Try other pressed combination: ctrl+B or others.
Be sure, that you have word uart adapter, good ground connect, and good tx connect.
Ashkan.shajari
n3wb
I try cntrl B (putty) and it works and bootstop works properly and i config and change MAC address with (config ethaddr) successfully. Tnx for your attention!
Dahua: * button
Hikvision: cntrl U
Unv : cntrl B
For bootstop/.Tf232 serial port ttl
Dahua mac : mac and ethaddr saveenv
Hikvision mac : ethaddr saveenv
Unv mac: config ethaddr saveenv
Setenv mac for other devices/.
Ashkan.shajari
n3wb
I try cntrl B (putty) and it works and bootstop works properly and i config and change MAC address with (config ethaddr) successfully. Tnx for your attention!
Dahua: * button
Hikvision: cntrl U
Unv : cntrl B
For bootstop/.Tf232 serial port ttl
Dahua mac : mac and ethaddr saveenv
Hikvision mac : ethaddr saveenv
Unv mac: config ethaddr saveenv
Setenv mac for other devices/.
Hello, did you resolve this issue ? have an axhub, but it will not boot up - with electricity, only green led solid start, nothing else :-( thanks for reply
I am excited to report, that I was successful in recovering the password of my NVR - DS-7608NI-E2/8P. I spent weeks at it, and actually capitulated twice. Took out the hard drives and reformatted them to see if I could use them elsewhere in my network.Only to try again last night with success ! Hooray. I am here to let you know how I did it, and payback to those of you who inspired me.
The method I used was the TFTP approach using the scott lamb python3 script off the github.
The main problem was that the TFTP program would simply hang and do nothing. Yet I proved the following:
I cranked up vscode and loaded the python script into the IDE.
Then went into the terminal window at the bottom of the vscode ide, and typed the exact same command to run the script eg.
sudo python hikvision_tftp3.py
and it WORKED ! Took only a few seconds to load he digicap file via the tftp program, and the terminal windows provided a lot of feedback during the transfer. With a welcome success message at the end.
I don't really understand why though... there must be something environmental in how vscode is able to run python, that is somewhat different that a typical terminal window in linux.
Interesting stuff...
I am new to surveillance so now rampiing up on how setup the nvr and cameras in a meaningful way....
Hope this experience might help someone else....
The method I used was the TFTP approach using the scott lamb python3 script off the github.
The main problem was that the TFTP program would simply hang and do nothing. Yet I proved the following:
- Hikvision NVR briefly changes its IP to 192.0.0.64
- Arp packets fly around the network, agreeing to acknowledge the NVR nad TFTP Server address.
- I change my pc ip address to the server address... eg 192.0.0.128
- I reboot the NVR multiple times. The ptython TFTP sits there, fut fails to act despite the fact that ip addresses are all good.
- I tried doing this in linux and windows... but both failed.
- I stopped any firewalling, and opened up my opnsense network very wide.
- The TFTP program simply fails to acknowledge the NVR.
I cranked up vscode and loaded the python script into the IDE.
Then went into the terminal window at the bottom of the vscode ide, and typed the exact same command to run the script eg.
sudo python hikvision_tftp3.py
and it WORKED ! Took only a few seconds to load he digicap file via the tftp program, and the terminal windows provided a lot of feedback during the transfer. With a welcome success message at the end.
I don't really understand why though... there must be something environmental in how vscode is able to run python, that is somewhat different that a typical terminal window in linux.
Interesting stuff...
I am new to surveillance so now rampiing up on how setup the nvr and cameras in a meaningful way....
Hope this experience might help someone else....
Hi experts,
I'm fighting with password reset/FW update on my DS-7104HQHI-K1 (board version 80388_P Rev 2.1) V4.30.212 build 210618. I have the same firmware downloaded on my PC and trying to upload it to the DVR via tftpd32, but after upload I'm always getting "upgrade packet mismatch", see below.
Any idea/suggestion please?
I press [enter], DVR reboots and still asking for password.
I'm fighting with password reset/FW update on my DS-7104HQHI-K1 (board version 80388_P Rev 2.1) V4.30.212 build 210618. I have the same firmware downloaded on my PC and trying to upload it to the DVR via tftpd32, but after upload I'm always getting "upgrade packet mismatch", see below.
Any idea/suggestion please?
Code:
HKVS $ setenv ';printenv'
arch=arm
baudrate=115200
board=fy01
board_name=fy01
bootargs=mem=160M console=ttyS0,115200
bootcmd=tftpboot 0x82000000 uImage;bootm 0x82000000;
bootdelay=0
cpu=armv7
default=mtdparts;ubi part flash_sys0;ubifsmount ubi:sys0;ubifsload 0x82000000 uImage;
deviceID=RkYmyqSGgj8cH3S0te7sOR88BWNPVtk=
device_type=DS-7104HQHI-K1
ethaddr=24:0f:9b:21:82:ab
fdtcontroladdr=9fe34910
gatewayip=192.0.0.1
identification=0000000100000001000002000x9D500000003000000020001
ipaddr=192.0.0.64
mac_mode=inner
mtdids=nand0=nandflash0
mtdparts=mtdparts=nandflash0:4m(boot),52m(flash_sys0),52m(flash_sys1)
netmask=255.255.255.0
passwd=u2kt5kIP+/imuYE+s2SZXqqmZz/2vGKSF+ec+CfX1dc=
phy_addr=10
phyaddr0=0
sec=tftpboot 0x82000000 Ky2019-B1-uImage_sec;bootm 0x82000000;
serverip=192.0.0.128
soc=molchip
stderr=uart@0x18300000
stdin=uart@0x18300000
stdout=uart@0x18300000
update_ip=192.0.0.64
vendor=molchip
ver=U-Boot 2017.09-svn54936 (Dec 31 2020 - 11:43:06)
verify=y
Environment size: 1009/131068 bytes
HKVS $ setenv ';update'
Loading file 'uImage' to addr 0x82000000...
Done
the uImage support update_v3.
Verifying RSA ... OK
## Booting kernel from Legacy Image at 82000000 ...
Image Name: Linux-4.9.138
Image Type: ARM Linux Kernel Image (uncompressed)
Data Size: 3694902 Bytes = 3.5 MiB
Load Address: 80008000
Entry Point: 80008000
Verifying Checksum ... OK
Loading Kernel Image ... OK
Starting kernel ...
Thu Jan 1 00:00:01 UTC 1970
mv: can't rename 'ubi*': No such file or directory
Starting udev: [ OK ]
-0-[ 3.545345] dwceqos 1b900000.ethernet eth0: Link is Up - 100Mbps/Full - flow control rx/tx
This program will download and upgrade software.
*******************************************************
* ATTENTION!! PLEASE READ THIS NOTICE CAREFULLY! *
* Don't reset machine,or anything that interrupt it. *
* The upgrade process must finish in 10 minutes! *
* If this program fails,machine might be unusable, *
* and you will need to reflash again. *
* If you find this too risky,power off machine now. *
*******************************************************
ftp server not exit[-110]!
################################ [ 8.000 MB]
################################ [16.000 MB]
###########
tftp transmit over,file size[19669356][18.776 MB].
[cramfs.img ]: offset is 108 size is 19668992
The digicap info: language - 0x1 device_class - 0x5A oemCode - 0xFFFFFFFF
file header error, filenums:954053725
The board info: language - 0x1 device_class - 0x9D5 oemCode - 0x1
upgrade packet mismatch, please select correct packet
Can not find correct packet for upgrade, give up!!!
failed(-5)!
Press ENTER key to rebootI press [enter], DVR reboots and still asking for password.
alastairstevenson
Staff member
That means it's the wrong firmware for the device.
Where did you download the firmware from?
What exactly is the model number on the barcode label?
Maybe this version, K72A :
Also - do a setenv ';help' to see if there is an erasecfg or similar command.
Hi alastairstevenson,
many thanks for quick reply.
I downloaded the FW from I see no more details on the device's bar code, see picture below.
see HKVS $ setenv ';help'
? - alias for 'help'
base - print or set address offset
bdinfo - print Board Info structure
bootelf - Boot from an ELF image in memory
bootm - boot application image from memory
bootp - boot image via network using BOOTP/TFTP protocol
bootvx - Boot vxWorks from an ELF image
cdp - Perform CDP network configuration
chpart - change active partition
cmp - memory compare
cp - memory copy
crc32 - checksum calculation
ddr_info- ddr training info molchip soc
dm - Driver model low level access
echo - echo args to console
env - environment handling commands
fdt - flattened device tree utility commands
go - start application at address 'addr'
help - print command description/usage
iminfo - print header information for application image
loop - infinite loop on address range
md - memory display
mdio - MDIO utility commands
mii - MII utility commands
mm - memory modify (auto-incrementing address)
mtdparts- define flash/nand partitions
mw - memory write (fill)
nand - NAND sub-system
nboot - boot from NAND device
nm - memory modify (constant address)
ping - send ICMP ECHO_REQUEST to network host
printenv- print environment variables
rarpboot- boot image via network using RARP/TFTP protocol
reset - Perform RESET of the CPU
run - run commands in an environment variable
saveenv - save environment variables to persistent storage
setenv - set environment variables
source - run script from memory
tftpboot- boot image via network using TFTP protocol
tftpput - TFTP put command, for uploading files to a server
ubi - ubi commands
ubifsload- load file from an UBIFS filesystem
ubifsls - list files in a directory
ubifsmount- mount UBIFS volume
ubifsumount- unmount UBIFS volume
version - print monitor, compiler and linker version
many thanks for quick reply.
I downloaded the FW from I see no more details on the device's bar code, see picture below.
see HKVS $ setenv ';help'
? - alias for 'help'
base - print or set address offset
bdinfo - print Board Info structure
bootelf - Boot from an ELF image in memory
bootm - boot application image from memory
bootp - boot image via network using BOOTP/TFTP protocol
bootvx - Boot vxWorks from an ELF image
cdp - Perform CDP network configuration
chpart - change active partition
cmp - memory compare
cp - memory copy
crc32 - checksum calculation
ddr_info- ddr training info molchip soc
dm - Driver model low level access
echo - echo args to console
env - environment handling commands
fdt - flattened device tree utility commands
go - start application at address 'addr'
help - print command description/usage
iminfo - print header information for application image
loop - infinite loop on address range
md - memory display
mdio - MDIO utility commands
mii - MII utility commands
mm - memory modify (auto-incrementing address)
mtdparts- define flash/nand partitions
mw - memory write (fill)
nand - NAND sub-system
nboot - boot from NAND device
nm - memory modify (constant address)
ping - send ICMP ECHO_REQUEST to network host
printenv- print environment variables
rarpboot- boot image via network using RARP/TFTP protocol
reset - Perform RESET of the CPU
run - run commands in an environment variable
saveenv - save environment variables to persistent storage
setenv - set environment variables
source - run script from memory
tftpboot- boot image via network using TFTP protocol
tftpput - TFTP put command, for uploading files to a server
ubi - ubi commands
ubifsload- load file from an UBIFS filesystem
ubifsls - list files in a directory
ubifsmount- mount UBIFS volume
ubifsumount- unmount UBIFS volume
version - print monitor, compiler and linker version