Welcome
Welcome
Blog
Cameras
Hardware
Memory layout
Firmware details
Results
Debug mode
Interpreter
Reversing
Encryption
About Us
Links
Links
Downloads
Blog
 

about this blog

Here you can find latest hack progress reports and other raw information.


tags

recent entries   

Donate for GH1 hack project! 

-April 23, 2010

GH1 firmware update research 

-April 19, 2010

GH1 related 

-April 17, 2010

More info on Panasonic 

-April 14, 2010

Panasonic Cameras 

-April 12, 2010


recent comments

When your supplemental succeeds, you on too. You aren’t in contention with each other to ... 

-October 03, 2019

In some ways, splitting from with a co-conspirator you logical with but aren’t married to ... 

-October 03, 2019

When your share in succeeds, you follow to too. You aren’t in make an analogy ... 

-October 02, 2019

In some ways, splitting from with a doodad you accepted with but aren’t married to ... 

-October 02, 2019

When your party succeeds, you succeed to too. You aren’t in controversy with each other ... 

-October 02, 2019


archive

april 2010

march 2010

september 2009

august 2009



topics

General (13)

Dumping (1)

Disassembling (5)

Features (0)


admin*

AUGUST 2009


Tuesday, August 25, 2009

15:10



Here is some illustration of progress
 
1) Primer of offset table usage to call functions. This is very interesting part, as it allows to dump vram.
 

2) Second part shows part of shooting speed related procedure, here you can find how big structure is used. I believe that at 0x68 we have mode wheel position.
 
 


Disassembling  comments (5)



Wednesday, August 19, 2009

5:22



Debug mode can be succesfully enabled on Samsung GX-1S with firmware 1.02.
Unfortunately, there is no debug menu like on newer cameras.
The same procedure will probably work on all *ist and GX1 cameras.

Only the MODSET and AUTORUN extensions may differ.

 

1. Format SD card in camera (I tested 16MB and 128MB)
2. Create file MODSET.TXT in root of SD with desired testmode (only one option at time)
3. Insert SD card in camera - DON'T CLOSE SD CARD DOORS!

4. Turn On camera and wait few seconds

 

modset filename: MODSET.TXT

scripting filename: AUTORUN.375

 

Works only in [DEBUG_MODE DIS]:

[AF_PINT_DISP]

[DSP_ROM_STORE]

[CPU_ROM_STORE]

[EEPROM_STORE]

[EEPROM_LOAD]

[LENS_COMUNICATION_CHECK]

[RELEASE_AGING]

[SWITCH_TEST]

[PRODUCT_NUMBER_DISP]

 

Enable/disable scripting

[SCRIPT_EN_MODE DIS]

[SCRIPT_EN_MODE EN]

 

Enable/disable camera operation with SD card doors opened - usefull for testing:
 [CFDOOR_OPEN DIS]
[CFDOOR_OPEN EN]

 

Enable/disable debug mode

[DEBUG_MODE DIS]

[DEBUG_MODE EN]

 

 

Works only in [DEBUG_MODE EN]:

[DEBUG_DSC_DISP_OSTIME_INFO] - displays internal camera clock. [DEBUG_DSC_DISP_DSP_STATE_INFO] - dsp info, you should take a picture. [DEBUG_DSC_DISP_VENDOR_INFO] - same as DSP_STATE_INFO?

[DEBUG_DSC_DISP_BVAD_INFO]  - same as DSP_STATE_INFO?

[DEBUG_DSC_DISP_DEBUG_INFO] - some debug numbers [DEBUG_DSC_DISP_BATT_INFO] - same as DSP_STATE_INFO?

[DEBUG_DSC_DISP_BVD_INFO] - some hex-values - probably exposition. [DEBUG_DSC_DISP_LVDDASH_INFO] - some numbers like DSP_STATE_INFO .[DEBUG_DSC_DISP_LV_INFO] - looks like DISP_BVD_INFO, but different numbers .[DEBUG_DSC_DISP_STROBE_INFO] - info about flash state [DEBUG_DSC_DISP_LENS_INFO] - same as DSP_STATE_INFO?

[DEBUG_DSC_DISP_CPU_STATE_INFO] - displays mode state, af state, exposure state, temperature and sw at bottom means pressed button code.



General  comments (0)



Monday, August 17, 2009

13:10



Below is link where you can get improved FR processor module to work with IDA 4.9 Free.
 
1. This is first public release.
2. Fixed errors with processing cfg file.
3. New cfg files to make automatic parsing of all interrupts in TBR.
4. Includes FR assembler auto-comments file.
 
 


General  comments (0)



Saturday, August 15, 2009

8:05



Some information update
 
Latest Softune (with MB91680 support)

CPU definitions file have some info about MB91680 interrupts.
 
REALOS related stuff :-)
 
Last file has tools and good manuals on RealOS functions.
First one has libraries on sources of kernel functions (works with Softune).
It looks that DSLRs use RealOS, as they heavy use 0x40 and 0x41 interrupts.
In early Pentax DSLRs "Softune REALOS/FR.." string was present.
 
If you have good Japanese knowledge, contact me, please!

I really hope to get MB91680 manuals :-)


General  comments (0)



Wednesday, August 12, 2009

7:37



Four necessary improvements are:
 

1) Handing of jump tables. This is very frequently used feature.

2) Script to handle offset tables (many of them are present),

   so pressing two keys automatically changes all to offsets

   (until it is proper address and stops as soon as it is not)

   add xref and start analizing procedures.

3) Many parameters are passed by registers. If we could track them somehow and  allow to quickly define this in function definition, so comments can be seen right after commands before call (ala pc.w32).

4) FR module have almost ready auto-comments. Is it desirable to make them work inside IDE (as gray auto-comments). As most people are quite new to this assembler.

If you have time and expirience working with IDA writing IDC scripts and/or plugins and modules, please, contact me.



Disassembling  comments (2)




[1] 2 3   [NEXT]  [LAST]
1 - 5 of 12















(c) 2009 Pentax Hacking Community