Firmware File Structure and Decrypting - DSLR Hack development - CHDK Forum
supplierdeeply

Firmware File Structure and Decrypting

  • 0 Replies
  • 3421 Views
*

ASalina

Firmware File Structure and Decrypting
« on: 13 / May / 2008, 12:06:06 »
Advertisements
flasher is to be loaded at 800000(800120).
where did you get this(FF9AB604) address?

FF9AB604 is the location (in the ROM segment disassembly) of the string "start of data"
Disassembly stops after FF9AAA54 and is interpreted as data to the end of the file
at FFFDEDC8. The disassembled portion of the file constitutes only ~25% of the whole file. I was wondering if this other 75% is the "data section" that you were referring to, and if it needs further decrypting or not. There a number of other strings at the beginning of this section but no instructions, so I can't determine what this section contains. The presence of strings indicates that at least the beginning of this section is not encrypted...

Update: After posting the message above I tried reloading the FW108.bin file starting at 800000 and everything fell into place. String references were resolved, etc. This should have been obvious to me. The flasher code, at the beginning of the FW file, resides at 800000. I haven't had a chance to check yet (two jobs leave me little free time), but I suspect that the "data section" is near the "start of data\0" string, about 25% into the file, and should be loaded at FF810000 as this is the firmware payload to be flashed into ROM.
« Last Edit: 14 / May / 2008, 00:45:56 by ASalina »

 

Related Topics