Hikvision camera admin password reset tool

Discussion in 'Hikvision' started by bp2008, Mar 11, 2015.

Share This Page

  1. thelawnet

    thelawnet n3wb

    Joined:
    May 4, 2019
    Messages:
    5
    Likes Received:
    0
    Location:
    indonesia
    I am looking at a DS-7604NI-Q1/4P NVR someone is selling. There is a photo of the box code with firmware 3.4.100_180310, though this might have been updated obviously.

    They are selling it with the warning 'forgotten password'.

    I am wondering if this is risky to buy, or can I for sure unlock it?
     
  2. Skyking

    Skyking n3wb

    Joined:
    Jan 2, 2016
    Messages:
    12
    Likes Received:
    1
    All,

    I have quite a curious development. I have two identical HIKVISION DS-2CD2032-I cameras connected to my LAN. They have worked flawlessly for several years. Suddenly I cannot log into one of them. I get a message that the password is incorrect when I try via a browser and iPhone apps will not load that camera. Here is the really curious part - It loads fine on a computer running it through Blue Iris. So Blue Iris somehow gets into it, but browsers and iPhone apps will not.

    I have downloaded the latest SADP tool and get all the info OK:

    DS-2CD2032-I20150618CCCH525283946
    V5.2.5build 141201
    5/22/2019 12:28:00 PM

    When I go to the page to generate a password reset I enter just the serial number (20150618CCCH525283946) and using that and the date (which matches the date above) it generates a code of RyyRS9RRSQ. When I enter that code I get the error message that the "Password recovery failed." My serial number is good, I have firmware that is old enough that it should work in this manner, but it is not. Other than climbing a ladder and opening it up to hit the reset switch, in the process losing all of the other info, can anyone suggest an option? And can anyone explain why Blue Iris works just fine in playing and recording the stream?...

    Much thanks,

    Phillip
     
  3. alastairstevenson

    alastairstevenson Staff Member

    Joined:
    Oct 28, 2014
    Messages:
    11,220
    Likes Received:
    3,574
    Location:
    Scotland
    That's been quite a common experience with Hikvision cameras running old firmware that has the 'Hikvision backdoor' and having a router that has UPnP enabled.
    They may have been hacked ...

    There are a couple of things you could do:
    Here are 2 passwords to try that have been commonly set on hacked cameras : 1111aaaa and asdf1234

    And if they don't work - the camera configuration file can be extracted with no credentials needed.
    And I could decrypt and decode the file for you, and extract the password.
    All you'd need to do is point this URL at the camera using your browser, changing the IP address to suit.
    Then zip up the resulting file and attach it here -
    http://<camera_IP_address>/System/configurationFile?auth=YWRtaW46MTEK
     
  4. Skyking

    Skyking n3wb

    Joined:
    Jan 2, 2016
    Messages:
    12
    Likes Received:
    1
    alastairstevenson,

    I have to say, you are a genius. OK, it was hacked and the second password above was the one they reset it to. What do I need to change in my router to keep this from happening again? I am stunned to near disbelief that someone found my camera and did that to it. And I use the same password on a lot of my networked gear, so how can I block them from doing this to all of my other non-HIKVISION cameras? Wow... THANK YOU!

    Added: And here is a curious observation - Only one camera had its password changed...

    Phillip
     
    Last edited: May 22, 2019
    alastairstevenson likes this.
  5. bp2008

    bp2008 Staff Member

    Joined:
    Mar 10, 2014
    Messages:
    8,874
    Likes Received:
    5,990
  6. alastairstevenson

    alastairstevenson Staff Member

    Joined:
    Oct 28, 2014
    Messages:
    11,220
    Likes Received:
    3,574
    Location:
    Scotland
    As indicated in the useful link that @bp2008 supplied above -
    If you are not deliberately doing 'port forwarding' (a very insecure thing to configure) on your router to provide access when you are away, then the cameras will have configured it themselves via UPnP.
    This is often enabled by default on routers, and also on the cameras.
    Go into the router admin and camera admin and disable UPnP.
    The scanning, and the changes when a vulnerable target is found, is automated, using 'bots'.

    That could be more worrying.
    When the password on a vulnerable, accessible camera is changed, at least you know it has happened.
    The other camera may be just as accessible, and available as a foothold into your LAN to quietly do bad things on the devices and their data that are on it.

    Check for inbound open ports using a full port scan with services such as ShieldsUp! GRC | ShieldsUP! — Internet Vulnerability Profiling  
     
  7. Skyking

    Skyking n3wb

    Joined:
    Jan 2, 2016
    Messages:
    12
    Likes Received:
    1
    alastairstevenson, OK, those are all interesting points. Even my DSC alarm system requires ports to be opened to function correctly, so essentially every convenience for attaching devices that need two-way access open up the door to these nefarious types. It is still unclear to me why the Blue Iris access to this camera continued to work while nothing else did... I am of course leaving on an extended business trip right now and have zero time to do any further investigation. LOL Thanks for all the info. I will start looking into it upon my return. - Phillip
     
  8. alastairstevenson

    alastairstevenson Staff Member

    Joined:
    Oct 28, 2014
    Messages:
    11,220
    Likes Received:
    3,574
    Location:
    Scotland
    Really? Is this to provide an intentional remote access?

    I think this means that the video stream that BI has requested doesn't get periodically re-authorised after the initial stream setup.
    In other words, authorisation is negotiated at the stream startup, and is not challenged again while the stream continues with no tear-downs.
     
  9. Achitei

    Achitei n3wb

    Joined:
    May 28, 2019
    Messages:
    1
    Likes Received:
    0
    Location:
    romania
    Hi,

    I want to reset the password for dvr DS-7104HGHI-SH V3.3.3build 160716 DS-7104HGHI-SH0420160914AAWR647303905WCVU 28.05.2019 16:17

    Thank you
     

    Attached Files:

  10. W124

    W124 n3wb

    Joined:
    May 29, 2019
    Messages:
    2
    Likes Received:
    0
    Location:
    Bulgaria
    Hi,
    I need a help . I forgot the password of my dvr and can't reset it . DS-7616NI-K2 ser.num.: K21620170625CCRR783975707WCVU . Generated code is SQQ9RdRdd , but nothing happend......
     
  11. alastairstevenson

    alastairstevenson Staff Member

    Joined:
    Oct 28, 2014
    Messages:
    11,220
    Likes Received:
    3,574
    Location:
    Scotland
    Assuming that you did not configure the security questions / answers for the 'forgot password' link on the web GUI login page when you set the NVR up -
    If you set the unlock code on the HDMI/VGA interface - use that to reset the NVR to default settings.
     
  12. W124

    W124 n3wb

    Joined:
    May 29, 2019
    Messages:
    2
    Likes Received:
    0
    Location:
    Bulgaria
    that's genereted from SADPTool
    Thanks a lot !!! I'l try
     

    Attached Files:

  13. sickfinga

    sickfinga n3wb

    Joined:
    Jun 4, 2019
    Messages:
    2
    Likes Received:
    0
    Location:
    Canada
    I have DS-7316HQHI-SH with a software version V3.1.14 I'm trying to reset the admin password using the SADP tool, but there is no Serial code / Security Code box. There is only export / import method. I was under the impression that this is used on the V5.3 and higher devices. I emailed Hikvision before(different device), but was turned down since the device was not bought through an authorized reseller. What are my options?
     
  14. alastairstevenson

    alastairstevenson Staff Member

    Joined:
    Oct 28, 2014
    Messages:
    11,220
    Likes Received:
    3,574
    Location:
    Scotland
    Re-apply the existing version of firmware by using the Hikvision tftp updater. TFTPServ
    This will reset the device to it's default configuration.
     
  15. sickfinga

    sickfinga n3wb

    Joined:
    Jun 4, 2019
    Messages:
    2
    Likes Received:
    0
    Location:
    Canada
    It seems like there is no 3.1.14 firmware on the official website, but there is 3.1.13 and 3.1.15

    Turbo HD DVR
     
  16. alastairstevenson

    alastairstevenson Staff Member

    Joined:
    Oct 28, 2014
    Messages:
    11,220
    Likes Received:
    3,574
    Location:
    Scotland
    That also seems to be missing on the EU portal : DOWNLOAD EU PORTAL

    It doesn't have to be the exact same version - it's just that with a different version there is a chance of unexpected or unwanted changes.
     
  17. toldo

    toldo n3wb

    Joined:
    Jun 5, 2019
    Messages:
    1
    Likes Received:
    0
    Location:
    Moscow
    Dear alastairstevenson,

    Can you help me to recover password I've set to camera, please. I can reset it with backdoor tool, but I set same password to NVR which I need to use)
    I attached conf file here.
    Thank you in advance!
     

    Attached Files:

  18. alastairstevenson

    alastairstevenson Staff Member

    Joined:
    Oct 28, 2014
    Messages:
    11,220
    Likes Received:
    3,574
    Location:
    Scotland
    Yes, glad to help.
    Check your 'Conversations'.
     
  19. Skyking

    Skyking n3wb

    Joined:
    Jan 2, 2016
    Messages:
    12
    Likes Received:
    1
    My alarm system has two-way IP communication. If the normal path fails it rolls over to a cellular communicator (think cell phone) link to the central station. I do not know many details of how my system and the central station communicate, but it is a very high profile manufacturer and a very common configuration.
     
  20. med benaamer

    med benaamer n3wb

    Joined:
    Jul 18, 2018
    Messages:
    3
    Likes Received:
    0
    Location:
    morocco
    HELLO
    CAN U HELOP ME TO REST PASSWORD OF DVR PLZ
    S/N : 111116370
     

    Attached Files: