EOS 550D / T2i / Kiss X4

Zibri

Rookie

Offline

Posts: 38

« Reply #45 on: 01 / August / 2010, 14:26:33 »

The updater just copies the fir file on the sdcard root then launches the built-in update routine.

I dissected all the SDK DLL searching for undocumented things.. I found a few, but nothing relevant.


	Logged

Zibri

Rookie

Offline

Posts: 38

Re: EOS 550D / T2i / Kiss X4

« Reply #46 on: 01 / August / 2010, 14:34:19 »

Code:

(e8kr7108.fir)
---flasher1---
0x000: modelId = 0x80000270, (550D/T2i, DryOS)
0x010: version = 1.0.8
0x020: cheksum = 0xb783b90c OK
0x024: flasher1 header start = 0xb0
0x028: flasher1 payload start = 0x120
0x02c: flasher2 start = 0xffffffff
0x030: firmware start = 0x1beb40
0x034: 0xffffffff
0x038: file size = 0x918b9c (9.538.460 bytes) OK
0x03c: 0x0
0x040: xor seed = 0x76293ff4
0x044: 0x00000004 0x00000000 0x00000020 0x00000024
0x054: 0x00000044 0x000000b0
0x05c: fw start-0xb0 ??? 0x1bea90
0x060: firmware start = 0x1beb40
0x064: firmware length = 0x75a05c
0x068: hmac-sha1 = 029090f19224f258cfdfe4d61c4f73c0af0def7c
0x088: hmac-sha1 = 7698c8436744945e762bcf0a96935c17e973636f
0x09c - 0x0af: 0x0
---flasher1 header---
0x0b0: flasher1 payload length = 0x1bea20 starts at 0x120
0x0b4: flasher1 ??? = 0x1bea20
0x0b8: 0x0
0x0bc: xor seed = 0x87353d20
---flasher1 payload---
0x120 - 0x1beb3f: (ciphered data)
---firmware---
0x1beb40: (+0x000), firmware header start = 0xc
0x1beb44: (+0x004), firmware payload start = 0x7c
0x1beb48: (+0x008), total firmware length = 0x75a05c. starts at 0x1beb40
---firmware header---
0x1beb4c: (+0x00c), firmware payload length = 0x759fe0
0x1beb50: (+0x010), firmware ??? = 0x759fda
0x1beb54: (+0x014), 0x0
---firmware payload---
0x1bebbc (+0x07c) - 0x918b9b: (encrypted data)


	Logged

Zibri

Rookie

Offline

Posts: 38

Re: EOS 550D / T2i / Kiss X4

« Reply #47 on: 01 / August / 2010, 14:40:33 »

It seems someone hacked / decrypted and re-encrypted the firmware!


Magic Lantern - 550D/T2i port

Where to get more infos on how to decrypt/modify it?


	Logged

arm.indiana

Rookie

Offline

Posts: 15

Re: EOS 550D / T2i / Kiss X4

« Reply #48 on: 01 / August / 2010, 15:11:06 »

just read this
http://groups.google.com/group/ml-devel/browse_thread/thread/f87188ddff2cf50


	Logged

arm.indiana

Rookie

Offline

Posts: 15

Re: EOS 550D / T2i / Kiss X4

« Reply #49 on: 14 / August / 2010, 11:07:51 »

Quote from: Tarren on 08 / July / 2010, 20:48:05

Quote from: holamanola on 08 / July / 2010, 18:19:50

New firmware update!

Download it here:

http://www.canonrumors.com/2010/07/rebel-t2i550d-firmware-1-0-8/

I updated the firmware on the Kiss 4 Japanese model, with 1.0.8..........to no avail.

Only Japanese and English in the menu Sad

I'm very surprised, but there are functions in 550d/Kiss 4 (1.0. Cool

called "LimitLangJapan" (0xFF0978BC)
and "LimitLangOther" (0xFF097908). I strongly suspect it is to restrict available languages for models sold in Japan... which are cheaper than anywhere in the world.

Arm.Indy


	Logged

arm.indiana

Rookie

Offline

Posts: 15

Re: EOS 550D / T2i / Kiss X4

« Reply #50 on: 14 / August / 2010, 11:13:19 »

Quote from: Zibri on 01 / August / 2010, 14:34:19

Code:

prefer the original tool = fir_tool.py, this one above is buggy and incomplete.
See http://groups.google.com/group/ml-devel/browse_thread/thread/79f08172a021fae3#

Arm.Indy


	Logged

manarak

Newbie

Offline

Posts: 1

Re: EOS 550D / T2i / Kiss X4

« Reply #51 on: 29 / August / 2010, 09:59:58 »

Hello all

Thank you for trying to improve the 550D's firmware.
I found this page because I am quite desperate for activating the AF microadjustment feature on my 550D.

Best of luck!


	Logged

Pages: Prev 1 2 3 [4] Go Up

« previous next »

	Author	Topic: EOS 550D / T2i / Kiss X4 (Read 4494 times)
0 Members and 1 Guest are viewing this topic.