Hikvision camera admin password reset tool

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,779
Location
Scotland
Hey, well done!
The current couple of versions of QTS have been a bit troublesome.
And QVRpro has suddenly grown a whole raft of bugs.
 

number8

n3wb
Joined
Jun 12, 2017
Messages
9
Reaction score
2
I purchased a Hikvision DS-2CD3Q10FD-IW V5.4.3 camera from ebay 3 years ago and have forgotten my password over 18 months ago. I have a few queries:

1. It’s a standalone camera and I don’t know how to interrogate the camera for the date for the password reset tool. It has been powered down for over 18 months. Because its powered down for 18 months does the camera reset to default password?
I originally configure the camera to trigger on motion detection and send me the event by email, however it appears that configuration is lost since it’s been powered down for some time. I was hoping to get the camera date this way.

2. Does the SADP work without a NVR

3 . Is there a limit in number of tries admin-password-reset-tool in entering the date?

I am overly cautious as I have one more try before the camera locks me out or is the password reset tool interrogation independent on the number of failed login tries?

Thanks in anticipation.
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,779
Location
Scotland
I purchased a Hikvision DS-2CD3Q10FD-IW V5.4.3
That version of firmware I think has the Hikvision backdoor vulnerability.
Therefore you should be able to do a password reset using the updated version of the password reset tool here : Hikvision camera admin password reset tool
I don’t know how to interrogate the camera for the date for the password reset tool.
That's for the old version - not the updated one. Take another look at the post.
3 . Is there a limit in number of tries admin-password-reset-tool in entering the date?
Not relevant when using the updated version of the reset tool.

If you want to find out if your forgotten password is rude or embarrassing, your could try extracting the configuration file, zip it up and attach here, and I will decrypt and decode it for you, and extract the password.
Use this URL, see if it works, change the IP address for the actual IP address of the camera (maybe confirmed by usning SADP)
http://192.168.1.18/System/configurationFile?auth=YWRtaW46MTEK

2. Does the SADP work without a NVR
Yes, it does.
 

levian

n3wb
Joined
May 10, 2016
Messages
8
Reaction score
3
Wow thanks for the tool. I thought my cams stopped working, but turns out someone somewhere changed my passwords... Feeling a bit stupid that i started researching right after I bought new dahua cams to replace them :facepalm:
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,779
Location
Scotland
but turns out someone somewhere changed my passwords...
It sounds like they are accessible from the internet.
Deliberate, or unintentional?
And they must be vulnerable to the Hikvision backdoor exploit for the reset tool to work.
 

levian

n3wb
Joined
May 10, 2016
Messages
8
Reaction score
3
It sounds like they are accessible from the internet.
Deliberate, or unintentional?
And they must be vulnerable to the Hikvision backdoor exploit for the reset tool to work.
It was over the course of a few months, one of my cam kept going offline, I thought it was just defective because it kept resetting to the default password (12345abc) so I changed it back and it was fine. Eventually I just couldn't access it anymore so I replaced it thinking it failed. Then the next hikvision cam would go offline too... and then the next one as well (I could still see them connected to my router, but didn't think much of it). I just thought hikvision cams I bought on ebay were crap so I went and ordered some dahua cams last week.

And then I just found out about the backdoor exploit. Tried the tool and easily changed the password and all cams were back online.

So yeah I'm still reading on how to make it more secure/disable access to internet
They're all on the V5.2.5build 141201 firmware (DS-2CD3132F-IW). I'm not sure if I can upgrade it since they were bought from ebay (A bit afraid of bricking them :D) **edit: Seems a bit too troublesome to upgrade so I'll leave it as is.
I also found out that maybe the wifi was on(?) Apparently can't disable it on this firmware version, the SSID was 'davinci' by default and not secured.
Disabled UPnP on both cams and router
Disabled Telnet, SSH, NTP, P2P, WPS
Cleared DNS server

If I'm missing anything, feel free to let me know
 
Last edited:

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,779
Location
Scotland
So yeah I'm still reading on how to make it more secure/disable access to internet
It's good that you've accessed the cameras and router web GUI and disabled UPnP.
With that enabled on the router - any UPnP-enabled device on the LAN could configure the router firewall to allow inbound access.

Seems a bit too troublesome to upgrade so I'll leave it as is.
It's pretty straightforward to convert to fiull English and fully update - loads of people have done it :
Unbrick and fully upgrade your R0 / DS-2CD2x32 IP cameras -
R0 / DS-2CD2x32 BrickfixV2 brick recovery and full upgrade tool - enhanced.

Apparently can't disable it on this firmware version, the SSID was 'davinci' by default and not secured.
Yes, that's the default setting.
It's unlikely to be used an an attack vector - but change the SSID to something cryptic, away from the default.
 
Joined
Sep 21, 2018
Messages
2
Reaction score
0
Location
Hull, UK
Hi Guys,

My installer won't provide me with the password to login to my NVR and when I try the code generated by the password reset utility SADP "fails to reset password".

Can someone please help? Am I doing something wrong?

Hikvision DS-7104HGHI-F1 - running software version v3.4.84build 170626
Start Time 2018-09-21 20:32:14

I've uploaded the XML file.

Thanks in advance
 

Attachments

bp2008

Staff member
Joined
Mar 10, 2014
Messages
12,666
Reaction score
14,007
Location
USA
I don't know of a publicly available password reset tool for the XML file reset method. It might be possible to factory reset your NVR via a button or something inside it, or by sending it new firmware via the TFTP method. I am not an expert in these matters like alastairstevenson is ... he can probably tell you more.
 
Joined
Sep 21, 2018
Messages
2
Reaction score
0
Location
Hull, UK
I don't know of a publicly available password reset tool for the XML file reset method. It might be possible to factory reset your NVR via a button or something inside it, or by sending it new firmware via the TFTP method. I am not an expert in these matters like alastairstevenson is ... he can probably tell you more.
No worries - any ideas why SADP/my DVR doesn't like the codes generated by the password reset tool? Hopefully alastairstevenson can help.
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,779
Location
Scotland
by sending it new firmware via the TFTP method.
Whilst not having tried it on that specific DVR model - on all the cameras and NVRs I've seen, the Hikvision tftp updater resets the device to factory defaults and usually can be used as a last-ditch password reset method for firmware that's too new for the 'Hikvision backdoor exploit'.
 
Joined
Sep 24, 2015
Messages
7
Reaction score
0
Location
New Zealand
Hi Team, I have 3 DS-2CD2342WD-I cameras and a DS-7604NI-E1/4P NVR, all from April this year purchased at AliExpress. I was only able to install them now and have unfortunately relised I don't have the passwords as the passwords provided by the vendor are all wrong. The Firmware on the Cams is V5.5.0 and the NVR V3.4.98. What are my options to get the passwords, as I understood the new Firmwares you are out of luck with the current tools. Thanks for your help.
 
Top