Hikvision G1 5.5+ firmware Exploring the Cam & attempting unlock

brainslayer said:
yes this is leechers hik_repack and i did not modify it. it contains all keys for g1 platform but i have the sourcecode to add new keys once i find or get them. maybe i have just a newer version. i just started for fun with this some days ago and talked with him
Click to expand...
i was hoping someone would recode and update then release into public domain. i have leecher's original source and a compiled version that does many of the hik cams.
 
@rearanger yes , but that means that you need to modifiy davinci again. davinci itself contains the update routine and is the webserver and i patched it to ignore the rsa signature if its invalid (you still see the error, but it will still work. if you talk about something different, just tell me
 
minisys also has an update routine. If i remember correctly you can utilize the update routine that minsys uses while the cam is live. From a modified web gui or from the shell prompt. You still need to pack the new digicap.dav(without key)

i could be wrong its been a while since i messed with the cam lol

(i remember i needed a method to update a modified firmware without tftp)
 
but this isnt neccessary if everything is already modifed you can flash it anyway. he standard minisys has a update routing. but it has a rsa check too. so whatever you want do, you need to modify it.
the only way i know is booting the modified minishell and flashing with tftp (format/update). if the modified variant is one time flashed you are safe
 
yes i have it unpacked and i also modified it to fix the nas storage issue and to disable the certificate check. i also enable ssh and console access at all. and i flashed 6 cameras already with it
 
  • Like
Reactions: Purduephotog
brainslayer said:
yes i have it unpacked and i also modified it to fix the nas storage issue and to disable the certificate check. i also enable ssh and console access at all. and i flashed 6 cameras already with it
Click to expand...
Sir can you please help or maybe just put me in right way on how to unpack this. I PM you
 
valentin.30395 said:
Sir can you please help or maybe just put me in right way on how to unpack this. I PM you
Click to expand...
Are you sure you are in the US? Without trying to cause offense, your writing style doesn't match someone living there. I could be wrong of course, but also a US person would put location as US not Us.
 
  • Like
Reactions: alastairstevenson
the author of the unpack tool who sended me the material which allowed me todo the modifications does not want to publish his work officially since some resellers try to buy cheap chinese variants to sell them rebranded for higher prices with international firmwares which is not good for resident companies and it will also lead to even more increased security measures by hikvision. the typical writing style i just know from asian countries gives me a warning here. in addition the unpack tool will not help you in any way since you need to break several security checks. so reverse engineering skills in assembly language are required.
 
  • Like
Reactions: Securame, alastairstevenson and watchful_ip
rearanger said:
ROLLBACK (Use leechers hik_repack v0.10 or higher)
Test was done on a cam running mini system and active 5.6.1 firmware

./hik_repack10 -u digicap554.dav en (dump 5.5.4 digicap.dav to the "en" directory)
./hik_repack10 -r digicap554.dav en newdav l=1,v=05060001 (repack 5.5.4 digicap.dav to newdav using the files in "en" with language flag 1 and v 5.6.1 version number)

rename newdav to digicap.dav

Must use TTL and montecrypto's minisystem
start putty only
CTRL + U ON BOOT
type "update"
type "format"
setup tftp on PC
Type "update"

let it boot and enjoy.

I have only gone back one version. I am not sure what will happen if you attempt to rollback too far. The cam I rolled back had a manufacture date of 04/2018 and shipping firmware of 5.5.51
Click to expand...

hi dear Rearanger
can you share the hik_repack10 as zip file with me?
 
Thanks @rearanger and @montecrypto for the mImage! Got some new G1 cube cams (DS-2CD2455FWD-IW) and got root/ash in under a day. The updated mImage worked on my uboot version 3.1.6-540659. Can someone point me in the right direction for rebuilding the firmware with the newer busybox posted? I've scp'd it in, but it disappears upon reboot, hoping for something longer term. Is it possible to repack it into digicap.dav?
 
mrpeenut24 said:
Thanks @rearanger and @montecrypto for the mImage! Got some new G1 cube cams (DS-2CD2455FWD-IW) and got root/ash in under a day. The updated mImage worked on my uboot version 3.1.6-540659. Can someone point me in the right direction for rebuilding the firmware with the newer busybox posted? I've scp'd it in, but it disappears upon reboot, hoping for something longer term. Is it possible to repack it into digicap.dav?
Click to expand...
just use a script to copy it across or install from the sd card. think there is an old montecrypto repacked digicap.dav in the forum.
 
  • Like
Reactions: mrpeenut24
:facepalm: didn't even think of the SD card. I should hang around here more often. With the executable binaries on that, I'm not sure I even need to bother rebuilding. Thanks.
 
I ended up rebuilding the digicap.dav anyway with this modified initrun.sh:

Bash: 
if [ -f /mnt/mmc01/busyboxG1-2 ] ; then
    cp /mnt/mmc01/busyboxG1-2 /bin/busybox2
fi
if [ -f /bin/busybox2 ] ; then
    for a in `/bin/busybox2 --list`; do
        if [ -f /bin/$a ] ; then
            /bin/busybox2 rm /bin/$a
        fi
        /bin/busybox2 ln -s /bin/busybox2 /bin/$a
    done
fi
sed -i 's/psh/sh/g' /etc/passwd
 
  • Like
Reactions: rearanger
You must log in or register to reply here.
Top Bottom