V5.2.5 build 141201 should I upgrade

[Pico]

Camera Model: DS-2CD2032-I
Firmware version: V5.2.5 build 141201
encoding version: V5.0 build 140714

Just did some research and saw that my serial number has "CCCH" in it which means its a grey market.
New the price was too good to be true.

Anyway I have had these cameras for 2 years now and they are great (considering grey market).
Was looking at applying a firmware upgrade and saw all the issues for grey market products to watch out with language changing to chinese. Lucky me now.

I have done lots of reading so I think I could pull off the upgrade but I wanted to post this out here first just in case I missed something in my reading and get other peoples opinions.

Things i need to watch out for:
1) I have to go to V5.3 first is that right?
2) I will have to hack 5.3 to work in english??? not sure
3) Once I have 5.3 working in english I then can upgrade to 5.4??
4) will I need to hack 5.4 to english too?

Best guide for 5.3 & 5.4 language hack/changes??

 

[sofducas]

same questions here....
Except the latest fix the vulnerability ... what are the benefits of those new firmware? Can someone tell us what brings the 5.3, 5.4 and so on?
The Hikvision does not tell exactly what this is about.
New features? New functions? Bug fixed?
Thanks.

 

[alastairstevenson]

1) I have to go to V5.3 first is that right?

If the camera is a China market camera running 'hacked to English' firmware, an EN/ML firmware update is likely to result in a bricked camera.
To get to 5.3. and up, for example to deal with the 'hikvision backdoor' (5.4.41) or get the improved user interface, you'd have to do the 'enhanced mtd hack'.
Hikvision DS-2CD2x32-I (R0) brick-fix tool / full upgrade method / fixup roundup.

 

[Pico]

If the camera is a China market camera running 'hacked to English' firmware, an EN/ML firmware update is likely to result in a bricked camera.
To get to 5.3. and up, for example to deal with the 'hikvision backdoor' (5.4.41) or get the improved user interface, you'd have to do the 'enhanced mtd hack'.
Hikvision DS-2CD2x32-I (R0) brick-fix tool / full upgrade method / fixup roundup.

hi, i have seen your post and I plan to go ahead with it. Just a question on your guide.
As i haven't done the upgrade yet I dont need to to the chinese to english hack at all right?
Also, what part of your guide do I need to follow to allow the upgrade to occur without triggering the chinese language issue?

Do i need to apply the 'enhanced_mtd_hack.txt' process to allow the upgrade to occur and if so do i go to 5.3 first and then 5.4 and then 5.5 which is the latest on the web site??
Once i do the 'enhanced_mtd_hack.txt' will it be a seamless upgrade from there on in?
Just want to prepare myself. Appreciate your post and your guide, its very helpful thank you.

 

[alastairstevenson]

As i haven't done the upgrade yet I dont need to to the chinese to english hack at all right?

No, that would have been needed if you'd had to use the 'downgrader' to get to 5.2.5 But you are already on 5.2.5

Also, what part of your guide do I need to follow to allow the upgrade to occur without triggering the chinese language issue?

Just the 'enhanced mtd hack. No need for the brick-fix tool, as there is no Catch-22 bricked situation after trying 5.4.0 or higher.
But also check the contents of mtdblock1 at locations 0x0C and 0x8000C If they are 0 - change them to 2. THis is mostly for cameras that started with the 5.2.8 firmware as shown on the label.

Once i do the 'enhanced_mtd_hack.txt' will it be a seamless upgrade from there on in?

Yes, but don't skip the intermediate versions - 5.2.5 to 5.3.0 to 5.4.0 to 5.4.5

 

[Pico]

verifying my urls for firmware:
5.3.0 - Hangzhou Hikvision Digital Technology Co. Ltd.
This says english and not multi language. Should I be looking for multi language over english? IPC_En_V5.3.0 150513 (2XX2)

5.4.0 - Hikvision USA
same question as above around english or ML? (IPC - DS-2CD2x12,2x32_Firmware_v5.4.0_160530)

5.4.5 - Hangzhou Hikvision Digital Technology Co. Ltd.
(IPC_ML_V5.4.5 170123 (2XX2) This says ML for multi language.

Appreciate the help, thank you.

 

[alastairstevenson]

Should I be looking for multi language over english?

It's up to you. Do you need multi-language menus, menus in other languages as well as English?

verifying my urls for firmware:

You can conveniently get them all in one place here : DOWNLOAD PORTAL

 

[Pico]

It's up to you. Do you need multi-language menus, menus in other languages as well as English?


You can conveniently get them all in one place here : DOWNLOAD PORTAL

thank you for the guide and I gave this a try but got stuck so I'm holding fast before proceeding. I think the road blocks I have may been down to tools as you suggest to use HxD and I am using iHex (Mac equivalent) tool for this. I don't think that should matter but it may be the reason why.

I have exported the mtdblock6 successfully. (the original process said to export file 5 & 6 but your instruction says to just get 6. Is my understanding correct?)

I have my dev type: 38932 - which I have calculated to be '9814' in hex. so the correct order would be 14 98???

I have uploaded mtdbblock6 to my iHex editor.
I can change '0X10' to '0x01'. all good and feeling goof so far.
Then the devtype and hex catches me out.
at position 0x64 and 0x65 i have FF 98.
Do i replace FF with 14 and 98 stays the same? I think i have it right but just want to check.

Lastly the check sum at position 0x04 and 0x05.
Do I start the checksum from location 0X09 but how far down do i go? is it all the way to the end before all the FF FF FF FF starts? Or do i start at the first data point and highlight up to the last entry before all the FF FF FF start??

just an update i downloaded Had for windows on a windows machine. got the checksum results all good now but not sure when i select the data in the hex editor how much of it do i select to do the checksum on? is it from the first data point to the last before all the FFFF?

If my checksum is F808 does that mean in point 0x04 i would put 08 and in point 0x05 i would put F8??

I think thats it. If i can get these steps confirmed I'm all set to go and try make these changes

 

[alastairstevenson]

your instruction says to just get 6. Is my understanding correct?

Yes, that's correct.

I have my dev type: 38932 - which I have calculated to be '9814' in hex. so the correct order would be 14 98

Correct again.

at position 0x64 and 0x65 i have FF 98.
Do i replace FF with 14 and 98 stays the same?

Yes, that is correct.

Do I start the checksum from location 0X09 but how far down do i go?

You go down 0xF4 bytes in hex - that is 244 in decimal.
In HxD the number of selected bytes is shown in the 'Length : F4' value in the status bar at the bottom.

If my checksum is F808 does that mean in point 0x04 i would put 08 and in point 0x05 i would put F

Yes, that would be correct for that checksum.
But judging from the size of it, that checksum is not correct, I suspect you have included too large a scope.

See the attached sample screenshots for a 2032 for the changes in sequence required for that particular example, shown in red.

One more thing - for some cameras, usually those that originally had firmware version 5.2.8, it is necessary to fix up a couple of values in mtdblock1.
Extract mtdblock1 and check out the values in locations 0x0C and 0x8000C If these are 0 - change them to 1 and re-write mtdblock1

Good luck! You are just about there.

 

[alastairstevenson]

Those screenshots came out a bit small, sorry.
And just one more thing - when upgrading, don't skip the major versions, do 5.2.5 to 5.3.0 to 5.4.0 to 5.4.5

 

[Pico]

this will hopefully be my last question on this as I am at the final hurdle. I will include screen shots to help explain where I get stuck.

Mtdblok6 -
The checksum has me completely confused. Screen shot 'mdtbblock6
green = '0X10' to '0x01 this is ok
red = i replace FF with 14 and 98 stays the same. Based on dev type: 38932 - which I have calculated to be '9814' in hex. so the correct order would be 14 98 as smallest number fist right?
Blue (stuck here) = F4 at position 0X08. Does that mean i highlight all the line items one by one until the 'length' (blue square at bottom of screen) matches the result of 'F4' in position 0X08?
And i start to highlight them all from position 0X09 or somewhere else?

Mtdblock1 -
As you suggested I extracted block1 and I have uploaded the following screen shot:
0x0C = 53 do i change this to 1?
0x8000C = is that position 0x8 in the red square that i change to 1?

 

[alastairstevenson]

Blue (stuck here) = F4 at position 0X08. Does that mean i highlight all the line items one by one until the 'length' (blue square at bottom of screen) matches the result of 'F4' in position 0X08?

Yes, that's correct. And now that you know how to highlight the correct range, with the length of F4 bytes, use the Analysis | Checksums | Checksum-16 to see what the checksum value for locations 04 and 05 should be - but only after you have made the change in location 0x10 and location 0x64.
The most significant byte (number on the left) goes in location 05, the least significant byte (number on the right) goes in location 04

0x0C = 53 do i change this to 1?

Location 0x0C is showing as 02, so no need to change anything in mtdblock1.
In green you've highlighted location 00, in red you've highlighted location 08

 

[Pico]

Thank you for your help I think i have successfully upgraded from 5.2.5 to 5.3.0 after making the changes.

I have discovered a new challenge now as the admin account is locked out and it looks like on ver 5.3.0 the password changes and I need to go find a way now to recover it. Nothing is ever straight forward

If you have any tips on passwords for ver 5.3.0 and above id be grateful.

Here are screen shots of the process i followed to update the mtdblock file.

 

[alastairstevenson]

Here are screen shots of the process i followed to update the mtdblock file.

Those changes look OK.

If you have any tips on passwords for ver 5.3.0 and above id be grateful.

The password after a reset to defaults on 5.2.5 firmware is 12345
At some later version of firmware, and I forget exactly which, it might be 5.3.0 but I'm not sure, the default password is 123456789abc
Generally though on the web GUI firmware update the password would be retained.

the admin account is locked out

Is this because you have been trying unsuccessfully to log in? Or is there an NVR trying to connect to the camera with an incorrect password?

 

[Pico]

Those changes look OK.

The password after a reset to defaults on 5.2.5 firmware is 12345
At some later version of firmware, and I forget exactly which, it might be 5.3.0 but I'm not sure, the default password is 123456789abc
Generally though on the web GUI firmware update the password would be retained.

Is this because you have been trying unsuccessfully to log in? Or is there an NVR trying to connect to the camera with an incorrect password?

when i upgraded from 5.2.5 to 5.3.0 the camera would not let me log in at all. The old password i had set would not work and no mater what I try, it locks me out. I think I need to activate the camera now as its on 5.3.0 and i saw an article about the password reset requirement.
Not sure why this happens from an upgrade from 5.2.5 to 5.3.0 though.

 

[Pico]

when i upgraded from 5.2.5 to 5.3.0 the camera would not let me log in at all. The old password i had set would not work and no mater what I try, it locks me out. I think I need to activate the camera now as its on 5.3.0 and i saw an article about the password reset requirement.
Not sure why this happens from an upgrade from 5.2.5 to 5.3.0 though.

found a fix at this post: Hikvision camera admin password reset tool
the tool from GitHub managed to reset my password for me and then i was able to connect. Lets hope i don't get this again when i upgrade the firmware from 5.3.0 to 5.4.0 trying that now.

 

[Pico]

ITS DONE!!!!

upgrade from 5.3.0 to 5.4.0 was perfect (LOVE THE NEW GUI with 5.4.0)!!!
Upgrade for 5.4.0 to 5.4.5 was also perfect!!!

Now that I have mastered this on one camera I have 6 more to do. The key with the upgrade to 5.3.0 is the password lockout and you need to get the tool from GitHub to reset it.

Alastairstevenson you are a fantastic help!!!!! Thank you so much for your time and patience to help me learn the key steps with the hex editor. I would not have been able to do this without your help. I feel I have learnt a lot from the process so I look forward to helping someone out in the future just as you have helped me.
THANK YOU!!!!!!!!!!!!

 

[alastairstevenson]

Now that I have mastered this on one camera I have 6 more to do.

Well done! Another good result.
Glad that you got there, and probably learned a few things along the way.

I feel I have learnt a lot from the process so I look forward to helping someone out in the future

That's what this forum is all about, it's good to share.
Hikvision may not think so ...

 

[ex123yz]

If I have V5.2.0, how do I go about to get it to V5.2.5 and then follow this thread to upgrade?

 

[alastairstevenson]

If I have V5.2.0, how do I go about to get it to V5.2.5 and then follow this thread to upgrade?

You should be able to do the 'enhanced mtd hack' whilst running the 5.2.0 firmware.
I think it's only in the 5.3.0 and later that Hikvision tried to inhibit it.
On the 5.2.0 version - you should also check the contents of locations 0x0C and 0x8000C in mtdblock1 and if the value is 0, change it to 1
The 'enhanced mtd hack' is described in the attachments here : Hikvision DS-2CD2x32-I (R0) brick-fix tool / full upgrade method / fixup roundup.