Hikvision FIRMWARE TOOLS - change language, extract files and create own firmware

Japtastic said:
If not, can I upgrade to a later Chinese version if I don't mind losing the English menus?
Click to expand...
Yes, unless the existing firmware has been modified to disable any updates - to stop users 'bricking' the device by not realising they should not be updated.
But a Hikvision NVR will reject a CN language / region camera with a 'language mismatch' error.
 
Thanks, not using the Hikvision NVR. Just tried but it says failed to get the upgrade status. Guess I'm stuck with an insecure camera?
 
Also tried TFTP to upgrade the firmware but it repeats 'Resend Required' a few times and then does nothing. Any way around this or is this consistent with a firmware upgrade block of some kind?
 
Japtastic said:
Any way around this or is this consistent with a firmware upgrade block of some kind?
Click to expand...
'Resend required' just means a data block sent failed the CRC check and was re-sent.
The 'does nothing' probably just means the firmware was rejected as a match for the camera.

A potential way round, though needs some low-level work, is to use the serial console to break in at a root level, and upload suitably modified files.
A fair learning curve though.
 
Thanks, I'll try to find a different CN firmware version. Any idea where from?

I'm presuming there is no guide to the low-level method?
 
HI all need help
have NVR DS-7616NI-K2/16P 3.4.99 en/ml
camera DS-2CD3T25-I3 5.5.6 build 180326 cn

and when connect with protocol hikvision or onvif always hava language mismatch

Can anyone help me solve this problem?
Donate to solve .
 
logrosgerman said:
Can anyone help me solve this problem?
Click to expand...
The cause is having a Chinese camera, and a fix would require hacked firmware in the camera, which in that version is well protected from modifications.

If you don't need motion detection recording, if continuous recording is OK, add the camera as an RTSP source using a custom protocol in the NVR web GUI camera management page.
ONVIF Device Manager will show the RTSP URL for the camera, at the bottom of the Live Video page.

Onvif Device Manager v2.2.250

Neat program for finding multiple brands of cameras that are ONVIF conformant on your network. You can also type in the username and password of your device at the top of the program to connect to a device. Once connected it displays multiple fields to edit such as image quality, picture...
ipcamtalk.com ipcamtalk.com
 
С
alastairstevenson said:
The cause is having a Chinese camera, and a fix would require hacked firmware in the camera, which in that version is well protected from modifications.

If you don't need motion detection recording, if continuous recording is OK, add the camera as an RTSP source using a custom protocol in the NVR web GUI camera management page.
ONVIF Device Manager will show the RTSP URL for the camera, at the bottom of the Live Video page.

Onvif Device Manager v2.2.250

Neat program for finding multiple brands of cameras that are ONVIF conformant on your network. You can also type in the username and password of your device at the top of the program to connect to a device. Once connected it displays multiple fields to edit such as image quality, picture...
ipcamtalk.com ipcamtalk.com
Click to expand...
Can i dowsnload firmware to nvr via com port with changed language to cn?
 
Ivan1985 said:
Attached repacked firmware with updated gui_value11.cfg file.
I have also updated the scripts to replace gui_value11.cfg in the overseas.tar.lzma

Please use next sequence:
1. Copy gui_value11.cfg, digicap.dav and scripts into one folder.
2. Run ./unpack.sh
3. Run ./repack.sh
4. Updated firmware: repack_digicap.dav

There is link to Cryptodome python library installation: Installation — PyCryptodome 3.9a0 documentation
Note: This library shall be installed for Python3.
Click to expand...
Hi.
I use your script to model kh8301-wt but is any chance to also write script to unpack and repack for Door Station KV8102-Im ? please
 
Good afternoon! There is an intercom KH8301 ordered from Aliexpress, multilingual firmware was installed, but over time the Hic-connect service began to fail, I decided to upgrade to a newer firmware. I installed version v1.5.1 build 190131, it was successful, the language was Russian, I decided to reset the settings, and after resetting, the language changed to Chinese, and now I can not change it. I tried to flash VIS_11_H5_INDOOR_STD_V1.5.0_181101, it is flashing without problems, but in the end the version does not change and the language remains Chinese. Apparently we need more recent firmware. With firmware VIS_11_H5_INDOOR_STD_V1.5.0_181102 the version of the language written does not match and nothing happens. Please help, not for free.
 
  • Like
Reactions: tregubovdu
alastairstevenson said:
OK - assuming that old firmware protects the exported configuration file in the same way as the more recent firmware - and also as the encryption passphrase has been openly published in the CVE associated with the 'plaintext passwords in configuration file' vulnerability, you can use command-line OpenSSL to decrypt the configuration file as follows:
Code: 
openssl enc -d -in configurationFile -out decryptedoutput -aes-128-ecb -K 279977f62f6cfd2d91cd75b889ce0c9a -nosalt -md md5
Then if you inspect the result with a hex editor you will see clearly that there is a 4-byte XOR encode operation needed to complete the process.
It's quite bizarre why any developer at Hikvision thinks it would be useful to just do a straight XOR of the data - there may be a reason, but it's not obvious to me.
Click to expand...

Thanks for sharing the detailed instructions. Saved me after I lost access to one of my remote cameras. I wasn't running the latest version of the firmware that fixed the backdoor attack so I upgraded once I regained access.
 
  • Like
Reactions: alastairstevenson
Mischief - annoying people, resetting, changing passwords.
Malicious - adding them to live viewing websites. There are places that people should just not have video cameras.
Bricking them.
Footholds and botnet members.
 
Hi.
I use your script to model kh8301-wt but is any chance to also write script to unpack and repack for Door Station KV8102-Im ? please
 
Stupid question but I need to backup the original firmware from one of my cameras. I cannot find this hiktools.exe that this guide is mentioning. Can anyone please help me?
 
DaveB007 said:
I cannot find this hiktools.exe that this guide is mentioning
Click to expand...
The original hiktools (which is quite dated now and limited to older firmware) is still attached to the first post of this thread.

I'm not quite sure what you mean by 'backup the original firmware'.
Could you clarify?
 
alastairstevenson said:
The original hiktools (which is quite dated now and limited to older firmware) is still attached to the first post of this thread.

I'm not quite sure what you mean by 'backup the original firmware'.
Could you clarify?
Click to expand...

I have a camera IPC-D140 which has v5.4.5 170602 written on the back. I tried using TFTP to flash a new firmware but it did not work luckily it still showed in SADP but I unfortunately I cannot access it from the browser. I read somewhere people who had to flash the original firmware on the camera. So my plan is to extract a digicap.dav from one of my cameras which I still have sealed. And flash that on the camera I am having problems with.

After I reset the camera through SADP I noticed the firmware was ipc-d140 v4.0.8 build 150325
 
You must log in or register to reply here.
Top Bottom