Jump to content
theunoticeable

I need help with a really weird DVR I have.

Recommended Posts

SO I have this DVR box. Completely Unbranded. The front panel states "Digital Video Recording System" - Lots of help there.

The device itself works fine, I can hook camera's up the to available BNC connections in the back and they display on screen (through VGA out).

However!

I cannot do anything else. Attaching a mouse to the USB port gives me a cursor. Moving the cursor or tapping a button brings up a password dialogue. I have no idea what the admin password is.

When connected to my LAN, it shows up on my router as "ITX Security". I have googled this, but emails to the company bring no responses or send fail messages.

The unit has ONE sticker. It shows a model number of "SC-412-HVEM". I have googled this. Zero. Nothing. No love.

So I officially own a DVR box that doesn't exist.

 

Front of Unit:

293118_1.jpg

Rear of Unit:

293118_2.jpg

Internals:

293118_3.jpg

Sticker:

293118_4.jpg

 

If anyone knows something that I don't know, Please fill me in. I believe this is a non branded box sold as a kit with four cameras.

The only other information I could find was someone else on this forum that had reset his ITX box with some button combos. Mine doesn't have buttons, except for a small button on the inside of the unit. Pressing this button simply resets the unit....Pushing this button while it is off does nothing. Holding it down while it is off, on, or while being turned on, does nothing.

How do I make it go?

 

**slight update - I found it on an Australian security site: http://www.aap.co.nz/shop/CCTV/ANALOGUE+RANGE/ITX+DVR-4+OD+KIT.html

Doesn't give any information, but I have enquired on the website. Maybe I'll get a reply? probably not.

Thanks.

Share this post


Link to post
Share on other sites

Really bizar! I can't find anything either.

 

Would it be possible for you to take a picture of the login screen?

 

The website you linked mentioned it was Korean as well. The only brand I know that's from South Korea is Samsung...

Share this post


Link to post
Share on other sites

Thanks for the reply!

The one and only sticker on this thing proudly states "MADE IN KOREA"

The device, when viewed on my router, displays itself as "ITX Security".

 

Here are pictures after using the internal 'reset' button (pressing this button when the device is already on, device reboots with one audible beep)

 

First screen pops up - Loading:

293139_1.jpg

 

Finishes loading, cameras come into view, another popup appears to be detecting drives attached:

293139_2.jpg

 

After 30 seconds, "recovery ..." message appears:

293139_3.jpg

 

Recovery Complete, IP address is given (when connected to my LAN)

293139_4.jpg

 

Bottom menu appears:

293139_5.jpg

 

And finally, with USB mouse plugged in, cursor appears. Pressing or moving the cursor brings up LOGIN screen:

293139_6.jpg

 

There is a small disk battery on the inside of the unit. I have removed this battery and left it out for days, I have reset the unit without the battery. I have tried everything.

Nothing changes, this startup sequence stays the same.

Share this post


Link to post
Share on other sites
SO I have this DVR box. Completely Unbranded. The front panel states "Digital Video Recording System" - Lots of help there.

The device itself works fine, I can hook camera's up the to available BNC connections in the back and they display on screen (through VGA out).

 

If anyone knows something that I don't know, Please fill me in. I believe this is a non branded box sold as a kit with four cameras.

Default password for your unit

1234

Share this post


Link to post
Share on other sites

Unfortunately, nope.

I've tried the following default passwords:

1234

123456

12345678

87654321

0000

000000

And so on.

These default password DO NOT work. Even after removing internal battery and pressing the reset button.

 

I am looking for a way to reset back to a default password.

Share this post


Link to post
Share on other sites

Try

user: root

pass: 519070

If this works, good news: you're in. Bad news: you have hardcoded, vulnerable firmware passwords.

Share this post


Link to post
Share on other sites

Thanks for the reply, But I can't even try your suggestion.

The login screen (see pictures above) does not allow me to change "USER", in that ADMIN is the only user available. And forget typing anything in a non-typable field.

I'd try to telnet or SSH, but when attempting, I get "Connection refused" Errors. FTP is a no-go as well.

I scanned for services using FING, screenshots below:

 

Results from FING - a network scanner. Shows up as ITX security, as stated.

293264_1.jpg

 

Results from Scanning Services. One service - Port 6000 - An X-window Server. Don't know what to use or how to access this.

I have tried typing the address into a web browser (firefox and safari) as both simple IP (192.168.0.111) and including server port (192.168.0.111:6000)

I get a message stating "This address is restricted" following this: "This address uses a network port which is normally used for purposes other than Web browsing. Firefox has canceled the request for your protection."

293264_2.jpg

 

Anyone have any ideas on how to possibly access this X server, and if so, from what? and where?

 

Thanks for the suggestions so far, everyone.

Share this post


Link to post
Share on other sites

Unfortunately no, I do not have a remote.

However, I am able to emulate a remote with an expensive universal harmony remote that I have.

Was it a dedicated reset button or a key combination to reset the system, do you know?

Share this post


Link to post
Share on other sites
Thanks for the reply, But I can't even try your suggestion.

The login screen (see pictures above) does not allow me to change "USER", in that ADMIN is the only user available. And forget typing anything in a non-typable field.

I'd try to telnet or SSH, but when attempting, I get "Connection refused" Errors. FTP is a no-go as well.

I scanned for services using FING, screenshots below:

 

Results from FING - a network scanner. Shows up as ITX security, as stated.

 

 

Results from Scanning Services. One service - Port 6000 - An X-window Server. Don't know what to use or how to access this.

I have tried typing the address into a web browser (firefox and safari) as both simple IP (192.168.0.111) and including server port (192.168.0.111:6000)

I get a message stating "This address is restricted" following this: "This address uses a network port which is normally used for purposes other than Web browsing. Firefox has canceled the request for your protection."

 

 

Anyone have any ideas on how to possibly access this X server, and if so, from what? and where?

 

Thanks for the suggestions so far, everyone.

Wow, an xserver running on an embedded system? I'm intrigued. (x is the server that runs pretty much all linux gui systems [new replacement called wayland is being made, but its not exactly ready yet. you can use it, but its still being worked on]). You could possibly work out some form of exploit based on that, but it won't be easy.

 

Do you happen to have a firmware file for this? Also, from my experience the password you use to telnet/ssh (stored in the files /etc/passwd and /etc/shadow on the device) is often different from the password used to hit the web server/local display software (On mine the passwords and such are explicitly written to the flash memory directly, but I bet others may use a proper database system).

 

Are you comfortable with hardware stuff?

Share this post


Link to post
Share on other sites
Wow, an xserver running on an embedded system?

I'm not 100% sure it's an actual X server - or if that's just what FING decided to call it based on the open port. If it is, it's weird, and if not, what the heck is it?

 

Do you happen to have a firmware file for this?

Nope. I have officially found zero information on this unit on the entire internet. Emails to ITX go unanswered, and emails to seller websites just tell me to contact the manufacture.

All I have is a box that displays cameras. I can't do anything else with it. No password.

 

Also, from my experience the password you use to telnet/ssh (stored in the files /etc/passwd and /etc/shadow on the device) is often different from the password used to hit the web server/local display software (On mine the passwords and such are explicitly written to the flash memory directly, but I bet others may use a proper database system).

I'd love it if I could telnet/ssh into this thing. That would at least give me something, but no, I've tried. All connections get "refused". Even anonymous. Nothing works.

I have another DVR that I run four other cameras on, and you can't SSH into it either, but typing in the IP address of the machine brings up a web browser GUI that allows you to set settings and view cameras.

When typing in the IP address of this box, I get 404 error, and typing in the IP plus the open port, I get "this connection is restricted"

 

Are you comfortable with hardware stuff?

I'm absolutely comfortable with hardware. Let me know what you'd like to see up close, the unit is open and ready for tinkering.

 

I'm going to attempt to configure a harmony remote to operate this machine, see what that does - if anything.

Share this post


Link to post
Share on other sites

 

 

I'm going to attempt to configure a harmony remote to operate this machine, see what that does - if anything.

Why are u fighting with $5 unit?

just curios

Share this post


Link to post
Share on other sites
Wow, an xserver running on an embedded system?

I'm not 100% sure it's an actual X server - or if that's just what FING decided to call it based on the open port. If it is, it's weird, and if not, what the heck is it?

 

Do you happen to have a firmware file for this?

Nope. I have officially found zero information on this unit on the entire internet. Emails to ITX go unanswered, and emails to seller websites just tell me to contact the manufacture.

All I have is a box that displays cameras. I can't do anything else with it. No password.

 

Also, from my experience the password you use to telnet/ssh (stored in the files /etc/passwd and /etc/shadow on the device) is often different from the password used to hit the web server/local display software (On mine the passwords and such are explicitly written to the flash memory directly, but I bet others may use a proper database system).

I'd love it if I could telnet/ssh into this thing. That would at least give me something, but no, I've tried. All connections get "refused". Even anonymous. Nothing works.

I have another DVR that I run four other cameras on, and you can't SSH into it either, but typing in the IP address of the machine brings up a web browser GUI that allows you to set settings and view cameras.

When typing in the IP address of this box, I get 404 error, and typing in the IP plus the open port, I get "this connection is restricted"

 

Are you comfortable with hardware stuff?

I'm absolutely comfortable with hardware. Let me know what you'd like to see up close, the unit is open and ready for tinkering.

 

I'm going to attempt to configure a harmony remote to operate this machine, see what that does - if anything.

Do you think you could provide more brightly lit, closer, and higher res pics of the guts?

Share this post


Link to post
Share on other sites
You show me where I can purchase a network capable, 4 Channel 1tb DVR for $5 and I'll personally toss this thing into a river.

My point

your DVR is Analog

for about $100 u can get TVI and still use your old cameras

Share this post


Link to post
Share on other sites

My point

your DVR is Analog

for about $100 u can get TVI and still use your old cameras

 

Great! When are you sending me one?

 

Do you think you could provide more brightly lit, closer, and higher res pics of the guts?

 

Absolutely. As high as a resolution as my LG G3 will allow:

293354_1.jpg

 

293354_2.jpg

Share this post


Link to post
Share on other sites

My point

your DVR is Analog

for about $100 u can get TVI and still use your old cameras

 

Great! When are you sending me one?

 

Do you think you could provide more brightly lit, closer, and higher res pics of the guts?

 

Absolutely. As high as a resolution as my LG G3 will allow:

293354_1.jpg

 

293354_2.jpg

Oooo, I spy a potential uart (next to the reset switch and one of the screws attaching the mainboard). Do you have on hand anything along the lines of a bus pirate, shikra, or any other sort of serial device? You can potentially

gain root via physical means and from there maybe find some passwords.

Share this post


Link to post
Share on other sites

Oooo, I spy a potential uart (next to the reset switch and one of the screws attaching the mainboard). Do you have on hand anything along the lines of a bus pirate, shikra, or any other sort of serial device? You can potentially

gain root via physical means and from there maybe find some passwords.

 

Is this what you're referring to?

293369_1.jpg

Appears to be a 4 pin connection of some kind, labelled J1

Could be UART. Could be pin headers for activating the decepticons. I have no idea. I do not have any serial devices BUT I do have an unused arduino that could become one?

 

Also, I noticed this one - next to the hard drive:

293369_2.jpg

It's labelled PCI1. Not sure what in the world could be plugged into/onto there, maybe different versions of this board supports an add on of some kind?

 

I wish I could find something - anything - about this mainboard. A data sheet would be lovely but even a PDF manual or specs would be nice. I've taken to searching chip by chip, found a few voltage regulators and the main video chip, which is a nextchip NVP1104B. Doesn't exactly give much of what I need to know, But I like this idea about being able to possibly access it via serial. Let me know.

Share this post


Link to post
Share on other sites

Oooo, I spy a potential uart (next to the reset switch and one of the screws attaching the mainboard). Do you have on hand anything along the lines of a bus pirate, shikra, or any other sort of serial device? You can potentially

gain root via physical means and from there maybe find some passwords.

 

Is this what you're referring to?

293369_1.jpg

Appears to be a 4 pin connection of some kind, labelled J1

Could be UART. Could be pin headers for activating the decepticons. I have no idea. I do not have any serial devices BUT I do have an unused arduino that could become one?

I believe you can transform an arduino into one. I suggest you grab one up though, damned useful to have serial devices on hand for embedded.

 

Also, I noticed this one - next to the hard drive:

293369_2.jpg

It's labelled PCI1. Not sure what in the world could be plugged into/onto there, maybe different versions of this board supports an add on of some kind?

The demo board for the soc in my dvr actually could function either as a standalone dvr or as a pci card, and maybe its for an expansion like you said. no idea.

I wish I could find something - anything - about this mainboard. A data sheet would be lovely but even a PDF manual or specs would be nice. I've taken to searching chip by chip, found a few voltage regulators and the main video chip, which is a nextchip NVP1104B. Doesn't exactly give much of what I need to know, But I like this idea about being able to possibly access it via serial. Let me know.

NVP is vidya proccessing, I think. Do can you get some close ups of the larger chips? If what you have is related to mine, it could be very useful info for me to have

Share this post


Link to post
Share on other sites

Hi. Is it worth it ?? Look how old it is .... You will find its a CIF unit then you will need software to view.

 

And if you are looking for apps ... Again it's too old

 

They don't cost much now.

Share this post


Link to post
Share on other sites
Hi. Is it worth it ?? Look how old it is .... You will find its a CIF unit then you will need software to view.

 

And if you are looking for apps ... Again it's too old

 

They don't cost much now.

Always worth it. A lot of older hardware could be given a new lease on life with better firmware, and some folks are in tight financial situations,

so using an older router with better firmware is easier than a brand new router with better hardware but prolly ****ty firmware. same goes for

a lot of IoT/embedded devices

Share this post


Link to post
Share on other sites
Always worth it. A lot of older hardware could be given a new lease on life with better firmware

 

NO. Please tell us how firmware (which is software) turn a over 10 year old recorders hardware (components) into a modern D1 or above without better hardware

 

Please let us know how.

 

Why spend money or time on a proprietary recorder with CIF and no network

And it's over 10 years old ...... It will have no support.

Share this post


Link to post
Share on other sites
Always worth it. A lot of older hardware could be given a new lease on life with better firmware

 

NO. Please tell us how firmware (which is software) turn a over 10 year old recorders hardware (components) into a modern D1 or above without better hardware

 

Please let us know how.

 

Why spend money or time on a proprietary recorder with CIF and no network

And it's over 10 years old ...... It will have no support.

I didn't say anything about about making it physically better. I said that applying a firmware update to it to improve it (rtsp, support browsers other than IE, etc)

can be easier on the wallet than buying an all new machine. Not telling him to 'download more ram'.

 

Lets see, he got it for $5, I don't see any real reason to be worried about that amount, and why spend the time? To learn? Because you like to tinker?

Share this post


Link to post
Share on other sites
Always worth it. A lot of older hardware could be given a new lease on life with better firmware

 

NO. Please tell us how firmware (which is software) turn a over 10 year old recorders hardware (components) into a modern D1 or above without better hardware

 

Please let us know how.

 

Why spend money or time on a proprietary recorder with CIF and no network

And it's over 10 years old ...... It will have no support.

I didn't say anything about about making it physically better. I said that applying a firmware update to it to improve it (rtsp, support browsers other than IE, etc)

can be easier on the wallet than buying an all new machine. Not telling him to 'download more ram'.

 

Lets see, he got it for $5, I don't see any real reason to be worried about that amount, and why spend the time? To learn? Because you like to tinker?

 

 

So you want him to rewrite the software ??? Or how is he going to get an update for a dvr that's over 10 years old..... You do understand this is a standalone ??

Share this post


Link to post
Share on other sites
So you want him to rewrite the software ??? Or how is he going to get an update for a dvr that's over 10 years old..... You do understand this is a standalone ??
Nope, I don't expect him to rewrite the software, I'm already working on that (though I would appreciate collaboration with others). I'm personally just in it to collect info on whatever targets are available, currently targetting dvrs based on hisilicon stuff. Already got a booting kernel 4.8-rc4, and getting more working each day.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×