Magic Lantern Firmware Wiki

7d updates[]

Update (8Jan2012): managed to compute updater2 checksum, but not sure it is a useful progress...

7D is dual Digic so they are 2 updaters:[]

Fir_tool 0.6 (8Jan2012)

fileLen = 0xc0170c
---.fir header---
0x000: modelId = 0x80000250, (7D, DryOS)
0x010: version = 1.2.3
0x020: checksum = 0xa0577e5f
 checksum computing [0x0-0xc0170c] is OK!
0x024: updater1 header = 0xb0
0x028: updater1 offset = 0x120
0x02c: updater2 offset = 0x1a65d0
0x030: firmware offset = 0x214390
0x034: 0xffffffff
0x038: embedded file size = 0xc0170c
0x03c: 0x0
0x040: sha1 seed = 0x43be8381
0x044: 0x00000004 0x00000000 0x00000020 0x00000024 0x00000044 0x000000b0 0x002142e0
0x060: 0x214390
0x064: firmware length = 0x9ed37c
0x068: updater1 hmac-sha1 = 0b6640b60071040abb10ea30c99aabe05566665a
0x088: firmware hmac-sha1 = 498586e645b182c1aaeec6aa8b45d570dc2b6cfb
---updater1 header---
0x0b0: updater1 length = 0x1a64b0. starts at 0x120
0x0b4: 0x1a64ac
0x0b8: 0x0
0x0bc: xor seed value = 0xec33fb74
0x120: --- updater1 (ciphered) ---
---updater2 header---
0x1a65d0: (+0x000), modelId = 0x80000250, (7D, DryOS)
0x1a65e0: (+0x010), version = 1.2.3
0x1a65f0: (+0x020), checksum? = 0xfd545a3e
 checksum computing [0x1a65d0-0x214390] is OK!
0x1a65f4: (+0x024), 0xb0
0x1a65f8: (+0x028), 0x120
0x1a65fc: (+0x02c), ffffffff ffffffff ffffffff
0x1a6608: (+0x038), updater length (including header) = 0x6ddc0. starts at 0x1a65d0
0x1a6680: (+0x0b0), updater length = 0x6dca0. starts at 0x1a66f0
0x1a6684: (+0x0b4), 0x6dc9c
0x1a6688: (+0x0b8), 0x0
0x1a67ac: (+0x0bc), xor seed value = 0xfbeac87f
0x1a66f0: (+0x120), --- updater2 (ciphered) ---
---firmware header--- can be used to extract the 2 updaters.

Officially, updater1 is called K250SU (Slave Updater) and updater2 is K250MU (Master Updater).

Similarly, main firmware (patch#8) is called K250S and second one (patch#2) is called K250M. you can notice the addresses both at 0xf8010000 (copy of 0xff010000), but K250S loads at 0xff010000 and K250M at 0xff810000.

Dump_fir 0.3 (01Jan2011)

fileLen = 0x9ed300
0x000: checksum = 0xc3153d27
0x004: 0x00000000
0x008: 0x00000002
0x00c: 0x00000000
0x010: nb_record = 0xa
0x014: table_offset = 0x20
0x018: nb_record = 0x18
0x01c: size_after = 0x9ed1f0
0x020: ---patches table---
      + tag  + foffset  +   size   + moffset
 0x01: 0x0101 0x00000110 0x00034fac 0xf8300000
 0x02: 0x0101 0x000350bc 0x001be874 0xf8010000 <-K250M (Master)
 0x03: 0x0200 0x001f3930 0x00000521 0x00000000
 0x04: 0x0200 0x001f3e52 0x000245bf 0x00000000
 0x05: 0x0200 0x00218412 0x0008b7e8 0x00000000
 0x06: 0x0100 0x002a3bfa 0x00034fac 0xf8910000
 0x07: 0x0100 0x002d8ba6 0x001f0b30 0xf85b0000
 0x08: 0x0100 0x004c96d6 0x00523aec 0xf8010000 <-K250S (Slave)
 0x09: 0x0103 0x009ed1c2 0x0000009d 0x00000000
 0x0a: 0x0102 0x009ed260 0x0000009f 0x00000000
0x110: ---patch#1---

Firmwares analysis[]

Master Firmware (K250M, 0xff810000, 1.7 Mbytes)[]

  • No GUI functions
  • has FIO_* funtions, with a RequestRPC call
  • has MAC_* functions
  • hotplug task (USB/HDMI/VIDEO/Mic/TOE)
  • ...

Slave Firmware (K250S, 0xff010000, 5.1 Mbytes)[]

  • has GUI functions
  • has FIO_* funtions
  • has SD/CF read/write funtions
  • MVP_* (MoviePlayer), MOVW_* (MovieFileWriter)
  • MVR_* (MovieRecord), MOVR_* (MovieFileReader)
  • PD_*, FM_*, FC_*, Ceres functions
  • LiveviewAE, LiveviewAF
  • ASIF, Audio, USB, DryShell
  • Vram, Bitmap
  • VFAT, exFAT
  • Pre/Rear/Front Develop
  • FA_* (Factory), FaceDetection
  • SVG code, MAC_*, CRP_*, DirectPrint
  • LensCom, PTP
  • HASH, ENG[ine]


(works in updater1 context)
unsigned int *led_addr = 0xC022D06C;
*led_addr = 0x800C00;
*led_addr = 0x138000; // drive_led_on

*led_addr = 0x800C00;
*led_addr = 0x38400; // led_off
in bootcode. does not work in updater1

FFFF53C0                 LDR     R4, =0xC0223000
FFFF53C4                 MOV     R1, #0x46  // on
FFFF53C8                 STR     R1, [R4,#0x2C]

FFFF5434                 MOV     R1, #0x44
FFFF5438                 STR     R1, [R4,#0x2C]