Hikvision FIRMWARE TOOLS - change language, extract files and create own firmware

What determines if Hiktools will work with a specific firmware is the version of that firmware and how it has been assembled, including the encoding used.
 
Hi,

Will it work with this version of hikvision camera DS-2CD3410FD-IW or DS-2CD1103-I?

Thanks


Yes it will unpack the firmware, but the 5.30 version of firmware is partly encoded so just unpacking is only half the job.
 
camera?
5.2.5 is also ok for me, I don't care of having the latest one. And I suppose we can downgrade 5.3.0 to modified 5.2.5 anyway?
 
Until a new way comes along it the only choice at the moment for build 5.30 versions.
 
Well, yes, but without the original tool being open, even that isn't possible for a number of people. The header of the files I have differ slightly to the original Hikvision ones, so the original tool was no use.
 
I think you are being clever. Without using the original, you might not know the purpose of the header fields.

However, it does not matter. Hiktools over - now he needs eXtra instruments.
You can show yourself. But it will be much harder. And I will not give you the original tool. ))
 
It's all in the Hikvision binaries as well, but reversing your exe was quicker and easier.

What are you talking about bit-twiddler?
 
I did try one of the XOR cracking tools on the newer encoded text files such as start.sh, which will have some predictable plain-text, but did not get anywhere.
I wondered a while back if anyone has succeeded in running any of the Hikvision firmware in a board emulation environment so some debugging can be done.
That's a bit beyond my existing knowledge base, but it might be an interesting intellectual exercise and fun to try.
I need to keep the old brain active somehow before more decay sets in.
 
I have root on a camera running v5.0.5. Can I use the v5.3.0 dav file to update the firmware on this camera?

If so, the davinci binary that deals with the firmware upgrades should be able to decode both.
 
The older camera's pre 5.25 has no response to the questions asked by the firmware, so it allows it to run.
That means you can still upgrade the firmware on older camera's.
On version 5.25 and 5.28 an error was made by HIK, these camera's (Chinese region) are stuck on their firmware. If you want a challenge look at MTD0 and MTD1 ( maybe in other places too) on an older model then compare it to newer version 5.30 and see what needs to be stripped out, if you work that out you have solved the puzzle.
 
Last edited by a moderator:
If so, the davinci binary that deals with the firmware upgrades should be able to decode both.
Remember that the u-boot bootloader handles the tftp updating process - davinci is not in play at that point. Though no requirement at this point to decode the updated firmware.
And then when the camera boots up post-upgrade, it's only the uImage that's not encoded, it's the first thing to execute after u-boot has finished.
 
Silly question, but how do I download the firmware already on the device? I have some Chinese 5.2.8 2132 cameras, and was hoping to download the firmware. I am able to Telnet in but there's no way for me to get the firmware out?
 
Last edited by a moderator:
Silly question, but how do I download the firmware already on the device? The instructions floating around work for Telnet/FTP but I can't find any options on 5.2.8. Thanks!

5.28 was a failed release that's why there is no posted download of it
Just follow the guides on 5.2.5 for the mtd hack
 
  • Like
Reactions: msqr
Oh I see, thanks! OK so there's no use backing up the firmware on the 5.2.8 camera I guess? I'll just download and upload 5.2.5 then? Thanks!
 
Spot on