The hiktools doesn't work with 2XX5 firmwares
- Thread starter Reme
- Start date
@Reme
Nice to hear that. Hopefully, you'll enjoy the H.265 benefits.
@luanshen
You can try the javascript tip given in a previous post.
Or, much better, @Reme could direct you to the method that consists to modify some web file(s) in Iefile.tar.gz (this plus "hikvision" in your favourite search engine should give you an idea).
@Reme
If my assumption that the firmware is encrypted is correct, to be able to reconstruct the firmware we have to find the decryption key, which is probably a simple passphrase that will be used for encryption too (if firmware is also signed, that could be more complex... but I doubt it is for now).
If you don't mind to dump the entire NAND to an *external* file, compress it and place it on dropbox, maybe we'll be able to find some great stuff.
Be careful that your passwords will be compromised by doing so.
But, for now, enjoy your cameras...
Cheers
Nice to hear that. Hopefully, you'll enjoy the H.265 benefits.
@luanshen
You can try the javascript tip given in a previous post.
Or, much better, @Reme could direct you to the method that consists to modify some web file(s) in Iefile.tar.gz (this plus "hikvision" in your favourite search engine should give you an idea).
@Reme
If my assumption that the firmware is encrypted is correct, to be able to reconstruct the firmware we have to find the decryption key, which is probably a simple passphrase that will be used for encryption too (if firmware is also signed, that could be more complex... but I doubt it is for now).
If you don't mind to dump the entire NAND to an *external* file, compress it and place it on dropbox, maybe we'll be able to find some great stuff.
Be careful that your passwords will be compromised by doing so.
But, for now, enjoy your cameras...
Cheers
Last edited by a moderator:
@Reme
Could you tell me which process listen on port 80 on the camera?
*edit* sorry, you already provided this one: Do you have a module named hikcomm*?
*edit* In fact, I'd like to understand how ISAPI is implemented, which web server does HikVision use?
If anybody knows...
Could you tell me which process listen on port 80 on the camera?
*edit* sorry, you already provided this one: Do you have a module named hikcomm*?
*edit* In fact, I'd like to understand how ISAPI is implemented, which web server does HikVision use?
If anybody knows...
Last edited by a moderator:
alastairstevenson
Staff member
# df
Filesystem 1K-blocks Used Available Use% Mounted on
udev 62116 108 62008 0% /dev
/dev/mtdblock7 92160 13360 78800 14% /dav
/dev/mtdblock9 4096 1680 2416 41% /devinfo
I cat the mtdblock7 files out
https://www.dropbox.com/s/dctga6q0rfo7w7f/temp7?dl=0
# cat /proc/mtd
dev: size erasesize name
mtd0: 00100000 00020000 "bld"
mtd1: 00080000 00020000 "env"
mtd2: 00080000 00020000 "enc"
mtd3: 00080000 00020000 "sysflg"
mtd4: 00100000 00020000 "dpt"
mtd5: 00800000 00020000 "sys0"
mtd6: 00800000 00020000 "sys1"
mtd7: 05a00000 00020000 "app0"
mtd8: 05a00000 00020000 "app1"
mtd9: 00400000 00020000 "cfg0"
mtd10: 00400000 00020000 "cfg1"
mtd11: 01000000 00020000 "syslog"
mtd12: 02080000 00020000 "resv"
Filesystem 1K-blocks Used Available Use% Mounted on
udev 62116 108 62008 0% /dev
/dev/mtdblock7 92160 13360 78800 14% /dav
/dev/mtdblock9 4096 1680 2416 41% /devinfo
I cat the mtdblock7 files out
https://www.dropbox.com/s/dctga6q0rfo7w7f/temp7?dl=0
# cat /proc/mtd
dev: size erasesize name
mtd0: 00100000 00020000 "bld"
mtd1: 00080000 00020000 "env"
mtd2: 00080000 00020000 "enc"
mtd3: 00080000 00020000 "sysflg"
mtd4: 00100000 00020000 "dpt"
mtd5: 00800000 00020000 "sys0"
mtd6: 00800000 00020000 "sys1"
mtd7: 05a00000 00020000 "app0"
mtd8: 05a00000 00020000 "app1"
mtd9: 00400000 00020000 "cfg0"
mtd10: 00400000 00020000 "cfg1"
mtd11: 01000000 00020000 "syslog"
mtd12: 02080000 00020000 "resv"
Thanks to all for the answers.
@Reme
Do you have a file named "davinci.lzma" that can copied (if not locked) to dropbox?
This file is the decrypted version of davinci_bak in our case, (davinvi.tar.gz on some other models).
*edit* FYI, davinci_bak is decrypted side by side by daemon_fsp_app. It should be in /home/process/
*Solved* Thanks @Reme
@Reme
Do you have a file named "davinci.lzma" that can copied (if not locked) to dropbox?
This file is the decrypted version of davinci_bak in our case, (davinvi.tar.gz on some other models).
*edit* FYI, davinci_bak is decrypted side by side by daemon_fsp_app. It should be in /home/process/
*Solved* Thanks @Reme
Last edited by a moderator:
I got stuck with one of these new camera ,
Please help http://www.ipcamtalk.com/showthread...2cd2132-i-unreachable-in-browser-or-SADP-tool
Please help http://www.ipcamtalk.com/showthread...2cd2132-i-unreachable-in-browser-or-SADP-tool