How to Dump Firmware ?

VMark

8

Re: How to Dump Firmware ?

« Reply #10 on: 13 / January / 2008, 06:15:42 »

Advertisements

Thanks for the big helps you provided (via userguides, etc). Especially to GrAnd and this site users and wikia users however, I have not asked anybody. The guides were pretty good!

I successfully dumped the firmware from an SX100 1.00B

I used the normal (not the g7) blinker (with crc16), from http://grandag.nm.ru/hdk/blinker with major modifications:
- I "cleared out" the startup procedure just left "b main" there, because for SX100 it did not work and I did not understand the reason interacting coprocessors, ...
- I rewrote the send_byte function in assembler, because
1. I believe, the timing is quite important (same code length in every branch, very easy codepath, ...)
2. I played the DELAY values, and (for sure by my mistake) it seemed the DELAY_SYNC and DELAY_SPACE shows the same signal despite the fact I wrote 10000 for the first and 100 for the second.
3. My c knowledge is somehow limited (until now, because my mother language is Pascal), but I wrote pretty much in asm and I had a feeling, that the compiler did something wrong...

I used the soundcard method with my laptop internal mic with 96K (first, I was sure it cannot grab more than 44100, but with 96K I saw significant improvement). I followed the steps from http://chdk.wikia.com/wiki/Porting_the_CHDK
I compiled everything from "scratch", followed the instructions from http://chdk.wikia.com/wiki/Compiling_CHDK_under_Linux

The firmware can be found: http://www.zshare.net/download/6465081c0424a0/

I tested, if you put a file and call it PS.FI2, the firmware update line in the menu APPEARS.
Also I would like to confirm, that the SX100 running on DRYOS version 2.3, release #0023 (read from ROM)

I am updating the wikia pages.

I attached the source files with "my" diskboot.bin to this post. GrAnd, if you wish you could put next to the original blinker_g7.

VMark

blinker_sx100.rar (8.16 kB - downloaded 181 times.)

blinker_sx100.zip (9.67 kB - downloaded 190 times.)

« Last Edit: 14 / January / 2008, 02:57:42 by VMark »

Logged

GrAnd

916
[A610, S3IS]

Re: How to Dump Firmware ?

« Reply #11 on: 14 / January / 2008, 07:13:17 »

Quote from: VMark on 13 / January / 2008, 06:15:42

I used the normal (not the g7) blinker (with crc16), from http://grandag.nm.ru/hdk/blinker with major modifications:
- I "cleared out" the startup procedure just left "b main" there, because for SX100 it did not work and I did not understand the reason interacting coprocessors, ...
- I rewrote the send_byte function in assembler, because
1. I believe, the timing is quite important (same code length in every branch, very easy codepath, ...)
2. I played the DELAY values, and (for sure by my mistake) it seemed the DELAY_SYNC and DELAY_SPACE shows the same signal despite the fact I wrote 10000 for the first and 100 for the second.
3. My c knowledge is somehow limited (until now, because my mother language is Pascal), but I wrote pretty much in asm and I had a feeling, that the compiler did something wrong...

Congrats for your success!
I've looked in your blinker sources - a lot of asm

.
Actually, the timing is not so important, because the decoding is done by the software. It's quite flexible to understand the input signal. There should be only one - the noticeable differences between DELAY_SYNC and DELAY_SPACE, DELAY0 and DELAY1.

Logged

CHDK Developer.

Kodl

7

Re: How to Dump Firmware ?

« Reply #12 on: 21 / January / 2008, 09:48:01 »

Hello,
as I promised, I am trying to dump SD700 (IXUS800) firmware 1.00B.
(http://chdk.setepontos.com/index.php/topic,146.msg937.html#msg937)
I have bought the BPW96C phototransistor, connected it to soundcard microphone input using the "Porting_the_CHDK" scheme via old headphones cable.
Using Adobe Audition 3, I've recorded some samples (PCM 96kHz raw 8-bit). I'm afraid that the resulting signal is not correct. Signal seems like the correct blinker pulses are modulated on another sinusoid or noise (?), but it is strange, because when I shade the camera's AF lamp while recording, signal totally disappears, no noise is visible in Audition's waveform graph.
The more stronger (loader) is the signal from the blinker the more the blinker signal is flying around the baseline (hex:80) up and down. Tested number of AFlamp-phototransistor distances - more close -> more distortion.
Is it possible, that this problem is caused by long, not well-shielded thin headphones cable? Amplitude (dB range of waveform in Audition) from phototransistor should be constant, shouldn't it?
(using ASUS P5N32E-SLI Plus's SupremeFX / ADI 1988b microphone input)
Thanks in advance!
Kodl

Logged

Kodl

7

Re: How to Dump Firmware ?

« Reply #13 on: 31 / January / 2008, 05:45:50 »

Quote from: Kodl on 21 / January / 2008, 09:48:01

...
The more stronger (loader) is the signal from the blinker the more the blinker signal is flying around the baseline (hex:80) up and down. Tested number of AFlamp-phototransistor distances - more close -> more distortion.
Is it possible, that this problem is caused by long, not well-shielded thin headphones cable? Amplitude (dB range of waveform in Audition) from phototransistor should be constant, shouldn't it?
(using ASUS P5N32E-SLI Plus's SupremeFX / ADI 1988b microphone input)
...

I will answer myself:
I had to switch Soundmax microphone filtering (in Soundmax control panel) to "No filtering". ("Mic array" was default setting) Moreover, before recording, I used the Soundmax wizard to setup optimal mic input level/volume for blue LED blinking.

I've dumped the firmware on 1600bod speed using blue LED.

Logged

clau30

3

Re: How to Dump Firmware ?

« Reply #14 on: 14 / April / 2008, 11:59:36 »

Hello,

Trying to port CHDK to A410. I don't really understand the process of dumping. I get the firmware version with the ver.req method, but what do I do with it then? Then I make a bootable SD card, put the blinker on it (which files? do I have to compile?) eventually run the blinker.. right?

Also, running Linux
Hope someone can clarify this for me.
Thanks!

Logged

whim

2046
A495/590/620/630 ixus70/115/220/230/300/870 S95

Re: How to Dump Firmware ?

« Reply #15 on: 14 / April / 2008, 12:36:15 »

Use blinking as last resort only, it's much more difficult than the Universal Dumper

here: udumper.zip

edit: no idea why this says login, it's a link to an attachment in the forum

it has source too. If you can get access to a Windoze computer + card reader try this:

zSHARE - cardtricks125.exe it's even easier

wim

« Last Edit: 14 / April / 2008, 12:44:45 by GrAnd »

Logged

*Wikia FAQ *GCC Compiler Shell for Windows

GrAnd

916
[A610, S3IS]

Re: How to Dump Firmware ?

« Reply #16 on: 14 / April / 2008, 12:48:12 »

Quote from: whim on 14 / April / 2008, 12:36:15

edit: no idea why this says login, it's a link to an attachment in the forum

It's because the forum engine tried to retrieve that page (to parse it for the title) and (as attachments are not available without authentication) the another part of forum engine asked the first one to login first.

Logged

CHDK Developer.

clau30

3

Re: How to Dump Firmware ?

« Reply #17 on: 19 / April / 2008, 07:41:03 »

So, I tried udumper: I first made the SD card bootable (using the tutorial from the wiki), then copied each of the *.bin files from the udumper.zip file in the root directory of the card, turn my camera on while in "view" mode, waited ~10 seconds then took the batteries off, the the card, but nothing changed on the card. Is this right the way I do it?
*confused*
Thanks in advance

Logged

mrproper

92

Re: How to Dump Firmware ?

« Reply #18 on: 19 / April / 2008, 12:54:16 »

Udumper does not work with A590IS (DryOS). It works on A570IS perfectly though.

A590 works in similar ways to A650, so if anyone has a version for these models, scream out loud

Also, when placing a PS.FI2 file on the card, the camera offers the firmware update option.

Logged

aramok

7

Re: How to Dump Firmware ?

« Reply #19 on: 09 / August / 2008, 12:41:06 »

how to dump a590 camera

Logged