SD 4000 IS / IXUS 300 HS / IXY 30S porting thread

  • 302 Replies
  • 64578 Views
*

Offline pixeldoc2000

  • ****
  • 355
  • IXUS900Ti 1.00C, IXUS300HS 1.00D
    • pixel::doc homebase
  • Publish
    SD 4000 IS / IXUS 300 HS / IXY 30S porting thread
    « on: 18 / August / 2010, 16:20:58 »
    Advertisements
    Ah, it's time again... (time for my next port) :D

    Please report your Firmware Version with Camera Version or directly from EXIF Data.

    Info
    • Camera: SD4000
    • P-ID: 31F7
    • Firmware Version: 1.00d
    • OS: DRYOS version 2.3, release #0043
    • Port is based on A720 & SD990

    • Rom Start address: 0xFF810000
    • NEED_ENCODED_DISKBOOT=4 (DISKBOOT Encoding)
    • KEYSYS=d4a (Dancing Bits)

    News
    • 18.08.2010 - I've dumped Firmware 1.00d with CBasic Dumper by reyalP
    • 21.08.2010 - CHDK / Camera does start not after flashing LED
    • 24.08.2010 - CHDK / Camera does start without any Task Hooks but does still crash
    • 26.08.2010 - Source is available on github.com
    • 12.09.2010 - Beta v1 is available
    • 20.09.2010 - Beta v2 is available (commit)
    • 20.09.2010 - Beta v3 is available (commit)
    • 02.10.2010 - Beta v4 is available (commit)
    • 06.10.2010 - Beta v5 is available (commit)
    • 30.10.2010 - Beta v6 is available (commit)
    • 18.12.2010 - Beta v7 is available (commit)
    • 30.01.2011 - UART discovered
    • 31.01.2011 - Beta v8 is available (commit)
    • 01.02.2011 - Beta v9 is available (commit)
    • 15.02.2011 - Beta v10 is available (commit)
    • 31.05.2011 - Beta v11 is available (commit)

    Downloads
    • CHDK and CHDK-DE (If you want it to default to English language on CHDK-DE, just delete CHDK/LANG/german.lng) Autobuild.
    • New Download Location (Beta v5 and newer)
    • drop.io/chdk_ixus300_sd4000 SD4000 CHDK Beta v1 - 5 and Dump (NOTE: drop.io has been closed)
    • drop.io/chdkdumps3/asset/ixus300-sd4000-100d-7z

    Source
    GIT Repository: git://github.com/pixeldoc2000/chdk.git
    BRANCH: ixus300_sd4000 and ixus900_sd900 .


    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

    Software or Author are not affiliated in any way with Canon INC.
    Product and Company names mentioned herein may be the trademarks of their respective owners.
    « Last Edit: 07 / August / 2011, 17:20:39 by pixeldoc2000 »

    *

    Offline fe50

    • ******
    • 3034
    • IXUS50 & 860, SX10 Star WARs-Star RAWs
      • fe50
  • Publish
    Re: SD 4000 IS / IXUS 300 HS / IXY 30S porting thread
    « Reply #1 on: 20 / August / 2010, 01:33:56 »
    FW dump also added to the chdkdumps backup repository ([1]).



    *

    Offline pixeldoc2000

    • ****
    • 355
    • IXUS900Ti 1.00C, IXUS300HS 1.00D
      • pixel::doc homebase
  • Publish
    Re: SD 4000 IS / IXUS 300 HS / IXY 30S porting thread
    « Reply #2 on: 20 / August / 2010, 15:03:19 »
    FW dump also added to the chdkdumps backup repository ([1]).
    8)

    Could somebody have a quick peek if this look right for dryos firmware? I've followed http://chdk.wikia.com/wiki/DryOS_Porting#Load_into_IDA_and_Disassemble_code ...

    Code: (asm) [Select]
    ROM:FF810000 ; Input MD5   : 9033C9DB73192E9F7C2902F474138FA5
    ROM:FF810000 ; File Name   : ixus300_sd4000\sub\100d\PRIMARY.BIN
    ROM:FF810000 ; Format      : Binary file
    ROM:FF810000 ; Base Address: 0000h Range: FF810000h - FFFFFFFCh Loaded length: 7EFFFCh
    ROM:FF810000 ; Processor       : ARM
    ROM:FF810000 ; Target assembler: Generic assembler for ARM
    ROM:FF810000 ; Byte sex        : Little endian
    ==========================================================================
    ROM:FF810000 ; Segment type: Pure code
    ROM:FF810000                 AREA ROM, CODE, READWRITE, ALIGN=0
    ROM:FF810000                 ; ORG 0xFF810000
    ROM:FF810000                 CODE32
    ROM:FF810000 ; =============== S U B R O U T I N E =======================================
    ROM:FF810000 ; Called tasks:
    ROM:FF810000 ; Attributes: thunk
    ROM:FF810000 sub_FF810000                    ; CODE XREF: sub_FF83BBFC+D4j
    ROM:FF810000                                         ; sub_FFFF0764:loc_FFFF07E8p
    ROM:FF810000                                         ; DATA XREF: ...
    ROM:FF810000 ; FUNCTION CHUNK AT ROM:FF810354 SIZE 0000006C BYTES
    ROM:FF810000                 B       EntryPoint
    ROM:FF810000 ; ---------------------------------------------------------------------------
    ROM:FF810004 aGaonisoy       DCB "gaonisoy"
    ROM:FF81000C ; ---------------------------------------------------------------------------
    ROM:FF81000C EntryPoint                              ; CODE XREF: sub_FF810000j
    ROM:FF81000C                 LDR     R1, =0xC0410000
    ROM:FF810010                 MOV     R0, #0
    ROM:FF810014                 STR     R0, [R1]
    ROM:FF810018                 MOV     R1, #0x78
    ROM:FF81001C                 MCR     p15, 0, R1,c1,c0
    ROM:FF810020                 MOV     R1, #0
    ...

    I've did the first porting steps...
    I've also tried dancingbit 3 & 4 without much success yet... Camera does not autostart chdk and no firmware upgrade option yet...
    « Last Edit: 20 / August / 2010, 15:11:18 by pixeldoc2000 »

    *

    Offline reyalp

    • ******
    • 9954
  • Publish
    Re: SD 4000 IS / IXUS 300 HS / IXY 30S porting thread
    « Reply #3 on: 20 / August / 2010, 15:53:11 »
    Looks quite normal to me.

    Does diskboot cause the camera to crash, or just not load at all ? If the latter, I'd guess some problem making the disk bootable (checklist: card locked, FAT16, BOOTDISK at offset 64). An incorrect encoding should crash.

    Dancingbits (4) and FI2 key/IV looks the same as A3100 to me.
    Don't forget what the H stands for.


    *

    Offline pixeldoc2000

    • ****
    • 355
    • IXUS900Ti 1.00C, IXUS300HS 1.00D
      • pixel::doc homebase
  • Publish
    Re: SD 4000 IS / IXUS 300 HS / IXY 30S porting thread
    « Reply #4 on: 20 / August / 2010, 21:34:34 »
    Looks quite normal to me.

    Does diskboot cause the camera to crash, or just not load at all ? If the latter, I'd guess some problem making the disk bootable (checklist: card locked, FAT16, BOOTDISK at offset 64). An incorrect encoding should crash.

    Dancingbits (4) and FI2 key/IV looks the same as A3100 to me.
    SD-Card was correctly setup, as i've used it already with my SD900.

    But I didn't know about "FI2 key/IV" DISKBOOT Encoding. After adding
    Code: (c) [Select]
    NEED_ENCODED_DISKBOOT=4to makefile.inc the camera does exacly nothing because it now loads diskboot.bin.
    Now I need to find Led addresses.

    platform\ixus300_sd4000\sub\100d\makefile.inc
    Code: (c) [Select]
    #0x31F7
    PLATFORMID=12791

    PLATFORMOS=dryos

    MEMBASEADDR=0x1900    # address where wif or diskboot code will be loaded by camera, ROM:FF810134
    RESTARTSTART=0x50000   # size of memory region for CHDK
    MEMISOSTART=0x14B394    # ROM:FF81014C
    ROMBASEADDR=0xFF810000    # 0xFF810000 for S-, SD-, and G- series

    PLFLAGS=-DMEMBASEADDR=$(MEMBASEADDR) -DMEMISOSTART=$(MEMISOSTART) -DMEMISOSIZE=$(MEMISOSIZE)
    PLFLAGS+=-DRESTARTSTART=$(RESTARTSTART)

    NEED_ENCODED_DISKBOOT=4    # DISKBOOT (FIR) Encoding
    KEYSYS=d4    # Dancing Bits

    Thanks reyalp!

    *

    Offline reyalp

    • ******
    • 9954
  • Publish
    Re: SD 4000 IS / IXUS 300 HS / IXY 30S porting thread
    « Reply #5 on: 20 / August / 2010, 22:33:25 »
    But I didn't know about "FI2 key/IV" DISKBOOT Encoding. After adding
    Code: (c) [Select]
    NEED_ENCODED_DISKBOOT=4
    to makefile.inc the camera does exacly nothing because it now loads diskboot.bin.
    Oh right, I forgot that. Cameras that use encoded diskboot will load (and crash) files encoded with the wrong dancing bits, but they completely ignore one that isn't encoded at all.

    NEED_ENCODED_DISKBOOT is dancing bits.

    KEYSYS is for fi2.inc, not dancingbits. A new keysys will have to be defined for these generation cameras. I've updated fi2.inc.txt to call it d4a, even though some of the affected cameras are still d3.  :-[
    Don't forget what the H stands for.

    *

    Offline pixeldoc2000

    • ****
    • 355
    • IXUS900Ti 1.00C, IXUS300HS 1.00D
      • pixel::doc homebase
  • Publish
    Re: SD 4000 IS / IXUS 300 HS / IXY 30S porting thread
    « Reply #6 on: 21 / August / 2010, 00:06:10 »
    Oh right, I forgot that. Cameras that use encoded diskboot will load (and crash) files encoded with the wrong dancing bits, but they completely ignore one that isn't encoded at all.

    NEED_ENCODED_DISKBOOT is dancing bits.

    KEYSYS is for fi2.inc, not dancingbits. A new keysys will have to be defined for these generation cameras. I've updated fi2.inc.txt to call it d4a, even though some of the affected cameras are still d3.  :-[
    Okay, i am a bit "confused" after reading a bunch auf posts (http://chdk.setepontos.com/index.php/topic,2995.0.html). I'll have to get the correct keys for fi2.inc. There is much new stuff to learn about dryos...
    There is a lack of documentation about this stuff besides some more or less helpfull posts...

    *

    Offline pixeldoc2000

    • ****
    • 355
    • IXUS900Ti 1.00C, IXUS300HS 1.00D
      • pixel::doc homebase
  • Publish
    Re: SD 4000 IS / IXUS 300 HS / IXY 30S porting thread
    « Reply #7 on: 21 / August / 2010, 01:09:16 »
    GCC Error

    platform/fi2.inc <- added with required keys (FI2IV Key should be correct)
    localbuildconf.inc <- OPT_FI2=1 enabled
    platform/ixus300_sd4000/sub/100d/makefile.inc <- KEYSYS=d4a

    compiler: gcc_env_for_hdk-3.4.6 on window$

    Code: [Select]
    << Leaving loader/ixus300_sd4000
    << Leaving loader
    >> Entering to CHDK
    -> LUALIB/GEN/propset1.lua
    -> LUALIB/GEN/propset2.lua
    -> LUALIB/GEN/propset3.lua
    -> LUALIB/GEN/modelist.lua
    << Leaving CHDK
    -> PS.FI2
    Hex length mismatch in "-iv"!
    gmake: *** [firsub] Error -1
    I don't understand how exacly fi2enc.c (fi2enc.exe) is called from makefile (get_hexstring() does check the key lengh).
    « Last Edit: 21 / August / 2010, 01:23:04 by pixeldoc2000 »


    *

    Offline reyalp

    • ******
    • 9954
  • Publish
    Re: SD 4000 IS / IXUS 300 HS / IXY 30S porting thread
    « Reply #8 on: 21 / August / 2010, 01:39:50 »
    If the error really says "-iv" it looks like the key value is missing.

    e.g
    FI2IV =bob
    > Hex length mismatch in "bob"!

    The FI2 command is in top level makefile:
    $(PAKFI2)  $(topdir)bin/main.bin -p $(PLATFORMID) -key $(FI2KEY) -iv $(FI2IV)  $(topdir)bin/PS.FI2

    so your FI2KEY is empty, and it's trying to use -iv as the key.
    Don't forget what the H stands for.

    *

    Offline pixeldoc2000

    • ****
    • 355
    • IXUS900Ti 1.00C, IXUS300HS 1.00D
      • pixel::doc homebase
  • Publish
    Re: SD 4000 IS / IXUS 300 HS / IXY 30S porting thread
    « Reply #9 on: 21 / August / 2010, 02:18:00 »
    I've found the problem!

    My inline comment after KEYSYS did mess things up...  ???

    platform/ixus300_sd4000/sub/100d/makefile.inc
    Code: (c) [Select]
    NEED_ENCODED_DISKBOOT=4    # Dancing Bits <------------ DOESN'T MATTER
    KEYSYS=d4a    # FIR (requires correct keys in platform/fi2.inc)  <----- DON'T ADD INLINE COMMENT !!!

    this way it work (no suprise):
    Code: (c) [Select]
    # Dancing Bits
    NEED_ENCODED_DISKBOOT=4

    # FIR (requires correct keys in platform/fi2.inc)
    KEYSYS=d4a

    Code: [Select]
    Green Led Address (backside): 0xC0220130 (like SD1400)
    Now the camera does load chdk and flashes the green led on the back  :)

    Thanx reyalp!
    « Last Edit: 21 / August / 2010, 02:38:27 by pixeldoc2000 »

     

    Related Topics