Nice tool.
Back in around 2015 it was reported to Dahua that their hidden password reset tool for the cameras was a little bit insecure - and not well hidden.
Much like the known DVR/NVR tool, it needed the MAC, serial and date.
Only problem was that unlike the DVR/NVR tool where you entered the generated password locally, the cam tool meant entering it via the browser, so via IP.
Main problem with that was that if you had the IP of a cam, then without any auth you could ask it for the date, the serial and its' MAC.
So he who had the cam tool had access to every camera via IP.
Dahua took it out mid 2015.
Just amusing as this vulnerability/tool does much the same thing.
NetKeyboard is just a giant sucky implementation. When you connect the NKB1000 (or others) to a recorder, it never used to do any authentication.
You could control the on screen views without login, change cams and so on all as the local user. This was also reported to Dahua.
I did wonder about the login.local authentication as it looked very suspect and likely to be something ripe for fiddling with.
Fair play to Bahis as ever.
The big problem Dahua have is they are a very inwardly paranoid company.
So whilst they were busy fixing the one problem with the keyboard, no one was looking in other places - in other teams - for where else the sucky implementations might be.
They dont share information as readily internally as a western company does. They just fix the immediate problem and move on.
When these guys first came on the scene with a NVR it was http and plain text passwords.
Regardless of how much cyber security has taken place, this legacy code base in still there, just with sticking plasters on it.
What Dahua should do is bring people like Bahis on board and instead of being so secretive with the private protocol, they need to sign them up to an NDA and let them rip it to shreds.
It's a sticking plaster upon plaster and older code needs removing - not just sidelined.