How to extract .dav firmware files for Hikvision cameras?

[dbroggy]

Hi there,
I'm looking for a way to extract the .DAV firmware file for any of the Hikvision cameras.
This is purely for cyber defender blue team research, nothing nefarious.
I saw some very old posts about using some perl files to extract it but they didn't work for me.
Thoughts?
Or if anyone has already done it can can share the extracted files that would also be helpful.
Thanks in advance.

 

[alastairstevenson]

I'm looking for a way to extract the .DAV firmware file for any of the Hikvision cameras.
This is purely for cyber defender blue team research, nothing nefarious.

As they have continued to develop the firmware, Hikvision have continued to develop the ways they protect the contents.
Over the years, there have been several publicly-released tools developed by researchers to unpack the firmware and decrypt the files within.
Today though, these earlier tools no longer handle the current series of Hikvision firmware, and researchers are no longer releasing newly developed versions into the public domain.

A well-used tool is hikpack by forum member @montecrypto who discovered one of the original Hikvision backdoor vulnerabilities.
The public version is attached.
This still works fairly well on almost all versions of Hikvision NVR firmware, though Hikvision have now blocked it on the most recent releases.

A google search will also find some basic scripts that worked on early version of Hikvision camera firmware, mostly on Github.
See an example attached.

 

[Starglow]

Due to increased cybersecurity threats and government crackdowns, many companies are more closely guarding their firmware to prevent unauthorized modifications and to protect their intellectual property. I've found in some cases you now have to contact the company directly to get firmware updates sent to you and can no longer just download them from a website.

 

[alastairstevenson]

Actually, the best way to safeguard against security vulnerabilities is to open-source software code. It's recognised though that this can be on conflict with the need to protect intellectual property in some cases.
That way, it's open to large-scale public scrutiny which then allows vulnerabilities to be more likely to be discovered and remediated.

Some of the worst vulnerabilities are in code that's kept away from good scrutiny.