Hikvision NVR new firmware 3.2.1

[alastairstevenson]

The unwanted Busybox protect Shell (psh).

Could you help me understand how you are running these commands on your NVR?

There are 2 ways -

With firmware that pre-dates Hikvsion's use of psh as the shell. Both my 7816N-E2 NVRs came with 3.0.8 and psh was nowhere to be seen.
I think the firmware version where it was introduced will vary amongst models, but somewhere around 3.0.10 I think. Others may confirm.
The 3.2.1 that started this thread did have psh.

The second way is by modifying the firmware to inhibit it. Which is what I did with the 7816N-E2 3.2.1 firmware, using the really useful Hiktools. Cos I find it interesting to look around inside and see what's going on, learn a few things and maybe help folk out by doing so.
But - this approach is a bit limited on which firmware it can be used on, as the newer Hikvision NVR firmware internal files are encoded or encrypted which makes it resistant to being altered. Until someone figures out the encoding scheme, probably by looking at how the NVR itself decodes the files as opposed to attacking the files themselves.

 

[carpii]

The unwanted Busybox protect Shell (psh).

There are 2 ways -

With firmware that pre-dates Hikvsion's use of psh as the shell. Both my 7816N-E2 NVRs came with 3.0.8 and psh was nowhere to be seen.
I think the firmware version where it was introduced will vary amongst models, but somewhere around 3.0.10 I think. Others may confirm.
The 3.2.1 that started this thread did have psh.

The second way is by modifying the firmware to inhibit it. Which is what I did with the 7816N-E2 3.2.1 firmware, using the really useful Hiktools. Cos I find it interesting to look around inside and see what's going on, learn a few things and maybe help folk out by doing so.
But - this approach is a bit limited on which firmware it can be used on, as the newer Hikvision NVR firmware internal files are encoded or encrypted which makes it resistant to being altered. Until someone figures out the encoding scheme, probably by looking at how the NVR itself decodes the files as opposed to attacking the files themselves.

Thanks Alastair, this is very useful.

Can I just confirm, HIKTOOLS is a 'community' tool, and is not the same thing as Hikvision Tools which they provide on their website?

I've a fair bit of experience of reverse engineering, but right now I'm still not up to speed with the psh shell and obviously Hikvisions firmware format.
I'm hopeful I can get up to speed soon and maybe get to a stage where I can start being productive

 

[alastairstevenson]

Yes, the 'Hiktools' I referred to was the very useful 'hiktools05r1.exe' created free for use by @wzhick and introduced here:
http://www.ipcamtalk.com/showthread...anguage-extract-files-and-create-own-firmware

 

[Killswitch]

Well that flash layout and file system type is different from what I've seen on a 7816N-E2, on which I've used 7616NI firmware. So I'm not able to speak from direct experience of your specific model.
What I'd suggest is grabbing a copy of the listed mtdblocks as a current state backup.
An easy way to do this - if you have a handy network share - is to use the 'storage menu' (I'm assuming this older firmware has one) to define a NAS destination. It doesn't need to be formatted.
If you can do this, the path will show with the mount command. Lets says it's /mnt/nfs00
So:
cd /mnt/nfs00
umount /dev/mtdblock1
cat /dev/mtdblock1 > mtdblock1_save
mount /dev/mtdblock1 /home/hik
cat /dev/mtdblock0 > mtdblock0_save

Hopefully the re-mount won't give an error.

This Hik download site has a rich choice of firmware which appears to be for your model.
http://www.hikvisioneurope.com/port... Firmware/Recorder/DS-7600NI-SE 7600NI-V(VP)/
So far, I've not seen any stability or reliability issues of any consequence with the NVR firmware I've tried.
But they have been different from yours.
On the 7816N, the firmware is just a simple cramfs image (with a header) which is copied straight on to mtdblock2.
Looking at the 3.0.15 version from the site above, it looks like it just holds the 17 files as below:


If you can compare that file list with the running contents of your /home/hik and there is a good match, it may be that a copy of mtdblock1 would be an effective backup of the as-is state of your NVR firmware.
You might also want to take a peek with a Hex editor (eg HxD) at the 'hardware descriptor block' in mtdblock0 (starts with the Hik magic number of SWKH) to see if your language=1 is real, or the product of seller-modified firmware.
The byte is likely to be that at 0x10 relative to the start of SWKH in the hardware descriptor block.

But - here is a warning - sensible advice would be 'if it's not broke, don't fix it'.
You will no doubt have read loads of posts here in this forum of Hikvision owners doing what should be a natural and reasonably safe firmware update, to get bugfixes, security fixes, new functionality etc - but suffering adverse consequences. There is definite risk with attempting firmware updates. I haven't done it to my 'production' NVR, just the one I bought to play with. Though I have done it on cameras, where a bad result even if only temporary has less of a consequence.

PS I don't think your firmware link is correct for your model. The suffixes are confusing and significant. Maybe others with your model can comment.

Thanks a lot for your time putting that together. I tried to create a NetHDD via the config, got a share set and save successful though on the harddrive management page the share is greyed out, so I cant click format. Also, I have the great warning beeps on the NVR. haha

Would it be save in saying that the Firmware that i currently have is the same as the on the link above. So, if the update didn't deliver any positives, I could go back using the one in this link? Or is a backup a must, because I am not having much luck trying to get it to work.

 

[alastairstevenson]

You might also want to take a peek with a Hex editor (eg HxD) at the 'hardware descriptor block' in mtdblock0 (starts with the Hik magic number of SWKH) to see if your language=1 is real, or the product of seller-modified firmware.
The byte is likely to be that at 0x10 relative to the start of SWKH in the hardware descriptor block.

It would be worth checking what the real language is on your NVR before assuming it's the same firmware currently installed as available at that link above. The seller may well have modified it to improve region compatibility.

Also, I have the great warning beeps on the NVR. haha

If you haven't already figured this out - you can turn the alarm off by unticking the NetHDD alarm under 'Exceptions'. To be able to use the 'NAS' storage destination to drop files off (as opposed to it being a recording destination) you don't need to format it. And it probably would not allow that anyway depending on the volume size.
Personally - I would (and did) try to make a backup of what you currently have, to protect against any surprises if you decide to try for an upgrade.

Or is a backup a must, because I am not having much luck trying to get it to work.

What problems are you hitting trying to back up your mtdblocks?

 

[ste92]

Any one tryed 3.3.1 ?

Hello, I'm new I have a big problem with nvr 2: DS - 7604NI - E1 / 4P / A.
nvr with the first version V3.0.10 build 141,126 was registered with the domain of Hikvision and this far everything is fine.
the second nvr with version V3.3.1 build 150422 latest version, does not register domain with Hikvision. I'm using ezviz7! because you can no longer use Hikvision DDNS? I tried in every way I can not find solutions !!

 

[123456]

I upgraded DS-7608NI-ST firmware version V3.3.4 build 150616 Multi-lingual and now I can not connect camera DS-2CD3310D-I Chinese version with modified firmware 5.2.0 Multilinguage, i get error "Language version mismatch";
before upgrading with firmware version v3.0.2 Build 131112 was ok;
how can I do? downgrade?

 

[alastairstevenson]

how can I do? downgrade?

Yes, downgrade to the earlier version that did not implement the camera language checks. Or change the camera region setting - harder.

 

[123456]

Yes, downgrade to the earlier version that did not implement the camera language checks. Or change the camera region setting - harder.

How can I change the region of the camera DS-2CD3310D-I Chinese version with modified firmware 5.2.0 Multilinguage?

 

[whoslooking]

Looks like new versions of the 7800 series are no longer able to be downgraded, and with the new security checks this makes things a little tricky.

 

[reeves1985]

Looks like new versions of the 7800 series are no longer able to be downgraded, and with the new security checks this makes things a little tricky.

I'm sure you can do it!!!!!

I've got a beer waiting patiently for you

 

[wzhick]

Looks like new versions of the 7800 series are no longer able to be downgraded, and with the new security checks this makes things a little tricky.

You're right. There are several reasons.
However, this way is not the only one.

 

[reeves1985]

You're right. There are several reasons.
However, this way is not the only one.

Your such a tease!
Go on give us a clue?

 

[whoslooking]

You're right. There are several reasons.
However, this way is not the only one.

A little help on this one wound be good, Even if its not Public

 

[wzhick]

You must upload the current firmware and make it work. )
All you need - you'll find inside the firmware, hiktools05R1 still can disassemble them.
It will help to create custom firmware based on last version, that will gain access to shell.
Then you change the NVR, so that they way he became multilingual. and began taking English firmware.

 

[whoslooking]

You must upload the current firmware and make it work. )
All you need - you'll find inside the firmware, hiktools05R1 still can disassemble them.
It will help to create custom firmware based on last version, that will gain access to shell.
Then you change the NVR, so that they way he became multilingual. and began taking English firmware.

So we are using 3.32 to make a custom 3.34 as without an newer 7zip we can't as yet open the lmza files in the firmwares??

 

[wzhick]

don't believe your own eyes

 

[thanhkhanhqc]

help me
I have a DVR / NVR DS-7804_E1
I want to upgrade it
but I could not find the firmware
you help me find frimware is not
thank.

- - - Updated - - -

hello
help me
I have a DVR / NVR DS-7804_E1
I want to upgrade it
but I could not find the firmware
you help me find frimware is not
thank.

 

[thanhkhanhqc]

hello whoslooking
I have a DVR / NVR DS-7804_E1
I want to upgrade it
but I could not find the firmware
you help me find frimware is not
I really need

 

[reeves1985]

help me
I have a DVR / NVR DS-7804_E1
I want to upgrade it
but I could not find the firmware
you help me find frimware is not
thank.

- - - Updated - - -

hello
help me
I have a DVR / NVR DS-7804_E1
I want to upgrade it
but I could not find the firmware
you help me find frimware is not
thank.

Is it a N or NI model