Why a base64 blinker? I just output every bit and a checksum every 1024 bytes. I just let my cam work for a couple of hours and after that I was rewarded with a full dump of my camera's firmware. Just do that and we can figure out the decryption later
I don't know why owerlord is using base-64. I think it's part of something much bigger than what I'm trying to do.
It'll still be very hard, though, since the XOR tables aren't the same length and 'rotate over eachother'.. Maybe it's easier to just find them in the fw
If I can dump the whole firmware from ROM then we won't need decryption at all.
I had no luck capturing data from the serial port, but the audio port method is working well (I need to aim the photodiode better to get a stronger signal). I'm just not sure what timings to use to get optimum reliable throughput, and then how to convert the raw audio data into a dump. I've been looking at the source for adc and dec, and figure that's the best way to go (I'll have to port the code to this linux box, though).
BTW: I don't know if you've been following the discussion, but I think I've finally resolved the linker option problem in my Makefile for mkfir, etc.
I'm now using -Wl,-N,-Ttext,800120 in the link command for programs that run on the camera. I was getting strange results with -fPIC for relocatable code output. Since the original flasher is getting loaded at 0x00800000 (
header included) and the header is 0x120 bytes long, then 0x00800120 is the start of the text section of the actual program.
(EDIT: And that's pretty much what owerlord was saying)
It seems to work reliably so far, and it conforms to the offset in the header.