SD870IS Firmware dumping - Firmware Dumping - CHDK Forum

SD870IS Firmware dumping

  • 60 Replies
  • 27516 Views
SD870IS Firmware dumping
« on: 07 / January / 2008, 12:47:29 »
Advertisements
I tried to cycle through memory locations of my SD870IS to find out the addresses of the LEDs but absolutely nothing append. The code search in the 0xC0220060-0xC02200FF memory pool but could it be possible that the LEDs addresses is locate in an other region ?!?

PS : I used the following code: http://forums.dpreview.com/forums/read.asp?forum=1010&message=24988142

Thanks !

*

Offline tommi2water

  • ***
  • 157
  • IXUS 220 HS Firmware: 1.00c
Re: SD870IS Firmware dumping
« Reply #1 on: 07 / January / 2008, 15:57:01 »
Are you sure that the camera is already executing your binary file? Does your camera hang after booting? The first time I was trying to build the software I always built an empty binary (with correct size) and the camera hangs without blinking. Does your binary contain more than only zero's? Hopefully you are not doing the same mistakes I did.  ;)

Maybe we should try other addresses, but which ones???

Can you please enter some information about your camera here: http://chdk.wikia.com/wiki/SD870IS?

Thanks and best regards,
tommi



Re: SD870IS Firmware dumping
« Reply #2 on: 07 / January / 2008, 16:32:07 »
Are you sure that the camera is already executing your binary file?

No I'm not ! That one of my problem, I can`t be really sure my code is executed. In fact, when I press the on/off button (it`s not a real switch) absolutely nothing append. I can`t tell if the cam is hang because it seem power off. Does the cam is hang or just not power on at all ... I can`t tell.

Can you please enter some information about your camera here: http://chdk.wikia.com/wiki/SD870IS?

I already do that at the following wiki :
http://chdk.wikia.com/wiki/IXUS_860_IS

*

Offline tommi2water

  • ***
  • 157
  • IXUS 220 HS Firmware: 1.00c
Re: SD870IS Firmware dumping
« Reply #3 on: 07 / January / 2008, 16:53:37 »
I had the same problem when I tried using the sample code you mentioned.

Why not trying easier code?

When you look in the S5_Blinker Code you see the following:

Code: [Select]
#define LED_AF 0xC02200E0
#define LED_GR 0xC02200DC
#define LED_OR 0xc02200D8
#define LED_WR 0xc02200D4

void led_on()
{
volatile long *p;

    p=(void*)LED_GR;
*p=0x46;
    p=(void*)LED_WR;
*p=0x46;
}

I frequently switch two LED on and off, just to see if the normal routine is working.

What about extending the led_on function with more LED addresses?

Code: [Select]
#define LED_01 0xc0220060
#define LED_02 0xc0220064
#define LED_03 0xc0220068
#define LED_04 0xc022006C
#define LED_05 0xc0220070
#define LED_06 0xc0220074
...

void led_on()
{
volatile long *p;

    p=(void*)LED_01;
*p=0x46;
    p=(void*)LED_02;
*p=0x46;
    p=(void*)LED_03;
*p=0x46;
    p=(void*)LED_04;
*p=0x46;
    p=(void*)LED_05;
*p=0x46;
    p=(void*)LED_06;
*p=0x46;
...

}



What do you think? Should we give it a try?

Best regards,
tommi

P.S.: Sorry, I didn't find your Wiki-Entry before! Now I've found it. :-X


Re: SD870IS Firmware dumping
« Reply #4 on: 07 / January / 2008, 17:57:29 »
Thanks for your help tommi ... I will try. I'll let you know.

Re: SD870IS Firmware dumping
« Reply #5 on: 07 / January / 2008, 18:33:17 »
Nice it work .. I pinned down the blue one (Direct Print): 0xC02200cc. Exactly the one I looking for ! Thanks you tommi. It`s  weird because the SD870IS is the only one (i`m aware of) with the Direct Print LED at this adress ...
« Last Edit: 07 / January / 2008, 18:35:25 by mlaprise »

Re: SD870IS Firmware dumping
« Reply #6 on: 08 / January / 2008, 15:30:05 »
I have to say that I am most interested in this thread... For obvious reasons ;)

cheers

*

Offline tommi2water

  • ***
  • 157
  • IXUS 220 HS Firmware: 1.00c
Re: SD870IS Firmware dumping
« Reply #7 on: 08 / January / 2008, 15:37:15 »

Nice it work .. I pinned down the blue one (Direct Print): 0xC02200cc. Exactly the one I looking for ! Thanks you tommi. It`s  weird because the SD870IS is the only one (i`m aware of) with the Direct Print LED at this adress ...

Fine, that i was able to help you a little bit!

Good luck for dumping the firmware!  :)

Best regards,
tommi


Re: SD870IS Firmware dumping
« Reply #8 on: 11 / January / 2008, 23:06:36 »
I was thinking to use the blue LED to make my dump but the photosensitivity of my phototransistor is not very good in the blue region ... very bad in fact (like all Silicon phototransistor). So I manually search all the region between 0xC0220060 and 0xC02200ff but I found nothing ! Just the blue one at 0xC02200cc. I was able to trig the flash and the LCD backlight in the region 0xC022008x but I didn't find the AF or the bi-state led.

May be the other LED are outside this memory pool but I don't want to damage anything. Someone have an idea ?!?

*

Offline GrAnd

  • ****
  • 916
  • [A610, S3IS]
    • CHDK
Re: SD870IS Firmware dumping
« Reply #9 on: 12 / January / 2008, 04:28:35 »
I was thinking to use the blue LED to make my dump but the photosensitivity of my phototransistor is not very good in the blue region ...

One of the dumps was gotten with the signal strength showed in the last part of the following graph:



The first part is the signal from AF beam (red lamp on A610). The second - from blue led. This couple was captured by BPW96C inserted in mic-in.
And the last part is the signal from blue led captured by unknown photodiode inserted in the line-in of sound-card (no amplification was used).
CHDK Developer.

 

Related Topics