Menu
What's new

Hikvision DS-2CD2043G0-I firmware 5.6.3 reverse engineering

K

klopp

n3wb
Joined
Feb 22, 2020
Messages
1
Reaction score
0
Location
Italy
Hello everyone,

I am new to this forum and I really like a lot the contents in here. What I am trying to do is to reverse the firmware 5.6.3 for the camera DS-2CD2043G0-I.

I tried with the tool from here and I was able to gather only this info:

Code: 
Magic   : 484b3230
hdr_crc : 000023cd (OK)
frm_flg : 2010050031111110011
*** ERROR *** parse -3
I run the tool in this way:

Code: 
hikpack -t G0 -i digicap.dav
I have an error which I don't know the meaning and when I run the tool in this way:

Code: 
hikpack -t G0 -x digicap.dav -o out/
I get only a file which is named 'header_20' with inside this content:

Code: 
00000000  30 32 4b 48 cd 23 00 00  6c 00 00 00 00 00 00 00  |02KH.#..l.......|
00000010  4f 25 2a 02 01 00 00 00  ff ff ff ff ff ff ff ff  |O%*.............|
00000020  ff ff ff ff ff ff ff ff  ff ff ff ff 32 30 31 30  |............2010|
00000030  30 35 30 30 33 31 31 31  31 31 31 30 30 31 31 00  |050031111110011.|
00000040  32 30 31 30 30 35 30 30  33 31 31 31 31 31 31 30  |2010050031111110|
00000050  30 31 31 00 00 03 9e 5f  c1 ad 2f b3 18 da d2 1b  |011...._../.....|
00000060  6c 00 00 00 e3 24 2a 02  50 53 76 13              |l....$*.PSv.|
0000006c
I also run 'binwalk' on the digicap.dav file and I get this ouput without any file extracted:

Code: 
DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
3035719       0x2E5247        HPACK archive data
8208484       0x7D4064        mcrypt 2.5 encrypted data, algorithm: "", keysize: 4084 bytes, mode: "M",
At this point I don't know what to do. I know for sure that the image of the firmware is encrypted, but I don't know how to decrypt it in order to extract the firmware.

By the way I do own the camera, there is something I can do?

PS: The firmware on what I am working is 'IPC_G1_EN_STD_5.6.3_190923.zip' (you found attached to this thread).
 

Attachments

R

rearanger

Getting the hang of it
Joined
Feb 10, 2016
Messages
224
Reaction score
96
Location
Scottish Borders
If you have root/ash on the cam the files are on the the cam decrypted.
Hikpack will not decrypt some of the newer firmwares. (most of the keys are in there , I do not know why it does not work)
Also hikpack does not do some of the newer models like G1/e? series

G1 can run a minisys that gains root.

Please see Hikvision G1 5.5+ firmware Exploring the Cam & attempting unlock

hope that helps
 
You must log in or register to reply here.
Top