CHDK for new Canon PowerShot SX200 IS? - page 5 - Feature Requests - CHDK Forum

CHDK for new Canon PowerShot SX200 IS?

  • 141 Replies
  • 50134 Views
Re: CHDK for new Canon PowerShot SX200 IS?
« Reply #40 on: 23 / May / 2009, 16:39:48 »
Advertisements
Is it possible that the firmware is being successfully written to the card, but it's hidden from view?

I ask because for years I've used Digital Image Recovery to recover images from a formatted card.  It had never failed me until I tried recovering images from the card used in my SX200IS.  DIR found NOTHING on the card.  I then tried "Recuva" in standard mode and got a very quick "no files found".

I selected Recuva's deep scan, which took about an hour to recover ~170 files.  Happy guy here.

http://www.recuva.com/

What do you all think?

*

Online reyalp

  • ******
  • 12103
Re: CHDK for new Canon PowerShot SX200 IS?
« Reply #41 on: 23 / May / 2009, 17:12:27 »
Some progress with tommie-lie on IRC. Diskboot doesn't work, but we got a PS.FI2 to turn on LEDs, using modified chdk loader.

err, I'd attach a diff but attachments seem to be disabled.

Code: [Select]
Index: loader/ixus980_sd990/entry.S
===================================================================
--- loader/ixus980_sd990/entry.S (revision 763)
+++ loader/ixus980_sd990/entry.S (working copy)
 -3,9 +3,9 @@
 // Turn OFF SD Card power
 // to support autostart
 // LDR     R3, =0xC0220048
- LDR     R3, =0xC0220018 // sd990: from sub_FFFF1390, also ref SdPower.c
- MOV     R2, #0x44
- STR     R2, [R3]
+// LDR     R3, =0xC0220018 // sd990: from sub_FFFF1390, also ref SdPower.c
+// MOV     R2, #0x44
+// STR     R2, [R3]
 
 // looks like idle cycle is required for proper shutdown
  MOV     R3, #0x8000
Index: loader/ixus980_sd990/main.c
===================================================================
--- loader/ixus980_sd990/main.c (revision 763)
+++ loader/ixus980_sd990/main.c (working copy)
 -9,6 +9,14 @@
 
 void __attribute__((noreturn)) my_restart()
 {
+ static unsigned ciclo;
+ for (ciclo=0xC02200A0; ciclo<=0xC0220140; ciclo+=4)
+ {
+ (*((unsigned *)ciclo)) = 0x46;
+ }
+ while (1) ;
+
+ /*
     void __attribute__((noreturn)) (*copy_and_restart)(char *dst, char *src, long length);
     int i;
 
 -18,6 +26,7 @@
 
     copy_and_restart = (void*)RESTARTSTART;
     copy_and_restart((void*)MEMISOSTART, (char*)blob_chdk_core, blob_chdk_core_size);
+ */
 }
 
 
Index: platform/ixus980_sd990/sub/100e/makefile.inc
===================================================================
--- platform/ixus980_sd990/sub/100e/makefile.inc (revision 763)
+++ platform/ixus980_sd990/sub/100e/makefile.inc (working copy)
 -1,5 +1,7 @@
 #3193
-PLATFORMID=12691
+#PLATFORMID=12691
+#31C0
+PLATFORMID=12736
 
 PLATFORMOS=dryos
« Last Edit: 23 / May / 2009, 17:20:34 by reyalp »
Don't forget what the H stands for.

*

Online reyalp

  • ******
  • 12103
Re: CHDK for new Canon PowerShot SX200 IS?
« Reply #42 on: 23 / May / 2009, 19:16:32 »
Note, to use the above, you'll need the correct FI2 encoding stuff. Use the D4 keys.

Tried just dumping the udumper code in place of the above, but no luck. Since the fi2 is a full CHDK build, maybe it's clobbering the area of interest in RAM.

Some things for interested parties to do:
- Identify an exact LED address. Simple process of elimination to narrow down the range above.
- remove the non-loader parts from the FI2 to reduce size
- merge in udumper writing code, and use LED debuging to check whether the wr function is found.

If a mod wants to move this to the development or dryos forum, this can be the development thread.
Don't forget what the H stands for.

Re: CHDK for new Canon PowerShot SX200 IS?
« Reply #43 on: 24 / May / 2009, 11:43:24 »
I found two LEDs of four:
Code: [Select]
0xC0220134 Green status LED
0xC0220138 Blue printing LED
The AF lamp and the orange status LED is not in the range from 0xC0220000 to 0xC02201FF, I haven't tried other ranges yet.

Having found those two LEDs, I tried checking if the SD writing function can actually be found by enabling them if the "0 0 3" signature has been found. The signature is nowhere in the range from 0x0 to 0xF00000 (yes, that's five zeros, almost 15MB more than the original udumper scans).
It seems as if Canon changed the firmware in a way it does not produce this signature in the lookup table anymore. :-/


*

Online reyalp

  • ******
  • 12103
Re: CHDK for new Canon PowerShot SX200 IS?
« Reply #44 on: 24 / May / 2009, 23:47:34 »
We did some more testing. As I suspected earlier, the size of the full PS.FI2 was clobbering the thing the udumper code looks for. We adjusted the size of the .FI2 by replacing the chdk core blob. The canon firmware refuses to load FI2 files below a certain size, but replacing the CHDK core with 16K of urandom did the trick, and the signature is found. However, it either crashes or returns instantly when called (depending on how much is zeroed by the loop in the udumper code), but neither case is anything written to the SD card.

Blinking should be possible, although tommie-lie reported that writing 0x44 to the LED address didn't turn it off. Maybe cache/buffer settings aren't set up correctly at that point ? Would be a surprising, since the OS has already loaded but who knows.
Don't forget what the H stands for.

Re: CHDK for new Canon PowerShot SX200 IS?
« Reply #45 on: 25 / May / 2009, 07:04:58 »
Further investigating on how to turn off the LED...

The following code enabled the green LED and a little while later the blue one:
Code: (c) [Select]
       static unsigned led;

        led = 0xC0220134;
        (*((unsigned *)led)) = 0x46;

for(i=0;i<0x2000000;i++){
   asm ("nop\n");
   asm ("nop\n");
}

        led = 0xC0220138;
        (*((unsigned *)led)) = 0x46;
        
    while (1) ;

While this code doesn't enable the green LED at all, but after a short while enabled the blue one:
Code: (c) [Select]
       static unsigned led;

        led = 0xC0220134;
        (*((unsigned *)led)) = 0x46;

for(i=0;i<0x2000000;i++){
   asm ("nop\n");
   asm ("nop\n");
}

        led = 0xC0220138;
        (*((unsigned *)led)) = 0x46;
        
        led = 0xC0220134;
        (*((unsigned *)led)) = 0x44;

    while (1) ;

Reading the original value beforehand and writing it back later yields the same reuslt: no green LED ever and the blue after a short while

Code: (c) [Select]
       static unsigned led;
        static unsigned green_off;

        led = 0xC0220134;
        green_off = (*((unsigned *)led));
        (*((unsigned *)led)) = 0x46;

for(i=0;i<0x2000000;i++){
   asm ("nop\n");
   asm ("nop\n");
}

        led = 0xC0220138;
        (*((unsigned *)led)) = 0x46;
        
        led = 0xC0220134;
        (*((unsigned *)led)) = green_off;

    while (1) ;

I wonder why the green LED doesn't even light up when I *later* turn it off again, the behaviour seems very strange to me, even with sophisticated pipelining, out-of-order execution and lookahead stuff in the CPU.
After all it seems like blinking the firmware out is not an option, either...
« Last Edit: 25 / May / 2009, 07:06:41 by tommie-lie »

*

Online reyalp

  • ******
  • 12103
Re: CHDK for new Canon PowerShot SX200 IS?
« Reply #46 on: 25 / May / 2009, 15:30:51 »
The led pointer should be a pointer to volatile, otherwise who knows what the compiler is doing. Or just do the manipulation in ASM.
Don't forget what the H stands for.

Re: CHDK for new Canon PowerShot SX200 IS?
« Reply #47 on: 26 / May / 2009, 19:26:29 »
Just a quick question. Not sure if any other camera is like this one, but whiling filming in 720p you can currently only use 4X digital zoom. Is there any special reason they won't use the regular zoom with the filming? And if not, is this something CHDK might have enabled?

Sorry if it's a stupid question :-[ Not that into cameras but got very interested in chdk . Hope to see CHDK for this one some day too.


*

Online reyalp

  • ******
  • 12103
Re: CHDK for new Canon PowerShot SX200 IS?
« Reply #48 on: 27 / May / 2009, 01:29:25 »
Just a quick question. Not sure if any other camera is like this one, but whiling filming in 720p you can currently only use 4X digital zoom. Is there any special reason they won't use the regular zoom with the filming? And if not, is this something CHDK might have enabled?
CHDK lets you unlock the optical zoom while shooting video on many cameras. But first, we need a firmware dump, and a developer with the camera to actually do the port!
Don't forget what the H stands for.

Re: CHDK for new Canon PowerShot SX200 IS?
« Reply #49 on: 27 / May / 2009, 07:07:20 »
Ok, I was able to turn off the LED again (both, using the previously stored value and 0x44). The volatile really was the thing, GCC just optimized away the first assignment as I could see in the disassembly.
So, the LED can really be enabled by writing 0x46 and disabled by writing 0x44 to the proper address.

 

Related Topics