Who Watches The Watchmen ? Reversing Video Surveillance Equipment …

This work presents a comprehensive exploration of techniques for obtaining unrestricted access devices manufactured by Dahua, a video surveillance equipment manufacturer, through hardware analysis and reverse engineering. Following an initial examination of the device components, encrypted flash memory was identified, leading to a detailed statistical analysis of the memory dump to evaluate the underlying cipher. An unencrypted bootloader partition, responsible for loading and deciphering the kernel, was subsequently discovered and analyzed. Tools and plugins were developed to simplify the reverse engineering process by assisting in cryptographic primitive identification, peripheral memory mapping, and source code integration into the workflow. Through this process, hidden functionalities were revealed, including a device-specific password-protected lockout mechanism. By developing a tailored key generator to bypass this protection, complete device access was successfully achieved. During the conclusions, we will cover some ideas on how to keep focused on a very open exercise such as during the reverse engineering of a big binary to maximize our chances of success; how understanding the principles of basic techniques may unlock steps on both simple and complex exercises when tools fail to shed meaningful results, and will highlight interesting details on the findings to open a debate on where the security problems arise and why the hidden functionality was left in place.