Jump to content

cctv_007

Members
 View Profile  See their activity

  • Content Count

    47

  • Joined

  • Last visited

  • Days Won

    2

Posts posted by cctv_007

  2. Posted

    In theory, this could be done quite easily. All you need is a portable internet connection (cell with data), a network camera, and power. But as mentioned by boogieman, the practicality of it all is where the challenges come up. Power is the biggest issue.

     

    A cell with data turned on sending a continuous data stream will not last very long, the camera itself needs power (12v @ 2-3w) will require a big battery. Then there's the issue of concealment. All these batteries will be hard to hide "in plain sight".

     

    What you're looking for is something custom built for this type of application. It would likely be small, low power, have built-in SIM card slot and battery capacity for a "reasonable" viewing window.

     

    You're looking for a Super Secret Stealth Spycam with remote viewing ... LOL! Anything worthwhile in this category will be big $$$.

  4. Posted

    Your a reseller am distribution and have long term relationship with dahua ( even before there name change)

    Doing a regional change via firmware is not a problem from dahua ftp site

     

    As far as buying from China 50% well if you look at ebay usa import from China or allied then even you must be noticing they are now more expensive

    $120 from China $86 from supplier (not trade)

     

     

    You are correct... as the demands go up, so does the price from Chinese internet sources. It's basic economics. Pretty soon, the cost benefits of buying direct will be null and the cost will adjust accordingly.

  5. Posted

     

    Ok dude,

    I am reseller and i know that is dahua's politic to separte markets, china and other world. In china the same model costs 50% cheaper...

    So turn on your brains and sh... ;] just kidin

     

    I agree with vcka...

     

    I contacted Dahua for support with my camera when I bricked it. They offered basic support, but suggested I contact the reseller directly. It was purchased on Ali Express and in every sense appears to be a proper Dahua not a copy. It has all the proper packaging, stickers, model information etc. Only issue is that it was meant for distribution in China. Sites like Ali Express are selling these cameras outside the "intended" region. Internet access does that!

     

    The reality is that the Chinese market is opening up to the rest of the world and people are drawn to potentially save alot of money on products made and sold in China. Once products gets into distribution and are marked up by resellers for various markets the price doubles and triples what the retail price is in China. The reseller industry charges this much because they add value in support, warranty and services, but for many are only interested in the bottom dollar price for the product. In their case these Chinese retail avenues are great.

     

    Dahua sells more product and the only person likely to suffer from this is the customer when they are stuck and need support. For some it's a risk worth taking.

     

    Anyway, this thread is getting off-topic and maybe anew thread on the merits of Chinese direct Internet sales would be more apropos.

  6. Posted

    Guys,

    Nor config tool nor older firmware helped here. As i told, best choice as i made, is modify custom-x.ubifs.img partition. Files in usr partition are doing nothing. Its enought to change /mnt/custom/i18n

    line "Languages" : [ "SimpChinese" ], and move English.txt to SimpChinese.txt. Thats all.

    Its important to use check.img from chinese firmware otherwise fw will not flash. All i can say - pay attention to the headers of the files, dahua likes it ;]. Open firmware file in editor, change to first letters DH to PK and you get full working zip archive ;]

     

     

     

    Cool! That's not exatcly the same experience I have been having, but it's very interesting. Thanks!

  7. Posted · Edited by Guest

    Hi.

     

    I think these firmware posts are going to far .

     

    Once it's been stated its to help Chinese copy real software . Then it become software theft.

     

    Everyone in the security industry install to protect customers home or businesses from theft or protect against.

     

    Both hikvision and dahua work hard to try and stop there software getting back into china copy.

     

    Asking people to send firmware from real cameras to open it up for others to use is a big copyright problem and is also theft.

     

     

    This forum has become in the last few weeks a porthole to help allied new egg ebay sellers to continue selling copy cameras

     

    Copyright theft is not a good way to go for the forum ... And not good for hikvision or dahua distributors or OEM companies

    Chimes copies are taking there business away ..... And also making the names of dahua or hikvision not a reliable security system to use in high end installs .... With all back door openings to there software being posted to everyone

     

     

    I'm not sure what you are referring to, but I don't recall anyone asking for firmware from real cameras to open it up for others. Nor do I think anyone has stated that they are trying to help Chinese copy real software.

     

    The binaries that provide the functionality for the camera have not been de-compilled or reverse engineered. We have just been exploring the structure and operation of the cameras. It's no different than logging into your print server, digital billboards, Apple TV, or any other Linux based device to see how it's put together.

     

    I bought a few cameras and I believe them to be the real deal but the fact remains that support sucks big time! Just because I bought them from from Chinese resellers does not make them fake. These products are in high demand and many people don't want to pay 3 times the price giving a cut to distribution, resellers and integrators. Sure you get support from these channels, but most support is mediocre at best and many people are capable of supporting themselves if the information is made available.

     

    As a person who like to take things apart and see how they work, I have spent some time looking into the inner workings of these little computers. I bricked one of my cameras on my first attempt to update it and took it upon myself to figure out how it all works.

     

    I've since realized that my cameras are locked to Chinese firmware and due to my inquisitive nature will figure out how it's done. There are tons of posts and threads on other manufacturers cameras and how to unlock Chinese firmware. It's no different than people unlocking their cell phones, tablets etc. The point is that sharing information that we learn from our own efforts is a good thing. These cameras have many issues that the manufacturer should and could address if they cared about the quality of their products.

     

    A company who does not share firmware updates publicly is only encouraging people to dig deeper. Had I had access to firmware when I bricked my camera, I would have reloaded it and been done with it. But because it wasn't, I was left to fend for myself and get things resolved.

     

    There is nothing "special" about these cameras that has been disclosed in these forums beyond what can reasonably be discovered with an ounce of common sense, a little time and the desire to do so. I'm not expert in any of this stuff and I was able to figure all this out with minimal effort. As far as the statement "With all back door openings to there software being posted to everyone"... There are no backdoor openings being posted to everyone and if there was it would be in the interest of the company to know about them and fix them. They ARE a security company by the way!

  9. Posted · Edited by Guest

    So i managed to edit custom img file from firmware, repack it - sign crc and...

    I have flashable frimware from web interface in english

     

     

    Very nice vcka!

     

    What I'm after is trying to get to the root cause of what is blocking the General release ENG Firmware files from loading on the camera without modification. The camera seems to have something that blocks English firmware from running. It will load just fine, but the sonia process fails on a language check.

     

    This behavior would indicate that there is a setting outside the firmware partitions that is checked for what language is allowed to run on the camera. Many of the cameras off AliExpress seem to be locked to Chinese on the newer firmware. I posted a simple work around, but it would be nice to understand what is blocking it from running, then to correct it and be able to load regular firmware without modification.

  10. Posted

    I have an IPC-HDW4300C so I'll test it out on there a little later tonight. The service that does the upgrade varies from firmware to firmware. Some version block firmware by language or compatibility, but ultimately it can all be corrected quite easily if you make a mistake.

     

    ConfigTool on port 3800 is the simplest way to load firmware and will work even if the web UI is down.

     

    I will be working on a list of firmware and a compatible camera list to facilitate the process.

  11. Posted

    On IPC-HDW4300C, you cannot flash english firmware. It says wrong file.

     

    Try by ConfigTool:3800

     

     

    Yes... the config tool on port 3800 is the best method.

     

    Another workaround is to load an older firmware first. (Eg. General_IPC-HX5(4)XXX_Eng_N_V2.210.0000.21.R.20140613.bin) This one works well because it does not block any new firmware loads through port 37777 but I would still recommend you use the ConfigTool on port 3800.

  12. Posted

    You can get a lot more information on this and other Dahua related details including links to firmware from my other thread @ viewtopic.php?f=19&t=44928

     

    But for now here is the simplest way I know to-date to load the newest firmware on IPC-HFW4300S-V2 and other Chinese Dahua cameras ordered on AliExpress.... I'm still working on a permanent fix that will last after another firmware update, but I've had many emails about this so I thought I'd post a quick update.

     

    1. Use the config tool or web UI to load the newest firmware (General_IPC-HX5(4)XXX_Eng_N_Stream3_V2.420.0005.0.R.20141205.bin)

    2. Your camera will appear bricked (no web ui) but the only issue preventing it from working is the language settings (which prevents sonia from loading)

    3. Login into the camera with Telnet (user: admin / password: 7ujMko0{web ui password}

    4. You will need to perform a few edits, so you need to make mounts read/write

    \> mount -o remount rw /usr

    \> mount -o remount rw /mnt/custom

     

    5. Rename files

    \> mv /usr/data/Strings/English.txt /usr/data/Strings/SimpChinese.txt

    \> mv /mnt/custom/English.txt /mnt/custom/SimpChinese.txt

     

    6. Edit files with vi ---> /usr/data/Strings/i18n & /mnt/custom/i18n. Change the following:

     

    "DefaultLanguage" : "English", ------> SimpChinese

    "DefaultVideoStandard" : "NTSC",

    "DevStringFiles" : [ "StringsEn.txt" ],

    "HTMLStringFiles" : [ "webEN.json" ],

    "Languages" : [ "English" ], ------> SimpChinese

    "VideoStandards" : [ "NTSC" ],

    "WebStringFiles" : [ "webEN.lang" ]

     

    (Tips for using vi: press "i" for insert then ESC when done editing, then type :w to write then type :q! to exit)

     

    type reboot to restart the camera and you will have a working New English firmware. These changes will need to be repeated if you upgrade to another firmware since these partitions are erased an re-flashed during an upgrade.

     

    I'm really trying to get to the root cause of why the camera seems hard-coded to Chinese and I will update as I uncover more information.

     

    Thanks,

    Rob

  13. Posted

    Here's what I believe to be true at this point.

     

    1. There doesn't appear to be any env variables set in uboot that affect language.

    2. The following img are part of the firmware bin file

     

    check.img <----- this is possibly related but I have not fully investigated

    custom-x.ubifs.img

    dhboot.bin.img

    kernel.img

    partition-x.cramfs.img

    pd-x.ubifs.img

    romfs-x.ubifs.img

    user-x.ubifs.img

    web-x.ubifs.img

     

    3. The mtd partitions are:

    mtd0: 00100000 00020000 "U-Boot" <---- Uboot

    mtd1: 00100000 00020000 "hwid" <----- loaded with env variables from uboot

    mtd2: 00100000 00020000 "updateflag" <---- ??? Is this the key to solving this issue? contains binary data. Will review

    mtd3: 00100000 00020000 "partition" <---- loaded from img in firmware update

    mtd4: 00340000 00020000 "custom" <---- loaded from img in firmware update

    mtd5: 00340000 00020000 "product" <---- loaded from img in firmware update

    mtd6: 00580000 00020000 "Kernel" <---- loaded from img in firmware update

    mtd7: 00800000 00020000 "romfs" <---- loaded from img in firmware update

    mtd8: 00800000 00020000 "web" <---- loaded from img in firmware update

    mtd9: 01980000 00020000 "user" <---- loaded from img in firmware update

    mtd10: 00400000 00020000 "syslog"

    mtd11: 00400000 00020000 "config" <----- connected to HWID (see /usr/etc/checkHWID.sh) May be indirectly related

    mtd12: 00400000 00020000 "backup"

     

     

    Somewhere outside the data that is flashed by the firmware, exists a language/China flag that is used and compared to when running the newer firmware....

     

    The hunt continues....

  14. Posted

    This is driving me nuts!!!!! So I can get the newest firmware to run V2.420.0005.0.R.20141205 by changing 2 files in 2 locations.

     

    mv English.txt to SimpChinese.txt in /usr/data/Strings & /mnt/custom

    modify i18n & change language to SimpChinese in /usr/data/Strings & /mnt/custom

     

    These changes will allow all the new firmware to work, but I still can't find the root cause. Somewhere outside the partitions that get flashed by the firmware, there is a flag that makes the camera "require" chinese firmware....

     

    If you load any 2.42 version of English firmware, you will need to fake it by renaming the key files to Chinese.

     

    I want to find what the Chinese flag is on the camera so I can change it and then load English firmware without modifications.

     

    Arghhhhh!

  15. Posted · Edited by Guest

    UPGRADED_MSG: native 1

    UPGRADED_MSG: verify_native failed

     

     

    dd if=/dev/mtd/1 bs=4096 count=1 2>&1

    displays native=1 in china fw. So it has to be changed to 0, i think.

     

     

    I think config partition and uboot is most interested parts.

    What do you think about this:

    dd if=/dev/mtd/1 bs=4096 count=1 2>&1 | grep -m 1 ^HWID=

    Maybe there is localization info in this mtd device?

     

     

    Can you print the output of dd if=/dev/mtd/1 bs=4096 count=1 2>&1

     

    I was chasing a lead in this area early this week, and I just had another thought. I'd like to close the loop on this one.

  19. Posted · Edited by Guest

    I think config partition and uboot is most interested parts.

    What do you think about this:

    dd if=/dev/mtd/1 bs=4096 count=1 2>&1 | grep -m 1 ^HWID=

    Maybe there is localization info in this mtd device?

    You're wrong!

     

    Why is it that the V1 cameras will take this firmware and not the V2 cameras? This is what I am trying to uncover. THe Chinese language file is necessary for loading on V2 cameras, but it is not an issue for V1 cameras. The custom UBI image is part of the firmware updates, so every time we flash a new firmware we will need to fix the custom UBI partition?

  20. Posted

    I managed to flash eng firmware, but i need to rename file English.txt to SimpChinese.txt in custom-x.ubifs.img. Any help? After that there will be full flashable firmware from web or upgrade tool.

     

     

    Yes, this was the only way I could get it to work too, but I can't find the reason why this is happening. Somewhere there is a dependency on the Chinese language and I'm still trying to get to the source of the issue.

  21. Posted

    I'm still looking into this issue, but I was away last week on business. These tests are performed on a IPC-HFW4300S-V2. It will load older ENG firmware files, new Chinese firmware files, but not new ENG firmware files without some heavy mods.

     

    I have discovered a few interesting things..... the issue with the new firmware is that the process "sonia" which runs all the services, including http on port 80 fails to start properly on the V2 cameras.

     

    This is the interesting part of the output of a trace on the sonia process with a new Chinese firmware...

     

    [0m[32;40m13:28:20|[Manager] info CMagicBox::startDstTune readCMOS DstTune flag is 0.

    [0m[36;40m13:28:20|[libInfra] debug ThreadBody Enter name = WatchDog, id = 1269, prior = N1, stack = 0x42424dcc

    [0m[32;40m13:28:20|[Manager] info CMagicBox::m_systemInfo.noPtz == [1]

    [0m[32;40m13:28:20|[Manager] info CMagicBox::m_systemInfo.noSdCard == [1]

    [0m[32;40m13:28:20|[Manager] info CMagicBox::m_systemInfo.bandWidth == [48]

    [0m[36;40m13:28:20|[Manager] debug setProductTransform: DeviceTypeTransform = {

    "CEList" : {

    "CE-C200" : "DH005",

    "CE-C20S" : "DH005"

    },

    "General" : {

    "Default" : "IP Camera"

    }

    }

     

    [0m[37;40m13:28:20|trace Create Alarm Module>>>>>>>>>>>>>>>>

    [0m[36;40m13:28:20|[libInfra] debug ThreadBody Enter name = [ConfigSaveTimer], id = 1270, prior = N64, stack = 0x42624dcc

    [0mFail to get env peripheral!

    [37;40m13:28:20|trace alarmInputs=[0], alarmpir=[0], Flashlight=[0]

    [0m[33;40m13:28:20|[Manager] warn CCommonConfigManager::getConfig Alarm is Json::nullValue!

    [0m[33;40m13:28:20|warn Src/Comm/Alarm.cpp:706 not support pir alarm.

    [0m[33;40m13:28:20|[Manager] warn CCommonConfigManager::getConfig AlarmOut is Json::nullValue!

    [0m[37;40m13:28:20|[Manager] trace CConsole::registerCmd had been register!!

    [0m[37;40m13:28:20|[Manager] trace CConsole::registerCmd had been register!!

    [0m[32;40m13:28:20|[Manager] info CLdapUserManager::initialize() tye login times is 3

    [0m[37;40m13:28:20|[Manager] trace CConsole::registerCmd had been register!!

    [0m[37;40m13:28:20|[Manager] trace CLog::attachFilter

    [0m[32;40m13:28:20|[Manager] info SetLanguage(SimpChinese) load file:/mnt/custom/SimpChinese.txt

    [0m[36;40m13:28:20|[libInfra] debug ThreadBody Enter name = Console, id = 1271, prior = N1, stack = 0x42824dcc

     

    Here is the same version of the English firmware....

     

    [0m[32;40m12:16:29|[libDatabase] info CLogSqliteOperate::isSynced insertRet : 1, removeRet : 1, updateRet : 1, line : 1256

    [0m[32;40m12:16:29|[libDatabase] info CLogSqliteOperate::SqliteBackup vacuum use 50ms, iRet : 0, line : 1129

    [0m[37;40m12:16:29|[libDatabase] trace backup_database(): start >>>

    [0m[37;40m12:16:29|[libDatabase] trace match: log.db.%x

    [0m[37;40m12:16:29|[libDatabase] trace log.db.1

    [0m[37;40m12:16:29|[libDatabase] trace remove_database(): min(1), max(1)

    [0m[37;40m12:16:29|[libDatabase] trace remove file: /mnt/mtd/Log/log.db.1

    [0m[37;40m12:16:29|[libDatabase] trace backup_database(): finished successfully! elapsed(10)

    [0m[32;40m12:16:29|[libDatabase] info CLogSqliteOperate::isSynced SqliteBackup use 60, line : 1264

    [0m[33;40m12:16:29|[Manager] warn CMagicBox::setSubModuleInfo fail!

    [0m[32;40m12:16:29|[Manager] info CMagicBox::onConfigAutoMaintain day = [2], hour = [2], min = [0], enable = [true]

    [0m[32;40m12:16:29|[Manager] info CMagicBox::startDstTune readCMOS DstTune flag is 0.

    [0m[36;40m12:16:29|[libInfra] debug ThreadBody Enter name = WatchDog, id = 1040, prior = N1, stack = 0x4269fdcc

    [0m[32;40m12:16:29|[Manager] info CMagicBox::m_systemInfo.noPtz == [1]

    [0m[32;40m12:16:29|[Manager] info CMagicBox::m_systemInfo.noSdCard == [1]

    [0m[32;40m12:16:29|[Manager] info CMagicBox::m_systemInfo.bandWidth == [0]

    [0m[36;40m12:16:29|[Manager] debug setProductTransform: DeviceTypeTransform = {

    "CEList" : {

    "CE-C200" : "DH005",

    "CE-C20S" : "DH005"

    },

    "General" : {

    "Default" : "IP Camera"

    }

    }

     

    [0m[37;40m12:16:29|trace Create Alarm Module>>>>>>>>>>>>>>>>

    [0mFail to get env peripheral!

    [37;40m12:16:29|trace alarmInputs=[0], alarmpir=[0], Flashlight=[0]

    [0m[33;40m12:16:29|[Manager] warn CCommonConfigManager::getConfig Alarm is Json::nullValue!

    [0m[33;40m12:16:29|warn Src/Comm/Alarm.cpp:706 not support pir alarm.

    [0m[33;40m12:16:29|[Manager] warn CCommonConfigManager::getConfig AlarmOut is Json::nullValue!

    [0m[37;40m12:16:29|[Manager] trace CConsole::registerCmd had been register!!

    [0m[37;40m12:16:29|[Manager] trace CConsole::registerCmd had been register!!

    [0m[32;40m12:16:29|[Manager] info CLdapUserManager::initialize() tye login times is 3

    [0m[37;40m12:16:29|[Manager] trace CConsole::registerCmd had been register!!

    [0m[37;40m12:16:29|[Manager] trace CLog::attachFilter

    [0m[35;40m12:16:29|[Manager] fatal Src/Locales.cpp:630 Language Not Compare!!Going to exit!

    [0m[36;40m12:16:29|[libInfra] debug ThreadBody Enter name = Console, id = 1041, prior = N1, stack = 0x4289fdcc

    [0muser name:password:

    [32;40m12:16:29|[Manager] info CLocalClient::CLocalClient(0x0x1c755c0)>>>>>>

    [0mTime : Thu Feb 26 12:16:29 2015

     

    =========================== TRACE START ===================================

    Tid:1041, Exception type : SIGSEGV

    PC:[0x00701574] (0x007014f8--0x0070158f) Unknown

    PC:[0x4037ee70] (0x4037ee68--0x4037ee7f) __default_rt_sa_restorer_v2 + [0x0]

    PC:[0x401653a0] (0x4016539c--0x401656b0) pthread_mutex_lock + [0x4]

    PC:[0x005fcdb0] (0x005fcda4--0x005fcdbb) Unknown

    PC:[0x0002dbcc] (0x0002db90--0x0002dbeb) Unknown

    PC:[0x004ef278] (0x004ef218--0x004ef357) Unknown

    PC:[0x0050e080] (0x0050dcdc--0x0050e5c7) Unknown

    PC:[0x0050e88c] (0x0050e5c8--0x0050e973) Unknown

    PC:[0x0050eb98] (0x0050e974--0x0050ecef) Unknown

    PC:[0x0050ed40] (0x0050ecfc--0x0050ed6b) Unknown

    PC:[0x004d8294] (0x004d8164--0x004d839f) Unknown

    PC:[0x004d8458] (0x004d83a8--0x004d8487) Unknown

    PC:[0x00600708] (0x00600624--0x0060077f) Unknown

    PC:[0x40163038] (0x40162f44--0x40163474) start_thread + [0xf4]

    PC:[0x404297a8] (0x4042976c--0x404297ac) clone + [0x88]

    PC:[0x00000000](Failed to locate address)=========================== TRACE END ===================================

     

    The app fails and exits when checking the Locales which don't match. There appears to be some issue only when loading sonia from English version of the firmware files. I've checked this with 5 different 2.42 English firmware files and all exhibit the same error. '

     

    Usually the Lang can be set in /usr/custom/i18n and another instance exists in /usr/data/Strings/i18n (seen below)

     

    {

    "AllLanguages" : [

    "English",

    "SimpChinese",

    "TradChinese",

    "Italian",

    "Spanish",

    "Japanese",

    "Russian",

    "French",

    "German",

    "Portugal",

    "Turkey",

    "Poland",

    "Romanian",

    "Hungarian",

    "Finnish",

    "Estonian",

    "Korean",

    "Farsi",

    "Dansk",

    "Czechish",

    "Bulgaria",

    "Slovakian",

    "Slovenia",

    "Croatian",

    "Dutch",

    "Greek",

    "Ukrainian",

    "Swedish",

    "Serbian",

    "Vietnamese",

    "Lithuanian",

    "Filipino",

    "Arabic",

    "Catalan",

    "Latvian"

    ],

    "DefaultLanguage" : "SimpChinese",

    "DefaultVideoStandard" : "PAL",

    "DevStringFiles" : [ "StringsCn.txt" ],

    "HTMLStringFiles" : [ "webCN.json" ],

    "Languages" : [ "SimpChinese" ],

    "VideoStandards" : [ "PAL" ],

    "WebStringFiles" : [ "webCN.lang" ]

    }

     

    You can get the new English firmware to load with some heavy changes to a number of files, but I still can't understand the root/cause of why these Eng files won't run on the V2 cameras.

     

    What's weird is that all the partitions are written with the English firmware files, so I'm not sure at the moment where it's still getting the Chinese locale with the English firmware...

     

     

    More to come.

  22. Posted

    Anyone at all?

     

     

    LOL! Don't expect immediate replies to your post. After a few days you might have 50+ view and 5-10 replies. (That's if it a hot topic)

     

    If I understand what you are saying, you upgraded your firmware to a version that has the iVideon client. You connect the camera to iVideon and embedded the video into your webpage which has a login prior to viewing the video. You are concerned because the web stream URL can be retrieved from the properties, then it can be used to view the video directly from iVideon?

     

    In this case you would have to mask the URL in your webpage. There are a number of masking techniques and any half decent web developer can help you with this.

  23. Posted · Edited by Guest

    I have a IPC-HFW4300S-V2 purchased from Ali Express that won't natively take the newer English firmware files. I received the camera with an older 2.210 firmware and bricked it with the first upgrade attempt to the new firmware. I managed to recovery quite easily, but the newer firmware files still won't run without some crazy modifications at this point. I'm still trying to get the the root cause of the issue. I don't want to modify every new firmware that comes out before I can load it to my camera.

     

    It will however take the same new version of the Chinese firmware files without modifications.

     

    I've been comparing results with v2.420.0003.0 firmware (since I have both the Eng and Chinese versions)

     

    I've run a number of traces on the /usr/bin/sonia and discovered a number of differences that jump out. I have been partially successful doing a serial based reload with newer files, but the latest (v2.420.0005.0) still won't work. The sonia process launches but does not open all the service ports and there seems to be issues with authentication for the services.

     

    Anyone have any thoughts to share?

×