SD1100/ixus 80 porting ....

  • 360 Replies
  • 84951 Views
*

Offline whim

  • ******
  • 2013
  • A495/590/620/630 ixus70/115/220/230/300/870 S95
  • Publish
    Re: SD1100/ixus 80 porting ....
    « Reply #10 on: 10 / August / 2008, 06:08:16 »
    Advertisements
    Hi chr !

    Congrats, it seems udumper2008 is really universal (well, at least A590 = ok   :D)
    To make it easier to use for noobs, I was thinking about
    integrating it in CardTricks, is that OK with you ?
    Even noobs can then test 'NuDryOS' cams for compatibility quickly, that should
    liberate you from explaining basic cmdline ops to them, and... it would make
    a fitting celebration for 10K downloads (soon, just for CT 1.34 !)  :haha
     
    BTW, is there any reason why you're using a 16M empty.bin,
    so far all known firms fitted in 8M ?
    Maybe the LED blinking code should be stripped out ?  Just like
    in the original udumper, to minimize risk on other cams. Would
    gladly do that myself, but porting decode.s to C is (way) out of
    my league ...

    TIA, and keep up the good work,

    wim

    PS  I already PMed you this request, but since you've been online since,
          it occurred to me that you might ignore/block PM's - not trying to
          push you in any way  :)
    « Last Edit: 10 / August / 2008, 06:22:12 by whim »

    *

    Offline chr

    • ***
    • 138
    • IXUS 82 IS
  • Publish
    Re: SD1100/ixus 80 porting ....
    « Reply #11 on: 10 / August / 2008, 13:35:36 »
    Hi chr !

    Congrats, it seems udumper2008 is really universal (well, at least A590 = ok   :D)
    And someone just dumped SD770IS - CHDK Wiki with it. LED also blinked.

    Quote
    To make it easier to use for noobs, I was thinking about
    integrating it in CardTricks, is that OK with you ?
    Go ahead! It's GPL.

    In principle it's exact the same udumper source + LED blink && 15xdecoded via qemu.

    I tried padding in 1k steps and 16k looks good. That's it.
    Quote
    BTW, is there any reason why you're using a 16M empty.bin,
    so far all known firms fitted in 8M ?

    Yes. I used a 32MB card, and writing start sector 2048 seems to far. Instead of recompiling etc. I just enlarged the file. Just in case not to miss anything.
    Also I filled my empty.bin with 0xdeadbeef, that makes fw cutting easier.
    Quote
    Maybe the LED blinking code should be stripped out ?  Just like
    in the original udumper, to minimize risk on other cams. Would
    gladly do that myself, but porting decode.s to C is (way) out of
    my league ...
    I can do a rebuild without LED. But actually I'm recompiling a gcc-3 because I'm just stuck in the compiler problems described in the wiki ;)

    Current porting status:

    done:
    stubs_entry.S
    stubs_entry_2.S
    stubs_min.S
    lib.c

    started:
    boot.c

    Mh, here I can need help: the output of objdump disassembler is not useful for copy and paste, any ideas ???



  • Publish
    Re: SD1100/ixus 80 porting ....
    « Reply #12 on: 10 / August / 2008, 13:45:35 »
    god i feel useless :p
    maybe will can help u with the boot.c ? ( since he has some c# knowledge? )

    i'd love to help ya but tbh i have no clue what u are even talking about :D

    btw.. awsome work so far! cant wait till this thing is ported ^^

  • Publish
    Re: SD1100/ixus 80 porting ....
    « Reply #13 on: 13 / August / 2008, 21:42:50 »
    I suspect -- as with many of these sorts of projects, if he takes time to explain what to do, he could have just done it himself.  We're probably better off letting chr keep up the awesome work and cheer from the sidelines, rather than derail progress.  But like others, I haven't done embedded work in ages(6 years), (but I'm pretty fluent in C -- not sure about arm assembly though,) -- if you have tasks that you could use a hand with, do let the rest of us know.  We can try to help.  If its easier to just push forward -- please do.  chdk sounds awesome, and as an owner of a sd1100is, I'm looking forward to checking it out.


    *

    Offline chr

    • ***
    • 138
    • IXUS 82 IS
  • Publish
    Re: SD1100/ixus 80 porting ....
    « Reply #14 on: 14 / August / 2008, 02:27:01 »
    « Last Edit: 14 / August / 2008, 02:32:41 by chr »

  • Publish
    Re: SD1100/ixus 80 porting ....
    « Reply #15 on: 14 / August / 2008, 03:41:19 »
    Hi.
    I apologize my lack of skills in the subject.
    I own a IXUS 80is, and im very interested to run CHDk on it.
    So this file you recently posted, is it the real deal? (With bugs ofc.)
    Because i cant find anything similar to DISKBOOT.BIN , PS.FIR or anything like that.
    Feels like i ran through the whole CHDK Wiki, but i cant find anything that helps me.
    Help an noobie, please  :P

    Best Regards
    Andreas G

    *

    Offline whim

    • ******
    • 2013
    • A495/590/620/630 ixus70/115/220/230/300/870 S95
  • Publish
    Re: SD1100/ixus 80 porting ....
    « Reply #16 on: 14 / August / 2008, 04:18:50 »
    @rultig

    that's why this topic is called   "sd1100/ixus 80 porting" and not   "sd1100/ixus 80 ported" :D

    and, your quite right: no PS.FIR / DISKBOOT.BIN means it's not ready for
    testing or 'normal' use.

    So, just let chr work, it'll be done quicker ... think weeks though, not hours, this is a new type of cam.
    The first DryOS cam even took months IIRC ... Patience is a virtue

    wim
    « Last Edit: 14 / August / 2008, 04:24:56 by whim »

    *

    Offline chr

    • ***
    • 138
    • IXUS 82 IS
  • Publish
    Re: SD1100/ixus 80 porting ....
    « Reply #17 on: 17 / August / 2008, 07:06:14 »
    The cam boots, but it shuts down.

    Without any hooks, the cam must power up normal, no?!
    Code: (c) [Select]
    // Extracted method: (ff81cd28-ff81cd80)
    void __attribute__((naked,noinline)) task_Startup_my() { //#fs
    blink_LED_GREEN();
    asm volatile (
    "stmdb sp!, {r4, lr} \n"
    "BL sub_FF8151BC \n" // <taskcreate_ClockSave -31600>
    "BL sub_FF822E14 \n"
    "BL sub_FF81FEB8 \n"
    "BL sub_FF829FE4 \n"
    "BL sub_FF82A1AC \n"
    // "BL sub_FF82A06C \n" // <StartDiskboot +54060>
    );
    CreateTask_blinker();
    // CreateTask_spytask(); // +

    asm volatile (
    "BL sub_FF82A360 \n"
    "BL sub_FF82A1FC \n"
    "BL sub_FF82786C \n"
    "BL sub_FF82A364 \n"
    "BL sub_FF821BC8 \n" // <taskcreate_PhySw +20084>
    );
    //CreateTask_PhySw; // +

    asm volatile (
    "BL sub_FF824D7C \n"    // task_ShootSeqTask
    // "BL sub_FF824D7C_my \n" // ------------------------> ok
    "BL sub_FF82A37C \n"
    "BL sub_FF81FBD8 \n"
    "BL sub_FF821084 \n"
    "BL sub_FF829D6C \n" // <taskcreate_Bye +53252>
    "BL sub_FF8216F8 \n"
    "BL sub_FF820F74 \n" // <taskcreate_TempCheck +16900>
    "BL sub_FF82ACC4 \n"    // for SDHC and movie rec
    // "BL sub_FF82ACC4_my \n" // ------------------------> clock dead
    "BL sub_FF820F30 \n"

    "BL sub_FF815070 \n"
    //"bl blink_LED_PR \n"
    //"BL udump \n"
    //"bl blink_LED_PR \n"
    "BL blink_LED_YELLOW \n"
    "BL blink_LED_YELLOW \n"
    "BL blink_LED_YELLOW \n"
    "BL blink_LED_YELLOW \n"
    "BL blink_LED_YELLOW \n"
    "BL blink_LED_YELLOW \n"
    //"rofl: \n"
    //" b rofl \n"
    "ldmia sp!, {r4, pc} \n"

    // "ldmia sp!, {r4, lr} \n"
    // "B sub_FF815070 \n"
    );
    }; //#fe

    This happens:

    Power on, hold down set button: display on, clock appears. yellow led flashes, while blue led flashes from blinker_task, cam shuts down when task_Startup_my() exits.

    I run out of ideas.



    « Last Edit: 17 / August / 2008, 07:13:20 by chr »


    *

    Offline jeff666

    • ****
    • 181
    • A720IS
  • Publish
    Re: SD1100/ixus 80 porting ....
    « Reply #18 on: 17 / August / 2008, 08:53:06 »
    The cam boots, but it shuts down.

    It starts normally, i.e. lens extracts, OSD shows and so on?

    Quote
    Without any hooks, the cam must power up normal, no?!

    One exception: start_diskboot must be prevented - which you do. So, yes, the cam should start up normally.

    Quote
    Code: (c) [Select]
            "ldmia sp!, {r4, pc} \n"
    // "ldmia sp!, {r4, lr} \n"
    // "B sub_FF815070 \n"
    );
    }; //#fe

    You realize, that you skip sub_FF815070 that way?

    Code: [Select]
    ROM:FF815070 sub_FF815070                            ; CODE XREF: task_Startup+58p
    ROM:FF815070                 STMFD   SP!, {R4,LR}
    ROM:FF815074                 BL      j_IRQdisable
    ROM:FF815078                 LDR     R2, =0x1998
    ROM:FF81507C                 LDR     R1, [R2,#4]
    ROM:FF815080                 CMP     R1, #0
    ROM:FF815084                 SUBNE   R1, R1, #1
    ROM:FF815088                 STRNE   R1, [R2,#4]
    ROM:FF81508C                 LDMNEFD SP!, {R4,LR}
    ROM:FF815090                 BNE     j_IRQrestore
    ROM:FF815094                 BL      j_IRQrestore
    ROM:FF815098                 LDMFD   SP!, {R4,LR}
    ROM:FF81509C                 MOV     R1, #0x90
    ROM:FF8150A0                 ADR     R0, aClkenabler_c ; "ClkEnabler.c"
    ROM:FF8150A4                 B       DebugAssert
    ROM:FF8150A4 ; End of function sub_FF815070

    For my own better understanding I rewrite the function in C and it looks like:
    Code: (c) [Select]
    void sub_FF815070() {
        IRQdisable();
        if ([0x1998+4] != 0) {
            [0x1998+4]--;
            IRQenable();
        } else {
            IRQenable();
            DebugAssert();
        }
    }

    I assume that you must do [0x1998+4]-- before returning from task_startup_my.

    Another Idea: If the cam starts and runs normally as long as task_startyp_my is running, you may just need to prevent it from returning => while (1) {};

    In general: If the cam doesn't work after task_startup has run, something before must have gone wrong. I had the situation where my code has been overwritten. I moved it 64k (or so) higher and everything worked.

    Cheers.

    *

    Offline chr

    • ***
    • 138
    • IXUS 82 IS
  • Publish
    Re: SD1100/ixus 80 porting ....
    « Reply #19 on: 17 / August / 2008, 10:16:15 »
    The cam boots, but it shuts down.

    It starts normally, i.e. lens extracts, OSD shows and so on?
    No. I only use play mode, because I don't want the lens to go ... and stuck.
    It starts it's led blinking show as expected, power led goes on, led lights continue blinking, still black screen. cam switches off when the last blink_LED_YELLOW passed.

    Same try, but hold set button while power on, cam starts the fancy 3d clock. It runs exactly until last blink_LED_YELLOW. Also the gravity works while(!)

    All LED calls saves it's registers.
    Quote
    Quote
    Without any hooks, the cam must power up normal, no?!

    One exception: start_diskboot must be prevented - which you do. So, yes, the cam should start up normally.
    So as I expected. If I leave out the hook one stage earlier, I get a boot loop.

    Quote
    Quote
    Code: (c) [Select]
            "ldmia sp!, {r4, pc} \n"
    // "ldmia sp!, {r4, lr} \n"
    // "B sub_FF815070 \n"
    );
    }; //#fe

    You realize, that you skip sub_FF815070 that way?
    No, look closer ;) I also catched that point!
    Quote

    Another Idea: If the cam starts and runs normally as long as task_startyp_my is running, you may just need to prevent it from returning => while (1) {};
    like this:
    Code: (c) [Select]
    "rofl: \n"
    "     b rofl \n"
    I tried. Power LED stays on, black screen, blinker task runs.
    With set button: blinker task and 3d clock keeps running, but does not react on gravity(!)

    Quote
    In general: If the cam doesn't work after task_startup has run, something before must have gone wrong. I had the situation where my code has been overwritten. I moved it 64k (or so) higher and everything worked.

    Cheers.

    Also tried to increase memory. Mh, without any chdk hooks, it must boot up normally even if there are still mistakes in stubs_min.S for example. This is the only file I'm not 100% sure.

    I inserted udumper and took a ram snapshot: first I wonder because ram at 0x0000~0x800 was 0xff ... but copying this range to 0x500000 before dumping it looks 100% ok. I guess the SD write/dma/memory protection/cache stuff

    No, everything looks ok, chdk is in place and canon stuff below.

    Also I ran this show in qemu ... which just crashes a bit earlier:
    Code: (sh) [Select]
    IO write 0xc0800018, 0x0
    IO write 0xc0800008, 0x8881
    IO write 0xc0220134, 0x46 <- green led ;)
    IO write 0xc0220134, 0x44
    IO read 0xc02200f8

    < Error Exception >
     TYPE : undefined
     ISR  : FALSE
     TASK ID   : 131074
     TASK Name : init
     R 0  : 19980218
     R 1  : 19980218
     R 2  : 00001000
     R 3  : 00000000
     R 4  : 19980218
     R 5  : 19980218
     R 6  : 19980218
     R 7  : 19980218
     R 8  : 19980218
     R 9  : 19980218
     R10  : 19980218
     R11  : 19980218
     R12  : 00000000
     R13  : 0000ee8c
     R14  : ff811904
     PC   : ff811904
     CPSR : 00000093

    IO write 0xc0220134, 0x46
    IO write 0xc0220134, 0x44
    IO write 0xc0400030, 0x1
    IO read 0xc040004c

    However, I expect there are more bugs in qemu then in my boot.c :))


    « Last Edit: 17 / August / 2008, 10:19:40 by chr »

     

    Related Topics