Reverse Engineering Asked by ArkoD on August 14, 2021
I’m trying to disassemble hikvision firmware 5.5.85. I want to extract the contents of digicap.dav file.
Binwalk is unable to extract the known zip files.
binwalk -e digicap.dav
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
Running Opcode signature shows its ARM based binary.
└─# binwalk -A digicap.dav
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
6380591 0x615C2F ARM instructions, function prologue
6523606 0x638AD6 ARM instructions, function prologue
28103893 0x1ACD4D5 ARM instructions, function prologue
Running an entropy analysis shows this:
binwalk -E digicap.dav
DECIMAL HEXADECIMAL ENTROPY
--------------------------------------------------------------------------------
0 0x0 Rising entropy edge (0.995974)
12599296 0xC04000 Rising entropy edge (0.981657)
18382848 0x1188000 Falling entropy edge (0.800915)
18415616 0x1190000 Rising entropy edge (0.954710)
18907136 0x1208000 Rising entropy edge (0.998649)
28229632 0x1AEC000 Rising entropy edge (0.987824)
28426240 0x1B1C000 Rising entropy edge (0.998774)
29179904 0x1BD4000 Rising entropy edge (0.996414)
29360128 0x1C00000 Falling entropy edge (0.722392)
29507584 0x1C24000 Falling entropy edge (0.653426)
29671424 0x1C4C000 Falling entropy edge (0.546793)
29835264 0x1C74000 Falling entropy edge (0.579946)
29949952 0x1C90000 Falling entropy edge (0.550830)
30048256 0x1CA8000 Falling entropy edge (0.570541)
30392320 0x1CFC000 Falling entropy edge (0.563434)
30474240 0x1D10000 Falling entropy edge (0.810232)
30638080 0x1D38000 Falling entropy edge (0.619405)
30703616 0x1D48000 Falling entropy edge (0.550830)
30932992 0x1D80000 Falling entropy edge (0.622278)
31080448 0x1DA4000 Falling entropy edge (0.551011)
31129600 0x1DB0000 Falling entropy edge (0.646414)
31227904 0x1DC8000 Falling entropy edge (0.579931)
31391744 0x1DF0000 Falling entropy edge (0.544139)
31440896 0x1DFC000 Rising entropy edge (0.959527)
31473664 0x1E04000 Rising entropy edge (0.989212)
32014336 0x1E88000 Rising entropy edge (0.998716)
33226752 0x1FB0000 Falling entropy edge (0.795215)
33259520 0x1FB8000 Rising entropy edge (0.959458)
At this point in time, I am guessing this is an encrypted binary. I am new to reverse engineering so I am not too sure how to proceed here in extracting contents from this binary file.
It seems the parsing logic is hidden in the U-Boot loader
tftpboot- boot image via network using TFTP protocol
update - update digicap.dav
updateb - update uboot(u-boot.bin) to nor
updatebl- update ubl(ubl_646x.bin) to nand
updatefs- update filesystem(davinci.img) to nand
updatek - update kernel(uImage) to nand
updates - serial update kernel or filesys
Try looking for the U-Boot source for your device on http://opensource.hikvision.com/, hopefully it will have the code of this command so you can figure out how it's laid out.
Answered by Igor Skochinsky on August 14, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP