HIKVISION mtd Brick Recovery Guide

If it's fully erased, full of FF, then that will be OK.
On any case, brick-fixV2 deals with that automatically.
 
OK, will try. 7 cams have 5.2.3 and this one has 5.2.5 and have problem with empty mtd1.
 
S474N said:
this one has 5.2.5 and have problem with empty mtd1.
Click to expand...
If it's just fully erased (full of FF in all locations), as it can be on quite old cameras, it will be fine. The program in the newer firmware recognises that.
The main problem with mtdblock1 was when there was a valid content, but the 'status of the last firmware update' was blank, such as cameras originally on 5.2.0 firmware.
The newer firmware treats that as an error condition.
 
Thank you for cooperation, all of 8 cams are updated to 5.4.5 and it seems, that everything is ok.

Is possible to do something with CH NVR DS-7616NI-E2?
 
S474N said:
Thank you for cooperation, all of 8 cams are updated to 5.4.5 and it seems, that everything is ok.
Click to expand...
Excellent! Well done for getting there, and for sharing.
S474N said:
Is possible to do something with CH NVR DS-7616NI-E2?
Click to expand...
Well, the -NI version should be updateable. Is that how it was sold, do you recall?
What makes you think it's CH?
What's the current firmware?
 
Hi, sorry, my mistake. NVR was bought together with cams from CH, but it has serial
DS-7616NI-E2/8P1620150125AARR50xxxxxxWCVU, actual firmware is
V3.0.10 build 141126

It is upgradeable? Which version is newest?
 
S474N said:
It is upgradeable?
Click to expand...
I'd say that the -NI does suggest so.
There are various versions available here : DOWNLOAD PORTAL
I've seen 3.4.97 on a Hikvision Russian site but not tried it (yet).
Normally you'd find out safely if it is actually a CN NVR by trying a web GUI firmware update, and seeing if the firmware is rejected with a 'firmware language mismatch'.
But the risk would be if it is a CN NVR running a seller-installed 'hacked to English' firmware which masquerades the language, the web GUI is OK with the EN/ML firmware, but after reboot the true CN nature of the NVR is exposed and you get the dreaded 15 beep bootloop and the '!!! You bought in China ....' message on the serial console.
So I don't think I can give you a guarantee it would be OK to update.
 
Is some way, which I can look (for example via SSH) if is with NVR manipulated?

Version 3.4.97 I have in new NVR, but there is problem with H.265 and HDMI to TV. That is reason, why Hik delete this FW from their website.
 
S474N said:
Is some way, which I can look (for example via SSH) if is with NVR manipulated?
Click to expand...
On the early firmware (3.0.8) telnet was still available and enabled in the Busybox, but they quickly removed it in later revisions.
I don't recall if it was still available in your 3.0.10 but worth trying.
That early firmware did not fail when running on a CN NVR, such as the 7816N-E2 I bought off Aliexpress way back, and gave EN menus.
Notice that is not a -NI model, these were China models, but the same hardware as the 7600NI-E2
This is an example of the getHardInfo' shell command from then, with language=2 (CN) :
Code: 
Start at 2015-03-30 23:31:53
Serial NO :1620150203AARR503146794WCVU
V3.0.8 build 140825
KernelVersion: V1.0.0 build 140512
dspSoftVersion: V5.0 build 140816
codecVersion: V5.0 build 080808
hardwareVersion = 0xb000
encodeChans = 0
decodeChans = 16
alarmInNums = 0
alarmOutNums = 0
ataCtrlNums = 2
flashsize = 0x10
ramSize = 0x400
networksNums = 1
language = 2
devType:DS-7816N-E2
bootPartition = 2
randomCode =
 
Code: 
[root@dvrdvs hkvs] # getHardInfo
Start at 2017-12-09 18:04:34
Serial NO :1620150125AARRxxxxxxxxWCVU
V3.0.10 build 141126
KernelVersion: V1.0.0 build 140512
dspSoftVersion: V5.0 build 140816
codecVersion: V5.0 build 080808
hardwareVersion = 0xb000
encodeChans = 0
decodeChans = 16
alarmInNums = 0
alarmOutNums = 0
ataCtrlNums = 2
flashsize = 0x10
ramSize = 0x400
networksNums = 2
language = 1
devType:DS-7616NI-E2/8P
bootPartition = 2
randomCode = xxxxxx
 
I saw language=1 and I risked it :)

It is interesing, that this NVR has support for my new 4K cams - they worked.
 
alastairstevenson said:
But the risk would be if it is a CN NVR running a seller-installed 'hacked to English' firmware which masquerades the language,
Click to expand...
Depending on how that has been done, getHardInfo may not tell the whole truth. But the -NI is probably a more reliable indicator.
S474N said:
I saw language=1 and I risked it
Click to expand...

Example - one of my CN 7816 NVRs that shows both languages depending on where you look, due to tweaked firmware.
If I put the stock EN/ML firmware on it I'd get the 15 beep bootloop.
Code: 
alastair@PC-I5 ~ $ telnet 192.168.1.211
Trying 192.168.1.211...
Connected to 192.168.1.211.
Escape character is '^]'.

dvrdvs login: root
Password:


BusyBox v1.16.1 (2016-06-29 13:49:45 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.

psh: applet not found
[root@dvrdvs /root] # getHardInfo
Start at 2017-12-02 11:48:42
Serial NO :1620150203AARR503146794WCVU
V3.4.91 build 161220
softBase:/Platform/trunk:0
KernelVersion: V1.0.0 build 160930
dspSoftVersion: V5.0 build 161208
codecVersion: V5.0 build 161208
hardwareVersion = 0x0
encodeChans = 0
decodeChans = 16
alarmInNums = 0
alarmOutNums = 0
flashsize = 0x0
ramSize = 0x40000000
networksNums = 1
language = 1
devType:DS-7816N-E2
bootPartition = 1
randomCode =
[root@dvrdvs /root] # cat /proc/hkvs/bootpara
====================== BOOT INFO ====================
magicNumber   :0x484b5753
paraChecksum  :0xdb1
paraLength    :0xf4
encryptVer    :0x10000
language      :0x2
device_class  :0x2a
oemCode       :0x1
encodeChans   :0x10
decodeChans   :0x10
ipcChans      :0x0
ivsChans      :0x0
picFormat     :0x2
macAddr     :c0-56-e3-3d-19-5b
prodDate     :32:30:31:35:30:32:30:33
prodNo     :353033313436373934
devHigh       :0x0
cpuFreq       :0x1
dspFreq       :0x1
zone          :0x1
webSupport    :0x1
voipSupport   :0x0
usbNums       :0x2
lcdSupport    :0x0
voNums        :0x2
vganums       :0x2
vtSupport     :0x1
videoMaxtrix  :0x0
extendedDecoder:0x1
extendedIVS   :0x1
extendedAlarmOut:0x0
devType       :0xa17f
ubootAdrs     :0x0
ubootSize     :0x0
ubootCheckSum :0x0
tinyKernelAdrs:0x0
tinyKernelSize:0x0
tinyKernelCheckSum:0x0
==========================================================

[root@dvrdvs /root] #
 
As long as you use Windows within osx all is good to recover, if your trying with osx don't bother wasting your time.

osx is to clumsy to do anything with, but its good for browsing and emails end of.
 
788/5000
I have a DS-2CD2032 camera for over 05 years. 2 years ago, it automatically updated the firmware when I updated the version of IVMS4200.

After the update I could no longer view the images in the browser or ivms4200. ERROR 404 and IVMS4200 language mismatch error appeared in browser. (changed to chines)

Thank you for your patience in elaborating this step by step. I can guarantee it was my salvation.

Today I have the version of fw V5.4.5 build 170123, coding version V5.0 build 170105, web version V4.0.1 build 170117 and plug version V3.0.6.1.

Now I can record again on the IVMS4200 and access the images through the browser. I even managed to register the camera on HIK-CONNECT, which I couldn't before.

Thanks again for the help!

Greetings.

upload_2019-9-29_3-13-42.png
 
  • Like
Reactions: alastairstevenson
I have a about 60 DS-2CD2085FWD-I cameras, and a handful of them are OEM versions. Can I use this method to flash the original Hikvision firmware on the OEM cameras?
 
You must log in or register to reply here.
Top Bottom