saji/blog
1
0
Fork 0
Code Actions Activity
blog/content/blog/hacking-hikmicro-pt1/hacking-hikmicro.md
Saji 1cd021d0a7
All checks were successful
Build Blog / Build (push) Successful in 5m32s
Details
lint
2025-05-02 22:38:37 -05:00

70 lines
3.9 KiB
Markdown
Raw Blame History

---
title: Reversing an image format
date: 2025-01-15
tags:
- reverse-engineering
- hacking-hikmicro
drafts: true
---
This post is the first in a series on reverse engineering binary file formats using an array of tools,
mainly to serve as insight into how to approach these kinds of challenges as they can be daunting.
Part one focuses on the image format.
# Introduction
\*[ITAR]: International Traffic in Arms Regulations
In the past few years, Chinese manufacturers have brought cheap, performant microbolometer arrays to the consumer market.
These arrays are higher resolution and faster framerates than what can reasonably be acquired in the West - mostly due
to low competition and ITAR restrictions. Most popular are the low-cost modules by Infiray, which provides whitelabel solutions
to a host of other companies (TOPDON, Vevor, HTI, UNI-T) to relabel and sell under their own name. They come in two major
form factors: Phone add-on and gun-grip unit. Existing work has documented and reverse-engineered the phone communication protocols,
but
I got burned once by the phone-dongle style before with Seek Thermal. Simply put, the pace of smartphones is longer than
the target lifespan of these products. This time, I wanted one that was standalone. The PC
connectivity was still important to me, since there are certain operations that can only be done with access to raw
data, like Lock-In Thermography.
For that reason, the Hikmicro line of portable imagers interested me. It's more
expensive than the whitelabel Infiray products, but offers some pretty nice
looking PC software and uses a Radiometric JPEG image format for data.They
advertise Live USB video and it supposedly also delivers radiometry over the
USB (!). This is on top of being a standalone unit so you don't need to use an
odd phone app. However this choice seems less popular on forums and there is no
reverse engineering project that exists already, so we'll have to start from
scratch.
# Getting the picture
To start with something simple, lets figure out how their image format works. They call it "radiometric JPEG". This
isn't to be confused with FLIR's RJPEG format, which is already well understood.. When using regular image viewers,
we get a screenshot of the display. Where things get interesting is when we open the image with the Hikmicro Analyzer software, we can see the full
resolution visual image, as well as the raw radiometric data. This lets us use the tool to construct reports and take more accurate measurements.
When first exploring a new binary format, start with the basics. I have a photo of my cat taken with a Hikmicro B10 (which I returned for the Pocket C).
Running `file` on it is unsuprising:
```bash
$ file cat.jpeg
cat.jpeg: JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=3, datetime=2024:12:29 04:44:22, orientation=upper-left], baseline, precision 8, 240x320, components 3
```
But there's obviously more than just that in the file, since the analyzer software is able to recover radiometric data.
Let's use [imhex](https://imhex.werwolv.net/) and [binocle](https://github.com/sharkdp/binocle)
to start poking around. `binocle` lets us view binary data as a 2D texture. This is mostly pointless for text or encrypted/compressed files,
but it makes it easy to spot larger patterns/segments:
![Binocle view](binocle_view.png)
It's mostly just noise. But then there's an odd repeating pattern close to the end. By changing the width of the texture we might be able to get a better idea
of how it works. A good guess here would be a resolution of (camera, screen, microbolometer). Let's try 192, the resolution of the microbolometer:
![Cat-shaped Binary](cat_shaped_binary.png)
Well that's something. It's not perfect, but it means that our thermal data is relatively raw in the file. With that in mind, let's dig into `imhex` to see if we can parse more out.
# I'm hexing here
Imhex is pretty great. You can perform a lot of analysis without needing other tools.
View git blame Copy permalink