SX280 / 275 / 270 porting

  • 322 Replies
  • 137258 Views
Re: SX280 / 275 / 270 porting
« Reply #10 on: 20 / June / 2014, 21:37:37 »
Advertisements
I have put a temporary version check into loader/sx280hs/main.c, that will need to be modified too as it only expects 102b.

I've changed the version check conditional to get around it, but haven't tested it yet.
Code: [Select]
( ( *(int*)0xfc142898 != 0x4232302e ) &&
         ( *(int*)0xfc142898 != 0x4332302e ) )

Quote
You may want to try
http://chdk.wikia.com/wiki/User:Srsa_4c/GPL:disassemblev7.pl
on the 102b and 102c dumps, and use the resulting (not perfect) disassembly listings to locate the needed functions and firmware variable addresses for the 102c firmware.
Once this step is complete, all assembly parts found in platform/sx280hs/sub/102b/ files (such as boot.c, capt_seq.c) will have to be corrected to use the 102c addresses. Of course, you'll need to work on the platform/sx280hs/sub/102c directory (start with a copy of the 102b files).
Started working on the sub/102c/stubs_min.S, but hit a few issues:
Code: [Select]
DEF(active_raw_buffer             ,0x0000a08c) // Found @0xfc13fa6c, 0xffffffff when uninited...
DEF(physw_sleep_delay                       ,0x00008330) // Found @0xfc0601f6
DEF(FlashParamsTable                        ,0xfc7313a0) // 0xfc730610 -> 0xfc7313a0

I can't make sense of what's going on at those addresses in the 102b dump...
I've stopped here since it's getting late and I'm not really sure what I'm doing. If you've got any more reading material about this, do tell :)

Andrei

*

Offline srsa_4c

  • ******
  • 3728
Re: SX280 / 275 / 270 porting
« Reply #11 on: 21 / June / 2014, 15:47:47 »
I've changed the version check conditional to get around it, but haven't tested it yet.
Code: [Select]
( ( *(int*)0xfc142898 != 0x4232302e ) &&
         ( *(int*)0xfc142898 != 0x4332302e ) )
The distant goal is to implement this somehow. That method, however, depends on the sigfinder which does not yet exist for Thumb firmware.

Quote
Started working on the sub/102c/stubs_min.S, but hit a few issues:
Code: [Select]
DEF(active_raw_buffer             ,0x0000a08c) // Found @0xfc13fa6c, 0xffffffff when uninited...
DEF(physw_sleep_delay                       ,0x00008330) // Found @0xfc0601f6
DEF(FlashParamsTable                        ,0xfc7313a0) // 0xfc730610 -> 0xfc7313a0

I can't make sense of what's going on at those addresses in the 102b dump...
In general, you should find the equivalent piece of code in both dumps. Since most parts of the firmware are unchanged, equivalent parts of the code will look very similar (you can watch neighbouring strings, references to strings, calls to certain routines, code patterns, ...). If they modified or added some code, that will add an offset to all code that is located after the modified spot. Addresses preceding the first modified spot will be (mostly?) unchanged.

Also note that the disassembly you get from that Perl script can't be used for everything. objdump will try to interpret everything as code. Due to the variable instruction length of Thumb, objdump will sometimes lose 'sync' and misinterpret a few instructions, which often includes the first instruction of some fw functions.
You also can't use this disassembly to find 'tables' of function name / function pointer pairs, and other tables like FlashParamsTable will also make no sense. You can use a hex viewer/editor for these.
This code is the same in both 102b and 102c (except for subroutine addresses):
Code: [Select]
loc_fc13fa6c: ; 2 refs
fc13fa6c: b510      push {r4, lr}
fc13fa6e: 4cdf      ldr r4, [pc, #892] ; 0xfc13fdec: (0000a080) ; ****** base address
fc13fa70: 69a0      ldr r0, [r4, #24]
fc13fa72: b928      cbnz r0, loc_fc13fa80
fc13fa74: 2000      movs r0, #0
fc13fa76: f240 123c movw r2, #316 ; 0x13c
fc13fa7a: a1d8      add r1, pc, #864 ; 0xfc13fddc: (6d497353)  *"SsImgProcBuf.c"
fc13fa7c: f112 e94a blx loc_fc251d14 ; <DebugAssert>
loc_fc13fa80:
fc13fa80: 69a0      ldr r0, [r4, #24]
fc13fa82: f112 e838 blx loc_fc251af4
fc13fa86: 07c0      lsls r0, r0, #31
fc13fa88: d005      beq.n loc_fc13fa96
fc13fa8a: 2000      movs r0, #0
fc13fa8c: f240 1242 movw r2, #322 ; 0x142
fc13fa90: a1d2      add r1, pc, #840 ; 0xfc13fddc: (6d497353)  *"SsImgProcBuf.c"
fc13fa92: f112 e940 blx loc_fc251d14 ; <DebugAssert>
loc_fc13fa96:
fc13fa96: 6860      ldr r0, [r4, #4]
fc13fa98: f02d fca3 bl loc_fc16d3e2
fc13fa9c: 68e1      ldr r1, [r4, #12] ; ****** +0xc offset
fc13fa9e: 1e40      subs r0, r0, #1
fc13faa0: 4288      cmp r0, r1
fc13faa2: d102      bne.n loc_fc13faaa
fc13faa4: 2000      movs r0, #0
fc13faa6: 60e0      str r0, [r4, #12]
fc13faa8: bd10      pop {r4, pc}
This is also the same:
Code: [Select]
NSTUB(task_PhySw, 0xfc0601f4):
fc0601f4: b510      push {r4, lr}
fc0601f6: 4c16      ldr r4, [pc, #88] ; 0xfc060250: (00008328) **** base address
fc0601f8: e008      b.n loc_fc06020c
loc_fc0601fa:
fc0601fa: 68a0      ldr r0, [r4, #8] ; **** offset
fc0601fc: f1f1 ed5a blx loc_fc251cb4 ; <SleepTask>
except for SleepTask's address:
Code: [Select]
fc0601f4: b510      push {r4, lr}
fc0601f6: 4c16      ldr r4, [pc, #88] ; 0xfc060250: (00008328)
fc0601f8: e008      b.n loc_fc06020c
loc_fc0601fa:
fc0601fa: 68a0      ldr r0, [r4, #8]
fc0601fc: f1f1 ed9e blx loc_fc251d3c ; SleepTask
I have attached my work-in-progress csv file of 102b functions (lots of made up names toward its end), can be used with this script.

An additional note: There are signs of 'size optimized' compilation in the fw which may lead to more differences than 'usual'.

edit: csv updated
« Last Edit: 12 / November / 2014, 19:10:18 by srsa_4c »

*

Offline srsa_4c

  • ******
  • 3728
Re: SX280 / 275 / 270 porting
« Reply #12 on: 23 / June / 2014, 15:40:51 »
New release with some changes:
- jogdial is now supported
- modified screen refresh method: the Canon "busy" screen is used to clear CHDK display content
   This has some side effects:
   - makes the OSD editor is unusable (screen refresh is asynchronous, erases everything)
   - it's slow under certain circumstances (in Canon menu, in the animated image selector in playback mode, etc...)
- the "misc values" debug display is now at a sane position
- native calls in scripts should now (mostly?) work

edit: be sure to read the notes in the first post of this thread.

edit2:
attachment removed
* chdk_sx280_sx275_sx270_102b_prealpha2.zip (656.98 kB - downloaded 13 times.)
« Last Edit: 09 / July / 2014, 14:23:13 by srsa_4c »

*

Offline Raj

  • *
  • 3
Re: SX280 / 275 / 270 porting
« Reply #13 on: 25 / June / 2014, 03:18:42 »
Hello,
Is there any way I can downgrade my firmware from 102C to 102B, I need CHDK on my SX280HS for a project urgently.
Also I will be happy to test / upload dumps etc.

Hoping CHDK will be released soon for 102C firmware.

Thanks in advance,
Raj

P.S. I am new to CHDK


Re: SX280 / 275 / 270 porting
« Reply #14 on: 25 / June / 2014, 07:29:48 »
Hi Raj,

I had the same question a few days ago, I'll quote waterwingz answer here:

I bought a sx270hs a few days ago. I'm very interested in the port, but it seems Canon shipped it with firmware version 102c (1.0.2.0) so I'm unable to test this build. Is it possible to downgrade somehow?
There is no way to downgrade.  In fact,  Canon seldom even allows you to upgrade when they produce a new rev of their firmware.

However, it's not all bad news.  Sometimes two firmware versions can use the same CHDK port - but almost always only if they have sequential revision numbers (like yours).   And if not, it's pretty easy these days for someone to produce a new port once the first one for a camera model is finished.

What is needed is a firmware dump.  Either to check and see if the versions are compatible or to be used in producing a new port.  If you feel up to taking the first step, here's the instructions : http://chdk.wikia.com/wiki/Canon_Basic/Scripts/Dumper .  Before you start though,  you might want to wait and see if srsa_4c posts any caveats.

I have a sx270hs with firmware revision 102c, a firmware dump from your camera would help us confirm they are indeed using the same firmware. I'm also trying to port srsa_4c's work to the 102c firmware revision, but this is the first time I'm doing it so there are no guarantees I'll succeed :)

Cheers,
Andrei

Re: SX280 / 275 / 270 porting
« Reply #15 on: 25 / June / 2014, 08:26:05 »
Hello,
Is there any way I can downgrade my firmware from 102C to 102B, I need CHDK on my SX280HS for a project urgently. Also I will be happy to test / upload dumps etc.  Hoping CHDK will be released soon for 102C firmware.
If you need CHDK for a project urgently, using a currently unported camera is not a good idea.  And using a DIGIC6 camera like the SX280 is really bad idea given that it is so different from other ported CHDK cameras.

link> CHDK FAQ : My camera isn't ported yet

I have a sx270hs with firmware revision 102c, a firmware dump from your camera would help us confirm they are indeed using the same firmware.
We don't actually need additional firmware dumps once we have the first one for each firmware version.  All you need to confirm is that your camera firmware versions are the same : ACID

Ported :   A1200    SD940   G10    Powershot N    G16

*

Offline srsa_4c

  • ******
  • 3728
Re: SX280 / 275 / 270 porting
« Reply #16 on: 25 / June / 2014, 15:52:52 »
We don't actually need additional firmware dumps once we have the first one for each firmware version.
Since we're talking about the 102c revision firmware of two different models (sx270 vs sx280), I'd like to be certain that they are the same (they most likely are, but who knows).
If we won't get a dump to confirm the match, the first test version could include a firmware checksum check.

*

Offline Raj

  • *
  • 3
Re: SX280 / 275 / 270 porting
« Reply #17 on: 26 / June / 2014, 08:45:15 »
Canon PowerShot SX280 HS
P-ID:325F NT D
Firmware Ver GM1.02C(1.0.2.0)
Adj Ver.012.010
Serial No. 712054xxxxxx

Dump file:
https://www.sendspace.com/file/amzcaz

Hope its useful.
I will try to exchange / buy a CHDK supported camera for my project.


*

Offline srsa_4c

  • ******
  • 3728
Re: SX280 / 275 / 270 porting
« Reply #18 on: 26 / June / 2014, 12:07:17 »
Canon PowerShot SX280 HS
P-ID:325F NT D
Firmware Ver GM1.02C(1.0.2.0)
Adj Ver.012.010
Serial No. 712054xxxxxx

Dump file:
https://www.sendspace.com/file/amzcaz

Hope its useful.
It is, thank you. The match is confirmed, fw 102c is the same for both sx270 and sx280.

Re: SX280 / 275 / 270 porting
« Reply #19 on: 28 / June / 2014, 12:59:53 »
Hello,

will there be a version for firmware version 102C?

Thank you.

 

Related Topics