1) Exposing CHDK Lua to an un-trusted network is extremely insecure. Even with the "native calls" option disabled, there are trivial RCEs, and with RCE you can brick or modify the firmware. This is not a problem with your tool, it's fine to use on localhost or on your home wifi, but users should be warned.
2) https://github.com/5up3rD4n1/chdkptp.py seems to be based on an old, no longer updated version of chdkptp. However, it relies on a patch to run as a shared object, so it might not be trivial to update. In any case, as long as there's no features or bug fixes you need, it's fine.
3) The calls to things like post_levent_to_ui(0x11ea,1) and call_event_proc("PTM_SetCurrentItem",0x80b8,2) make the tool camera specific. In particular, the PTM_ functions are quite dangerous and could potentially corrupt flash parameters if used on the wrong camera. call_event_proc also requires native calls enabled on the camera (enabled by default in chdkde builds, but not the official autobuild). I'd suggest checking that the camera is an M10 (USB product ID == 12960) and refuse to run or disable those functions if not. You could also use chdkptp connect options to only match that PID.
Thanks, yes you are definitely right on everything. Sorry I wrote quickly the post and I didn't point out the weakness.
True, but is there something better? I found everything about talking with the ptp protocol of chdk very complicate to do with Python. Maybe I should write a native library to do it.
Ok, I will add this check. I use that function for the zoom functions, I haven't find a better way to do it, especially for the 10x.
I am open to change the call with something less camera-dependent if it is possible. I think that also the get_live_view function is very camera specific, but maybe it can be abstracted better.
Started by axman « 1 2 3 » Firmware Dumping
Started by axman « 1 2 ... 32 33 » DryOS Development
Started by burglar Creative Uses of CHDK
Started by reyalp DryOS Development
Started by David475 DryOS Development