Wikia

CHDK Wiki

Firmware Dumping

Talk4
575pages on
this wiki
Revision as of 18:51, February 1, 2014 by Waterwingz (Talk | contribs)


Attention

IMPORTANT: The content of this page is outdated. If you have checked or updated this page and found the content to be suitable, please remove this notice.

Notice

This page describes a very old and very difficult way to obtain a firmware dump. More recent information can be found here : http://chdk.wikia.com/wiki/Obtaining_a_firmware_dump .


Please note this page is a work in progress, it is based primarily around my experience dumping the firmware for the S5IS and as a result is primarily geared towards DryOS.

Universal dumper

Download cardtricks and use the universal dumper option. If it works, this is by far the easiest method.

Blinking/Hardware Method

Firmwares dumped using this method
A610, A700, A540, G7, SD630, A570IS, SD300, SD500, A560, SD1000, S5IS, A720

Requirements
You will need the following;

  • The LED Cycling code [1]
  • The generic blinker sources (blinker for Soundcard, blink_g7 for Serial Port) [2]

If your camera lacks the "Firm Update" menu you will also need;

  • HDHacker software (for Windows) [3] or on a *nix System use dd
  • A Hex Editor [4]
  • The pre_blinker files [5]

Determine a Bootable filename

NOTE: This is only required for cameras without the "Firm Update" menu option.
  1. Make your SD card bootable as detailed in Bootable SD card
  2. Extract the files from pre_blinker.rar.
  3. Copy one of the *.bin files from pre_blinker.rar to your SD card (diskboot.bin is probably best to start).
  4. Write lock the SD card.
  5. Power the camera up with the card in.
  6. The camera should hang, if not go back to 3 and try the next file, if none of the 3 work you may be out of luck.

Note that in later sections you should substitute "diskboot.bin" with the filename determined here.

Find LED Addresses

NOTE: This is only required when adding a new camera to CHDK, the addresses for cameras already in CHDK are documented.
  1. Duplicate the blinker/fw directory from the blinker sources.
  2. Replace the contents of main.c with the LED Cycling Code.
  3. Build LED Cycling Code.
  4. Time how long it takes for the LED's to start lighting.
  5. Estimate a new interval based on how long it took for all the LED's to light.
  6. Modify the range in the Cycling code.
  7. Go back to 3 and repeat until you have an address for each LED.

Receiver Hardware (soundcard method)

Basic SC Blinker Receiver

Passive Soundcard Firmware Blinking Receiver

SC Blinker Receiver

Active Soundcard Firmware Blinking Receiver

SC Blinker Receiver External Power

Active Soundcard Firmware Blinking Receiver (External Power)

Receiver Hardware (serial port method)

Serial Blinker Receiver

Serial Firmware Blinking Receiver

Blinker Firmware

  1. Modify the following lines in main.c from the generic blinker firmware;
#define LED_AF 0x... <set to the address of the LED you want to use for blinking the firmware (AF is generally best)>
#define LED_PR 0x... <set to the address of the LED you want to use for indication that the camera is not hung>
    1. p=(void*)0x... <set to the firmware start address for your camera, most likely 0xffc00000 or 0xff800000)
  1. Build the new firmware
  2. If your camera is one without the "Firm Update" menu rename "main" to diskboot.bin
  3. Copy PS.FIR and/or diskboot.bin to the root of the SD Card

Dumping the firmware (soundcard method)

  1. Attach your receiver to the camera exposing it to the appropriate LED
  2. Set your recording application up appropriately (using the generic sources 96kHz 8-bit mono)
  3. Start recording
  4. Power on the camera (go to the "Firm Update" menu if necessary to initiate the code)
  5. Wait until the blinker LED stops


Software method

Firmwares dumped using this method
A620, A630, A640, A710, S2IS, S3IS

The method is to make/adapt the WIF loader from original firmware update to similar camera models. As this loader has the functions to work with files, this way allow to just save a dump of original firmware to SD-card. The main problem of using this method is that you have to pass all initialization stages of original firmware in order to be able to write to flash card.

Binary for A610e - NO LONGER AVAILABLE, if somebody has a copy please PM me (intrinsic) on the forum or post it and link it here.
THIS SEEMS TO BE UNAVAILABLE TOO -> Sources for the S2/S3 dumper - http://grandag.nm.ru/hdk/dumper/
OOPS! Page Not Found. But parent site wants to install software on your computer. Possibly a porno site.
TODO: Repackage all necessary sources, etc and make them available in one place, 
or better yet get them into subversion.
  1. http://forums.dpreview.com/forums/read.asp?forum=1010&message=24988142
  2. http://grandag.nm.ru/hdk/blinker/
  3. http://dimio.altervista.org/eng/
  4. http://en.wikipedia.org/wiki/Comparison_of_hex_editors
  5. http://snorkel.rtfm.net.au/~intrinsic/chdk/dumping/pre_blinker.rar

Around Wikia's network

Random Wiki