Mike - I'm convinced it's time to update post #1
NK.bin content changes:
applauncher.exe -> MANY changes, grown from 7840b to 18816b - containing new CRC methods (see above)
ceconfig.h -> upgraded tahoma font config
comptab.osimgkit -> added version strings (on top of all up to 1.18.7, 16.0.10, 1.0.13, 1.0.0.7)
1.18.8, 16.0.10, 1.0.13, 1.0.0.8
1.19.8, 16.0.10, 1.0.14, 1.0.0.8
1.20.9, 16.0.12, 1.0.15, 1.0.0.9
1.20.0, 16.0.12, 1.0.15, 0
default.fdf -> added new driver entry for FADDEV -> faddev.dll (is there a Exx truck charger?!)
faddev.dll -> NEW -> i2c related -> Some strings: IOPortLaserEvent / Failed to create Truck Charger event
nk.exe -> "LOCK BOOTLOADER VERSION" string added, some changes, seemingly one added function and a few short subroutines
tahoma.ttf -> replaced with seemingly some unicode update (size doubled)
Menu-RCC:
No changes to icons whatsoever - but desktop.qml got extended with this block:
Text { // Special text displayed in service mode
anchors.centerIn: parent
text: "Service mode"
color: colors.textFocused
font.pixelSize: fonts.largeSize
font.family: fonts.family
visible: greenbox.system.serviceMode
}
Rectangle { // Hide graphics layer
visible: greenbox.hideGuiLayer
color: colors.transparent
width: grid.width
height: grid.height
}
Conclusion:
The 1.21.0 firmware is designed as hack-stopper (yay, we're important) ... I guess that explains the lack or a changelog - well, we now did it for you *love you Flir, kiss* (it's great fun)
Plus there was a cleansweep to remove anything "extra" (read: reduce hackable binaries, remove helpful stuff)
@Taucher,
Thanks for your hard work determining what has been done in the new firmware.
I do not claim to understand much of it but interesting all the same
@Taucher
I can confirm the changes. Flir removed also all the parts to get the high resolution (service) mode:
- removed ProdApp.exe
- removed folder FlashBFS/system/web/service
In old firmwares (tested with Flir Exx) we can get the high resolution by only editing the windows start cmd script (no need of crc)
applaunch.dat # Show intro bootlogo and start progress
progressapp -f \flashbfs\system\bootlogo.bmp -g flashbfs\system\bootlogo_legal.bmp -d
# Start command shell on the RS-232 port
cmd /R
# Register a default user
defaultusr
# Start appcore. Appcore starts other necessary processes
appcore
by adding this lines (or use telnet for testing)
#start highres Modus
delay 10
start prodapp
delay 10
rset prod.preparation.command restartHighRes
we get this prod.log file
01:40:08 13 Preparation:---------------Command restartHighRes received
01:40:10 Using .image.flow.detector.TFpa to check tempstable
01:40:16 15 Preparation:Restarting in high resolution mode/service mode
01:40:16 16 Preparation:Command restartHighRes, result 0
the password 3vlig is also used for communication between Flir (PC-) Software and camera. Flir doesn't removed it (same result as in 1.18.7):
$ for i in $(find . -type f ) ; do echo $i; strings $i | grep 3vlig; done | grep -B1 3vlig
./common_dll.dll
3vlig
--
./kitcrc.exe
3vlig
I wonder if service mode still stamps the template file with the CRC though..
I early used this feature to generate a CRC for my own config files, no troubles with CR/LF
I haven't bought my E4 yet. If this new firmware makes mike's hack invalid, then I'll just not buy the E4. I can't afford a higher res model but I really need it for SMT, and PCB work.
It will be really interesting to hear from the Tequipment or PASS reps after the new firmware gets into circulation about how this affects sales of the E4. Since this is the main place to learn about the hack, and it is already known that the new firmware at least makes the hack harder, I would expect a temporary drop in sales (permanent drop if the brain trust here can't hack the new firmware).
It will be really interesting to hear from the Tequipment or PASS reps after the new firmware gets into circulation about how this affects sales of the E4. Since this is the main place to learn about the hack, and it is already known that the new firmware at least makes the hack harder, I would expect a temporary drop in sales (permanent drop if the brain trust here can't hack the new firmware).
Someone should PM Tequipment here - they have been open about FW versions in the past. If their latest shipment of 64 is old FW, I'm sure they will go quick if they can confirm it.
FLIR just dealt a blow to their E4 sales. They must be really proud of themselves.
And now all the procrastinators come out to cry
I'll be sure to keep my E4+ safely away from any new updates and Flir's website. I'll also be wary of any Flir tools updates (depending on how vindictive Flir decides to be).
cheers,
george.
Oh well, maybe we'll just have to turn attention to that 60FPS raw sensor data stream now.
With regard to E4 sales, lets be honest about this.... a number of buyers have bought the E4 with the intention of enhancing its capabilities (me included). In the big scheme of things our purchases may not be that significant and FLIR may not care abour E4 sales if margins are low. They have proved that a decent thermal camera can be offered for under $1K and have the Kudos of that price breakthrough....its has raised their profile over FLUKE etc in that part of the market.
The E4 is still a decent thermal camera even when running in standard rig as it has the very useful and helpful MSX fusion that meets the needs of many for an easily interpretable image that shows areas of different temperature.
We must not forget that FLIR is a big player in the world of professional thermography and industry still happily pays more than $55,000 for a 320x240 industrial camera like the ones I use. That is the big money that FLIR are used to dealing in. It must also be remembered that FLIR effectively bought in the design and technology of the i and E series cameras. They wanted a slice of the consumer/low end TIC market and they got it. I doubt they actually need it to survive, and if it does not perform it will likely be hived off. The i Ex and Exx series are not even made in the same factory as the industrial cameras. I somehow think FLIR will make it work and earn money from it though.
Horrible though it may sound....we, as individuals or small group, are of no consequence to FLIR EXCEPT when 'we' reveal the 'Secrets' within their business model as in the case of the E4 hobbling. That likely caused a little concern, not because we didn't pay for what we got, but rather becuase it didn't look good on the PR front (and possibly some ITAR worries thrown in for good measure) . If FLIR have managed to move the enhancement of an E4 beyond the reach of the average Jo, they will not lose any more sleep over the matter and just treat it as a lessons learnt exercise. Life goes on. For those of us fortunate enough to own enhanced E4's, we owe our thanks to the Team that enabled such on the E4. We are very lucky to have benefitted from their knowledge and persistance. For us, there may even be further capabilty to be released from the E4 platform. For those who did not buy an E4 in the period since release in October 2013, you have my sympathy, but you should have known that the warning signs were there that FLIR would respond sooner or later. The early bird catches the worm and all that. There is still time to get a 1.19.8 version though. Think hard about what you will use it for and whether a bargain 320x240 thermal camera is an opportunity not to be missed. I have industrial TIC's coming out of my ears and I still bought the excellent little E4 due to its ergonomics and excellent MSX mode
Fot those seeking an E4, but not able to buy yet, I suspect we will be seeing E4's being sold on ebay at a significant mark-up on retail due to 1.19.8 firmware fitted..... they may still represent value for money though.
Here endeth the Epistle
I got an email from TEquipment today saying they had 65 in stock, and just ordered one. They said these should have the older firmware as FLiR hasn't mentioned an update to them, and they would have if these had been updated. Anyways, fingers crossed.
@chiem,
Good call....you will not regret it and even if you decide it isn't what you need, you could sell it for what you paid. or maybe more
Win - Win situation.
(I should have been a salesman
)
We must not forget that FLIR is a big player in the world of professional thermography and industry still happily pays more than $55,000 for a 320x240 industrial camera like the ones I use.
..but how many do they sell..? As much of the Ex R&D came from automotive, could be that higher volume lower cost units like the Ex and FlirOne may be becoming more significant.
TIC's are becoming far more common in industry these days. They are used in production line environments and as part of security systems. The applications of the industrial cameras are quirte diverse. The profit may not be all in the camera sales margin......calibration may be where the profit really lies, like in car sales Vs car servicing. Audi told me the serious profit was made in the service bays. Having paid Audi sevice fees I can believe that ! Industrial grade products are possibly more likely to be re-calibrated than consumer grade products like the E4 so the E4 earns little for FLIR during its operational life. Some years ago I had an industrial TIC calibrated and serviced and it cost GBP5000 ($7500) for the work
That was the cost of ownership for a high performance, low noise stirling engine cooled thermal camera. Thank goodness for uncooled cameras that have a lower cost of ownership
R&D plus other scientific areas still used cooled cameras as the noise level is so much better combined with greater sensitivity.
Automobile use is a growth area that I believe FLIR will wish to maintain a presence in. Company image is important and having your company name connected with a wide range of applications can only be good. It is interesting that Autoliv is the predominant marketing on the auto applications, with FLIR keeping a low profile.
Only FLIR can know where their greatest income is to be found, but I don't see the E4 sales making or breaking the company
Interestingly, on a news report the other day, it was stated that Apple makes more profit on just its iPhone series than Microsoft make on all of their software portfolio ! That did come as a surprise to me.
A quick question: does the Ex battery have the I2C bus connected to it?
Phew, Luckily I caved and got myself a E4 before it it was too late...
Mine is Calibrated Nov 2013.
I'm guessing that they released the firmware however it won't be for another month or 2 before it gets into their E4 mainstream stock.
As being a smart company, they would want to keep atleast 1 month of stock so they don't have issues with shortages.
So if you were thinking of getting a E4, you better do it NOW and hope 'preorders' haven't taken over all the old stock.
Maybe we can focus on more hacking... and unlock the Hz limitation.
Or maybe a hybrid firmware.... e.g. work out the good stuff from the new firmware and mix it down with files from old firmwares.
Would be interesting.
A quick question: does the Ex battery have the I2C bus connected to it?
No. There is I2C on the test FFC connector, but as we know I2C isn't (currently) very relevant, though it might be if future firmware needs to be persuaded that it's running on an E8.
applauncher.exe is the file containing the new CRC functions (CRC04 CRC03 CRC02 CRC01 CRC00 CRC32) and some debug-messages:
# CRC
VerifyHash - [CRC error] : done
VerifyHash - [CRC OK] : done
VerifyHash -[CRC%d] : not accepted
# %19s %x
CRC%d
VerifyHash - [CRC not trusted] : done
%S [size]
%S [CRC]
# doCRC %s %u %u
# doCRC
verifyCRC - cannot open %s
Bad Argument(s)! Use "applauncher" for help.
00011920 - main crc proc
00011998 - this is where config file is loaded and crc calculated?
000119A8 - here it checks which version of CRC signature was used and decides to pass or throw "VerifyHash - [CRC not trusted] : done"??
plenty of spots to blindly start patching conditional jumps, either to always pass crc, or reenable crc01 (if it was in fact disabled)
No. There is I2C on the test FFC connector, but as we know I2C isn't (currently) very relevant, though it might be if future firmware needs to be persuaded that it's running on an E8.
applauncher.exe at 00011DEC does appear to be calling KernelIoControl to maybe read I2C ?
all lame guesswork
Guys didn't I tell you that they were working on locking it? ...and then went straight and bought one...
Smart move...
One thing is for sure. E4 sales are going downnnn
The camera just arrived and they are going to tell me the serial number soon.
Is there a way to find out the firmware version just from the serial number?
Thanks,
So we will actually know for sure when someone tells us the serial number of the new locked version.
I still do not understand where exactly is the problem. When you will receive 1.21, you can connect to it via FTP, erase complete FLASH and copy 1.19 there. Or am I wrong ? You can see all the appcore.exe and other files, so I expect you can overwrite it with previous version. Sounds so simple.
In fact I did hack the same way. I did not use fif and installator. I just copied config file via FTP.