Disabling Canon's blinking battery warning icon

  • 18 Replies
  • 4165 Views
*

Offline fudgey

  • *****
  • 1705
  • a570is
  • Publish
    Disabling Canon's blinking battery warning icon
    « on: 12 / August / 2009, 16:31:47 »
    Advertisements
    WARNING: This message is intended for developers only. It may not be entirely safe for a noob to read further. :)

    I've been digging the battery status of my a570 100e occasionally ever since it was recently found that it (and a590, probably all others too) have stricter  low battery shutdown limits for when CHDK runs (i.e. when started via a firmware upgrade) compared to normal operatio without CHDK.

    There's a lot of disassembly to go through, and a lot of it seems to be only for factory mode and much of the functionality is unused but still mostly exists making the code bigger. I haven't found an explanation for that difference in shutdown limits just yet, but it looks like I have stumbled upon a way to disable Canon's battery warning, something that's been annoying me ever since I got the camera.

    I know I'm not the only one, so I thought I'd post this now that I still remember it (I don't know when I'll have time to continue).

    So... attached is a Lua script, which (as far as I can tell...) replaces tresholds called "PreWeak" and "Weak" (which in a570 100e are actually identical, but that's to be expected since there's only one level of battery warning information before shutdown) in RAM with values from a lower threshold called "LB" (obviously stands for "Low Battery").

    It looks like tripping the "LB" threshold, or an ever lower threshold "SysLow" cause camera shutdown, while tripping the "Weak" threshold causes the battery icon to blink. If that's true, then decreasing the weak battery threshold down to be in par with a shutdown threshold clearly should suppress the warning icon without affecting safe low battery shutdown.

    So, if you run this script on an a570 100e, the battery warning icon should not start to blink. But if it was already blinking when you ran the script, the icon will not disappear because the firmware remembers the worst state the battery was and never lets battery status improve.

    I've only tested this shortly, but it appears to work and I believe it is safe. The camera still shuts down cleanly to low battery, demanding me to change the batteries as it should. There is one problem with this scripted demonstration approach: even if you make it autostart, powering up to rec mode with a weak battery will cause the icon to blink, because Canon firmware decides the battery is weak before the script runs and changes the thresholds. It's possible that this could be overcome by figuring out an early enough time to do it in CHDK code, but maybe not and it may not be worth the trouble. Powering up to PLAY mode will never cause the battery icon to blink.

    Do NOT run this script on any other camera than an a570 100e, not even on an a570 101a unless you check it uses the same values and addresses (for many things it does, but I haven't checked this) (edit: I checked it: 100e and 101a seem to use the same addresses...101a values could differ slightly, but that shouldn't cause problems in a quick test). Cameras other than an a570 will very likely be using different addresses, and the values that I'm writing to those addresses will probably different for each camera as well. Even the number of required pokes will likely differ. It's also likely that not all cameras do things this way at all.

    Running this script on any other camera equals to writing odd values to random locations in RAM, which may result in all sorts of damage (typically only weird crashes or data loss, but worse things could happen).

    Read the script before you run it. There is a safety switch in the script parameters. If you don't understand what it does, don't run the script. And again: if your camera is not a570 sub 100e, do not run it. If you don't understand what that means, don't run it. This script is not meant to be actually used by anyone regularly, just to demonstrate a proof of concept.

    For those interested in where this comes from... A factory/repair mode debug printout function ShowBattChkAdj, 0xffde257c, reveals functions for these values:
    Code: [Select]
    Battery threshold addresses
    Temperature             PreWeak Weak    LB      SysLow
    LOW_TEMPERTURE          0x54558 0x5455a 0x5455c 0x5455e
    NORMAL_TEMPERTURE       0x54562 0x54564 0x54566 0x54568
    HIGH_TEMPERTURE         0x5456c 0x5456e 0x54570 0x54572

    Values:                 PreWeak Weak    LB      SysLow
    LOW_TEMPERTURE          0x01F3  0x01F3  0x01B9  0x0196
    NORMAL_TEMPERTURE       0x01F3  0x01F3  0x01B9  0x0196
    HIGH_TEMPERTURE         0x01F3  0x01F3  0x01B9  0x0196

    All values are 16-bit shorts from my a570 100e found using the CHDK
    memory browser debug utility. Spelling is as found in the firmware...
    There are separate thresholds for 3 different temperatures, but for the a570is (at least when CHDK is running) all temperatures have the same values.
    « Last Edit: 13 / August / 2009, 15:16:05 by fudgey »

    *

    Offline PhyrePhoX

    • *****
    • 2253
    • make RAW not WAR
      • PhyreWorX

    *

    Offline fe50

    • ******
    • 3034
    • IXUS50 & 860, SX10 Star WARs-Star RAWs
      • fe50
  • Publish
    Re: Disabling Canon's blinking battery warning icon
    « Reply #2 on: 13 / August / 2009, 02:35:58 »
     8)

    *

    Offline whoever

    • ****
    • 280
    • IXUS950
  • Publish
    Re: Disabling Canon's blinking battery warning icon
    « Reply #3 on: 13 / August / 2009, 08:10:15 »
    Definitely interesting and useful -- if only all those nice people yelling their irritation at the nasty red blinking beast were still around!

    As for the alleged difference in the battery limits with/without CHDK -- well, I saw the evidence, but there's something odd about it, something that defies logic...

    Let's see how the camera starts with CHDK. After the initial memory relocations/restarts in the loader, CHDK occupies its permanent abode, gets control, and... Well, it then executes boot(), which just starts the normal boot sequence: copies from ROM to the data segment at 0x1900, initializes BSS segment, and then follows the init sequence exactly the same way as the F/W would have done. So when the unsuspecting OS is finally up and running, it has no way to sniff forgery!  The only fingerprints, ever left by CHDK and visible to the OS, are (i) task hooks (although they were not used in the early DryOS ports!) and (ii) diskboot file hiding (not used at all in DryOS).

    Please anybody correct me...


    *

    Offline fudgey

    • *****
    • 1705
    • a570is
  • Publish
    Re: Disabling Canon's blinking battery warning icon
    « Reply #4 on: 13 / August / 2009, 10:33:59 »
    As for the alleged difference in the battery limits with/without CHDK -- well, I saw the evidence, but there's something odd about it, something that defies logic...

    Yes, it does seem to defy logic... but there are many ways it could do this. It could store something in flash and timestamp it or something, but more likely stores something in one of the peripherals inside or outside the digic chip. We are after all only rebooting the ARM core, which certainly is not the only computer in the camera even if it for the most part is in control of all others. Even if the firmware initializes external components in its reach, those components will not lose their supply voltage and as such may retain configuration. It could be for instance that some parts can only be configured once after supply voltage rises, so an ARM reboot could not fully reinit them.

    Supply voltage safety is something that may very well be partially handled by hardware separate from the ARM core (the ARM core may spend seconds in a crashed state waiting for watchdog reset, while the battery may become critically low and break something thermally if the camera is not shut down). The only fuzzy evidence I can present to somewhat support this for now is that part of the battery low code appears to be interrupt driven.

    Low battery shutdown is what we are having a problem here, not low battery warning which my override above handles. It should not be assumed that these low battery states couldn't be achieved in any other means than from the values above... it would be interesting to see what happens if one would override LB and SysLow to much lower values similarly to what I did above. If I could still get a normal battery low shutdown message (instead of just silent brown out detect shutdowns), it would prove something...but it could also be dangerous and there's probably not much value in that test to begin with.

    *

    Offline whoever

    • ****
    • 280
    • IXUS950
  • Publish
    Re: Disabling Canon's blinking battery warning icon
    « Reply #5 on: 13 / August / 2009, 13:17:36 »
    Quote
    ... but there are many ways it could do this.
    Ah yes, of course you're right. I'm getting sloppy... And doesn't a cold reboot actually start the bootcore at FFFF0000 rather than directly the FW at FF810000/FFC0000 ?

    *

    Offline fudgey

    • *****
    • 1705
    • a570is
  • Publish
    Re: Disabling Canon's blinking battery warning icon
    « Reply #6 on: 13 / August / 2009, 13:54:47 »
    And doesn't a cold reboot actually start the bootcore at FFFF0000 rather than directly the FW at FF810000/FFC0000 ?

    I don't know enough about the boot process to answer that, to be honest... never ported a cam and haven't had other reasons to learn.

    But to stay on topic, a small update: I took in essence what the above script does and put it in CHDK C code in core/main.c function core_spytask() right before call to conf_restore(); to see if that would be early enough, and from a quick test looks like it is!

    In other words, I can now autoboot CHDK directly to REC mode with weak batteries and the lobat blinker won't appear! :xmas

    I didn't try with a multipartition card yet, but that shouldn't effect this as all that partition swapping thing happens before firmware boot, doesn't it?

    *

    Offline fudgey

    • *****
    • 1705
    • a570is
  • Publish
    Re: Disabling Canon's blinking battery warning icon
    « Reply #7 on: 13 / August / 2009, 16:52:08 »
    Okay, here's a patch against trunk 788 to disable lobat icon for a570 (both 100e and 101a, only 100e tested).

    From some further testing I've found that placing this before conf_restore() isn't always early enough. Could someone enlighten me how safe it would be to place this earlier in core_spytask()?.

    I haven't tried to find out when Canon firmware loads those variables to RAM at startup, but I do know I am too late (and not too early, because my values do not get overwritten). What is it that spytask is waiting for (this tInitFileM task that is polled) and do you think I could just safely stick my code before that? This isn't using the filesystem in any way after all, if that's what it's about.


    edit: oh well, couldn't resist trying... moving it before started(); seems optimal, I'll leave it there and keep using my camera this way to see if it's really as good as I hope it to be. Putting this at start of core_spytask() did not work, it was too early and my values got overwritten. It's possible that this is too volatile for changes in timing (such as SD card type/status) and maybe needs to be done more cleverly (such as by making spytask check if that table has been filled already and refill it at earliest convenience afterwards while waiting for all those other things).
    « Last Edit: 13 / August / 2009, 17:08:52 by fudgey »


    *

    Offline whoever

    • ****
    • 280
    • IXUS950
  • Publish
    Re: Disabling Canon's blinking battery warning icon
    « Reply #8 on: 13 / August / 2009, 18:08:33 »
    Just for the record, in Ixus950 this table is at 0x586F0 (and at FFFE0870 in ROM). The values are:

                            PreWeak Weak    LB      SysLow
    LOW_TEMPERTURE          0x02F6  0x02F6  0x02DF  0x02B1
    NORMAL_TEMPERTURE       0x02F6  0x02F6  0x02DF  0x02B1
    HIGH_TEMPERTURE         0x0301  0x0301  0x02DF  0x02B1


    Incidentally, in this camera there's NO difference in the low batt behavior with and without CHDK (related to the battery type perhaps, Li-ion in this case?)

    *

    Offline fe50

    • ******
    • 3034
    • IXUS50 & 860, SX10 Star WARs-Star RAWs
      • fe50
  • Publish
    Re: Disabling Canon's blinking battery warning icon
    « Reply #9 on: 14 / August / 2009, 01:46:40 »
    Incidentally, in this camera there's NO difference in the low batt behavior with and without CHDK (related to the battery type perhaps, Li-ion in this case?)
    That's the same i've observed on my Ixus cameras (Ixus 50 SD400 & Ixus 860 SD870);
    i don't see a noticeable difference between starting the cameras with / without CHDK in a low bat situation (don't get the "replace battery" message earlier when trying to start with CHDK).
    I guess the behaviour that fudgey have discovered is model dependent, maybe it's a A-series thing...
    (I haven't noticed this behaviour on my SX10, but with the great battery lifetime of the 4x AA batts on this camera i hadn't many lo batt situations until now ;)

     

    Related Topics