port for A3300IS / what reference port to use?

  • 288 Replies
  • 23692 Views
*

Offline reyalp

  • ******
  • 10055
Re: port for A3300IS / what reference port to use?
« Reply #10 on: 24 / December / 2011, 17:14:02 »
Advertisements
As I said earlier, you should try turning on/blinking an LED in loader/<camera>/entry.S or main.c. There is a commented example of this in the D10 entry.S.

If you haven't found an LED address, you should find one. You can do this by analyzing the firmware or brute force search, but just trying addresses used by other recent firmware is probably good enough. If you aren't sure your diskboot is loading, you can try poking the LED addresses in a canon basic script. See http://chdk.wikia.com/wiki/Canon_Basic

You can probably leave out the "turn off SD card" stuff. It may not be needed and in any case if you just copied the MMIO address will likely be wrong anyway. Poking random MMIOs could cause problems, so it's better to leave it out unless you verify that you need it and find the correct address.

A3300 appears to use the dancingbits 6 encoding, like other dryos R47 cams (based on the function at FFA0BE44, found by the string "not executable")
edit: address is from 100d, other firmwares may vary slightly.

If you build generate stubs_entry.S (this is optional in the build, but required for a new port) the sig finder will put a lot of useful information in comments there. In chdkshell, this is turned on in compile options under OPT_GEN_STUBS. You also need the firmware dump either in the platform/sub directory, or located by PRIMARY_ROOT.

This will find many of the addresses and constants for you. The resulting addresses should be verified by analyzing the disassembled firmware dump. Anything that isn't found by the sig finder needs to be found manually. If you cannot do this, you cannot make a port.
« Last Edit: 24 / December / 2011, 17:15:45 by reyalp »
Don't forget what the H stands for.

Re: port for A3300IS / what reference port to use?
« Reply #11 on: 24 / December / 2011, 17:41:00 »
Ok, I will start fresh and try the blinking led , i found the led addreses, but wasnt sure which it was, aLeddrv_c and aLedcon and aLeddrive  wasnt exactly sure which was the right one. I am starting to wonder if I dissasembled with the wrong startrom address, cause the a3000 was FFC0  the a3300d was dumped at FF81 and all I was reading on CHDK was it should be FFC0, but the a3300 100a dump had no dump info teling me, the a3300 100d did have info. so I am wondering if I should try to get a dump from my cam just to make sure???

Re: port for A3300IS / what reference port to use?
« Reply #12 on: 24 / December / 2011, 17:47:17 »
By the way, how do you know about the dancingbit being 6, i used ida on that 100d dump and went that address and didnt see anything in there about it, is there another script i need to run in ida to find stuff like that? I just use the 2 they show you on the dumping firmware page.

*

Offline reyalp

  • ******
  • 10055
Re: port for A3300IS / what reference port to use?
« Reply #13 on: 24 / December / 2011, 17:48:51 »
A3300 starts at FF810000.

This was dumped with the CBasic dumper, which detects the size/start, there's no reason to guess.
Don't forget what the H stands for.


*

Offline reyalp

  • ******
  • 10055
Re: port for A3300IS / what reference port to use?
« Reply #14 on: 24 / December / 2011, 17:52:18 »
By the way, how do you know about the dancingbit being 6, i used ida on that 100d dump and went that address and didnt see anything in there about it, is there another script i need to run in ida to find stuff like that? I just use the 2 they show you on the dumping firmware page.
You need to understand the disassembler. If you search for the string "not executable", you will find a function that references it. A little bit before that string is referenced, is a function that loads and decodes the diskboot.bin. That calls a function which refers to the address I mentioned.
Don't forget what the H stands for.

Re: port for A3300IS / what reference port to use?
« Reply #15 on: 24 / December / 2011, 18:25:31 »
A3300 starts at FF810000.

This was dumped with the CBasic dumper, which detects the size/start, there's no reason to guess.
cool thanks, i have 100a firmware in my cam, so i grabbed the 100a dump online just wasnt sure since no info.txt came with it and according to the ida guide page a version cams were FFC, but that guide is old so i guess that has changed since then, I only found out that the a3300 100d was  FF81 today when i grabbed that firmware, it did catch my attention that the 100a was wrong, glad you clarified that for me, thanks 8], I have looked at the diskboot.bin before in the dump, just obviously dont understand it fully like u said so saw nothing about the diskboot code. thanks again.

Re: port for A3300IS / what reference port to use?
« Reply #16 on: 24 / December / 2011, 19:29:18 »
Do you know what the starting ram address would be for IDA, or do i not need to worry bout that for now?

*

Offline reyalp

  • ******
  • 10055
Re: port for A3300IS / what reference port to use?
« Reply #17 on: 24 / December / 2011, 20:05:53 »
Do you know what the starting ram address would be for IDA, or do i not need to worry bout that for now?
You can leave "create ram section" unchecked, the dump only includes ROM.

Ram starts at 0, if you do want to do something with that. If you generate stubs_entry.S, it will tell you the ram size
Don't forget what the H stands for.


Re: port for A3300IS / what reference port to use?
« Reply #18 on: 24 / December / 2011, 20:15:24 »
Do you know what the starting ram address would be for IDA, or do i not need to worry bout that for now?
You can leave "create ram section" unchecked, the dump only includes ROM.

Ram starts at 0, if you do want to do something with that. If you generate stubs_entry.S, it will tell you the ram size

ok, cool, wasnt sure since that guide on chdk is old wasnt sure if there was a reason these days to do it, thanks.

Re: port for A3300IS / what reference port to use?
« Reply #19 on: 28 / December / 2011, 14:21:16 »
Hey, was wondering if I am doing something wrong, I am trying to get my own dump from my a3300is, I cant get any of the dumpers to work, maybe I am adding the wrong scripts, I read there has to be extend.m and script.req, maybe I am misunderstanding what code in what script, I also tried the EOScard utilty to add the SCRIPT string to 1F0 address, also confirmed it with the hex editor, not sure if I am suppose to make it bootable or not for dumping, but tried both, I just cant get anything to happen, could my cam be unhackable or something? I got frustrated when I could not get no leds or anything to work on my cam while trying to port it, so I figured maybe the dump I got online was bad or wrong, I have a 100a version firmware, there is a 100d firmware online that looks like the real deal, but the 100a I am not sure is the real one, especially since my cam is not able to do anything while trying to port, I just want to see if I can even just dump my own firmware to make sure its right????

 

Related Topics