A550 Porting... - General Discussion and Assistance - CHDK Forum supplierdeeply
« previous next »
Pages: [1] 2 3 4 5 6 ... 10   Go Down

A550 Porting...

  • 95 Replies
  • 44396 Views
*

Offline muttley

  • **
  • 51
  • + pilu x tutti!
    • A550 Porting
A550 Porting...
« on: 26 / December / 2007, 16:59:42 »
Advertisements
I made dump of firmware many times and now it's stable and don't change...I used blink g7.

Now i would compile CHDK source, but i don't understand how modify boot.c file, lib.c, stubs_entry_2.S and others file.

I have ARM compiler, CHDK source code, IDA and firmware dump...
How to use IDA for find part of code needed for compilation ?!?  :'(

I have read: Adding support of a new camera - CHDK Wiki and Loading dump to IDA - CHDK Wiki

but don't understand WHERE and WHAT find with ida?!? :o

I try to compile with folder of a630 (similar p-id) but don't find many function at the end of compilation time 

i had made also a wiki page: A550 - CHDK Wiki

HELP...PLEASE!!

p.s. sorry for my english  :P

« Last Edit: 11 / March / 2008, 08:32:46 by muttley »
Logged
*

Offline GrAnd

  • ****
  • 916
  • [A610, S3IS]
    • CHDK
Re: A550 Porting...need help
« Reply #1 on: 26 / December / 2007, 17:33:27 »
Quote from: muttley on 26 / December / 2007, 16:59:42
I made dump of firmware many times and now it's stable and don't change...
Where can I have it? :) Please upload it somewhere and post the link here.
Logged
CHDK Developer.
*

Offline Divalent

  • *
  • 9
Re: A550 Porting...need help
« Reply #2 on: 27 / December / 2007, 00:27:59 »
Quote from: GrAnd on 26 / December / 2007, 17:33:27
Quote from: muttley on 26 / December / 2007, 16:59:42
I made dump of firmware many times and now it's stable and don't change...
Where can I have it? :) Please upload it somewhere and post the link here.

And also put a link to the FW on the Wiki page that you created so that others can find it (and know that it exists)
Logged
*

Offline muttley

  • **
  • 51
  • + pilu x tutti!
    • A550 Porting
Re: A550 Porting...need help
« Reply #3 on: 27 / December / 2007, 07:03:19 »
this is the link: http://rapidshare.com/files/79372562/OriginalFirmware_a550v100c.rar.html

...but if you can...i would learn how to complete my port. Thanks...thanks!!!
Logged
*

Offline ctrl-alt-canc

  • *
  • 4
Re: A550 Porting...need help
« Reply #4 on: 30 / December / 2007, 10:54:19 »
Hi I'm new in this forum
I have an a550 and I'd like to contribute in porting the chdk to this camera.
Here's what I did until now:
-installed arm-elf-gcc
-downloaded the firmware
-created an a550 directory in /loader and /platform and copied the files from the a560 directory
-copied the firmware in /100c directory and renamed PRIMARY.BIN
-modified makefile.inc with 12624 (0x3150) as P-ID
-successfully compiled the trunk version for the a550
but when I put the files in the SD card and try to start the chdk the camera stops responding and I have to remove the batteries. I think it's normal, now it's time to disassemble the firmware.
ida does not work on my PC (don't know why) so I've used arm-elf-objdump to disassemble the firmware.

Now the questions:
-after rebooting the camera I find a file UpgradeLog.txt that contains 88 bytes of binary data, is that normal?
-now what I have to do? what I need to find in the disassembled firmware to get the chdk working?

Last thing:
When looking into the binary firmware with I found a link to a website hidden between binary data, to find it open the a550 firmware with an editor like khexedit and search "www.". Do somebody think it may be useful?
Logged
*

Offline muttley

  • **
  • 51
  • + pilu x tutti!
    • A550 Porting
Re: A550 Porting...need help
« Reply #5 on: 04 / January / 2008, 17:23:56 »
I can't help, but try to respond:

-after rebooting the camera I find a file UpgradeLog.txt that contains 88 bytes of binary data, is that normal?

yes, it's normal...always you execute a fir on your canon this file is generated. I don't think is import for us.

-When looking into the binary firmware with I found a link to a website hidden between binary data, to find it open the a550 firmware with an editor like khexedit and search "www.". Do somebody think it may be useful?

It's present in all others canon's firmware, it's only an about/help or like this...

Is there anyone that help us to understand the code disassembled by IDA...
I know enought ASM x86 (ARM...no problem), but in 4 MB i don't know WHERE & WHAT search!

While I'm waiting...I have redumping the firmware and find some error in previous!

THIS IS THE FINAL...I HOPE: http://rapidshare.com/files/81300076/dump0xFFC00000.rar.html
(four dump with blink g7, always the same)
Logged
*

Offline muttley

  • **
  • 51
  • + pilu x tutti!
    • A550 Porting
Re: A550 Porting...need help
« Reply #6 on: 06 / January / 2008, 17:43:36 »
boot.c is now ok...i hope! :xmas
I'm start from kernelinit and walking back in IDA...

Quote
void boot()
{
    long *canon_data_src = (void*)0xFFEEB4D0;
    long *canon_data_dst = (void*)0x1900;
    long canon_data_len = 0xB540;
    long *canon_bss_start = (void*)0xCE40; // just after data
    long canon_bss_len = 0x9F2B0 - 0xCE40;
    long i;

  ...


void h_usrInit()
{
    asm volatile (
      "STR     LR, [SP,#-4]!\n"
      "BL      sub_FFC01968\n"
      "MOV     R0, #2\n"
      "MOV     R1, R0\n"
      "BL      sub_FFCC1CEC\n"      //unknown_libname_201
      "BL      sub_FFCB6DB8\n"      //excVecInit
      "BL      sub_FFC011C4\n"
      "BL      sub_FFC01728\n"
      "LDR     LR, [SP],#4\n"
      "B       h_usrKernelInit\n"
    );
}

void  h_usrKernelInit()
{
    asm volatile (
      "STMFD   SP!, {R4,LR}\n"
      "SUB     SP, SP, #8\n"
      "BL      sub_FFCC21EC\n"      //classLibInit
      "BL      sub_FFCD2318\n"      //taskLibInit
      "LDR     R3, =0x4E60\n"
      "LDR     R2, =0x9C4C0\n"
      "LDR     R1, [R3]\n"
      "LDR     R0, =0x9D010\n"
      "MOV     R3, #0x100\n"
      "BL      sub_FFCCDF08\n"      //qInit
      "LDR     R3, =0x4E20\n"
      "LDR     R0, =0x51C0\n"
      "LDR     R1, [R3]\n"
      "BL      sub_FFCCDF08\n"      //qInit
      "LDR     R3, =0x4EDC\n"
      "LDR     R0, =0x9CFE4\n"
      "LDR     R1, [R3]\n"
      "BL      sub_FFCCDF08\n"      //qInit
      "BL      sub_FFCD66D4\n"      //workQInit
      "BL      sub_FFC012B0\n"
      "MOV     R4, #0\n"
      "MOV     R3, R0\n"
      "MOV     R12, #0x800\n"
      "LDR     R0, =h_usrRoot\n"
      "MOV     R1, #0x4000\n"
      "LDR     R2, =0xCF2B0\n"   // 0x9F2B0 + 0x30000
      "STR     R12, [SP]\n"
      "STR     R4, [SP,#4]\n"
      "BL      sub_FFCCF558\n" //kernelInit
      "ADD     SP, SP, #8\n"
      "LDMFD   SP!, {R4,PC}\n"
    );
}
...

void  h_usrRoot()
{
    asm volatile (
      "STMFD   SP!, {R4,R5,LR}\n"
      "MOV     R5, R0\n"
      "MOV     R4, R1\n"
      "BL      sub_FFC019D0\n"
      "MOV     R1, R4\n"
      "MOV     R0, R5\n"
      "BL      sub_FFCC6CA4\n"      //memInit
      "MOV     R1, R4\n"
      "MOV     R0, R5\n"
      "BL      sub_FFCC771C\n"      //memPartLibInit
      //"BL      sub_FFC017E8\n"      //nullsub_1
      "BL      sub_FFC01704\n"
      "BL      sub_FFC01A0C\n"
      "BL      sub_FFC019F0\n"
      "BL      sub_FFC01A38\n"
      "BL      sub_FFC019C4\n"
    );

    _taskCreateHookAdd(createHook);
    _taskDeleteHookAdd(deleteHook);

    drv_self_hide();

    asm volatile (
      "LDMFD   SP!, {R4,R5,LR}\n"
      "B       sub_FFC0136C\n"      //IsEmptyWriteCache_2
    );
}



Well, lib.c and stubs_entry_2.S...I don't know how to find the missing fuction:

stubs_entry_2.S
Quote
#find in IDA
NHSTUB(Close,  0xFFCC5108)
NHSTUB(Remove, 0xFFCC549C)
 
#near unmount
NHSTUB(Mount_FileSystem, 0xFFE214C4)

#there are readv and writev?! ...is it the same?
NHSTUB(Read,   0xFFCC5334)
NHSTUB(Write,  0xFFCC53B0)

NHSTUB(kbd_read_keys_r2, 0xFF???????)
NHSTUB(DisplayImagePhysicalScreen, 0xFF???????)
NHSTUB(free, 0xFF???????)
NHSTUB(SetZoomActuatorSpeedPercent, 0xFF???????) //null stub

...for lib.c nothing...nothing...nothing  :'(
« Last Edit: 06 / January / 2008, 17:47:14 by muttley »
Logged
*

Offline stranger

  • *
  • 10
  • [a530]
Re: A550 Porting...need help
« Reply #7 on: 09 / January / 2008, 18:36:45 »
First of all, I'm working on porting the A530.

muttley, your XREF hint on the wiki page was very helpful. ^_^  I think I have boot.c right now, though I was unsure about the boot() function, so I followed your example.  So hopefully you were right. ;)
Quote from: A530 boot.c

void boot()
{
    long *canon_data_src = (void*)0xFFEDE3C0;
    long *canon_data_dst = (void*)0x1900;
    long canon_data_len = 0xB8D0;
    long *canon_bss_start = (void*)0xD1D0;
    long canon_bss_len = 0x91C70 - 0xD1D0;

[...]
The line for canon_data_src looked like this, so I'm not sure. :(:
Quote from: A530 IDA disassembly
ROM:FFC0017C off_FFC0017C    DCD unk_FFEDE3C0        ; DATA XREF: ROM:FFC0010

Other than that, I'm now in the same boat.  I don't know where to start with lib.c, and I haven't found anything with IDA so far.  the lib.c from the A540 source code has some helpful-looking comments, but I still can't figure out how to find the right values.  (Some of them were commented out for some reason.  :-[)
Quote from: A540 lib.c
[commented out]
char *hook_raw_image_addr()
{
    return (char*)0x105B8AC0; // OK (find on ".crw")
}

long hook_raw_size()
{
    return 0x75A8F0; // OK (find on ".crw")
}

[commented out]

void *vid_get_bitmap_fb()
{
    return (void*)0x103C79A0; // OK (find in _CreatePhysicalVram)
}

void *vid_get_viewport_fb()
{
    return (void*)0x105F17A0; // OK (find on "VRAM Address  : %p")
}

void *vid_get_viewport_fb_d()
{
    return (void*)(*(int*)0x60BA0); // OK (find on "WBTblAdj.c")
}
[...]


Here is my stubs_entry_2.S, I guess I was lucky.  (It does look very much like stubs_entry_2.S from the A540 source.)  But I can't find free.  I know there is information about it in signatures.h and IDA looks for it.
Quote from: A530 stubs_entry_2.S

#include "stubs_asm.h"

NHSTUB(VbattGet,  0xFFC1C000) //found w/ IDA
NHSTUB(free,  0xFFC0A748) //not found yet (used FreeMemory)

//null stub (S2/S3 only apparently)
NHSTUB(SetZoomActuatorSpeedPercent, 0xFFC017E8) //used nullsub_1

I've modified things similarly to how muttley has (A550 wiki page has more detail), and the rest is A560 code.  When I compile it and try to load it the LCD turns off, the power led blinks off briefly, the green viewfinder led blinks on briefly, then the LCD comes on again with the regular firmware.

Could someone perhaps give us some hints on how to find these things for lib.c and stubs_entry_2.S? :)  And muttley, if you've made any further progress or have any further insight I'd love to hear it.  I have a friend who is also interested in your A550 port for his camera.
Logged
*

Offline muttley

  • **
  • 51
  • + pilu x tutti!
    • A550 Porting
Re: A550 Porting...need help
« Reply #8 on: 10 / January / 2008, 06:27:40 »
i'm very happy that my work is helpful for someone... 8)

...I hope someone help us for complete the porting  :'(  :'(  :'(

Quote
Could someone perhaps give us some hints on how to find these things for lib.c and stubs_entry_2.S?


I would add only some word: pleaseeeeeeeeeeeeeeeee!!!
« Last Edit: 10 / January / 2008, 06:38:56 by muttley »
Logged
*

Offline muttley

  • **
  • 51
  • + pilu x tutti!
    • A550 Porting
Re: A550 Porting...need help
« Reply #9 on: 10 / January / 2008, 12:48:12 »
for stranger:

If you wanna find the canon_data_src address without error, it's enought a HexEditor.

Open your firmware (.bin) and search in ASCII-mode this string: start of data

example:

if you find the string at the address: 0x002EB4D4  (address of the lecter 's')
then the canon_data_src is: 0x002EB4D0

good luck!

p.s. I hope my senteces are right  :P
Logged
Pages: [1] 2 3 4 5 6 ... 10   Go Up
« previous next »
 

Related Topics