Kodak Zi8 full HD firmware tear down - Non-CANON cameras development - CHDK Forum

Kodak Zi8 full HD firmware tear down

  • 3 Replies
  • 5971 Views
Kodak Zi8 full HD firmware tear down
« on: 25 / April / 2010, 03:49:18 »
Advertisements
Can anyone here give me a little hint in decompiling the Kodak Zi8 firmware?
I have its firmware file and have seen it in hex editor but am unable to understand how to successfully read the contents inside the firmware.

I uploaded the firmware to
http://hotfile.com/dl/39697220/048e68d/Zi8_106.fw.html

Please help me in decrypting/decompiling the firmware. I want to add some functionality presently locked in the current firmware.

http://hackmyzi8.blogspot.com/

*

Offline mx3

  • ****
  • 372
Re: Kodak Zi8 full HD firmware tear down
« Reply #1 on: 25 / April / 2010, 08:03:30 »
I think attached file will help you alitle.
skype: max_dtc. ICQ: 125985663, email: win.drivers(at)gmail, eVB decompiler

Re: Kodak Zi8 full HD firmware tear down
« Reply #2 on: 25 / April / 2010, 08:55:09 »
Thanks for quick reply bro
But I am new to the scene can you please explain the working of the tool.
When I ran the tool over the firmware file it returned the following output.

Code: [Select]
00AE7000 - file size
blk# offset + blksize = endofblk  CRC?   flags     date    blksize  physAddr flags   modelID?
01 - 00000800+000007B8=000010B8 9B672C39 00010003 07D90A0F 000007B8 00000000 00000001 A324EB90
02 - skiping block due to zero in first DWORD (alligment zero data?)
03 - 00001800+00025094=00026994 2E772BF4 00010003 07D90A0F 00025094 C0000000 00000000 A324EB90
04 - skiping block due to zero in first DWORD (alligment zero data?)
05 - null offset
06 - null offset
07 - 00027000+00450F04=00478004 885D5D77 00000001 07D90A0F 00450F04 C0100000 00000000 A324EB90
08 - skiping block due to zero in first DWORD (alligment zero data?)
09 - null offset
0a - null offset
0b - null offset
0c - null offset

Can you please explain a bit about the tool and the output.
Thanks

*

Offline mx3

  • ****
  • 372
Re: Kodak Zi8 full HD firmware tear down
« Reply #3 on: 25 / April / 2010, 12:41:07 »
1) it is evident firmware file have block structure. aiptek_dissect_v5v is a tool to check whether we guessed structure of file correctly. this tool neither is complete nor accurate. you can change and recompile tool.
2) when every fourth byte in a file is 0xE# you can assume you have ARM code.
3) when you see 8 jumps at the begining of code you can assume it is vector table. it can be either at 0x00000000 or 0xFFFF0000 address.
4) when you have several code parts in fw file each with own vector table you can assume they are independent of each other.

PS: did you see appearence of new folder "Zi8_106.fw.dissected" ?
skype: max_dtc. ICQ: 125985663, email: win.drivers(at)gmail, eVB decompiler

 

Related Topics


SimplePortal © 2008-2014, SimplePortal