Signature verification prior to startup - page 3 - General Discussion and Assistance - CHDK Forum

Signature verification prior to startup

  • 83 Replies
  • 43167 Views
*

Offline reyalp

  • ******
  • 14128
Re: Signature verification prior to startup
« Reply #20 on: 30 / August / 2013, 18:09:29 »
Advertisements
Attached patch is my take on this.
Looks good, I guess.
So, the things that are missing:
- build system change (a script?) to generate bin_compat.h from stubs_entry.S, camera_list.csv
My thought was
sig finder outputs the PID address, version string address and version string for the "current" cameras. These are mostly there already, could just output comments in a format suitable for pasting into bin_compat.h

The default  bin_compat.h just uses these default entries.

Any cross compatible cameras are added to bin_compat.h manually. For future ports, this shouldn't be a big deal, when you add the "as copy" to the camera list, you need to add it to bin_compat.h

Quote
- identify equivalent P-IDs if needed (btw. does ps.fi2 of the 'other' camera even work on these 'equivalent' models?)
No, they don't, that's one of the main reason we have builds for e.g. both sx240 and sx260.

In fact, I'm not sure cross- PID compatibility is something we really need to support in builds with the check enabled. Since we don't know in advance which are compatible, people who want to try would need a special build with the check disabled anyway. Once we know, it works, the platform will become a separate build.
Quote
For which models should this check be introduced? All DryOS cams, or only for selected models?
Good question. If we follow the scheme above, adding all the ones that don't have copied firmwares should be safe and fairly easy to automate. For the rest, it's more complicated because we don't necessarily have dumps of the compatible firmwares. Is it possible the version string could move if all the functions were compatible?
Don't forget what the H stands for.

*

Offline philmoz

  • *****
  • 3450
    • Photos
Re: Signature verification prior to startup
« Reply #21 on: 30 / August / 2013, 19:09:52 »
Attached patch is my take on this.
Looks good, I guess.
So, the things that are missing:
- build system change (a script?) to generate bin_compat.h from stubs_entry.S, camera_list.csv
My thought was
sig finder outputs the PID address, version string address and version string for the "current" cameras. These are mostly there already, could just output comments in a format suitable for pasting into bin_compat.h

The default  bin_compat.h just uses these default entries.

Any cross compatible cameras are added to bin_compat.h manually. For future ports, this shouldn't be a big deal, when you add the "as copy" to the camera list, you need to add it to bin_compat.h

Since the number of 'cross compatible' cameras is pretty small compared to the total number of cameras now supported, why not just create real CHDK builds for them?

Phil.
CHDK ports:
  sx30is (1.00c, 1.00h, 1.00l, 1.00n & 1.00p)
  g12 (1.00c, 1.00e, 1.00f & 1.00g)
  sx130is (1.01d & 1.01f)
  ixus310hs (1.00a & 1.01a)
  sx40hs (1.00d, 1.00g & 1.00i)
  g1x (1.00e, 1.00f & 1.00g)
  g5x (1.00c, 1.01a, 1.01b)
  g7x2 (1.01a, 1.01b, 1.10b)

*

Offline reyalp

  • ******
  • 14128
Re: Signature verification prior to startup
« Reply #22 on: 31 / August / 2013, 00:05:41 »
Since the number of 'cross compatible' cameras is pretty small compared to the total number of cameras now supported, why not just create real CHDK builds for them?
That's an idea.

By my count there are about 30 total (including vxworks), with a few that are used for more than one firmware, so it would be a non-trivial amount of copied code. The other problem is I don't think we have firmware dumps for a lot of them, so the actual matching version string couldn't be automated anyway.

I wondered if the version string address would be compatible (so you could use the same offset with 100b instead of 100a). I think this should always be true if CHDK works between versions, because the version string is quite early in the firmware. If it was at a different offset, the following functions would almost certainly have moved.
Don't forget what the H stands for.

*

Offline srsa_4c

  • ******
  • 4451
Re: Signature verification prior to startup
« Reply #23 on: 31 / August / 2013, 08:29:43 »
I wondered if the version string address would be compatible (so you could use the same offset with 100b instead of 100a). I think this should always be true if CHDK works between versions, because the version string is quite early in the firmware. If it was at a different offset, the following functions would almost certainly have moved.
+1

Since the number of 'cross compatible' cameras is pretty small compared to the total number of cameras now supported, why not just create real CHDK builds for them
There might be users out there who rely on that compatibility - see for example the a1100, a2000 lines in camera_list.csv.

*

Offline reyalp

  • ******
  • 14128
Re: Signature verification prior to startup
« Reply #24 on: 31 / August / 2013, 12:52:34 »
So for the version string check, we can simplify so that it's just one address (determined by the sig finder) and a list of strings to match.

There might be users out there who rely on that compatibility - see for example the a1100, a2000 lines in camera_list.csv.
I'm not sure I follow. I think what phil was suggesting was just to make copies in the source tree, so for say a2000, you'd have new subs for 100a and 100b, which would be identical to 100c except for the version check.

It would save the occasionally confusion where someone sees the splash screen says 100c when their they downloaded the 100b "copy" build. This isn't a big deal though.

If someone had multiple cameras with different (compatible) versions, I guess that would be slightly inconvenient.

That said, adding a copy requires testing and adding the line to camera_list, so I don't see adding a line to  bin_compat.h would be a big deal.
Don't forget what the H stands for.

*

Offline srsa_4c

  • ******
  • 4451
Re: Signature verification prior to startup
« Reply #25 on: 31 / August / 2013, 15:49:41 »
There might be users out there who rely on that compatibility - see for example the a1100, a2000 lines in camera_list.csv.
...
If someone had multiple cameras with different (compatible) versions, I guess that would be slightly inconvenient.
This is what I meant, people who could freely interchange cards due to compatible fw revisions of their cameras would be more or less inconvenienced.

*

Offline lapser

  • *****
  • 1093
Re: Signature verification prior to startup
« Reply #26 on: 31 / August / 2013, 18:22:13 »
I just wanted to report that I messed up again and tried to boot the new D20 with the SX260 SD card installed by mistake. Nothing visible happened when I pressed the power on. I took the card and battery out, then put the battery back in and tried to turn the camera on with no card installed. Again, the camera didn't respond to the power on button.

I thought I had created another "brick". I took the battery back out and this time left it out for about 5 minutes. Then it powered on and gave the "no SD card" message. I put the correct SD card in and CHDK booted. Whew!

This same thing has happened on the SX260 when I put the G1X card in by mistake. I had to send my original SX26_100b to Canon for replacement (under warranty) when I didn't realize what was happening, and probably repeatedly tried to boot it with the wrong SD card.

Anyway, I labeled all 4 SD cards with the correct camera name, so I hopefully won't repeat the error in the future.

So if you press the power button and nothing happens, I suggest taking the battery and SD card out for 5 minutes. Then insert just the battery and try to power on without an SD card. Then insert the correct SD card for the camera, and try to again.

[EDIT]
I'm not clear from reviewing the recent posts here, but did you find a way to check that the correct SD card is installed even on cameras with different boot encoding?
« Last Edit: 31 / August / 2013, 18:29:26 by lapser »
EOS-M3_120f / SX50_100b / SX260_101a / G1X_100g / D20_100b
https://www.youtube.com/user/DrLapser/videos

Re: Signature verification prior to startup
« Reply #27 on: 31 / August / 2013, 18:40:05 »
So if you press the power button and nothing happens, I suggest taking the battery and SD card out for 5 minutes. Then insert just the battery and try to power on without an SD card. Then insert the correct SD card for the camera, and try to again.
When pulling the battery from anything in an attempt to reset,  its usually a good idea to then press the power on/off switch for a couple of seconds.   That can save you the 5 minute wait sometimes.
Ported :   A1200    SD940   G10    Powershot N    G16

*

Offline reyalp

  • ******
  • 14128
Re: Signature verification prior to startup
« Reply #28 on: 31 / August / 2013, 18:43:43 »
I'm not clear from reviewing the recent posts here, but did you find a way to check that the correct SD card is installed even on cameras with different boot encoding?
No, as I have explained several times, this is completely impossible without modifying the Canon firmware.  Re-flashing the factory ROM would be very likely to cause more bricking than it would ever prevent.

However, the D20 and SX260 use the same encoding, so theoretically the stuff discussed here would have caught it. Whether the visible outcome was would be any different I'm not sure, since all it can do is go into an infinite loop if it detects the wrong PID.
Don't forget what the H stands for.

*

Offline srsa_4c

  • ******
  • 4451
Re: Signature verification prior to startup
« Reply #29 on: 10 / September / 2013, 18:44:04 »
Not forgotten.
Attached is another work-in-progress patch. Build system modified to create bin_compat.h automatically, using stubs_entry.S and camera_list.csv.
Problems:
- No suitable stubs_entry.S on VxWorks
- Compatible P-IDs are ignored
- It assumes that the fw version string starts with "Firmware Ver " (wrong on at least the ixus30/40) > Not a problem.
- Also assumes a GM prefix for the version number (not present on at least the ixus30/40) > Not a problem.
- Not optimal makefile code, not tested on windows
- perhaps the finsig modifications aren't optimal either


Regarding the VxWorks situation: most available Vx ROM dumps are too short. The only information that could be retrieved from short dumps (realistically) is the firmware revision.
I see however a pattern: except the first two Ixus models (30/40), all Vx cameras appear to use the same ROM addresses for P-ID and model name: 0xfffe0130 and 0xfffe0110 respectively. This seems to match DryOS r20...r39 cameras.

Patch updated with a finsig_vxworks modification: it should at least get the firmware string and its location correctly. The location of P-ID should be the above mentioned address in most cases, ixus30/40 are the known exceptions. The ixus700 is another special case: the firmware string is different from both the earlier ixus30/40 and the followup vx models, it could be that the P-ID is at a different address too - the dumps are too short unfortunately.
« Last Edit: 22 / September / 2013, 09:22:15 by srsa_4c »

 

Related Topics


SimplePortal © 2008-2014, SimplePortal