CHDK Forum
CHDK Development => General Discussion and Assistance => DryOS Development => Topic started by: lukas on 04 / September / 2008, 16:35:16
-
edit by phyrephox: the actual porting thread can be found here (http://chdk.setepontos.com/index.php/topic,2361.0.html)
Hi,
I'm not able to find anything about the porting status of the A590IS.
There is a dump, but no word on development, has anyone already started porting?
Even more interesting to me is the way it's going to be ported, since it's DryOS it's pretty dificult, right?
Please correct me if i'm wrong, but as far as I understood, there is currently a version for another cam in development wich will basically show the trick and we will be able to modify it, so it works with the A590IS.
I have some programming skills and would be glad to help on this one!
Has anyone disassembled the dump propperly and is willing to share it?
Otherwise i'll start disassembling tomorrow, and share the results with you.
Kind regards Lukas
Sorry about my english i'm german! :D
-
Hi Lukas, you're right, there doesn't appear to be anyone actually working on a port for that camera.
You can probably follow the porting attempt by others like chr for the IXUS 80 IS/SD1100, as he's going through that process right now. It's a camera that is also running DryOS. So see what he is doing with that.
Also, there is a port available for the A720IS, which is a slightly higher up model of yours. So do take a look at what was done for that. It's also running DryOS.
Yes getting CHDK to work on DryOS is a little harder, but not totally impossible!
-
To my knowledge there is no one working on it. We were able to dump it using udumper 2008 but no one had the necessary skills to actually disassemble it. Great news that you showed up :)
I sadly lack the needed programming skills to help you but I wish you the best of luck!
-
Hi everyone,
sorry i had to work today, so i couldn't start disassembling yet.
But I will need help, i'm new to CHDK, i can't do this on my own!
Please anyone with skills, let's team up to get this done fast, a lot of people are waiting for the port.
Greets Lukas
-
First step: What tools we need?
Probably we need:
disassembler IDA PRO (you find it on internet) or someone other
some libraries/dictionary files usefull for disassembling
:'( disassembling - somewhere is thread about developmnent/porting - we need to find it
and now I dont't know what to do next ???
-
Well basicaly i'm not sure yet what will happen after disassembling, but thats not too bad because disassambling is a big peace of work.
some useful links regarding disassembling, containing libraries, idc-files, and tutorials:
http://chdk.wikia.com/wiki/Signature_finder (http://chdk.wikia.com/wiki/Signature_finder)
http://chdk.wikia.com/wiki/Loading_dump_to_IDA (http://chdk.wikia.com/wiki/Loading_dump_to_IDA)
http://chdk.wikia.com/wiki/DryOS_Porting (http://chdk.wikia.com/wiki/DryOS_Porting)
http://grandag.nm.ru/hdk/CanonFW_A-Series_Signatures_for_IDA.rar (http://grandag.nm.ru/hdk/CanonFW_A-Series_Signatures_for_IDA.rar) - Signature from the A720IS - this one finds about 1500 functions in the dump of the A720IS - but, as i expected, none for the A590IS dump.
About the dumps: the second dump(e-firmware) is just a lot of zero's and i'm beginning to doubt the integrity of the first dump(a-firmware).
I'm still hoping for a breakthrough, like getting a lot of binary disassembled, but so far not even a single line of usefull code appears on my screen :'(
i found IDA Pro on a site, but i'm not sure you should link to this kind of site here...
the first step is to disassemble it properly, maybe if it's nice code some of the pro's will come along and help us.
-
About the dumps: the second dump(e-firmware) is just a lot of zero's and i'm beginning to doubt the integrity of the first dump(a-firmware).
Its normal that there are leading and trailing zeros.
http://mighty-hoernsche.de/chdk/dev/a590_100e.dump.bz2 There you go, a590 1.00e stripped and ready.
Dunno why its smaller than the other processed firmware.. Guess i forgot to strip the zeroes at the end of the other firmware..
Regards
-
Thank you so much for that firmware, already found IRQdisable and IRQenable functions @ 00000578 and 000005A0 !
Using the A720 based signature file finally i got something useful, well it's the IRQ wich is at the same position as in the DryOS Porting page in the wiki, but its a step further on a long walk!
[edit] found function DebugAssert @0000BDB8 wich seems like a skelleton for fatal error mesages:
ADREQ R0, aAssertFileSLin ; "\nAssert: File %s Line %d\n"
-
a590dis.tar.bz2 - 17.66MB (http://www.zshare.net/download/18256581344942da/)
-
About the dumps: the second dump(e-firmware) is just a lot of zero's and i'm beginning to doubt the integrity of the first dump(a-firmware).
I'm guessing by a-firmware you mean the 1.01B version. The following is what applies for the first dump found in the wiki.
It's shifted up by one byte, thus I had to remove the first byte before loading it into IDA. You may consider changing the file.
Result:
Signatures apply, idc-scripts find functions and basic startup is what I expected. The dump is ok.
Note: The dump ends early. Everything needed for porting is there, though.
Maybe not very interesting for you since you're working on the 1.00E version but I though I'd mention it just in case.
Hopefully there isn't a huge difference between versions seeing as my camera uses 1.01B :)
-
fudgey is a true HERO member, he just gave us the comletely disassembled version of BOTH firmwares (b+e) thank you, you saved me a lot of work, are you currently porting the A590IS ?
I'll start tomorrow with the thoughts about how to port it, i'm also going to pick my A590IS up tomorrow, so i can test everything.
@x286 sorry I meant b not a.
-
are you currently porting the A590IS ?
No... just figured you needed some help getting started with cleaning the dumps and getting a disassembly. That only took a few minutes really (using the gpl toolset, see wiki). Anyway, if the IDA scripts are better at finding signatures than the signature finder in tools/, then you're probably going to want to use IDA for porting. I don't have IDA so can't really tell.
-
Good work friends! 8)
-
If anyone's interested in helping out but doesn't have a camera, there's an offer of a free A590 IS with a successful Discover card application (http://chdk.setepontos.com/index.php/topic,2285.0.html) (full details (http://forums.slickdeals.net/showthread.php?t=869933)).
-
One could argue that no news is good news but ten days have passed without even a question. Lukas are you still working on it?
-
Yes I am,
but unfortunately no news doesn't always mean good news...
even worse, i made no progress this far and i am a very busy person: got to work 5 days a week, shop for groceries,caffeine and nicotine supply on saturdays, do my laundry... in short terms: "i'm totaly swamped with work"...
plus i'm still not sure what i have to look for, i started reading the endless assembly, trying to understand how it works, but there must be a better way.
I am deeply sorry for the crappy job! :(
-
you can start by running finsig (http://chdk.wikia.com/wiki/Signature_finder) on the the dump, and verify that the entry points found are correct, by comparing to the corresponding functions in a camera that has been ported.
Once you have those things found and named, you'll have a place to start looking for the other things you need as well.
Any entry points that aren't found automatically, or are found incorrectly, need to be discovered manually.
-
Hi all!
my little a590is is getting shipped very soon. I was eager to download a modified firmware for this camera... but i see there's none.
Anyway, ive some knowledge of x86 assembly and mips architecture. Maybe ARM will take some study.
I really want contribute to the a590 porting!
-
Yarr! Tha day 'Tis ripe fer some pirat'n. Now I needs t'get meself a Norweigan blue rest'n on me right shoulder. :P
I'm going to start this weekend and see how far I can get. As far as I can tell you don't need a lot of assembly knowledge. Most of CHDK is written in C and the hard part about porting is just figuring out the addresses where all the useful functions are located for the various firmwares.
Someone correct me if I'm wrong.
-
Nevermind... I really shouldn't work on this stuff after a long day at work. This'll be replaced by actual information after I clean up the mess.
Sorry,
Ken
-
so far for the 101b, working with a720_100c as reference,:
AllocateMemory,0xFFDF1D70
FreeMemory,0xFFDF1D68
plus other keyboard related funcs.
for the GetDrive_* functions ill need some trial&error, cos they all have the same structure and are very close to each other..
-
I'm very interested in this porting, really in CHDK working for A590IS, I don't know if I could help in anything, I don't have much knowledge about programming and coding (nor in englis too :P) ... So, I stay tuned to this thread for any updates...
Thanks to all
-
:) You are welcome
by now ive managed to extract some meaningful functions, it compiled but i cant get to boot..
-
hi, i also got myself a590is, and i'm eagerly waiting for a firmware from you, thank you very much to all people who are working on that!
could the video be improved, as it has only 20 fps on maximum resolution? 30 fps would be excellent.
also, i would much appreciate if raw picture will be made available.
wishing good luck in your work and, once again, very thankful for what you are doing.
we are all waiting for that firmware.
greetings,
alex
-
:) You are welcome
by now ive managed to extract some meaningful functions, it compiled but i cant get to boot..
Thanks for your reply, it's nice to have an update of the notices about the work, I only can say, keep working :S If I can help in anything, just tell me.
Regards
-
Just bought this camera in Canada on Vacation. I had to get it quickly due to the fact i forgot my camera and my little cousin is getting married.
I was hoping to put a CHDK on it...however i see there isnt one yet.
Im excited that the work has started on it. Thanks very much for taking the time and trying.
-
I too am a proud owner of Canon A590. The only reason I bought this camera is for time lapse shooting, and oh my God - discovered to my horror that there's no CHDK support yet :o
Is there anything I could do to help you guys? I'm not a programmer though :(
Please, keep up the work guys. You're our hope :)
-
Any updates? :)
-
yes!! brake has created a code/decode program! im already working on porting... should be a matter of time.
ps: thanks brake!
-
Great news! Keep up the good work guys.
-
thanks guys, you are so cool!
-
Great news! keep up the good work! My 590is camera is on it's way from the store, would be so awesome to run chdk on it soon 8)
-
please i need help from you people out there.
Anybody found the taskcreate_ShootSeqTask subroutine? its used in the boot process, compraing to the reference firmware it should be called at FFC4E078 but theres nothing useful at that address. Looking for strings/signature wasnt helpful neither...
-
@ma_jk
I noticed you're using A720 for reference; have you also tried looking into the source of NewDryOS ports ?
I think the port for ixus80_sd1100 might help you, maybe they changed the name for this routine in newer cams;
you could at least take a look how this has been solved for this cam - AFAIK it runs fairly decently.
sources for chr's i80 port are here: SD1100/ixus 80 porting .... (http://chdk.setepontos.com/index.php/topic,2044.msg21574.html#msg21574)
just an idea, but i hope it helps,
wim
-
Anybody found the taskcreate_ShootSeqTask subroutine? its used in the boot process, compraing to the reference firmware it should be called at FFC4E078 but theres nothing useful at that address. Looking for strings/signature wasnt helpful neither...
Isn't the thing at FFC53334 the one you are looking for (in the 101b dump)? It's named taskcreate_SsTask and references task_SsTask at FFC5326C. Hope I'm right and this is of some help to you.
-
great job! thanks guys
i bought a590 yesterday, and the only reason i bought it is that CHDK for 590 is comming soon
-
Hi.
I stumbled upon another problem on boot.c
void __attribute__((naked,noinline)) sub_FFC4F394_my() { //#fs // CreateTask_CaptSeqTask
asm volatile(
"STMFD SP!, {R3-R5,LR}\n"
"LDR R2, =0x18860\n"
"MOV R0, #0\n"
"MOV R1, #0\n"
"loc_FFC4F3A4:\n"
"ADD R3, R2, R0,LSL#4\n"
"ADD R0, R0, #1\n"
"CMP R0, #5\n"
"STR R1, [R3,#8]\n"
"BCC loc_FFC4F3A4\n"
"BL sub_FFD174EC\n"
"BL sub_FFD190C4\n"
"MOV R1, #5\n"
"MOV R0, #0\n"
"BL sub_FFC0BECC\n"
It stucks on this last call, which is related to memory allocation. In fact, from IDA
ROM:FFC0BBEC STMFD SP!, {R4,LR}
ROM:FFC0BBF0 BL sub_FFC179F4 //inside here malloc is called
ROM:FFC0BBF4 CMP R0, #5 //code doesnt execute this
ROM:FFC0BBF8 MOV R4, R0
ROM:FFC0BBFC ADREQ R0, aKernelmisc_c ; "KernelMisc.c"
ROM:FFC0BC00 MOVEQ R1, #0x1F
ROM:FFC0BC04 BLEQ DebugAssert
ROM:FFC0BC08 MOV R0, R4
ROM:FFC0BC0C LDMFD SP!, {R4,PC}
So it freezes at FFC0BBF0. I Really cant get past it..
-
Keep up the work! I'm looking forward to the port.
-
im already working on porting... should be a matter of time.
I'm not familiar with CHDK (yet). But I am an experienced programmer with some embedded experience. Is there something I can do to help?
I also have access to an A590 IS.
Karen Kenworthy
-
Of course you can help! if you have already setup the compiling ambient for a590, i can post my progresses, that r stuck for the moment at the booting process.
Regards
-
Of course you can help! if you have already setup the compiling ambient for a590, i can post my progresses, that r stuck for the moment at the booting process.
I don't have any of the tools yet. Where can I go to download them?
It sounds like you are trying to identify standard entry points within the dumped version of the firmware. Is that right? Do you have a list of points that have been found/need finding? How do you know when you've got the right address?
Karen
-
the Wiki has a good amount of infos to start with
http://chdk.wikia.com/wiki/GPL_Tools (http://chdk.wikia.com/wiki/GPL_Tools)
My problem right now is debugging (applying modifications and swap SD is not properly comfortable. Im setting up a virtual linux machine for this purpose) the boot sequence, which gets stuck at the function i wrote in the previous post.
-
I don't have any of the tools yet. Where can I go to download them?
It sounds like you are trying to identify standard entry points within the dumped version of the firmware. Is that right? Do you have a list of points that have been found/need finding? How do you know when you've got the right address?
Karen
Hi, I ordered an A590IS today and am willing to help in the porting process as much as I can, at least morally ;-). I must admit, I am not a good coder. I know a bit C and that's all.
I think the first task would be setting up an environment for cross compiling. Some infos for Linux, Mac and Windows are here:
For Developers - CHDK Wiki (http://chdk.wikia.com/wiki/For_Developers#Common_articles)
If I understood it correctly, the linux variant involves compiling gcc from source with arm cross - compilation enabled. The windows environment seems easier to set up. Any recommendations which way to go?
Since I have discovered this forum only yesterday, I am not quite sure, what the difference between the A570 and the A590 is except that the A590 refuses to boot the custom firmware binary by the standard method.
whim suggested that the A590is is somehow similar to the ixus80? They are making great progress over there, so there is hope.
-
Since I have discovered this forum only yesterday, I am not quite sure, what the difference between the A570 and the A590 is except that the A590 refuses to boot the custom firmware binary by the standard method.
Except from the physical differences:
The A570 uses VxWorks.
The A590 uses DryOS.
-
Hi i'm already have the a590is, i want to help but i'm newbie on this, so if you can said to me what to do i will be happy to help on the process
-
the Wiki has a good amount of infos to start with
http://chdk.wikia.com/wiki/GPL_Tools (http://chdk.wikia.com/wiki/GPL_Tools)
This.
And this:
Adding support of a new camera - CHDK Wiki (http://chdk.wikia.com/wiki/Adding_support_of_a_new_camera)
-
The camera arrived today. I dumped the firmware (Firmware Ver GM1.01B) with cardtricks (NewDryOS?) and set up the development environment for windows. The default build (s3is-100a) compiled without problems. What next? I think I will have a look at the GPL tool section at the wiki...but before I have to check that camera out...
Edit: The camera is fine! Switched to the GNU/Linux variant for compiling, because I was too stupid to get hexdump working properly in the windows environment. And no perl, subversion and quemu there too. Of course one could set it up, but apt-get is way easier.
-
Hi.
I stumbled upon another problem on boot.c
...
"BL sub_FFC0BECC\n"
It stucks on this last call, which is related to memory allocation. In fact, from IDA
ROM:FFC0BBEC STMFD SP!, {R4,LR}
ROM:FFC0BBF0 BL sub_FFC179F4 //inside here malloc is called
ROM:FFC0BBF4 CMP R0, #5 //code doesnt execute this
...
So it freezes at FFC0BBF0. I Really cant get past it..
Hi, isn't the last call calling 0xFFC0BECC and not 0xFFC0BBEC? Or did I get something wrong?
At 0xFFC0BECC i get:
ffc0becc: 1a00003e bne ffc0bfcc <_binary_dump_bin_start+0xbfcc>
ffc0bed0: e59f0158 ldr r0, [pc, #344] ; ffc0c030: (00001b38)
ffc0bed4: e5901004 ldr r1, [r0, #4]
ffc0bed8: e1510000 cmp r1, r0
ffc0bedc: 0a00003a beq ffc0bfcc <_binary_dump_bin_start+0xbfcc>
ffc0bee0: e59d0004 ldr r0, [sp, #4]
ffc0bee4: e3500007 cmp r0, #7 ; 0x7
ffc0bee8: 908ff100 addls pc, pc, r0, lsl #2
I have no idea what that means, but looks interesting...a branch or something?
-
Have you seen this?
ffe69f58 DRYOS version 2.3, release #0023
Exactly the same as in the IXUS80! Does it make sense to add just the offset difference to get the right entry points? Would be too easy, I guess.
I have been trying to set up a directory structure for porting based on chr's efforts, but it did not compile. Problems with gensigs.sh. Is it supposed to find entry points automagically based on a reference firmware?
-
@gho
no g(h)o !
even early, 'normal' dryos cams (A720, S5IS) have this string in their firmware ...
sorry,
wim
-
After having a look at the chdk trunk structure I must admit, porting is a number too big for me. Maybe I can be of more help in later stages of the process, such as beta testing.
However, I ran finsig on the dump with offset 0xFFC00000. I attach the output, maybe it helps someone.
-
Ahhh, keep working :D If there is anything in I could help, tell me...
-
Hi, something new?
-
Switched to trunk535.
Cam boots, but GUI is messed up.
in shoot mode it shuts down almost instantly (of course, havent gone through capt_seq.c yet :) )
ill post something soon..
-
It's nice to read about updates!!! :D Many Thanks!!!
-
So how far along are we?
I want to use CHDK so bad for the A590 IS, especially RAW support, since even images shot at ISO80 are grainy!
-
I suck on assembler, so I can't help you guys. But I can give you a "Hip! Hip! Hurra!". You people, are doing a great work! Keep on!
-
Hi,
i would like to help, but i only have a little knowledge of programming.
But i try to get into it, because its cool to give your camera features, that canon would never have thought of, for this cam.
Id rather would spend money on someon who writes/makes me a new feature than buying a bigger and expensiver cam, even if there is a risk to damage my cam.
Can someone give me some usefull links to crashcourses of assembling and all relatet to CHDK?
CHeers,
toby
-
Interesting to read all about the porting. I cannot wait for a chdk version for my 590 IS. Will keep a close look at this thread!
-
Is it possible, to add your own codec for videos on the cam?
It would be really cool, if i could make videos with some more fps like 60.
-
Is it possible, to add your own codec for videos on the cam?
It would be really cool, if i could make videos with some more fps like 60.
Honestly, i think it is not feasible. u should adapt the sources of the codec, compile them and cope with a lot of memory restraint on the cam.
-
perhaps someone should tell you that there's another thread with a working beta version for A590 1.00e:
A590IS porting... (http://chdk.setepontos.com/index.php/topic,2361.60.html)
-
For anyone still reading this thread, a beta version for 1.01b is available in the same thread linked above.
-
a590dis.tar.bz2 - 17.66MB (http://www.zshare.net/download/18256581344942da/)
Hi, this link dont work :(
-
hulek,
that link contained a firmware dump disassembly. If you want to use CHDK, you don't need this, but instead this link (http://chdk.setepontos.com/index.php/topic,2361.msg22934.html#msg22934). Be aware that there are two threads about the a590is, and this one here is a bit outdated.
@Moderators: maybe you could just close this thread?
-
done.
edit: here is the link to the actual porting thread: A590IS porting... (http://chdk.setepontos.com/index.php/topic,2361.0.html)