nv4108-hs reset admin password/restore factory default

Have some questions or having issues with your DVR/NVR(s), Post them here for the mods and other users to assist you with.
Post Reply
eduaqa
Posts: 11
Joined: Tue Jun 29, 2021 2:34 pm

nv4108-hs reset admin password/restore factory default

Post by eduaqa »

As support already said that will not help, here I'm

Case is: The email on the QRCode is not valid, the unit don't have reset button (even have location to solder one, which I already did, but didn't work) and those superpassword only works for old models
So, I'm seening a few options:

1) Some site the can decode the QRcode string and show the recovery code
2) some exploit for port 37777 that can change the admin password
3) find some tx rx pin to change the boot sequence and allow to boot with a linux on USB port and remove the configuration from the installed embedded linux

I already tried to boot with those exposed USB but they still boot on the installed linux

Thanks.
User avatar
Revo2Maxx
Site Admin
Posts: 5820
Joined: Sat Jun 15, 2019 3:05 pm

Re: nv4108-hs reset admin password/restore factory default

Post by Revo2Maxx »

Hello and Welcome to the Forum.

Well kind of sounds like your in a tough space. Kind of where I was even with a Valid Email. Just some reason the email from reset server was never sent even though sending it from a different email account I would get a message back saying they would send it to the one on the unit. I almost gave up when I tried 1 last thing (Again I had good email reset) and used DMSS to scan the code..

Then you talk about something that could decode the QR I am not sure what that will do. That QR code isn't going to give a code. The server takes the info from the QR Code that is info about your device and makes a code. This code if generated by different things within the NVR. Like times past where you mention a Code you could put in for older models there was a Next generation from that used by the devices SN. In theory this new method was made so others didn't have to wait or be part of it. Now when you scan the code and send it to the Email it is sent to a Server that then passes your data to another computer that decodes the info and generates a code off that info, Like your SN, Date, time zone, Device model.

So what can you do. In theory with the device being on your desk, you can Brute Force the password on the GUI, This is best served with the HDD disconnected, If there was a pattern setup you might have better luck trying to Brute Force that. Not many people have crazy patterns like I do lol..

Also the device does have Anti-Hijacking, and Brute-Force Access Prevention setup in the device. Once you get to that point unplug it and reboot the machine it will start the count over. Anti-Hijacking really related to IP Filtering so if that isn't in then that shouldn't matter much. As I said Pattern if it was setup or Password guessing..

There is no magic in these devices anymore. Some back in the day from other companies used to have other ports open for making configuration changes or other connections Amcrest don't have that for Security Reasons.

About the 37777 exploit that is a thing of the past... It works just like making a connection over 80 on IP and or over P2P and SN your best bet would be and hope you were not like me before the issue started and left to 30 tries because all of mine are 3.. So after 3 it yells and lockout the have to remove power and try again. If normal setup I don't remember but I think it was setup for 30 tries before locked out and for me that just isn't safe so i change mine to 3 or 5 depending on the system I am working with as some 5 is the lowest..
Here to help the best I can.
Be Safe
User avatar
Revo2Maxx
Site Admin
Posts: 5820
Joined: Sat Jun 15, 2019 3:05 pm

Re: nv4108-hs reset admin password/restore factory default

Post by Revo2Maxx »

Another idea is hire a Pen Tester if you can find one that is able to work from Remote. Not sure that it would be something you could do and I am sure they could help you setup a Remote access box for them to use. Personally if you did I would setup a Network outside of your normal network that will still have access to your internet connection so they can work but wouldn't have access to your normal network.

Edit:
Also is the email address personal or like hotmail, msn, yahoo, gmail types? If it is personal have you tested the site to see if it is still up? If it isn't still active there are some things that someone could do worse comes to worse.
Here to help the best I can.
Be Safe
Post Reply