[MCR] Hikvision packer/unpacker for 5.3.x and newer firmware

[danosimo]

Actually, I stand corrected. I have a DS-2TP31 (without the B) and I am still not able to get temperature range options. Any ideas?

 

[camkeke]

Is V5.6.6 build 210625 (5.6.x) for IPC-T23xxG-LU and similar models supported?

 

[alastairstevenson]

I don't know.
Does it unpack ok?

 

[hkzxc]

Greetings.

Need some help with compiling a FW for my DS-7608NI-K2. That's K51 platform. FW version 4.72.107.

I've successfully unpacked a firmware file, decrypted and modified the contents of the sys_app.tar.lzma file, but when trying to update the FW using GUI interface from USB stick through local update menu, got "Upgrading failed. Execute program error." window all the time after it tried to unpack all the files from my FW.

What have been tried/checked:
1. Packed with and without version/language/date flags while packing (if those flags were'nt used, GUI don't even tries to start FW unpacking and checking process showing same error window immediately);
2. Decrypted and checked all the MD5's of all the FW files inside new_10.bin and new_20.bin - they match stored values there.
3. For the testing purposes tried to unpack the FW, modified contents of factory non-encrypted file gui_res.tar.lzma, then tried to compile FW update file and yet failed with identical error window.
4. TFTP'ed this FW update file using "192.0.0.128 method". NVR doesn't seems to want to download anything from my local TFTP server at all.
5. Updated FW using the same version file just to make sure it will accept same version over the installed. Accepted and installed.


I'm using Ubuntu and it's build-in GUI LZMA archiver. Although i've modified just a few config files, i got FW file ~2MB smaller comparison to a original FW size (37.6 vs 39.8 Mb).
Is there any steps i'm missing or do i need to look at to make it work?

I happen to have the same requirement: to decrypt a tar.lzma file, repackage it, and then replace the original tar.lzma file. Through reverse engineering, I found that the decryption of the tar.lzma file involves invoking a driver’s ioctl. How should I proceed from here? Do you have any related tutorials I could refer to? Thanks!

 

[brainslayer]

I happen to have the same requirement: to decrypt a tar.lzma file, repackage it, and then replace the original tar.lzma file. Through reverse engineering, I found that the decryption of the tar.lzma file involves invoking a driver’s ioctl. How should I proceed from here? Do you have any related tutorials I could refer to? Thanks!

these files (also the tar.lzma files) are all encrypted in the same way and can be decrypted/encrypted using the hik unpacker if the device is supported since each device has different encryption keys which are stored in the linux kernel. to reverse engineer these keys you need to get the unencrypted kernel which can be obtained by dumping the flash memory