Subscriber Discussion

Dahua NVR/DVR Password Recovery Hassle

UI
Undisclosed Integrator #1
Dec 15, 2017

Dahua Support was initially providing super password for the NVR/DVR. (We are their resellers)
Unfortunately now they have stopped and enforce to use forget password.

My client unfortunately doesn't remember the pw , nor the secret answer.

I asked Dahua for assistance and they said I should send the mainboard to Dubai as (Im based in Africa) for afer sales service.

I'm sure we will get many clients who will forget the password and does that we send to Dubai all the time. It is extremely difficult and expensive.

Any views ?

UM
Undisclosed Manufacturer #2
Dec 15, 2017

Have you tried the super passwords found for Dahua in this Android app, click here for Android app

RS
Robert Shih
Dec 15, 2017
Independent

Well, the thing is all the old algorithms are now invalid with new firmwares. The plan is in the future with even newer firmware/hardware is that there will be physical reset buttons on the units to make life easier.

JH
John Honovich
Dec 24, 2017
IPVM

Dahua response:

If the DVR/NVR is running new firmware (Forced device initialization and with secret answer), the “daily code” will not work anymore. There are two ways to reset device password: Scan a QR code and reset by email, or by answering security questions (which is valid on local menu only). http://www.dahuasecurity.com/download_detail_5891.html

If the DVR/NVR is running old firmware, Dahua technical support will service in the old manner.

In the case of “Undisclosed Integrator #1”, I believe the device is running new firmware because he mentioned secret answers. If he forgot the secret answers and no longer had access to the email set up during initialization, return to Dahua technical support is the only option.
U
Undisclosed #3
Dec 24, 2017
IPVMU Certified

Not a long term solution, but in this case, have you tried the backdoor?

Might as well make the best of it :)

RS
Robert Shih
Dec 24, 2017
Independent
In reply to Undisclosed #3

Also not available. New firmware actually closes all previously reported backdoors.

About the only solution is to hardwire into the serial port on the board atm.

U
Undisclosed #3
Dec 24, 2017
IPVMU Certified
In reply to Robert Shih

New firmware actually closes all previously reported backdoors.

So your saying that if the firmware is a version with forced init and secret answer it must also have the backdoor patch?

Confidence level?

 

RS
Robert Shih
Dec 26, 2017
Independent
In reply to Undisclosed #3

If the init procedure also gives you the option of drawing a pattern for unlock, then you're pretty boned if you forget that stuff.

If the PW generators don't work then the backdoor is likely patched (I forgot when the last time certain generators worked on what models).

If they don't have an 888888 account, then the backdoor is patched for sure. If there's an 888888 account then you can still get in and factory default the unit... UNLESS they updated the firmware and didn't default afterward or the firmware update itself scrambled your password...which has happened before.

If it's the latter situation, try a blank password or admin.

Basically, there's a game of 20 questions I need to ask the OP, but there's a high probability that the backdoor is a no go.

New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions