Hello, I just dumped the firmware from my G1X mark ii. I am ready and willing to learn how to assist with the porting of this firmware if someone is able to assist. Here is the link to the firmware I dumped:https://www.dropbox.com/s/w8ehxhz7mx5juwx/PRIMARY.BIN?dl=0
Gonna look over this wiki page tomorrow and the weekend to get started with analyzing the FW binary:https://chdk.fandom.com/wiki/Adding_support_for_a_new_camera
Welcome, and thanks for posting that. It's firmware 120a, which I haven't seen before. A dump of 101a was posted previously.
That's a good starting point, but beware some of it is outdated, and some digic 6 specifics aren't covered.I highly recommend Ghidra https://chdk.fandom.com/wiki/Firmware_analysis_with_Ghidra for firmware analysis.The digic 6 page also covers some other digic 6 specific tools https://chdk.fandom.com/wiki/Digic_6_PortingThis should be a fairly straightforward port. I've included the 101a firmware in my sig finder test set for a long time, so that should work pretty well. G1X II uses DryOS 54p3. SX700 is the only existing port with this version, so would be a good candidate for a reference port.
StartedFC000000 drydone
Do you have a link to where the dump of the 101a version is? I haven't seen anything for the mark ii in my search and I probably would have tried to rollback my firmware to an older version to give this a shot before going down the rabbit hole of porting a whole new firmware. Also, it's possible that the 101a is only for the mark i version, I don't see it on the list of available firmware for the mark ii.
Thanks for the pointers, I struggled a bit trying to decompile the firmware last night. I tried using the latest freeware version of IDA by hex-rays (https://www.hex-rays.com/products/ida/support/download_freeware/) but I ran into a wall when trying to navigate the updated ui. I don't think this version supports ARM processors.
Also, if anyone else wants to start inspecting the firmware, I think the contents of the "CBDUMPER.LOG" might be useful to locate an entry point:
make PLATFORM=g1x2 PLATFORMSUB=120a rebuild-stubs
make PLATFORM=g1x2 PLATFORMSUB=120a \ TARGET_PRIMARY=/path/to/PRIMARY.BIN \ OPT_CAPSTONE_TOOLS=1 \ CAPSTONE_TOOLS_INC=-I/usr/include/capstone/ \ CAPSTONE_TOOLS_LINK=-lcapstone rebuild-stubs
sudo apt install gcc-arm-none-eabisudo apt install libcapstone-dev
I was able to follow the steps here to get the firmware analyzed using Ghidra: https://chdk.fandom.com/wiki/Firmware_analysis_with_GhidraUltimately getting towards a buildable and testable package that I can install on a SD card and test out on my camera would be nice to get to this weekend.
It only worked when I added some additional params like this:Code: [Select]make PLATFORM=g1x2 PLATFORMSUB=120a \ TARGET_PRIMARY=/path/to/PRIMARY.BIN \ OPT_CAPSTONE_TOOLS=1 \ CAPSTONE_TOOLS_INC=-I/usr/include/capstone/ \ CAPSTONE_TOOLS_LINK=-lcapstone rebuild-stubs
Code: [Select]sudo apt install gcc-arm-none-eabisudo apt install libcapstone-dev
Once installing these packages I was able to get the make command working. Importing the resulting files into the Ghidra was pretty straightforward, although I don't fully understand all the finer details regarding what I was doing.
Which CHDK source branch are you using?
You should check that the arm gcc version is one of the supported versions (4, 5, 8, 9 or 10), otherwise you might end up with a build that doesn't work. The trunk makefiles should check this. IIRC, the version supplied by ubuntu 20.04 is 6, which I think had problems (but I don't recall the details.)
g1x2-120a-1.6.0-5729.zipg1x2-120a-1.6.0-5729-full.zip
So I wasn't able to work on this over the weekend, however I was able to dig into the build process a bit today. Currently I am able to build the CHDK firmware for my camera using WSL running Ubuntu 20.04 without errors. I end up with two zip files in the bin directory:Code: [Select]g1x2-120a-1.6.0-5729.zipg1x2-120a-1.6.0-5729-full.zipHowever, when unpacking the generated firmware packages onto a SD card prepared for booting, I am unable to get some sort of response from the camera. I suspect I am missing something in the firmware config or code to properly hijack the boot process, but I am not sure yet what that might be. There are some documents which detail the boot procedure more which I might dig into to better understand how CHDK intercepts and injects it's own boot procedure.
Quote from: reyalp on 06 / February / 2021, 01:05:51Which CHDK source branch are you using?I am using the 1.6 version (which is the trunk, I think?).
gcc --version indicates I am using version 9.0.3
Most of the code I have in the platform/g1x2 and platform/g1x2/sub/120a directories is simply a copy+pasta of the code found in the "sx700hs" locations. This might also be the reason nothing happens when I try to load the firmware from the SD on boot.
I think blinking an LED would be a great next step here, so I will look over some of the forum posts that aim to help with that. Any other feedback is greatly appreciated. Cheers!
Started by alphalx DSLR Hack development
Started by netsky1 Firmware Dumping
Started by macielbassp General Help and Assistance on using CHDK stable releases
Started by c_joerg Firmware Dumping
Started by Dave92F1 General Help and Assistance on using CHDK stable releases