Search results of A720IS-100C.bin using khexeditor on Linux. (Allows case insensitive searches of binary files.)
Word/ Result
Davinci: not found
ARM: ARM Library runtime error, armlib,
DRYOS: DRYOS version 2.3 release #0023
VxWorks: not found
copyright: Copyright (C) 1997-2007 by CANON Inc.
Wind: no matches outside of windows.
River: no matches outside of driver.
Monta: not found
Sun: no matches outside of Sunday
Java: no matches
gcc: no matches
linux: not found
kernel: found twice, nothing interesting
link: dwLinkList.c: this is very interesting !
compile: no found
Texas: not found
TI: too many matches to search
Device: lots of matches
Jdata: lots of matches
OS: lots of matches, non interesting.
Motorola: no matches
.c: lots of matches. Very interesting
Thermometer.c ! Do these cameras have a thermometer in them ? Does the image noise reduction algorithm change or maybe the CMOS sensor gain voltage ? Very interesting.
I am surprised to see so many .c function names embedded in the firmware. Is it possible that Canon ships debug stuff in their production code ? The A720 is a DryOS/ Digic III camera... are the VxWorks/DigicII cameras similar ? (I guess I could search them myself...)
Watchdog.c.: The processor has a watchdog !
AFDataManager.c: When I see things like this in the firmware I get the feeling that we are not starting at ground zero deciphering things. There look to me to be debug hooks written into the firmware. Much better than starting with a totally unknown function.
SingleAF.c: What do you think that does ? :smile AFParam.c ? AFCalc.c ?
DirectTransfer20.c. Huffman.c: probably a compression algorithm.
MakeBootDisk: ?
Script.c ?
DesignInfo.c ? I'd love to see what happens when you call that. Spit out the processor data ?
FirmwareVersionDialog.c: Guess what that does ! Wow, I am impressed to see all these hooks in the code.
EXPLock.c ?
Its clear to me that this code is written in C. I see things like %s = NULL %s = %s%2d.%03d, etc. Those look like printf format strings (or fprintf, etc.)
CDSGain.c: hmmm...
There are tons and tons of .c words in the firmware.
Write: write in memory, UIFS_WriteFirmInfoToFile: dump the firmware to a file ?
ExecuteFactoryResetWithROMWrite !
Write to ROM.
ROMWRITE.BIN
UPGRADER.BIN
FIle: lots of matches. I wonder if they could be used for a firmware dumping routine ?
Assert: this code has 5 assert statements in it. Clearly some debugging hooks have been left in.
Javelle: nothing found
h3a: nothing found
VPFE: nothing found
Other keywords found:
setLClk36MHz, setHCLK18MHz, setLClk72MHz. The significance of these words is yet to be determined. It appears that the TI chips use a setable clock for marching the data off the sensor. This might be a clue, but maybe other systems use the same clock.
This is a very interesting exercise. I'll leave it there for now.
