R0 / DS-2CD2x32 BrickfixV2 brick recovery and full upgrade tool - enhanced.

[redstorm666]

But you might want to re-consider the external access - even with the updated firmware, there are considerable risks in allowing access to the whole internet.

You're right, I've already reconsidered my configuration and have configured a secured VPN to access my cams.

My first cam got hacked less than 24h after being exposed on internet (this cam was unused since monthes, I've put it back online 2 days ago with the original 5.3.0 fw).
The 'hacker bot' had access as admin to the cam and the log shows a 'full config export', which means the hacker could have had access to my setup including NAS storage config/credentials etc.. my first reaction was to try to upgrade the fw which resulted in the brick-ification, and my second thought was to move to VPN config to avoid putting such a fragile component in the wild open internet.

Btw, my 2 others cams (another 2CD2032F-I and a 2CD2132F-IS) has been upgraded to 5.4.5 using same process, and same success : thanks again.

 

[alastairstevenson]

Do you think I should try recovery through serial port. Will that help..?

That should certainly help - if you feel able to spend the time and effort on it.

 

[ryanpeiris]

That should certainly help - if you feel able to spend the time and effort on it.

Dear alastairstevenson , As you said it is a lot of effort and a painful process to get the serial connection setup. specially as I did not have the required 1cm connector. So I had to custom make a connector with small wires and a train ticket I followed the guide I think you have done to get the right Rx,Tx,Grd pinouts. Lucky I had serial to USB converter which I used to program a ESP8266. It took almost three hours to complete the whole. It's beautiful to look at the flow of serial communation messages to see what's really happening behind the scene.To be honest I kind of felt sad to break the serial communication after the job is done. For some reason EN boot fix didn't work for me only CN version did. I followed your guide exactly and everything went well beautiful. Now I am proudly on the latest F/W v 5.4.5 build 170123. Finally I was able to configure gmail SMTP relay. I also noticed lots of other improvements too in newer version.

Just two questions
1- For future firmware releases can we follow the same guide ?

2- Is there a way to change the built in Alarm sound to something else ?

I had so much fun doing this.

Finally Thank you so much for sharing this with the community.
+++++

 

[alastairstevenson]

So I had to custom make a connector with small wires and a train ticket

That's ingenious!

It's beautiful to look at the flow of serial communation messages to see what's really happening behind the scene.

I agree it's quite fascinating to see what gems appear in the serial console - you can see the different styles of the various developers.

For some reason EN boot fix didn't work for me only CN version did.

That depends on the original language setting of the camera, the CN one is the most often needed.

Finally I was able to configure gmail SMTP relay. I also noticed lots of other improvements too in newer version.

That's good.

1- For future firmware releases can we follow the same guide ?

It doesn't seem likely that Hikvision will be introducing any more firmware for the R0 series cameras - they have moved on to updated models.
The main purpose of the guide (apart from being able to unbrick bricked cameras) was to permanently change the language of the camera to EN/ML so that 'stock' firmware could be used.
If Hikvision do introduce any updated firmware, there should be no need to do any internal changes, unless they specifically put in measures to block the 'enhanced MTD hack', which would be technically possible. In which case, I suspect an 'updated enhanced MTD hack' might emerge ...

2- Is there a way to change the built in Alarm sound to something else ?

Possibly - but not something I've explored.

I had so much fun doing this.

I can relate to that!
I've enjoyed exploring and understanding the internals of these devices, and using the knowledge to help others.

 

[Bartley69]

Big shout-out to you alastairstevenson! I successfully updated both my DS-2CD2332-I cameras to the latest 5.4.5 direct from 5.2.5 firmware using this v2 method! The only time I faced any trouble was when I kept using the brickfixv2EN.dav and for the love of god I couldn't connect to it in putty. After several attempts I realised all I had to do was use the brickfixv2CN.dav and everything worked flawlessly. Super happy, thank you so much for everything you do around here!!!

 

[alastairstevenson]

successfully updated both my DS-2CD2332-I cameras to the latest 5.4.5 direct from 5.2.5 firmware using this v2 method!

Excellent!
Well done for 'grasping the nettle' and doing this.
Another good result.

 

[Snakeu0]

A big thumbs up to you Alastair, thanks to you, my two DS-2CD3132F-IWS are working again (were in 5.2.5 and resetting frequently)
If it can help, I got the device id before starting the process to update correctly the mtd6ro_mod file
For this model the correct id is 1E98
Very happy to have them working again with secured firmware, i have a beer for you if you come in south of France

 

[alastairstevenson]

Great!
A cold beer would be really good right now.
Like you, we are experiencing unusually hot and dry weather - which is great, until you've had too much of it.

 

[Jmmrr]

Another successfully updated CH - 2CD2432F-IW from 5.25 to 5.45 and working like a charm!!
Biggest problem that I have was TFTP, that nothing happens until after reading the complete post, I change directory path from "ip cam" to "ipcam" with NO SPACE, and starts working.

Big thanks to alastairstevenson!

 

[alastairstevenson]

Another successfully updated CH - 2CD2432F-IW from 5.25 to 5.45 and working like a charm!!

Hey, well done! Another good result.
And thanks for posting about the quirk with the path, that may help others.

 

[alastairstevenson]

i have a beer for you if you come in south of France

I expect it's quite hot where you are just now. It's no longer hot in Scotland, Summer is taking a break.
Several years ago we were on a walking holiday in the Alpes Maritimes, from La Brigue to Menton, loved it. Especially les Villages perches.

 

[cameravietnam]

Can be used on product code DS 7104HGH-F1/N ??

 

[alastairstevenson]

No, that is an NVR, this brickfixV2 method is for R0 series cameras, DS-2CD2x32

 

[candle]

Can be used on DS-2CD2412F-IW ?

 

[alastairstevenson]

Yes, I think so. But you'd need to find out the devType value, I don't think that model is in the example list.
Do you still have telnet access to be able to run the prtHardInfo command?

 

[candle]

My camera is China version.
I have updated it with the latest FW v5.4.5 by using FWTools. Changed lang from '1' to '2'.
SADP shows it as 'Active' with the FW v5.4.5 but the Web UI gets 404 error: firmware language mismatch: /home/webLib

I have thought that i can convert the camera to english version.

 

[candle]

Yes, I think so. But you'd need to find out the devType value, I don't think that model is in the example list.
Do you still have telnet access to be able to run the prtHardInfo command?

I have done it, works perfect!!! Thanks a loot for your hard work!
Updated my camera DS-2CD2412F-IW with the latest FW v5.4.5 in one go.

My devType value: 1198

add it in your: enhanced_mtd_hack.txt

 

[alastairstevenson]

Excellent, really will done!
And many thanks for the useful info, I will add it to the list, when I'm back home.

 

[remy_hik]

Just updated my 2 camera DS-2CD3332-I to the firmware V5.4.5. Worked perfectly. I stopped using my cameras because of the poor firmware and network vulnerabilities.
Thank you so much alastairstevenson!

 

[alastairstevenson]

Excellent! Well done, another good result, and thanks for sharing.