Low Cost PCB's Low Cost Components

Poll

Has the hackabiliy of the E4 made you buy one :  

Yes, I was already looking at the competition at a similar price, but the hack swung it to E4
206 (24.9%)
Yes, I'd not considered buying a TIC before, but 320x240 resolution at this price justifies it (as either tool or toy!)
399 (48.2%)
Yes, I was going to buy an E5/6/8 class of unit but will now get the E4
39 (4.7%)
No, but am looking out for a cheap i3 to hack
32 (3.9%)
Not yet, but probably will if now that a closed-box hack becomes is possible
151 (18.3%)

Total Members Voted: 722

Author Topic: Flir E4 Thermal imaging camera teardown  (Read 2042959 times)

0 Members and 3 Guests are viewing this topic.

Online Fraser

  • Super Contributor
  • ***
  • Posts: 6336
  • Country: gb
Re: Flir E4 Thermal imaging camera teardown
« Reply #8275 on: August 10, 2017, 12:07:02 AM »
Double post ?

You have removed detail of what you are intending to use the thermal camera for. Did you not like me commenting on the feasibility of cave and precious metal (in water) detection using this technology ?

I think I answered your question on the E4. That version of the E4, running that firmware is easily upgradeable.

There is no software 'port' to upgrade the resolution and add E8 menu's to an E4. These upgrades are just selected in the configuration files. Extra menu features were grafted into the Ex build from Exx build to create the E8+ Custom version that most of us use.

Fraser
« Last Edit: August 10, 2017, 12:16:48 AM by Fraser »
 
The following users thanked this post: netengineer

Offline netengineer

  • Newbie
  • Posts: 2
  • Country: us
Re: Flir E4 Thermal imaging camera teardown
« Reply #8276 on: August 10, 2017, 12:49:32 AM »
Fraser,

I greatly appreciated your discussion around the usage and feasibility of the cave and precious metal usage. I probably should have started with just the tech question about what is the preferred hw/sw model for someone wanting to to the e8 upgrade, but also wants the most modern/capable hardware version. I'm 99% certain that I'm acquiring an e4 model, as I know a lot of people within my hobby have used that exact model with great success. I'm also not opposed to acquiring additional FLIR models should they be far superior for my needs.

My apologies for the confusion in the updated post. No disrespect intended. I just have someone with only 1 e4 unit (hw 1.1L, sw 1.22.0) that will likely be sold soon, so I'm quickly trying to ascertain if the community would recommend acquiring a HW 1.1L / SW 1.22.0 unit or hold out for a better model.

Once that is determined, I'm looking very much forward to testing and exploring your other ideas and recommendations around prospecting and exploration of nature for my hobby's purpose. Thanks again for the help! Much appreciated.
 

Online Fraser

  • Super Contributor
  • ***
  • Posts: 6336
  • Country: gb
Re: Flir E4 Thermal imaging camera teardown
« Reply #8277 on: August 10, 2017, 01:03:57 AM »
Where the E4 is concerned, there is no advantage to the later hardware version and the firmware gets more challenging to upgrade with each release

Be aware that after the initial easy upgrade was made public, FLIR were focussed on placing obstacles in the path of users attempting such, not on improving the firmware. The original firmware 1.19 is both stable and very effective. Later firmware versions did not improve imaging performance as there was nothing to improve.

The very latest E4 camera release known as the 2017 models are not, at this time, upgradeable due to better countermeasures in the firmware.

With the E4, earlier versions likely command a better price due to the ease with which they can be upgraded and modified.

As stated, the Exx series are more capable, but they cost more on the secondary market as a result. They use the same core firmware as the Ex series but the microbolometer and lens are superior performers.

Fraser
 

Offline SolderSucker

  • Contributor
  • Posts: 19
  • Country: gb
Re: Flir E4 Thermal imaging camera teardown
« Reply #8278 on: August 22, 2017, 02:56:19 AM »
I understand that there may be problems when trying to enable the enhanced menu on a Flir E4 that has had the firmware downgraded from 2.8 to 2.3 (and modded for the high resolution) - is that still the case?

I've done a lot of reading on the matter and can't find anything definitive.

Thanks
 

Offline robert_

  • Regular Contributor
  • *
  • Posts: 130
  • Country: de
Re: Flir E4 Thermal imaging camera teardown
« Reply #8279 on: August 23, 2017, 04:58:08 AM »
hello
my new camera E4 (no wifi)
 is Fw 3.5.0 (2017 mars)
connect to RNDIS donwgrade to 2.3.O
and apply hack and menu
is very good work
Downgrade FW 3.5.0 to 2.3.0 is possible!!!
confirmed  :-+

Any proof on that?
Posting the exact same text on several places doesnt add any credibility to what i will consider to be BS untill proven otherwise.
Theres no fun in writing up BS in hope others break expensive hardware trying it out.
 

Offline cricri103

  • Newbie
  • Posts: 4
  • Country: ca
  • Autozone
Re: Flir E4 Thermal imaging camera teardown
« Reply #8280 on: August 26, 2017, 05:52:52 PM »
I made a mistake!!
My model is 1,2L
FW 3.5.0
Mars 2017
This is not the model 2L
Sorry :palm:
 

Offline scm

  • Newbie
  • Posts: 1
  • Country: ch
Re: Flir E4 Thermal imaging camera teardown
« Reply #8281 on: August 28, 2017, 08:01:26 PM »
Hi


I triy to hack the Flir E4. I made all steps from the guide succesfully until the first filezila-step. I cant connect to the camera. The Flir is in the RNDIS mode. I can ping the Flir so there should be a connection. I get this error in Filezila:

Status: Connectiong attempt failed with "ECONNREFUSED - Connection refused by server."
Error: Could not connect to server



What can i do?

Best regards
scm

**edit 08.28.2017**
Now it worked. I've changed to a windows xp PC.
« Last Edit: August 28, 2017, 11:50:21 PM by scm »
 

Offline groundhog

  • Contributor
  • Posts: 6
  • Country: ca
Re: Flir E4 Thermal imaging camera teardown
« Reply #8282 on: September 03, 2017, 09:17:21 AM »
[ This is a copy of a reply I made in the thread about the E4 wifi model, but the question is generally about converting between cfc and cfg files, so perhaps it might get a response here? ]

I've been trying to better understand cfccfg.py and cfccfg_V2.py.  I'm having difficulty decoding the conf.cfc file into a conf.cfg file, even when using what I believe to be the correct SUID value.  As a check, I tried to decode the conf.cfc file from DaveWB's "Stock Camera" zip file over in the E4 wifi thread (http://www.eevblog.com/forum/thermal-imaging/flir-e4-wifi-resolution-and-menu-hack-thread/), using the SUID value that DaveWB mentioned in that thread (22C7E4020050281A), and I get non-ASCII output in the conf.cfg file.  Specifically:

Code: [Select]
% python cfccfg.py 22C7E4020050281A conf.cfc conf.cfg1
% python cfccfg_V2.py 22C7E4020050281A conf.cfc conf.cfg2
% sha1sum conf.*
cc151985fdc0177f125e8420ced6df4a549ac021  conf.cfc
e3a3b0a4e89b6429cc2618ecb3581ab40230da79  conf.cfg1
3b59eb9f3fc0176acd6a652212a1ab1fcc06f359  conf.cfg2
% strings -n10 conf.cfg*
&YNbM(|(M:
&YNbM(|(M:

The conf.cfc file's SHA1 sum I believe corresponds to DaveWB's "Stock Camera" file, and the "strings" command shows that there's nothing remotely resembling the cfg file ASCII contents in the resulting output.  The differences in SHA1 sum of conf.cfg1 vs conf.cfg2 are because cfccfg_V2.py strips off the tail; the decoded contents up to the tail are identical (and non-ASCII).

What's super puzzling to me is that DaveWB reports that he got his file decoded using cfccfg, using the same SUID that I'm trying to use on his same file...  I get the same issue when trying to decode my own cfc file with my own SUID value (the same SUID value reported by the "suid" command and from "rls" output).

Any thoughts on what might be going wrong here?  Am I somehow calling cfccfg.py wrong?  Does the SUID need to be supplied in some other format?
 

Offline Bud

  • Super Contributor
  • ***
  • Posts: 1798
  • Country: ca
Re: Flir E4 Thermal imaging camera teardown
« Reply #8283 on: September 03, 2017, 10:24:14 AM »
I recall at earlier hacks there was a requirement for a particular version of Python software. Check if you are using same version as the other person.
 

Offline eg14

  • Contributor
  • Posts: 5
Re: Flir E4 Thermal imaging camera teardown
« Reply #8284 on: September 04, 2017, 06:56:53 AM »
Does anyone know where one can obtain a modifiable E4 these days?
 

Offline groundhog

  • Contributor
  • Posts: 6
  • Country: ca
Re: Flir E4 Thermal imaging camera teardown
« Reply #8285 on: September 05, 2017, 12:41:08 PM »
Thanks for the suggestion about the Python version.  Unfortunately, I couldn't find a Python version that works (and I'm a bit skeptical that the Python version matters).  I tried Python 2.6 (2.6.9) and 2.7 (2.7.12), and both gave the same results.  I also re-implemented the SHA1/RC4 logic from scratch, based on the description of the algorithm by tmbinc (http://www.eevblog.com/forum/thermal-imaging/flir-e4-thermal-imaging-camera-teardown/msg530520/#msg530520), and it also produced the same result as cfccfg.py.
 

Offline LTCAnonymous

  • Newbie
  • Posts: 1
  • Country: us
Re: Flir E4 Thermal imaging camera teardown
« Reply #8286 on: September 10, 2017, 03:49:42 AM »
Hello guys, if anyone can help me I would appreciate it. I have flir e4 1.1L with firmware 1.21.0 but unable to complete the upgrade. Below is the original config file and if someone modify it for me.
Thanks.
 

Offline stefbeer

  • Regular Contributor
  • *
  • Posts: 57
  • Country: de
Re: Flir E4 Thermal imaging camera teardown
« Reply #8287 on: September 10, 2017, 03:59:43 AM »
 
The following users thanked this post: LTCAnonymous

Offline SamLowryBrazil

  • Newbie
  • Posts: 3
  • Country: gb
Re: Flir E4 Thermal imaging camera teardown
« Reply #8288 on: September 10, 2017, 10:00:06 AM »
Yesterday I got a Flir e4 on ebay for £500, brand new from UK-based erontec. It is the Wifi version, so I knew that it is currently unhackable. If you were to give me betting odds, what are the chances of a hack before 2018? By the way, I was proud to think up the zinc selenide lens idea on my own, and then surprised to watch Mike's excellent video and realise it is old news!
« Last Edit: September 10, 2017, 10:02:36 AM by SamLowryBrazil »
 

Offline Bud

  • Super Contributor
  • ***
  • Posts: 1798
  • Country: ca
Re: Flir E4 Thermal imaging camera teardown
« Reply #8289 on: September 10, 2017, 02:32:53 PM »
Thanks for the suggestion about the Python version.  Unfortunately, I couldn't find a Python version that works (and I'm a bit skeptical that the Python version matters).  I tried Python 2.6 (2.6.9) and 2.7 (2.7.12), and both gave the same results.  I also re-implemented the SHA1/RC4 logic from scratch, based on the description of the algorithm by tmbinc (http://www.eevblog.com/forum/thermal-imaging/flir-e4-thermal-imaging-camera-teardown/msg530520/#msg530520), and it also produced the same result as cfccfg.py.

I checked and this SUID does not decode properly  the "stock camera" .cfc file. Seems it is from a different camera image.

EDIT: this SUID properly decodes the conf.cfc file supplied by user Boget in this post:
http://www.eevblog.com/forum/thermal-imaging/flir-e4-wifi-resolution-and-menu-hack-thread/msg1183379/#msg1183379

I found a few typos in that conf.cfc file, fixing which may help with the work on wi-fi version of the camera. Read my post here:
http://www.eevblog.com/forum/thermal-imaging/flir-e4-wifi-resolution-and-menu-hack-thread/msg1298737/#msg1298737
« Last Edit: September 10, 2017, 04:00:47 PM by Bud »
 
The following users thanked this post: groundhog

Online Fraser

  • Super Contributor
  • ***
  • Posts: 6336
  • Country: gb
Re: Flir E4 Thermal imaging camera teardown
« Reply #8290 on: September 10, 2017, 09:43:09 PM »
@Samlowrybrazil

Congratulations on buying an E4 and finding this forum.

The current situation is that FLIR have done what they likely wish they had done in the original E4 firmware.
They have significantly increased the difficulty in upgrading the cameras configuration files.

You need to read back in this threads history to see how FLIR responded to the upgrade of the E4. They were limited in what could be done to the standard firmware build in terms of countermeasures. They applied basic protection that was circumvented by members of this forum. I should state, even these measures required the significant knowledge of some clever guys to get around them.

The original upgrade was relatively simple as the only challenge was to recalculate the CRC01 checksum for the modified configuration files. A clever forum member wrote the required CRC01 calculator and shared it with us. He deserves recognition for his work !

This first upgrade technique did not really qualify as a 'hack' of the camera. As FLIR placed ever more challenging barriers in the way of the upgrade, it began to edge into the world of hacking in order to beat thiese countermeasures. The defensive capabilities of the early firmware and hardware was not that great however and clever people found ways to still upgrade the camera configuration files.

Now jump to 2017 and the release of FLIR's Wi-Fi equipped Ex series. Both 2017 Wi-Fi and non Wi-Fi capable Ex series cameras use the same hardware platform and firmware. With this new version of the Ex series, FLIR have put some decent effort into thwarting attempts to upgrade the cameras. Changes to the firmware are no longer a 'simple' case of calculating CRC01 and CRC03 values. The camera appears to now be protected using public-private key encryption.

If you are not familiar with P-P encryption you may wish to google it to see how effective it can be. This is not the place for an encryption lesson. If I were just to say that even Governments hate P-P encryption, that is done well, you will understand the challenge that the'front door' security of the Ex series now presents. There are sometimes ways to circumvent encryption via a back door that provides access to what is needed but you are well and truly into hacking territory now.

The two vulnerabilities that the Ex series camera still exhibits are its use of Win CE and the fact that physical access to the hardware is still unprotected from hacking. These vulnerabilities would take significant effort and knowledge to exploit though.

Basically, if FLIR have indeed gone down the route of P-P encryption, and have done it properly, had it penetration tested, and it has passed the tests without P-P key vulnerabilities, the E4 2017 model will likely remain unhacked for a very long time ! 

A way around the current situation would be to gain access to the hardware, meaning the chipset, and then placing a cloned copy of an earlier E4 camera onto the platform. This is a VERY significant challenge as all flash memory areas need to be accessed to complete the cloning operation. All the original calibration data would be lost and the camera would need to be recalibrated and a new dead pixel map created. I am not saying this cannot be done, but it is more effort than the camera is worth. Better to buy a used E4 that can be upgraded.

I own two E4 cameras that are running the excellent, and very upgrade friendly firmware 1.19. Firmware 1.19 even has the excellent service menu for dead pixel map updating present in it (later removed by FLIR) Both are upgraded to E8+ spec  ;)  I will be selling one of them as I now have an E60+. If anyone is interested, let me know :). .... end of advert !

Fraser
UK
« Last Edit: September 10, 2017, 09:54:20 PM by Fraser »
 
The following users thanked this post: SolderSucker

Online Fraser

  • Super Contributor
  • ***
  • Posts: 6336
  • Country: gb
Re: Flir E4 Thermal imaging camera teardown
« Reply #8291 on: September 10, 2017, 10:15:33 PM »
P-P cryptography explained.....

https://en.m.wikipedia.org/wiki/Public-key_cryptography?sa=X&sqi=2&ved=0ahUKEwid8YjIy5rWAhWiJsAKHWyaB9wQ9QEIGTAA

Done properly at all levels, hardware and software, it is VERY resilient against cracking  ;)

Fraser
 

Online Fraser

  • Super Contributor
  • ***
  • Posts: 6336
  • Country: gb
Re: Flir E4 Thermal imaging camera teardown
« Reply #8292 on: September 10, 2017, 11:04:37 PM »
I have made a decision...... shock, horror, I am going to sell a thermal camera rather than buy one  ;D

I will be advertising my used, spare E4 in the For Sale area of this forum later today. It is running its original 1.19 firmware (the best version in my opinion) so it has the nice service menu and easy reconfiguration needing only FileZilla and the CRC01 calculator provided in this thread. It is so easy to enable and disable features on this firmware.

My unit has already been upgrade by me to the E8+ spec and it has the extra menus as well  :) Fully operational with battery, charger, USB lead,  hard case and original documents.

If you are interested, you can PM me or wait to see the advert and pictures later. I am still considering how much to ask for it and welcome offers. If I like the offer, it will not even get to the for sale area ! This is NOT a silent auction though ! I will be fair to all.

Fraser
Milton Keynes UK
 

Offline SamLowryBrazil

  • Newbie
  • Posts: 3
  • Country: gb
Re: Flir E4 Thermal imaging camera teardown
« Reply #8293 on: September 11, 2017, 12:35:59 AM »
Thank you very much, Fraser!
I know very little about electronics and nothing about programming, so I try my best to decipher the technical stuff on this forum! It's a shame that the e4 can no longer be upgraded to its full potential; I was considering getting one a year or two ago for £750-850. Now I know this is why one other Ebayer made only one bid and let me have it for £500!

The Flir hasn't arrived yet, but I also bought 2x ZnSe 50mm focal length, 2x 63.5mm, and 2x 100mm lenses. They were £10 each on Amazon and shipped from the UK. I'll have fun playing around with them for macro, but what are my chances of making something telescopic? I have heard it is almost impossible of an amateur. I don't mind about an inverted image, but is the problem too few lenses or mirrors or the type of these cheap laser cutter lenses?
 

Online Fraser

  • Super Contributor
  • ***
  • Posts: 6336
  • Country: gb
« Last Edit: September 11, 2017, 01:11:46 AM by Fraser »
 

Offline groundhog

  • Contributor
  • Posts: 6
  • Country: ca
Re: Flir E4 Thermal imaging camera teardown
« Reply #8295 on: September 13, 2017, 01:18:22 AM »
Thank you for tracking down the conf.cfc file that corresponds to DaveWB's SUID.  It's good to have a confirmed example of a conf.cfc file that properly decodes -- I'm able to decode it just fine now with cfccfg.py!

Now I just need to figure out why my camera's conf.cfc does not decode with the SUID value that my camera reports..

On my camera, running the "suid" command via telnet, or looking up the suid value with "rls -l -r" under .version.SUID, produces a 16-byte string (the same string both from "suid" and "rls -l -r"), but cfccfg.py produces garbage output when decoding any of the 3 conf.cfc files from my camera's FlashFS image (in appcore.d, ui.d, and services.d) that I downloaded via FTP (both with filezilla, and directly downloading an individual file with command-line ftp).

Any guesses off-hand as to what I might be missing here?  The camera is running 2.11.
 

Offline groundhog

  • Contributor
  • Posts: 6
  • Country: ca
Re: Flir E4 Thermal imaging camera teardown
« Reply #8296 on: September 13, 2017, 01:50:59 AM »
One thing I should have mentioned earlier is that my camera is an E6.  So far, it seemed identical to the E4 as far as the DLL modifications were concerned, but perhaps the decoding algorithm for .cfc files is slightly different on the E6 as opposed to the E4?

Overall, the E6 .cfc files seem similar enough, and @tmbinc generated a diff for the E6 conf.cfc file a while back (http://www.eevblog.com/forum/thermal-imaging/flir-e4-thermal-imaging-camera-teardown/msg816257/#msg816257).

One thing that seemed suspicious is the "2A00" tail constant used in cfccfg.py.  I thought maybe "2A00" is specific to the E4 camera, and I tried iterating over all possible 1-byte and 2-byte tail values, but nothing produced a sensible conf.cfg file.
 

Offline Bud

  • Super Contributor
  • ***
  • Posts: 1798
  • Country: ca
Re: Flir E4 Thermal imaging camera teardown
« Reply #8297 on: September 13, 2017, 03:58:41 AM »
Sorry, I know nothing about E6...  :(
 

Offline groundhog

  • Contributor
  • Posts: 6
  • Country: ca
Re: Flir E4 Thermal imaging camera teardown
« Reply #8298 on: September 14, 2017, 01:11:32 PM »
Well, embarrassingly enough, turned out the problem was that my camera was 1.1L (not 1.2L), even though it was running software version 2.11.0.  Which meant that I should have used the older ftool to decode and re-encode the .cfc files.  I didn't quite realize that 1.1L cameras used the older conf.cfc encoding format regardless of firmware version.  Now I know. :-)
 

Online Fraser

  • Super Contributor
  • ***
  • Posts: 6336
  • Country: gb
Re: Flir E4 Thermal imaging camera teardown
« Reply #8299 on: September 14, 2017, 08:18:10 PM »
Groundhog,

You got lucky. Your camera has obviously been updated to the newer firmware at some point in its life. Other owners had the same situation after returning their camera to FLIR for calibration or rework. FLIR like to install the latest firmware in any camera they receive. Those owners discovered, as you have, that it was possible to revert the camera to an earlier firmware version again and that not all the countermeasures were present in their cameras due to the earlier hardware version/bootloader (?)

Well done for working this out and getting the upgrade working.

Fraser
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf