Checksum calculation is simple.
It's just starts from dword 0x00000000 and sub every dword of data from current checksum.
Checksum calculated from <head>+<decrypted_data>+<tail> always equals zero.
So, checksum calculated from <head>+<decrypted_data>+<tail without last 4 bytes> always equals dword, stored in last 4 bytes of tail.
Now, I think, we are ready to make our packer, and, if manual update thru /firmware/firmware.bin file works on e-series, we can make our correct updates from scratch and load it to camera.
Checksum calculator source is attached.
So, next step is to disasm some binary (code) block and find the way to make memory dumper -- thru memory card, USB or LEDs.