Signature verification prior to startup - page 4 - General Discussion and Assistance - CHDK Forum

Signature verification prior to startup

  • 83 Replies
  • 42494 Views
*

Offline srsa_4c

  • ******
  • 4451
Re: Signature verification prior to startup
« Reply #30 on: 22 / September / 2013, 09:19:21 »
Advertisements
Next patch.

Modified the two sigfinders to always output the P-ID location (even when the dump is short). Almost all VxWorks cameras are assumed to use the same address for P-ID, exception: ixus30/40. The ixus700 is assumed to use the "new" location (a full fw dump is needed to confirm this).
I have slightly modified check_compat.c to skip P-ID check when no data is available - in case it's decided that for example the location of all Vx P-IDs can't be proven due to many too short dumps.
Firmware version strings are assumed to have the GM prefix, but this only matters if there are compatible fw revisions for a given model. This is not a problem, because none of the non-conforming models have compatible revisions.
Problem list updated, see previous post.

*

Offline philmoz

  • *****
  • 3450
    • Photos
Re: Signature verification prior to startup
« Reply #31 on: 27 / September / 2013, 17:21:57 »
Next patch.

Modified the two sigfinders to always output the P-ID location (even when the dump is short). Almost all VxWorks cameras are assumed to use the same address for P-ID, exception: ixus30/40. The ixus700 is assumed to use the "new" location (a full fw dump is needed to confirm this).
I have slightly modified check_compat.c to skip P-ID check when no data is available - in case it's decided that for example the location of all Vx P-IDs can't be proven due to many too short dumps.
Firmware version strings are assumed to have the GM prefix, but this only matters if there are compatible fw revisions for a given model. This is not a problem, because none of the non-conforming models have compatible revisions.
Problem list updated, see previous post.

IXUS700 1.01a:
- Camera name is at 0xFFD70110
- P-ID is at 0xFFD70130

So there is at least one other combination to deal with.

This is the issue I kept hitting trying to use the new finsig_dryos code in finsig_vxworks - all the short dumps mess things up :(

Phil.
CHDK ports:
  sx30is (1.00c, 1.00h, 1.00l, 1.00n & 1.00p)
  g12 (1.00c, 1.00e, 1.00f & 1.00g)
  sx130is (1.01d & 1.01f)
  ixus310hs (1.00a & 1.01a)
  sx40hs (1.00d, 1.00g & 1.00i)
  g1x (1.00e, 1.00f & 1.00g)
  g5x (1.00c, 1.01a, 1.01b)
  g7x2 (1.01a, 1.01b, 1.10b)

*

Offline srsa_4c

  • ******
  • 4451
Re: Signature verification prior to startup
« Reply #32 on: 27 / September / 2013, 18:42:32 »
IXUS700 1.01a:
- Camera name is at 0xFFD70110
- P-ID is at 0xFFD70130

So there is at least one other combination to deal with.
Thanks. Looks like we can't be 100% certain in the pre-summer 2005 cameras (like the s2is, ixus50). Can you share that dump?
We could use the build date string instead, it's always in the "code" part of the dump, and it should be easy to find it (GetBuildDate).

Quote
This is the issue I kept hitting trying to use the new finsig_dryos code in finsig_vxworks - all the short dumps mess things up :(
Since almost all Vx cams are supported now, the sole purpose of an upgraded finsig_vxworks would be to make the newly added functions available on Vx cams. Implementing all finsig_dryos functionality is not needed, IMHO.

*

Offline reyalp

  • ******
  • 14126
Re: Signature verification prior to startup
« Reply #33 on: 27 / September / 2013, 22:50:13 »
We could use the build date string instead, it's always in the "code" part of the dump, and it should be easy to find it (GetBuildDate).
That seems like it would be OK to me, although I think it would also be OK to only check the cameras we have full dumps for. It would be pretty surprising if loading the wrong version on one of these really old cameras was fatal and had gone unnoticed until now.

Don't forget what the H stands for.

*

Offline philmoz

  • *****
  • 3450
    • Photos
Re: Signature verification prior to startup
« Reply #34 on: 30 / September / 2013, 05:31:31 »
CHDK ports:
  sx30is (1.00c, 1.00h, 1.00l, 1.00n & 1.00p)
  g12 (1.00c, 1.00e, 1.00f & 1.00g)
  sx130is (1.01d & 1.01f)
  ixus310hs (1.00a & 1.01a)
  sx40hs (1.00d, 1.00g & 1.00i)
  g1x (1.00e, 1.00f & 1.00g)
  g5x (1.00c, 1.01a, 1.01b)
  g7x2 (1.01a, 1.01b, 1.10b)

*

Offline srsa_4c

  • ******
  • 4451
Re: Signature verification prior to startup
« Reply #35 on: 30 / September / 2013, 14:04:33 »
IXUS 700 1.01a dump
Thanks.

We could use the build date string instead, it's always in the "code" part of the dump, and it should be easy to find it (GetBuildDate).
That seems like it would be OK to me, although I think it would also be OK to only check the cameras we have full dumps for. It would be pretty surprising if loading the wrong version on one of these really old cameras was fatal and had gone unnoticed until now.
True, finding eventprocs would require an upgraded finsig anyway.

I still haven't tested the auto generation of bin_compat.h on all cameras. I think I managed to download all existing dumps, but I still have to write some script that creates all the necessary symlinks to the PRIMARY.BIN files...

*

Offline philmoz

  • *****
  • 3450
    • Photos
Re: Signature verification prior to startup
« Reply #36 on: 30 / September / 2013, 15:46:08 »
I still haven't tested the auto generation of bin_compat.h on all cameras. I think I managed to download all existing dumps, but I still have to write some script that creates all the necessary symlinks to the PRIMARY.BIN files...

So long as the directory structure where you stored the PRIMARY.BIN files matches the core 'platform' directory then you can just set PRIMARY_ROOT to the dump directory in localbuildconf.inc.

Phil.
CHDK ports:
  sx30is (1.00c, 1.00h, 1.00l, 1.00n & 1.00p)
  g12 (1.00c, 1.00e, 1.00f & 1.00g)
  sx130is (1.01d & 1.01f)
  ixus310hs (1.00a & 1.01a)
  sx40hs (1.00d, 1.00g & 1.00i)
  g1x (1.00e, 1.00f & 1.00g)
  g5x (1.00c, 1.01a, 1.01b)
  g7x2 (1.01a, 1.01b, 1.10b)

*

Offline srsa_4c

  • ******
  • 4451
Re: Signature verification prior to startup
« Reply #37 on: 30 / September / 2013, 18:13:31 »
So long as the directory structure where you stored the PRIMARY.BIN files matches the core 'platform' directory then you can just set PRIMARY_ROOT to the dump directory in localbuildconf.inc.
That's very useful, thanks!  :)

*

Offline philmoz

  • *****
  • 3450
    • Photos
Re: Signature verification prior to startup
« Reply #38 on: 30 / September / 2013, 18:37:12 »
We could use the build date string instead, it's always in the "code" part of the dump, and it should be easy to find it (GetBuildDate).
That seems like it would be OK to me, although I think it would also be OK to only check the cameras we have full dumps for. It would be pretty surprising if loading the wrong version on one of these really old cameras was fatal and had gone unnoticed until now.
True, finding eventprocs would require an upgraded finsig anyway.

Attached is a rework of finsig_vxworks using the finsig_dryos code.
It also includes your changes for signature verification.

I had to add some an entry to stubs_entry_2.s for kbd_pwr_off for some cameras since the updated code was finding the wrong address.
I only have one vxworks camera to test on; but as far as I can tell it works ok - more testing is required though.

Some stuff is commented out (modemap, stubs_min checks etc).
You'll have to rebuild to get the funcs_by_XXX.csv and bin_compat.h files - I left these out of the patch.

Phil.
CHDK ports:
  sx30is (1.00c, 1.00h, 1.00l, 1.00n & 1.00p)
  g12 (1.00c, 1.00e, 1.00f & 1.00g)
  sx130is (1.01d & 1.01f)
  ixus310hs (1.00a & 1.01a)
  sx40hs (1.00d, 1.00g & 1.00i)
  g1x (1.00e, 1.00f & 1.00g)
  g5x (1.00c, 1.01a, 1.01b)
  g7x2 (1.01a, 1.01b, 1.10b)

*

Offline srsa_4c

  • ******
  • 4451
Re: Signature verification prior to startup
« Reply #39 on: 30 / September / 2013, 19:44:17 »
Attached is a rework of finsig_vxworks using the finsig_dryos code.
It also includes your changes for signature verification.

I had to add some an entry to stubs_entry_2.s for kbd_pwr_off for some cameras since the updated code was finding the wrong address.
I only have one vxworks camera to test on; but as far as I can tell it works ok - more testing is required though.

Some stuff is commented out (modemap, stubs_min checks etc).
You'll have to rebuild to get the funcs_by_XXX.csv and bin_compat.h files - I left these out of the patch.
:xmas Thank you very much. I did not expect this, I was expecting some hints about how to do the transition to the new code base.

Does the added code that generates bin_compat.h run correctly on Windows?

I'll probably have more questions later.

 

Related Topics


SimplePortal © 2008-2014, SimplePortal