While the "weak key generation" is one issue, the most severe threats come from command injection vulnerabilities in the devices' XML API endpoints.
After successfully brute-forcing the PIN in about 30 seconds, the researcher analyzed the device firmware binaries to understand how the password reset key was generated, eventually creating a local key generator that bypassed the need for manufacturer support.
Browse and select the EncryptKey.xml file received from support. Input your and confirm it. Click Confirm to complete the reset. The Danger of Third-Party "XML Key Generators" hikvision xml key generator
The Hikvision XML key generator works by creating a unique XML file that contains encrypted information about the device, including its serial number, model, and other relevant details. This XML file is then used to activate and configure the device, allowing users to access advanced features and settings. The generator uses complex algorithms to create a secure and tamper-evident key, ensuring the integrity and authenticity of the device.
The script requires Python 3.6+ and the NumPy library, after which it can generate a reset key that allows the administrator to reset the admin password using Hikvision's Search Active Devices Protocol (SADP) tool. While the "weak key generation" is one issue,
simplifies the recovery process for NVRs, DVRs, and IP cameras. No more back-and-forth emails with regional support. ✨ Key Features: Instant XML Processing: Faster turnaround for password reset requests. Broad Support: Works with NVRs, DVRs, IP Cameras, and Video Door Phones. Clean Output: Generates validated response files ready for the SADP tool. 🛠️ How to Use: Hikvision SADP Tool and select your device. "Forgot Password" and export the device feature code. Upload your file to the generator.
Here is everything you need to know about the XML reset method. Input your and confirm it
Do you have to the device, or are you managing it remotely?
The computer must be connected to the as your Hikvision device.
One of the most significant XML-based vulnerabilities affecting Hikvision devices is XXE (XML External Entity) injection. This type of attack occurs when a maliciously crafted XML document containing external entity references is processed by a vulnerable XML parser.