NVR Password recovery

Joined
Oct 1, 2018
Messages
7
Reaction score
0
Location
Sheffield
Hello,
I bought a used 2CD2722FWD-IZS on Ebay. There was no admin pwd supplied, and it isn't the default. The seller doesn't know it either, and has apologised and offered a refund. He knows very little about CCTV and didn't know about the passwords. But, he also has the NVR and several other cameras which came from a building being demolished. I've spoken to him by phone, - if I send it back he'll probably give up and bin the lot.

So, I've been reading your 'Alternative way of recovering an NVR password'. The camera firmware is V5.4.3 but I have another one which is V5.2.5 - so vulnerable. In theory I could use that to extract the NVR configuration, and recover the pwd for the NVR and (presumably) all the cameras - if you could decrypt it.

Questions are:
- would you be prepared to do that ?
- my 'other' vulnerable camera is CH (everything else involved is WR), would it emerge this process in English (or Chinese) ?

(I've sent Hikvision Support the export file and requested a password reset for the camera, but I'm not optimistic, and that wouldn't help the original seller)

John
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
I have another one which is V5.2.5 - so vulnerable. In theory I could use that to extract the NVR configuration,
Vulnerable to the Hikvision backdoor - yes, but to extract the NVR password the camera needs to be in an 'Inactive' state. The 5.2.5 firmware just has default passwords, doesn't go to 'Inactive' when reset to defaults.

I bought a used 2CD2722FWD-IZS on Ebay. There was no admin pwd supplied, and it isn't the default.
If that's the camera with the 5.4.3 firmware, it could be used to extract a password from the NVR if the camera is reset to defaults, assuming the NVR has PoE ports.
I don't recall if that camera has a reset button - but re-applying the same firmware using the Hikvision tftp updater will reset to defaults.
The same will apply to the NVR. What model is it, and what firmware version does SADP show for it?
**edit** Just realised you can't answer that if you don't have the NVR.

- my 'other' vulnerable camera is CH
If it has firmware version 5.3.0 or higher (but older than 5.4.5), and you have access to the web GUI, you could reset it to defaults and see if the NVR would activate it. That should change only the camera settings. But I suspect if it's a CN camera the firmware it's older firmware?

- would you be prepared to do that ?
I'd be happy to decrypt and decode a configuration file, it's a quick process.

if I send it back he'll probably give up and bin the lot.
There are various ways to bring Hikvision cameras and NVRs into an accessible state - it would be a waste if it's a useful model.
 
Joined
Oct 1, 2018
Messages
7
Reaction score
0
Location
Sheffield
Hi Alastair, and thanks for the quick response. While reading your comments I realised that I had been assuming that the camera FW was greater than 5.4.5, hence the suggested trick with an older camera. I've no idea why I assumed that because actually, as I said, it's 5.4.3 - so probably vulnerable. So I dug up a POE switch, got an old notebook set to the same ip domain as the cam, and I now have a config file, - attached. Can you decrypt and let me have the pwd ?

The NVR model is DS-7608NI-E2/8P/A (from label pic), but I don't have it so can't apply SADP to get the FWV. I believe it has PoE ports. If it does, and the cams were added using PnP then presumably 'my' password will also apply to the NVR and other cams ?

John
 

Attachments

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
So I dug up a POE switch, got an old notebook set to the same ip domain as the cam, and I now have a config file, - attached.
Well done!

Can you decrypt and let me have the pwd ?
Hold on to your hat - you might laugh a little at this ...
For the camera HIKVISION DS-2CD2722FWD-IZS - 674152874

The password for admin=Passw0rd
 
Joined
Oct 1, 2018
Messages
7
Reaction score
0
Location
Sheffield
Hi Alastair. Just tried it today, and yes it does. And the software has it classified as 'Strong' ! Anyway, thanks very much for the help and decryption. I don't really need any more kit, and I think the owner is going to try to use it at home, although he did tell me he only has an ipad, no PC, which sounds like a struggle to me. He's away at the moment but I'll phone him at the weekend, he'll be pleased too no doubt, and I'll get him sorted out. Cheers. John
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
Excellent, that's a good result.

The current owner will be pleased that you are able to give him what should be a working password.
You could let him know that he could maybe use the NVR with a VGA or HDMI monitor or television.
 
Joined
Oct 1, 2018
Messages
7
Reaction score
0
Location
Sheffield
Yes. He'll need something. I've tried the ipad and Live View doesn't work with the camera, not even a 'download the plugin' message. Can't see how he can zoom without it either. And, no keyboard is a pain, although I see HV do one for megabucks :). I'll let you know what he does.
 
Top