supplierdeeply

SX20 IS firmware dump, I need help!

  • 125 Replies
  • 24159 Views
*

Offline RaduP

  • *****
  • 856
Re: SX20 IS firmware dump, I need help!
« Reply #40 on: 13 / September / 2009, 01:50:53 »
Advertisements
Ok, I tested 0xC0223030 and it works, so let's call it that.
What I did was to stop at the last working address, which was 0xc0223033

You know, I program in C for 7 years (and in X86 assembly for 7 years before that), and I thought I am relatively familiar with the C language until I started reading some code here :) The "H" thing in reyalp's signature is so true :D So I have a question:
Code: [Select]
volatile long *p=(void*)LED_AF;
Why exactly do we have that? Why not just declare it as void to begin with?

*

Offline reyalp

  • ******
  • 10069
Re: SX20 IS firmware dump, I need help!
« Reply #41 on: 13 / September / 2009, 02:40:26 »
Why exactly do we have that? Why not just declare it as void to begin with?
There's all kinds of ways you could write it, I imagine someone just threw the (void*) in there to get rid of a warning. The volatile is the important bit. p has to be a pointer to an int type so you can assign something to *p (long is extraneous since it's identical to int on our platform). The volatile is needed otherwise the compiler might optimize away your reads or writes.
Don't forget what the H stands for.

*

Offline RaduP

  • *****
  • 856
Re: SX20 IS firmware dump, I need help!
« Reply #42 on: 13 / September / 2009, 02:42:45 »
Oh, ok. And our magic value of 0x46, is it supposed to be a byte? or int?

*

Offline reyalp

  • ******
  • 10069
Re: SX20 IS firmware dump, I need help!
« Reply #43 on: 13 / September / 2009, 02:51:26 »
Oh, ok. And our magic value of 0x46, is it supposed to be a byte? or int?
In the canon code it's an int.
Don't forget what the H stands for.


*

Offline RaduP

  • *****
  • 856
Re: SX20 IS firmware dump, I need help!
« Reply #44 on: 13 / September / 2009, 03:20:33 »
Ok, now that I got the LED to blink, it's time to dump mr. firmware.
I want to try this: http://chdk.wikia.com/wiki/File:UART_receiver.jpeg , but I only have phototransistors. Do you think it would work with a phototranssitor instead of a photodiode?

*

Offline fudgey

  • *****
  • 1705
  • a570is
Re: SX20 IS firmware dump, I need help!
« Reply #45 on: 13 / September / 2009, 04:37:07 »
Ok, now that I got the LED to blink, it's time to dump mr. firmware.
I want to try this: http://chdk.wikia.com/wiki/File:UART_receiver.jpeg , but I only have phototransistors. Do you think it would work with a phototranssitor instead of a photodiode?

It will as long as your baud rate isn't too much for it to handle.

*

Offline whoever

  • ****
  • 280
  • IXUS950
Re: SX20 IS firmware dump, I need help!
« Reply #46 on: 13 / September / 2009, 05:10:27 »
Ok, now that I got the LED to blink, it's time to dump mr. firmware.
I want to try this: http://chdk.wikia.com/wiki/File:UART_receiver.jpeg , but I only have phototransistors. Do you think it would work with a phototranssitor instead of a photodiode?
Yes -- leave the base unconnected. Or leave the emitter unconnected, in which case the collector-base junction functions as a plain low-sensitivity photodiode. If you connect it as in that figure, then RTS should be at high potential (i.e., clear), DTR at low potential (i.e., set).

It wouldn't hurt to have an oscilloscope, to adjust the levels and (foremost) timing. In fact, I don't see how one can adjust the timing without a scope.

edit: And how about the udumper? You really have to play with it first, now that you can run diskboot (can you, actually?) and have LED addresses.
« Last Edit: 13 / September / 2009, 05:19:02 by whoever »

*

Offline RaduP

  • *****
  • 856
Re: SX20 IS firmware dump, I need help!
« Reply #47 on: 13 / September / 2009, 05:29:17 »
The phototransistors have the base (the light is the base) inside, no pin for it.

I have a scope, but it is in the basement where my Linux laptop is, and I don't know if the usb to serial adapter works on Linux. I'll give it a try in the evening if I have some time. I can move it where I have the desktop, but, well, I'd rather not, unless I really have to.

I didn't bother to try the udumper, because of reports of not working on similar cameras. And I don't know if I can run diskboots, I only tried the firmware update method.

Anyway, can you provide some info about adjusting the timing? I have no idea how it should be, and it is not very documented.


*

Offline fe50

  • ******
  • 3038
  • IXUS50 & 860, SX10 Star WARs-Star RAWs
    • fe50
Re: SX20 IS firmware dump, I need help!
« Reply #48 on: 13 / September / 2009, 05:44:05 »
Anyway, can you provide some info about adjusting the timing? I have no idea how it should be, and it is not very documented.
CHDK wikia helps:

*

Offline jan

  • *
  • 48
  • PowerShot SX20 IS (100f)
    • cms -db
Re: SX20 IS firmware dump, I need help!
« Reply #49 on: 13 / September / 2009, 05:46:19 »
I can confirm some of the results of RaduP with my SX20. With a ps.fi2 created from a diskboot encoded in the old way, the camera shuts down after selecting firm update from the menu and can be turned on again without removing the batteries. But I couldn't get any leds lighting.

Here's the code I used. It's the led finder code with the code from RaduP added. I noticed that the camera does only turn off normally (ie does not crash) when the while loop is present in the code.
Code: [Select]
int main(){

volatile long *p;
int i;

p = (void*)0xc0220000;

for(i=0; i<0xffff; i++) {
*p = 0x46;
p++;
}

while(1) {};

return 0;
}
« Last Edit: 13 / September / 2009, 06:23:29 by jan »

 

Related Topics