Where are the strings for menus in original fw?

[kwf]

I just thought that it might help to find some new interesting functions by finding those strings but could not find any... Am i blind? Or is there maybe another flash? I searched for these strings in the a570is fw.

I couldn't find any data which looked like icons which must be somewhere too...

[DataGhost]

At least the S-series *DO* have the language strings in the firmware. I've seen and compared both S5IS and A720 firmwares, the A720 does not seem to have any language strings in them, which is also what you concluded. Still, on the S5IS, I have been unable to locate the functions / offsets responsible for properly showing the proper strings. I guess they're using some odd data structure to keep the pointers in, as they are not discovered by IDA. This means that even with the strings, the task will be pretty tough, and also because of this, I can't look up where the strings should be on the A-series.

[whim]

I loaded a primary570.bin into my BinText and there's plenty of strings. The strings as text file and the utility
are attached. BTW BinText is only 1/7 times the size of the text file (35 KB vs. 247 KB) It's Windows though,
hope you can run it.

wim

[kwf]

I loaded a primary570.bin into my BinText and there's plenty of strings. The strings as text file and the utility
are attached. BTW BinText is only 1/7 times the size of the text file (35 KB vs. 247 KB) It's Windows though,
hope you can run it.

wim

yes, sure there are plenty of strings. But i could not find the language strings for menu items etc...

[GrAnd]

In firmware updates the language strings are located in a file "UIRes.bin" (resources).
For cameras with the starting address 0xFF810000 that resources seems to be located above the main firmware. For rest cameras - I do not know where. Maybe below the firmware?

[DataGhost]

That seems logical, considering that the firmware takes up 0xFFC00000 - 0xFFFFFFFF The thing is just... where, and how are they referenced. I think that's more important than finding the strings, since they look pretty useless so far.

[kwf]

I have looked in the full 4MB dump starting at 0xFFC00000, but could not find the strings, maybe hidden in unicode or compressed? Only other possibility i see is that there is another flash region hidden. I checked directly below firmware beginning but the camera hang up, so i guess there is no memory there.

But i have found the strings now in the 32 MB ram dump now (starting at 0x0..).

[jetzt]

Maybe they're really somehow compressed?
Did you check any other dumps?
As you said that is ram, so there has to be some function that loads the strings there?
Shall I look for such a function?

[kwf]

@jetzt:
Only checked A570 dumps. Also tried to look for a function that accesses the strings, on the first look i could not find one, but if its done dynamic its not so easy to see.

[kwf]

An idea how to find the strings/bitmaps etc.:

Does someone know something like a resource extractor for firmware binaries. I know there is something like that for windows binaries. Window binaries have some standardized structures so its easy to find the resources.

But in principle something like that should exist for pure binaries as well, e.g. the tool "strings" extracts ASCII strings. It is just an heuristic: more than x printable bytes ended by an zero byte are probably a string. Extracting other resources may work similar maybe also searching for magic bytes. If you know how e.g. compressed, bitmap and maybe sound data look like you could extract them by that way. Likely there will be some false positives, but thats okay. Does a program like that exist?