SX720 Porting thread

  • 148 Replies
  • 34400 Views
*

Offline asm1989

  • *****
  • 527
  • SX720, SX260, SX210 & SX200
SX720 Porting thread
« on: 24 / March / 2016, 17:42:24 »
Advertisements
Here you have the first firmware dump of sx720 100E, the brand new 40X of 2016

Will start to port it, but any help will be welcome, I did one of the first ports for the sx210 and some for sx260, some time ago, so will need to  get up to date with the new digic 6 stuff and new chdk toolset

Started looking at the sx280 / sx700  & sx60 for clues

Re: SX720 Porting thread
« Reply #1 on: 24 / March / 2016, 19:14:54 »
Started looking at the sx280 / sx700  & sx60 for clues.
Good luck to you!  Don't forget the G7X port.
Ported :   A1200    SD940   G10    Powershot N    G16

*

Offline asm1989

  • *****
  • 527
  • SX720, SX260, SX210 & SX200
Re: SX720 Porting thread
« Reply #2 on: 25 / March / 2016, 04:36:47 »
Thanks waterwingz, G7X is digic7 but the same release date, may have some similarities too

*

Offline reyalp

  • ******
  • 11515
Re: SX720 Porting thread
« Reply #3 on: 25 / March / 2016, 13:39:05 »
Thanks waterwingz, G7X is digic7 but the same release date, may have some similarities too
G7X is digic 6, and has a working port in SVN, but is an older dryos version.

G7X MK2 is digic 7, and AFAIK not been released yet.

I ran your dump through the sig finder and it seems to work pretty well, although a few matches that work on other cams are missing. I'll investigate this more when I have some time.

Also notable dryos release is 58+p10. There are now cameras with several different Dryos R58 versions: G5X is 58+p3, ixus180 is 58+p7, so we may end up needing to pass the P numbers into the build process at some point.
Don't forget what the H stands for.


*

Offline asm1989

  • *****
  • 527
  • SX720, SX260, SX210 & SX200
Re: SX720 Porting thread
« Reply #4 on: 26 / March / 2016, 03:10:00 »
Thanks reyalp, is there a new version of  ida_chdk_idc_dryos_singlerun ? run the older one but not getting very useful data

*

Offline reyalp

  • ******
  • 11515
Re: SX720 Porting thread
« Reply #5 on: 26 / March / 2016, 03:34:53 »
Thanks reyalp, is there a new version of  ida_chdk_idc_dryos_singlerun ? run the older one but not getting very useful data
I'm not aware of any idc scripts for thumb2 firmware. All my work has been done with srsa's perl script and the capstone based tools I wrote.
Don't forget what the H stands for.

*

Offline asm1989

  • *****
  • 527
  • SX720, SX260, SX210 & SX200
Re: SX720 Porting thread
« Reply #6 on: 26 / March / 2016, 03:41:24 »
Ok, will look at them, they can do a full disassembly at once?

*

Offline reyalp

  • ******
  • 11515
Re: SX720 Porting thread
« Reply #7 on: 26 / March / 2016, 04:22:24 »
Ok, will look at them, they can do a full disassembly at once?
Yes. For the perl script, see the comments at the top of the script.

For the capstone tools, you must use a patched version of capstone 3.0.4. Windows library and patch in https://chdk.setepontos.com/index.php?topic=12714.msg126351#msg126351

(the fix was accepted into the current capstone dev branch, but there are other incompatibilities)

For capdis, I suggest
1) create a minimal platform tree, with makefiles
2) run make rebuild-stubs for your platform, to generate csvs and stubs_entry.S.err (because not everything will be found)
3) Rename stubs_entry.S.err to stubs_entry.S so capdis will see it.
4) run something like
Code: [Select]
./capdis.exe ../../dumps/sx720/sub/100e/PRIMARY.BIN 0xfc000000 -stubs=../platform/sx720/sub/100e -s=0xfc020001 -e=0xfc5b97a0 -f=objdump -d-const -d-addr -d-bin > ../../dumps/sx720/sub/100e/ROMCODE.DIS
This example assumes it was run from the tools directory, and in my setup where dumps are in a separate tree from the CHDK source. Adjust paths to taste. The -e address above is the address of ctypes from stubs_entry.S

This gives you a pretty complete disassembly of the ROM code, with all the functions found by the sig finder named. It will take some time to run.

There is also some code that is copied from ROM to RAM. You can disassemble these in the same way, using address ranges from stubs_entry.S, like
Code: [Select]
./capdis.exe ../../dumps/sx720/sub/100e/PRIMARY.BIN 0xfc000000 -stubs=../platform/sx720/sub/100e -s=0x010e1001 -e=0x010fce10 -f=objdump -d-const -d-addr -d-bin > ../../dumps/sx720/sub/100e/RAMCODE1.DIS

You can also use capdis to extract disassembly for use in chdk code, like
Code: [Select]
./capdis.exe ../../dumps/sx720/sub/100e/PRIMARY.BIN 0xfc000000 -stubs=../platform/sx720/sub/100e -s=task_CaptSeq -c=100 -f=chdk

I use some shell scripts to set the path options.

If you pass capdis an address rather than a function name for the start, the thumb bit (lsb) determines whether the code is disassembled as arm or thumb. Almost everything is thumb, except for some "veneers" that jump between the RAM and ROM code.

Both capdis and the perl script can produce some incorrect disassembly.  They don't automatically detect arm/thumb transitions, and because thumb2 code is variable instruction size, it can get out of alignment if there some data that would be jumped over.
Don't forget what the H stands for.


*

Offline asm1989

  • *****
  • 527
  • SX720, SX260, SX210 & SX200
Re: SX720 Porting thread
« Reply #8 on: 26 / March / 2016, 05:36:30 »
thanks reyalp

*

Offline fe50

  • ******
  • 3088
  • IXUS50 & 860, SX10 Star WARs-Star RAWs
    • fe50
Re: SX720 Porting thread
« Reply #9 on: 26 / March / 2016, 06:17:35 »
Added the
  • SX720 1.00E
full 32MB dump by asm1989 from this forum post to the CHDK P&S FW dumps repository.

 

Related Topics