[MCR] Hikvision packer/unpacker for 5.3.x and newer firmware

[leecher]

How I can send you!

i.e. upload it to a 1-click hoster (i.e. depositfiles.com) and send me a private msg with a link to it for instance.

 

[JSnP]

I have a Hikvision video doorbell based on this one: EZVIZ - a global smart home security brand and I'd like to properly unpack the firmware. (V5.2.4)

hikpack seems to unpack them:
hikpack -t r0 -x <file> -o <dir> (or "r1", both seem to work)

Magic : 484b5753
hdr_crc : 00002c82 (OK)
lang_id : 00000001
Date : -00001
version : ffffffff
frm_flg : 5140020021150000011
File: app.img, CRC OK
File: res.bin, CRC OK
File: mcu.bin, CRC OK
File: arc.bin, CRC OK

The res.bin is a jffs file which can be extracted with jefferson. It contains .aac audio files.
I'm stuck on what to do with the larger app.img file. binwalk doesn't extract it (or does so improperly) Any hints?

Also, is this a recognized .dav file format where I could modify contents, repack and use?

samples:

http://usdownload.ezvizlife.com/device/HSDB2/2.0/HSDB2.dav
http://usdownload.ezvizlife.com/device/NDB313-W/2.0/NDB313-W.dav

 

[alastairstevenson]

I'm stuck on what to do with the larger app.img file. binwalk doesn't extract it (or does so improperly) Any hints?

I'm guessing a bit here ...
It looks like a monolithic application program written under eCos RTOS running on a FH8830 Arm SoC. Not the more familiar embedded Linux environment.
eCosPro Developer's Kit
FH8830: 2M/3M High Performance Camera SoC-Shanghai Fullhan Microelectronics Co.,Ltd

 

[iTuneDVR]

http://usdownload.ezvizlife.com/device/HSDB2/2.0/HSDB2.dav http://usdownload.ezvizlife.com/device/NDB313-W/2.0/NDB313-W.dav

Very nice.
Kernel & no more extra code

 

[martin5857]

Could someone do the reupload of hikpack or share a different unpacker, please?

 

[alastairstevenson]

Here attached is the original @montecrypto hikpack_2.5

 

[martin5857]

Here attached is the original @montecrypto hikpack_2.5

Super, thanks!

 

[bugmenot01]

where can i download the hik_repack tool by leecher? looking to unpack some G1 firmware but it doesnt seem to be supported by hikpack_2.5?

 

[alastairstevenson]

Best to send him a PM - he's a forum member.
The tool is good enough that the on-sellers can make good use of it.

 

[Schardt]

Hi! How can I download file digicap.dav from 2CD2332 with 4.5.4?
Thanks!

 

[alastairstevenson]

Hi! How can I download file digicap.dav from 2CD2332 with 4.5.4?

I don't really understand your question - can you explain a bit more?

But see the response in the R0 / DS-2CD2x32 BrickfixV2 brick recovery and full upgrade tool - enhanced. post about how to resolve the problem.

 

[alastairstevenson]

Put pliz decrypted davinci in ELF format from the firmware version 2017 and higher

For which IP camera?

 

[rearanger]

ds-2cd2xx2fwd or from a similar camera.
I want to learn the structure of a new davinci file.
To do this, I need a decrypted davinci file in ELF format from firmware version 2017 and higher ...

Davinci is left decrypted on the cam at runtime , so if you have root/ASH you can copy the elf/disassemble.

 

[HackitZ]

will this latest version hikpack2.5 work to change language on DS-2DE2202-DE3 camera?
camera has V5.3.8 build 150707 firmware, looks like the latest is V5.4.71 build 170407(Released)

the seller sold the camera as north american version. just looked into it and i have the ch in my serial number.
i bought the cameras about 2 years ago.
just playing around to see if it's possible to upgrade the firmware.
tnx

 

[alastairstevenson]

will this latest version hikpack2.5 work to change language on DS-2DE2202-DE3 camera?

hikpack2.5 can be used to change the language in the header of a firmware file, to get the file past one of the early validation checks, but that will not change the language of the camera itself.
If the camera does have CCCH in its serial number, and is Chinese, it will be best to not attempt a firmware update.

 

[StewartM]

Out of interest, if you had a G1 series camera ( v5.6+ firmware) with nonPSH access, would it be possible to downgrade to a much earlier firmware? Other advantages one could leverage with that level of access?

 

[rearanger]

Out of interest, if you had a G1 series camera ( v5.6+ firmware) with nonPSH access, would it be possible to downgrade to a much earlier firmware? Other advantages one could leverage with that level of access?

Unsure of the question. G1 will not downgrade without root/ash or minisys. Downgrading of G0 you would manually copy files accross

You would either repack the digicap.dav and alter header. Or manually copy the unpacked files to the correct partitions.


With ash/root you can do just about anything you want that you can do in Linux.

 

[Hexcode]

Anyone could decode an 5.5.x E3 firmware with leechers tool? Or knows a tool which can do this?

 

[watchful_ip]

Anyone could decode an 5.5.x E3 firmware with leechers tool? Or knows a tool which can do this?

I don't think the AES keys needed are known (at least not to available tools).

With an mtd dump we could derive them, or with a couple of files from the camera, but otherwise not so much. If you have an E3 camera it might be possible via UART though likely not easy these days.

 

[Safetyfirst]

At work now, was planning try those steps when I get home, just don't want to brick it.
Yes its the same nvr see post here: New LaView NVR question

edit:
mission accomplished . it took it over the web interface. upgrading to the latest now

I'm trying to do the same thing in order to get more features, but Is there a dumbed down way to install the Hikvision Firmware for less knowledgeable users?