HF10 & HV30 (Digic DV II) decrypted!

  • 212 Replies
  • 65566 Views
Re: HF10 & HV30 (Digic DV II) decrypted!
« Reply #70 on: 16 / August / 2008, 16:17:55 »
Advertisements
HF100 / HF10 Firmware Decryptor and Encryptor based on source code from Wiesel (dhf10.c)

- Very very very slow (you should compile Wiesel's version if you want speed)
- User friendly
- Both GUI and command line ( for command line parameters type hf10x /? )
- Written using Autoit v3 (http://www.autoitscript.com/autoit3/)

Note : There is no option to omit the unencrypted file header in the GUI (use command line parameters instead)

P.S. GUI has a separate button for Encryption and Decryption to make it more user friendly. The algorithm is actually the same (XOR based) ...

P.S. Using this tool, the possible location of video compression bitrates are located at offset 0x66BD18
« Last Edit: 16 / August / 2008, 16:38:43 by mkhozi »

Re: HF10 & HV30 (Digic DV II) decrypted!
« Reply #71 on: 16 / August / 2008, 23:49:06 »
Modified firmware version from 1.0.1.0 to 1.0.0.0 at offset 0x10000 then tried to update HF100 camcorder.

Result : not allowed, firmware already up to date ... the exact wording was "updated already version 1.0.1.0"

P.S. "updated already" is located at offset 0x1891E3 and 0x786E35 so there is a good chance the version check function is part of the firmware update file.
« Last Edit: 17 / August / 2008, 08:52:20 by mkhozi »

Re: HF10 & HV30 (Digic DV II) decrypted!
« Reply #72 on: 17 / August / 2008, 01:15:16 »
Quote
P.S. "updated already" is located at offset 0x1891E3 and 0x786E35 so there is a good chance the version check function is part of the firmware update file.

That would be Massive. If so - there's a likely chance that we can bypass the checking function and have an easier life switching firmware Aye?
« Last Edit: 17 / August / 2008, 01:31:33 by Soultrape »

Re: HF10 & HV30 (Digic DV II) decrypted!
« Reply #73 on: 17 / August / 2008, 05:50:20 »
Modified firmware version from 1.0.1.0 to 1.0.0.0 at offset 0x10000 then tried to update HF100 camcorder.

Result : not allowed, firmware already up to date ... the exact wording was "updated already version 1.0.0.0"

So, you have the 1.0.0.0 firmware on your cam? That's great, you could find out for us how the firmware version is handled. If you change the version info at 0x10000 to 1.0.0.1 your cam will upgrade - and if it then shows 1.0.1.0 as firmware version we know that the actual version number that is used to compare with an eventual firmware upgrade file is stored somewhere else. If it shows 1.0.0.1 after the upgrade, you could just upgrade to the official 1.0.1.0 fw and have an official firmware version - and we know how the fw version info is handled. I can't test that because I already have the 1.0.1.0 fw on my cam. I hope that makes sense?!

Btw, again, can you please tell me how you calculate the Mbps values from the hex values... e.g. how do you get from 0x3E1C to 15.9?


Re: HF10 & HV30 (Digic DV II) decrypted!
« Reply #74 on: 17 / August / 2008, 09:02:48 »
Sorry my bad, made a typo, my camera also has 1.0.1.0 firmware. The message displayed was "updated already version 1.0.1.0" when I inserted the modified firmware (modified firmware version at offset 0x10000 from 1.0.1.0 to 1.0.0.0 using hex edit)

As for the bitrates, please have a look at my original message - it's been edited a couple of days ago...

Page 36 of HF100 / HF10 manual states that the camera uses VBR (variable bitrate)

Bitrates are 2 byte Big-Endian. Example 0x4650 = 18000 Kbps = 18 Mbps

For simplicity, some of the values have been rounded off ...

0x3E1C = 15900 Kbps = 15.9 Mbps

(use windows calculator, change View settings to Scientific, change mode to Hex, type 3E1C, change mode to Dec(imal), divide by 1000, result is bitrate in Mbps)


Re: HF10 & HV30 (Digic DV II) decrypted!
« Reply #75 on: 17 / August / 2008, 11:37:12 »
Omg it's so easy, thanks :) I tried all kinds of fixed and floating point representations forgetting about integers :blink:

I'd try upgrading to a bitrate-modified fw if I knew that the version number stays at 1.0.1.0 even if the fw file header gets modified.
Is there no one with a 1.0.0.0 cam who wants to find out for us how the version number is stored? I'm pretty sure it won't do any harm to the cam.

*

Offline cail

  • *
  • 49
Re: HF10 & HV30 (Digic DV II) decrypted!
« Reply #76 on: 17 / August / 2008, 16:45:22 »
Wiesel, is my understanding correct, that even if you manually change version f.e. to 1.0.2.0 - your cam still says "firmware already upgraded?", so you can't reload it?
Or, you just don't want to hijack it to 1.0.2.0 to avoid potential warranty breakage?

Re: HF10 & HV30 (Digic DV II) decrypted!
« Reply #77 on: 17 / August / 2008, 16:55:17 »
Wiesel, is my understanding correct, that even if you manually change version f.e. to 1.0.2.0 - your cam still says "firmware already upgraded?", so you can't reload it?
Or, you just don't want to hijack it to 1.0.2.0 to avoid potential warranty breakage?

Yes I don't want to void my warranty.

If your want to update with a firmware that is less or equal to the version that you currently have, it says "already upgraded" or something like that. If the version if the update file is higher (manual change), then it asks if I really want to upgrade VX.X.X.X to VY.Y.Y.Y which I have to confirm. I never confirmed it so actually I don't know if it really upgrades but it seems so.


Re: HF10 & HV30 (Digic DV II) decrypted!
« Reply #78 on: 18 / August / 2008, 03:14:06 »
Quote
If your want to update with a firmware that is less or equal to the version that you currently have, it says "already upgraded" or something like that. If the version if the update file is higher (manual change), then it asks if I really want to upgrade VX.X.X.X to VY.Y.Y.Y which I have to confirm. I never confirmed it so actually I don't know if it really upgrades but it seems so.

If this is true, it means we can test infinite # of firmware updates yes? with every new test, crank up the firmware #, and update.

We need a HF100 to test ey? I'll try to push the forum guys to have us get a used one from eBay, it doesn't seem finding broken units is easy.

Re: HF10 & HV30 (Digic DV II) decrypted!
« Reply #79 on: 18 / August / 2008, 04:01:04 »
If this is true, it means we can test infinite # of firmware updates yes? with every new test, crank up the firmware #, and update.
Not infinite but yes, it would be like that (256^4 minus a few hundred). Still I'd like to avoid increasing the fw number with every try... I'm not sure if the warranty will still be valid if you send in a broken cam with firmware version 3.65.9.238 ;)

That's why it would be cool if someone with a 1.0.0.0 cam could test it (no Japanese users here?). If it shows the modified version number after the upgrade (e.g. 1.0.0.1) and not the real one, he could still upgrade to 1.0.1.0 and have an "official number" and wouldn't loose anything by this test.
« Last Edit: 18 / August / 2008, 04:03:58 by Wiesel »

 

Related Topics