IXUS145/ELPH135 1.00C fw dump

  • 25 Replies
  • 7757 Views
*

Offline alvm

  • ***
  • 116
IXUS145/ELPH135 1.00C fw dump
« on: 27 / March / 2014, 08:06:40 »
Advertisements
https://app.box.com/s/r7vv5wxatb5u6m73lwjj

DRYOS version 2.3, release #0054+p3

I'm not sure about start address.

Dumping from 0xFF810000, but "gaonisoy" signature is placed at 0xFF820004 after bootloader. Somebody check dump, please.

« Last Edit: 02 / April / 2014, 09:33:08 by alvm »

*

Offline nafraf

  • *****
  • 1271
Re: IXUS145/ELPH350 1.00C fw dump
« Reply #1 on: 27 / March / 2014, 10:19:38 »
I'm not sure about start address.
Maybe 0xff020000?  That was the start address for ixus265_elph340hs (DryOS 54+p3).

*

Offline alvm

  • ***
  • 116
Re: IXUS145/ELPH135 1.00C fw dump
« Reply #2 on: 27 / March / 2014, 10:59:23 »
I think, 0xFF820000 is start address :

ROM:FF810774                 ADR     R0, aRomstarterVer3 ; "#RomStarter Ver3.10 for EC368/369\n\r"
ROM:FF810778                 BL      sub_FF81070C
ROM:FF81077C                 CMP     R0, #0
ROM:FF810780                 BEQ     loc_FF8107AC
ROM:FF810784
ROM:FF810784 loc_FF810784                            ; CODE XREF: sub_FF810758+38j
ROM:FF810784                 ADR     R0, aUartLoopbackSw ; "UART loopback switch ON...\n\r"
ROM:FF810788                 BL      sub_FF81070C
ROM:FF81078C                 CMP     R0, #0
ROM:FF810790                 BNE     loc_FF810784
ROM:FF810794                 ADR     R0, aUartLoopback_0 ; "UART loopback switch OFF...\n\r"
ROM:FF810798                 BL      sub_FF811C20
ROM:FF81079C                 ADR     R0, aRescueLoader ; "Rescue Loader\n\r"
ROM:FF8107A0                 BL      sub_FF811C20
ROM:FF8107A4                 BL      sub_FF8109A0
ROM:FF8107A8
ROM:FF8107A8 loc_FF8107A8                            ; CODE XREF: sub_FF810758:loc_FF8107A8j
ROM:FF8107A8                 B       loc_FF8107A8
ROM:FF8107AC ; ---------------------------------------------------------------------------
ROM:FF8107AC
ROM:FF8107AC loc_FF8107AC                            ; CODE XREF: sub_FF810758+28j
ROM:FF8107AC                 LDR     R4, =loc_FF820000
ROM:FF8107B0                 MOV     R0, R4
ROM:FF8107B4                 BL      0x1D8

ps
dumping script hangs if use it for dump from address 0xff020000.
« Last Edit: 02 / April / 2014, 09:33:24 by alvm »

*

Offline alvm

  • ***
  • 116
uart IXUS145/ELPH135
« Reply #3 on: 11 / April / 2014, 16:00:03 »


*

Offline alvm

  • ***
  • 116
Re: IXUS145/ELPH135 1.00C fw dump
« Reply #4 on: 18 / April / 2014, 11:21:55 »
UART log:

== ROM  ==
ff810000 : text start
           0x004c0d7b(4984187)
ffcd0d7b : romdata start
           0x0000dba0(56224)
ffcde91b : romdata end

Cam Log:

Erase Done. 0xff80e000

Erase Done. 0xff800000


Looks like log is placed at begin of dump (0xff800000) then bootloader at address 0xff810000  and main code at 0xFF820000. Very strange structure.

« Last Edit: 18 / April / 2014, 11:31:54 by alvm »

*

Offline fe50

  • ******
  • 3038
  • IXUS50 & 860, SX10 Star WARs-Star RAWs
    • fe50
Re: IXUS145/ELPH135 1.00C fw dump
« Reply #5 on: 02 / May / 2014, 04:16:03 »
...since this dump seems to be somewhat special - shall i add it to the dumps repository anyway ?

*

Offline srsa_4c

  • ******
  • 3171
Re: IXUS145/ELPH135 1.00C fw dump
« Reply #6 on: 02 / May / 2014, 11:25:42 »
...since this dump seems to be somewhat special - shall i add it to the dumps repository anyway ?
Unfortunately all DIGIC 4+ dumps will need to be replaced in the collection. The current dumper script doesn't dump the bootloader area (my bad...) which we definitely need. I'll post updated versions of the dumps I have.
alvm's dump is correct: starts at 0xff810000 (that's the bootloader), firmware start is 0xff820000

*

Offline fe50

  • ******
  • 3038
  • IXUS50 & 860, SX10 Star WARs-Star RAWs
    • fe50
Re: IXUS145/ELPH135 1.00C fw dump
« Reply #7 on: 30 / May / 2014, 05:46:07 »
Added the
  • IXUS 145 / ELPH 135 1.00C
full 8MB dump by alvm from this forum post to the CHDK P&S FW dumps repository.


Re: IXUS145/ELPH135 1.00C fw dump
« Reply #8 on: 03 / August / 2014, 05:34:22 »
Is there any chance i can help with ixus145 i have one and want it working.

Phil

Re: IXUS145/ELPH135 1.00C fw dump
« Reply #9 on: 03 / August / 2014, 10:57:08 »
Is there any chance i can help with ixus145 i have one and want it working.
Unless you have the skills, time, and determination to start the porting yourself,  there is nothing much you can do but wait.  If & when somebody starts a port,  being available to help testing is important, especially if it's a blind port (i.e. the person doing the port does not actually own the camera).  However, blink ports of Digic4+ cams seem unlikely at this point as they are a bit different from other already ported cameras and will need a lot more hands on testing.

link> CHDK FAQ : My camera isn't ported yet

 

Related Topics