Stolen Dahua NVR now online

[keeperofthecode]

Is there a way to figure out the IP address of a stolen Dahua NVR? A customer of mine had a break in a while back where they also took the camera system. Camera system was hidden so we have always assumed it was an ex employee that knew where it was. Fast forward a few months and the customer calls me and says my camera system keeps rejecting my password. So I went and looked and he was putting in the serial number of his old NVR instead of the new one and it actually appears to be online now. After you try a few times it says account locked. Sure would be sweet to bust this thief. I assume he reset the NVR or sold it to someone who reset it and maybe we could trace it back to the thief.

 

[Mark_M]

I wouldn't know how to accomplish this, but there might be an option with WireShark (open source network analysing computer application).

P2P (peer to peer) connection uses a middleman server (Dahua servers) to connect your device to the NVR. Once connected, you are now connected directly to the NVR.
WireShark should be able to sniff the IP address your phone is connecting to for the NVR.

The IP address you would get is the Public IP of the person's router. An IP lookup would tell you the internet provider they are with.
Some lookup websites might be able to give a relative location of where they are.

If you have enough evidence, you can go through the legal system to get the internet provider to release the information of the person in ownership of the internet connection account.
What you need for this is the Public IP address and the date/time of this IP address.
Public IP address change occasionally so this is why it is important to note the date/time.
Internet providers should be keeping a log of it's customers IP addresses. I do not know for how long though.

 

[DanDenver]

When you are trying to logon to the NVR you are entering an IP or a Domain.
You can enter that same info into a reverse lookup engine and learn some basic info about the owner/geographic location/etc
It won’t give you an address but will provide some anecdotal info.

In the end, as mentioned above, you will need a court order to unlock the exact address:

Whois Lookup, Domain Availability & IP Search - DomainTools

Research domain ownership with Whois Lookup: Get ownership info, IP address history, rank, traffic, SEO & more. Find available domains & domains for sale.

whois.domaintools.com

If you know a nefarious developer you could implement a variation of a dos attack. Simply have them write a script that logs onto the NVR every 10 or 20 seconds. Those attempts will fail and will keep the NVR locked up. Next time the current NVR user attempts to log on they will not be able to. A long term plan for sure, but if you are committed beyond a casual interest…