A530 Firmware Dump Available - Firmware Dumping - CHDK Forum

A530 Firmware Dump Available

  • 7 Replies
  • 8187 Views
*

Offline stranger

  • *
  • 10
  • [a530]
A530 Firmware Dump Available
« on: 06 / January / 2008, 18:54:55 »
Advertisements
edit: The A530 firmware dump is available at http://mrz.boldlygoingnowhere.org/a530_dump.dat


I own an a530, and am trying to get a firmware dump.  I didn't have a photodiode handy, so I tried a photoresistor.  The signal looks completely different, but is still quite usable.  Because the signal is different I've ended up writing my own script to replace adc.exe which seems to work well.  However, dec.exe won't accept the output of my script.  It says "read 0 bytes...", writes an empty dump.dat file and exits.  I had a look at the source of dec.exe, but I don't know C so I'm kind of confused. :blink:  My script just writes the transmitted bytes directly to a file, including the header, address, and crc bytes.

Another problem I had, my dump is only 3107KB including the header, so it didn't transfer the 4096 kb blocks I was expecting.  At the end it seems to have outputted several KB size blocks consisting entirely of 0xFF values.  The batteries weren't low.  Why would it have done that?

edit: On further inspection it seems the batteries might have died after all.  They were freshly charged too.  Curse the dismal battery life of the A530 model.  Either I'll have to work out some sort of external power source, increase the baud rate to get it all transmitted before the batteries die, or use a blinker that will transmit it in parts like the G7 blinker.  Though, if the 0xFF values represent filler bytes can I safely assume the rest of the dump would have all been 0xFF values too?

Btw, I'm using the blinker binary I downloaded, which defaults to the blue LED at 1600 baud.  The capture I got took 5 hours.  I'm working on figuring out how to compile my own so I can use the AF led at a higher speed.  I might try a different transmission protocol since I can't seem to make a dec.exe-like script to figure it out. :P

Or, would buying a photodiode solve all of my problems and be so much easier? ::)

The image shows the output of my script.  The white is the actual signal, the red is how my program is interpreting it.  The malformed bytes were because of a bad recording, my most recent doesn't produce any errors.  In the background is the contents of my script output file in a hex editor.

P.S.  I'll upload the firmware and post a link as soon as I get this to work. :D

edit: um, oops, I didn't notice the sub-board.  Go ahead and move it. >_>
« Last Edit: 07 / January / 2008, 06:58:01 by stranger »

*

Offline GrAnd

  • ****
  • 916
  • [A610, S3IS]
    • CHDK
Re: help dumping firmware (a530)
« Reply #1 on: 07 / January / 2008, 03:28:05 »
The image shows the output of my script.  The white is the actual signal, the red is how my program is interpreting it.  The malformed bytes were because of a bad recording, my most recent doesn't produce any errors.  In the background is the contents of my script output file in a hex editor.
The hex view looks very promising.

Though, if the 0xFF values represent filler bytes can I safely assume the rest of the dump would have all been 0xFF values too?
Yep. The firmware itself is about 3Mb usually.

However, dec.exe won't accept the output of my script.  It says "read 0 bytes...", writes an empty dump.dat file and exits.  I had a look at the source of dec.exe, but I don't know C so I'm kind of confused. :blink:  My script just writes the transmitted bytes directly to a file, including the header, address, and crc bytes.
dec.exe is very dumb program. It opens the file named 'dump' (without any extension), reads all of its content into memory, analysis and writes the output into 'dump.dat' file. If it says "read 0 bytes..." then it meand the input file has 0 bytes to read (or the program do not able to read from file).
Here is the part of this code with comments:
Code: [Select]
    fseek(f, 0, SEEK_END);                // Move the current read position to the end of file.
    len = ftell(f);                       // Get the current position. It will be the file size because above it's moved to the end.
    data = malloc(len);                   // Allocate memory buffe for whole file content
    fseek(f, 0, SEEK_SET);                // Move the current read position to the start of file.
    r = fread(data,1, len, f);            // Read 'len' bytes from the file to the memory buffer. 'r' will contain the number of bytes readed actually.
    printf("read %d bytes... \n", r);
CHDK Developer.

*

Offline stranger

  • *
  • 10
  • [a530]
Re: help dumping firmware (a530)
« Reply #2 on: 07 / January / 2008, 06:52:48 »
Thanks a lot!  With that help I got dec.exe to accept my script output.  I then added 0xff values to make it the full 4096 kb.  I've uploaded it to http://mrz.boldlygoingnowhere.org/a530_dump.dat.  Now to figuring out how to port it. :)  I'm really looking forward to getting CHDK on my camera.

Feel free to mirror it.  I don't entirely trust my modem. ;)
« Last Edit: 07 / January / 2008, 07:30:25 by stranger »

*

Offline jeff666

  • ****
  • 181
  • A720IS
Re: help dumping firmware (a530)
« Reply #3 on: 07 / January / 2008, 08:21:26 »
Quote from: stranger
I then added 0xff values to make it the full 4096 kb.

Don't do that unless you absolutely know that you fill in the correct data. If you don't have a portion of the firmware and you think it won't be needed anyway then just provide the truncated file. If the missing part is needed during the porting process, people will see that they don't have this part and ask for it.

OTOH if they think the dump is complete, but it isn't, they will try to find explanations why their expectations aren't fulfilled.

In fact there is a special case in which the end of the firmware is needed. It's called "RomStarter". People will look for this particular information in your dump (I did). They will see that it should be there but they can't find it. Since the file is not obviously truncated they will further assume it isn't part of the firmware. An assumption which is most likely wrong.

IOW: Don't pretend things that you don't know.

Cheers.


*

Offline stranger

  • *
  • 10
  • [a530]
Re: A530 Firmware Dump Available
« Reply #4 on: 07 / January / 2008, 10:11:33 »
Well sorry then.  I'll change it to the truncated version if that pleases you.  I did ask if that was a safe assumption, and GrAnd did say that it was.  Seemed certain enough. :-[  Of course I wouldn't know.

Well, good you came along then.  I suppose I'd best go back and try to get the end of the firmware for you.
« Last Edit: 07 / January / 2008, 10:13:43 by stranger »

*

Offline jeff666

  • ****
  • 181
  • A720IS
Re: A530 Firmware Dump Available
« Reply #5 on: 07 / January / 2008, 10:44:17 »
I suppose I'd best go back and try to get the end of the firmware for you.

Chances are that all necessary information is available in the first 3mb. If we need a complete dump, we can write the firmware to a file once the port is (at least partially) completed.

I just wanted to avoid confusion from wrong information.

Cheers.

*

Offline GrAnd

  • ****
  • 916
  • [A610, S3IS]
    • CHDK
Re: A530 Firmware Dump Available
« Reply #6 on: 07 / January / 2008, 16:07:51 »
I did ask if that was a safe assumption, and GrAnd did say that it was.
Sorry, I had to explain more detailed...
The full dump usually contains:
  • The firmware itself (~3Mb from the beginning)
  • Some graphic resources (icons, fonts, etc.)
  • Some non-ARM microcodes (16bit) for some other chip (JPEG encoder?)
  • Boot loader or "RomStarter" (from 0xFFFF0000 to 0xFFFFFFFF).
For CHDK porting the only first part is essential.

The file you provided has the first part (the firmware itself) only. It's full size (3054736 bytes). Your file is larger a bit (3140608 bytes). So, do not rush to get the rest dump. :)
« Last Edit: 07 / January / 2008, 16:10:16 by GrAnd »
CHDK Developer.

*

Offline stranger

  • *
  • 10
  • [a530]
Re: A530 Firmware Dump Available
« Reply #7 on: 07 / January / 2008, 18:14:09 »
I see.  Interesting.  Well, I've since figured out how to modify the blinker firmware so I did it in parts.  I copied the (real) full 4096kb version over the old one I uploaded.  If for some reason the old one is needed its at http://mrz.boldlygoingnowhere.org/a530_dump_old.dat

So, do not rush to get the rest dump. :)
Its difficult not to rush, especially when I can read about all these features I can't have (yet). :D


 

Related Topics


SimplePortal 2.3.6 © 2008-2014, SimplePortal