A550 Porting...

[muttley]

I made dump of firmware many times and now it's stable and don't change...I used blink g7.

Now i would compile CHDK source, but i don't understand how modify boot.c file, lib.c, stubs_entry_2.S and others file.

I have ARM compiler, CHDK source code, IDA and firmware dump...
How to use IDA for find part of code needed for compilation ?!? 

I have read: Adding support of a new camera - CHDK Wiki and Loading dump to IDA - CHDK Wiki

but don't understand WHERE and WHAT find with ida?!?

I try to compile with folder of a630 (similar p-id) but don't find many function at the end of compilation time 

i had made also a wiki page: A550 - CHDK Wiki

HELP...PLEASE!!

p.s. sorry for my english 

[GrAnd]

I made dump of firmware many times and now it's stable and don't change...

Where can I have it? Please upload it somewhere and post the link here.

[Divalent]

I made dump of firmware many times and now it's stable and don't change...

Where can I have it? Please upload it somewhere and post the link here.

And also put a link to the FW on the Wiki page that you created so that others can find it (and know that it exists)

[muttley]

this is the link: http://rapidshare.com/files/79372562/OriginalFirmware_a550v100c.rar.html

...but if you can...i would learn how to complete my port. Thanks...thanks!!!

[ctrl-alt-canc]

Hi I'm new in this forum
I have an a550 and I'd like to contribute in porting the chdk to this camera.
Here's what I did until now:
-installed arm-elf-gcc
-downloaded the firmware
-created an a550 directory in /loader and /platform and copied the files from the a560 directory
-copied the firmware in /100c directory and renamed PRIMARY.BIN
-modified makefile.inc with 12624 (0x3150) as P-ID
-successfully compiled the trunk version for the a550
but when I put the files in the SD card and try to start the chdk the camera stops responding and I have to remove the batteries. I think it's normal, now it's time to disassemble the firmware.
ida does not work on my PC (don't know why) so I've used arm-elf-objdump to disassemble the firmware.

Now the questions:
-after rebooting the camera I find a file UpgradeLog.txt that contains 88 bytes of binary data, is that normal?
-now what I have to do? what I need to find in the disassembled firmware to get the chdk working?

Last thing:
When looking into the binary firmware with I found a link to a website hidden between binary data, to find it open the a550 firmware with an editor like khexedit and search "www.". Do somebody think it may be useful?

[muttley]

I can't help, but try to respond:

-after rebooting the camera I find a file UpgradeLog.txt that contains 88 bytes of binary data, is that normal?

yes, it's normal...always you execute a fir on your canon this file is generated. I don't think is import for us.

-When looking into the binary firmware with I found a link to a website hidden between binary data, to find it open the a550 firmware with an editor like khexedit and search "www.". Do somebody think it may be useful?

It's present in all others canon's firmware, it's only an about/help or like this...

Is there anyone that help us to understand the code disassembled by IDA...
I know enought ASM x86 (ARM...no problem), but in 4 MB i don't know WHERE & WHAT search!

While I'm waiting...I have redumping the firmware and find some error in previous!

THIS IS THE FINAL...I HOPE: http://rapidshare.com/files/81300076/dump0xFFC00000.rar.html
(four dump with blink g7, always the same)

[muttley]

boot.c is now ok...i hope!
I'm start from kernelinit and walking back in IDA...

void boot()
{
    long *canon_data_src = (void*)0xFFEEB4D0;
    long *canon_data_dst = (void*)0x1900;
    long canon_data_len = 0xB540;
    long *canon_bss_start = (void*)0xCE40; // just after data
    long canon_bss_len = 0x9F2B0 - 0xCE40;
    long i;

  ...


void h_usrInit()
{
    asm volatile (
      "STR     LR, [SP,#-4]!\n"
      "BL      sub_FFC01968\n"
      "MOV     R0, #2\n"
      "MOV     R1, R0\n"
      "BL      sub_FFCC1CEC\n"      //unknown_libname_201
      "BL      sub_FFCB6DB8\n"      //excVecInit
      "BL      sub_FFC011C4\n"
      "BL      sub_FFC01728\n"
      "LDR     LR, [SP],#4\n"
      "B       h_usrKernelInit\n"
    );
}

void  h_usrKernelInit()
{
    asm volatile (
      "STMFD   SP!, {R4,LR}\n"
      "SUB     SP, SP, #8\n"
      "BL      sub_FFCC21EC\n"      //classLibInit
      "BL      sub_FFCD2318\n"      //taskLibInit
      "LDR     R3, =0x4E60\n"
      "LDR     R2, =0x9C4C0\n"
      "LDR     R1, [R3]\n"
      "LDR     R0, =0x9D010\n"
      "MOV     R3, #0x100\n"
      "BL      sub_FFCCDF08\n"      //qInit
      "LDR     R3, =0x4E20\n"
      "LDR     R0, =0x51C0\n"
      "LDR     R1, [R3]\n"
      "BL      sub_FFCCDF08\n"      //qInit
      "LDR     R3, =0x4EDC\n"
      "LDR     R0, =0x9CFE4\n"
      "LDR     R1, [R3]\n"
      "BL      sub_FFCCDF08\n"      //qInit
      "BL      sub_FFCD66D4\n"      //workQInit
      "BL      sub_FFC012B0\n"
      "MOV     R4, #0\n"
      "MOV     R3, R0\n"
      "MOV     R12, #0x800\n"
      "LDR     R0, =h_usrRoot\n"
      "MOV     R1, #0x4000\n"
      "LDR     R2, =0xCF2B0\n"   // 0x9F2B0 + 0x30000
      "STR     R12, [SP]\n"
      "STR     R4, [SP,#4]\n"
      "BL      sub_FFCCF558\n" //kernelInit
      "ADD     SP, SP, #8\n"
      "LDMFD   SP!, {R4,PC}\n"
    );
}
...

void  h_usrRoot()
{
    asm volatile (
      "STMFD   SP!, {R4,R5,LR}\n"
      "MOV     R5, R0\n"
      "MOV     R4, R1\n"
      "BL      sub_FFC019D0\n"
      "MOV     R1, R4\n"
      "MOV     R0, R5\n"
      "BL      sub_FFCC6CA4\n"      //memInit
      "MOV     R1, R4\n"
      "MOV     R0, R5\n"
      "BL      sub_FFCC771C\n"      //memPartLibInit
      //"BL      sub_FFC017E8\n"      //nullsub_1
      "BL      sub_FFC01704\n"
      "BL      sub_FFC01A0C\n"
      "BL      sub_FFC019F0\n"
      "BL      sub_FFC01A38\n"
      "BL      sub_FFC019C4\n"
    );

    _taskCreateHookAdd(createHook);
    _taskDeleteHookAdd(deleteHook);

    drv_self_hide();

    asm volatile (
      "LDMFD   SP!, {R4,R5,LR}\n"
      "B       sub_FFC0136C\n"      //IsEmptyWriteCache_2
    );
}

Well, lib.c and stubs_entry_2.S...I don't know how to find the missing fuction:

stubs_entry_2.S

#find in IDA
NHSTUB(Close,  0xFFCC5108)
NHSTUB(Remove, 0xFFCC549C)
 
#near unmount
NHSTUB(Mount_FileSystem, 0xFFE214C4)

#there are readv and writev?! ...is it the same?
NHSTUB(Read,   0xFFCC5334)
NHSTUB(Write,  0xFFCC53B0)

NHSTUB(kbd_read_keys_r2, 0xFF?)
NHSTUB(DisplayImagePhysicalScreen, 0xFF?)
NHSTUB(free, 0xFF?)
NHSTUB(SetZoomActuatorSpeedPercent, 0xFF?) //null stub

...for lib.c nothing...nothing...nothing 

[stranger]

First of all, I'm working on porting the A530.

muttley, your XREF hint on the wiki page was very helpful. ^_^  I think I have boot.c right now, though I was unsure about the boot() function, so I followed your example.  So hopefully you were right.

void boot()
{
    long *canon_data_src = (void*)0xFFEDE3C0;
    long *canon_data_dst = (void*)0x1900;
    long canon_data_len = 0xB8D0;
    long *canon_bss_start = (void*)0xD1D0;
    long canon_bss_len = 0x91C70 - 0xD1D0;

[...]

The line for canon_data_src looked like this, so I'm not sure. :

ROM:FFC0017C off_FFC0017C    DCD unk_FFEDE3C0        ; DATA XREF: ROM:FFC0010

Other than that, I'm now in the same boat.  I don't know where to start with lib.c, and I haven't found anything with IDA so far.  the lib.c from the A540 source code has some helpful-looking comments, but I still can't figure out how to find the right values.  (Some of them were commented out for some reason.  )

[commented out]
char *hook_raw_image_addr()
{
    return (char*)0x105B8AC0; // OK (find on ".crw")
}

long hook_raw_size()
{
    return 0x75A8F0; // OK (find on ".crw")
}

[commented out]

void *vid_get_bitmap_fb()
{
    return (void*)0x103C79A0; // OK (find in _CreatePhysicalVram)
}

void *vid_get_viewport_fb()
{
    return (void*)0x105F17A0; // OK (find on "VRAM Address  : %p")
}

void *vid_get_viewport_fb_d()
{
    return (void*)(*(int*)0x60BA0); // OK (find on "WBTblAdj.c")
}
[...]

Here is my stubs_entry_2.S, I guess I was lucky.  (It does look very much like stubs_entry_2.S from the A540 source.)  But I can't find free.  I know there is information about it in signatures.h and IDA looks for it.

#include "stubs_asm.h"

NHSTUB(VbattGet,  0xFFC1C000) //found w/ IDA
NHSTUB(free,  0xFFC0A748) //not found yet (used FreeMemory)

//null stub (S2/S3 only apparently)
NHSTUB(SetZoomActuatorSpeedPercent, 0xFFC017E8) //used nullsub_1

I've modified things similarly to how muttley has (A550 wiki page has more detail), and the rest is A560 code.  When I compile it and try to load it the LCD turns off, the power led blinks off briefly, the green viewfinder led blinks on briefly, then the LCD comes on again with the regular firmware.

Could someone perhaps give us some hints on how to find these things for lib.c and stubs_entry_2.S?   And muttley, if you've made any further progress or have any further insight I'd love to hear it.  I have a friend who is also interested in your A550 port for his camera.

[muttley]

i'm very happy that my work is helpful for someone...

...I hope someone help us for complete the porting     

Could someone perhaps give us some hints on how to find these things for lib.c and stubs_entry_2.S?

I would add only some word: pleaseeeeeeeeeeeeeeeee!!!

[muttley]

for stranger:

If you wanna find the canon_data_src address without error, it's enought a HexEditor.

Open your firmware (.bin) and search in ASCII-mode this string: start of data

example:

if you find the string at the address: 0x002EB4D4  (address of the lecter 's')
then the canon_data_src is: 0x002EB4D0

good luck!

p.s. I hope my senteces are right 

[muttley]

I have FINISHHH my port! 

http://www.zshare.net/download/640141362c95c5/

...but don't run 

I don't know why, i have complete boot.c, I have found all missing function and insert them in stubs_entry_2.S...

...lib.c is incomplete i have found 3 address:

void *vid_get_bitmap_fb()

void *vid_get_viewport_fb()

void *vid_get_viewport_fb_d()

loader is copyed by a560 as a rest of file in platform/a550 (less boot.c, makefile.inc, lib.c, stubs_min.S and stubs_entry_2.S)

BUT DON'T WORK!!!!
when i launch 'firmware update' my camera just switch off...

WHY!?!?

QUESTIONS:

- Is there a 'debug mode' or similar method to find the location of the error?!
- Am I forgetting something...some files??! u
Unfortunately the article Adding support of a new camera is incomplete and I don't know were broken my head 

[muttley]

Only an update:

makefile.inc, boot.c, lib.c, stubs_min.S and stubs_entry_2.S are modified!
...and firmware was trimmed.

all procedure is on Wiki page http://chdk.wikia.com/wiki/A550

[muttley]

NOW CHDK RUN!! 

...the problem was capt_seq.c, nobody say me it's necessary for start...and there isn't doc that say this!

THANK ROSSIG, for all support !!

now...another problem: i can't enter in ALT mode...eheheh, is there a function o part of code that i can view for resolve problem? 

[JTLG]

Got a link to the firmware?
Or all the bits in the code that were changed?
Maybe update the wiki page with the new snippet that makes it run now.

and also: Congrats, Nice work!!

Tom

[dusk]

First of all a huge congrats and "thank you!!!" for making this wonderful mod possible on A550. CHDK was something I really wanted to have for a long time.

Now what I understand is there is a working version available, right?

I really would like to try it here with my A550 and probably be some kind of help by writing my experience with it.

So if possible do you think you could provide us the files?

Thanks again. Great job.