@EMPIRETECANDY Any insight on this slightly newer version V2.800.0000014.0.R.191203 for the 5x3x cameras? Seems like it must be important if they released another version dated one day later....the original 1202 release was listed as an important security fix, so for them to issue another so quickly after there must be some reason behind it.
New Firmware for IPC-HX5X3X-Rhea_MultiLang_PN_Stream3_V2.800.0000013.0.R.191202.zip
- Thread starter EMPIRETECANDY
- Start date
and
Reason behind it might be it was too secure and broke something else that only worked using unorthodox (insecure) programming shortcuts which rely only on obscurity for security OR the initial security patch did not completely secure the exploit/hole - which is why it would be nice if Dahua were more open about what is being patched shut is it:-
1. Dahua's own proprietary closed source code being patched?
2. A driver update/patch from one of Dahua's microchip suppliers that Dahua are passing on to the end user?
3. Or a prepackaged open source Linux code library that Dahua use in their cameras has been patched shut due to a vulnerability and that patch is now being passed to the cameras?
Who has installed the v.14 version of this Firmware? What are your impressions good/bad having installed?
Would love some v.14 release notes like there used to be - one of my older posts on a different discussion thread has some of the really old - but thorough! - Dahua release notes that I managed to find (at the time).
Has anyone found out what security holes are being plugged? Security Holes affecting Dahua's business model (ability to modify firmware images perhaps?) OR Security Holes affecting the end user (allowing remote access / sidestepping login)
I installed it on my HDW5831R-ZE, upgraded from v.13 (1202). So far it seems a little snappier as far as the response time accessing it via web browser, I have some issues with this camera where the live stream is slow to start (has been mentioned in another thread, I'm not the only one who has noticed it). I'm not sure if the newer version fixed something as far as that or if it's just due to the camera being freshly rebooted after the update.
Still not working. I do get a ping every time I reconnect to power. Or reset. I tried holding reset button for more than 3 minutes as well. Anything else I can try? I googled a lot and looks like I ran out of options.
@EMPIRETECANDY response to my e-mail -"The only way is to ship the camera's ball part back. We will fix up it for you. Any update will have the risk to brick the camera. So normally if camera working well, then no need to upgrade it. "
Anyone did this? how was your experience? This could take a month given Chinese new year and shipping times. I request kind folks here to recommend a POE IP camera that I can buy from Amazon in US. Not Dahua of course. I needed 3 more in addition to the one that looks bricked. But will get 1 as immediate replacement (need it quickly) while I try to bring this dead one back. And then decide on rest 2. I am thin on emotional energy to spend time on research to find next one right now. so please suggest something similar to this product. For immediate replacement, I got good budget.
beepsilver
Getting comfortable
FYI I ran a virus scan on this file both before and after extraction....showed one infected file (sonia.zip inside the main zipped file). I used Bitdefender. Malwarebytes found nothing.
That is very worrying - a patch to close a (supposed?) security hole instead comes with a Virus - have you scanned any previous Dahua firmware's? Did any previous Dahua Firmware files show any virus infected files?
I was going to install/try the new 64-Bit version of Dahua's Smart PSS for Windows Software BUT Kaspersky found it had a Virus when I told it to inspect the software files before installation - used to use Norton (for over a decade) which found nothing in the 32-Bit Smart PSS - switched to Kaspersky (from Norton) because I began to suspect that Norton never finds anything (nowadays) and has been somewhat left behind by technological progress - upshot of all that is I wonder if there are (undetected by Norton) Viruses and Trojans lurking in the 32-bit Smart PSS as well?
Has anyone ever scanned the Dahua Firmware for Network Video Recorders????
The implications of all these networked cameras (and possibly NVR's) having firmware with a virus in Sonia from Dahua...............
Where did you download the Dahua Firmware file from?
beepsilver
Getting comfortable
I've scanned other firmware but this was the first time I've found an infected file (don't remember the sites though...probably files Andy has uploaded or linked to). I downloaded this 191203 file from the site posted by 2nd Leaf:
Maybe it was a fluke, but I downloaded it twice and scanned it twice. I didn't try with Windows Defender. Give it a shot and see if Kaspersky catches it.
you might send it to VirusTotal
I ran a sonia.zip I had from one of my downloads that I can't recall where it came from through and this was the results : VirusTotal
(nothing found with the ~ 60 engines that it ran it through there.)
followed the link provided by 2ndleaf to the dahuawiki and downloaded the entire zip.
no issues found there.
pulled the sonia.zip out and ran it
@beepsilver ,
can you confirm if your sonia.zip scan had a hash that matches any of the above I linked to ?
md5: e0c36e97b01ef9fa4c4e9a68d830fa1b
sha1: 311e8187da77e8457611e08561844ebb4aac3e25
sha256: 8e0d8e94d3f30d0ba8bbd81fbddb052e1e7387b841d3a51205b71a27e7b6fc54
granted it's coming back as an encrypted zip and I didn't go through the brain damage to find a key to decrypt it.
you might send it to VirusTotal
I ran a sonia.zip I had from one of my downloads that I can't recall where it came from through and this was the results : VirusTotal
(nothing found with the ~ 60 engines that it ran it through there.)
followed the link provided by 2ndleaf to the dahuawiki and downloaded the entire zip.
no issues found there.
pulled the sonia.zip out and ran it
@beepsilver ,
can you confirm if your sonia.zip scan had a hash that matches any of the above I linked to ?
md5: e0c36e97b01ef9fa4c4e9a68d830fa1b
sha1: 311e8187da77e8457611e08561844ebb4aac3e25
sha256: 8e0d8e94d3f30d0ba8bbd81fbddb052e1e7387b841d3a51205b71a27e7b6fc54
granted it's coming back as an encrypted zip and I didn't go through the brain damage to find a key to decrypt it.
Hmm... unzipped the 191MB firmware (ver.14) download from the link in this thread (which seems to be Dahua USA) Kaspersky found nothing in the unzipped directory of files nor did Kaspersky find anything in the 25MB ".BIN" firmware file that the camera would use to update itself - could not unzip the Sonia file as it is a password protected Zipped sub-directory - so there could be something hiding in the Sonia sub-directory - you have to ask yourself why exactly is the Sonia.zip sub-directory password protected?
Will also have to start submitting files (re 64-Bit smart PSS) to VirusTotal - perhaps fire some firmware's at VirusTotal too
beepsilver
Getting comfortable
I just downloaded it again and this time Bitdefender didn't see any problem....weird, but I'm suspicious. A google search of Dahua Sonia.zip turned up some info about a potential stack overflow problem back in 2017.
I also found the Sonia Overflow Google info - makes you think.
You could calculate the MD5 hash for the last file you downloaded and compare it to the MD5 for the dubious first download - are the files truly identical?
Remote possibility that the first copy was corrupted during download which triggered Bitdefender - corruption could be caused by the type of internet connection coming to your property - supposedly coaxial cable (TV) supplying internet is more susceptible to corrupting files while downloading vs. DSL service on a telephone line - (but Coaxial is way faster than DSL over PoTS) OR slightly mismatched or faulty RAM on the Motherboard could easily corrupt a file especially when you unzip it.
I would sooner trust but verify everything in terms of aggressively looking for Viruses and Trojans in firmware etc. instead of blindly firing firmware updates at hardware that costs money to buy and replace - especially if a virus lurking in a firmware file bricks some pricey hardware.
I digress but Re faulty RAM - actually had some marginally faulty OR incompatible RAM (depends on who I listen to / believe - RAM Manufacturer guaranteed compatibility for my particular Motherboard) that caused pandemonium for a couple of months by slightly corrupting files, also randomly making using the network (CAT5 hardwired) printer not work etc. - and some very odd but subtle faulty camera behaviour following unzipping and applying camera firmware updates using that suspect RAM - RAM would fail memory test at its rated pre-overclocked speed settings stored in XMP profile on the RAM modules but would pass the same memory tests at stock speed but the faults would continue even if the RAM was slowed down to run at stock speed (which is not what I paid extra for) - anyhow got a full refund from Crucial Memory and changed to a different brand of RAM (having almost always bought Crucial RAM with great success) but I note that before I started the refund process Crucial had pulled the particular model of RAM (meaning GB size and speed) I bought from their catalogue and from sale - which speaks for itself.
Last edited:
Oceanslider
Known around here
Andy,
With the IPC-HDW5231R-ZE I just got from you. This new firmware does not seem to control the watermark. I don't see the watermark on the screen in the cameras GUI at all. Or am I doing something wrong? Below is default setting after flashing.
With the IPC-HDW5231R-ZE I just got from you. This new firmware does not seem to control the watermark. I don't see the watermark on the screen in the cameras GUI at all. Or am I doing something wrong? Below is default setting after flashing.
Last edited:
Check to see if it is coming from the overlay - log in to camera GUI - select "video" then "overlay" tab then "channel title" then see if using "Disable" radio button makes a difference?
The "IPC" text should be visible on that page under "input channel title"
I just upgrade my IPC-HDW5231R-ZE to this firmware. (Stupid me forgot the old firmware I was using 
)
Anyway; appears to be working fine but it's irritating how the web UI works on different browsers.
With Pale Moon version 27.0.0 that I still have installed on 1 PC; live view is working fine and all controls are visible below the live view
(Image adjustment, size, Full Screen, W:H, Fluency, Rules Info and Zoom and Focus).
But the most updates versions of Pale Moon (28.8.0), Chrome (79.0.3945.88) and Firefox (71.0) are useless; live view keeps switching to sub stream "for better video playing experience") and only
Zoom and Focus controls are visible on the bottom.
Also; playback is great on the old Pale Moon browser, but the others?
There isn't even a timeline showing below the video, only Play, Stop and volume control, no next frame, fast or slow and very limited download options.
So the only usable way to use the camera is an outdated browser that I don't use for anything else but the camera.
Yeah there's SmartPSS, but I've found the interface on Pale Moon much more usable.
Does anyone else experience this, or is it just me?
)Anyway; appears to be working fine but it's irritating how the web UI works on different browsers.
With Pale Moon version 27.0.0 that I still have installed on 1 PC; live view is working fine and all controls are visible below the live view
(Image adjustment, size, Full Screen, W:H, Fluency, Rules Info and Zoom and Focus).
But the most updates versions of Pale Moon (28.8.0), Chrome (79.0.3945.88) and Firefox (71.0) are useless; live view keeps switching to sub stream "for better video playing experience") and only
Zoom and Focus controls are visible on the bottom.
Also; playback is great on the old Pale Moon browser, but the others?
There isn't even a timeline showing below the video, only Play, Stop and volume control, no next frame, fast or slow and very limited download options.
So the only usable way to use the camera is an outdated browser that I don't use for anything else but the camera.
Yeah there's SmartPSS, but I've found the interface on Pale Moon much more usable.
Does anyone else experience this, or is it just me?
Attachments
I just upgrade my IPC-HDW5231R-ZE to this firmware. (Stupid me forgot the old firmware I was using
Anyway; appears to be working fine but it's irritating how the web UI works on different browsers.
With Pale Moon version 27.0.0 that I still have installed on 1 PC; live view is working fine and all controls are visible below the live view
(Image adjustment, size, Full Screen, W:H, Fluency, Rules Info and Zoom and Focus).
But the most updates versions of Pale Moon (28.8.0), Chrome (79.0.3945.88) and Firefox (71.0) are useless; live view keeps switching to sub stream "for better video playing experience") and only
Zoom and Focus controls are visible on the bottom.
Also; playback is great on the old Pale Moon browser, but the others?
There isn't even a timeline showing below the video, only Play, Stop and volume control, no next frame, fast or slow and very limited download options.
So the only usable way to use the camera is an outdated browser that I don't use for anything else but the camera.
Yeah there's SmartPSS, but I've found the interface on Pale Moon much more usable.
Does anyone else experience this, or is it just me?
Do the missing buttons come back if you use Internet Explorer with the plugin?
Or is everything still missing?
On previous firmware's I had fewer buttons on different browsers - but I think they all came back using IE and Plugin - presume you have memory card in camera for recording and that is what you are playing back?
More critically does IVS still work meaning does it appear in the camera timeline as different coloured marks - different colours to motion detection?
Oceanslider
Known around here
Yes that works. But not the Watermark feature on the GUI page I attached above.
Buttons seem to come back with Internet Explorer, but as you can see in the attached images, using the web UI with IE is even less usable...
Yes. I record IVS/tripwire motion on a memory card in the camera. I also have a Dahua NVR that also records 24/7 but I only use that when the short recordings on the SD-card is not enough.
Well, since the timeline is not visible anywhere but on the old Pale Moon browser; I don't know. But it works fine there.
Attachments
My IPC-T5442TM-AS does this too, on Firefox. Must be a feature since it's a better playing experience
