Password Generator program (Windows)
- Thread starter n0fx
- Start date
Tolting Colt Acres
Pulling my weight
- Joined
- Jun 7, 2016
- Messages
- 378
- Reaction score
- 153
I've heard of vendors putting routines in their firmware which allow login based upon an acccount/password generated off the item's mac address. This capability exists in several of my older 3Com switches (see: 3Com 3870). Vendors routinely do this to allow some form of device recovery when the administrative password is not known (e.g. a sys admin changes the password the day he gets fired and refuses to tell you the p/w).
Wouldn't surprise me if Hikvision (and other camera makers) have this capability.
I imagine its a problem if you have people with access to your network.
I'm not concerned about people hacking my security cameras, they are on their own non-routable network and only I have access to it.
Wouldn't surprise me if Hikvision (and other camera makers) have this capability.
I imagine its a problem if you have people with access to your network.
I'm not concerned about people hacking my security cameras, they are on their own non-routable network and only I have access to it.
Last edited:
copex
Getting the hang of it
I wouldn't trust that app as far I could throw it.
It looks like the same thing as this: Hikvision Password Reset Tool
Minus the ability to enter the date (WHICH IS IMPORTANT!) and for some reason the video description claims that the tool requires an internet connection.
It looks like the same thing as this: Hikvision Password Reset Tool
Minus the ability to enter the date (WHICH IS IMPORTANT!) and for some reason the video description claims that the tool requires an internet connection.
Tolting Colt Acres
Pulling my weight
- Joined
- Jun 7, 2016
- Messages
- 378
- Reaction score
- 153
To upload your login details to their server, of course
The tool does have a date entry on it from what I've read. I got this info from IPVM. The author is selling this tool but I'm not going to buy it. So far, I think it only resets DVR/NVR passwords and not cameras. I'll attach the article, as it came out today.
Attachments
How is this news to IPVM?
1) I published a tool for this way back on March 11, 2015 (see thread above linked by @copex). I had developed this by decompiling a command line app some foreign guy had posted elsewhere. It was already out in the wild before that!
2) This password reset method only works on old firmwares! Hikvision replaced the reset method with a more secure one, well over a year ago.
1) I published a tool for this way back on March 11, 2015 (see thread above linked by @copex). I had developed this by decompiling a command line app some foreign guy had posted elsewhere. It was already out in the wild before that!
2) This password reset method only works on old firmwares! Hikvision replaced the reset method with a more secure one, well over a year ago.
That's good to know that they fixed it. I guess IPVM is behind the times and this author is just rebranding free stuff to make a quick buck.
That is how it appears to me. The insanity surrounding all things Hikvision is one of the reasons I stopped buying their stuff years ago!
alastairstevenson
Staff member
Herospeed (firmware developers for Longse/CantonK/Besafe etc) have something like this built into their 7.x series firmware to enable the telnet daemon, which is no longer running by default.
It takes the camera MAC address, the version of firmware installed, does a bit of shuffling, including an XOR with the characters of the word "KCUF" (!).
I assume they have made an app that does the same manipulation so that the challenge to the UserID Lucky787 on HTTP port 787 can be answered.
Then you'd have to know the root password, unless you've cracked the hash you can get from the firmware download.
And all a bit pointless really, as due to poor implementation logic you need none of that to re-enable telnet.
I did chuckle a bit when I looked at that - after buying a Besafe IMX290 varifocal camera and finding telnet access had been removed.
I do like to be able to get inside and have a look around, it gives you a strange feeling when you can't.
bp2008, we had seen your tool but your disclaimer and the comments on the related thread made us believe it did not work with newer / current firmwares. That was our mistake. After a member asked us about it, we tested your tool with the same devices that we tested with the windows one and it worked. Kudos to you and our mistake. We updated the post citing your tool - full IPVM post on the security code here.
Question - did Hikvision ever contact you about the tool? One would think (or at least hope) Hikvision would realize having such tools publicly available would be a security risk and something they would fix.
Question - did Hikvision ever contact you about the tool? One would think (or at least hope) Hikvision would realize having such tools publicly available would be a security risk and something they would fix.
No, they did not.
And somehow it does not surprise me that Hikvision's "fix" for this did not make it to all their product lines.
Mohammad Saif
n3wb
DS-7108HGHI-F10820160806CCWR634674078WCVU
