Author Topic: FLIR E4 Wifi Resolution and Menu Hack Thread  (Read 79401 times)

0 Members and 1 Guest are viewing this topic.

Offline Fraser

  • Super Contributor
  • ***
  • Posts: 7528
  • Country: gb
Re: FLIR E4 Wifi Resolution and Menu Hack Thread
« Reply #75 on: June 27, 2017, 04:53:10 am »
Hardware mods on the E4 ...... an interesting concept but the high level of integration in modern electronics and specifically these cameras begins to limit what you can do in terms of hardware modes.

The Microbolometer ROIC outputs raw thermal scene information so is pretty ugly to say the least. The main image processing and formatting takes place inside a silicon 'lump' so no hardware modding advisable there. The Silicon 'lump' also contains the firmware. There is no nice and convenient configuration EEPROM to edit or exploit and no exposed core data bus to intercept and manipulate.

It would be interesting to know where a hardware hacker considers the E4 vulnerable to hardware attack and manipulation, short of creating a whole new processor block and  firmware for the platform. That, I would suggest, is far more effort than it is worth. Older models of E4, that are vulnerable to firmware manipulation, appear regularly on the secondary market.

Fraser
« Last Edit: June 28, 2017, 07:36:07 pm by Fraser »
 

Offline WayneD

  • Newbie
  • Posts: 2
  • Country: us
Re: FLIR E4 Wifi Resolution and Menu Hack Thread
« Reply #76 on: June 28, 2017, 02:20:38 pm »
I guess I'll wait and see. :popcorn:

For now, it's a no-go. :=\
 

Offline Bud

  • Super Contributor
  • ***
  • Posts: 2686
  • Country: ca
Re: FLIR E4 Wifi Resolution and Menu Hack Thread
« Reply #77 on: June 28, 2017, 03:05:02 pm »
You can theoretically hack the new version by resigning the update files with your own private key and then replacing the public key in the device with yours: https://eevblog.com/forum/thermal-imaging/flir-e4-thermal-imaging-camera-teardown/msg465272/#msg465272

Has anyone tried this?

With the older firmware there was no motivation to try that because digital signature check was disabled altogether. It is probably going to take a new generation of,well, enthusiasts to work on that.
There were tools to access and browse the E4 Registry, but no changes to it could be made permanent. So one would probably need to start from understanding how to alter Win embedded Registry, and if it is possible to alter the public key.
 

Offline Fraser

  • Super Contributor
  • ***
  • Posts: 7528
  • Country: gb
Re: FLIR E4 Wifi Resolution and Menu Hack Thread
« Reply #78 on: June 28, 2017, 07:52:17 pm »
WayneD,

If you really want a decent thermal camera, do not wait too long. If the latest release of E4 proves too difficult to upgrade, all old stock of the model will be sought out and purchased by those who wish to upgrade the unit. Then the secondary market will see a significant increase in used unit prices.

Regarding the future of the E4 upgrade development..... when it was first discovered that the E4 operating system was relatively open to modification, some clever people worked out how to make configuration changes and calculate CRC's. Whilst FLIR did respond by making the process harder, there was enough motivation in the user community to develop ways around any upgrade protection.

I am not sure that there is the same level of interest in developing an upgrade for the latest version of the E4. There are many E4's that can be upgraded still available and the latest FLIR countermeasure may be a significant challenge to circumvent. Without significant community interest, it may prove to be the first version of E4 firmware hat remains secure against upgrade.

FLIR lan from the E4 upgrade gate they needed to better secure their firmware afpgainst such. Thus is no surprise and they are more than capable of buying in advice on how such my be best accomplished. A public Privat key encryption was always a possibility and was feared by those of us interested in the upgrade of the E4.

Good luck to anyone trying to upgrade a 2017 model E4, I think ounwill neeed it. I still ecommend hunting down any residual ore 2017 stock. Her we many companies that held stock rather than buying in from FLIR when an order was received. If you want an E4, contact some companies and ask if they hold stock, then all for the serial number of a camera to see if it is a pre or post 2017 release. Ensue our order a unit according to its serial number to avoid disappointment.

Good Luck

Fraser
 

Offline ixfd64

  • Frequent Contributor
  • **
  • Posts: 309
  • Country: us
    • Facebook
Re: FLIR E4 Wifi Resolution and Menu Hack Thread
« Reply #79 on: June 29, 2017, 04:15:31 am »
I think another reason is the limited demand for an upgrade. Phones and tablets are rooted because mobile devices are ubiquitous these days. Thermal cameras, although becoming increasingly common, are still a niche market.

Offline Fraser

  • Super Contributor
  • ***
  • Posts: 7528
  • Country: gb
Re: FLIR E4 Wifi Resolution and Menu Hack Thread
« Reply #80 on: June 29, 2017, 05:26:37 am »
When the E4 first came out in 2013, and it was discovered that it could be upgraded relatively easily, there were a large number of people who wanted one. That pool of people in the market for such a camera has likely bought one by now. There will likely be far fewer interested in developing new approaches to circumvent FLIR's protection after so many years of easy upgradability.

Fraser
 

Online TheSteve

  • Supporter
  • ****
  • Posts: 2543
  • Country: ca
  • GHz or bust
Re: FLIR E4 Wifi Resolution and Menu Hack Thread
« Reply #81 on: June 29, 2017, 06:10:45 am »
It only takes one really determined person to push a project like this forward. That person just hasn't appeared yet for the E4 Wifi.
VE7FM
 

Offline gregor11

  • Contributor
  • Posts: 7
  • Country: pl
Re: FLIR E4 Wifi Resolution and Menu Hack Thread
« Reply #82 on: July 12, 2017, 01:03:01 am »
DaveWB  could you share your modified conf.cfc file
« Last Edit: July 12, 2017, 01:14:32 am by gregor11 »
 

Offline Dan S

  • Newbie
  • Posts: 2
  • Country: gb
Re: FLIR E4 Wifi Resolution and Menu Hack Thread
« Reply #83 on: July 13, 2017, 06:47:42 am »
Hello Dave and everyone. Im Dan, a building contractor from London. I've fallen in love with thermal imaging and the value it will add to my profession and have started looking for a camera.

Very quickly this led me to the FLIR E4 and of course the hack to E8 performance. However I am concerned that the latest versions of the camera being sold are causing issues for the upgrade hacks. I really would prefer to buy a new unit if its possible to hack rather than get something second hand that is hacked.

If I buy a new E4 with FLIRS latest software will I be able to hack it? Would anyone be able to help guide me through the process when I get it?

I assume hacking the unit voids any warranty?

Thanks
Dan

 

Offline Fraser

  • Super Contributor
  • ***
  • Posts: 7528
  • Country: gb
Re: FLIR E4 Wifi Resolution and Menu Hack Thread
« Reply #84 on: July 13, 2017, 07:21:15 am »
Dan,

The latest (2017 release) FLIR E4 has yet to be hacked. This thread details the story so far.

Hacking has the potential to void the warranty depending upon the nature of any fault that occurs.

There is nothing wrong with a well cared for used E4. They are well built and long lived.

Fraser
 

Offline Dan S

  • Newbie
  • Posts: 2
  • Country: gb
Re: FLIR E4 Wifi Resolution and Menu Hack Thread
« Reply #85 on: July 13, 2017, 05:44:51 pm »
Fraser,

Thanks very much for your reply. I really appreciate you taking time to respond to me.

Yes they do seem to be very rugged by all accounts. I'll keep an eye on the forum - seems there are some real tech savvy guys here in white coats looking at battling FLIR's software!

Regards from sunny/rainy/windy and anything else if you wait a few minutes UK
Dan
 

Offline Xavier64

  • Contributor
  • Posts: 25
  • Country: gi
Re: FLIR E4 Wifi Resolution and Menu Hack Thread
« Reply #86 on: August 15, 2017, 11:54:31 pm »
Please upload some pictures to prove this.

As far as we all know, downgrade with HW2.0 is NOT possible. But I am very happy to see I am wrong :-)
 

Offline cricri103

  • Newbie
  • Posts: 4
  • Country: ca
  • Autozone
Re: FLIR E4 Wifi Resolution and Menu Hack Thread
« Reply #87 on: August 26, 2017, 05:51:21 pm »
I made a mistake!!
My model is 1,2L
FW 3.5.0
Mars 2017
This is not the model 2L
Sorry
 :palm:
« Last Edit: August 26, 2017, 06:20:41 pm by cricri103 »
 

Offline groundhog

  • Contributor
  • Posts: 6
  • Country: ca
Re: FLIR E4 Wifi Resolution and Menu Hack Thread
« Reply #88 on: August 27, 2017, 04:01:50 am »
I've been trying to better understand cfccfg.py and cfccfg_V2.py.  I'm having difficulty decoding the conf.cfc file into a conf.cfg file, even when using what I believe to be the correct SUID value.  As a check, I tried to decode the conf.cfc file from DaveWB's "Stock Camera" zip file, using the SUID value that DaveWB mentioned (22C7E4020050281A), and I get non-ASCII output in the conf.cfg file.  Specifically:

Code: [Select]
% python cfccfg.py 22C7E4020050281A conf.cfc conf.cfg1
% python cfccfg_V2.py 22C7E4020050281A conf.cfc conf.cfg2
% sha1sum conf.*
cc151985fdc0177f125e8420ced6df4a549ac021  conf.cfc
e3a3b0a4e89b6429cc2618ecb3581ab40230da79  conf.cfg1
3b59eb9f3fc0176acd6a652212a1ab1fcc06f359  conf.cfg2
% strings -n10 conf.cfg*
&YNbM(|(M:
&YNbM(|(M:

The conf.cfc file's SHA1 sum I believe corresponds to DaveWB's "Stock Camera" file, and the "strings" command shows that there's nothing remotely resembling the cfg file ASCII contents in the resulting output.  The differences in SHA1 sum of conf.cfg1 vs conf.cfg2 are because cfccfg_V2.py strips off the tail; the decoded contents up to the tail are identical (and non-ASCII).

What's super puzzling to me is that DaveWB reports that he got his file decoded using cfccfg, using the same SUID that I'm trying to use on his same file...

Any thoughts on what might be going wrong here?  DaveWB, any chance you remember what command you ran, on what file, and what cfg file did you get out of it?
 

Offline Joshuaheien

  • Newbie
  • Posts: 1
  • Country: us
Re: FLIR E4 Wifi Resolution and Menu Hack Thread
« Reply #89 on: September 03, 2017, 07:32:04 am »
Sorry to ask this but does anyone have the hack for 2.11 with 1.2L hardware the links I found don't work anymore. Thanks  :-+  :-+  :-+
 

Offline Bud

  • Super Contributor
  • ***
  • Posts: 2686
  • Country: ca
Re: FLIR E4 Wifi Resolution and Menu Hack Thread
« Reply #90 on: September 10, 2017, 03:51:50 pm »
@DaveWB,

This is your files which I modify, replacement them by FTP, and see anything change or not.

OK so if that post included the modified conf.cfc file then the file was screwed. It has bunch of "ture" instead of "true" modifiers  ^-^ . I have attached the decoded file, you guys need to fix the typos, re-encrypt with your SUID and try. Dunno if this will help with the progress but the file needs to be corrected anyways. There was a possibility that the camera aborted reading the cfc file when encountered the error and reverted to the default config. I do not have a wi-fi camera so someone needs to pick it up from here. :popcorn:
 

Offline Fraser

  • Super Contributor
  • ***
  • Posts: 7528
  • Country: gb
Re: FLIR E4 Wifi Resolution and Menu Hack Thread
« Reply #91 on: September 10, 2017, 11:06:23 pm »
Sorry about this double Post from the teardown thread but just in case anyone is interested here.....

I have made a decision...... shock, horror, I am going to sell a thermal camera rather than buy one  ;D

I will be advertising my used, spare E4 in the For Sale area of this forum later today. It is running its original 1.19 firmware (the best version in my opinion) so it has the nice service menu and easy reconfiguration needing only FileZilla and the CRC01 calculator provided in this thread. It is so easy to enable and disable features on this firmware.

My unit has already been upgrade by me to the E8+ spec and it has the extra menus as well  :) Fully operational with battery, charger, USB lead,  hard case and original documents.

If you are interested, you can PM me or wait to see the advert and pictures later. I am still considering how much to ask for it and welcome offers. If I like the offer, it will not even get to the for sale area ! This is NOT a silent auction though ! I will be fair to all.

Fraser
Milton Keynes UK
 
The following users thanked this post: SeanB

Offline Fraser

  • Super Contributor
  • ***
  • Posts: 7528
  • Country: gb
« Last Edit: September 12, 2017, 07:35:21 pm by Fraser »
 

Offline Bud

  • Super Contributor
  • ***
  • Posts: 2686
  • Country: ca
Re: FLIR E4 Wifi Resolution and Menu Hack Thread
« Reply #93 on: September 11, 2017, 08:23:54 am »
There are two possibilities: one is your file has been a mess (older and new); the other is the signature mode has been changed.

You were spot on, the modified conf.cfc  was bad, see my previous post.
 

Offline Bud

  • Super Contributor
  • ***
  • Posts: 2686
  • Country: ca
Re: FLIR E4 Wifi Resolution and Menu Hack Thread
« Reply #94 on: September 12, 2017, 11:47:07 am »
These two statements seem to be contradictory:

I did have just the modified .dll on there and the camera still worked fine.

Unfortunately, the result of the test was that uploading a patched common_dll.dll, causes the camera to not boot normally as I suggested in my previous post.

So perhaps another controlled test is needed. Both people seem to have left the thread though.
 

Offline DaveWB

  • Regular Contributor
  • *
  • Posts: 133
Re: FLIR E4 Wifi Resolution and Menu Hack Thread
« Reply #95 on: September 12, 2017, 12:12:10 pm »
I would be more than happy to use TeamViewer to help out anyone solving this dilemma, unfortunately I do not recall much about what processes I did. I do also have a brand new flir e4 that hasn't been messed with that maybe we can test on as well. The unit is not wi-fi version but is still the most recent version.
 

Offline Bud

  • Super Contributor
  • ***
  • Posts: 2686
  • Country: ca
Re: FLIR E4 Wifi Resolution and Menu Hack Thread
« Reply #96 on: September 12, 2017, 01:04:01 pm »
OK, good to have you back.

Not sure what modified conf.cfc you used, there may be a chance it was a bad one that had typos in it, see my previous posts. If you can provide the test camera SUID and a copy of the original conf.cfc I could help with properly modified and re-encrypted conf file. Both the SUID and conf file must be from a same camera.

So that will have one piece solved. The other piece of course is the patched common_dll.dll file. Do you have a copy patched for both signature and CRC?   I think just the signature patch alone may not do it. We may need someone to help validate if the file was patched correctly.  I am not sure if just replicating the patched values from the 2.3.0 time would do it. The farther of the original patch wrote back then:

BUT: It appears that CRMD160 is very fundamentally broken for byte values >= 0x80... This allows to conveniently patch the signature check in a way that applauncher.exe doesn't notice.

So what exactly was the "way" the patch was done that applauncher did not notice?  Mind that the new common_dll is twice as smaller as the old one in size.
 

Offline DaveWB

  • Regular Contributor
  • *
  • Posts: 133
Re: FLIR E4 Wifi Resolution and Menu Hack Thread
« Reply #97 on: September 12, 2017, 01:10:49 pm »
Do you think it would be best to use the brand new camera I have to reattempt this? That way we know everything is original?
 

Offline Bud

  • Super Contributor
  • ***
  • Posts: 2686
  • Country: ca
Re: FLIR E4 Wifi Resolution and Menu Hack Thread
« Reply #98 on: September 12, 2017, 01:24:24 pm »
It is only two files at this time, so your old camera should do it unless you screwed it badly.
 

Offline DaveWB

  • Regular Contributor
  • *
  • Posts: 133
Re: FLIR E4 Wifi Resolution and Menu Hack Thread
« Reply #99 on: September 12, 2017, 01:34:50 pm »
I know I was having issues getting the right .dll on there which I think might have led to some of the problems. I'll check my files and see what I have.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf