Olympus e/mju/stylus series FW analysis - page 4 - Non-CANON cameras development - CHDK Forum
« previous next »
Pages: 1 2 3 [4] 5   Go Down

Olympus e/mju/stylus series FW analysis

  • 46 Replies
  • 47105 Views
*

Offline Virus

  • *
  • 8
Re: Olympus e/mju/stylus series FW analysis
« Reply #30 on: 09 / April / 2009, 02:38:18 »
Advertisements
Quote from: wictor on 08 / April / 2009, 15:11:44
Can I ask, how did you upgrade the modified FW?

Using Olympus Studio and my own simple http server. OS asks server witch some xml request and server responds also with xml Nice and easy :-)

Quote from: wictor on 23 / February / 2009, 09:08:37
I have been looking E-1, E-500 and E-3 FW binaries and there is
Code: [Select]
F???????BIN next to the body firmware download functions and
Code: [Select]
L???????BIN next to the lens FW download functions. Maybe these names are used when upgrading from CF card if that's even possible...

These functions are for flash/strobe and lens update...
Logged
*

Offline wictor

  • *
  • 6
Re: Olympus e/mju/stylus series FW analysis
« Reply #31 on: 09 / April / 2009, 03:07:28 »
Quote from: Virus on 09 / April / 2009, 02:38:18
Quote from: wictor on 08 / April / 2009, 15:11:44
Can I ask, how did you upgrade the modified FW?
Using Olympus Studio and my own simple http server. OS asks server witch some xml request and server responds also with xml Nice and easy :-)
I've been using also xml scripts to retrieve firmwares from Oly server if I someday need them ;).

Does anyone know if there is some restrictions to load older FW to camera. E.g. is camera FW or Olympus studio or master preventing this...

I would like to compare new and old firmwares in E-3. And for E-500 I would lke to try older FW that supported ISO50 in E-500.

// Wictor
Logged
*

Offline acseven

  • *****
  • 668
    • 500px
Re: Olympus e/mju/stylus series FW analysis
« Reply #32 on: 09 / April / 2009, 03:42:52 »
Excellent stuff. It's great to see your development ;)
Logged
*

Offline Virus

  • *
  • 8
Re: Olympus e/mju/stylus series FW analysis
« Reply #33 on: 09 / April / 2009, 05:05:50 »
Quote from: wictor on 09 / April / 2009, 03:07:28
Does anyone know if there is some restrictions to load older FW to camera. E.g. is camera FW or Olympus studio or master preventing this...

I would like to compare new and old firmwares in E-3. And for E-500 I would lke to try older FW that supported ISO50 in E-500.

As far as I tested it - there is no problem with firmware downgrade. Olympus Studio/Master decides if firmware is newer or older. Changing <version> in xml to some high value allows you to upload any firmware.

I wonder if it's possible to upload firmware from different models, say E-450 to E-420. ;-)

Logged
*

Offline wictor

  • *
  • 6
Re: Olympus e/mju/stylus series FW analysis
« Reply #34 on: 09 / April / 2009, 05:44:35 »
Quote from: Virus on 09 / April / 2009, 05:05:50
I wonder if it's possible to upload firmware from different models, say E-450 to E-420. ;-)
That would be nice. Nowadays biggest changes between models are made just by updating FW/SW.
// Wictor
Logged
*

Offline wictor

  • *
  • 6
Re: Olympus e/mju/stylus series FW analysis
« Reply #35 on: 23 / April / 2009, 02:00:53 »
Hi!

Does someone know where to get E-500 FW binaries? I would like to get versions older than 1.3...

Thanks,
// Wictor
Logged
*

Offline haya

  • *
  • 3
Re: Olympus e/mju/stylus series FW analysis
« Reply #36 on: 22 / December / 2009, 10:52:24 »
Some additional info about the file format:

Block 0x0106:
- Some firmware (like for the E-P1, model sig 0x0680) has a 0x0106 block. This block has a single header (len, addr); but the actual data is not known.

Image blocks:
- Blocks with images (0x0102 and 0x0104) do not just contain jpgs, they may also contain bmps, windows icons (including new vista 256x256 RGBA PNG icon) and possibly other image data (a single block can contain heterogeneous image types). While file types do not seem to be specified anywhere, they can be deduced easily from the data itself.
- Image blocks can contain 'empty headers' (len=0, addr=0) in between non-empty headers; perhaps image resources are accessed by header index. The section of headers seems to end when a section of 0xFF padding bytes is reached.

Block 0x0000:
- Some firmwares contain a 0x0000 block, this block is not encrypted and seems to be boot loader code. Checksum is compute as for the other blocks, just skipping the decryption step.

Font and string blocks:
- Fonts and strings blocks seem to have multiple resources like images blocks, except that there are no 0xFF bytes between the headers and data.
- Some blocks seem to contain strings for different languages (first byte is language id, then 3 bytes zero, then 3 char language string + zero termination byte).
- There's some data (fonts?), then the strings in 2 byte (UTF-16?) format (at least for model 0x0680). Strings have some control characters for line breaks and begin/end of strings, etc., but they seem very irregular.
Logged
*

Offline haya

  • *
  • 3
Re: Olympus e/mju/stylus series FW analysis
« Reply #37 on: 22 / December / 2009, 10:59:16 »
I managed to do the IDA disassembly as per Virus' instructions, but I wonder:
How was the analysis range end (0x402014E8) determined? It seems somewhat arbitrary..

Also, how would actual changes to the firmware be made? I'm assuming the IDA disassembly does not lend itself to be modified directly and re-assembled? Should changes be made in the machine code itself? I have no clue..

Thanks.
Logged
*

Offline mx3

  • ****
  • 372
Re: Olympus e/mju/stylus series FW analysis
« Reply #38 on: 23 / December / 2009, 05:38:52 »
Quote from: haya on 22 / December / 2009, 10:59:16
Also, how would actual changes to the firmware be made?
see example of 40D patching experiments http://chdk.setepontos.com/index.php/topic,1359.msg14962.html#msg14962
of course you will need to write packer for this type of firmware.

also you will need to upload it to camera somehow.
1) some olympus cameras (with sanyo based processors. SP, some FE models and many others Nikons, Fuji) can update firmware without olympus master. extract sd card. connect camera to pc. place _DECRYPTED_ file to internal memory as /FIRMWARE/FIRMWARE.BIN . disconnect from PC. switch on. go to play mode. update firmware screen appears.  maybe it will work for your firmware too.
2) emulate update server :-). patch yours hosts file. make some http server. apache with php will do fine.

Quote from: haya on 22 / December / 2009, 10:59:16
I'm assuming the IDA disassembly does not lend itself to be modified directly and re-assembled?
Should changes be made in the machine code itself?


1) find some code which is not used usually but which can be invoked via some menu (help or something...). this would allow you to experiment and ability to restore original firmware.
2) replace its code with yours. I would suggest you to compile code to be position independent.

first of all I would dump full ROM to see whole startup procedure. there can be references to some special files which could be placed to SD-card and launched.
ROM addresses can be guessed by reading CPU docs (strartup address. dump about 64kb at first)
« Last Edit: 23 / December / 2009, 05:41:27 by mx3 »
Logged
skype: max_dtc. ICQ: 125985663, email: win.drivers(at)gmail, eVB decompiler
*

Offline foxo

  • *
  • 3
Re: Olympus e/mju/stylus series FW analysis
« Reply #39 on: 11 / January / 2010, 08:32:02 »
Hello, everyone!
I have the Olympus E3's CF-Card-Upgrade firmware file of version 1.003/1.102/1.203, and we can do fw upgrade or downgrade by exacting these files to the CF card's root directory "dcolymp", and turn on power when pressing the OK button.(Not by the master or studio, the Custom Service also did by this way)
If someone has the ability to hack it or want to research it, you can email to me, i will sent you a copy.

This is the file list of each fw package:

V1.003:
E0421003.BIN
G0421003.BIN
M0421000.BIN
S0421000.BIN

V1.102:
E0421102.BIN
M0421100.BIN
S0421000.BIN

V1.203:
E0421203.BIN
G0421203.BIN
M0421105.BIN
S0421001.BIN
« Last Edit: 11 / January / 2010, 08:33:59 by foxo »
Logged
Pages: 1 2 3 [4] 5   Go Up
« previous next »
 

Related Topics


SimplePortal © 2008-2014, SimplePortal