Hikvision Checksum

Der Graue · Apr 15, 2015

OK, I don't do the hack.
Thank you for your work!

adderllyer · Apr 16, 2015

powerful and many thanks

AKalm said:
Mtd hack works on 5.2.8 (5.2.5) cameras!!

Just need to calculate a new checksum when you are modifying the mtd's (change 02 to 01 that's done at the red circled byte), analysis - checksum.. - checksum-16, and write the result 2 bytes before F4, pictures attached for example:

This works for 5.2.8 (5.2.5) cameras:
2032, 2232, 2332 tested 100%

Still bricking: 2132, 2732 (different type of checksum)

Not tested: 2432, 2532, 2632 (don't have 5.2.8 at home)

("You can confirm this for yourself if you take any unchanged mtdblock5 or 6 hardware descriptor segment, highlight the number of bytes spanned by the checksum (F4 above, but doesn't have to be that), get HxD to do a Checksum-16 calculation, and compare the result with the checksum that's already stored in the segment.")

AKalm · Apr 16, 2015

Regarding to whoslooking you can try:

He made an 5.1.6 which can be bootable in most cases, won't brick if you downgrade, give it a try, if it boots, then do the mtd hack, and upgrade back to 5.2.5.

Originally Posted by whoslooking
HIKVISION 5.16 Full English including days of the weeks.

works with all 2cd2xxx models. Just flash with TFTP.

will work with some 5.2.8 models, if your 5.2.8 camera bricks just reflash back to 5.2.5 (this is not the firmware it's your Camera)

https://www.dropbox.com/s/k0jejxhyvn...5.1.6.rar?dl=0

Enjoy!

Der Graue said:
The seller of the Cam (labled 5.2.8 and 5.2.0 ML inside) wrote me: "Do not try to change the camera's firmware. The results will be bad."
I'll let out my hands off for now.

scn101 · Apr 16, 2015

I'll add another data point, 2332 cam, originally 5.2.8 from the factory, now 5.2.0 as delivered from China, in full English including the day of the week. The language flags are 02 but my checksums are not Checksum-16. My NVR does not complain about a "language mismatch." The NVR will complain about the language mismatch if I change the FW to 5.2.5. So they've hacked something that makes this cam English with a Chinese language flag. If I change the language flags to a 01 the camera will brick and I will need to do a tftp recovery.

Any thoughts?

adderllyer · Apr 17, 2015

Try with my 2332, bricked. SADP can't find the IP Cam now.
How to de-bricked?

AKalm said:
Regarding to whoslooking you can try:

He made an 5.1.6 which can be bootable in most cases, won't brick if you downgrade, give it a try, if it boots, then do the mtd hack, and upgrade back to 5.2.5.

Originally Posted by whoslooking
HIKVISION 5.16 Full English including days of the weeks.

works with all 2cd2xxx models. Just flash with TFTP.

will work with some 5.2.8 models, if your 5.2.8 camera bricks just reflash back to 5.2.5 (this is not the firmware it's your Camera)

https://www.dropbox.com/s/k0jejxhyvn...5.1.6.rar?dl=0

Enjoy!

adderllyer · Apr 17, 2015

try 2332-i with firmware 528 , product date 20150313, seems chechsum-16 is not work, with different value

AKalm · Apr 17, 2015

SADP even can't find the cam when upgrading back to 5.2.5 with TFTP?

Have you succesfully downgraded to 5.16? Did the hack? Upgrade back?

Use an USB to RS232/TTL adapter and reload the original mtds

adderllyer said:
Try with my 2332, bricked. SADP can't find the IP Cam now.
How to de-bricked?

adderllyer · Apr 17, 2015

Thanks @AKalm for you quick reply.

SADP even can't find the cam when upgrading back to 5.2.5 with TFTP?

Now TFTP can't connect the cam, so can't upgrading back to 5.2.5

Have you succesfully downgraded to 5.16? Did the hack? Upgrade back?

Use TFTP downgraded to 5.16 success, but cam can't boot. no hack, no upgrade back

Use an USB to RS232/TTL adapter and reload the original mtds

can you let me detail introduction of how to use an USB to RS232/TTL adapter?

Originally Posted by adderllyer
Try with my 2332, bricked. SADP can't find the IP Cam now.
How to de-bricked?

AKalm · Apr 17, 2015

TFTP should still force the firmware on. Firewall is off? But i see if you could downgrade, then settings look fine.

I'm waiting for my USB adapter, but as I heard it's not complicated.

You should ask @networkcameracritic

At the moment I know that you have to connect the adapter to the circuit board's rs232/ttl connector, get in to the bootloader (probably with software like a file transfer client or putty), and copy back the original mtd's.

http://www.ipcamtalk.com/member.php/9-networkcameracritic

adderllyer said:
Thanks @AKalm for you quick reply.

Now TFTP can't connect the cam, so can't upgrading back to 5.2.5

Use TFTP downgraded to 5.16 success, but cam can't boot. no hack, no upgrade back

can you let me detail introduction of how to use an USB to RS232/TTL adapter?

Originally Posted by adderllyer
Try with my 2332, bricked. SADP can't find the IP Cam now.
How to de-bricked?

adderllyer · Apr 17, 2015

which type "USB adapter" you buy? USB to RS232 TTL Serial CableAdapter?

AKalm said:
TFTP should still force the firmware on. Firewall is off? But i see if you could downgrade, then settings look fine.

I'm waiting for my USB adapter, but as I heard it's not complicated.

You should ask @networkcameracritic

At the moment I know that you have to connect the adapter to the circuit board's rs232/ttl connector, get in to the bootloader (probably with software like a file transfer client or putty), and copy back the original mtd's.

http://www.ipcamtalk.com/member.php/9-networkcameracritic

AKalm · Apr 17, 2015

I bought the same type that you've linked

adderllyer said:
which type "USB adapter" you buy? USB to RS232 TTL Serial CableAdapter?

adderllyer · Apr 17, 2015

Thanks @AKalm

AKalm said:
I bought the same type that you've linked

wozzzzza · Apr 17, 2015

AKalm said:
You should ask @networkcameracritic

if he was still alive then yes we could, but he is no longer breathing on this planet so we cant. obviously don't have internet in heaven yet. maybe is he waiting for the connection to be installed.

scn101 · Apr 17, 2015

Why did you choose the "55/U?" Would it be safer to just add one to the day of the week? I wonder what "HRVKGU" signifies?

scn101 · Apr 17, 2015

AKalm said:
You can try to do that. This one works for sure. And doesn't show up any difference anywhere. And what does original HRVKGT signifies? Doesn't really matter if you mod this but if you mod day of the week I guess that makes difference (if won't brick)

I don't dare try either because my 2332 camera did not have a checksum-16. My IPC seems to have either a different checksum or a different mechanism all together. See my post #24 earlier in this thread.

S474N · Apr 17, 2015

Have one chinese DS-2CD2132F-IS for testing. And also next same cam with eng.

Any ideas?

S474N · Apr 17, 2015

This is from chinese DS-2CD2132F-IS:

S474N · Apr 17, 2015

And this one is from english "but modified by seller":

Interesting is, that have it 02, but all menus are in English with correct date of week - "originally modified"

soulja · Apr 17, 2015

You can update the camera again to 5.2.5 and when its english its a permanent hack.. if not its just a firmware hack

S474N · Apr 17, 2015

Why? I know, that is modified from buyer. Lang is 02. I can solve first cam, which has menu in Chinese and I cannot connect it to NVR (lang. mismatch).

Hikvision Checksum

n3wb

n3wb

Young grasshopper

Getting the hang of it

Attachments

n3wb

n3wb

Young grasshopper

n3wb

Young grasshopper

n3wb

Young grasshopper

n3wb

Getting the hang of it

Getting the hang of it

Getting the hang of it

Getting the hang of it

Getting the hang of it

Attachments

Getting the hang of it

Attachments

Young grasshopper

Getting the hang of it