40D Disk Dumping. More Trials

mx3

Re: 40D Disk Dumping. More Trials

« Reply #40 on: 11 / June / 2008, 10:19:40 »

Advertisements

Quote from: theDarkHorse on 11 / June / 2008, 10:15:51

I've got a 40D with firmware 1.0.8, just asking whether mx3's dumper will still work with that just by changing the path, considering [someone said before] the flasher was the same in 1.0.5 as 1.0.8.

it will work.
my point was not to begin serious development on 105 because it would not work on 108 cameras

Logged

skype: max_dtc. ICQ: 125985663, email: win.drivers(at)gmail, eVB decompiler

ASalina

Publish

Re: 40D Disk Dumping. More Trials

« Reply #41 on: 11 / June / 2008, 10:21:51 »

Quote from: mx3 on 11 / June / 2008, 10:12:06

by the way

what are you doing?
trying to make something working with current firmware.

suppose you have something working.
what will owners of cameras with 108 firmware do?

I suppose you're right. I was waiting to upgrade my firmware until I had read reports from others, but I can upgrade and do another dump.

(I hope canon doesn't come out with 1.0.9 next week. :-))

Logged

mx3

Publish

Re: 40D Disk Dumping. More Trials

« Reply #42 on: 11 / June / 2008, 11:41:06 »

i still waiting for 108 dump...

Logged

skype: max_dtc. ICQ: 125985663, email: win.drivers(at)gmail, eVB decompiler

ASalina

Publish

Re: 40D Disk Dumping. More Trials

« Reply #43 on: 11 / June / 2008, 11:49:36 »

108 is installing as I type this....

Logged

ASalina

Publish

Re: 40D Disk Dumping. More Trials

« Reply #44 on: 11 / June / 2008, 11:59:00 »

RapidShare: Easy Filehosting

Logged

_MAG_

Publish

Re: 40D Disk Dumping. More Trials

« Reply #45 on: 11 / June / 2008, 12:21:25 »

ASalina - now i dont have digital camera and dont do dump self.
it is dump memory with loading OS right? Idea. If we do 3 different dump we found some differense right?
1 - date/time now. Need found and ignore this data
2 - compare dump with lens in AF mode and nonAF mode we found byte writen in mem. Like NonAfMode = 1 ot something line this.
3 - compare dump with lens and without lens we found data writen in mem contain LensData, LensId and outher parameters.
if we found data and know mem adress when their writen we can do small software who writes this data whithout lens. If their work (you can test - need only isolate all contacts in lens) we can use all lens with adapter whithout confirmation chip.
If we dont have mem adress we know what data need to transfer using function. In this dump i found strings like RequestLensData, RequestLensId so we can write function who send propper respond for this Request. Its all what i with todo.

hmm intrestuing function:
P_GetSLensData
CheckLensInfo
LensRequest
LensStatus

« Last Edit: 12 / June / 2008, 01:27:11 by _MAG_ »

Logged

Seklth

54
400D

Publish

Re: 40D Disk Dumping. More Trials

« Reply #46 on: 22 / June / 2008, 15:26:02 »

ASalina you can post you project, what dump to disk?

Logged

ASalina

Publish

Re: 40D Disk Dumping. More Trials

« Reply #47 on: 22 / June / 2008, 17:00:08 »

Quote from: Seklth on 22 / June / 2008, 15:26:02

ASalina you can post you project, what dump to disk?

With mx3's help I dumped version 1.0.5 and 1.0.8 40D firmware to a file on the CF card by modifying the flasher code and re-encrypting it. I did an update with this modified flasher so that instead of installing the new firmware it wrote a copy of ROM to the CF card.

I can dump any part of memory with this method, but it is an image of memory while in update mode, not regular running OS mode, so it is of limited use to dump RAM this way.

I've posted links to the dumps in other threads, and lists of function names using your IDC scripts.

Logged

Seklth

54
400D

Publish

Re: 40D Disk Dumping. More Trials

« Reply #48 on: 22 / June / 2008, 17:13:30 »

I have 400D)

i want to see correct code, what dump disk) it is 40D Disk Dumping. More Trials + change 40D Disk Dumping. More Trials , ok?

Logged

ASalina

Publish

Re: 40D Disk Dumping. More Trials

« Reply #49 on: 22 / June / 2008, 22:44:18 »

Quote from: Seklth on 22 / June / 2008, 17:13:30

I have 400D)

i want to see correct code, what dump disk) it is 40D Disk Dumping. More Trials + change 40D Disk Dumping. More Trials , ok?

Here is the code I used to get the dump:

Code: [Select]

#define FW_ADDRESS      0xFF810000
#define FW_SIZE         0x800000

#define LEDBLUE         0xC02200E8

#define O_WRONLY        1
#define O_CREAT         0x200


typedef int (*ft_open)(const char *name, int flags, int mode);
typedef int (*ft_close)(int fd);
typedef int (*ft_write)(int fd, void *buffer, long nbytes);
typedef int (*ft_creat)(char *nm,int flg);


int main()
{

        ft_open open;
        ft_creat create;
        ft_write write;
        ft_close close;
        int f = 0;


        open =(ft_open)  0x00989A34;
        create = (ft_creat) 0x00989A44;
        write=(ft_write) 0x00989534;
        close=(ft_close) 0x009896A0;


        f = open("A:/DUMP.DMP", O_CREAT|O_WRONLY, 0777);
        if (f>=0){
                write(f, (void*)FW_ADDRESS, FW_SIZE);
                close(f);
        }else{
                *((int *)LEDBLUE) = 0x46; //ON
        }


        while(1){

        }

        return 0;
}

Get mx3's RAR archive from this posting: code you HAVE RUN on your dslr It has the other programs to patch the firmware. The code above is an updated inject_code/dumper2/main.c

Logged