Where Can I Get New Firmware

[rfj]

I am trying to upgrade the firmware of my HikVision cameras using the Brickfixv2 tool. I was looking for new firmware on Firmware. However, I can't find my cameras anywhere. Could it be because they only list US camera models and not the Chinese ones I got from Ebay? These are the cameras I have:

DS-2CD2132-I
DS-2CD3145F-I
DS-2CD2132F-IS
DS-2CD3132-I

 

[fenderman]

I am trying to upgrade the firmware of my HikVision cameras using the Brickfixv2 tool. I was looking for new firmware on Firmware. However, I can't find my cameras anywhere. Could it be because they only list US camera models and not the Chinese ones I got from Ebay? These are the cameras I have:

DS-2CD2132-I
DS-2CD3145F-I
DS-2CD2132F-IS
DS-2CD3132-I

some of those are hacked firmware and you will brick your cameras.

 

[rfj]

Can you tell by the model number if they have hacked firmware? Or is it that you just have to try and either you luck out or you brick the camera? I actually thought Brickfixv2 is addressing exactly that issue but I guess I misunderstood.

 

[fenderman]

Can you tell by the model number if they have hacked firmware? Or is it that you just have to try and either you luck out or you brick the camera? I actually thought Brickfixv2 is addressing exactly that issue but I guess I misunderstood.

Yes you can tell by model number but why bother upgrading the firmware in the first place.

 

[rfj]

I have a couple of cameras that go offline every few days to every few weeks because the password somehow gets reset. I read that some of those cameras have security issues so maybe it's related to that. Hence, I am trying to see if upgrading the firmware will help with this problem.

 

[alastairstevenson]

I was looking for new firmware on Firmware. However, I can't find my cameras anywhere.

For your 3 R0 series cameras, check out ipcamtalk's download section here for firmware : R0 series DS-2CD2x32x-Ixx IP camera firmware
Be aware that in Stage 3 of the brickfixV2 (assuming you are wanting to convert Chinese cameras to EN/updateable) you can't go direct to 5.4.41 but should use 5.4.5 then web GUI update to 5.4.41 - which is the last version available for that series.

I have a couple of cameras that go offline every few days to every few weeks because the password somehow gets reset.

I'd guess that they are being hacked due to security vulnerabilities and being accessible from the internet.
Next time it happens, try 1111aaaa or asdf1234 for the passwords and that will confirm it.

If you have configured 'port forwarding' in your router - best disable that. It presents too big a risk to your LAN, and all the data and devices on it.
Lot's of how-to's and user experiences on the forum on setting up VPN as a more secure method of remote access.

If you haven't configured port forwarding - disable UPnP in the router and all the cameras to stop them opening ports by themselves and letting the entire internet in to your network.

 

[fenderman]

I have a couple of cameras that go offline every few days to every few weeks because the password somehow gets reset. I read that some of those cameras have security issues so maybe it's related to that. Hence, I am trying to see if upgrading the firmware will help with this problem.

Follow Alastairs advice for disabling upnp/port forwarding and you wont need to upgrade anything.

 

[rfj]

@alastairstevenson thanks a lot for your input. I had all ports closed except the ones for BlueIris, HomeSeer and Subsonic which all mapped to the same computer. I figured this leaves only one device (my computer) vulnerable and if I keep it updated (Firewall, Windows updates, Malwarebytes) it should be fairly secure. In contrast, if the VPN gets hacked my entire network is open. But doing some googling it seems port forwarding is less secure. I don't exactly know why, though?!

I was still puzzled how my cameras could be hacked because I didn't open ports for them. Well, UPnP was enabled on my router. Lo and behold, every single camera I have did open ports (and Plex). I turned it off now.

I also disabled all port forwarding and enabled VPN on my Tp-Link Archer. It was super easy and took like 15 minutes with the instructions below. We will so how this VPN thing is working out. Thanks again for the input. I appreciate it a lot. I guess I won't risk updating my cameras now.

Android: How to Setup OpenVPN on TP-Link Routers (Android) | TP-Link
iPhone: How to setup OpenVPN on TP-Link Routers (iOS) | TP-Link

 

[alastairstevenson]

Well done, you've made some worthwhile changes.

 

[tradertim]

@alastairstevenson thanks a lot for your input. I had all ports closed except the ones for BlueIris, HomeSeer and Subsonic which all mapped to the same computer. I figured this leaves only one device (my computer) vulnerable and if I keep it updated (Firewall, Windows updates, Malwarebytes) it should be fairly secure. In contrast, if the VPN gets hacked my entire network is open. But doing some googling it seems port forwarding is less secure. I don't exactly know why, though?!

I was still puzzled how my cameras could be hacked because I didn't open ports for them. Well, UPnP was enabled on my router. Lo and behold, every single camera I have did open ports (and Plex). I turned it off now.

I also disabled all port forwarding and enabled VPN on my Tp-Link Archer. It was super easy and took like 15 minutes with the instructions below. We will so how this VPN thing is working out. Thanks again for the input. I appreciate it a lot. I guess I won't risk updating my cameras now.

Android: How to Setup OpenVPN on TP-Link Routers (Android) | TP-Link
iPhone: How to setup OpenVPN on TP-Link Routers (iOS) | TP-Link

What hackers do is they run port scans on your WAN/ modem address that shows what ports are open with port forwarding.

Happens on the whole internet trillions of times a day on every public IP address.

The way VPN works is the router generates a unique digital certificate, and vpn usually has an authetication user and password embedded into the digital certificate.

The certificate is then applied to vpn clients on the access device e.g. laptop/ phone.
If devices dont have that certificate they can't in theory access your network.

I moved to vpn after having similar issues.
Its been great vpn into your local network & ivms and tinycampro are configured with local ip camera addresses.

I think I wrote a method for VPN setup & posted here search "openvpn".

I updated my chinese cams because I wanted google email access again. The hex process was not too bad.

rgs

 

[rfj]

What hackers do is they run port scans on your WAN/ modem address that shows what ports are open with port forwarding.
<snip>
The way VPN works is the router generates a unique digital certificate, and vpn usually has an authetication user and password embedded into the digital certificate.
The certificate is then applied to vpn clients on the access device e.g. laptop/ phone.
If devices dont have that certificate they can't in theory access your network.
<snip>

I am pretty sure that the ports I opened on the router were not the issue. Actually, for all the ports I have opened I have changed the default settings. This avoids the known default ports and their possible vulnerabilities. My BIG oversight was that I left UPnP enabled so the cameras pocked holes into the router. I didn't realize this until @alastairstevenson pointed it out. It's kind of embarrassing...

As for VPN, some of the modem manufacturers make it so easy to create the necessary certificates. It's ONE click, wait a couple of minutes and it's done. If you know what is involved behind the scene it's pure magic. Ok, I am exaggerating a little but they got it to a point where even my mom could do this. My concern was that if anybody can spoof the certificate then they will get access to all of my computers including accounts, password, etc. Yes, it's harder to get in but the damage will be really bad. Hopefully there are no backdoors that somebody exploited to harvest our data. So for now I am going the VPN route. Thanks again to @alastairstevenson

 

[tradertim]

I am pretty sure that the ports I opened on the router were not the issue. Actually, for all the ports I have opened I have changed the default settings. This avoids the known default ports and their possible vulnerabilities. My BIG oversight was that I left UPnP enabled so the cameras pocked holes into the router. I didn't realize this until @alastairstevenson pointed it out. It's kind of embarrassing...

As for VPN, some of the modem manufacturers make it so easy to create the necessary certificates. It's ONE click, wait a couple of minutes and it's done. If you know what is involved behind the scene it's pure magic. Ok, I am exaggerating a little but they got it to a point where even my mom could do this. My concern was that if anybody can spoof the certificate then they will get access to all of my computers including accounts, password, etc. Yes, it's harder to get in but the damage will be really bad. Hopefully there are no backdoors that somebody exploited to harvest our data. So for now I am going the VPN route. Thanks again to @alastairstevenson

The certificate is generated in a unique form and then encrypted with your unique user and password.

Unless a device has that certificate loaded on it locally, AND knows your vpn (encrypted) user & password they can't gain access.

I think you are good. I've never had problems after implementing this.

Its makes no difference with changing "known ports" on the WAN as port scanning looks for open ports from port 0- all the way up to top end of ports.