Search results
-
R
[MCR] Hikvision packer/unpacker for 5.3.x and newer firmware
original davinci is killed in initrun.sh after decryption/execution by daemon_fsp_app . Then modified davinci is then started up. see below(I did think about patching it while it was an active process in memory, but thought it would be difficult) -
R
[MCR] Hikvision packer/unpacker for 5.3.x and newer firmware
I don't know at this time lol ... the current situation is I have a davinci that is modified for ML on 5.5+ firmware. it works but is injected in a bad way. I do not know what daemon_fsp_app actually does other than unpack. Every firmware version would need that davinci and of course the... -
R
[MCR] Hikvision packer/unpacker for 5.3.x and newer firmware
My current issue at this time is, I cannot repack davinci_bak. if I can do that I can get a method to cleanly making the cam ML. Current modification is messy.(but does work) From what you have said that issue is solved using your new re-pack? (eg davinci_bak can be unpacked and repacked... -
R
[MCR] Hikvision packer/unpacker for 5.3.x and newer firmware
I can go up and down 5.3 all the way to 5.5 manually(and back). by dumping uImage/dav onto the mtdparts. (I have trashed the came a few times lol) Are you saying at certain point of a normal update to 5.5 it would have updated the signature in uboot? And if so I have a 5.3 G0 cam here I could... -
R
[MCR] Hikvision packer/unpacker for 5.3.x and newer firmware
unpack then repack the old way pre 5.5? or manually dump the davinci_bak onto the cam. -
R
G0 5.5+ firmware compiled Binaries/tools & Exploring the Cam
If you use hikpack on davinci_bak there is script attached to the head off the davinci file after you uncompress the lzma. Run the script it will give 2 files davinci and ppp -
R
G0 5.5+ firmware compiled Binaries/tools & Exploring the Cam
Attached uImage and /dav directory from G0 greymarket 5.3.3_150514 Use it with hikpack and remake a ML upgrade / downgrade 5.3.3 or use sec.bin to downgrade 5.5+ Chinese firmware (if you are stuck on Chinese) -
R
G0 5.5+ firmware compiled Binaries/tools & Exploring the Cam
Compiled Binaries binutils gdb gdbserver 8.3 strace Busybox 1.20 (fully loaded) You can gain access to the root by using sec.bin. If you are stuck on Chinese menu's you can roll back using sec.bin and the files from another Chinese hacked cam. (will provide files info at later date) I do not... -
R
hikvison ip cmera latest version v5.5.82_19200 i want to downgrade
try serial via tfftp maybe ssh. works on G0(don't think I did anything special) -
R
[MCR] Hikvision packer/unpacker for 5.3.x and newer firmware
Has anyone got a tool to encrypt and decrypt the davinci file ATTACHED from IPC_G0_CN_STD_5.5.53_180716. davinci_bak was taken from a cam that is running that firmware using shell access. -
R
G0 baremetal app for a limited u-boot ver
If the uImage from IPC_G0_CN_STD_5.4.24_170303 is extracted,loaded and executed with tftp/sec.bin. Then you can gain root access on most/many G0 cams upto firmware IPC_G0_CN_STD_5.5.53_180716. IPC_G0_CN_STD_5.4.24_170303 uImage does not throw you into PSH. (also 5.4.41_170710) -
R
DS-2CD4112FWD-IZ Fails to boot: Uncompressing Linux... unexpected EOF -- System halted
try this tftp 0x80007fc0 uImage go 0x80008000 If it does work change bootm to "bootm 0x80008000" or take bootm out (its not on my G0 cam) On a G0 cam that loads the uImage into correct area. If you attempt to load into 0x81000000 the G0 camera attempts to uncompress but hangs.(I know its not a... -
R
DS-2CD4112FWD-IZ Fails to boot: Uncompressing Linux... unexpected EOF -- System halted
does the uImage not need loaded to 0x80007fc0 and called at 0x80008000?(according to printenv) NOT 0x81000000 Also has the printenv been altered? -
R
G0 baremetal app for a limited u-boot ver
I am unable to get the OP's sec.bin to work. however the ones attached may be of use to someone. sec_hisicon has tftp plus other commands tftp 0x80007fc0 uImage bootm 0x80007fc0 (will load and execute a uImage uncompressed from digicap.dav) sec_yaffs_noETH.bin (no ethernet) Looks like a OLD... -
R
G0 baremetal app for a limited u-boot ver
I want full root with latest firmware. I have not found a solution yet...lol I will post if I get any further. -
R
G0 baremetal app for a limited u-boot ver
Well I have 3 sec bin's here. one drops me into a hisilicon prompt. this is the one I am using currently. -
R
G0 baremetal app for a limited u-boot ver
thanks, will have a little play with them -
R
G0 baremetal app for a limited u-boot ver
yes please to all if you have handy lol -
R
G0 baremetal app for a limited u-boot ver
Dumb stuff that would be simple if i new what i was doing lol. Loaded uImage into correct mem location and executed at correct mem location. Was using "loady" , now using tftp go. loady 0x80007fc0 (uImage y modem transfer) or tftp 0x80007fc0 uImage then setenv bootcmd bootm 0x80007fc0 setenv... -
R
G0 baremetal app for a limited u-boot ver
Yes tried setenv single /debug various variations. Is the password stored on original digicap.dav? Any more ideas how to get ROOT? -
R
G0 baremetal app for a limited u-boot ver
@alastairstevenson now have uImage loading with sec.bin and no ETH But what is zhimakaimen password????? # zhimakaimen AwAAAAAAAAAAAFa0rAM= Password: Incorrect Password. 4 Times Left # 123456789abc '123456789abc' Not Supported, Try 'help' # zhimakaimen AwAAAAAAAAAAAFa0rAM= Password... -
R
G0 baremetal app for a limited u-boot ver
dummy uImage from another digicap.dav(unsure if its crashing) In: serial Out: serial Err: serial Net: No ethernet found. Hit any key to stop autoboot: 0 Wrong Image Format for bootm command ERROR: can't get kernel image! PTSD# loady 0x80007fc0 ## Ready for binary (ymodem) download to... -
R
G0 baremetal app for a limited u-boot ver
The cam I am playing with has an sdcard, I am assuming if kernel is loaded I will have access to it. And can transfer files in and out without ethernet(if I am unable to get ethernet working). Also loady(ymodem) does function in this sec.bin. How do I run the current kernel with sec.bin... -
R
G0 baremetal app for a limited u-boot ver
I have other sec.bin 's with ethernet however they will not load uImage using bootcmd=bootm. None of them will load the kernal. all say the image is Wrong Image Format for bootm command ERROR: can't get kernel image! -
R
G0 baremetal app for a limited u-boot ver
Managed to get a sec.bin to load however I am unable to figure out how to get kernel to load with sec.bin/ptsd also loaded. After loading sec.bin bootcmd=bootm gives an error. bootcmd=loadk works on original boot up sequence. However loadk is not available after loading sec.bin -
R
G0 baremetal app for a limited u-boot ver
Managed to get some extra commands in shell -
R
G0 baremetal app for a limited u-boot ver
with ethernet plugged in , just seems to keep retrying -
R
G0 baremetal app for a limited u-boot ver
I have brought the cam home to play with and "update" by itself does not do much. HKVS # update ETH0: PHY(phyaddr=3, mii) not link! higmac init fail! error: tftp. -
R
G0 baremetal app for a limited u-boot ver
Does uImage contain files? I have installed ARM toolchain on a lubuntu virtual machine. but cannot seem to break uImage down and uncompress it. -
R
G0 baremetal app for a limited u-boot ver
I am trying not to fry the u-boot or the current kernel. What syntax would you recommend for the "update" command ?