supplierdeeply

Custom CHDK with Firmware Update Method?

  • 7 Replies
  • 1029 Views
Custom CHDK with Firmware Update Method?
« on: 21 / February / 2018, 08:49:54 »
Advertisements
I built CHDK on my own for my A2200 with firmware 1.00D and I will make changes to it. But I noticed the build doesn't contain PS.FI2. How can I get that file for my camera and firmware?

*

Offline momo

  • *
  • 16
Re: Custom CHDK with Firmware Update Method?
« Reply #1 on: 21 / February / 2018, 10:34:41 »
Yes, this is somewhat tricky, owing to the fact that it is not described in any sort of comprehensible way anywhere I know.

So I try to guide you, although I don’t remember/know the fine details (and they may’ve changed over time). If you don’t manage, I’ll try to look deeper, find old notes, etc.

You need the keys to enter, of course :haha The encoding keys, as FI2 is encoded.

You should’ve already learned the “dancing bits” for your camera, needed to encode diskboot. (CHDK is already ported to A2200, isn’t it?)

The quotes below are from my old notes, unchanged.

   Getting FI2 keys and producing FI2 http://chdk.wikia.com/wiki/For_Developers/fi2offsets
To create your own CHDK ps.fi2 files (e.g. with the CHDK-Shell), the OPT_FI2 option in /buildconf.inc must be turned on and the file /platform/fi2.inc must hold the keys (they are always 16 bytes long, written without any delimiter). Example:

Code: [Select]
# ifeq ($(KEYSYS), d3g) # not needed if compiling only a single cam
FI2KEY=112233445566778899AABBCCDDEEFFGG
FI2IV =112233445566778899AABBCCDDEEFFGG
# endif
   How to find keys:
Firstly, in stubs_entry.s, it may show KEYSYS such as:
//   KEYSYS = d4g                // Found @ 0xff812968
This is the address of the FI2KEY, with dancingbits immediately following

   Or, back to the basics (this is quite old, but I believe still works, at least for your camera):
https://chdk.setepontos.com/index.php?topic=2995.msg28117#msg28117
It is very easy, reference to first key located at beginning of ROMStarter (0xFFFF0004), to find second key search "RSBNE   R1, R1, #0x10" instruction in code and next function uses second key.
   (NOTE: "RSBNE   R1, R1, #0x10" opcode is 0x10106112 so you may use binary search)
(for instance, in ixus170 this instruction is at FFB9CBD4, the key at FFCC48AC)

Good luck.

Re: Custom CHDK with Firmware Update Method?
« Reply #2 on: 21 / February / 2018, 11:19:34 »
I got confused at finding keys. Any easier explanation?

*

Offline momo

  • *
  • 16
Re: Custom CHDK with Firmware Update Method?
« Reply #3 on: 21 / February / 2018, 12:16:18 »
Well let me try to rephrase ewavr’s recipe. (Please note that, for historical reasons, it is considered bad manners to discuss much of anything related to PS2 keys here in public, much less citing them.)

a)   Load you _full_ FW dump 100d into some kind of disassembler, loading address FF810000
b)   Go to FFFF0004 and find there the instruction LDR R0, =unk_FFFF350C
c)   go to FFFF350C and find there the FI2KEY, 16 bytes (dancing bits immediately following)
d)   do binary search for 0x10106112 (instruction RSBNE R1, R1, #0x10) and find it at FFB418D4
e)   go to FFB418D4 and look at the function a few instructions below, find there LDR R2, =unk_FFC1F254
f)   go to FFC1F254 and find there the FI2IV, 16 bytes


Re: Custom CHDK with Firmware Update Method?
« Reply #4 on: 21 / February / 2018, 13:13:17 »
I still couldn't understand any of that.

*

Offline srsa_4c

  • ******
  • 3688
Re: Custom CHDK with Firmware Update Method?
« Reply #5 on: 21 / February / 2018, 13:48:05 »
I got confused at finding keys. Any easier explanation?
The a2200 uses the d4c keys.
Visit this page (already mentioned). Download any of the d4c firmware dumps listed there.
Load your chosen dump in a hex editor and navigate to the offsets you found on the fi2offsets page. Extract the two 16-byte sequences from the dump and write them into platform/fi2.inc (use the fi2.inc.txt template).

*

Offline momo

  • *
  • 16
Re: Custom CHDK with Firmware Update Method?
« Reply #6 on: 21 / February / 2018, 14:05:37 »
Asdew,
Gather yourself, do your homework. See PM.

O.T.: Incidentally, could somebody enlighten me on how it is that some cams (e.g.ixus170 DigicIV+) have bootcore starting at FF81000 and not FFFF0000? Is it not against ARM specifications about the reset vectors?

The a2200 uses the d4c keys.
Visit this page (already mentioned). Download any of the d4c firmware dumps listed there.
Catch 22: there's no dump available for the d4c FW mentioned on fi2offsets page!
« Last Edit: 21 / February / 2018, 14:52:26 by momo »

Re: Custom CHDK with Firmware Update Method?
« Reply #7 on: 21 / February / 2018, 15:06:52 »
I have now PS.FI2 file and CHDK works perfectly! Thanks!


 

Related Topics