How to get started? - DSLR Hack development - CHDK Forum

How to get started?

  • 6 Replies
  • 10801 Views
How to get started?
« on: 23 / May / 2008, 21:14:58 »
Advertisements
I've been reading this board for about a week now and see a lot of progress happening. What's the best way to get started on other cameras like the 350D? Is there something I should read to determine what we're trying to find and what kind of tools I need and steps to try to catch up to the current status?

Re: How to get started?
« Reply #1 on: 21 / June / 2008, 14:57:04 »
I'd like to know also how to start with a canon 5d. I guess it's similar to a 20d... I tried the 20d decrypt program on a 5d firmware, but I don't see any usable text in it.

*

ASalina

Re: How to get started?
« Reply #2 on: 21 / June / 2008, 17:32:17 »
I'd like to know also how to start with a canon 5d. I guess it's similar to a 20d... I tried the 20d decrypt program on a 5d firmware, but I don't see any usable text in it.

Grab the mx3's EOS tools from this posting:
Any developers interested in working on CHDK firmware for DSLRs ?
and give decrypt_fw2.exe a try.

Re: How to get started?
« Reply #3 on: 21 / June / 2008, 17:57:52 »
I could decrypt the firmware.. it's more readable now.. Now i'm trying to get it loading in IDA, only it doesn't reconize it.
I attached the binary what I compiled from the source that was posted.


I found also the SDK for all canon camera's... maybe it's handy.

I'll just copy&paste the whole thing what I found:

Canon PowerShot Remote Capture SDK (PS-ReC v1.1.0d)
Supported Cameras (European model names are listed):
PowerShot G9
PowerShot SX100 IS
PowerShot S5 IS
PowerShot G7
PowerShot A640
PowerShot S3 IS
PowerShot S80
PowerShot A620

RapidShare: Easy Filehosting
PS-ReC SDK v1.1.0d.rar
stream.ifolder.ru: ?????????? ?????? iFolder & Stream

Canon Digital Camera SDK (CD-SDK v7.3)
Supported Cameras (European model names are listed):
PowerShot Pro1
PowerShot G6, PowerShot G5, PowerShot G3, PowerShot G2, PowerShot G1
PowerShot S2 IS, PowerShot S1 IS
PowerShot S70, PowerShot S60, PowerShot S5, PowerShot S45, PowerShot S40, PowerShot S30
PowerShot Pro90 IS
PowerShot A95, PowerShot A85, PowerShot A80, PowerShot A75, PowerShot A70, PowerShot A60
PowerShot A520, PowerShot A510
PowerShot A40, PowerShot A30, PowerShot A20, PowerShot A10
PowerShot A400, PowerShot A310, PowerShot A300, PowerShot A300, PowerShot A100
DIGITAL IXUS 500, DIGITAL IXUS 400, DIGITAL IXUS 430
DIGITAL IXUS 330, DIGITAL IXUS 300, DIGITAL IXUS
DIGITAL IXUS v3, DIGITAL IXUS v2, DIGITAL IXUS v
DIGITAL IXUS IIs, DIGITAL IXUS II

RapidShare: Easy Filehosting
CD-SDK v7.3.rar -  SDK
stream.ifolder.ru: ?????????? ?????? iFolder & Stream

Canon Digital EOS SDK (ED-SDK v2.3)
Supported Cameras (European model names are listed):
EOS 450D
EOS 1D Mark II
EOS 20D
EOS 1Ds Mark II
EOS 350D
EOS 5D
EOS 1D Mark II N
EOS 30D
EOS 400D
EOS 1D Mark III
EOS 40D
EOS 1Ds Mark III

RapidShare: Easy Filehosting
ED-SDK v2.3.rar -  SDK
stream.ifolder.ru: ?????????? ?????? iFolder & Stream
« Last Edit: 21 / June / 2008, 18:01:46 by maniax »


*

ASalina

Re: How to get started?
« Reply #4 on: 21 / June / 2008, 18:34:06 »
Look in dissect_fw2_5d/dissect_fw2_5d.c. That will let you break apart the decrypted .fir file into:

File Header -- Overall header which describes the .fir file
Flasher Code -- Code that installs the Firmware Payload
Firmware Header -- Describes the Firmware Payload
Firmware Payload -- The New Firmware to be installed

Once you've done that you can try to load the Flasher Code
into IDA.

Re: How to get started?
« Reply #5 on: 22 / June / 2008, 06:04:03 »
Hmm,
I got indeed some files now.

Also some files called MPU Firmware. It contains only numbers and letters. I guess these are instructions for the CPU or something?

I came across also the text "Canon PowerShot G4" in the 5d firmware... the weird thing is the the G4 never existed, canon jumped from the g3 to the g5 back in 2003.

How do you encrypt the firmware back if you change it? ..and maybe a silly question, but exist there an 'eos emulator' or vxworks for arm processors to check what happens with a modified firmware without having the risk to destroy your cam?

*

ASalina

Re: How to get started?
« Reply #6 on: 22 / June / 2008, 07:53:40 »
Hmm,
I got indeed some files now.

Also some files called MPU Firmware. It contains only numbers and letters. I guess these are instructions for the CPU or something?

Probably instructions for the MPU.

Quote
I came across also the text "Canon PowerShot G4" in the 5d firmware... the weird thing is the the G4 never existed, canon jumped from the g3 to the g5 back in 2003.

Strange. The programmers at Canon seem to have a sense of humor. References to "Ring" and "Rasen" in other firmware are both popular novels (and movies) in Japan, so maybe the G4 reference is a joke. I don't know.

Quote
How do you encrypt the firmware back if you change it? ..and maybe a silly question, but exist there an 'eos emulator' or vxworks for arm processors to check what happens with a modified firmware without having the risk to destroy your cam?

If you need to re-encrypt the firmware you can use the same program you used to decrypt it with. The algorithm works both ways.

But remember that CHDK works with unmodified firmware. It is an addition to the existing firmware rather than a replacement for it.

See the thread code you HAVE RUN on your dslr to see where owerlord is at in getting programs to run off of the CF card on his 400D.

 

Related Topics