fi2 encoder/decoder

Bernd R

430

Re: fi2 encoder/decoder

« Reply #80 on: 24 / October / 2010, 06:06:21 »

Advertisements

I want find the key and iv for ixus 1000 HS.
it should be same as S95(same values stand in the firmware dump).So the key value i get but how can find the IV value ?

I also dont know how i need add this in the fi2.inc file, because there is no example syntax here.
Is it possible to add this in that way as a 64 bit value and no 0x need before ?

ifeq ($(KEYSYS), d4b)
FI2KEY= aabbccddeeffaabbccddeeffaabbccdd
FI2IV =
endif

when i compile and give correct key and leave FI2IV =, i get this in log output

<< Leaving loader/ixus1000_sd4500
<< Leaving loader
>> Entering to CHDK
-> LUALIB/GEN/propset1.lua
-> LUALIB/GEN/propset2.lua
-> LUALIB/GEN/propset3.lua
-> LUALIB/GEN/modelist.lua
<< Leaving CHDK
-> PS.FI2
Hex length mismatch in "./bin/PS.FI2"!

Logged

Ixus 1000 HS

asm1989

527
SX720, SX260, SX210 & SX200

Re: fi2 encoder/decoder

« Reply #81 on: 24 / October / 2010, 06:36:40 »

Bernd R, diasemble it or read the ixus1000 firmware with a hex editor and, fi2key is also at offset 0x7E3624,
and fi2IV is at offset 0x43B71C , from the begining of the firmware, both are 32 byte long starting from that point

Logged

Bernd R

430

Re: fi2 encoder/decoder

« Reply #82 on: 24 / October / 2010, 09:23:53 »

ok, thanks

what happen when the fi2iv value is wrong ?

only when i change last value in fi2key then a message update file error come, as soon i select the firmware update menu.

when i change last value in fi2iv then there is no diffrence see, so it is maybe possible that this value is wrong ?

when i select firmware update, then the camera shut down after 0.5 -0.6 sec.

thats same with diffrent fi2iv values.

Logged

Ixus 1000 HS

sikahr

25

Re: fi2 encoder/decoder

« Reply #83 on: 30 / November / 2010, 06:03:30 »

Quote from: asm1989 on 24 / October / 2010, 06:36:40

both are 32 byte long starting from that point

I think keys are 16 byte long, 32 hex values.
Please correct me if I am wrong.

Logged

philmoz

3450

Re: fi2 encoder/decoder

« Reply #84 on: 09 / December / 2010, 06:39:15 »

SX30 IS firmware version 1.00H

IV @ FFC85204 (offset 475204 in firmware dump file) same IV as G10
Key @ FFFF3680 (offset 7E3680 in firmware dump file)

KEYSYS=d4b in makefile.inc

Tested with current version of SX30 port I am working on and I can boot manually from firmware update option in play mode.

Logged

CHDK ports:
sx30is (1.00c, 1.00h, 1.00l, 1.00n & 1.00p)
g12 (1.00c, 1.00e, 1.00f & 1.00g)
sx130is (1.01d & 1.01f)
ixus310hs (1.00a & 1.01a)
sx40hs (1.00d, 1.00g & 1.00i)
g1x (1.00e, 1.00f & 1.00g)
g5x (1.00c, 1.01a, 1.01b)
g7x2 (1.01a, 1.01b, 1.10b)

Bernd R

430

Re: fi2 encoder/decoder

« Reply #85 on: 19 / December / 2010, 04:50:28 »

@sikahr
>I think keys are 16 byte long, 32 hex values.
>Please correct me if I am wrong.

yes you are right, i mean the string in fi2 have 32 bytes.
but seem that IV is not 16 byte value(32 byte string).its smaller, because i can change the last chars and it work

Logged

Ixus 1000 HS

fe50

3147
IXUS50 & 860, SX10 Star WARs-Star RAWs

Re: fi2 encoder/decoder

« Reply #86 on: 12 / January / 2011, 14:59:32 »

Developers - i've started a wikia page to collect the offsets for the keys

:
* http://chdk.wikia.com/wiki/For_Developers/fi2offsets

Logged

-->FIRMWARE DUMPS<-- * Manual * Lua * me

pixeldoc2000

356
IXUS900Ti 1.00C, IXUS300HS 1.00D

Re: fi2 encoder/decoder

« Reply #87 on: 12 / January / 2011, 18:12:39 »

@fe50
Very good idea.
I've added SD4000 and SX210 offset to wiki and link to SVN.

SD4000-100D
FI2KEY: ROM:FFFF366C , Offset: 0x7E3570
FI2IV: ROM:FFC15130 , Offset: 0x41522C
KEYSYS=d4a

« Last Edit: 12 / January / 2011, 18:15:23 by pixeldoc2000 »

Logged

Canon IXUS 900 / SD 900 Port | Canon IXUS 300 / SD 4000 Beta | GoPro HD Hero

cppasm

92

Re: fi2 encoder/decoder

« Reply #88 on: 26 / March / 2011, 14:19:46 »

I think it would be much easier for everyone if someone will upload keys on some file hosting.
It's clear enough why the keys are not hosted in SVN.
But as far as I can see, fi2.inc is present on autobuild server.
I think it would be nice if someone who have access to autobuild server will compress fi2.inc to password protected archieve, upload it to some file hosting (multiupload.com for example) and post link and password to archieve here.
Doing this way everyone will be protected - file will not be hosted on any CHDK related resources, and it will be impossible to open it without password.
And hosting any links and/or "words" (I mean password

) does not break any law.
But it will be much easier to access the keys if you just want to rebuild some firmware, but don't have original firmware dump.
Any thoughts?

Logged

f_m_b

71

Re: fi2 encoder/decoder

« Reply #89 on: 22 / May / 2011, 17:12:05 »

Hello everybody.

Thanks to the first posts in this thread i have found following SX20 Keys:

1.00F -> FI2IV: ROM:FFC042E4 , Offset: 0x3F42E4
1.02B -> FI2IV: ROM:FFC0436C , Offset: 0x3F436C
1.02D -> FI2IV: ROM:FFC0452C , Offset: 0x3F452C
KEYSYS=d4

Quote from: ewavr on 20 / January / 2009, 20:43:41

It is very easy, reference to first key located at beginning of ROMStarter (0xFFFF0004)...

I can't find out FI2KEY at this way because the SX20 can't access the address 0xFFFF0004.

Quote from: fe50 on 21 / August / 2009, 16:21:03

...
For S / SD / SX / G-Series: start address is 0xFF810000

So use
ROM start: 0xFF810000 ROM Size: 0x003FFFFF Loading address: 0xFF810000 Loading size: 0x003FFFFF

0xFF810000 + 0x003FFFFF = 0xFFC0FFFF

Anyone knows how i can find the "ROMStarter" sequence on my cam?

Are there other posibilities to find FI2KEY?

Logged

Greetings Frank
SX20 (1.02b)