Some *.S files for 1.01B firmware for future developers - http://ewavr.nm.ru/chdk/trash/sx10-101b.zip
Sorry, I can't continue this work.
Thanks for all your work on this! I just bought a new SX10 which seems to have come with 1.02B, but rather than post another "WhEn is 1.02b gonna be done!!!1!!!1!" reply, I'm actually looking into what it will take to port this to 1.02B.
Luckily I have some asm and IDA experience, so I might actually be able to accomplish something. Can't say that I've written anything for the ARM, but I read an overview of the architecture once (maybe 3 years ago, lol.) Seems to be a pretty popular core for SOC ASICs, and sounds like lots of people/companies have developed their own cores using the same instruction set, etc. Even if I didn't know anything about ARM, the instruction set looks RISC-like and similar to m68k which I'm probably most familiar with. Luckily this is nothing like Intel x86 (yuck).
I haven't used IDA in 2-3 years either. When I did use it I used it for malware reverse engineering (though I can't say I did a massive amount of that since it wasn't my primary job). Given the obfuscation techniques used in malware code, hopefully this fw will be easy in comparison. (I'm assuming that there's no real execution-based obfuscation, just the whole-image XOR "encryption" or whatever.)
Ok, so questions:
* First you need either the original firmware or a firmware dump of your camera.
Ok, that's been done, but somewhere I saw some suggestion that 1.01B was the same as 1.02B or something? But then when I searched around I couldn't seem to figure out where I saw someone claim this. Am I smoking crack or is someone else smoking crack?
Reason it matters is because I'm wondering how useful your .S files would be for 1.02B. I suppose I'll end up finding out though.
* Create a platform subdirectory for a new camera model/fw version (you can just copy an existing one).
Question here: Since you've already ported a 1.01A for this camera, I'm guessing that maybe some of the work necessary for 1.02B etc has already been done? If nothing else I guess I can look at the .S files you have, compare them, then get some idea. Is it mostly just a matter of finding a bunch of function/subroutine offsets?
* Modify a couple of addresses and constants.
* Check the keyboard "driver" (button constants and behaviour).
So I'm guessing that the constants will be the same....
* Find the adresses of the RAW-, video- and frame-buffers.
* Check the addresses of autofound functions. Manually correct/find the right addresses for some of them with a disassembler like IDA Pro.
Sounds like this is the main work? How likely is it that the boot procedure has changed and will need to be copied/modified?
I installed CHDK shell. Nice automation. (Nice idea to automate all that given the need to port this for every firmware version. It increases the chance that ports get done.)
Stuff I'm reading:
http://chdk.wikia.com/wiki/For_Developershttp://chdk.wikia.com/wiki/SX10http://chdk.wikia.com/wiki/DryOS_Portinghttp://chdk.wikia.com/wiki/Loading_dump_to_IDAhttp://chdk.wikia.com/wiki/Adding_support_of_a_new_cameraLooked at this: CHDK\trunk\trunk772\platform\sx10\sub\101a
Put your 101b files in 101b dir
looked at everything in sub briefly, as well as loader and platform
Ok, so it looks like I shouldn't need to do anything with sx10 loader or platform and everything I'd need to change is in a new platform/sx10/sub/102b dir? (Can any be copied from 101a?)
Sorry for being a bit verbose and thinking out loud, but I just want to see if I'm on the right track here and what I know so far so you can see what sort of tips you might have for me that I could actually understand. Doesn't look entirely trivial to port (especially since I haven't done stuff like this in a while) but so far everything I've looked at generally makes sense even if I don't yet understand exactly how it all fits together.