Search results

  1. M

    Hikvision or other ip cam with temp sensor built in?

    It is very easy to add i2c temp sensor to most cameras. I did that a while ago, but the problem is that your sensor needs to extend outside of camera body (preferably below), otherwise you will be measuring camera temperature, not ambient temperature.
  2. M

    DS-2CD2142 static binaries.

    Good start. You should compile for the target libraries/SDKs though. That will save precious RAM and make binaries more compatible. Here are some SDKs used in hik cameras: R6: gcc-linaro-arm-linux-gnueabihf-4.8-2013.09 G0: arm-hisiv300-linux K51`: arm-hisiv400-linux K41: arm-hisiv100-linux
  3. M

    Backdoor found in Hikvision cameras

    That is what people do out of boredom - look for issues in hikvision websites... here's one: If you want to find out an email address of an ipcamtalk user, type their username into hikvision's password reset form. For example, itunedvr uses @yandex.ru account and one particular Scottish user...
  4. M

    Backdoor found in Hikvision cameras

    Update on the promised March 20 full disclosure date: Per agreement with Hikvision I am delaying the disclosure. Hikvision promised to responsibly disclose and resolve the vulnerability. They are working with ICS-CERT and other organizations, and it is expected that more details will be...
  5. M

    [MCR] R6 EN camera firmware 5.4.5 repack +SSH -PSH +BUSYBOX

    Source firmware: ---------------- IPC_R6_EN_STD_5.4.5_170124 Changes in repacked firmware: ----------------------------- * Full-featured busybox * SSH access enabled * PSH (protected shell) disabled * Dropbear host key persists between reboots * Customizable init script...
  6. M

    Dieter & Fiona

    I see what you did there, Mr. 大中国皇帝. BTW, your customers are not happy, show them some love. :)
  7. M

    [MCR] Hikvision packer/unpacker for 5.3.x and newer firmware

    hikpack alone will not convert cameras into EN. The -L switch only changes the language in the firmware update container ( so you can pack for flashing on both EN and CN cameras). For cameras where language flag is stored in flash (those include R0), you will need to change it there.
  8. M

    Backdoor found in Hikvision cameras

    I guess it is. I have been communicating with Hikvision since I notified them and they have actually been been quite responsive. As for the term "privilege escalation", well, technically they are correct. One can remotely escalate their privileges from anonymous web surfer to admin. :) Upgrade...
  9. M

    [MCR] Hikvision packer/unpacker for 5.3.x and newer firmware

    hikpack 2.5 released
  10. M

    Backdoor found in Hikvision cameras

    There have been rumours... I would like to confirm that there is a backdoor in many popular Hikvision products that makes it possible to gain full admin access to the device. Hikvision gets two weeks to come forward, acknowledge, and explain why the backdoor is there and when it is going to be...
  11. M

    [MCR] Hikvision packer/unpacker for 5.3.x and newer firmware

    New hikpack 2.3 in the OP. The update adds R1 support and ability to decrypt / encrypt saved configuration backup files. You can enable SSH for some cameras by manually editing config backup.
  12. M

    [MCR] Hikvision packer/unpacker for 5.3.x and newer firmware

    iptables -F will not always help. Newer firmware starts/stops dropbear, not just filters the port. Also, you may need a delay when you try to flush iptables rules from init.sh, because the process that sets those rules may not be completely initialized and you flush the rules before they are...
  13. M

    [MCR] Hikvision packer/unpacker for 5.3.x and newer firmware

    curl -T digicap.dav http://admin:password@camera.ip/ISAPI/System/updateFirmware curl -X PUT http://admin:password@camera.ip/ISAPI/System/reboot
  14. M

    [MCR] 76xxNI-Ix K51 NVR 3.4.91 EN firmware repack -PSH +EXTRAS

    This is a repack of NVR_K51_BL_ML_STD_V3.4.91_161220 firmware with the following changes: - bp_read command added (dumps bootparams) - psh is disabled - ssh host key persists between reboots. Hikvision regenerated it upon each reboot, which was extremely annoying. - busybox binary is replaced...
  15. M

    [MCR] Hikvision packer/unpacker for 5.3.x and newer firmware

    hikpack updated -- see OP. Version 2.2 fixes a few bugs including R0 packer issue reported by @alastairstevenson
  16. M

    Dieter & Fiona

    Not genius, but good and very determined. There is a lot of money involved and that evidently creates fierce competition among aliexpress vendors who sell cameras and separately among people who hack them. I have been approached by two sellers (or maybe "sellers") offering a percentage of...
  17. M

    Dieter & Fiona

    Well. you run it. What happens then is: the file decrypts itself using syscalls, then does a series of checks to make sure it is not being debugged. When all checks pass, it decrypts parts of itself again, drops busybox, talks to *.ipc.net, submits camera serial, model id, and bootparams ioctl...
  18. M

    Dieter & Fiona

    That is correct, It uses kernel syscalls directly and you need to run it on a G0 camera. I don't know how THEY do it, but that is actually the easiest part. Thanks to the cluelessness of some coder numpties, there are at least 3 ways to bypass signature checks and two of the three do not need...
  19. M

    Dieter & Fiona

    So, I have just looked more closely at this dieter/fiona thing. Is a patcher application that turns CN G0 camera into EN. I must give credit to whomever wrote the patcher, called ppp -- it is wrapped in a stunningly clean and efficient crypto/obfuscator that appears to be written manually in...
  20. M

    Firmware 5.4.5 for R0, R2, R6

    Wow, look what is included with the 5.4.5 firmware: cat SoftwareLicense.txt Open Source Software Licenses The information in this document applies to IP CAMERA 1. Software Licensed under the GNU General Public License This product includes software licensed under the GNU General Public...
  21. M

    Dieter & Fiona

    -------- dieter 2.10.16 1473645726 fiona ---------- So, which one of you here is Dieter and how hot is Fiona? We need a picture. :) The tagline comes from a hacked 5.4.20 firmware installed on an aliexpress camera.
  22. M

    Hikvision Camera Chinese Hack no more?

    I think it is purely a legal crackdown and it has nothing to do with hardware security. All EMV-enabled cameras that I have access to, including G0, where both firmware and bootloader are signed, are customizable and convertible into English. The G0 signature mechanism is very easy to bypass...
  23. M

    Watchdata EMV chips in R6, G0 and other cameras

    If anybody is wondering how the EMV chip looks, here it is:
  24. M

    Watchdata EMV chips in R6, G0 and other cameras

    So... It turns out that, unlike DVRs and older cameras, newer hikvision cams, including R6 and G0, store its configuration settings in smartcard chips. The chips are made by Watchdata and they run TimeCOS. Basically, your cameras have the same chip as you VISA credit card. That chip stores...
  25. M

    Hikvision to hire 10,000 R&D resources

    Pissed at people trying to fix buggy firmware themselves, Hikvision is hiring 10,000 R&D resources. Rumors say that 5,000 of those will be tasked with replacing the current outdated XOR encryption with double ROT13 and the other half will focus on devising a new encryption scheme that does not...
  26. M

    [MCR] Hikvision packer/unpacker for 5.3.x and newer firmware

    Do it confidently, with a steady hand, while whistling a lively Chinese tune.
  27. M

    [MCR] Hikvision packer/unpacker for 5.3.x and newer firmware

    Yes, G0 platform. The new version of hikpack supports it. Attachment updated in the OP.
  28. M

    [MCR] Hikvision packer/unpacker for 5.3.x and newer firmware

    Yes, but you would also need to patch the kernel and davinci. It is actually easier than that. CN firmware already has EN locale in it,it just need to be enabled/set as default. For the web UI you can actually do that by changing/forcing cookie value in your browser.
  29. M

    [MCR] R6 EN camera firmware 5.4.4 repack +SSH -PSH

    This is a repack of R6 English firmware IPC_R6_EN_STD_5.4.4_161125 with the following changes: * PSH disabled * SSH enabled IPC_R6_EN_STD_5.4.4_161125_mcr.zip — RGhost — файлообменник Enjoy!
  30. M

    [MCR] Hikvision packer/unpacker for 5.3.x and newer firmware

    There are vineyards in Scotland? I was pretty sure you guys had nothing drinkable outside of single malt goodness that most people cannot afford.
Top Bottom