alastairstevenson
Staff member
Actually - I just realised that you are likely using the NVR PoE ports, in Plug&Play mode.
In which case, simply plug the 'Inactive' camera in to the NVR PoE port and the NVR will automatically 'Activate' it with it's own password.
Shell820810
n3wb
I have a rebranded Hikvision (Knight) that has been hacked. The password has been changed and i cannot reset it.
I am not sure of the model, its a IPCAM PTZ, the firmware is V5.2.0build 140721. The serial number is being identified as HK-IPCAM071D3xxxxxxx, which doesnt look like a normal Hik serial number.
I have tried the and it says url not found.
I have tried the common passwords for hacked cameras and they arent working.
I have tried the Hikvision camera password reset utility tool
I have tried the node.js extractor tool
I havent tried the TFTP tool as i am not sure if i will brick the camera as its not "pure" hikvision.
Can anyone help please?
I am not sure of the model, its a IPCAM PTZ, the firmware is V5.2.0build 140721. The serial number is being identified as HK-IPCAM071D3xxxxxxx, which doesnt look like a normal Hik serial number.
I have tried the and it says url not found.
I have tried the common passwords for hacked cameras and they arent working.
I have tried the Hikvision camera password reset utility tool
I have tried the node.js extractor tool
I havent tried the TFTP tool as i am not sure if i will brick the camera as its not "pure" hikvision.
Can anyone help please?
alastairstevenson
Staff member
Perhaps the IP address has been changed.
Use the SADP tool to see if the camera is still responding.
There is no need to change the PC IP address for SADP to work, but if it finds that the IP address is in a different range you'll need to adjust the PC IP address to suit before you can access the camera with the browser.
Common hacked passwords are 1111aaaa asdf1234 and the original default ones are 12345 and 123456789abc
Use the SADP tool to see if the camera is still responding.
There is no need to change the PC IP address for SADP to work, but if it finds that the IP address is in a different range you'll need to adjust the PC IP address to suit before you can access the camera with the browser.
Common hacked passwords are 1111aaaa asdf1234 and the original default ones are 12345 and 123456789abc
Shell820810
n3wb
Thank you for the quick reply.
I can still view the camera on the ivms 4500 app,
In fact I can add it in as a new camera with the defaults and view it on the app, but not on the web browser.
it was definitely hacked, the hackers put a message on the camera.
The IP address is still ok, it's 192.168.1.200, pc is 192.168.1.65.
When I log in on the web, none of those passwords are letting me log into the web GUI (it prompts for username and password but fails). All setups etc can only be done on the web browser.
Last edited:
alastairstevenson
Staff member
Does SADP find the camera?
Is this a model with a reset button?
If it really is a Hikvision OEM brand - do you have any idea what series the camera is / what Hikvision model it is based on?
If you can work that out, it may be worth re-flashing the firmware with the Hikvision tftp updater tool.
Some resources here :
TFTPServ
Hikvision IP Camera Emergency Firmware Recovery TFTP. Check this thread for info on how to use this tool to un-brick your Hikvision camera.
This for R0 :
Shell820810
n3wb
SADP does find the camera, as does IVMS. I cannot find a physical reset button and I have not been able to find a similar hikvision model.Does SADP find the camera?
Is this a model with a reset button?
If it really is a Hikvision OEM brand - do you have any idea what series the camera is / what Hikvision model it is based on?
If you can work that out, it may be worth re-flashing the firmware with the Hikvision tftp updater tool.
Some resources here :
TFTPServ
Hikvision IP Camera Emergency Firmware Recovery TFTP. Check this thread for info on how to use this tool to un-brick your Hikvision camera.ipcamtalk.com
This for R0 :
alastairstevenson
Staff member
Does it show the HTTP port is 80?
Can you post an image - maybe we can help you to identify it.
The tftp updater does do some validation of the firmware that's being offered for installation.
Not as much as the web GUI, but should be worth a try.
Hi
I had a look at it, seems as though the firmware was changed.
Theres text on the screen similar to an overlay (like POS).
Admin privileges has been removed and only allows video via port 8000. received "error-code-hcnetsdk-dll23" when trying to export the config.
Could not establish which corresponding Hik PTZ model it is.
A possible solution is a brute force on the camera as a last alternative.
alastairstevenson
Staff member
Shell820810
n3wb
Thank you, are there any threads I could use for direction - what I need and what I need to do?
nttung20161025
n3wb
- Jun 11, 2017
- 2
- 0
Do you know the hash algorithm of the encryption key?
openssl enc -d -in configurationFile -out decryptedoutput -aes-128-ecb -K 279977f62f6cfd2d91cd75b889ce0c9a -nosalt -md md5
Recent DVR firmware using the dynamic key inputted by the user when exporting the device parameter. So the above command doesn't work.
alastairstevenson
Staff member
Yes, I generated the above key for command-line OpenSSL as follows :
Code:
void make_key() {
unsigned char data[16]="abcdefg", key[64]={0}, iv[16]={0};
int i;
const EVP_CIPHER *cipher = EVP_aes_128_ecb();
EVP_CIPHER_CTX *ctx;
EVP_BytesToKey(cipher, EVP_md5(), NULL, data, 31, 1, key, iv);
for(i =0;i<=63; ++i) fprintf(stderr, " %x", key[i]);
fprintf(stderr," <-- key\n");
for(i =0;i<=15; ++i) fprintf(stderr, " %x", iv[i]);
fprintf(stderr," <-- iv\n");
for(i =0;i<=15; ++i) fprintf(stderr, " %x", data[i]);
fprintf(stderr, " %s", data);
fprintf(stderr," <--data\n");
}That's correct - the code above is for camera configuration files for firmware versions that don't use SQLlite storage for the data.
NVRs (and presumably DVRs though I've not looked) use quite different methods to encode exported configuration data, and also include individual device-specific data thta's needed to decode it.
nttung20161025
n3wb
- Jun 11, 2017
- 2
- 0
alastairstevenson
Staff member
See the @montecrypto hikpack tool that can do that, here :
[MCR] Hikvision packer/unpacker for 5.3.x and newer firmware
How I can send you! i.e. upload it to a 1-click hoster (i.e. depositfiles.com) and send me a private msg with a link to it for instance.
alastairstevenson
Staff member
I'm wondering if this would work for your DVR, maybe worth a try :
ipcamtalk.com
Hikvision camera admin password reset tool
If you have ever locked yourself out of a Hikvision camera or NVR by forgetting the admin password, and had to beg Hikvision or anyone else for an unlock code, you will appreciate this. I present a small tool that lets you generate your own unlock codes which can be entered into SADP to reset...
Hi All,
I have a Hik DS-7608NI-E2/8P NVR that I'm trying to reset the password on. I Tried to use the generator and setting it in the SADP pw reset screen with no luck. What are my options?
Fw: V3.4.92build 170228.
Thanks.
Edit:
I attempted to use the TFTP applcation with the computer and NVR connected to a switch which failed with the following:
Connect client failutre 0.
I have a Hik DS-7608NI-E2/8P NVR that I'm trying to reset the password on. I Tried to use the generator and setting it in the SADP pw reset screen with no luck. What are my options?
Fw: V3.4.92build 170228.
Thanks.
Edit:
I attempted to use the TFTP applcation with the computer and NVR connected to a switch which failed with the following:
Connect client failutre 0.
Last edited:
Hi All,
I have used the old FW on one of the cameras and was able to get configurationFile.
Can someone please help me to decode it ?
Thanks !!!
I have used the old FW on one of the cameras and was able to get configurationFile.
Can someone please help me to decode it ?
Thanks !!!