I don't see any reason why we need to do even half of this stuff as the cameras seem to have all of the binaries required to do an in-place patching. For example:
That untars/unlzma's the davinci binary, patches the bytes 01A0A0E3 at the decimal offset 1536408, creates a backup, tar/gz's the patched binary and puts it in place. You can just paste that into a telnet/ssh console and it *should* work but I haven't fully tested (see below for why.)
Hikvision Firmware 5.1.2 Chinese to English Fix
in IP/Megapixel Cameras and Software Solutions
Posted
Its original 5.2.0 davinci
5.1.6
before is
8a 30 dd e5 LDRB R3, [sP,#0x150+var_C6]
38 a0 9d e5 LDR R10, [sP,#0x150+var_118]
after is
8a 30 dd e5 LDRB R3, [sP,#0x150+var_C6]
01 a0 a0 e3 MOV R10, #1
for 5.2.0 also similarly