hikvision proof of concept in qemu virtual machine

trulyone

n3wb
Joined
Mar 8, 2022
Messages
1
Reaction score
1
Location
Staff
Good morning,

I am looking to examine vulnerabilities in hikvision ip cameras which have been well published over the years. I was hoping I could set up something in qemu under debian linux. It doesn't need to emulate all the camera features, just the http interface so I can test the vulnerabilities. To get started I downloaded some firmware files which unzip to give files such as digicap.dav which I can't seem to do much with. I've found reference to some tools, namely hiktools and hikpack. After a lot of googling I found hiktools05R1 which didn't extract anything when I ran it under wine. I can't find a copy of hikpack at all.

Has anyone had success running firmware (any camera model) under qemu for such a purpose, what firmware was it?
Has anyone got pre-extracted firmware or a copy of hikpack which may work?

Any other info greatly appreciated. Thank you

@montecrypto
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,130
Reaction score
5,986
Location
Scotland
I was hoping I could set up something in qemu under debian linux.
Arguably - that's quite ambitious, but would be an excellent development.

I can't find a copy of hikpack at all
Here is a copy :

To get started I downloaded some firmware files
Which firmware did you download?
The newer the firmware, the more protection is incorporated against modification and analysis.
Most of it is encrypted, though researchers manage to extract the keys.

You might find this of interest :

And this thread may be of interest :
Check out the @bashis PoC for testing the vulnerability.
 
Top