Surely firmware damage can't be permanent - General Discussion and Assistance - CHDK Forum

Surely firmware damage can't be permanent

  • 2 Replies
  • 2219 Views
Surely firmware damage can't be permanent
« on: 03 / August / 2010, 20:25:33 »
Advertisements
You know how you say there are some event procedures (EraseSectorOfRom comes to mind) that can brick the camera? Well as long as the hardware isn't damaged, is it really permanent? I remember reading about a ROMWRITE.BIN file. If a firmware dump is put there, couldn't that be used to fix the firmware? Or is ROMWRITE.BIN handled by the firmware? If all else fails, couldn't you open up the camera, remove the ROM chip from its slot, and put it into some kind of programmer? (assuming you have the tools, knowledge, and patience required to do so.) Maybe there's some place you can put a jumper (or even a button inside the camera) where a backup firmware stored on a read-only chip can be transferred?

BTW, in case you're wondering, my camera is not bricked.

*

Offline RaduP

  • *****
  • 908
Re: Surely firmware damage can't be permanent
« Reply #1 on: 03 / August / 2010, 22:42:18 »
Well, not sure if the camera can be unbricked by software if the firmware is damaged. If the routine that loads the romwrite file is in the flash and gets overwritten, or if the code that activates it gets overwritten, then it is useless. I am sure they can be unbricked through JTAG or something, but:
1. It probably requires a lot of effort.
2. You need some hardware to do it.
3. You must find the JTAG ports on the PCB, which is not going to be easy with BGA chips.

*

Offline reyalp

  • ******
  • 13391
Re: Surely firmware damage can't be permanent
« Reply #2 on: 04 / August / 2010, 17:54:49 »
You know how you say there are some event procedures (EraseSectorOfRom comes to mind) that can brick the camera? Well as long as the hardware isn't damaged, is it really permanent?
Yes, of course.

When the CPU boots, it starts executing at FFFF0000, which is in ROM. If that isn't valid code, game over.

The code around FFFF0000 is not part of the main canon firmware, it's referred to as the "Rom starter." The ROM starter has the capability to load DISKBOOT.BIN and a couple other files. However, this is not the code that normally loads CHDK DISKBOOT.BIN (which is in the firmware proper). It's not clear to me when this would be invoked. It looks like one condition is if the first instruction of the normal firmware (FFC00000 or FF810000) is wrong. It does not checksum the whole firmware or anything like that. Another condition appears to be "UART loopback switch", which might be available with doable hardware hacking.
Quote
couldn't you open up the camera, remove the ROM chip from its slot, and put it into some kind of programmer?
The internal flash chip is part of the Digic package (on Digic III/IV at least) Removing and reprogramming it without destroying the chip would require lab equipment worth several orders magnitude more than the most expensive CHDK camera.

Don't forget what the H stands for.

 

Related Topics