iVMS4200 QR code decoding

[m3sgal]

I'm curious to know how to decode the QR code generated by iVMS4200 for added devices. Scanning it using the phone QR code reader reveals what appears to be a version text "iVMS42010001" followed by base64 encoded text. I've tried basic base64 decoding without any luck. Anyone has a clue?

 

[Umut]

Try to decode using zlib. You can see cam description, IP and port in plain text. Unfortunately username and password values have another encryption. If I remember correctly you will need an AES key.

 

[m3sgal]

Thank you!

So decoding it using zlib leads to a ";" separated list of one or more devices, each has the format "Description, Type?, IP, Port, Empty?, Username, Password". The port is plaintext, while the description and the IP are base64. The username and password however appears to be encrypted and encoded.

Is it the same AES-128-ECB key used for the configuration file?

 

[deridex]

Thank you!

So decoding it using zlib leads to a ";" separated list of one or more devices, each has the format "Description, Type?, IP, Port, Empty?, Username, Password". The port is plaintext, while the description and the IP are base64. The username and password however appears to be encrypted and encoded.

Is it the same AES-128-ECB key used for the configuration file?

Nope, I just tried
openssl enc -d -in INPUT_FILE -out OUTPUT_FILE -aes-128-ecb -K 279977f62f6cfd2d91cd75b889ce0c9a -nosalt -md md5

And got
bad decrypt
139824360891712:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:610:

I tried to put inside of INPUT_FILE both base64 and raw version off known ciphered texts, but both returned error above.

Here known values:
admin —> ct1m4d7TxSCJH2bHiWjSRA==
hikvision —> QOBjV/vzvbh4MyTDpDlFhQ==

 

[m3sgal]

Yes, it is not the same key. I even tried decompiling the android apk without any luck

 

[Alex Alex]

Hi, I'm looking for the same. Trying to decode the IVMS4200 config. Anyone succeeded?