Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by matcunni

  1. Hello! I am extremely frustrated with my uncle's NVR so I will try to post a "failed" walkthrough of what I've done (for future generations with this problem (?)) and some questions just in case it's not a loss cause as I've already concluded (being very new to this space).. The NVR is Chinese generic. The board model is Hi3520D_V318_0408 The problem is not the usual "Lost admin password" but "Lost admin account" I don't know how did my uncle to delete the administrator account and, of course, he doesn't know either. The thing is that there's nothing in the user field, and there isn't any way of writing something there. If you click the arrow next to the user field, nothing happens (I've read somewhere of people who got gibberish users after a firmware update, and the solution was selecting those users nevertheless and entering the default password, but in my case the user list is empty) You can do absolutely nothing without logging in. Any menu option you click brings the login promt to the screen. I've already tried 4 different "master reset" software found as Hi3520D solution. But having no user, none of them worked. I've searched as good as I could a way to hard reset this board, but I couldn't find any, neither could find a pair of pins who looked like they could be bridged to achieve this. According to my uncle, the default user when he accesed directly from the NVR was "system" and the default password was empty. No user with no password doesn't work. I've tried several default passwords from the NVR interface I've tried to acces the system from the web interface with a lot of the common default combinations, but I just keep getting login failed. I found a document called HiSilicon DVR hack where someone exposes a list of vulnerabilities of this chipset family With that guide I've run a full scan with NMAP and found this: I've tried to access by telnet with user root, pass xc3511 as they do in that thread with no success. I've downloaded a linux distro (Kali linux), and run a telnet attack with THC HYDRA and a dictionary of default telnet user/passwords that I found in github, plus some user/password combinations that I found in my way. passcomb.txt I've tried another attack like that but with "brutus" and the web HTTP interface, with default users and passwords I found for NVR systems and IP cameras. I've tried an exploit I found for NVR web interfaces that uses a curl command and a cookie to bypass the authentication page. None of them worked. Well, I think I'm not forgetting anything. If someone has another idea I'm all ears. B plan: I started looking for another board to replace the one that I have. I've found one that's has the same chipset and looks like it could work. But The one I have has a little wifi board attached with an antenna. Is it possible to connect just the wifi board that I have to a board like the one I pasted above? Or do I need a board that has some firmware including a wifi antenna? or necessarily do I need a board which comes with a wifi antenna? Please any help/comment would be really appreciated. Matt
  2. Hi, that board costs 18USD including shipping to my country. The cheapest generic NVR without brand, nor cameras (in my country) costs 75USD. I'm not considering buying a full system abroad because importation taxes and shipping starts to matter when size and value increases. Buying a complete new system is what I'm trying to avoid. Thanks for answering both