(1) I've made a diff on the two dumps with firmware 1.02C -->
http://chdk.wikia.com/wiki/A470There is a diff from file offset 0x3d0000-0x3d0400 and 0x3d0980-0x3e1c50 and 0x3ff000-0x3fffff
(2) There are many strings pointing to something what looks like a serial:
ROM:FFE2DB48 aSerialnumberDe DCB "SerialNumber (Dec) : %ld",0xD,0
ROM:FFEA748D aServer1_00Camera DCB "SERVER\1.00\CAMERA\PROTO\SERIAL_NUMBER",0
ROM:FFD23C34 aSerialNo_10s DCB "Serial No. %10s",0 ; DATA XREF: sub_FFD23B0C+B0o
This looks to be interesting:
ROM:FFD23BB4 LDR R0, =0x489F0
ROM:FFD23BB8 ADD R2, SP, #0x28+var_20
ROM:FFD23BBC ADR R1, aSerialNo_10s ; "Serial No. %10s"
ROM:FFD23BC0 BL eventproc_export_sprintf
But I don't know how 'sprintf' is working in ARM asm.
If someone has time to play with that:
(1)
idb database:
Canon A470.idb(2) decent disassembler:
ARM portable edition 12M (pass: subdomain of this forum :] )