alastairstevenson
Staff member
I'm admittedly guessing - but on other camera series it was version 5.4.0 that first introduced the 'downgrade block'.However do you think/know if I can take a G0 v5.3.3 back to v5.3.1?
The required command format was in my 'worked example', and you've already used it successfully :But I think we're missing the final commands on how to decrypt the files.
That was just an easy example of how to do the decryption, as 'start.sh' is a script file and so you can easily see it's been decrypted as the resultant contents are readable. There is no reason why you'd need to manually run it.Should I just manually run dec_ start.sh?
In hikpack - it's inside the program that @montecrypto created.And also, where is the encryption key stored ?
ded -d /home/hik/sys_app.tar.lzma /home/app/sys_app.tar.lzma
/bin/tar xaf /home/app/sys_app.tar.lzma -C /home/app/
[root@dvrdvs /root] # ded -h
Usage: ded FILEin FILEout [option]
-e encrypt file
-d decrypt file
-h help
[root@dvrdvs /root] #
Others?But it was a small task to get the others so I am sure others will be also very appreciative.
Sorry. Poor choice of words.Others?
Hi @montecrypto,
Is it possible to make the tool work for G1 platform? Looking at the camera support, it is essentially G0 platform for ML/EN support.
Thanks in advance.
This is how ded works :
Code:[root@dvrdvs /root] # ded -h Usage: ded FILEin FILEout [option] -e encrypt file -d decrypt file -h help [root@dvrdvs /root] #
It's part of the Hikvision NVR firmware, so I doubt if any sources are out there.Hi, Where can I download the sources for the binary ded.bin
It's the way that Hikvision have compressed the files.so I'm wondering if hikpack has a bug with the decryption that only shows at large file offsets, or I have an incompatible library on my computer...
alastair@PC-I5 ~/cctv/NVRFirmware/3.4.62/NVR_K41_BL_ML_STD_V3.4.62_160503/contents $ ll
total 29600
drwxrwxr-x 2 alastair alastair 4096 Nov 3 16:48 ./
drwxrwxr-x 4 alastair alastair 4096 May 18 2016 ../
-rw-r--r-- 1 alastair alastair 7020240 Nov 3 16:48 dec1_sys_app.tar.lzma
-rw-r--r-- 1 alastair alastair 7020240 Nov 3 16:48 dec2_sys_app.tar.lzma
-rw-rw-r-- 1 alastair alastair 2240328 Jan 1 1970 gui_res.tar.lzma
-rw-rw-r-- 1 alastair alastair 616 Jan 1 1970 new_10.bin
-rw-rw-r-- 1 alastair alastair 2840 Jan 1 1970 start.sh
-rw-rw-r-- 1 alastair alastair 7020240 Jan 1 1970 sys_app.tar.lzma
-rw-rw-r-- 1 alastair alastair 3183416 Jan 1 1970 uImage
-rw-rw-r-- 1 alastair alastair 3802552 Jan 1 1970 webs.tar.lzma
alastair@PC-I5 ~/cctv/NVRFirmware/3.4.62/NVR_K41_BL_ML_STD_V3.4.62_160503/contents $ file dec*
dec1_sys_app.tar.lzma: LZMA compressed data, streamed
dec2_sys_app.tar.lzma: LZMA compressed data, streamed
alastair@PC-I5 ~/cctv/NVRFirmware/3.4.62/NVR_K41_BL_ML_STD_V3.4.62_160503/contents $ openssl md5 dec*
MD5(dec1_sys_app.tar.lzma)= 424a628bd6a1d6b2d2fd120a06383c45
MD5(dec2_sys_app.tar.lzma)= 424a628bd6a1d6b2d2fd120a06383c45
alastair@PC-I5 ~/cctv/NVRFirmware/3.4.62/NVR_K41_BL_ML_STD_V3.4.62_160503/contents $
alastair@PC-I5 ~/cctv/NVRFirmware/3.4.62/NVR_K41_BL_ML_STD_V3.4.62_160503/contents $ openssl version
OpenSSL 1.0.2g 1 Mar 2016
alastair@PC-I5 ~/cctv/NVRFirmware/3.4.62/NVR_K41_BL_ML_STD_V3.4.62_160503/contents $
alastair@PC-I5 ~/cctv/NVRFirmware/3.4.62/NVR_K41_BL_ML_STD_V3.4.62_160503/contents $ ll
total 15888
drwxrwxr-x 2 alastair alastair 4096 Nov 3 16:44 ./
drwxrwxr-x 4 alastair alastair 4096 May 18 2016 ../
-rw-rw-r-- 1 alastair alastair 2240328 Jan 1 1970 gui_res.tar.lzma
-rw-rw-r-- 1 alastair alastair 616 Jan 1 1970 new_10.bin
-rw-rw-r-- 1 alastair alastair 2840 Jan 1 1970 start.sh
-rw-rw-r-- 1 alastair alastair 7020240 Jan 1 1970 sys_app.tar.lzma
-rw-rw-r-- 1 alastair alastair 3183416 Jan 1 1970 uImage
-rw-rw-r-- 1 alastair alastair 3802552 Jan 1 1970 webs.tar.lzma
alastair@PC-I5 ~/cctv/NVRFirmware/3.4.62/NVR_K41_BL_ML_STD_V3.4.62_160503/contents $ hikpack_2.5 -t k41 -d sys_app.tar.lzma -o dec_sys_app.tar.lzma
alastair@PC-I5 ~/cctv/NVRFirmware/3.4.62/NVR_K41_BL_ML_STD_V3.4.62_160503/contents $ unlzma --single-stream dec_sys_app.tar.lzma
alastair@PC-I5 ~/cctv/NVRFirmware/3.4.62/NVR_K41_BL_ML_STD_V3.4.62_160503/contents $ file *
dec_sys_app.tar: POSIX tar archive (GNU)
gui_res.tar.lzma: data
new_10.bin: data
start.sh: data
sys_app.tar.lzma: data
uImage: u-boot legacy uImage, Linux-3.4.35_hi3535, Linux/ARM, OS Kernel Image (Not compressed), 3183352 bytes, Tue Jan 5 01:46:33 2016, Load Address: 0x80008000, Entry Point: 0x80008000, Header CRC: 0x09335EB4, Data CRC: 0xF3C1D5DA
webs.tar.lzma: data
alastair@PC-I5 ~/cctv/NVRFirmware/3.4.62/NVR_K41_BL_ML_STD_V3.4.62_160503/contents $ tar -xvf dec_sys_app.tar
hisi/
hisi/modules/
hisi/modules/hi3535_chnl.ko
hisi/modules/hi3535_h264e.ko
hisi/modules/dsp_pin.sh
hisi/modules/mmz.ko
hisi/modules/hi3535_tde.ko
hisi/modules/sysctl_hi3535.sh
hisi/modules/hi3535_base.ko
hisi/modules/hi3535_vou.ko
hisi/modules/hi3535_region.ko
hisi/modules/hi_cipher.ko
hisi/modules/hi3535_sys.ko
hisi/modules/hi3535_vpss.ko
hisi/modules/hi3535_aio.ko
hisi/modules/hi3535_jpegd.ko
hisi/modules/hi3535_rc.ko
hisi/modules/hidmac.ko
hisi/modules/hi3535_ive.ko
hisi/modules/hi3535_vdec.ko
hisi/modules/acodec.ko
hisi/modules/hi3535_hdmi.ko
hisi/modules/hi3535_jpege.ko
hisi/modules/hi3535_vfmw.ko
hisi/modules/hiuser.ko
hisi/modules/clkcfg_hi3535.sh
hisi/modules/hi3535_venc.ko
hisi/modules/hi3535_ao.ko
hisi/modules/hi3535_vgs.ko
hisi/modules/hi_rtc.ko
hisi/modules/hi3535_pciv_fmw.ko
hisi/modules/hi3535_aenc.ko
hisi/modules/hifb.ko
hisi/modules/hi3535_vda.ko
hisi/modules/hi3535_ai.ko
hisi/modules/extdrv/
hisi/modules/extdrv/sil9024.ko
hisi/modules/extdrv/tlv_320aic31.ko
hisi/modules/hi3535_adec.ko
hisi/modules/load3535
hisi/modules/hi3535_pciv.ko
exec/
exec/pppoed
exec/vca_encrypt_3535.ko
exec/iscsi/
exec/iscsi/iscsid
exec/iscsi/initiatorname.iscsi
exec/iscsi/iscsid.conf
exec/sc_hicore
exec/pppoe
exec/ntfs-3g
exec/pppd
exec/bonding.ko
exec/dvrCmd.tar.gz
exec/sc_T1
exec/ptzCfg.bin
exec/master
exec/showlogo
res/
res/ASC16
res/nolink
res/unstreamtype
res/player.zip
res/hiklogo
res/logo.jpg
res/sysVersion.bin
res/noresource
lib/
lib/libmpi.so
lib/libdspjpeg.so
lib/libmem.so
lib/libive.so
lib/libhisdkso.so
lib/libssl.so
lib/libplatform.so
lib/libssl.so.token00000001000000020000020000000001ffffffff0000000200000000.hisi-3535.v1
lib/libtde.so
alastair@PC-I5 ~/cctv/NVRFirmware/3.4.62/NVR_K41_BL_ML_STD_V3.4.62_160503/contents $
alastair@PC-I5 ~/cctv/NVRFirmware/3.4.62/NVR_K41_BL_ML_STD_V3.4.62_160503/contents $ telnet 192.168.1.211
Trying 192.168.1.211...
Connected to 192.168.1.211.
Escape character is '^]'.
dvrdvs login: root
Password:
BusyBox v1.16.1 (2016-06-29 13:49:45 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.
psh: applet not found
[root@dvrdvs /root] # mount
rootfs on / type rootfs (rw)
proc on /proc type proc (rw,relatime)
sysfs on /sys type sysfs (rw,relatime)
udev on /dev type tmpfs (rw,relatime)
devpts on /dev/pts type devpts (rw,relatime,mode=600,ptmxmode=000)
/dev/mtdblock2 on /home/hik type cramfs (ro,relatime)
192.168.1.201:/cctv1 on /mnt/tnfs00 type nfs (rw,sync,relatime,vers=3,rsize=8192,wsize=8192,namlen=255,acregmin=0,acregmax=0,acdirmin=0,acdirmax=0,soft,noac,nolock,proto=udp,port=2049,timeo=7,retrans=3,sec=sys,local_lock=all,addr=192.168.1.201)
[root@dvrdvs /root] # cd /mnt/tnfs00/tmp
[root@dvrdvs tmp] # ll
drwxr-xr-x 2 root root 4096 Aug 27 17:11 dropbear
-rw-rw-rw- 1 503 100 7020240 Nov 3 16:54 sys_app.tar.lzma
[root@dvrdvs tmp] # ded -d sys_app.tar.lzma dec_sys_app.tar.lzma
[root@dvrdvs tmp] # ll
-rwxr-xr-x 1 root root 7020240 Nov 3 16:55 dec_sys_app.tar.lzma
drwxr-xr-x 2 root root 4096 Aug 27 17:11 dropbear
-rw-rw-rw- 1 503 100 7020240 Nov 3 16:54 sys_app.tar.lzma
[root@dvrdvs tmp] # tar -xvf dec_sys_app.tar.lzma
tar: invalid tar magic
[root@dvrdvs tmp] # tar -xaf dec_sys_app.tar.lzma
[root@dvrdvs tmp] # ll
-rwxr-xr-x 1 root root 7020240 Nov 3 16:55 dec_sys_app.tar.lzma
drwxr-xr-x 2 root root 4096 Aug 27 17:11 dropbear
drwxrwxrwx 3 root root 4096 Nov 3 16:57 exec
drwxrwxrwx 3 root root 4096 Nov 3 16:57 hisi
drwxrwxrwx 2 root root 4096 Nov 3 16:57 lib
drwxrwxrwx 2 root root 4096 Nov 3 16:57 res
-rw-rw-rw- 1 503 100 7020240 Nov 3 16:54 sys_app.tar.lzma
[root@dvrdvs tmp] #