Jump to content

Recommended Posts

Hello everyone

 

Understandably there's some dissatisfaction due to the manufacturer removing or downgrading some features of 5.2.0 - and not even documenting them. Worse, you can't even go back to an earlier version if you want to (though TFTP works for now).

 

This is for Raptor Series 2 only (e.g. 2032, 2112, 2632, 2712, 2732 etc etc).

 

Given that I've helped some people change the region of their cameras from Chinese to EU/US I felt I should do something about this. For this reason I have developed a patch to:

 

- Increase Traversal Lines from 1 back to 4

- Increase Intrusion Detection zones from 1 back to 4

- Reinstatement of FTP server

 

I have decided not to reinstate face detection as you can't use it at the same time with the generally more useful Traversal Lines & Intrusion Detection.

 

To say thank you to those who have bought my region changer, I have decided not to put a mandatory charge on this. However, as an unemployed person (just think of me in a cardboard box with a hat asking for spare change) any donations won't be turned down GBP are better for me than USD due to PayPal fees.

 

Here's an FAQ:

 

What about feature X,Y,Z?

 

Sorry - these are the main ones causing most concern so I do not expect to resolve others unless there is a real general need.

 

Can't you provide 8 instead of 4 detection lines/zones?

 

Yes but I'm not going to. To play fair by the manufacturer, I will only consider reinstating functionality they themselves provided in previous firmware. People have bought cameras based upon what was provided so it is justifiable to put this back - enabling other features would be crossing the line in my view.

 

Nothing in what I provide contains manufacturer code, nor breaks any license agreements nor laws that exist in my country to the best of my knowledge.

 

So we get FTP server back?

 

Yes. You still need to enable with setFtpService start

 

I haven't bought your region changer - I already had a EU/US region camera

 

You can PM me if you wish to discuss me providing this to you.

 

What is the difference between this and your region changer?

 

A lot of difference.

 

The region changer is a permanent region change and has nothing to do with what firmware is loaded or put on in future. I provide full support for this, and try to do so quickly.

 

The 5.2.0 solution is a patch. That means if you change your firmware, or even reflash with original 5.2.0 it will not be preserved. That's not a problem - just something to be aware of. Also, support for this is much lower priority for me - I might not respond instantly like I try to for the region change program. If there's much demand, I might generate the needed files (everyone is different) in batches and send out every few days or so.

 

I and an early adopter (thanks!) have done some testing and it all looks good. But the real test is people using it. Any problems just go back to the original 5.2.0

 

How do I put this patch on?

 

I've come up with a way to provide you patched firmware that you can just upload via the web interface. I do not provide the original firmware due to copyright issues (the manufacturer owns it not me) - you download that yourself from them first. But I can provide a small file that contains my code and a batch file that uses the original firmware + my changes to create your own custom firmware. It isn't hard.

 

Great - how do I get it?

 

Please email me your serial numbers, preferably replying to the email I already sent you with the region change program.

 

As always you agree not to share this, and keep our communications confidential.

 

 

Cheers

 

CBX

Share this post


Link to post
Share on other sites

Some simple words of caution.

 

First. I understand the issue. Someone buys a IP Camera and all the menus are in Chinese. They don't read and/or don't want Chinese menus for their IP Cameras control interface. Maybe they did it to save money, maybe they never understood their purchased IP Camera was set for the Chinese region.

 

Regarding the initial patch

 

I think it's more fair and honest to at least state that while the region change has nothing to do with a specific version of firmware or currently released versions of firmware that the manufacturer can at any time decide to change methods ("The region structure") using the magic word ("Potentially") causing issues in the future for people who have used the patch.

 

The manufacturer could do this out of spite. Since most likely they have in their minds a logical reason for doing what they have, based on how the cameras region is initially set. Odds are good that the manufacturer will not allow this to continue, as in forever, while they get hammered by their authorized resellers who are losing sales in what normally would be IP Cameras sold in those English regions.

 

So IMHO, it's at least important to admit, that it could become impossible to resolve whatever actions the manufacturer does quickly or in a timely manner. If and when that were to occur. The manufacturer could justify these actions to protect their authorized resellers with a clear conscious and no pangs of any guilt while doing so.

 

Causing for example, newer firmware releases to NOT be able to be installed in patched IP Cameras, based on some method they create to determine if the camera was/is really from x region or not. Causing IP Camera owners with the patch, to NOT be able to upgrade to current and/or newer firmware releases until a workaround for this now new issue, was created. Which could happen anytime in the future.

 

Which might be fine, unless/until some future firmware upgrade is required to protect a IP Camera from a security vulnerability, which is now in the public domain. Then IP Cameras with this patch would remain vulnerable until/unless another patch could be made to resolve this.

 

Regarding not staying current with current or future firmware releases because of this or that

 

IMHO. It's much better to continue to ("patch") current releases of firmware then to fallback to older versions. This is because many, if not most, IP Camera owners don't realize the potential risks involved when going backwards in firmware releases or even not installing current firmware releases.

 

Which still won't save you from the above mentioned potential manufacturer situation, occurring sometime in the future or some known security vulnerability or soon to be found security vulnerability with the FTP server, that is no longer being modified for potential security vulnerabilities it may presently have. Since it no longer is supported, in current firmware versions by the manufacturer.

 

In many, if not most cases. New firmware releases also include security vulnerability fixes. These fixes are not always documented or present, in the release notes. When you lag behind in doing firmware upgrades because of not wanting to lose specific features. You truly maybe unwillingly continuing to expose yourself to security vulnerabilities which are now fixed. As a IP Camera owner.

 

It's important to realize that if whatever vulnerabilities that have been resolved in newer versions of firmware are not resolved in your IP Camera, that you are much more at risk to have the configuration data exploited in your IP Camera.

 

Again ("Potentially") allowing others to gain access as some examples, to the user credentials of any Email or FTP users and their passwords which are currently stored in your IP Camera configuration.

 

This is NOT speculation on my part. I have seen this happen many times with many different IP Camera Owners of many different IP Camera brands and models over the years. Personally, I am aware of IP Camera owners who have had this happen and some still are trying to recover from the damages of their Email and/or Web Servers accounts being taken over many months afterwards. Because they fell back to older firmware or stayed on specific firmware releases. Not realizing that their IP Cameras were exposed to security vulnerabilities, until it was too late.

 

So. I am not wanting or wishing to rain on anyone's parade here.

 

But I have waited and waited for many weeks for a true honest summary of the risks involved when implementing something like this.

 

I agree that all IP Camera owners should be allowed to do what they wish with their IP Cameras. But, I also equally feel that those of us who create patches for others, also are obligated and need to be honest about ALL the potential risks involved, when implementing them. Not just ("Some of the risks"). I hope you can understand that.

 

I wish you luck. I hope you find employment.

 

Don

Share this post


Link to post
Share on other sites

Hi Don

 

Many valid points there that I agree with.

 

On the FTP security front should anyone be interested, it's the same binary they already provided in previous releases, and it's not accessible by default as it's blocked by iptables (firewall).

 

You have to enable access first and this doesn't survive reboot.

 

The region change can be reversed using the program I provide (no second program is needed). This permits all changes to be undone, if there's a problem in the future (a possibility) or you need to return the camera due to a fault. This is not a patch but rather a firmware independent change as you observed.

 

Any firmware patch (the subject of this thread) can be undone just by flashing the original again.

 

Certainly it seems a good precaution to check here or other forums before putting on a new firmware, just to make sure there's no issues. I try to jump on new firmware releases to test all is OK quickly where I can.

 

Again - you made very good points there. The manufacturer can decide to check for such things if they so desire - so any solution I've provided takes this into account and can be reversed.

 

I have posted a full FAQ relating to the region changer which covers these issues on other forums, but not here as I wasn't sure if it was OK or not and decided to play safe rather than risk breaking board rules.

 

Anyone that expresses interest via PM or email is given these links so they can read for themselves.

 

I hope this goes at least some way to addressing your (valid) concerns.

 

Cheers

Edited by Guest

Share this post


Link to post
Share on other sites

Just a point of clarification, in the U.S., Hikvision USA does not allow it's cameras to be resold. They can only be purchased through wholesale distributors for installation purposes. For this, companies like ADI require a contractor's license since it a typical resellers permit is not needed as the product can't be resold. So they purposely left a void in demand they refused to fill, so I don't see a problem with buying gray market cameras and doing whatever you have to do to make them work and frankly, nothing wrong with just putting 5.1.0 on there that is already English and calling it a day. Heck, I had to downgrade a few cameras because of a feature in 5.1.0 that are not in 5.1.x or 5.2.0.

Share this post


Link to post
Share on other sites
Hi Don

 

Many valid points there that I agree with.

 

On the FTP front, it's the same binary they already provided in previous releases, and it's not accessible by default as it's blocked by iptables.

 

You have to enable access first and this doesn't survive reboot.

 

The region change can be reversed using the program I provide (no second program is needed). This permits all changes to be undone, if there's a problem in the future (a possibility) or you need to return the camera due to a fault. (This is not a patch)

 

Any firmware patch (the subject of this thread) can be undone just by flashing the original again.

 

Certainly it seems a good precaution to check here or other forums before putting on a new firmware, just to make sure there's no issues.

 

Again - you made very good points there. The manufacturer can decide to check for such things if they so desire - so any solution I've provided takes this into account and can be reversed.

 

Cheers

Hello,

 

Yes my concerns are more that IP Camera owners be aware that the manufacturer could stop future firmware releases to be able to installed based on some check they implement on if they can tell if the IP Camera was patched.

 

If I was a betting man. I am sure a check like this could be easily created by the manufacturer, if enough pressure was put on them by their authorized resellers. Whereas unpatched IP Camera might not have any firmware upgrade issues in the future, with that same firmware upgrade.

 

FTP Server wise. I think it's important that IP Camera owners keep their ear to the ground about any security vulnerability that maybe found in the future since the FTP server at least at present is not being maintained, supported or dealt with for security fixes, since it was removed by the manufacturer. Because of this. Most likely, it's not a good idea to leave the FTP server enabled when not needed. If not for those reasons alone.

 

I have no doubt your intentions are and were always good ones. I just wanted to make some points that for whatever reasons were never mentioned.

 

Don

Share this post


Link to post
Share on other sites
Just a point of clarification, in the U.S., Hikvision USA does not allow it's cameras to be resold. They can only be purchased through wholesale distributors for installation purposes. For this, companies like ADI require a contractor's license since it a typical resellers permit is not needed as the product can't be resold. So they purposely left a void in demand they refused to fill, so I don't see a problem with buying gray market cameras and doing whatever you have to do to make them work and frankly, nothing wrong with just putting 5.1.0 on there that is already English and calling it a day. Heck, I had to downgrade a few cameras because of a feature in 5.1.0 that are not in 5.1.x or 5.2.0.

Yes. I am simply using Hikvision terminology. Which it would appear, they referrer to as "Unauthorized Distributors". Which is what I mean/meant by "Unauthorized Resellers". More here as one example:

 

http://www.hikvision.com/en/us/UnauthorizedDistributors.asp

 

So, to clarify. It's possible that if these "Distribution Partners" and/or others, were to place enough pressure on Hikvision. That could cause them as a manufacturer, to take some action on patched cameras:

 

http://www.hikvision.com/en/us/distributionPartner-usa.asp?cid=17

 

Don

Edited by Guest

Share this post


Link to post
Share on other sites

Hi Don

 

Yep - totally fair enough and completely sensible points.

 

I would like to make it clear that I have always indicated the manufacturer could take action if they wanted to. Here's an excerpt from the FAQ

 

Q So after this what firmware/patches/hacks do i need?:

 

Language and day of week will be English whatever firmware you have or whatever firmware that currently exists you put on. Should be fine for future ones though obviously depends on what manufacturer does.

 

No need for manual patches etc.

 

Q Change I change the serial number, mac address, other parameters?:

 

No. I prefer to respect HikV as much as possible so this is not currently offered whilst there is no justifiable reason.

 

Q What about if I put old or new firmware on?:

 

This is different to the camera region setting. So no problem - region is still what you changed it to.

 

It's theoretically possible that the manufacturer could releases updates in the future which cross reference your serial,mac address with the region they think it should be, but you can always revert the change before upgrading should that be needed.

 

At that point the issue of changing such parameters could be revisited.

Share this post


Link to post
Share on other sites
Hi Don

 

Yep - totally fair enough and completely sensible points.

 

I would like to make it clear that I have always indicated the manufacturer could take action if they wanted to. Here's an excerpt from the FAQ

 

Q So after this what firmware/patches/hacks do i need?:

 

Language and day of week will be English whatever firmware you have or whatever firmware that currently exists you put on. Should be fine for future ones though obviously depends on what manufacturer does.

 

No need for manual patches etc.

 

Q Change I change the serial number, mac address, other parameters?:

 

No. I prefer to respect HikV as much as possible so this is not currently offered whilst there is no justifiable reason.

 

Q What about if I put old or new firmware on?:

 

This is different to the camera region setting. So no problem - region is still what you changed it to.

 

It's theoretically possible that the manufacturer could releases updates in the future which cross reference your serial,mac address with the region they think it should be, but you can always revert the change before upgrading should that be needed.

 

At that point the issue of changing such parameters could be revisited.

Hello.

 

I apologize. I did not intend for this to go on, as it has.

 

Yes. I understood that.

 

My point about remaining current with firmware upgrades was/is about how important it would be to continue to stay current with future firmware changes when/if security vulnerabilities are found and published in the public domain, in whatever firmware release a IP Camera owner is running. Not to simply base their decision on if this were to happen, to stay on what firmware they have. Without understanding all the potential risks that come with that, by doing so.

 

In other words. Many IP Camera owners may simply review firmware upgrade release notes and assume that because there is no mention about any security vulnerability fixes being included. That if they encounter firmware upgrade issues, while trying to install newer firmware upgrades. That they simply decide to stay on the firmware they have presently installed in their IP camera because, after all "Everything is working fine anyway". Yet there maybe methods in the public domain that show how or even have tools to exploit the firmware version they have currently installed in their IP Camera.

 

Don

Share this post


Link to post
Share on other sites

2 TheUberOverLord!

 

Anyone who bought IP camera from an authorized representative, that hardly need the utility of CBX.

And those who purely Chinese camera and no one in Europe or the United States does not provide any support or service for them. And Hikvision not care no such camera.

So why break spears and arrows in the shuffle.

 

Anyone who needs a patch makes decisions on their own!

Share this post


Link to post
Share on other sites
2 TheUberOverLord!

 

Anyone who bought IP camera from an authorized representative, that hardly need the utility of CBX.

And those who purely Chinese camera and no one in Europe or the United States does not provide any support or service for them. And Hikvision not care no such camera.

So why break spears and arrows in the shuffle.

 

Anyone who needs a patch makes decisions on their own!

Yes and at least now all the risk cards are "Face Up" on the table. Nothing wrong with that. That said. Can't see how that can/could be referred to as "Spears and Arrows".

 

Because you also sell a version of this. I do understand your sensitivity on mentioning potential risks previously not mentioned here about this.

 

Don

Edited by Guest

Share this post


Link to post
Share on other sites

2 TheUberOverLord!

 

If officials there are any questions, and they are able to correctly formulate a claim, it is their business.

But I think this one will not do.

Besides iron arguments need to bring any formal charges.

So no need here to inflate out of molehills!

 

There are different solutions. For example!

In 5.2.0 8 lines and 8 intrussion

And how do you know how it's done?

1767527040_-1.thumb.jpg.dc44ed66bf6a90673befe19182bae484.jpg

511497079_-2.thumb.jpg.4dfde77f3a3accee9676e545aee2de26.jpg

1526005687_-4.thumb.jpg.5a01a497c80abc9963ebfaec6b148aa7.jpg

Edited by Guest

Share this post


Link to post
Share on other sites
2 TheUberOverLord!

 

If officials there are any questions, and they are able to correctly formulate a claim, it is their business.

But I think this one will not do.

Besides iron arguments need to bring any formal charges.

So no need here to inflate out of molehills!

Yes. I am aware that you also sell a version of this and because of that, there maybe some seller bias involved on your part. When it comes to mentioning addtional potential risks not already mentioned here.

 

That said. Risk assessment is never a bad thing.

 

So, no ("Inflation") going on here. Just mentioning some additional potential risks, that have been conveniently avoided being mentioned here.

 

Each IP Camera owner can make their own informed decision. That's the way it should be.

 

As I clearly stated here in my first post here. I have nothing against patching firmware. But some potential risks were not mentioned and after waiting for some time. I thought it was a good idea to bring them up, since those potential risks were not brought up in the past. Nothing more, nothing less.

 

Don

Edited by Guest

Share this post


Link to post
Share on other sites

So no need here to inflate out of molehills!

 

So, no inflation going on here.

 

You do not understand the phrase. (don't increase fly to elephant)

You just do not dramatize the situation and everything will be fine!

Share this post


Link to post
Share on other sites

So no need here to inflate out of molehills!

 

So, no inflation going on here.

 

You do not understand the phrase. (don't increase fly to elephant)

You just do not dramatize the situation and everything will be fine!

Anyway. I am more then familiar on how to change firmware with many different devices. Including many different brands and models of IP Cameras that are Linux based firmware devices. Many people have been doing the same, for many decades. Myself included.

 

So the potential risks I mention here, have nothing to do with drama, inflation or paranoia. They are based on my experience and the experiences of others I know and/or have worked with doing the same.

 

I think you have a sellers bias in this, since you also sell a version of this. So I comprehend why some of the responses you injected here are phrased, as they are.

 

Each individual IP Camera owner, can make an informed decision and decide on what's drama, inflation or paranoia and what's not.

 

Note: Your websites copyright statement has a date of 2013

 

Don

Edited by Guest

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×