I've done it, persistent root, dropbear, on a 2021 RSA signed firmware
Port : 24
username: dahua
password: passw0rd
Since the "partition" partition isnt verified, ive modified it to split the 32mb romfs partition into two parts.
And changed the mount_cmd's so it will chroot into the second...
So here's something really fun.
The Dahua Firmware Mod Kit can create valid partition images (or the partition-x.cramfs block isnt validated) This is where the bootargs are stored.
You're just not allowed to flash the image with tftp :p
Unpacked the...
Found out you can use https://i.botox.bz/flashcp from Dahua Firmware Mod Kit + Modded Dahua Firmware to flash the nand without ECC badblock problems,
This just means they're using the same key for signing across versions (and models)
Flashed the pd-x.squashfs (mtd4) nanddump from my 2nd camera...
As it turns out, once booted the firmware isnt running any verification, other than verifying the signature of the flash on boot.
So I extracted the filesystem from the identical Dahua branded version of the camera, which you can download the firmware for...
Hello,
Recently got myself a Dahua / IMOU camera, and since I got so much fine information from here I figured i'd give some back.
model: IPC-G42P-IMOU
fw : Eng_P_V2.680.0000000.24.R.20210309
So here's how you can get into a busybox shell on these.
# Step 1
Attach to serial hardware, thanks...