning, and the changes when a vulnerable target is found, is automated, using 'bots'.

Added: And here is a curious observation - Only one camera had its password changed...

That could be more worrying.
When the password on a vulnerable, accessible camera is changed, at least you know it has happened.
The other camera may be just as accessible, and available as a foothold into your LAN to quietly do bad things on the devices and their data that are on it.

Check for inbound open ports using a full port scan with services such as ShieldsUp! GRC | ShieldsUP! — Internet Vulnerability Profiling  

 

[Skyking]

alastairstevenson, OK, those are all interesting points. Even my DSC alarm system requires ports to be opened to function correctly, so essentially every convenience for attaching devices that need two-way access open up the door to these nefarious types. It is still unclear to me why the Blue Iris access to this camera continued to work while nothing else did... I am of course leaving on an extended business trip right now and have zero time to do any further investigation. LOL Thanks for all the info. I will start looking into it upon my return. - Phillip

 

[alastairstevenson]

Even my DSC alarm system requires ports to be opened to function correctly,

Really? Is this to provide an intentional remote access?

t is still unclear to me why the Blue Iris access to this camera continued to work while nothing else did...

I think this means that the video stream that BI has requested doesn't get periodically re-authorised after the initial stream setup.
In other words, authorisation is negotiated at the stream startup, and is not challenged again while the stream continues with no tear-downs.

 

[Achitei]

Hi,

I want to reset the password for dvr DS-7104HGHI-SH V3.3.3build 160716 DS-7104HGHI-SH0420160914AAWR647303905WCVU 28.05.2019 16:17

Thank you

 

[W124]

Hi,
I need a help . I forgot the password of my dvr and can't reset it . DS-7616NI-K2 ser.num.: K21620170625CCRR783975707WCVU . Generated code is SQQ9RdRdd , but nothing happend......

 

[alastairstevenson]

I need a help . I forgot the password of my dvr and can't reset it

Assuming that you did not configure the security questions / answers for the 'forgot password' link on the web GUI login page when you set the NVR up -
If you set the unlock code on the HDMI/VGA interface - use that to reset the NVR to default settings.

 

[W124]

that's genereted from SADPTool

Assuming that you did not configure the security questions / answers for the 'forgot password' link on the web GUI login page when you set the NVR up -
If you set the unlock code on the HDMI/VGA interface - use that to reset the NVR to default settings.

Thanks a lot !!! I'l try

 

[sickfinga]

I have DS-7316HQHI-SH with a software version V3.1.14 I'm trying to reset the admin password using the SADP tool, but there is no Serial code / Security Code box. There is only export / import method. I was under the impression that this is used on the V5.3 and higher devices. I emailed Hikvision before(different device), but was turned down since the device was not bought through an authorized reseller. What are my options?

 

[alastairstevenson]

What are my options?

Re-apply the existing version of firmware by using the Hikvision tftp updater. TFTPServ
This will reset the device to it's default configuration.

 

[sickfinga]

It seems like there is no 3.1.14 firmware on the official website, but there is 3.1.13 and 3.1.15

Turbo HD DVR

 

[alastairstevenson]

It seems like there is no 3.1.14 firmware on the official website, but there is 3.1.13 and 3.1.15

That also seems to be missing on the EU portal : DOWNLOAD EU PORTAL

It doesn't have to be the exact same version - it's just that with a different version there is a chance of unexpected or unwanted changes.

 

[toldo]

That's been quite a common experience with Hikvision cameras running old firmware that has the 'Hikvision backdoor' and having a router that has UPnP enabled.
They may have been hacked ...

There are a couple of things you could do:
Here are 2 passwords to try that have been commonly set on hacked cameras : 1111aaaa and asdf1234

And if they don't work - the camera configuration file can be extracted with no credentials needed.
And I could decrypt and decode the file for you, and extract the password.
All you'd need to do is point this URL at the camera using your browser, changing the IP address to suit.
Then zip up the resulting file and attach it here -
http://<camera_IP_address>/System/configurationFile?auth=YWRtaW46MTEK

Dear alastairstevenson,

Can you help me to recover password I've set to camera, please. I can reset it with backdoor tool, but I set same password to NVR which I need to use)
I attached conf file here.
Thank you in advance!

 

[alastairstevenson]

Can you help me to recover password I've set to camera, please.

Yes, glad to help.
Check your 'Conversations'.

 

[Skyking]

Really? Is this to provide an intentional remote access?

My alarm system has two-way IP communication. If the normal path fails it rolls over to a cellular communicator (think cell phone) link to the central station. I do not know many details of how my system and the central station communicate, but it is a very high profile manufacturer and a very common configuration.

 

[med benaamer]

HELLO
CAN U HELOP ME TO REST PASSWORD OF DVR PLZ
S/N : 111116370