Skip to content
/ HikBDCheckTool Public
forked from bp2008/HikPasswordHelper

A tool which exploits a backdoor in Hikvision camera firmwares circa 2014-2016 to help the owner change a forgotten password and scan network segment

License

Unlicense license
4 stars 81 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Tea-NT/HikBDCheckTool

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
HikBDCheckTool
HikBDCheckTool
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
HikBDCheckTool.sln
HikBDCheckTool.sln
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

HikBDCheckTool Base on HikPasswordHelper

A tool which exploits a backdoor in Hikvision camera firmwares circa 2014-2016 (ICSA-17-124-01) to help the owner change a forgotten password.
(2018-08-18) And add net segment scan function.

Usage

Git clone the code and compile with Visual Studio 2017.
1 - Write the net segment you want sacn,like 192.168.1.0 means scan 192.168.1.0-192.168.1.254 ip
2 - Click Scan Net button and wait Scan finished.It will take a few minutes(depends the net environment).
3 - After Scan Net.. button text change to Scan Finished, Click Export button to export xlsx file.(the exe folder)

Origin version - No scan function
Download HikvisionPasswordResetHelper.exe from the releases tab and run the exe. There are 5 simple steps to reset a password, and you can even skip steps 3 and 4 in many cases.

Screenshot

Requirements

.NET Framework 4.5.2 - This is included in any modern Windows installation.
NPOI - A lib to export or import Excel xls/xlsx file document.

A Hikvision device that is vulnerable to ICSA-17-124-01.

Here is an incomplete list of camera firmwares that have been reported to be vulnerable or not. This list is compiled from various sources and the camera models are unspecified. Some camera models are reportedly vulnerable at different ranges of firmware versions, so I would not put complete faith in the accuracy of this list for all camera models.

Hikvision Camera Firmware Versions

- V5.1.6 build 140412 - NOT Vulnerable (to ICSA-17-124-01)  
+ V5.2.0 build 140721 - Vulnerable  
+ V5.2.0 build 141016 - Vulnerable  
+ V5.2.5 build 141201 - Vulnerable  
+ V5.3.0 build 150513 - Vulnerable  
+ V5.3.3 build 150624 - Vulnerable  
+ V5.3.5 build 150925 - Vulnerable  
+ V5.3.6 build 151105 - Vulnerable 
+ V5.3.5 build 161112 - Vulnerable   
+ V5.3.8 build 151224 - Vulnerable  
+ V5.4.0 build 160401 - Vulnerable  
+ V5.4.0 build 160520 - Vulnerable   
+ V5.4.1 build 160525 - Vulnerable  
+ V5.4.0 build 160530 - Vulnerable
+ V5.4.3 build 160705 - Vulnerable  
+ V5.4.23 build 160726 - Vulnerable  
+ V5.4.3 build 160808 - Vulnerable 
+ V5.4.23 build 161020 - Vulnerable  
+ V5.4.4 build 161125 - Vulnerable  
+ V5.3.9 build 170109 - Vulnerable  
- V5.4.3 build 170123 - NOT Vulnerable  
- V5.4.5 Build 170123 - NOT Vulnerable  
- V5.4.3 build 170217 - NOT Vulnerable

Special Thanks

This tool was make possible thanks to the efforts of user montecrypto from the ipcamtalk forum.

https://ipcamtalk.com/threads/backdoor-found-in-hikvision-cameras.17523/

See Also

If your firmware is too old to use this method to reset a lost password, you can try the reset code method:

https://ipcamtalk.com/threads/hikvision-camera-admin-password-reset-tool.2837/

If your firmware is too new, then I'm afraid you are out of luck because the reset code method won't work either.

About

A tool which exploits a backdoor in Hikvision camera firmwares circa 2014-2016 to help the owner change a forgotten password and scan network segment

Resources

Readme

License

Unlicense license
Activity

Stars

4 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

3 tags

Packages

 
 
 

Contributors

Languages

  • C# 100.0%