Code: [Select] (e8kr7108.fir) ---flasher1--- 0x000: modelId = 0x80000270, (550D/T2i, DryOS) 0x010: version = 1.0.8 0x020: cheksum = 0xb783b90c OK 0x024: flasher1 header start = 0xb0 0x028: flasher1 payload start = 0x120 0x02c: flasher2 start = 0xffffffff 0x030: firmware start = 0x1beb40 0x034: 0xffffffff 0x038: file size = 0x918b9c (9.538.460 bytes) OK 0x03c: 0x0 0x040: xor seed = 0x76293ff4 0x044: 0x00000004 0x00000000 0x00000020 0x00000024 0x054: 0x00000044 0x000000b0 0x05c: fw start-0xb0 ??? 0x1bea90 0x060: firmware start = 0x1beb40 0x064: firmware length = 0x75a05c 0x068: hmac-sha1 = 029090f19224f258cfdfe4d61c4f73c0af0def7c 0x088: hmac-sha1 = 7698c8436744945e762bcf0a96935c17e973636f 0x09c - 0x0af: 0x0 ---flasher1 header--- 0x0b0: flasher1 payload length = 0x1bea20 starts at 0x120 0x0b4: flasher1 ??? = 0x1bea20 0x0b8: 0x0 0x0bc: xor seed = 0x87353d20 ---flasher1 payload--- 0x120 - 0x1beb3f: (ciphered data) ---firmware--- 0x1beb40: (+0x000), firmware header start = 0xc 0x1beb44: (+0x004), firmware payload start = 0x7c 0x1beb48: (+0x008), total firmware length = 0x75a05c. starts at 0x1beb40 ---firmware header--- 0x1beb4c: (+0x00c), firmware payload length = 0x759fe0 0x1beb50: (+0x010), firmware ??? = 0x759fda 0x1beb54: (+0x014), 0x0 ---firmware payload--- 0x1bebbc (+0x07c) - 0x918b9b: (encrypted data)
(e8kr7108.fir) ---flasher1--- 0x000: modelId = 0x80000270, (550D/T2i, DryOS) 0x010: version = 1.0.8 0x020: cheksum = 0xb783b90c OK 0x024: flasher1 header start = 0xb0 0x028: flasher1 payload start = 0x120 0x02c: flasher2 start = 0xffffffff 0x030: firmware start = 0x1beb40 0x034: 0xffffffff 0x038: file size = 0x918b9c (9.538.460 bytes) OK 0x03c: 0x0 0x040: xor seed = 0x76293ff4 0x044: 0x00000004 0x00000000 0x00000020 0x00000024 0x054: 0x00000044 0x000000b0 0x05c: fw start-0xb0 ??? 0x1bea90 0x060: firmware start = 0x1beb40 0x064: firmware length = 0x75a05c 0x068: hmac-sha1 = 029090f19224f258cfdfe4d61c4f73c0af0def7c 0x088: hmac-sha1 = 7698c8436744945e762bcf0a96935c17e973636f 0x09c - 0x0af: 0x0 ---flasher1 header--- 0x0b0: flasher1 payload length = 0x1bea20 starts at 0x120 0x0b4: flasher1 ??? = 0x1bea20 0x0b8: 0x0 0x0bc: xor seed = 0x87353d20 ---flasher1 payload--- 0x120 - 0x1beb3f: (ciphered data) ---firmware--- 0x1beb40: (+0x000), firmware header start = 0xc 0x1beb44: (+0x004), firmware payload start = 0x7c 0x1beb48: (+0x008), total firmware length = 0x75a05c. starts at 0x1beb40 ---firmware header--- 0x1beb4c: (+0x00c), firmware payload length = 0x759fe0 0x1beb50: (+0x010), firmware ??? = 0x759fda 0x1beb54: (+0x014), 0x0 ---firmware payload--- 0x1bebbc (+0x07c) - 0x918b9b: (encrypted data)
ROM:FF406BA0 CMP R0, #0ROM:FF406BA4 BNE loc_FF406BB0 <-- what about a patch to B here ?ROM:FF406BA8 BL StartMnLanguageJapanApp ; Japan/English menu onlyROM:FF406BAC B loc_FF406D74ROM:FF406BB0 ; ---------------------------------------------------------------------------ROM:FF406BB0ROM:FF406BB0 loc_FF406BB0 ; CODE XREF: MnStartApp_StartSubMenu+22CjROM:FF406BB0 BL StartMnLanguageApp ; all languageROM:FF406BB4 B loc_FF406D74
Started by vibes35 CHDK Releases
Started by lorenzo353 DSLR Hack development
Started by arm.indiana « 1 2 » DSLR Hack development
Started by arm.indiana DSLR Hack development
Started by Zibri DSLR Hack development