Menu
What's new

telnetd for DS-7604NI-E1

F

fatears

n3wb
Joined
Nov 19, 2015
Messages
4
Reaction score
1
Is it possible to get telnetd on Hikvision DS-7604NI-E1 running firmware v3.3.1?
If not, is it possible to downgrade to a version that has telnetd?
 
alastairstevenson

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,963
Reaction score
6,794
Location
Scotland
You'd have install modified firmware to regain that functionality that Hikvision removed.
What do you need to do with the telnet access?
 
F

fatears

n3wb
Joined
Nov 19, 2015
Messages
4
Reaction score
1
Thanks for the reply. I am an experienced UNIX user and would like to poke around a bit. unpack the firmware file, mod, repack and update? what do you recommend?
 
alastairstevenson

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,963
Reaction score
6,794
Location
Scotland
fatears said:
nd would like to poke around a bit. unpack the firmware file, mod, repack and update?
Click to expand...
Unpacking and repacking the firmware is straightforward enough - there are a couple of shared tools already on this forum. And others less publicly available.
But to make a working modified firmware version you also need to deal with the file encryption, obfuscation, and the various anti-tamper and integrity checks and tripwires in the code.

On the tools, for example:
@wzhick 's Windows-based Hiktools was the first, and still works OK on the NVR firmware, as unlike on the cameras, Hikvision have not updated the main protection for many firmware revisions. The public version is not useful above camera firmware version 5.3.0
Hikvision FIRMWARE TOOLS - change language, extract files and create own firmware
Hiktools won't do any decryption / encryption, for the NVR firmware it will strip off the header, leaving a standard cramfs image with encrypted contents, and re-apply a header to a modified cramfs.img from a stock firmware sample.

Then we have a newcomer, @montecrypto 's Linux64-based Hikpack, still developing, that will unpack, pack, encrypt, decrypt many but not all of the existing structures that Hikvision are using.
The cameras have the most variety, and on the newest versions the firmware is RSA code-signed as well as using a variety of encryption and obfuscation methods, with anti-tamper integrity protection in the code.
[MCR] Hikvision packer/unpacker for 5.3.x and newer firmware

To your original question - on the NVR firmware, Hikvision initially just removed the telnet enable in the web GUI, but left it in Busybox. Then they added the Busybox 'psh' restricted shell removing normal command access, even at the serial console. Then they removed even more from Busybox including telnetd.
But if you are curious, and a bit obsessive about getting round these obstacles there are ways and means of overcoming them.
 
alastairstevenson

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,963
Reaction score
6,794
Location
Scotland
fatears said:
Thanks for the reply. I am an experienced UNIX user and would like to poke around a bit. unpack the firmware file, mod, repack and update? what do you recommend?
Click to expand...
I recommend checking your conversations before it self-destructs.
 
You must log in or register to reply here.
Top