I have looked at the output file from SADP with several editors, Hex editor, Geany and the like, and searched them for the passwords you gave me, to no avail.
That XML file from SADP is a password reset request file and does not hold any passwords, just a signed request code.
When processed by a Hikvision system with their private key, creating a response file, the originating camera authenticates that file with the public key and clears the locally stored password.
Any chance you'd share what you are doing?
The configuration files that are exported by the older firmware are reversibly encrypted using a key which can be determined by reverse engineering the firmware, and also subject to a very obvious XOR encode, allowing the password which is stored in plaintext to be exposed.
Normally it should only be possible to export a configuration file if the admin credentials are known - but a serious security vulnerability in many versions of the firmware allows the configuration file to be exported without requiring any credentials.
Hence the admin password - and many other parameters - can be easily found.