It is quite complicated as it involves disassembling the code of the control program, working out what it's doing (many thousands of lines of code) and finding the part that sets the way of working. Working up a patch to change that.
But a hard part is being able to unpack and decrypt the firmware to extract the code to reverse engineer and modify it. As researchers figure out how to do this, Hikvision react by adding more protection, changing the decryption key and so on.
As was suggested, they have reached a point where the tamper protection is now pretty good, and the effort to get round it is considerable, not really practical, even for fun.
So the answer is - not that easy now compared with how it used to be.