Olympus FW analysis

kLOTTiS

5

Re: Olympus FW analysis

« Reply #10 on: 12 / June / 2008, 07:09:49 »

Advertisements

sorry i dont understand that post

i think maybe im tired

Logged

mx3

372

Re: Olympus FW analysis

« Reply #11 on: 12 / June / 2008, 09:34:10 »

Quote from: kLOTTiS on 12 / June / 2008, 07:09:49

sorry i dont understand that post i think maybe im tired

my native language - russian so there are can be my mystakes

I meant You know the name of BIN file how it was downloaded from WEB serer.
Olympus Master places it into camera.
I'm sure it copy it over USB with the name wich is different from original one (FAT system. Long names. it is a hunch)

I'm sure name must be short and the same for different updates.
the only way to found out it - analyse FW file (disassemble it)
anyway we are speaking about "Plan A" - placing modified firmware into camera.
do you have already update file wich you would like to test?

Logged

skype: max_dtc. ICQ: 125985663, email: win.drivers(at)gmail, eVB decompiler

mx3

372

Re: Olympus FW analysis

« Reply #12 on: 12 / June / 2008, 11:26:40 »

Quote from: kLOTTiS on 12 / June / 2008, 06:59:31

ive started to try dissasemble it with IDA but am still learning the program

it seems olympus uses common EXE format - ELF.
placing it into IDA gives you all information - including DEBUG info.
canon geeks newer had such chance

Update:
IDA disassembled it in two seconds....

PS: I loaded first ELF

« Last Edit: 12 / June / 2008, 11:30:52 by mx3 »

Logged

skype: max_dtc. ICQ: 125985663, email: win.drivers(at)gmail, eVB decompiler

kLOTTiS

5

Re: Olympus FW analysis

« Reply #13 on: 13 / June / 2008, 00:04:35 »

Quote from: mx3 on 12 / June / 2008, 09:34:10

I meant You know the name of BIN file how it was downloaded from WEB serer.
Olympus Master places it into camera.
I'm sure it copy it over USB with the name wich is different from original one (FAT system. Long names. it is a hunch)

I'm sure name must be short and the same for different updates.
the only way to found out it - analyse FW file (disassemble it)
anyway we are speaking about "Plan A" - placing modified firmware into camera.
do you have already update file wich you would like to test?

oh yes ok i understand now, would it help formatting it to fat32 or will that not make a difference? i dont think it will because as you say olympus master will rename it to something shorter to update.

i do not have an update to test yet though, i was just thinking ahead incase we cant reupload it. because if we cant reupload it theres no point modifying it

Logged

mx3

372

Re: Olympus FW analysis

« Reply #14 on: 13 / June / 2008, 02:34:55 »

unpacker attached

unpack_elf_fw_bin.rar (5.61 kB - downloaded 176 times.)

Logged

skype: max_dtc. ICQ: 125985663, email: win.drivers(at)gmail, eVB decompiler

mx3

372

Re: Olympus FW analysis

« Reply #15 on: 15 / June / 2008, 02:04:23 »

Jonah Probell - The Lexra Story

Zoran COACH cameras (with the same HW/SW architecture and FW pack method as Olympus FE 2XX, 3XX series):

Minox:
- MINOX Germany: Firmware DCC M3 Plus

Samsung:
- s1050, L700, nv73, s730, s830, s850, v700

premier image tech (Traveler):
slimline x5 bin file , inside the traveler slimline x5

UFO:
- dv4140, dv60, dc5345, dm5370

RCA Small Wonder:
- EZ201

Aiptek:
- MPVR (DV6800)

« Last Edit: 15 / June / 2008, 02:14:27 by mx3 »

Logged

skype: max_dtc. ICQ: 125985663, email: win.drivers(at)gmail, eVB decompiler

mx3

372

Re: Olympus FW analysis

« Reply #16 on: 15 / June / 2008, 09:31:12 »

it seems 0x200 bytes of 0x600 bytes block is MBR
next block is image of disk

FAT32 Structure Information. MBR, FAT Boot sector introduction - EASEUS Data Recovery

next step: mount this drive and see files on it.

it probably can be done :
- on linux ( Aiptek MPVR, Zoran-based Camcorder (firmware update) )
- on windows using VDK (Virtual Disk Driver - VM Back)

« Last Edit: 17 / June / 2008, 22:29:27 by mx3 »

Logged

skype: max_dtc. ICQ: 125985663, email: win.drivers(at)gmail, eVB decompiler

mx3

372

Re: Olympus FW analysis

« Reply #17 on: 17 / June / 2008, 22:35:56 »

readelf applied to ELFs shows ussefull information

readelf -a -W PRE_E_008_1102_0000_0000.dec.part2.elf >PRE_E_008_1102_0000_0000.dec.part2.elf.rdlf

Code: [Select]

ELF Header:
  Magic:   7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 
  Class:                             ELF32
  Data:                              2's complement, little endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       0
  Type:                              EXEC (Executable file)
  Machine:                           MIPS R3000
  Version:                           0x1
  Entry point address:               0x80010000
  Start of program headers:          52 (bytes into file)
  Start of section headers:          270376 (bytes into file)
  Flags:                             0x50000001, noreorder, mips32
  Size of this header:               52 (bytes)
  Size of program headers:           32 (bytes)
  Number of program headers:         4
  Size of section headers:           40 (bytes)
  Number of section headers:         22
  Section header string table index: 19

Section Headers:
  [Nr] Name              Type            Addr     Off    Size   ES Flg Lk Inf Al
  [ 0]                   NULL            00000000 000000 000000 00      0   0  0
  [ 1] .spc0             PROGBITS        bfc08000 041dfc 000190 00 WAX  0   0  4
  [ 2] .spc1             PROGBITS        bfc08a00 041f8c 000000 00   W  0   0  1
  [ 3] .spc2             PROGBITS        bfc08c04 041f8c 000000 00   W  0   0  1
  [ 4] .spc3             PROGBITS        00000000 041f8c 000000 00   W  0   0  1
  [ 5] .spd0             PROGBITS        90008000 041f8c 000000 00   W  0   0  1
  [ 6] .spd1             PROGBITS        90008a00 041f8c 000000 00   W  0   0  1
  [ 7] .spd2             PROGBITS        90008c04 041f8c 000000 00   W  0   0  1
  [ 8] .spd3             PROGBITS        00000000 041f8c 000000 00   W  0   0  1
  [ 9] .exception        PROGBITS        80000180 0000b4 000158 00  AX  0   0  1
  [10] .boot             PROGBITS        80010000 000220 000070 00  AX  0   0  4
  [11] .text             PROGBITS        80010080 0002a0 03b67d 00  AX  0   0 32
  [12] __ex_table        PROGBITS        8004b700 03b920 000010 00   A  0   0  4
  [13] .primaryboot      PROGBITS        8004b710 03b930 00023c 00  AX  0   0  4
  [14] .libz             PROGBITS        8004b94c 03bb6c 000cc8 00  WA  0   0  4
  [15] .data             PROGBITS        8004c614 03c834 004b8c 00  WA  0   0  4
  [16] .CpuVars          PROGBITS        800511a0 0413c0 000a3c 00  WA  0   0  4
  [17] .sbss             NOBITS          80051bdc 041dfc 0000d8 00 WAp  0   0  4
  [18] .bss              NOBITS          80051cb4 041dfc 00897c 00  WA  0   0  4
  [19] .shstrtab         STRTAB          00000000 041f8c 00009a 00      0   0  1
  [20] .symtab           SYMTAB          00000000 042398 004380 10     21  38  4
  [21] .strtab           STRTAB          00000000 046718 004689 00      0   0  1
Key to Flags:
  W (write), A (alloc), X (execute), M (merge), S (strings)
  I (info), L (link order), G (group), x (unknown)
  O (extra OS processing required) o (OS specific), p (processor specific)

There are no section groups in this file.

Program Headers:
  Type           Offset   VirtAddr   PhysAddr   FileSiz MemSiz  Flg Align
  LOAD           0x0000b4 0x80000180 0x80000180 0x00158 0x00158 R E 0x1
  LOAD           0x000220 0x80010000 0x80010000 0x3b94c 0x3b94c R E 0x20
  LOAD           0x03bb6c 0x8004b94c 0x8004b94c 0x06290 0x0ece4 RW  0x4
  LOAD           0x041dfc 0xbfc08000 0xbfc08000 0x00190 0x00190 RWE 0x4

 Section to Segment mapping:
  Segment Sections...
   00     .exception 
   01     .boot .text __ex_table .primaryboot 
   02     .libz .data .CpuVars .sbss .bss 
   03     .spc0 

There is no dynamic section in this file.

There are no relocations in this file.

There are no unwind sections in this file.

Symbol table '.symtab' contains 1080 entries:
   Num:    Value  Size Type    Bind   Vis      Ndx Name
     0: 00000000     0 NOTYPE  LOCAL  DEFAULT  UND 
     1: bfc08000     0 SECTION LOCAL  DEFAULT    1 
     2: bfc08a00     0 SECTION LOCAL  DEFAULT    2 
     3: bfc08c04     0 SECTION LOCAL  DEFAULT    3 
     4: 00000000     0 SECTION LOCAL  DEFAULT    4 
     5: 90008000     0 SECTION LOCAL  DEFAULT    5 
     6: 90008a00     0 SECTION LOCAL  DEFAULT    6 
     7: 90008c04     0 SECTION LOCAL  DEFAULT    7 
     8: 00000000     0 SECTION LOCAL  DEFAULT    8 
     9: 80000180     0 SECTION LOCAL  DEFAULT    9 
    10: 80010000     0 SECTION LOCAL  DEFAULT   10 
    11: 80010080     0 SECTION LOCAL  DEFAULT   11 
    12: 8004b700     0 SECTION LOCAL  DEFAULT   12 
    13: 8004b710     0 SECTION LOCAL  DEFAULT   13 
    14: 8004b94c     0 SECTION LOCAL  DEFAULT   14 
    15: 8004c614     0 SECTION LOCAL  DEFAULT   15 
    16: 800511a0     0 SECTION LOCAL  DEFAULT   16 
    17: 80051bdc     0 SECTION LOCAL  DEFAULT   17 
    18: 80051cb4     0 SECTION LOCAL  DEFAULT   18 
    19: 00000000     0 SECTION LOCAL  DEFAULT   21 
    20: 00000000     0 SECTION LOCAL  DEFAULT   22 
    21: 00000000     0 SECTION LOCAL  DEFAULT   23 
    22: bfc08000     0 SECTION LOCAL  DEFAULT    1 
    23: bfc08a00     0 SECTION LOCAL  DEFAULT    2 
    24: bfc08c04     0 SECTION LOCAL  DEFAULT    3 
    25: 90008000     0 SECTION LOCAL  DEFAULT    5 
    26: 90008a00     0 SECTION LOCAL  DEFAULT    6 
    27: 90008c04     0 SECTION LOCAL  DEFAULT    7 
    28: 80000180     0 SECTION LOCAL  DEFAULT    9 
    29: 80010000     0 SECTION LOCAL  DEFAULT   10 
    30: 80010080     0 SECTION LOCAL  DEFAULT   11 
    31: 8004b700     0 SECTION LOCAL  DEFAULT   12 
    32: 8004b710     0 SECTION LOCAL  DEFAULT   13 
    33: 8004b94c     0 SECTION LOCAL  DEFAULT   14 
    34: 8004c614     0 SECTION LOCAL  DEFAULT   15 
    35: 800511a0     0 SECTION LOCAL  DEFAULT   16 
    36: 80051bdc     0 SECTION LOCAL  DEFAULT   17 
    37: 80051cb4     0 SECTION LOCAL  DEFAULT   18 
    38: 00000000     0 FILE    LOCAL  DEFAULT  ABS Os/Gpio/Gpio.c
............
 1079: 800514bc     4 NOTYPE  GLOBAL DEFAULT   16 _tx_byte_pool_created_count

No version information found in this file.

both elf files are loaded well into IDA if mipsl processor selected

Logged

skype: max_dtc. ICQ: 125985663, email: win.drivers(at)gmail, eVB decompiler

mx3

372

Re: Olympus FW analysis

« Reply #18 on: 17 / June / 2008, 23:31:54 »

stylus730
u810
u1200

CPU: ARM

Logged

skype: max_dtc. ICQ: 125985663, email: win.drivers(at)gmail, eVB decompiler

mx3

372

Re: Olympus FW analysis

« Reply #19 on: 17 / June / 2008, 23:42:00 »

Quote from: kLOTTiS on 13 / June / 2008, 00:04:35

Quote from: mx3 on 12 / June / 2008, 09:34:10
I meant You know the name of BIN file how it was downloaded from WEB serer.
Olympus Master places it into camera.
I'm sure it copy it over USB with the name wich is different from original one (FAT system. Long names. it is a hunch)

I'm sure name must be short and the same for different updates.
the only way to found out it - analyse FW file (disassemble it)
anyway we are speaking about "Plan A" - placing modified firmware into camera.
do you have already update file wich you would like to test?

oh yes ok i understand now, would it help formatting it to fat32 or will that not make a difference? i dont think it will because as you say olympus master will rename it to something shorter to update.

i do not have an update to test yet though, i was just thinking ahead incase we cant reupload it. because if we cant reupload it theres no point modifying it

I have seen on other forum mention of file name on card:
{card}:\firmware\firmware.bin

topic was dedicated to sp310, sp320, sp350
I'm not sure it will work with FE series but all Olympus cameras are updated using "olympus master" so it is logical that program places update file either with the same name to all cameras or with the name wich is unique to each camera

update:

Olympus firmware upgrade - the truth
the same instructions for old cameras

« Last Edit: 18 / June / 2008, 04:18:52 by mx3 »

Logged

skype: max_dtc. ICQ: 125985663, email: win.drivers(at)gmail, eVB decompiler

Subject / Started by	Replies	Last post
Partial S5IS 1.01B Firmware Analysis Started by intrinsic Firmware Dumping	0 Replies 3788 Views	by intrinsic
hello, i need an 256kB file of firmware for my olympus Started by lieky Hello, I'm a NEWBIE - HELP!! (Newbies assistance, User Guides and thank you notes)	1 Replies 3397 Views	by DataGhost
Olympus e/mju/stylus series FW analysis Started by Altsoph « 1 2 3 4 5 » Non-CANON cameras development	46 Replies 44988 Views	by Lamer
MOVED: Olympus e/mju/stylus series FW analysis Started by fudgey General Discussion and Assistance	0 Replies 2499 Views	by fudgey
Olympus E3 Firmware and SDK Started by akfreak Non-CANON cameras development	1 Replies 6024 Views	by foxo