hikvision proof of concept in qemu virtual machine

trulyone

n3wb
Joined
Mar 8, 2022
Messages
1
Reaction score
1
Location
Staff
Good morning,

I am looking to examine vulnerabilities in hikvision ip cameras which have been well published over the years. I was hoping I could set up something in qemu under debian linux. It doesn't need to emulate all the camera features, just the http interface so I can test the vulnerabilities. To get started I downloaded some firmware files which unzip to give files such as digicap.dav which I can't seem to do much with. I've found reference to some tools, namely hiktools and hikpack. After a lot of googling I found hiktools05R1 which didn't extract anything when I ran it under wine. I can't find a copy of hikpack at all.

Has anyone had success running firmware (any camera model) under qemu for such a purpose, what firmware was it?
Has anyone got pre-extracted firmware or a copy of hikpack which may work?

Any other info greatly appreciated. Thank you

@montecrypto
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
I was hoping I could set up something in qemu under debian linux.
Arguably - that's quite ambitious, but would be an excellent development.

I can't find a copy of hikpack at all
Here is a copy :

To get started I downloaded some firmware files
Which firmware did you download?
The newer the firmware, the more protection is incorporated against modification and analysis.
Most of it is encrypted, though researchers manage to extract the keys.

You might find this of interest :

And this thread may be of interest :
Check out the @bashis PoC for testing the vulnerability.
 

tech_junkie

Getting comfortable
Joined
Sep 2, 2022
Messages
412
Reaction score
417
Location
South Dakota
I would think you use a camera instead of simulating one because buffer overload penetration testing might not be accurate simulating it.
 

natinadaka

Young grasshopper
Joined
Oct 3, 2022
Messages
34
Reaction score
6
Location
USA
I agree that for certain security related analysis (I'm specifically thinking of examining malware running on the device), running on physical hardware would be best since the malware might use detection to see if it is running in a virtual environment as an anti-analysis technique.

You are also correct that when using virtualization, the configuration of the virtualization software is important because virtualization software often lets you turn on/off exposing some of CPU hardware security mitigations.

Other than that, for anything higher level (sounds like the original poster wanted to focus on probing cameras HTTP interface), virtualization should be fine (and is probably preferred).
 
Top