Help about dump EOS 450D fireware,THANKS. - DSLR Hack development - CHDK Forum

Help about dump EOS 450D fireware,THANKS.

  • 5 Replies
  • 26641 Views
Help about dump EOS 450D fireware,THANKS.
« on: 26 / March / 2010, 12:21:12 »
Advertisements
I use following code to dump 450D 1.0.9 firmware ,but it now worked.Can somebody give me some advice? thanks.

I load flasher of firmware to ida ,and see the pointer address is not a function entry. Can the code really run right?

ROM:00916964                 BEQ     loc_916950
ROM:00916968                 MOV     R0, R5
ROM:0091696C                 BL      sub_974A50
ROM:00916970                 LDR     R3, [R6]
ROM:00916974                 MOV     R0, R4

?????so sad.... :'(

---------
//      canon 450d fw 1.0.9
//--------------------------------------
#define FW_ADDRESS      0xFF800000
#define FW_SIZE         0x800000

#define LEDBLUE         0xC02200E8
#define O_WRONLY        1


typedef int (*ft_open)(const char *name, int flags, int mode);
typedef int (*ft_close)(int fd);
typedef int (*ft_write)(int fd, void *buffer, long nbytes);
typedef int (*ft_creat)(char *nm,int flg);
typedef int (*ft_shdn)(void);


int main()
{

        ft_open open;
        ft_creat create;
        ft_write write;
        ft_close close;
      ft_shdn   shdn;
        int f = 0;


//   0x00807128 - tUpdMgr

        open    = (ft_open)     0x00916964;
        create    = (ft_creat)    0x00916a30;
        write   = (ft_write)    0x00916d28;
        close   = (ft_close)    0x00916de0;
      shdn   = (ft_shdn)   0x00807874;



   f = open("A:", 1, 0644);
   close(f);
   if (f>=0) {
      //create on A:
      f = create( "A:/DUMPA.DMP", O_WRONLY );
      if ( f>=0 ) {
                   write(f, (void*)FW_ADDRESS, FW_SIZE);
                   close(f);
               shdn();
      }

   }else{
      f = open("B:", 1, 0644);
      close(f);
      if (f>=0) {
         //create on B:
         f = create( "B:/DUMPB.DMP", O_WRONLY );
         if ( f>=0 ) {
                      write(f, (void*)FW_ADDRESS, FW_SIZE);
                      close(f);
                  shdn();
         }
      }
      
   }



   *((int *)LEDBLUE) = 0x46; //ON
   while(1){};


   return 0;
}

*

Offline Ant

  • *****
  • 509
Re: Help about dump EOS 450D fireware,THANKS.
« Reply #1 on: 13 / April / 2010, 06:06:19 »
Here you can find my dumper for 450D, which was tested with FW v.1.0.9.
It works as a task under main FW and uses fileIO functions from it.

To create RAM, ROM, stdout dumps and system log you need run firmware update and wait until blue led will be turned on and SD writing operations will complete(~20 seconds).
« Last Edit: 13 / April / 2010, 06:41:14 by Ant »

*

Offline Ant

  • *****
  • 509
Re: Help about dump EOS 450D fireware,THANKS.
« Reply #2 on: 14 / April / 2010, 16:26:53 »
« Last Edit: 21 / December / 2010, 14:01:35 by Ant »

Re: Help about dump EOS 450D fireware,THANKS.
« Reply #3 on: 15 / April / 2010, 08:47:56 »
Thank you so much!!

Re: Help about dump EOS 450D fireware,THANKS.
« Reply #4 on: 17 / April / 2010, 08:46:58 »
HI, use "EnableBootDisk" will enable bootdisk on 450d,i think it also work on 40d :)

but,450d arch is different with 400d , so autoexec.bin will  be different....

Re: Help about dump EOS 450D fireware,THANKS.
« Reply #5 on: 16 / April / 2012, 20:37:46 »
The link for the two files above are no longer available. if anyone who has a copy can reattach them i'd love to have a look over them

thanks

 

Related Topics


SimplePortal © 2008-2014, SimplePortal