Dahua firmware

[joshda 0]

Hi:

 

Please somebody have firmware for DAHUA DVR1604HF-U-E, NTSC version.

 

Thanks.

 

Joseph.

[MaxIcon 0]

I found this ftp ftp://ftp.wintel.fi/drivers/dahua/ but and I installed the latest and it turns out to be PAL but the camera and nvr still works.

Often the main difference between PAL and NTSC is the frame rate settings. PAL goes to 25 fps max, while NTSC goes to 30 fps max. The lower settings are often offset a little (like 12.5 vs 15 fps).

 

The other difference is in anti-flicker, for cams recording under fluorescent lights. PAL uses 50 Hz, and NTSC uses 60 Hz anti-flicker settings.

 

Since IP cams don't send out scan line video directly, the NTSC vs PAL settings often don't mean much aside from the above.

[anthonys650 0]

here's a site to look at http://www.dh-vision.com/index.php/firmware

[MPD2011 0]

It was a seller on toaboa and in the end I cancelled the order before they got a chance to dispatch it.

many be they did not want to send it to me as they emailed to say it comes with Chinese firmware and you cant update it or change it.

that it will not work in the UK as it does not support PAL format. I am new to the IP world and on there explanation cancelled the order.

 

 

Never heard of Dahua "Chinese firmware" before, where do you get it, sounds exotic. They have NTSC and PAL and for N. American you want NTSC, if you are in China or Europe or just about anywhere else in the world, you want the PAL version.

 

People have asked about the NTSC firmware update from April of this year, but when I requested it, they said it's buggy and still doing testing and will release it when it's ready.

 

cant seem to find the answer and I was wondering does any one have English firmware for the HDW4300C.

the seller did not tell me before purchase it has Chinese firmware. also they don't do English firmware.

[buellwinkle 0]

Find a different seller because Dahua does not have language specific versions and could be they didn't want to sell to you or they got confused with another brand like Hikvision that does have Chinese only versions.

[sdkid 0]

Hey there. I did a dumb thing, and I updated the firmware on my Dahua hdb3200c with the Q-See firmware. It is actually older and LESS functional. Of course, it also locked out any way to easily go BACK to Dahua firmware. I think.

 

Is there an easy fix for this?

[yozh 0]

Hello,

 

Does any one know where to get a NTSC version of this firmware ? General_IPC-HX5(4)XXX_Eng_P_Stream3_V2.420.0000.0.R.20140419.bin

 

I seemed to hit a wall, where my cameras are shutting down, after synology upgrade.

[ratanapoll 0]

I want to update new firmware HCVR5104H ,it come with v.2.616 . Please give me new firmware , thank you.

[badgcoupe 0]

Anyway the OP could keep the first post with all firmware files linked?

[hdo26 0]

Hallo,

 

i've been in the forums as a passive member for quite a while and now i like

to contribute some little information to this forum.

 

I noticed that with the v2.4x baseline firmware releases the well known

telnet access root/vizxv is gone

 

For me as a linux guy i wasn't happy with it at all so i took some

time to reverse enginieer the firmware of my HFW4200s camera.

 

I manage to analyse the telnet authorization

part in the firmware. The /etc/passwd is still the same so

the old password should work as always but the engineers

at dahua changed the authorization so this file is never read

for login. First i was able to patch the busybox binary to

accept any passwords but a couple of hours later i was

able to enter a valid password.

 

In fact the secret login/password consists of a valid

user with administrator privileges to the web interface

(e.g. admin) and a password with a 'secret' prefix.

 

Long story short as in my case with login 'admin' and password 'admin'

my telnet login is like this:

 

login: admin

password: 7ujMko0admin

 

So the prefix '7ujMko0' is the important part here.

 

Finally i'm able to telnet login to my cameras again

 

Can any of you double check on that?

 

Happy telnet login!

 

Regards,

 

hdo

[markstubb 0]

Very nice work! I just tried it, for the hell of it, on my dahua nvr (NVR-4216 running V3.200.0000.2.R.20140418) and it worked perfect. Very good detective work!

[iTuneDVR 2]

2 hdo26

 

Great job, but to me it was already known since December of 2013.

I extracted the prefix disassembled firmware

 

I was wondering when will someone come to that.

That's why I have to repack the firmware and change the prefix from prying eyes!

 

But at the same time I had the sense not to advertise it, and used it to help others as it can also hit the wrong hands!

 

Congratulations.

You opened the next hole to the outside;)

Edited August 19, 2014 by Guest

[markstubb 0]

Wouldn't disabling external telnet access do the same thing, or is that password able to be used elsewhere?

 

Either way, it's not like it's just a default password, it's just a default password prefix. Which is a hell of a lot better than the same password on everyone's device.

[iTuneDVR 2]

Wouldn't disabling external telnet access do the same thing, or is that password able to be used elsewhere?

 

Either way, it's not like it's just a default password, it's just a default password prefix. Which is a hell of a lot better than the same password on everyone's device.

 

Possible to rebuild the firmware and change the prefix or remove telnet.

This prefix standard for all models.

That's why I have it and I change

[markstubb 0]

I gotcha, but if you already have a complex password, having the prefix doesn't make a whole lot of difference, IMO

[hdo26 0]

Great, you could have saved me a couple of hours of my freetime

 

Guess you're under NDA or something?

 

As for me i don't have any connections to the manufacturer and i dislike

companies who don't release the GPL source code of their products.

So i don't mind releasing this information to the public.

 

BTW What is iTuneDVR doing? Unfortunately i can't read russian

 

hdo

 

2 hdo26

 

Great job, but to me it was already known since December of 2013.

I extracted the prefix disassembled firmware

 

I was wondering when will someone come to that.

That's why I have to repack the firmware and change the prefix from prying eyes!

 

But at the same time I had the sense not to advertise it, and used it to help others as it can also hit the wrong hands!

 

Congratulations.

You opened the next hole to the outside;)

[hdo26 0]

@iTuneDVR

 

Another topic regarding serial output.

 

On my HFW4200s i can only see the u-boot message. All messages coming from the kernel is suppressed.

Do you know how to get them displayed? (dmesg, boot messages)

 

EDIT: FIXED: You have to remove the dh_keyboard=1 variable in u-boot to enable boot messages (thanks for the hint!)

 

1..2..3..boot_from:normal

 

 

U-Boot 2010.06-svn283 (Aug 14 2013 - 18:13:53)

I2C: ready

DRAM: 254 MiB

NAND: 128 MiB

state:ff,err_count:01

Net: Detected MACID:90:02:a9:2e:cc:b0

PHY:0x00221513,addr:0x00

 

TFTP from server 192.168.254.254; our IP address is 192.168.1.108; sending through gateway 192.168.1.1

Filename 'upgrade_info_7db780a713a4.txt'.

Load address: 0xc5000000

Loading: *

Retry count exceeded; starting again

Fail to get info file!

Init error!

TFTP from server 192.168.254.254; our IP address is 192.168.1.108; sending through gateway 192.168.1.1

Filename 'failed.txt'.

Load address: 0xc2000000

Loading: *

Retry count exceeded; starting again

 

NAND read: device 0 offset 0xc80000, size 0x00580000

5767168 bytes read: OK

## Booting kernel from Legacy Image at c2000000 ...

Image Name: Linux-2.6.38.8

Created: 2014-04-19 2:26:07 UTC

Image Type: ARM Linux Kernel Image (uncompressed)

Data Size: 2546748 Bytes = 2.4 MiB

Load Address: c0208000

Entry Point: c0208000

Verifying Checksum ... OK

Loading Kernel Image ...OK

OK

 

Starting kernel ...

 

1..2..3..boot_from:normal

 

 

U-Boot 2010.06-svn283 (Aug 14 2013 - 18:13:53)

I2C: ready

DRAM: 254 MiB

NAND: 128 MiB

state:ff,err_count:02

Net: Detected MACID:90:02:a9:2e:cc:b0

PHY:0x00221513,addr:0x00

 

TFTP from server 192.168.254.254; our IP address is 192.168.1.108; sending through gateway 192.168.1.1

Filename 'upgrade_info_7db780a713a4.txt'.

Load address: 0xc5000000

Loading: *

Retry count exceeded; starting again

Fail to get info file!

Init error!

TFTP from server 192.168.254.254; our IP address is 192.168.1.108; sending through gateway 192.168.1.1

Filename 'failed.txt'.

Load address: 0xc2000000

Loading: *

Retry count exceeded; starting again

 

NAND read: device 0 offset 0xc80000, size 0x00580000

5767168 bytes read: OK

## Booting kernel from Legacy Image at c2000000 ...

Image Name: Linux-2.6.38.8

Created: 2014-04-19 2:26:07 UTC

Image Type: ARM Linux Kernel Image (uncompressed)

Data Size: 2546748 Bytes = 2.4 MiB

Load Address: c0208000

Entry Point: c0208000

Verifying Checksum ... OK

Loading Kernel Image ...OK

OK

 

Starting kernel ...

 

nothings comes after that

 

Edited August 20, 2014 by Guest

[yozh 0]

Worked on HDW-4200S and HDW-4300S

[iTuneDVR 2]

BTW What is iTuneDVR doing? Unfortunately i can't read russian

 

Now you have a unique with opportunities to learn Russian;)

I also have no formal connection with Dahua.

I just get the firmware and learn the content.

With this problem I encountered with Dahua IPC2100, when preparing a firmware update.

Even then, I decided with this task.

 

On my HFW4200s i can only see the u-boot message. All messages coming from the kernel is suppressed.

Do you know how to get them displayed? (dmesg, boot messages)

 

For me as a linux guy i wasn't happy with it at all so i took some

time to reverse enginieer the firmware of my HFW4200s camera.

 

You linux guy, is not it?

Yes, I know the answer to your question, but why do you need it.

Can you just tell me what are you looking in log message?

[markstubb 0]

But at the same time I had the sense not to advertise it, and used it to help others as it can also hit the wrong hands!

 

This is a pretty backhanded thing to say. IMO, knowing a password prefix makes any secure password no less secure. If anything, it makes it more secure to the uninitiated who don't know the prefix. And for those who DO know the prefix, and they know/cracked the admin password, then they would have probably gotten into the box eventually anyway.

 

@hdo26 - I think he's trying to give you **** about divulging this prefix. Still not 100% sure why, though. Security through obscurity is not security.

 

I, for one, would like to say thanks!

[iTuneDVR 2]

This is a pretty backhanded thing to say. IMO, knowing a password prefix makes any secure password no less secure. If anything, it makes it more secure to the uninitiated who don't know the prefix. And for those who DO know the prefix, and they know/cracked the admin password, then they would have probably gotten into the box eventually anyway.

 

@hdo26 - I think he's trying to give you **** about divulging this prefix. Still not 100% sure why, though. Security through obscurity is not security.

 

I, for one, would like to say thanks

 

Prefix only complicate access to telnet and a username and password did not get there.

Nevertheless, as soon as the login and steam becomes aware that someone can just hurt inside, and a lot of opportunities. And thus bring the technique failed.

We must be very careful, because the possession of this information is very, very much responsible.

It is necessary not for everyone, but when the information falls into the hands of rascals, then expect trouble.

 

I say thank you not for that. After all, in addition to access to telnet and have yet to be able to do something there. And this is usually unnecessary, then what you say thank you? For the fact that you almost never need?

[TheUberOverLord 0]

But at the same time I had the sense not to advertise it, and used it to help others as it can also hit the wrong hands!

 

This is a pretty backhanded thing to say. IMO, knowing a password prefix makes any secure password no less secure. If anything, it makes it more secure to the uninitiated who don't know the prefix. And for those who DO know the prefix, and they know/cracked the admin password, then they would have probably gotten into the box eventually anyway.

 

@hdo26 - I think he's trying to give you **** about divulging this prefix. Still not 100% sure why, though. Security through obscurity is not security.

 

I, for one, would like to say thanks!

IMHO. I think "iTuneDVR" gets upset because knowledge = lost sales. In other words he sells fixes/firmware that use this information. So, it's never a good idea to him to expose methods where you can do the same yourself for free. Which may also allow others to do the same. But, just a guess.

 

Don

[iTuneDVR 2]

IMHO. I think "iTuneDVR" gets upset because knowledge = lost sales. In other words he sells fixes/firmware that use this information. So, it's never a good idea to him to expose methods where you can do the same yourself for free. Which may also allow others to do the same. But, just a guess.

Don

 

Don

How are you?

Nice to read your review!

 

I tend to help individuals and for that I do not take money.

But if they are pursuing a commercial interest, then why not.

For me it is not in the business of, and not a hobby, a fun and exciting experience, which I always do

In Dahua there are many other secrets that of ordinary people, no one knows. I have done a lot of research on Dahua, Hikvision and many other brands.

Recognized many secrets and a lot of technology is mastered, so I really have nothing to fear.

 

In order to do that you have to know how to do it, even if you have a password!

Your assumption is not true!

I have nothing to lose anyway

[Kelxin 0]

Hello,

 

Does any one know where to get a NTSC version of this firmware ? General_IPC-HX5(4)XXX_Eng_P_Stream3_V2.420.0000.0.R.20140419.bin

 

I seemed to hit a wall, where my cameras are shutting down, after synology upgrade.

 

 

http://www.dh-vision.com/main/firmware/IPC/HX5(4)XXX/General_IPC-HX5(4)XXX_Eng_N_Stream3_V2.420.0000.0.R.20140419/General_IPC-HX5(4)XXX_Eng_N_Stream3_V2.420.0000.0.R.20140419.bin

 

Version 2.420 04/19/2014 firmware for the Dahua IPC-HFW4300SN.

[Defender666 0]

To come back to the Language problem some people including me are facing.

 

Can someone help me modify a flash file ?

 

I have firmware for english and chinese. The NVR does not find the translation when I put the english firmware. Because the language selection is blocked in the NVR menu.

 

I want to put the english language file in the chinese firmware file. It is because the NVR searches for the Chinese file it does not find it in English or German firmware. Furthermore I found they put a check to view the supported language files of the NVR.

 

I paid 300 USD for this useless NVR because the seller gave me unusable chinese version.

 

Dahua does not want people to buy the chinese NVR and put the English firmware.

 

The problem would be solved if I could rename the file English.txt to SplChinese.txt in the firmware then the NVR should think he has the correct file. However I do not know how to edit the files in telnet because all corresponding partitions except one are Read-only.

 

I also tried to remount the partition because it is not writable via Telnet however I do not manage to do it.

 

So I guess I need to modify the BIN file and reflash??

 

 

ONE more thing.

 

Does anyone else have the problem that on the IP Cameras the MP4 download from the SD Card does not work. It transcode 10..15...20%..100% then nothing. No file download