Where are the strings for menus in original fw?

kwf

72

Where are the strings for menus in original fw?

« on: 07 / March / 2008, 19:27:48 »

Advertisements

I just thought that it might help to find some new interesting functions by finding those strings but could not find any... Am i blind? Or is there maybe another flash? I searched for these strings in the a570is fw.

I couldn't find any data which looked like icons which must be somewhere too...

Logged

DataGhost

314
EOS 40D, S5IS

Re: Where are the strings for menus in original fw?

« Reply #1 on: 08 / March / 2008, 09:21:57 »

At least the S-series *DO* have the language strings in the firmware. I've seen and compared both S5IS and A720 firmwares, the A720 does not seem to have any language strings in them, which is also what you concluded. Still, on the S5IS, I have been unable to locate the functions / offsets responsible for properly showing the proper strings. I guess they're using some odd data structure to keep the pointers in, as they are not discovered by IDA. This means that even with the strings, the task will be pretty tough, and also because of this, I can't look up where the strings should be on the A-series.

Logged

whim

2046
A495/590/620/630 ixus70/115/220/230/300/870 S95

Re: Where are the strings for menus in original fw?

« Reply #2 on: 08 / March / 2008, 10:09:59 »

I loaded a primary570.bin into my BinText and there's plenty of strings. The strings as text file and the utility
are attached. BTW BinText is only 1/7 times the size of the text file (35 KB vs. 247 KB) It's Windows though,
hope you can run it.

wim

PRIMARY570.txt (246.85 kB - downloaded 248 times.)

bintext.exe (34.5 kB - downloaded 65 times.)

« Last Edit: 08 / March / 2008, 10:15:30 by whim »

Logged

*Wikia FAQ *GCC Compiler Shell for Windows

kwf

72

Re: Where are the strings for menus in original fw?

« Reply #3 on: 08 / March / 2008, 14:15:06 »

Quote from: whim on 08 / March / 2008, 10:09:59

I loaded a primary570.bin into my BinText and there's plenty of strings. The strings as text file and the utility
are attached. BTW BinText is only 1/7 times the size of the text file (35 KB vs. 247 KB) It's Windows though,
hope you can run it.

wim

yes, sure there are plenty of strings. But i could not find the language strings for menu items etc...

Logged

GrAnd

916
[A610, S3IS]

Re: Where are the strings for menus in original fw?

« Reply #4 on: 08 / March / 2008, 16:20:06 »

In firmware updates the language strings are located in a file "UIRes.bin" (resources).
For cameras with the starting address 0xFF810000 that resources seems to be located above the main firmware. For rest cameras - I do not know where. Maybe below the firmware?

« Last Edit: 09 / March / 2008, 06:18:16 by GrAnd »

Logged

CHDK Developer.

DataGhost

314
EOS 40D, S5IS

Re: Where are the strings for menus in original fw?

« Reply #5 on: 08 / March / 2008, 18:24:09 »

That seems logical, considering that the firmware takes up 0xFFC00000 - 0xFFFFFFFF

The thing is just... where, and how are they referenced. I think that's more important than finding the strings, since they look pretty useless so far.

Logged

kwf

72

Re: Where are the strings for menus in original fw?

« Reply #6 on: 08 / March / 2008, 18:42:26 »

I have looked in the full 4MB dump starting at 0xFFC00000, but could not find the strings, maybe hidden in unicode or compressed? Only other possibility i see is that there is another flash region hidden. I checked directly below firmware beginning but the camera hang up, so i guess there is no memory there.

But i have found the strings now in the 32 MB ram dump now (starting at 0x0..).

Logged

jetzt

316
[A710IS,(SD200)]

Re: Where are the strings for menus in original fw?

« Reply #7 on: 09 / March / 2008, 09:50:34 »

Maybe they're really somehow compressed?
Did you check any other dumps?
As you said that is ram, so there has to be some function that loads the strings there?
Shall I look for such a function?

Logged

kwf

72

Re: Where are the strings for menus in original fw?

« Reply #8 on: 09 / March / 2008, 17:16:45 »

@jetzt:
Only checked A570 dumps. Also tried to look for a function that accesses the strings, on the first look i could not find one, but if its done dynamic its not so easy to see.

Logged

kwf

72

Re: Where are the strings for menus in original fw?

« Reply #9 on: 11 / March / 2008, 12:32:04 »

An idea how to find the strings/bitmaps etc.:

Does someone know something like a resource extractor for firmware binaries. I know there is something like that for windows binaries. Window binaries have some standardized structures so its easy to find the resources.

But in principle something like that should exist for pure binaries as well, e.g. the tool "strings" extracts ASCII strings. It is just an heuristic: more than x printable bytes ended by an zero byte are probably a string. Extracting other resources may work similar maybe also searching for magic bytes. If you know how e.g. compressed, bitmap and maybe sound data look like you could extract them by that way. Likely there will be some false positives, but thats okay. Does a program like that exist?

Logged