supplierdeeply

SX20 IS firmware dump, I need help!

  • 125 Replies
  • 32283 Views
*

Offline RaduP

  • *****
  • 890
Re: SX20 IS firmware dump, I need help!
« Reply #30 on: 12 / September / 2009, 22:35:07 »
Advertisements
Well, since I am working at the SD980 and have similar problems, I guess we should join our efforts on this thread.

My resulting ps.fi2 file is also very small, even though the 'original' file is over 100Kb. I am trying the firmware update method, and the code is accepted (no error messages given).

The camera just locks up, doesn't do anything at all, and I need to remove the battery (not just open the door).
Now I have to find a way and see if the code is actually executed or not.. I wonder how I can do that.

BTW, I think we should compile all the possible LED addresses from other cameras and see if there is any luck with any of them.

*

Offline RaduP

  • *****
  • 890
Re: SX20 IS firmware dump, I need help!
« Reply #31 on: 12 / September / 2009, 23:14:39 »
Yes, it works!
We CAN turn on an LED (and the flash, figure that out!) even with the unpadded ps.fir2

Code: [Select]
void find_led()
{
volatile long *p;
int i;

p=(void*)0xc0220000;

for(i=0;i<0xffff;i++)
{
*p=0x46;
p++;
}
}

Call that from the beginning of the main function.
The autofocus LED and the flash briefly light up, then the camera shuts down (you can restart it by just pressing the start button, so no lock up). I guess this code also makes the camera shut down gracefully for some reason or another.

Now I have to find the addresses.

*

Offline reyalp

  • ******
  • 11514
Re: SX20 IS firmware dump, I need help!
« Reply #32 on: 12 / September / 2009, 23:27:54 »
note to anyone else who might try this, writing to random MMIO addresses may be hazardous to your cameras health. To minimize the risk (and probably speed up figuring out where the LEDs are) I'd suggest restricting this to the range that LEDs are found in existing cameras.

On most cameras they are between something like 0xC0220040 and 0xC0220200 (based on a random sampling from the wiki)
Don't forget what the H stands for.

*

Offline RaduP

  • *****
  • 890
Re: SX20 IS firmware dump, I need help!
« Reply #33 on: 12 / September / 2009, 23:47:08 »
Well, that range won't do it, I am afraid (for the SD980). The autofocus LED is somewhere between 0xc0222000 and 0xc0222fff
I did find some other LEDs lower though, but not the autofocus one.


*

Offline reyalp

  • ******
  • 11514
Re: SX20 IS firmware dump, I need help!
« Reply #34 on: 12 / September / 2009, 23:52:51 »
Well, that range won't do it, I am afraid (for the SD980). The autofocus LED is somewhere between 0xc0222000 and 0xc0222fff
I did find some other LEDs lower though, but not the autofocus one.
You should only need one, although the brighter AF LED may be easier. On the SX200, the AF led is reportedly at 0xC0223030
Don't forget what the H stands for.

*

Offline RaduP

  • *****
  • 890
Re: SX20 IS firmware dump, I need help!
« Reply #35 on: 13 / September / 2009, 00:30:39 »
Yes, I am looking for the AF, it should make things easier. I almost found it (and also found a small bug with my code that was driving me crazy). p++; increments it by 4, duh.

*

Offline RaduP

  • *****
  • 890
Re: SX20 IS firmware dump, I need help!
« Reply #36 on: 13 / September / 2009, 00:49:11 »
Got it!

SD980
#define LED_AF 0xc0223033

*

Offline reyalp

  • ******
  • 11514
Re: SX20 IS firmware dump, I need help!
« Reply #37 on: 13 / September / 2009, 00:52:06 »
Got it!

SD980
#define LED_AF 0xc0223033
I would be very surprised indeed if it were at an unaligned address.
Don't forget what the H stands for.


*

Offline RaduP

  • *****
  • 890
Re: SX20 IS firmware dump, I need help!
« Reply #38 on: 13 / September / 2009, 01:01:51 »
Yes, it is kind of strange, isn't it? But I tested it in the blinking routine and it works, for some reason or another. I didn't build the reciver yet, but it turns on and off just fine.

*

Offline whoever

  • ****
  • 280
  • IXUS950
Re: SX20 IS firmware dump, I need help!
« Reply #39 on: 13 / September / 2009, 01:39:50 »
#define LED_AF 0xc0223033
I would be very surprised indeed if it were at an unaligned address.

I'd rather call it 0xC0223030, the same as in SX200, as the two lower bits do not matter.
Strictly speaking, though, one should avoid unaligned addresses.

 

Related Topics