Where do I get the BIG picture of CHDK ? - page 2 - Script Writing - CHDK Forum supplierdeeply

Where do I get the BIG picture of CHDK ?

  • 25 Replies
  • 15788 Views
*

linuxGuy

Re: Where do I get the BIG picture of CHDK ?
« Reply #10 on: 07 / December / 2007, 13:21:48 »
Advertisements
Is there a developer mailing list ?  (Very handy for newbie developers... subscribe and read the chatter going back and forth between the developers... great way to learn.)

Thanks.

*

Offline GrAnd

  • ****
  • 916
  • [A610, S3IS]
    • CHDK
Re: Where do I get the BIG picture of CHDK ?
« Reply #11 on: 07 / December / 2007, 15:07:14 »
> 1) The ARM processor core has a JTAG port built into it.  Has anyone investigated if the processor (or board !) had a JTAG port on it ?
Nope. The whole CHDK is developed without taking a screwdriver. If you so brave you can try to find.

> 2) Most ARM processors have a provision for encrypting the contents of the ROM.  Apparently the ROMs on the cameras are not encrypted, thus the firmware can be dumped ?  Do I have this right ?
I did not know that the ROM can be encrypted. But lucky, Canon's DIGIC do not use this feature.

> 3) What tools are developers using to debug the code they write?
No tools. At all. :) The most hardware dependent part was implemented a long ago, so the camera hangs very rarely. If we need an indicator that the code reach some point, we use any LED (switching it ON).

> I saw a routine for blinking the camera LED. 
It's just for firmware dumping.

> What sort of baud rate can be accomplished doing that and has anyone written/run a monitor to help with debugging?
Someone dumped a firmware on ~10000 bits per second.

> 4) What hardware specs are we working with ?  Typical processor speed, exact processor model, ROM/RAM/(e)Eprom sizes ?
No specs. It's a fun. :D
Processor - Digic II or Digic III (with ARM9 core integrated). 32M RAM. Eprom - we do not use it.

> 5) I assume that all of the code stored in the current repository is for the VxWorks OS.   
Yes.

> How is the code going to be organized when we start working on the DryOS OS ? Total fork ?  Integrated into the current structure ?
Who knows. We return to this question when such porting will be done.

> 6) What tools are being used for disassembly?
Mostly - IDA Pro.

> How are various routines discovered for a camera?
One of the Camon's firmware updates had more than 5000 function names. And there is a lot of text strings in the firmware.

> I assume the disassembler can find the function pre and post setup code and functions can be found, but how are the developers determining what they do ?
Why you do not read For Developers, especially this?

> 6) Has the DryOS firmware been dumped by anyone yet? 
This!

> Is there a functioning "blink the LED" program for a DryOS camera?
This! And this!

> 7) If I am going to start working on CHDK stuff, with the eventual goal of getting the G9 and 40D cameras working, where do you suggest that I start ? Ie with what tasks ?  Should I do some work on a VxWorks camera to get the feel for it ? (Even though I don't own a VxWorks camera...)
I have no answer to this question...
CHDK Developer.

*

Offline GrAnd

  • ****
  • 916
  • [A610, S3IS]
    • CHDK
Re: Where do I get the BIG picture of CHDK ?
« Reply #12 on: 07 / December / 2007, 15:09:08 »
Is there a developer mailing list ?
No. Just Wiki and forums (mostly Russian :))
CHDK Developer.

*

linuxGuy

Re: Where do I get the BIG picture of CHDK ?
« Reply #13 on: 07 / December / 2007, 15:30:40 »
> 1) The ARM processor core has a JTAG port built into it.  Has anyone investigated if the processor (or board !) had a JTAG port on it ?
Nope. The whole CHDK is developed without taking a screwdriver. If you so brave you can try to find.

I might do that.  If there is a port, it would make debugging a lot easier.  Set break points, etc.  I use a JTAG debugger for my LPC21XX projects. (Olimex USB JTAG to be exact...)

Quote
> 2) Most ARM processors have a provision for encrypting the contents of the ROM.  Apparently the ROMs on the cameras are not encrypted, thus the firmware can be dumped ?  Do I have this right ?[/i]
I did not know that the ROM can be encrypted. But lucky, Canon's DIGIC do not use this feature.

OK.  Its in the ARM documentation.  If someone tells me what processor they think we are using, I'll do some searching and find relevant documentation.

Quote
> 3) What tools are developers using to debug the code they write?
No tools. At all. :) The most hardware dependent part was implemented a long ago, so the camera hangs very rarely. If we need an indicator that the code reach some point, we use any LED (switching it ON).

OK.  I've done a lot of microcontroller development.  I've found it useful to get a serial port working for debugging purposes.  It allows one to embed print (printf) statements in the code and track variable values, etc.  One might be able to use the same LED setup that is used for dumping the firmware.

Quote
> I saw a routine for blinking the camera LED. 
It's just for firmware dumping.

So far...

Quote
> What sort of baud rate can be accomplished doing that and has anyone written/run a monitor to help with debugging?
Someone dumped a firmware on ~10000 bits per second.

OK.  Certainly enough to output data from.

Quote
> 4) What hardware specs are we working with ?  Typical processor speed, exact processor model, ROM/RAM/(e)Eprom sizes ?
No specs. It's a fun. :D

Not even any guesses ?  Which ARM core are we working with ?  Is it the same for Digic II and III ?  You could be able to read and dump the processor code and decipher something from that.

Quote
Processor - Digic II or Digic III (with ARM9 core integrated). 32M RAM. Eprom - we do not use it.

Are they both ARM9, or just the Digic III ?

Quote
> 5) I assume that all of the code stored in the current repository is for the VxWorks OS.   
Yes.

> How is the code going to be organized when we start working on the DryOS OS ? Total fork ?  Integrated into the current structure ?
Who knows. We return to this question when such porting will be done.

How do you recommend I proceed with regards to code organization ?

Quote
> 6) What tools are being used for disassembly?
Mostly - IDA Pro.

Does IDA Pro run on Linux ?   Is there a Linux equivalent tool ?  I know that most gcc tools have some disassembly components to them.  gbd needs this to step through stack traces.  But that is about all I know.

Quote
> How are various routines discovered for a camera?
One of the Camon's firmware updates had more than 5000 function names. And there is a lot of text strings in the firmware.

OK.

Quote
> I assume the disassembler can find the function pre and post setup code and functions can be found, but how are the developers determining what they do ?
Why you do not read For Developers, especially this?

I read that.  Basically it shows me that IDA Pro is finding the functions by the pre and post function routines.  OK.  But that doesn't tell me how the developers are finding what those routines do.  Are they calling them and seeing if the focus motor moves, for example or what ?  Are they tracing the addresses written to and figuring out that 0x123 is the port that fires the flash ?  

Its one thing to find functions in code, another to figure out what those functions do.

This isn't "normal" software development.  If the CHDK team wants more developers and a better development system to evolve over time, they need to share what they are doing now so that others can use that as a starting point.

Again, if you feed me information, I will start documenting things.

Quote
> 6) Has the DryOS firmware been dumped by anyone yet? 
This!

I read that.  First of all it doesn't say if anyone has actually dumped the DryOS firmware.   It points to the Canon DryOS site and 100 rambling posts (including feature discussions) on DPreview.com.  I repeat my question: Has anyone dumped the DryOS firmware ?

I guess someone has because the DPReview post says "But, there is a positive moment - the hardware part is still unchanged (ARM9), because BOOTDISK blinker works."

I guess I also should have noticed that the A720IS and S5IS have been dumped by their colors.  They are Digic III and DryOS.


Quote
> Is there a functioning "blink the LED" program for a DryOS camera?
This! And this!

Same thing !  First of all, the processor list on the first page has the G9 and 40D as Digic II processors.  CLEARLY they are not !  Then it shows that the 40D is of status "either original firmware or firmware dump is available; porting is needed".   Again I repeat my question !  HAS ANYONE DUMPED THE DRYOS FIRMWARE ?  (See my answer above on the DPReview post.)

"Firmware extraction using the blinker was some trouble but worked."
here: http://chdk.wikia.com/wiki/A720IS


The Wiki is nice.  Its a great OVERVIEW.  But it is just that, an overview.  As I have shown it doesn't answer the in depth questions that a developer needs answered and it isn't 100% correct.

Teach me and feed me information and I will document and organize as I go.
« Last Edit: 07 / December / 2007, 15:42:26 by linuxGuy »


*

linuxGuy

Re: Where do I get the BIG picture of CHDK ?
« Reply #14 on: 07 / December / 2007, 15:31:45 »
(I know of a moderator that is getting an itchy "smiting finger". :D )

I don't understand what you are saying here.  Please clarify.

*

Offline GrAnd

  • ****
  • 916
  • [A610, S3IS]
    • CHDK
Re: Where do I get the BIG picture of CHDK ?
« Reply #15 on: 07 / December / 2007, 15:52:20 »
> It allows one to embed print (printf) statements in the code and track variable values, etc.
From the code of original firmware it has the printf function. Canon's firmware uses it a lot of places, especially for the assertions. But, nobody knows how to connect to that serial? console.
Also, there is a console (VxWorks) which allows to enter some commands, but its useless.

> Are they both ARM9, or just the Digic III ?
Both.

> Does IDA Pro run on Linux ?
Do you know how to use Google? The first link is - http://www.datarescue.com/idabase/linux/index.htm

> Its one thing to find functions in code, another to figure out what those functions do.
Disassembled code and imagination. We do not have a debugger, emulator and something similar to trace a code.

> HAS ANYONE DUMPED THE DRYOS FIRMWARE ?
Again. Do you have eyes?  >:( I provided you with the link to the page, which has only two external links, and one of them is the link to the firmware dump.
CHDK Developer.

*

linuxGuy

Re: Where do I get the BIG picture of CHDK ?
« Reply #16 on: 07 / December / 2007, 16:11:02 »
> Its one thing to find functions in code, another to figure out what those functions do.
Disassembled code and imagination. We do not have a debugger, emulator and something similar to trace a code.

So once again, how are you figuring out what does what ?  Do you call the functions ?  Do you blink an LED when something is called and then infer what happened ?  Are you able to figure out the functionality from the addresses ?

Quote
> HAS ANYONE DUMPED THE DRYOS FIRMWARE ?
Again. Do you have eyes?  >:( I provided you with the link to the page, which has only two external links, and one of them is the link to the firmware dump.

The top line of the first link says: "Recently Ian Smith reported over at DpReview that he had success in getting the camera to respond to file on a bootable disk, and was hopeful he would soon be able to get a firmware dump. Still at an early stage, but there is hope."

Based upon reading that, I exited the page.  However at the bottom of the page it says that a copy of the firmware was dumped.  The first line on that page is misleading.  I suggest it be changed.

I also recommend that the G9 and 40D be moved to under the Digic III list.

*

Offline GrAnd

  • ****
  • 916
  • [A610, S3IS]
    • CHDK
Re: Where do I get the BIG picture of CHDK ?
« Reply #17 on: 07 / December / 2007, 16:30:17 »
> So once again, how are you figuring out what does what ?  Do you call the functions ? 
If a function is attractive enough, yes, we call it to what will happen.

> Do you blink an LED when something is called and then infer what happened ?
Why? We know how to output a text to the camera LCD screen.

> Are you able to figure out the functionality from the addresses ?
Yes.  ;)
Not from the address. But from the name, text strings it uses, back/forward references in disassembler code, etc.

> Based upon reading that, I exited the page.  However at the bottom of the page it says that a copy of the firmware was dumped.  The first line on that page is misleading.  I suggest it be changed.
Mostly, a camera-related pages in the wiki describes history of the porting process. So, everyone can trace the stages which the others went through.

> I also recommend that the G9 and 40D be moved to under the Digic III list.
They are already there. Not under the DryOS, because it is not proved yet.
« Last Edit: 07 / December / 2007, 16:32:35 by GrAnd »
CHDK Developer.


*

linuxGuy

Re: Where do I get the BIG picture of CHDK ?
« Reply #18 on: 07 / December / 2007, 18:01:36 »
> I also recommend that the G9 and 40D be moved to under the Digic III list.
They are already there. Not under the DryOS, because it is not proved yet.

a) Someone replied to me in another post that they were 99.999% sure that the G9 was DryOS.

b) We know the G9 is Digic III, not Digic II. Canon told us.  So it should be moved to under Digic III, regardless of whether it is VxWorks or DryOS.

c) If we aren't sure what OS it has, it shouldn't be under DryOS or VxWorks.  It should be "unknown".

These might seem like trivial details to someone that has been hanging around, but for newbies like myself they are red herrings.  The generate mis information.

And thanks to whomever set my karma to -1 !  *rollseyes.

Re: Where do I get the BIG picture of CHDK ?
« Reply #19 on: 07 / December / 2007, 22:08:35 »
a) Someone replied to me in another post that they were 99.999% sure that the G9 was DryOS.
Without a FW dump (even if partial), it is just a guess based on release date.  (We were "highly confident" Iran was still developing nukes, and now we are "highly confident" they are not.)

b) We know the G9 is Digic III, not Digic II. Canon told us.  So it should be moved to under Digic III, regardless of whether it is VxWorks or DryOS.
It always has been listed as Digic III at the Wiki site.

c) If we aren't sure what OS it has, it shouldn't be under DryOS or VxWorks.  It should be "unknown".
There.  I "fixed" the wiki, FWIW.  Which is not a lot.  (Not sure what that new information allows you to do)

And thanks to whomever set my karma to -1 !  *rollseyes.
I don't know; you're either an arrogant bullshitter or you'll have a G9 CHDK version of the Allbest build (on steroids!) in 7 days (or both).  In any event, you are entertaining.

 

Related Topics