Dumping IXUS 120 IS. Almost, but not quite! Need some assistance.

reyalp

12943

Re: Dumping IXUS 120 IS. Almost, but not quite! Need some assistance.

« Reply #10 on: 05 / October / 2009, 17:15:13 »

Advertisements

The FI2 has to be encoded with the correct keys and camera PID from the vers.req

Quote

offset+0x10.dance3.bin <-- broke format of card entirely. Needed to reformat to "see" mounted in windows.

This is promising. Try this again and try dumping directly from the disk as above.

Logged

Don't forget what the H stands for.

RaduP

Re: Dumping IXUS 120 IS. Almost, but not quite! Need some assistance.

« Reply #11 on: 05 / October / 2009, 17:36:27 »

Quote from: zebra on 05 / October / 2009, 17:02:50

Selected it and it simply said "Update file error".

No LED blinks, unfortunately...

z

Sorry, forgot to change the version, try this:

Logged

zebra

Re: Dumping IXUS 120 IS. Almost, but not quite! Need some assistance.

« Reply #12 on: 05 / October / 2009, 17:42:27 »

Success!

Amber LED blinking out interesting patterns!

z

Logged

RaduP

Re: Dumping IXUS 120 IS. Almost, but not quite! Need some assistance.

« Reply #13 on: 05 / October / 2009, 17:57:07 »

Yp, just as I thought, most of the hardware and probably firmware is very similar.
Now, can you do the hardware? I can give you the software to get it from the serial port, but it runs on Windows only, although I think it should run fine under wine.

Of course, you should try the udumper method first, the blinking is a last resort thing, much harder.

Logged

zebra

Re: Dumping IXUS 120 IS. Almost, but not quite! Need some assistance.

« Reply #14 on: 05 / October / 2009, 18:07:36 »

Quote from: RaduP on 05 / October / 2009, 17:57:07

Yp, just as I thought, most of the hardware and probably firmware is very similar.
Now, can you do the hardware? I can give you the software to get it from the serial port, but it runs on Windows only, although I think it should run fine under wine.

Of course, you should try the udumper method first, the blinking is a last resort thing, much harder.

Yup. I possibly could go the hw route, if we need to (have a Win7 box here), so that isn't a major issue.

As you suggested however, udumper/sw is probably easier at this stage. Waiting to hear back from gajownik in terms of where to go next with udumper. We've managed to get the camera writing out "something" with an offset of 0+x10 and dancing bits set to 3. I've managed to strip all the stuff off the SD card that it *did* write, but whether or not this is useful is another matter entirely...

z

Logged

reyalp

12943

Re: Dumping IXUS 120 IS. Almost, but not quite! Need some assistance.

« Reply #15 on: 05 / October / 2009, 18:12:28 »

If radup will post LED address worked, you can use that to diagnose udumper

Logged

Don't forget what the H stands for.

RaduP

Re: Dumping IXUS 120 IS. Almost, but not quite! Need some assistance.

« Reply #16 on: 05 / October / 2009, 18:16:56 »

Code: [Select]

void blink_led(int times)
{
 int i;
 int g;

 for(i=0;i<times;i++)
  {
   *((volatile int *) 0xc0223030) = 0x46;
   for (g=0; g<6000000; g++) // Wait a while
    {
        asm volatile ( "nop\n" );
    }
    *((volatile int *) 0xc0223030) = 0x44; // Turn off LED
   for (g=0; g<6000000; g++) // Wait a while
    {
        asm volatile ( "nop\n" );
    }
  }
   for (g=0; g<20000000; g++) // Wait a while
    {
        asm volatile ( "nop\n" );
    }

}

Here is the debug function I use in porting my camera. Same LED address as for yours.

Logged

zebra

Re: Dumping IXUS 120 IS. Almost, but not quite! Need some assistance.

« Reply #17 on: 06 / October / 2009, 05:34:12 »

Guys...

I think we have a win, or at least, something close to it.

After putting together a modified diskboot.bin with gajownik, moved first sector from 2048 to 4096 on the SD card, then extending the landing-likelihood of where the sectors were written, I managed to dd out around 2GB of the 4GB SDHC card, and contained within:

Code: [Select]

zbox:CHDK zebra$ strings disk1.20091006 | grep -i gaon
gaonisoyP
gaonisoyp@-
gaonisoyP
gaonisoyp@-

I think we might be closer. Pushing the dump up in heavily compressed bzip2 with -9 compression now.

Some further inspection so far shows:

Code: [Select]

67 61 6F 6E 69 73 6F 79 50 11 9F E5 00 00 A0 E3 00 00 81 E5 78 10 A0 E3 10 1F 01 EE 00 10 A0 E3 9A 1F 07 EE 15 1F 07 EE 16 1F 07 EE 3D 00 A0 E3 10 0F 06 EE BF 01 A0 E3 11 0F 06 EE 33 00 A0 E3 12 0F 06 EE CD 01 A0 E3 13 0F 06 EE 5E 01 A0 E3 14 0F 06 EE 08 01 9F E5 15 0F 06 EE 34 00 A0 E3 10 0F 02 EE 34 00 A0 E3 30 0F 02 EE 34 00 A0 E3 10 0F 03 EE EC 00 9F E5 50 0F 05 EE E4 00 9F E5 70 0F 05 EE 10 0F 11 EE 01 0A 80 E3 04 00 80 E3 01 00 80 E3 10 0F 01 EE 1A 11 A0 E3 11 1F 09 EE 06 10 A0 E3 31 1F 09 EE 10 1F 11 EE 05 18 81 E3 10 1F 01 EE B0 20 9F E5 01 10 A0 E3 0C 11 82 E5 FF 10 A0 E3 0C 10 82 E5 1C 10 82 E5 2C 10 82 E5 3C 10 82 E5 4C 10 82 E5 5C 10 82 E5 6C 10 82 E5 7C 10 82 E5 8C 10 82 E5 9C 10 82 E5 AC 10 82 E5 BC 10 82 E5 CC 10 82 E5 DC 10 82 E5 EC 10 82 E5 FC 10 82 E5 64 10 9F E5 64 20 9F E5 00 20 81 E5 01 10 A0 E3 5C 20 9F E5 00 20 81 E5 58 20 9F E5 00 10 92 E5 01 10 81 E3 00 10 82 E5 4C 00 9F E5 4C 10 9F E5 4C 30 9F E5 03 00 51 E1 04 20 90 34 04 20 81 34 FB FF FF 3A 3C 10 9F E5 00 20 A0 E3 01 00 53 E1 04 20 83 34 FC FF FF 3A 7B 00 00 EA 00 00 41 C0 2D 00 80 FF 30 33 33 03 00 00 20 C0 08 00 40 C0 05 00 43 00 00 31 24 C0 10 20 24 C0 08 EB BB FF 00 19 00 00 04 DF 00 00 18 CA 13 00 00 D0 9F E5 2F 64 09 EA 00 10 00 40 F0 40 2D E9 00 E0 92 E5 00 40 93 E5 00 E0 8E E0 01 60 4E E2 01 E0 A0 E1 00 C0 A0 E1 01 70 84 E0 09 00 00 EA 01 50 DC E5 00 40 DC E5 00 00 55 E3 0D 00 00 1A 00 00 54 E3 06 00 00 0A 80 00 14 E3 09 00 00 1A 02 C0 8C E2 01 40 CE E4 06 00 5C E1 07 00 5E 31 F2 FF FF 3A 00 00 4C E0 00 00 82 E5 01 00 4E E0 00 00 83 E5 F0 80 BD E8 00 00 4C E0 00 00 82 E5 01 00 4E E0 00 00 83 E5 2F 00 E0 E3 F0 80 BD E8 F0 41 2D E9 00 E0 92 E5 00 40 93 E5 00 60 8E E0 01 40 84 E0 01 70 44 E2 01 E0 A0 E1 00 80 A0 E3 00 C0 A0 E1 0D 00 00 EA 00 40 DC E5 00 00 54 E3 0D 00 00 0A 80 00 14 E3 01 40 CE 04 01 80 CE 04 05 00 00 0A 00 00 4C E0 00 00 82 E5 01 00 4E E0 00 00 83 E5 2F 00 E0 E3 F0 81 BD E8 01 C0 8C E2 06 00 5C E1 07 00 5E 31 EE FF FF 3A 00 00 4C E0 00 00 82 E5 01 00 4E E0 00 00 83 E5 00 00 92 E5 F0 81 BD E8 BC FF FF EA BB FF FF EA 70 40 2D E9 00 C0 92 E5 00 40 A0 E1 00 50 8C E0 00 C0 93 E5 01 60 8C E0 0B 00 00 EA 00 C0 D0 E5 00 00 5C E3 0B 00 00 0A 80 00 1C E3 01 C0 C1 04 04 00 00 0A 04 00 40 E0 00 00 82 E5 00 00 83 E5 2F 00 E0 E3 70 80 BD E8 01 00 80 E2 05 00 50 E1 06 00 51 31 F0 FF FF 3A 04 00 40 E0 00 00 82 E5 00 00 83 E5 00 00 92 E5 70 80 BD E8 10 40 2D E9 00 40 A0 E1 24 00 9F E5 94 0F 00 EB 04 10 A0 E1 10 40 BD E8 7F 15 00 EA 10 10 9F E5 00 00 81 E5 1E FF 2F E1 04 00 9F E5 00 00 90 E5 1E FF 2F E1 00 19 00 00 0C 04 9F E5 00 10 A0 E3 08 34 9F E5 03 00 50 E1 04 20 90 34 04 20 81 34 FB FF FF 3A F8 03 9F E5 4B 1E A0 E3 F4 33 9F E5 03 00 50 E1 04 20 90 34 04 20 81 34 FB FF FF 3A D2 00 A0 E3 00 F0 2F E1 01 DA A0 E3 D3 00 A0 E3 00 F0 2F E1 01 DA A0 E3 14 00 9F E5 C8 23 9F E5 01 3A A0 E3 03 00 50 E1 04 20 80 34 FC FF FF 3A 6D 03 00 EB C4 06 00 00 70 06 00 00 74 06 00 00 00 00 A0 E1 14 F0 9F E5 14 F0 9F E5 14 F0 9F E5 14 F0 9F E5 00 00 A0 E1 10 F0 9F E5 10 F0 9F E5 18 06 81 FF 88 06 81 FF 2C 06 81 FF 44 06 81 FF B0 04 00 00 8C 06 81 FF 04 E0 4E E2 1F 50 2D E9 00 00 4F E1 04 00 2D E5 F8 01 9F E5 00 00 5D E1 C0 F1 9F 35 93 00 A0 E3 00 F0 2F E1 94 11 9F E5 00 00 51 E3 01 10 81 E2 88 11 8F E5 08 E0 2D 15 07 00 00 1A 84 D1 8F E5 C0 D1 9F E5 A4 01 9F E5 01 10 A0 E3 00 10 80 E5 08 E0 2D E5 0F E0 A0 E1 94 F1 9F E5 9C 01 9F E5 00 40 90 E5 58 41 8F E5 64 11 9F E5 00 10 91 E5 00 00 51 E3 24 01 A0 11 0F E0 A0 11 01 F0 A0 11 70 11 9F E5 04 10 81 E0 00 10 91 E5 00 00 51 E3 03 00 00 1A 24 01 A0 E1 0F E0 A0 E1 44 F1 9F E5 07 00 00 EA 50 21 9F E5 04 20 82 E0 00 00 92 E5 0F E0 A0 E1 01 F0 A0 E1 00 10 0F E1 80 10 81 E3 01 F0 2F E1 0C 11 9F E5 00 10 91 E5 00 00 51 E3 24 01 A0 11 0F E0 A0 11 01 F0 A0 11 24 41 A0 E1 1C 01 9F E5 00 40 80 E5 D0 10 9F E5 01 10 41 E2 C8 10 8F E5 00 00 51 E3 08 E0 9D 14 2A 00 00 1A E8 20 9F E5 00 30 A0 E3 00 30 82 E5 B8 00 8F E2 00 10 A0 E3 00 10 80 E5 B0 10 8F E2 00 20 A0 E3 0F E0 A0 E1 C0 F0 9F E5 08 E0 9D E4 94 D0 9F E5 94 40 9F E5 00 00 54 E3 1B 00 00 0A 98 30 9F E5 00 30 93 E5 00 00 53 E3 05 00 00 0A 04 00 A0 E1 78 20 9F E5 08 E0 2D E5 0F E0 A0 E1 03 F0 A0 E1 08 E0 9D E4 92 20 A0 E3 02 F0 2F E1 0D 10 A0 E1 94 D0 9F E5 93 20 A0 E3 02 F0 2F E1 1C 20 91 E5 04 20 2D E5 18 C0 91 E5 E0 5F 2D E9 E0 07 91 E8 E0 07 2D E9 34 10 9F E5 00 D0 81 E5 00 D0 94 E5 01 00 BD E8 00 F0 6F E1 FF DF FD E8 92 00 A0 E3 00 F0 2F E1 01 00 BD E8 00 F0 6F E1 1F 90 FD E8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 19 00 00 44 19 00 00 38 19 00 00 44 0B 81 FF

I guess the operative, being:

Code: [Select]

gaonisoy/67 61 6F 6E 69 73 6F 79

Looks like close to the start of the dump, based upon padding beforehand:

Code: [Select]

FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

Where to next?

z

Logged

whim

2036
A495/590/620/630 ixus70/115/220/230/300/870 S95

Re: Dumping IXUS 120 IS. Almost, but not quite! Need some assistance.

« Reply #18 on: 06 / October / 2009, 06:14:38 »

@zebra

nice, congrats !

however:

Quote

heavily compressed bzip2 with -9 compression

unless bzip2 now supports LZMA compression, i suggest you try 7zip http://sourceforge.net/projects/p7zip/files/
nothing beats LZMA

cheers,

wim

Logged

*Wikia FAQ *GCC Compiler Shell for Windows

zebra

Re: Dumping IXUS 120 IS. Almost, but not quite! Need some assistance.

« Reply #19 on: 06 / October / 2009, 06:18:31 »

Quote from: whim on 06 / October / 2009, 06:14:38

@zebra

nice, congrats !

however:
Quote
heavily compressed bzip2 with -9 compression
unless bzip2 now supports LZMA compression, i suggest you try 7zip http://sourceforge.net/projects/p7zip/files/
nothing beats LZMA

Agreed, actually - and uses less CPU time per compression instruction than bzip2.

Logged