[MCR] Hikvision packer/unpacker for 5.3.x and newer firmware

OK, I've got it from my cam. It's DS-2CD2022WD-I. How can I decrypt it. I can't find what type of firmware it is. Could you help me?

At first glance, it looks like a configuration file, rather than a firmware file. Typically firmware files are in the Megabytes (approx 16MB) not Kilobytes (your files was ~800K.
 
At first glance, it looks like a configuration file, rather than a firmware file. Typically firmware files are in the Megabytes (approx 16MB) not Kilobytes (your files was ~800K.
Yes, it's configuration file. Can you help me to decrypt it?
 
Can you help me to decrypt it?
What makes you think it is encrypted?
Do you know what version of firmware the DS-2CD2022WD-I is or should be running, which this configuration presumably was extracted. At the very least you could look on the base on the camera and tell us what it was once running.
How did you extract this file. Was if from the management web console?
What are you looking for, (or what type of detail) within the file?
Some extra information will help get you where you want to go.
 
What makes you think it is encrypted?
Do you know what version of firmware the DS-2CD2022WD-I is or should be running, which this configuration presumably was extracted. At the very least you could look on the base on the camera and tell us what it was once running.
How did you extract this file. Was if from the management web console?
What are you looking for, (or what type of detail) within the file?
Some extra information will help get you where you want to go.
firmware version is V5.4.1. I've got it with hikcgi.
 
The segfault during decryption in version 2.5 of Hikpack is a bug. It was fixed in 2.6 The current version is 2.8, but the last published was 2.5 I was planning to improve the decryption routine to take a password as an option, and then publish it, but never got to do that. Hikvision improved security in 5.5 and cameras now ask for export password instead of using a default key.
 
Hi There,

if i just extract and pack the dav file again (without modifying) i cant use it anymore. the DVR doen't accept the File. "Missmatch" error.
It is an ANNKE DVR. Maybe the firmware isn't supported?
-
test@ubuntu:~/Desktop/1$ ./hikpack -t k41 -x annke.dav -o dav
Magic : 484b5753
hdr_crc : 00001d1a (OK)
lang_id : 00000001
date_hex: 20150315
devclass: 00000043
File: cramfs.img, CRC OK
WARN: missing new_20.bin trailer file
Extra tail at the end of dav, 29082624 bytes, maybe firmware id?
test@ubuntu:~/Desktop/1$ ./hikpack -t k41 -p dav.dav -o dav
File: cramfs.img, CRC OK
Magic : 484b5753
hdr_crc : 00001d01 (OK)
lang_id : 00000001
date_hex: 20150315
devclass: 0000002a
=== Tail record:
File: new_20.bin, CRC OK
=== Appending extra_tail, 29082624 bytes
-
 
WARN: missing new_20.bin trailer file
Extra tail at the end of dav, 29082624 bytes, maybe firmware id?
That seems to be one of those firmware files that is comprised of 2 similarly-sized but different component parts.
To work with that, you'd need to do some manual work in splitting up the 2 components and tweaking them separately and recombining.
Hikpack doesn't handle that type directly, but may be OK with each component separately.
 
  • Like
Reactions: habeschi
After Extracting i get 3 files.

cramfs.img
dav_extra_trail
dav_header

The cramfs.img contains a "new_10.bin" file.

That seems to be one of those firmware files that is comprised of 2 similarly-sized but different component parts.
To work with that, you'd need to do some manual work in splitting up the 2 components and tweaking them separately and recombining.

How can i do that?
 
How can i do that?
Here is an example of NVR firmware that is composed of 3 parts, the digicap.dav file size is 45.3MB
DVR_K56_K55_K57_OVERSEAS_ML_STD_V3.4.84_Build170626.zip
Using hikpack on the original digicap.dav will only operate on the first section.
When they are split, you can see that each section is valid, and different.

Code:
alastair@PC-I5 ~/cctv/NVRFirmware/3.4.84/DVR_K56_K55_K57_OVERSEAS_ML_STD_V3.4.84_Build170626 $ ll
total 132880
drwxr-xr-x 5 alastair alastair     4096 Sep 23  2017 ./
drwxr-xr-x 3 alastair alastair     4096 Sep 23  2017 ../
-rw-r--r-- 1 alastair alastair 45340160 Jun 27  2017 digicap.dav
-rw-r--r-- 1 alastair alastair 45339560 Sep 23  2017 DVR_K56_K55_K57_OVERSEAS_ML_STD_V3.4.84_Build170626.zip
-rw-r--r-- 1 alastair alastair 14651904 Sep 23  2017 FWpart1
-rw-r--r-- 1 alastair alastair 14656000 Sep 23  2017 FWpart2
-rw-r--r-- 1 alastair alastair 16032256 Sep 23  2017 FWpart3
drwxr-xr-x 2 alastair alastair     4096 Oct  3  2017 part1/
drwxr-xr-x 2 alastair alastair     4096 Sep 23  2017 part2/
drwxr-xr-x 2 alastair alastair     4096 Sep 23  2017 part3/
-rw-r--r-- 1 alastair alastair      139 Sep 23  2017 split.txt
alastair@PC-I5 ~/cctv/NVRFirmware/3.4.84/DVR_K56_K55_K57_OVERSEAS_ML_STD_V3.4.84_Build170626 $ hikpack_2.5 -t k41 -i digicap.dav
Magic   : 484b5753
hdr_crc : 00001cad (OK)
lang_id : 00000001
date_hex: 20150315
devclass: 00000044
File: cramfs.img, CRC OK
WARN: missing new_20.bin trailer file
Extra tail at the end of dav, 30688256 bytes, maybe firmware id?
alastair@PC-I5 ~/cctv/NVRFirmware/3.4.84/DVR_K56_K55_K57_OVERSEAS_ML_STD_V3.4.84_Build170626 $ hikpack_2.5 -t k41 -i FWpart1
Magic   : 484b5753
hdr_crc : 00001cad (OK)
lang_id : 00000001
date_hex: 20150315
devclass: 00000044
File: cramfs.img, CRC OK
Can't read new_20.bin tail
alastair@PC-I5 ~/cctv/NVRFirmware/3.4.84/DVR_K56_K55_K57_OVERSEAS_ML_STD_V3.4.84_Build170626 $ hikpack_2.5 -t k41 -i FWpart2
Magic   : 484b5753
hdr_crc : 00001d7a (OK)
lang_id : 00000001
date_hex: 20150315
devclass: 00000042
File: cramfs.img, CRC OK
Can't read new_20.bin tail
alastair@PC-I5 ~/cctv/NVRFirmware/3.4.84/DVR_K56_K55_K57_OVERSEAS_ML_STD_V3.4.84_Build170626 $ hikpack_2.5 -t k41 -i FWpart3
Magic   : 484b5753
hdr_crc : 00001d5e (OK)
lang_id : 00000001
date_hex: 20150315
devclass: 00000043
File: cramfs.img, CRC OK
Can't read new_20.bin tail
alastair@PC-I5 ~/cctv/NVRFirmware/3.4.84/DVR_K56_K55_K57_OVERSEAS_ML_STD_V3.4.84_Build170626 $
alastair@PC-I5 ~/cctv/NVRFirmware/3.4.84/DVR_K56_K55_K57_OVERSEAS_ML_STD_V3.4.84_Build170626 $ cat split.txt

head -c 14651904 digicap.dav > FWpart1
tail -c 30688256 digicap.dav | head -c 14656000 > FWpart2
tail -c 16032256 digicap.dav > FWpart3


alastair@PC-I5 ~/cctv/NVRFirmware/3.4.84/DVR_K56_K55_K57_OVERSEAS_ML_STD_V3.4.84_Build170626 $
 
  • Like
Reactions: habeschi
Is there any description about how to search the firmware for the HKWS characters. Because i have never done this before.