Python implementation using a slightly modified 3DES algorithm for opening telnet interface on HiSilicon DVR devices with advanced (encrypted) command parser.
Co-work with Vladislav Yarmak (@snawoot).
Detailed analysis of this 0day backdoor by Vladislav is here:
https://habr.com/en/post/486856/
Recommended usage of this PoC:
git clone https://github.com/tothi/hs-dvr-telnet
cd hs-dvr-telnet
python -m venv venv
. ./venv/bin/activate
pip install -r requirements.txt
./hs-dvr-telnet.pyHuawei/HiSilicon released a "this is not ours" Security Notice about the backdoor.
At the moment, it seems the affected part of the firmware is related to an OEM vendor (what is most likely Hangzhou Xiongmai Technology).