Search results

(i assume the recent CVE vulnerability will not work on it ) What's the chipset on that camera? i notice it uses uImage . It may let you get root by using a similar method used on the G0 cams.

Check the rj45 cable. I have hikvision cams that reboot due to faulty rj45 run. Switch to a known working cable.

Not really done much with the R series

DS-2CD6xxx系列升级包.zip contains a g3 and g5 firmware ..And is the cam not a 2019 cam ?

There are many methods to get a Chinese cam to run as a European/english cam. You would need full shell access or way to repack firmware or hardware flash. Just get any version of Chinese firmware working on the cam. Then take it from there. Don't get too hung up on the version...

G3 family busybox Fully loaded https://ipcamtalk.com/threads/exploring-the-hik-g3-family-and-maybe-gain-shell.54648/#post-533655

G3 Busybox fully loaded

install fully loaded busybox. or cat > /etc/passwd (add a script to make permanent if its for root)

i Pm'd regarding having 2 admins. Also there are security issues in the web gui. You can get it to alter the ipc_db in ways that it should not allow. (i only stressed tested it to see if it would allow root access.) Certain functions and restriction regarding users can be overridden from the...

the gland unscrews, you can buy blanker plugs.

also has files referencing hisilicon hi3518e chipset. R2 is supported in leechers / other unpacker , but it does not unpack this digicap.dav. The keys/encryption is different.

i binwalked it cause i have no style lol Have you reversed it yet too see if you can snag the keys? lol

keys are normally in davinci for decryption. You davinci in the .bin looks like a standard elf file (some davinci's are called davinci_bak) Yours is a straight elf file by the looks of it. Usually the keys are in there for decrypting the digicap.dav i ran a quick hex edit on the the davinci...

Platform id is 136 unsupported Were did you get the .bin file from ? Have you got root on the cam? if you have root/access to davinci/deamon_fsp then you can pull the keys from it.(there is a davinci in that bin file you posted)

That file does not look like ait has a hikvision header....

Teaser lol - There is python script unpacker and an updated C source code unpacker (not by leecher) out there. Most cams can now be unpacked. G5 and some E/H series cams cannot yet be unpacked.(no keys)

You can dump it on the cam if you do not have sdcard, but you will need to clear space.

just use a script to copy it across or install from the sd card. think there is an old montecrypto repacked digicap.dav in the forum.

There are many ways. you could edit the user file, you can actually have multiple admins in the user file.(there is a database containing web gui users/admin info)

Has anyone got the keys or root shell on the E ,H or G5 series cams. Please DM me.

Your "P" user is deleted on my cam after a system reboot so does not really matter about having multiple entries in the password file. The cam also seems to handle the duplicate entries ok.

its ok got a fully loaded busybox

Anyone got a fully loaded G3 busybox???

Unsure , kept asking me for a password. bypassed the already pawned check.

The python script does not let me logon to shell after the first attempt. Had to alter the script to get it to let me login to shell repeatedly. Not played with it much yet lol Well done @bashis

NO author does not want it shared

Shell access can be had and and decryption keys can be accessed . None of the info will be released -

G3 startup

Test cam DS-2CD2346G2-ISU/SL latest firmware u-boot log i have not tried setenv variables "go." works

You do not need any packer to change the firmware , you only need shell / root on the cam.