powerful and many thanks
Mtd hack works on 5.2.8 (5.2.5) cameras!!
Just need to calculate a new checksum when you are modifying the mtd's (change 02 to 01 that's done at the red circled byte), analysis - checksum.. - checksum-16, and write the result 2 bytes before F4, pictures attached for example:
This works for 5.2.8 (5.2.5) cameras:
2032, 2232, 2332 tested 100%
Still bricking: 2132, 2732 (different type of checksum)
Not tested: 2432, 2532, 2632 (don't have 5.2.8 at home)
("You can confirm this for yourself if you take any unchanged mtdblock5 or 6 hardware descriptor segment, highlight the number of bytes spanned by the checksum (F4 above, but doesn't have to be that), get HxD to do a Checksum-16 calculation, and compare the result with the checksum that's already stored in the segment.")
Regarding to whoslooking you can try:
He made an 5.1.6 which can be bootable in most cases, won't brick if you downgrade, give it a try, if it boots, then do the mtd hack, and upgrade back to 5.2.5.
Originally Posted by whoslooking 
HIKVISION 5.16 Full English including days of the weeks.
works with all 2cd2xxx models. Just flash with TFTP.
will work with some 5.2.8 models, if your 5.2.8 camera bricks just reflash back to 5.2.5 (this is not the firmware it's your Camera)
https://www.dropbox.com/s/k0jejxhyvn...5.1.6.rar?dl=0
Enjoy!
He made an 5.1.6 which can be bootable in most cases, won't brick if you downgrade, give it a try, if it boots, then do the mtd hack, and upgrade back to 5.2.5.
HIKVISION 5.16 Full English including days of the weeks.
works with all 2cd2xxx models. Just flash with TFTP.
will work with some 5.2.8 models, if your 5.2.8 camera bricks just reflash back to 5.2.5 (this is not the firmware it's your Camera)
https://www.dropbox.com/s/k0jejxhyvn...5.1.6.rar?dl=0
Enjoy!
I'll add another data point, 2332 cam, originally 5.2.8 from the factory, now 5.2.0 as delivered from China, in full English including the day of the week. The language flags are 02 but my checksums are not Checksum-16. My NVR does not complain about a "language mismatch." The NVR will complain about the language mismatch if I change the FW to 5.2.5. So they've hacked something that makes this cam English with a Chinese language flag. If I change the language flags to a 01 the camera will brick and I will need to do a tftp recovery.
Any thoughts?
Any thoughts?
Attachments
Try with my 2332, bricked. SADP can't find the IP Cam now.
How to de-bricked?
How to de-bricked?
Regarding to whoslooking you can try:
He made an 5.1.6 which can be bootable in most cases, won't brick if you downgrade, give it a try, if it boots, then do the mtd hack, and upgrade back to 5.2.5.
Originally Posted by whoslooking
HIKVISION 5.16 Full English including days of the weeks.
works with all 2cd2xxx models. Just flash with TFTP.
will work with some 5.2.8 models, if your 5.2.8 camera bricks just reflash back to 5.2.5 (this is not the firmware it's your Camera)
https://www.dropbox.com/s/k0jejxhyvn...5.1.6.rar?dl=0
Enjoy!
try 2332-i with firmware 528 , product date 20150313, seems chechsum-16 is not work, with different value
SADP even can't find the cam when upgrading back to 5.2.5 with TFTP?
Have you succesfully downgraded to 5.16? Did the hack? Upgrade back?
Use an USB to RS232/TTL adapter and reload the original mtds
Have you succesfully downgraded to 5.16? Did the hack? Upgrade back?
Use an USB to RS232/TTL adapter and reload the original mtds
Thanks @AKalm for you quick reply.
Originally Posted by adderllyer
Try with my 2332, bricked. SADP can't find the IP Cam now.
How to de-bricked?
Now TFTP can't connect the cam, so can't upgrading back to 5.2.5
Use TFTP downgraded to 5.16 success, but cam can't boot. no hack, no upgrade back
can you let me detail introduction of how to use an USB to RS232/TTL adapter?
Try with my 2332, bricked. SADP can't find the IP Cam now.
How to de-bricked?
Last edited by a moderator:
TFTP should still force the firmware on. Firewall is off? But i see if you could downgrade, then settings look fine.
I'm waiting for my USB adapter, but as I heard it's not complicated.
You should ask @networkcameracritic
At the moment I know that you have to connect the adapter to the circuit board's rs232/ttl connector, get in to the bootloader (probably with software like a file transfer client or putty), and copy back the original mtd's.
http://www.ipcamtalk.com/member.php/9-networkcameracritic
I'm waiting for my USB adapter, but as I heard it's not complicated.
You should ask @networkcameracritic
At the moment I know that you have to connect the adapter to the circuit board's rs232/ttl connector, get in to the bootloader (probably with software like a file transfer client or putty), and copy back the original mtd's.
http://www.ipcamtalk.com/member.php/9-networkcameracritic
Thanks @AKalm for you quick reply.
Now TFTP can't connect the cam, so can't upgrading back to 5.2.5
Use TFTP downgraded to 5.16 success, but cam can't boot. no hack, no upgrade back
can you let me detail introduction of how to use an USB to RS232/TTL adapter?
Originally Posted by adderllyer
Try with my 2332, bricked. SADP can't find the IP Cam now.
How to de-bricked?
if he was still alive then yes we could, but he is no longer breathing on this planet so we cant. obviously don't have internet in heaven yet. maybe is he waiting for the connection to be installed.
Why did you choose the "55/U?" Would it be safer to just add one to the day of the week? I wonder what "HRVKGU" signifies?
I don't dare try either because my 2332 camera did not have a checksum-16. My IPC seems to have either a different checksum or a different mechanism all together. See my post #24 earlier in this thread.
You can update the camera again to 5.2.5 and when its english its a permanent hack.. if not its just a firmware hack