no blinking required for 2 reasons:
1) firmware update already contain partial dump of ROM(flash)
2) it is impossible to do blinking with dslr ( claim based on analysis of 20d firmware )
bad news: encryption algorithm for "new" .fir files is unknown (30D, 400D, 40D )
In fact the encryption algorithm is the same as for the IXUS cameras. The keys are different, but are known and are the same for 20D and 30D. I found a "decrypt20D.exe" somewhere on the web (the Yahoo group?) with no source. I extracted the keys from the exe and added them into a modified copy of Alex Bernstein's firmware decrypter/unpacker. The resulting program successfully decrypts a 20D firmware update.
The only difference for the 30D is that the firmware file has an extra header of 32 bytes in the beginning. Once that is skipped the rest of the files decrypts properly. It worked just fine on "30d00104.fir" and "30d00105.fir".
The source for both the 20D and 30D decrypters is attached.
you said "several firmware updates"
if someone have file with previous update before 30d00105.exe it maybe can simplify decryption
do you have it?
No need. The attached program decrypts 30d00105.fir (
http://web.canon.jp/imaging/eos30d/eos30d_firmware-e.html) just fine.
I have not done any further investigation of what the file format is but I know that the early IXUS unpacker does not work.
In plain text close to the beginning of both 20D and 30 files one can see:
"Copyright 1999-2001 ARM Limited
Copyright 1999-2001 Wind River Systems, Inc."
And later in the 20D file (20d00203.fir):
"VxWorks 5.5 VxWorks5.5 May 10 2005, 09:33:59"
And in the 30D file (30d00105.fir)
"VxWorks 5.5.1 VxWorks5.5.1 Nov 2 2005, 11:47:21"
So both are definitely using VxWorks just like all other DIGICII cameras.
Now "all" that is left to do is for someone to port the CHDK ;-)