Poll

Has the hackabiliy of the E4 made you buy one :  

Yes, I was already looking at the competition at a similar price, but the hack swung it to E4
241 (26.5%)
Yes, I'd not considered buying a TIC before, but 320x240 resolution at this price justifies it (as either tool or toy!)
427 (46.9%)
Yes, I was going to buy an E5/6/8 class of unit but will now get the E4
43 (4.7%)
No, but am looking out for a cheap i3 to hack
42 (4.6%)
Not yet, but probably will if now that a closed-box hack becomes is possible
158 (17.3%)

Total Members Voted: 752

Author Topic: Flir E4 Thermal imaging camera teardown  (Read 2667014 times)

0 Members and 1 Guest are viewing this topic.

Offline ds

  • Contributor
  • Posts: 18
Re: Flir E4 Thermal imaging camera teardown
« Reply #5125 on: June 16, 2014, 05:46:12 am »
joe-c's conf.cfc has a new size (112 byte bigger) and ftool outputs an error.  :(

That's expected. The 16-byte MD5 hash has been replaced by a 128-byte Public-Key signature (RSA 1024-Bits). So unless you have the private key or are able to factorize the public key, you can't create a new, valid signature for a modified configuration file.

Patching this signature check in the software is most certainly only possible if you manage to circumvent the CRC check of certain files in "applaunch.dat" which is probably also protected by a Public-Key signature (file "applaunch.sgn").

I expect that it is still possible to hack the camera, but researching this would probably require quite some time and effort.
 

Offline miguelvp

  • Super Contributor
  • ***
  • Posts: 5549
  • Country: us
Re: Flir E4 Thermal imaging camera teardown
« Reply #5126 on: June 16, 2014, 06:12:19 am »
Or upgrading to an older Firmware but with a higher revision number?

I don't have a Flir so I'm just taking a shot in the dark.
 

Offline bookaboo

  • Frequent Contributor
  • **
  • Posts: 604
  • Country: ie
Re: Flir E4 Thermal imaging camera teardown
« Reply #5127 on: June 16, 2014, 09:08:08 pm »
Update on my earlier connection issues:

Previously I experienced difficulty talking to my V1.18 after installing the latest Flir Tools software. A fellow forum member kindly uploaded Version 4.0.13284.1003 and now all is well again.
It seems to me that the ability to talk to the camera easily (even through filezilla) may depend on the Flir drivers. I could be wrong about this but in any case I'd advise against updating Flir tools in the meantime.
 

Offline PCSnoop

  • Contributor
  • Posts: 9
Re: Flir E4 Thermal imaging camera teardown
« Reply #5128 on: June 18, 2014, 12:52:16 am »
Arg.  OK,  the first go around went well.  I did the res mod and went well, then the menu mod went well.  I went to do the menu3 mod and screwed the pooch.  Black screen.  I copied the FlashFS and FlashBFS incorrectly, so I deleted them on the camera (through filezilla) and resent the menu3 mod back to the camera.  I have nothing but a black screen now.  Any ideas how to get those files back (FlashFS and FlashBFS) onto the camera?  Many thanks.
 

Offline heavybarrel

  • Regular Contributor
  • *
  • Posts: 54
Re: Flir E4 Thermal imaging camera teardown
« Reply #5129 on: June 18, 2014, 12:59:47 am »
You should have done the recommended back up!  A little info about your particular firmware and hardware version would help in restoring the missing files. There are plenty of people here that can help you out.
 

Offline PCSnoop

  • Contributor
  • Posts: 9
Re: Flir E4 Thermal imaging camera teardown
« Reply #5130 on: June 18, 2014, 01:08:39 am »
Yeah,  I did the backup of the original cfc file, but the video I watched didn't walk me through backing up anything else  :(.  I am on 1.22
Filezilla is showing all kinds of crap on the camera now.

Which of these can I remove to make room for the FlashFS?  The FlashBFS copied over, but ran out of room for the FlashFS.
« Last Edit: June 18, 2014, 01:12:07 am by PCSnoop »
 

Offline heavybarrel

  • Regular Contributor
  • *
  • Posts: 54
Re: Flir E4 Thermal imaging camera teardown
« Reply #5131 on: June 18, 2014, 01:14:59 am »
You should be able to drag the new flashfs folder over and select overwrite to replace the one on the camera. Don't remove anything, just overwrite a known bad directory with a known good one.
 

Offline PCSnoop

  • Contributor
  • Posts: 9
Re: Flir E4 Thermal imaging camera teardown
« Reply #5132 on: June 18, 2014, 01:26:57 am »
I dragged the 2 folders back over and still have a black screen.  What should I try next?
 

Offline heavybarrel

  • Regular Contributor
  • *
  • Posts: 54
Re: Flir E4 Thermal imaging camera teardown
« Reply #5133 on: June 18, 2014, 01:30:45 am »
There is a thread for this sort of thing,  i would try to run the firmware update for your version, 1.22 and start fresh. There is no telling if that will work or not but that's what i would do. I am not saying try yo upgrade to a newer version, run the one you already have. There are links in this thread but a few pages earlier.
 

Offline PCSnoop

  • Contributor
  • Posts: 9
Re: Flir E4 Thermal imaging camera teardown
« Reply #5134 on: June 18, 2014, 01:40:28 am »
I've been googleing for hours in this forum.  Can't seem to find a fix.  When I try and send the FlashFS I get the exceeded storage error..
 

Offline PCSnoop

  • Contributor
  • Posts: 9
Re: Flir E4 Thermal imaging camera teardown
« Reply #5135 on: June 18, 2014, 01:54:35 am »
There is a thread for this sort of thing,  i would try to run the firmware update for your version, 1.22 and start fresh. There is no telling if that will work or not but that's what i would do. I am not saying try yo upgrade to a newer version, run the one you already have. There are links in this thread but a few pages earlier.
Hey Heavybarrel,  Could you point me to that thread?  Where would I find the firmware update?
 

Offline PCSnoop

  • Contributor
  • Posts: 9
Re: Flir E4 Thermal imaging camera teardown
« Reply #5136 on: June 18, 2014, 02:02:47 am »
My backup folder is empty.  The only thing I have a backup of is the original cfc file.  Am I screwed?

Is there a way for me to get a complete FlashFS and FlashBFS directory somewhere?

Thank you to a member in this forum.  He logged into my computer and repaired it for me.  Awesome  :-+
« Last Edit: June 18, 2014, 03:42:29 am by PCSnoop »
 

Offline DaveWB

  • Regular Contributor
  • *
  • Posts: 141
Re: Flir E4 Thermal imaging camera teardown
« Reply #5137 on: June 18, 2014, 03:45:33 am »
My backup folder is empty.  The only thing I have a backup of is the original cfc file.  Am I screwed?

Is there a way for me to get a complete FlashFS and FlashBFS directory somewhere?

Thank you to a member in this forum.  He logged into my computer and repaired it for me.  Awesome  :-+
Took care of it for him through TeamViewer, he was using an e60 cfg file lol
 

Offline carlpj

  • Newbie
  • Posts: 3
Re: Flir E4 Thermal imaging camera teardown
« Reply #5138 on: June 18, 2014, 10:55:31 am »
Gentlemen, I am impressed. An amazing hack, followed by Marphy’s brilliant one-click package.

E4 1.1L, SN 63924xxx, f/w 1.22, cal date 24 April.

Sent from Tequipment on 5 June to Australia. Delivered cost A$1135, all inclusive (vs A$1500 local price). A winner.
 

Offline AintBigAintClever

  • Regular Contributor
  • *
  • Posts: 53
Re: Flir E4 Thermal imaging camera teardown
« Reply #5139 on: June 18, 2014, 11:07:10 am »
joe-c's conf.cfc has a new size (112 byte bigger) and ftool outputs an error.  :(

That's expected. The 16-byte MD5 hash has been replaced by a 128-byte Public-Key signature (RSA 1024-Bits). So unless you have the private key or are able to factorize the public key, you can't create a new, valid signature for a modified configuration file.

Patching this signature check in the software is most certainly only possible if you manage to circumvent the CRC check of certain files in "applaunch.dat" which is probably also protected by a Public-Key signature (file "applaunch.sgn").

I expect that it is still possible to hack the camera, but researching this would probably require quite some time and effort.
Is this the same config file that's written to by the camera itself when changing preferences? If so, the code and keys for re-signing the file will be in the camera firmware somewhere. If the firmware's encrypted, the camera needs to know how to decrypt that at boot time.

Time and effort indeed, but the answer is right there in the camera. Unlike say the Xbox 360 where the encryption is buried in the hardware (and even that got reset glitch hacked) this is encryption added where it wasn't before, and all the instructions for doing it will be in that firmware package.

Wish I'd kept up with coding now, must be 20 years since I've used a disassembler.
 

Offline mikeselectricstuff

  • Super Contributor
  • ***
  • Posts: 11996
  • Country: gb
    • Mike's Electric Stuff
Re: Flir E4 Thermal imaging camera teardown
« Reply #5140 on: June 18, 2014, 12:07:56 pm »
Is this the same config file that's written to by the camera itself when changing preferences? If so, the code and keys for re-signing the file will be in the camera firmware somewhere. If the firmware's encrypted, the camera needs to know how to decrypt that at boot time.
No, it's the (supposedly) fixed factory configuration.
Youtube channel:Taking wierd stuff apart. Very apart.
Mike's Electric Stuff: High voltage, vintage electronics etc.
Day Job: Mostly LEDs
 

Offline padrino

  • Newbie
  • Posts: 2
Re: Flir E4 Thermal imaging camera teardown
« Reply #5141 on: June 19, 2014, 08:56:12 pm »
If I purchase an E4 with 2.1 is it possible to downgrade it to 1.22 or another firmware version that can be unlocked?
 

Offline Paulio

  • Contributor
  • Posts: 7
  • Country: gb
Re: Flir E4 Thermal imaging camera teardown
« Reply #5142 on: June 19, 2014, 11:45:51 pm »
If I purchase an E4 with 2.1 is it possible to downgrade it to 1.22 or another firmware version that can be unlocked?

No,  :(
 

Offline felixh

  • Newbie
  • Posts: 2
Re: Flir E4 Thermal imaging camera teardown
« Reply #5143 on: June 20, 2014, 12:45:37 pm »
I just got my E4, another new Firmware-version: E4 1.2L, software 2.3....

I hoped, Reichelt still had some old cams remaining...

well, i think i'll keep it. its a cool toy either way :)
 

Offline ixfd64

  • Frequent Contributor
  • **
  • Posts: 316
  • Country: us
    • Facebook
Re: Flir E4 Thermal imaging camera teardown
« Reply #5144 on: June 20, 2014, 05:03:34 pm »
I just got my E4, another new Firmware-version: E4 1.2L, software 2.3....

I hoped, Reichelt still had some old cams remaining...

well, i think i'll keep it. its a cool toy either way :)

Are you able to turn on RNDIS mode?

Offline Taucher

  • Frequent Contributor
  • **
  • Posts: 456
  • Country: de
  • 1DsaYDGWXEYhEKL rfrbFyYsehaAtfBWawf
Re: Flir E4 Thermal imaging camera teardown
« Reply #5145 on: June 20, 2014, 05:16:47 pm »

Just a short comment regarding hacking a public/private crypto system:

-> find public key stored in device
-> replace public key with own one
-> re-sign all signed stuff
-> have fun

In case the key is hardwired somewhere, then just patch the comparison routine(s).
-> In short: Flir is just setting up a challenge instead of ensuring that their customers get maximum satisfaction.

Offline mamalala

  • Supporter
  • ****
  • Posts: 777
  • Country: de
Re: Flir E4 Thermal imaging camera teardown
« Reply #5146 on: June 20, 2014, 06:21:08 pm »
-> In short: Flir is just setting up a challenge instead of ensuring that their customers get maximum satisfaction.

Who's saying that such challanges are not satisfying to some customers ;)

Greetings,

Chris
 

Offline StaticDET5

  • Newbie
  • Posts: 2
Re: Flir E4 Thermal imaging camera teardown
« Reply #5147 on: June 21, 2014, 02:04:05 am »
I just received my E4, and I'm getting ready to do the software performance update.  I have a software 1.22 system.  Before I go forward with this:

Would it help to film it?  Document the process for others?  Is there anything I can do to help you folks continue this process?
 

Offline DaveWB

  • Regular Contributor
  • *
  • Posts: 141
Re: Flir E4 Thermal imaging camera teardown
« Reply #5148 on: June 21, 2014, 02:13:18 am »
I just received my E4, and I'm getting ready to do the software performance update.  I have a software 1.22 system.  Before I go forward with this:

Would it help to film it?  Document the process for others?  Is there anything I can do to help you folks continue this process?
Back it up, main thing is the conf.cfc file. If you need help I can TeamViewer you
Edit: Let us know what your calibration date is and serial number(you can hold off on last digit) and Aurora will add it to the Useful information thread
« Last Edit: June 21, 2014, 02:27:39 am by DaveWB »
 

Offline StaticDET5

  • Newbie
  • Posts: 2
Re: Flir E4 Thermal imaging camera teardown
« Reply #5149 on: June 21, 2014, 03:48:01 am »
Alright!

I'm on it.  If there is anything else folks want me to do, let me know by around 1700EST tomorrow.

Thanks folks!
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf