Olympus FW analysis

[mx3]

Jonah Probell - The Lexra Story

Zoran COACH cameras (with the same HW/SW architecture and FW pack method as Olympus FE 2XX, 3XX series):

Minox:
- MINOX Germany: Firmware DCC M3 Plus

Samsung:
- s1050, L700, nv73, s730, s830, s850, v700

premier image tech (Traveler):
slimline x5 bin file , inside the traveler slimline x5


UFO:
- dv4140, dv60, dc5345, dm5370

RCA Small Wonder:
- EZ201

Aiptek:
- MPVR (DV6800)

[mx3]

it seems 0x200 bytes of 0x600 bytes block is MBR
next block is image of disk

FAT32 Structure Information. MBR, FAT Boot sector introduction - EASEUS Data Recovery

next step: mount this drive and see files on it.

it probably can be done :
- on linux ( Aiptek MPVR, Zoran-based Camcorder (firmware update) )
- on windows using VDK (Virtual Disk Driver - VM Back)

[mx3]

readelf applied to ELFs shows ussefull information

readelf -a -W PRE_E_008_1102_0000_0000.dec.part2.elf >PRE_E_008_1102_0000_0000.dec.part2.elf.rdlf

Code: [Select]

ELF Header:
  Magic:   7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
  Class:                             ELF32
  Data:                              2's complement, little endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       0
  Type:                              EXEC (Executable file)
  Machine:                           MIPS R3000
  Version:                           0x1
  Entry point address:               0x80010000
  Start of program headers:          52 (bytes into file)
  Start of section headers:          270376 (bytes into file)
  Flags:                             0x50000001, noreorder, mips32
  Size of this header:               52 (bytes)
  Size of program headers:           32 (bytes)
  Number of program headers:         4
  Size of section headers:           40 (bytes)
  Number of section headers:         22
  Section header string table index: 19

Section Headers:
  [Nr] Name              Type            Addr     Off    Size   ES Flg Lk Inf Al
  [ 0]                   NULL            00000000 000000 000000 00      0   0  0
  [ 1] .spc0             PROGBITS        bfc08000 041dfc 000190 00 WAX  0   0  4
  [ 2] .spc1             PROGBITS        bfc08a00 041f8c 000000 00   W  0   0  1
  [ 3] .spc2             PROGBITS        bfc08c04 041f8c 000000 00   W  0   0  1
  [ 4] .spc3             PROGBITS        00000000 041f8c 000000 00   W  0   0  1
  [ 5] .spd0             PROGBITS        90008000 041f8c 000000 00   W  0   0  1
  [ 6] .spd1             PROGBITS        90008a00 041f8c 000000 00   W  0   0  1
  [ 7] .spd2             PROGBITS        90008c04 041f8c 000000 00   W  0   0  1
  [ 8] .spd3             PROGBITS        00000000 041f8c 000000 00   W  0   0  1
  [ 9] .exception        PROGBITS        80000180 0000b4 000158 00  AX  0   0  1
  [10] .boot             PROGBITS        80010000 000220 000070 00  AX  0   0  4
  [11] .text             PROGBITS        80010080 0002a0 03b67d 00  AX  0   0 32
  [12] __ex_table        PROGBITS        8004b700 03b920 000010 00   A  0   0  4
  [13] .primaryboot      PROGBITS        8004b710 03b930 00023c 00  AX  0   0  4
  [14] .libz             PROGBITS        8004b94c 03bb6c 000cc8 00  WA  0   0  4
  [15] .data             PROGBITS        8004c614 03c834 004b8c 00  WA  0   0  4
  [16] .CpuVars          PROGBITS        800511a0 0413c0 000a3c 00  WA  0   0  4
  [17] .sbss             NOBITS          80051bdc 041dfc 0000d8 00 WAp  0   0  4
  [18] .bss              NOBITS          80051cb4 041dfc 00897c 00  WA  0   0  4
  [19] .shstrtab         STRTAB          00000000 041f8c 00009a 00      0   0  1
  [20] .symtab           SYMTAB          00000000 042398 004380 10     21  38  4
  [21] .strtab           STRTAB          00000000 046718 004689 00      0   0  1
Key to Flags:
  W (write), A (alloc), X (execute), M (merge), S (strings)
  I (info), L (link order), G (group), x (unknown)
  O (extra OS processing required) o (OS specific), p (processor specific)

There are no section groups in this file.

Program Headers:
  Type           Offset   VirtAddr   PhysAddr   FileSiz MemSiz  Flg Align
  LOAD           0x0000b4 0x80000180 0x80000180 0x00158 0x00158 R E 0x1
  LOAD           0x000220 0x80010000 0x80010000 0x3b94c 0x3b94c R E 0x20
  LOAD           0x03bb6c 0x8004b94c 0x8004b94c 0x06290 0x0ece4 RW  0x4
  LOAD           0x041dfc 0xbfc08000 0xbfc08000 0x00190 0x00190 RWE 0x4

 Section to Segment mapping:
  Segment Sections...
   00     .exception
   01     .boot .text __ex_table .primaryboot
   02     .libz .data .CpuVars .sbss .bss
   03     .spc0

There is no dynamic section in this file.

There are no relocations in this file.

There are no unwind sections in this file.

Symbol table '.symtab' contains 1080 entries:
   Num:    Value  Size Type    Bind   Vis      Ndx Name
     0: 00000000     0 NOTYPE  LOCAL  DEFAULT  UND
     1: bfc08000     0 SECTION LOCAL  DEFAULT    1
     2: bfc08a00     0 SECTION LOCAL  DEFAULT    2
     3: bfc08c04     0 SECTION LOCAL  DEFAULT    3
     4: 00000000     0 SECTION LOCAL  DEFAULT    4
     5: 90008000     0 SECTION LOCAL  DEFAULT    5
     6: 90008a00     0 SECTION LOCAL  DEFAULT    6
     7: 90008c04     0 SECTION LOCAL  DEFAULT    7
     8: 00000000     0 SECTION LOCAL  DEFAULT    8
     9: 80000180     0 SECTION LOCAL  DEFAULT    9
    10: 80010000     0 SECTION LOCAL  DEFAULT   10
    11: 80010080     0 SECTION LOCAL  DEFAULT   11
    12: 8004b700     0 SECTION LOCAL  DEFAULT   12
    13: 8004b710     0 SECTION LOCAL  DEFAULT   13
    14: 8004b94c     0 SECTION LOCAL  DEFAULT   14
    15: 8004c614     0 SECTION LOCAL  DEFAULT   15
    16: 800511a0     0 SECTION LOCAL  DEFAULT   16
    17: 80051bdc     0 SECTION LOCAL  DEFAULT   17
    18: 80051cb4     0 SECTION LOCAL  DEFAULT   18
    19: 00000000     0 SECTION LOCAL  DEFAULT   21
    20: 00000000     0 SECTION LOCAL  DEFAULT   22
    21: 00000000     0 SECTION LOCAL  DEFAULT   23
    22: bfc08000     0 SECTION LOCAL  DEFAULT    1
    23: bfc08a00     0 SECTION LOCAL  DEFAULT    2
    24: bfc08c04     0 SECTION LOCAL  DEFAULT    3
    25: 90008000     0 SECTION LOCAL  DEFAULT    5
    26: 90008a00     0 SECTION LOCAL  DEFAULT    6
    27: 90008c04     0 SECTION LOCAL  DEFAULT    7
    28: 80000180     0 SECTION LOCAL  DEFAULT    9
    29: 80010000     0 SECTION LOCAL  DEFAULT   10
    30: 80010080     0 SECTION LOCAL  DEFAULT   11
    31: 8004b700     0 SECTION LOCAL  DEFAULT   12
    32: 8004b710     0 SECTION LOCAL  DEFAULT   13
    33: 8004b94c     0 SECTION LOCAL  DEFAULT   14
    34: 8004c614     0 SECTION LOCAL  DEFAULT   15
    35: 800511a0     0 SECTION LOCAL  DEFAULT   16
    36: 80051bdc     0 SECTION LOCAL  DEFAULT   17
    37: 80051cb4     0 SECTION LOCAL  DEFAULT   18
    38: 00000000     0 FILE    LOCAL  DEFAULT  ABS Os/Gpio/Gpio.c
............
 1079: 800514bc     4 NOTYPE  GLOBAL DEFAULT   16 _tx_byte_pool_created_count

No version information found in this file.



both elf files are loaded well into IDA if mipsl processor selected

[mx3]

stylus730
u810
u1200


CPU: ARM

[mx3]

I meant You know the name of BIN file how it was downloaded from WEB serer.
Olympus Master places it into camera.
I'm sure it copy it over USB with the name wich is different from original one (FAT system. Long names. it is a hunch)

I'm sure name must be short and the same for different updates.
the only way to found out it - analyse FW file (disassemble it)
anyway we are speaking about "Plan A" - placing modified firmware into camera.
do you have already update file wich you would like to test?

oh yes ok i understand now, would it help formatting it to fat32 or will that not make a difference? i dont think it will because as you say olympus master will rename it to something shorter to update.

i do not have an update to test yet though, i was just thinking ahead incase we cant reupload it. because if we cant reupload it theres no point modifying it

I have seen on other forum mention of file name on card:
{card}:\firmware\firmware.bin

topic was dedicated to sp310, sp320, sp350
I'm not sure it will work with FE series but all Olympus cameras are updated using "olympus master" so it is logical that program places update file either with the same name to all cameras or with the name wich is unique to each camera

update:

Olympus firmware upgrade - the truth
the same instructions for old cameras

[mx3]

bin_extract PRE_E_008_1102_0000_0000.dec.part6.res 16a00 561000 PRE_E_008_1102_0000_0000.dec.part6.img

creates image wich can be handled by winimage tool

successfully extracted 472 files

[kLOTTiS]

Sorry mx3, I have been away for some time, am still trying to modify the FE-210, I have found no way so far of updating without Olympus Master

[Altsoph]

TWIMC.
As i found, there are at least two different bytestuffing schemes for oly fw.
So, for e500 bs-scheme works like this:

encoded seq:
0123456789abcdef
decoded seq:
13026475ba98decf

Hope, this info helps somehow.
Proof decryptor (in PHP ) attached.

[mx3]

mju / E -series decryptor

[Altsoph]

[mx3]

other models

Code: [Select]

e3-0420

OLY_E_042_1201_0000_0000.BIN
model ver  len      flags
0420(1201) 00407FC0 40040000
0420(0100) 002E7FC0 40448000
0420(1105) 00018000 000E0000
____________________________
E330-0360

OLY_E_036_1200_0000_0000.BIN
model ver  len      flags
0360(1200) 006EFFC0 40030000

OLY_E_036_1301_0000_0000.BIN
model ver  len      flags
0360(1301) 006EFFC0 40030000
____________________________
E410-0480

OLY_E_048_1200_0000_0000.BIN
model ver  len      flags
0480(1200) 003A3FC0 40040000
0480(0100) 0034BFC0 403E4000

OLY_E_048_1301_0000_0000.BIN
model ver  len      flags
0480(1301) 003A3FC0 40040000
0480(0100) 0034BFC0 403E4000
____________________________
e500-0350

OLY_E_035_1303_0000_0000.BIN
model ver  len      flags
0350(1303) 006EFFC0 40030000
____________________________
E510-0410

OLY_E_041_1300_0000_0000.BIN
model ver  len      flags
0410(1300) 003A3FC0 40040000
0480(0100) 0034BFC0 403E4000
0410(0001) 00018000 000E0000
____________________________
e520-0590

OLY_E_059_1001_0000_0000.BIN
model ver  len      flags
0590(1001) 003F7FC0 40040000
0590(1000) 002E7FC0 40438000
0590(1001) 00018000 000E0000

OLY_E_059_1101_0000_0000.BIN
model ver  len      flags
0590(1101) 003F7FC0 40040000
0590(1000) 002E7FC0 40438000
0590(1001) 00018000 000E0000
____________________________
____________________________
umini.StylusV-0240

OLY_E_024_1100_0000_0000.BIN
model ver  len      flags
0240(1100) 0035FFC0 40020000
____________________________
uD800.S800-0320

OLY_E_032_1200_0000_0000.BIN
model ver  len      flags
0320(1200) 0023FFC0 60040000
0320(0812) 0007FFC0 603F0000
0320(0812) 0007FFC0 60470000
0320(0100) 0045FFC0 604F0000
____________________________
uD600.S600-0340

OLY_E_034_1100_0000_0000.BIN
model ver  len      flags
0340(1100) 0025FFC0 60040000
0340(0812) 0000FFC0 602A0000
0340(0812) 000AFFC0 602B0000
0340(0812) 0029FFC0 60360000
____________________________
u850SW.STYLUS850SW-0560

OLY_E_056_1101_0000_0000.BIN
model ver  len      flags
0560(1101) 0032FFC0 40040000
0560(0200) 004EFFC0 40590000
0560(0200) 0009FFC0 40370000
0560(0200) 0017FFC0 40410000
0560(0100) 000AFFC0 40A80000
0560(0400) 0002FFC0 40B30000

OLY_E_056_1202_0000_0000.BIN
model ver  len      flags
0560(1202) 0032FFC0 40040000
0560(0200) 004EFFC0 40590000
0560(0200) 0009FFC0 40370000
0560(0200) 0017FFC0 40410000
0560(0100) 000AFFC0 40A80000
0560(0400) 0002FFC0 40B30000
____________________________
u840.STYLUS840-0520

OLY_E_052_1101_0000_0000.BIN
model ver  len      flags
0520(1101) 0032FFC0 40040000
0520(0100) 004EFFC0 40590000
0520(0100) 0009FFC0 40370000
0520(0100) 0017FFC0 40410000
0520(0100) 000AFFC0 40A80000
0520(0100) 0002FFC0 40B30000

OLY_E_052_1202_0000_0000.BIN
model ver  len      flags
0520(1202) 0032FFC0 40040000
0520(0100) 004EFFC0 40590000
0520(0100) 0009FFC0 40370000
0520(0100) 0017FFC0 40410000
0520(0100) 000AFFC0 40A80000
0520(0100) 0002FFC0 40B30000
____________________________
u830.STYLUS830-0510

OLY_E_051_1005_0000_0000.BIN
model ver  len      flags
0510(1005) 0034FFC0 40040000
0510(0700) 004EFFC0 40590000
0510(0700) 0007FFC0 40390000
0510(0700) 0017FFC0 40410000
0510(0700) 000AFFC0 40A80000
0510(1000) 0001FFC0 40B30000
0510(0001) 00005000 0000B000
____________________________
u795SW.STYLUS795SW-0500

OLY_E_050_1004_0000_0000.BIN
model ver  len      flags
0500(1004) 0037FFC0 40040000
0500(0200) 004EFFC0 405C0000
0500(0200) 0007FFC0 403C0000
0500(0200) 0017FFC0 40440000
0500(0100) 000AFFC0 40AB0000
0500(0400) 0001FFC0 40B60000
____________________________
u790SW.STYLUS790SW-0490

OLY_E_049_1002_0000_0000.BIN
model ver  len      flags
0490(1002) 0037FFC0 40040000
0490(0200) 004EFFC0 405C0000
0490(0200) 0007FFC0 403C0000
0490(0200) 0017FFC0 40440000
0490(0100) 000AFFC0 40AB0000
0490(0400) 0001FFC0 40B60000

OLY_E_049_1101_0000_0000.BIN
model ver  len      flags
0490(1101) 0037FFC0 40040000
0490(0200) 004EFFC0 405C0000
0490(0200) 0007FFC0 403C0000
0490(0200) 0017FFC0 40440000
0490(0100) 000AFFC0 40AB0000
0490(0400) 0001FFC0 40B60000
____________________________
u780.STYLUS780-0470

OLY_E_047_1100_0000_0000.BIN
model ver  len      flags
0470(1100) 0037FFC0 40040000
0470(0200) 0007FFC0 403C0000
0470(0200) 0017FFC0 40440000
0470(0200) 004EFFC0 405C0000
0470(0100) 000AFFC0 40AB0000
0470(0400) 0001FFC0 40B60000
0470(0001) 00005000 0000B000
____________________________
u770.STYLES770SW-0450

OLY_E_045_1102_0000_0000.BIN
model ver  len      flags
0450(1102) 0039FFC0 60040000
0450(0200) 0007FFC0 603E0000
0450(0200) 0017FFC0 60460000
0450(0200) 004EFFC0 605E0000
0450(0100) 000AFFC0 60AD0000
0450(0400) 0001FFC0 60B80000
____________________________
u760.STYLES760-0460

OLY_E_046_1102_0000_0000.BIN
model ver  len      flags
0460(1102) 0039FFC0 60040000
0460(0200) 0007FFC0 603E0000
0460(0200) 0017FFC0 60460000
0460(0200) 004EFFC0 605E0000
0460(0100) 000AFFC0 60AD0000
0460(0400) 0001FFC0 60B80000
0460(0001) 00004000 0000C000
____________________________
u740_750.STYLUS740_750-0430

OLY_E_043_1009_0000_0000.BIN
model ver  len      flags
0430(1009) 0035FFC0 40040000
0430(0001) 0007FFC0 403A0000
0430(0001) 0017FFC0 40420000
0430(0001) 004EFFC0 405A0000
0430(0100) 000AFFC0 40A90000
0430(0400) 0001FFC0 40B40000
____________________________
u725SW.STYLUS725SW-0440

OLY_E_044_1001_0000_0000.BIN
model ver  len      flags
0440(1001) 003BFFC0 60040000
0440(0200) 0007FFC0 60400000
0440(0200) 0012FFC0 60480000
0440(0200) 0033FFC0 605B0000
0440(0100) 000AFFC0 608F0000
____________________________
u720SW.Stylus720SW-0370

OLY_E_037_1100_0000_0000.BIN
model ver  len      flags
0370(1100) 003BFFC0 60040000
0370(0200) 0007FFC0 60400000
0370(0200) 0012FFC0 60480000
0370(0200) 0033FFC0 605B0000
0370(0100) 000AFFC0 608F0000
____________________________
u710.Stylus710.u700.Stylus700-0390

OLY_E_039_1102_0000_0000.BIN
model ver  len      flags
0390(1102) 003BFFC0 60040000
0390(0100) 0007FFC0 60400000
0390(0100) 0012FFC0 60480000
0390(0100) 0033FFC0 605B0000
0390(0100) 000AFFC0 608F0000
____________________________
u1030SW.STYLUS1030SW-0550

OLY_E_055_1102_0000_0000.BIN
model ver  len      flags
0550(1102) 0032FFC0 40040000
0550(0200) 004EFFC0 40590000
0550(0200) 0009FFC0 40370000
0550(0200) 0017FFC0 40410000
0550(0100) 000AFFC0 40A80000
0550(0400) 0002FFC0 40B30000

OLY_E_055_1202_0000_0000.BIN
model ver  len      flags
0550(1202) 0032FFC0 40040000
0550(0200) 004EFFC0 40590000
0550(0200) 0009FFC0 40370000
0550(0200) 0017FFC0 40410000
0550(0100) 000AFFC0 40A80000
0550(0400) 0002FFC0 40B30000
____________________________
u1020.STYLUS1020-0530

OLY_E_053_1101_0000_0000.BIN
model ver  len      flags
0530(1101) 0032FFC0 40040000
0530(0100) 004EFFC0 40590000
0530(0100) 0009FFC0 40370000
0530(0100) 0017FFC0 40410000
0530(0100) 000AFFC0 40A80000
0530(0100) 0002FFC0 40B30000

OLY_E_053_1202_0000_0000.BIN
model ver  len      flags
0530(1202) 0032FFC0 40040000
0530(0100) 004EFFC0 40590000
0530(0100) 0009FFC0 40370000
0530(0100) 0017FFC0 40410000
0530(0100) 000AFFC0 40A80000
0530(0100) 0002FFC0 40B30000
____________________________
u1010.Stylus1010-0540

OLY_E_054_1101_0000_0000.BIN
model ver  len      flags
0540(1101) 0032FFC0 40040000
0540(0100) 004EFFC0 40590000
0540(0100) 0009FFC0 40370000
0540(0100) 0017FFC0 40410000
0540(0100) 000AFFC0 40A80000
0540(0100) 0002FFC0 40B30000

OLY_E_054_1202_0000_0000.BIN
model ver  len      flags
0540(1202) 0032FFC0 40040000
0540(0100) 004EFFC0 40590000
0540(0100) 0009FFC0 40370000
0540(0100) 0017FFC0 40410000
0540(0100) 000AFFC0 40A80000
0540(0100) 0002FFC0 40B30000
____________________________
u-miniS.StylusVS-0310

OLY_E_031_1000_0000_0000.BIN
model ver  len      flags
0310(1000) 0037FFC0 40020000
____________________________
u-40.STYLUS.uDIGITAL500-0280

OLY_E_028_1101_0000_0000.BIN
model ver  len      flags
0280(1101) 0035FFC0 40020000

[Altsoph]

New topic for e and mju series started here:
Olympus e/mju/stylus series FW analysis