Noob trying to dump 500D/T1i, need some input...

hudson

43

Re: Noob trying to dump 500D/T1i, need some input...

« Reply #10 on: 08 / October / 2009, 09:09:26 »

Advertisements

The device ID was determined through trial and error. Based on the other devices, I figured it was in the 0x800002xx range, so I built 256 firmware images and tried them in order. Most of them generate an error screen with a black background, but 0x80000250 has the orange box shown above. I confirmed the same behaviour on the 5D -- invalid ids have the black error, while valid ids with corrupt firmware has the orange box.

My 5D autoboots, but the 7D does not. I don't believe that I've ever set the autoboot flag, but it seems to be working anyway.

To test the firmware update I build a dummy firmware with an infinite loop for the first instruction. Once I know that that part of the code is running (by the fact that the camera hangs), I move the loop a little further down. You should download the Magic Lantern code and can build your own .fir files with it. reboot.c is where the code starts, with the inline assembly in the first bit of the file.

Logged

anwe79

16

Re: Noob trying to dump 500D/T1i, need some input...

« Reply #11 on: 10 / October / 2009, 18:51:19 »

Thanks, as soon as I get a cross toolchain working I'll try and make some dummy .firs to find the correct ID.

I've tried using crosstools-ng, but I'm missing headers so things won't compile. I probably did something wrong or neglected to export some path, but right now I can't figure out how to fix it. I'm trying a package from embdev.net next. If that doesn't work I might need to get my hand's dirty and roll my own...

PS USB-snooping via QEMU didn't work well, apparently it's not really stable yet for highspeed USB stuff. It crashes EOS utility and gave me a couple of bluescreens. Native gphoto2 worked ok though.

/Andreas

Logged

lorenzo353

39

Re: Noob trying to dump 500D/T1i, need some input...

« Reply #12 on: 19 / October / 2009, 14:11:49 »

to find a model id for a given Camera model, just look inside a RAW file or unedited jpeg file produced by this camera, and look the "modelid" exif tag:
http://www.sno.phy.queensu.ca/~phil/exiftool/TagNames/Canon.html#CanonModelID
to do that, you can use ExifTool (http://www.sno.phy.queensu.ca/~phil/exiftool) or PhotoME (http://www.photome.de/)

yes, 7d modelid is 0x80000250, 500D is 0x80000252

Lorenzo

Logged

anwe79

16

Re: Noob trying to dump 500D/T1i, need some input...

« Reply #13 on: 21 / October / 2009, 14:43:06 »

Thanks! Confirmed, the id is 0x80000252 for the 500D. There really is alot of information in the exif-tags.

I really haven't gotten much further, although I have what seems to be a working crosscompiler now ("hello world" works). I tried compiling Magic Lantern, but it doesn't work all the way through. Right now i'm sick so haven't got any energy to fiddle around with the code/build, but when I get better I'll try it again.

Hmm... A little thought has crept into my mind. If you can get some of the exif info through system calls (as i assume), you could possibly calculate (or through tables of known lenses) and auto adjust a motorized pano-rig for no-parallax. That would be cool, but quite some work to realize...

Other stuff i'd like to try my hand at would be an extended AEB-mode, some fiddling with video modes, fps and possibly cropping the sensor for lower bandwith needs. All very, very remote targets right now, but I can dream can't i?

/Andreas

Logged

Kenjee

1

Re: Noob trying to dump 500D/T1i, need some input...

« Reply #14 on: 29 / October / 2009, 13:31:06 »

anwe79, Although I can`t directly help you (I`m no programer) I just wana say that I`m glad that someone put effort in 500D/T1i firmware.

Only thing I can do is pass some ideas.

Because 500D and 5d mkII shares many things, and if you successfuly Dump 500d firmware, is there a possibilty to analize difference on 5dmkII 1.0.7 and 1.1.0 firmware? That difference could lead to manual controls registar.

I hope that you`re well now and I`m eagerly waiting any post.
Keep Up!!!

Logged

forgety

1

Re: Noob trying to dump 500D/T1i, need some input...

« Reply #15 on: 03 / November / 2009, 09:19:11 »

Quote from: Kenjee on 29 / October / 2009, 13:31:06

anwe79, Although I can`t directly help you (I`m no programer) I just wana say that I`m glad that someone put effort in 500D/T1i firmware.

I hope that you`re well now and I`m eagerly waiting any post.
Keep Up!!!

I just know this website from one of my frinds today. It's great to see that someone is working on dumping 500D firmware! Good luck!

Logged

anwe79

16

Re: Noob trying to dump 500D/T1i, need some input...

« Reply #16 on: 10 / November / 2009, 15:05:32 »

Thanks for the encouragement!
I've been busy with "real life" since my last post, but I will try to get my hands dirty again some time this or next week. I first need to confirm that my crosscompiler is sound (i think so), then i need to figure out how to build a firmware image/loader that a) will be accepted by the camera and b) will not brick the camera. And finally I'll need to muster up enough courage to actually load the thing

.

/Andreas

Logged

Oslec

3

Re: Noob trying to dump 500D/T1i, need some input...

« Reply #17 on: 24 / February / 2010, 23:21:43 »

where are you Andreas?

did you got some progress?

Logged

anwe79

16

Re: Noob trying to dump 500D/T1i, need some input...

« Reply #18 on: 24 / April / 2010, 03:14:35 »

I'm currently in Australia backpacking

.

Have been out of touch with this for some time now, but I see there is an official update out now. Just catching up now and reading on cinema5d.com and ML mailing list.

Maybe just maybe, if i have time and energy i will try to make some progress with ML and 500d. But thats a big maybe, as i didn't get anywhere last time, i would not recommend you to hold your breath... I'm as already stated not experienced with low level hacking, so it might take a very long time to get anywhere.

/Andreas

Logged

lorenzo353

39

Re: Noob trying to dump 500D/T1i, need some input...

« Reply #19 on: 06 / May / 2010, 10:51:58 »

already done
http://magiclantern.wikia.com/wiki/500D

see also the stub file for the FIO* functions addresses

Lorenzo

Logged

Subject / Started by	Replies	Last post
cancelling bug report until I get some further input Started by cybercom General Help and Assistance on using CHDK stable releases	0 Replies 2427 Views	by cybercom
CHDK for T1i / 500D? Started by TheNewDeal « 1 2 » DSLR Hack development	17 Replies 27971 Views	by PresortedPostagePaid
Trying to Dump A1100 IS Started by ibo Firmware Dumping	4 Replies 5119 Views	by Malo
500D/T1i/Kiss X3 firmware hack suggestions Started by Raito DSLR Hack development	4 Replies 16073 Views	by tcc
disable write protection detection for Canon EOS Rebel T1i / 500D Started by koy1 DSLR Hack development	2 Replies 10096 Views	by philmoz