The stuff that happens in hardware also needs to be coded... something which likely happens in firmware. I've seen some things happen that are probably handled by other chips in the camera (0xC0200000 memory area for example) but I still see the majority of stuff happen in the firmware itself. For the S5IS, the amount of code surrounding the image shooting is HUGE, with probably just a couple of ops actually telling the sensor to shoot. Besides that, everything seems to be done by the firmware.
Ok, you obviously have more experience than me (I just got an A570 IS today, so that I can play with it).
My main camera is a Rebel 300D, but this project seems very interesting, so I decided to give it a try.
Anyway, my understanding of how it works is this:
Hardware:
Set the sensor parameters (iso, exposure)
Read the image from the sensor (probably done by some DMA)
Demosaicing
Face detection
Jpeg/Avi compression
Color filters/special effects (it can be done in software too, but dedicated hardware can do it much faster)
Auto focus, exposure (dedicated hardware can do it faster)
Image sharpening (again, hardware can do it faster)
Dark frame substraction.
Noise reduction.
A/V out.
Software:
Reading the buttons
Displaying the whole GUI stuff (menus, grids, etc.)
USB related stuff (but not the USB protocol implementation, that's usually done by an USB controller chip)
Reading/writting files.
Controlling various I/O stuff (LEDs, motors)
Intervalometer.
Since you did more hacking then me, please let me know if I am wrong. It would be much better if those who hacked more can make some sort of wiki with all their knowledge on the subject.
Well, they are. Granted, a great deal about some hardware can be learned from the drivers, but the firmware is a completely different thing. From a driver you can learn how to just talk to the device/firmware, from the firmware you can learn how to actually operate it.
The way I see it, both the drivers and the firmware's purpose is to interface the hardware with something (software, hardware, or the end user).
Since the firmware of a camera does the interface between the hardware and the user (rather than interfacing the hardware with a software, like in the case of a sound or video card), the firmware of the camera does more than the drivers do, so they are obviously not the same.
But on the other hand, they both do the interfacing with the hardware, and that's what we are really interested about, no?
A binary does not contain readable variable names (none at all, actually) from which the behaviour of a function may be determined. It also does not contain any source code comments which will probably tell you how to operate a function, what it does and what values it returns. It is a LOT more difficult to figure out what the camera does from a binary than source.
Oh yeah, and because of some limitations in the ARM architecture, it's very hard to find out where a specific memory address is used, since it's usually composed of a base address with an offset.
Yes, I know all that, I used to program in assembly (x86) for a few years. But reverse engineering is possible with enough effort. And the Chinese people (and Russians too) are pretty good at it.
I was reading an article on how in China they have teams of software and hardware hackers, and in as little as 1 month since a product comes on the market, they already have that product cloned.