alastairstevenson
Staff member
I'm sorry, but I don't have a decryption key for that model of configuration file.
What device is it taken from?
Hikvision IPC DS-2CD2112-I reset
- Thread starter Rein den Hartog
- Start date
What device is it taken from?
alastairstevenson
Staff member
With the caveat that I'm unfamiliar with that specific model - usually a backup configuration file is created using an encryption phrase supplied by the user.
In other words, the file doesn't have a fixed decryption key that can be used to extract the plaintext contents.
In other words, the file doesn't have a fixed decryption key that can be used to extract the plaintext contents.
I've bought a second hand DS-2CD2112-I but the problem is that the seller doesn't know the password anymore.
I've tried the "Hikvision Reset Tool" but this doesn't seem to work. There is also no physical reset button.
According the SADP tool:
Is there some way I can do a factory reset or a way to get the security code?
the "<IP>/System/configurationFile?auth=YWRtaW46MTEK" doesn't give any response.
I've tried the "Hikvision Reset Tool" but this doesn't seem to work. There is also no physical reset button.
According the SADP tool:
- Serial is DS-2CD2112-I0120130408CCRR419639789
- Date 2004-01-12 20:09:51
- Software version V4.0.9 Build 130106
- DSP version V4.0 Build 12128
Is there some way I can do a factory reset or a way to get the security code?
the "<IP>/System/configurationFile?auth=YWRtaW46MTEK" doesn't give any response.
Olá bom dia preciso de ajuda..
Preciso redifinir a senha da minhas Cameras IP do moldelo Ds-2cd2112-i
Mais não consigo extrair o arquivo XmL no SADP ela pedi codigo de verificação. poderia me ajudar
Preciso redifinir a senha da minhas Cameras IP do moldelo Ds-2cd2112-i
Mais não consigo extrair o arquivo XmL no SADP ela pedi codigo de verificação. poderia me ajudar
I have looked at the output file from SADP with several editors, Hex editor, Geany and the like, and searched them for the passwords you gave me, to no avail. I have a friend that was able to determine that the password files stored in VMS are stored at the exact same location in memory, every time and so therefore he could go to that location and look at the data, in HEX, and retrieve any password change. Any chance you'd share what you are doing? Even a clue.
alastairstevenson
Staff member
That XML file from SADP is a password reset request file and does not hold any passwords, just a signed request code.
When processed by a Hikvision system with their private key, creating a response file, the originating camera authenticates that file with the public key and clears the locally stored password.
The configuration files that are exported by the older firmware are reversibly encrypted using a key which can be determined by reverse engineering the firmware, and also subject to a very obvious XOR encode, allowing the password which is stored in plaintext to be exposed.
Normally it should only be possible to export a configuration file if the admin credentials are known - but a serious security vulnerability in many versions of the firmware allows the configuration file to be exported without requiring any credentials.
Hence the admin password - and many other parameters - can be easily found.
