Worlds First Review - Dahua - IPC-Color4K-X / DH-IPC-HFW5849T1-ASE-LED - Full Color 4K Camera
- Thread starter Wildcat_1
- Start date
True. That was not politically correct. Hope the Great Wall blocked that part.Be careful Andy is from Hong Kong, not ChinaHahahaha
I hope he does not start a riot because of my writing while pooring down booze to reset the old years' pricing troubles from his mind.
Sorry about the a bit harsh approach of my msg to my pricing problems. Still, u got the point.
The box I received originated in mainland China. Regardless, I'm completely happy with my purchase from EmpireTecAndy.Be careful Andy is from Hong Kong, not China
Hey @Zak just to clarify, the FW that @EMPIRETECANDY makes available is not 'hacked' this is often times pre-release, beta type of FW that ultimately will make it onto the Dahua download page but he makes available earlier for testing and or ahead of their official release therefore benefiting all of us users and installers here. A lot of this FW are also 'special releases' updated with fixes to bugs or issues that people like myself and others find, report back, work with the Dahua dev teams to fix so there is that benefit too that may or may not make it into general release. I, like others highly recommend Andy for his honesty, transparency and great customer service should you be looking at picking up a couple of units. With that said, I certainly understand that certain projects, installs etc such as certain governments, dark sites, private entities have requirements on manufacturer branded kit and often times from suppliers within region. If its just manufacturer branded you are looking for then Andy may also be able to provide you with the full blown Dahua branded (not white label OEM) based on your requirements BUT you would have to check with him. Lastly, if your requirements restrict you to purchase within region then local dealers or reco's through Dahua UK & Ireland are also another potential source.
UPDATE: For clarity and reference for the US dealer version. The US model number is N85EFN2 with Dahua link to docs HERE. B&H (US dealer) has this for $287.50 for reference, their link is HERE
HTH
Last edited:
We All are completely Happy with Andy, he blows away Any Reseller I have every dealt with. Believe me I can honestly say I have dealt with at least a hundred or more in my lifetime/career, of course not all AV, mainly network equip/supplies.
We are all good, I just get a bit rattled when I see the word "cheap" or "hack" used, sorry. Wildcat_1, along with many others here, are very highly respected, you have stumbled onto a gold mine of knowledge here. We have seen many times Wildcat_1 and others, through their thorough reviews send suggestions back to Andy who directly informs Dahua and they will be added/corrected on the next firmware, which of course most likely ends up in the mainstream market. Stick around, you will be amazed...True. That was not politically correct. Hope the Great Wall blocked that part.
I hope he does not start a riot because of my writing while pooring down booze to reset the old years' pricing troubles from his mind.
Sorry about the a bit harsh approach of my msg to my pricing problems. Still, u got the point.
Hi HTH, thanks for the clarification. Please allow me to speculate a bit.
Combination of China and "special version" just sounds to me a bit suspicious. I do not know Andy in person and therefore I do not know his motives and backgrounds. What "bothers" me a bit is that if he is allowed to get his hand on Beta (or if he can modify code it is more like alpha version = development version) he needs to get the source code, at least most of it. Otherwise he cannot easily/practically change anything else than some database parameters. If he can then it is ... hacking. Because inside of these cameras there is embedded linux and all the code must be complied from the sources I personally think that so deep co-operation with such a small dealer without NDA is improbable and/or suspicious - at least here in Finland where IPs is a big thing (unlike in copy-world of China). If I get a software from another source than the original manufacturer there is always a possibility of "hostile" or unprofessional code. I did not say/mean that Andy is dishonest but to me, as a long term computer/network specialist, I have seen what unprofessional people can do for the software even if they mean good and want only best for the customer.
Lets assume that for the most ordinary people the cameras are connected to LAN without any restricted separate/isolated networks and even without a proper firewalls. In such case if there is only one hole in the security then the whole LAN is wide open. Scary scenario. Beta means always a software which are not finalized and there very often are security holes because it is not checked, only the abilities of that version are in.
I did not by any means to mock Andy. I definitely am going to contact him to see his offer. I just want my cameras to be as secure as possible and get them as cheap as possible.
Your statement about Security holds true for Any Cameras being sold out there, look at what happen to Ring, The "hacks" do not even need to come from the Camera. most home hacks are done easily through the lack of a secure network. I bet I could find an open network within my neighborhood easily. Here you will find Not one of us allow our Cameras Internet access, Camera Rule number 1...as far as written code to gain access to your network, Rule 2, don't allow your Cameras on your private network, which is very easy to do now a days...
But not to pick on Consumer networks, I have seen many, many Business/Enterprise networks with wide open holes. We see major companies getting hacked all the time. I always tell my wife how secure our home Enterprise network is and she laughs seeing all the major Companies/Gov't getting hacked, she has a good point.
Just sniff your network if you feel you may have a hardware intruder trying to "Call Home", many here do this, so far I have not read one message of this happening with the Cams from Andy. Unless Andy is a spy for China in Hong Kong, haha, don't think you have anything to worry about...
But not to pick on Consumer networks, I have seen many, many Business/Enterprise networks with wide open holes. We see major companies getting hacked all the time. I always tell my wife how secure our home Enterprise network is and she laughs seeing all the major Companies/Gov't getting hacked, she has a good point.
Just sniff your network if you feel you may have a hardware intruder trying to "Call Home", many here do this, so far I have not read one message of this happening with the Cams from Andy. Unless Andy is a spy for China in Hong Kong, haha, don't think you have anything to worry about...
@Zak - Personally I think you are looking at this from the wrong way....consider the audience Andy is catering to.
Andy has a great working relationship with Dahua and vice versa. They have a resource in him with connections to people (members in this forum) that try to get every bit out of Dahua cameras as they can. What company would not take advantage of that opportunity to improve their product with real world testing versus testing in Dahua lab? Both in firmware and cameras that Andy has sold before Dahua officially sold them.
Keep in mind that this firmware is coming from Dahua, with tweaks based on our comments. Andy isn't sitting there hacking the code. He provides feedback to the Dahua engineers based on the experiences of those here and they make the modifications and send back to him for us to try. @Wildcat_1 and others such as myself have been put into direct contact with the Dahua employees regarding suggestions or things we have seen in trying to improve these cameras. In some instances you will get the firmware directly from Dahua engineers.
Call it beta testing or whatever, but Andy brings the firmware to members here and that has improved Dahua firmware they provide such as Smart IR, SMD 3.0, etc.
As a consumer, you have the choice to apply these firmware's that Andy provides or not and be part of the testing or not. If you are not comfortable with that, then wait for Dahua to roll it out officially on their website. Choice is yours.
Probably half the cameras I have bought from Andy have come in Dahua boxes with Dahua logos on the cameras and Dahua labeled firmware. If that is something that is important to you, then ask him the cost for providing that. In some instances it might be the same price and in some instances, it may be more.
But keep in mind, EVERY camera brand or manufacturer, has exploit issues. Any IOT for that matter. Best practices is to keep the cameras off the internet regardless of where and who you buy it from.
I would be shocked if anyone here that is testing these firmware mods have their cameras connected to the internet.
He isn't providing this firmware to the average Joe that has no idea how insecure surveillance cameras (all brands) really are. That consumer is going with the plug-n-play Rings, Nest, and Blink scan a QR code and expose their whole network simplicity. Look at the few reviews on Amazon where someone bought a camera from Andy and couldn't get it working (due to their own lack of network understanding on how to change the IP address) and knock him and send the camera back. We get threads here like that all the time. That isn't his intended audience. It is folks like us that are looking for performance and understand that we keep the cameras off the internet.
People here are paranoid in good way about network security, and if there was an issue with these, someone would have found them. People have found other Dahua and Hikvision cameras trying to phone home even when completely isolated from the internet (obviously it tries and fails), but @David L and others employ high end sniffers and other programs to try to find this stuff.
Andy has a great working relationship with Dahua and vice versa. They have a resource in him with connections to people (members in this forum) that try to get every bit out of Dahua cameras as they can. What company would not take advantage of that opportunity to improve their product with real world testing versus testing in Dahua lab? Both in firmware and cameras that Andy has sold before Dahua officially sold them.
Keep in mind that this firmware is coming from Dahua, with tweaks based on our comments. Andy isn't sitting there hacking the code. He provides feedback to the Dahua engineers based on the experiences of those here and they make the modifications and send back to him for us to try. @Wildcat_1 and others such as myself have been put into direct contact with the Dahua employees regarding suggestions or things we have seen in trying to improve these cameras. In some instances you will get the firmware directly from Dahua engineers.
Call it beta testing or whatever, but Andy brings the firmware to members here and that has improved Dahua firmware they provide such as Smart IR, SMD 3.0, etc.
As a consumer, you have the choice to apply these firmware's that Andy provides or not and be part of the testing or not. If you are not comfortable with that, then wait for Dahua to roll it out officially on their website. Choice is yours.
Probably half the cameras I have bought from Andy have come in Dahua boxes with Dahua logos on the cameras and Dahua labeled firmware. If that is something that is important to you, then ask him the cost for providing that. In some instances it might be the same price and in some instances, it may be more.
But keep in mind, EVERY camera brand or manufacturer, has exploit issues. Any IOT for that matter. Best practices is to keep the cameras off the internet regardless of where and who you buy it from.
I would be shocked if anyone here that is testing these firmware mods have their cameras connected to the internet.
He isn't providing this firmware to the average Joe that has no idea how insecure surveillance cameras (all brands) really are. That consumer is going with the plug-n-play Rings, Nest, and Blink scan a QR code and expose their whole network simplicity. Look at the few reviews on Amazon where someone bought a camera from Andy and couldn't get it working (due to their own lack of network understanding on how to change the IP address) and knock him and send the camera back. We get threads here like that all the time. That isn't his intended audience. It is folks like us that are looking for performance and understand that we keep the cameras off the internet.
People here are paranoid in good way about network security, and if there was an issue with these, someone would have found them. People have found other Dahua and Hikvision cameras trying to phone home even when completely isolated from the internet (obviously it tries and fails), but @David L and others employ high end sniffers and other programs to try to find this stuff.
Last edited:
sebastiantombs
Known around here
If you want truly "secure" cameras you'll need to put them on a totally separate network with no physical connection to the internet. In terms of firmware updates and lifespan, exactly how long do you think it will be before a camera you buy today will become outdated and basically useless as a result? I think all the members here have cameras in 720P and lower, as I do, and I certainly don't expect firmware updates for discontinued models of anything from any manufacturer. You're overthinking the whole problem, totally.
Last edited:
Every sw/hw is a risk even if you have coded the software yourself as a professional because the platform itself may be Swiss cheese. But why to take any extra risks with the cameras with unknown "Andy" from China (now ask "Andy" what is his real Chinese name. I am 100% sure that it is not "Andy") ? (Just an example. Still not mocking Andy. Just an example)
I know security holes in my neighborhood. And they now know them too. They do not how to fix them and they do not even care. They have "nothing to lose" or "their family vacation photos does not interest anyone". Their choice. They have been warned.
Whatever gadget it is the hostile code may not be calling home. It may be searching for known/unknown vulnerabilities in other devices in LAN. Maybe some else device is calling home or someone from PD is making a call to you because someone using your IP address have hacked to something important. Or maybe your camera software has just installed a virus to your server and encrypted all your information and demands ransom. By blocking IP from firewall/gateway do not prevent disorderly behaving device for messing up with the subnet. Most of people, even with reasonable knowledge of computing, does not know how to limit traffic inside LAN/subnet.
And also, it is a huge work to secure properly a large home network (like mine with 100+ devices) and when you have done everything right, changing it is another big project. And when you attach to it summer house and parent's security etc. It is a mess. You find yourself to be an extrepreneur completely employed by your own home network. Insane. Then after securing the system tightly it is unflexible and all the other family members look you with a bad eye.
My responsibilities in important corporate networks have been tested by institutions/authorities "too" many times. No security flaws found yet (knock on wood). Major companies get mostly hacked by user negligence. User behavior, laziness and negligence is mostly the reason why corporate networks get hacked.
Sniffing home network is done when I am not sure that everything is in order. I do not want install software or hardware which are not done by the manufacturer because if security hole is detected and software is done by "Andy from China" from who you are going to get a patched version of fw? Manufacturer software is more likely to get the hole fixed than a fw from unofficial source.
Therefore what I recommend to all is that if you are not professional network specialist use only original software, and release version of it. There is always a reason why it is beta and not release.
Last edited:
Maybe overthinking. I would call it rather risk management. Willingness to take a risk.
Still, why to take extra risks with the most valuable asset you have in modern life, Data? Your data or you as a Data.
They say that "Curiosity killed the cat". Why do you install alpha/beta versions from known or unknown sources? Curiosity. "Is this better than the older version? I cannot wait for the official release. I take the risk." Sometimes it pay off, sometimes it hit hard.
But anyway, this all is about Trust. If Andy can provide original branded cameras with original newest official firmware and can promise that I can download original firmware from Dahua in the future too to those cameras until EOL at reasonable price, I will go for Andy. Absolutely. We'll see.
Last edited:
That is not his/her Chinese name. That is what he says is his name and in western alphabets.
Lets not talk anymore about Andy. He is a good and trusted guy obviously. Good for you and good for him.
新年快乐
You can update the firmware on Andy's cameras and NVRs from the respective Dahua and Hikvision websites, thus proving they are real Dahua and Hikvision cameras.
Some people are OCD that way and flash their cameras from Andy with the official Dahua firmware simply so when they log in to the cameras, they see the Dahua logo.
But yes, simply ask him the price for the camera with the Dahua logo and firmware and he can give you price. It may be the same or it may be more.
Some of my cameras I have bought from Andy from his Amazon and AliExpress store come as Dahua cams in Dahua boxes with Dahua logos, and some are not logo'd - I think it depends on how many cameras Andy buys if he gets them with the Dahua Logo or not. But regardless, they are Dahua units. If you get a unit that has Dahua on it, then the camera GUI will say Dahua; otherwise it will simply say IP Camera but looks identical except without the logo. Some of his cameras may come with EmpireTech stamped on them as well.
EmpireTech and Loryta are considered Dahua OEM, just like Amcrest and Lorex and a whole host of other cameras made by Dahua:
Some people are OCD that way and flash their cameras from Andy with the official Dahua firmware simply so when they log in to the cameras, they see the Dahua logo.
But yes, simply ask him the price for the camera with the Dahua logo and firmware and he can give you price. It may be the same or it may be more.
Some of my cameras I have bought from Andy from his Amazon and AliExpress store come as Dahua cams in Dahua boxes with Dahua logos, and some are not logo'd - I think it depends on how many cameras Andy buys if he gets them with the Dahua Logo or not. But regardless, they are Dahua units. If you get a unit that has Dahua on it, then the camera GUI will say Dahua; otherwise it will simply say IP Camera but looks identical except without the logo. Some of his cameras may come with EmpireTech stamped on them as well.
EmpireTech and Loryta are considered Dahua OEM, just like Amcrest and Lorex and a whole host of other cameras made by Dahua:
Zak, as others have told you, you are looking at this from the wrong angle, these firmware's our Testers get are for Camera performance improvements and Not security issues. These firmware's are not even released to us until fully tested and approved by Dahua. I think you need to start at the beginning of this Thread and you will see how Cameras are tested here. This Camera is still very new, you may want to look at other Threads of Camera Tested from Wildcat_1 and others. He post the test videos on YouTube and, in my opinion, are done extremely well.
This is Why Dahua looks very much to our Testers input to improve these Cameras.
EDIT: There is a reason Wildcat_1 labeled this Thread "World's First Review" of this Camera...to save some time you can look at the Bug List from Wildcat_1, these are the firmware fixes/updates we are talking about...
HTH
Last edited:
Mike A.
Known around here
- Joined
- May 6, 2017
- Messages
- 3,837
- Reaction score
- 6,412
Yes, you're overthinking it. I understand your reservations but in this case you really have no more assurance with authorized distributors and the official firmware. As you say, little black Linux boxes that you're dropping inside of your network and it's all full of holes. There are no trustworthy cams. Period. They all should be locked down and segregated to the extent possible. Lots cams from authorized distributors running official firmware do many things that they really shouldn't be doing and need to be updated to fix vulnerabilities that exist,
The cams that Andy sells all can be updated with the official releases from Dahua. That's what comes with most of them. There are some cases where he's provided updated/alternate versions for various reasons (to keep auto-tracking for a PTZ where Dahua removed it as a feature, performance updates for SmartIR and IVS, etc.). Nobody here wants to deal with the hacked Chinese-market cams that can't be updated that we could easily get likely for less elsewhere either.
The cams that Andy sells all can be updated with the official releases from Dahua. That's what comes with most of them. There are some cases where he's provided updated/alternate versions for various reasons (to keep auto-tracking for a PTZ where Dahua removed it as a feature, performance updates for SmartIR and IVS, etc.). Nobody here wants to deal with the hacked Chinese-market cams that can't be updated that we could easily get likely for less elsewhere either.
Agree with and have stated similarly on this board to what others including @Mike A summed up here. You (Anyone) should always take appropriate precautions when working on any aspect involving infrastructure and associated data regardless of manufacturer and product such as global IP/ CCTV security. As @sebastiantombs quite rightly pointed out, securing your infrastructure is key, whether you look at that as simply VLAN configs + appropriate firewall with IDS/IPS setup OR you go fully secure with separate, hardware isolated networks with associated token logged access. Regardless, you should ensure that you are designing, deploying and continually auditing your infrastructure (whether home user or global enterprise) that is appropriate to considered risk factors. With regards to FW, there is always an opportunity that any FW (for any device including most in your home for example) could either have underlying malicious code OR just a back door but similarly even with 'general release' FW this is still a risk thats present whether intentionally or unintentionally, known or unknown. As @Mike A. stated these cams can be upgraded by you to any FW you wish to run (assuming its supported by the camera of course) so you definitely have options from an individual cam perspective on where your comfort zone is. Either way my recommendations are absolutely start with a) a seller/dealer you trust that has great support (for a number of us here thats why we recommend @EMPIRETECANDY as he's proven himself time and time again) and b) absolutely secure your infrastructure (or that of the project / installation you are deploying for) appropriately.
The other inherent benefit you have is that you found this forum where a number of us have intimate knowledge of these cams & FW, pull them apart as part of testing and our professions. Therefore you are in good hands should you have any questions, need help configuring, locking down, tutorials on use or just overall advice on deployment / install.
HTH
fvdwerdt
n3wb
I bought about 12 cameras and 4 NVR from Andy, I live in the Netherlands and the shipping was always a few days. Unbranded cameras and NVR are the same as the branded ones and can be upgraded with official Dahua firmware.
Warranty I believe is two years. If needed the shipping is a little more expensive then local, but you save a lot by buying from him, so who cares. He has - or he did - a taxfree shipping to Europe. Buy from him, it's good.
The Automation Guy
Known around here
Do not let the fact that these cameras are produced in China scare you from using them. There are two levels of "hacking" threats IMHO. The first is the general population like you and me. We primarily have to be worried about our devices "spying" on us (ie sending information back to unknown servers) and our devices being taken over for "bot armies". Both of these threats are effectively eliminated with a properly secure local network which does not allow these devices access to/from the internet. The second level is stuff that governments and large corporations need to worry about. These are targeted and active attempts to break into networks. These are done on high value targets due to the time and cost, so it's not something the average person has to worry about. Yes the US Gov has barred Chinese cameras from being installed at their facilities and with good reason. The rest of this post is from another post that I had previously made. I figured it explained it well enough that I didn't need to rewrite it here.......
"I understand and agree with the Chinese ban for government installations. Don't under estimate the level of digital warfare that is being waged today. Most individuals only need to worry about "data collection" and devices being hacked and used for zombie bots. Large businesses, utility companies and governments need to be worried about much more than that however. As an example, take the Iranian uranium centrifuges that were damaged using a virus even though they were on a "closed network" without internet access. A camera is a perfect trojan horse to get nefarious things onto an isolated (ie no WAN connection) network. The Chinese wouldn't have to figure out how to penetrate a secure government facility to upload something nefarious because we would install it ourselves. Of course that type of attack would be very focused with a specific target in mind. It would be an offensive weapon rather than a "data collector" because without internet there is no way to pass data back. It could be an extremely effective weapon however.
That being said, these are issues that the general public doesn't need to worry about. There is nothing on our home networks that the Chinese are going to "target" with that type of sophisticated attack. That's why I am perfectly fine with running Dahua cameras at my house. Of course they are on their own isolated VLAN without internet access to prevent data collection and zombie bot use, but that should be done regardless of the manufacturer or country of manufacturing."
"I understand and agree with the Chinese ban for government installations. Don't under estimate the level of digital warfare that is being waged today. Most individuals only need to worry about "data collection" and devices being hacked and used for zombie bots. Large businesses, utility companies and governments need to be worried about much more than that however. As an example, take the Iranian uranium centrifuges that were damaged using a virus even though they were on a "closed network" without internet access. A camera is a perfect trojan horse to get nefarious things onto an isolated (ie no WAN connection) network. The Chinese wouldn't have to figure out how to penetrate a secure government facility to upload something nefarious because we would install it ourselves. Of course that type of attack would be very focused with a specific target in mind. It would be an offensive weapon rather than a "data collector" because without internet there is no way to pass data back. It could be an extremely effective weapon however.
That being said, these are issues that the general public doesn't need to worry about. There is nothing on our home networks that the Chinese are going to "target" with that type of sophisticated attack. That's why I am perfectly fine with running Dahua cameras at my house. Of course they are on their own isolated VLAN without internet access to prevent data collection and zombie bot use, but that should be done regardless of the manufacturer or country of manufacturing."
Last edited: