3.9 KiB
| title | date | tags | drafts | ||
|---|---|---|---|---|---|
| Reversing an image format | 2025-01-15 |
|
true |
This post is the first in a series on reverse engineering binary file formats using an array of tools, mainly to serve as insight into how to approach these kinds of challenges as they can be daunting. Part one focuses on the image format.
Introduction
*[ITAR]: International Traffic in Arms Regulations In the past few years, Chinese manufacturers have brought cheap, performant microbolometer arrays to the consumer market. These arrays are higher resolution and faster framerates than what can reasonably be acquired in the West - mostly due to low competition and ITAR restrictions. Most popular are the low-cost modules by Infiray, which provides whitelabel solutions to a host of other companies (TOPDON, Vevor, HTI, UNI-T) to relabel and sell under their own name. They come in two major form factors: Phone add-on and gun-grip unit. Existing work has documented and reverse-engineered the phone communication protocols, but
I got burned once by the phone-dongle style before with Seek Thermal. Simply put, the pace of smartphones is longer than the target lifespan of these products. This time, I wanted one that was standalone. The PC connectivity was still important to me, since there are certain operations that can only be done with access to raw data, like Lock-In Thermography.
For that reason, the Hikmicro line of portable imagers interested me. It's more expensive than the whitelabel Infiray products, but offers some pretty nice looking PC software and uses a Radiometric JPEG image format for data.They advertise Live USB video and it supposedly also delivers radiometry over the USB (!). This is on top of being a standalone unit so you don't need to use an odd phone app. However this choice seems less popular on forums and there is no reverse engineering project that exists already, so we'll have to start from scratch.
Getting the picture
To start with something simple, lets figure out how their image format works. They call it "radiometric JPEG". This isn't to be confused with FLIR's RJPEG format, which is already well understood.. When using regular image viewers, we get a screenshot of the display. Where things get interesting is when we open the image with the Hikmicro Analyzer software, we can see the full resolution visual image, as well as the raw radiometric data. This lets us use the tool to construct reports and take more accurate measurements.
When first exploring a new binary format, start with the basics. I have a photo of my cat taken with a Hikmicro B10 (which I returned for the Pocket C).
Running file on it is unsuprising:
$ file cat.jpeg
cat.jpeg: JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=3, datetime=2024:12:29 04:44:22, orientation=upper-left], baseline, precision 8, 240x320, components 3
But there's obviously more than just that in the file, since the analyzer software is able to recover radiometric data.
Let's use imhex and binocle
to start poking around. binocle lets us view binary data as a 2D texture. This is mostly pointless for text or encrypted/compressed files,
but it makes it easy to spot larger patterns/segments:
It's mostly just noise. But then there's an odd repeating pattern close to the end. By changing the width of the texture we might be able to get a better idea of how it works. A good guess here would be a resolution of (camera, screen, microbolometer). Let's try 192, the resolution of the microbolometer:
Well that's something. It's not perfect, but it means that our thermal data is relatively raw in the file. With that in mind, let's dig into imhex to see if we can parse more out.
I'm hexing here
Imhex is pretty great. You can perform a lot of analysis without needing other tools.