7d updates[]
Update (8Jan2012): managed to compute updater2 checksum, but not sure it is a useful progress...
7D is dual Digic so they are 2 updaters:[]
Fir_tool 0.6 (8Jan2012) fileLen = 0xc0170c ---.fir header--- 0x000: modelId = 0x80000250, (7D, DryOS) 0x010: version = 1.2.3 0x020: checksum = 0xa0577e5f checksum computing [0x0-0xc0170c] is OK! 0x024: updater1 header = 0xb0 0x028: updater1 offset = 0x120 0x02c: updater2 offset = 0x1a65d0 0x030: firmware offset = 0x214390 0x034: 0xffffffff 0x038: embedded file size = 0xc0170c 0x03c: 0x0 0x040: sha1 seed = 0x43be8381 0x044: 0x00000004 0x00000000 0x00000020 0x00000024 0x00000044 0x000000b0 0x002142e0 0x060: 0x214390 0x064: firmware length = 0x9ed37c 0x068: updater1 hmac-sha1 = 0b6640b60071040abb10ea30c99aabe05566665a 0x088: firmware hmac-sha1 = 498586e645b182c1aaeec6aa8b45d570dc2b6cfb ---updater1 header--- 0x0b0: updater1 length = 0x1a64b0. starts at 0x120 0x0b4: 0x1a64ac 0x0b8: 0x0 0x0bc: xor seed value = 0xec33fb74 0x120: --- updater1 (ciphered) --- ---updater2 header--- 0x1a65d0: (+0x000), modelId = 0x80000250, (7D, DryOS) 0x1a65e0: (+0x010), version = 1.2.3 0x1a65f0: (+0x020), checksum? = 0xfd545a3e checksum computing [0x1a65d0-0x214390] is OK! 0x1a65f4: (+0x024), 0xb0 0x1a65f8: (+0x028), 0x120 0x1a65fc: (+0x02c), ffffffff ffffffff ffffffff 0x1a6608: (+0x038), updater length (including header) = 0x6ddc0. starts at 0x1a65d0 0x1a6680: (+0x0b0), updater length = 0x6dca0. starts at 0x1a66f0 0x1a6684: (+0x0b4), 0x6dc9c 0x1a6688: (+0x0b8), 0x0 0x1a67ac: (+0x0bc), xor seed value = 0xfbeac87f 0x1a66f0: (+0x120), --- updater2 (ciphered) --- ---firmware header---
fir_tool.py can be used to extract the 2 updaters.
Officially, updater1 is called K250SU (Slave Updater) and updater2 is K250MU (Master Updater).
Similarly, main firmware (patch#8) is called K250S and second one (patch#2) is called K250M. you can notice the addresses both at 0xf8010000 (copy of 0xff010000), but K250S loads at 0xff010000 and K250M at 0xff810000.
Dump_fir 0.3 (01Jan2011) fileLen = 0x9ed300 0x000: checksum = 0xc3153d27 0x004: 0x00000000 0x008: 0x00000002 0x00c: 0x00000000 0x010: nb_record = 0xa 0x014: table_offset = 0x20 0x018: nb_record = 0x18 0x01c: size_after = 0x9ed1f0 0x020: ---patches table--- + tag + foffset + size + moffset --------------------------------------------- 0x01: 0x0101 0x00000110 0x00034fac 0xf8300000 0x02: 0x0101 0x000350bc 0x001be874 0xf8010000 <-K250M (Master) 0x03: 0x0200 0x001f3930 0x00000521 0x00000000 0x04: 0x0200 0x001f3e52 0x000245bf 0x00000000 0x05: 0x0200 0x00218412 0x0008b7e8 0x00000000 0x06: 0x0100 0x002a3bfa 0x00034fac 0xf8910000 0x07: 0x0100 0x002d8ba6 0x001f0b30 0xf85b0000 0x08: 0x0100 0x004c96d6 0x00523aec 0xf8010000 <-K250S (Slave) 0x09: 0x0103 0x009ed1c2 0x0000009d 0x00000000 0x0a: 0x0102 0x009ed260 0x0000009f 0x00000000 0x110: ---patch#1---
Firmwares analysis[]
Master Firmware (K250M, 0xff810000, 1.7 Mbytes)[]
- No GUI functions
- has FIO_* funtions, with a RequestRPC call
- has MAC_* functions
- hotplug task (USB/HDMI/VIDEO/Mic/TOE)
- ...
Slave Firmware (K250S, 0xff010000, 5.1 Mbytes)[]
- has GUI functions
- has FIO_* funtions
- has SD/CF read/write funtions
- MVP_* (MoviePlayer), MOVW_* (MovieFileWriter)
- MVR_* (MovieRecord), MOVR_* (MovieFileReader)
- PD_*, FM_*, FC_*, Ceres functions
- LiveviewAE, LiveviewAF
- ASIF, Audio, USB, DryShell
- Vram, Bitmap
- VFAT, exFAT
- Pre/Rear/Front Develop
- FA_* (Factory), FaceDetection
- SVG code, MAC_*, CRP_*, DirectPrint
- LensCom, PTP
- H264E, JPCORE, EDID
- LOT/DEC/HST/CPY/RSZ/DDD/SUB
- HASH, ENG[ine]
LED[]
(works in updater1 context) unsigned int *led_addr = 0xC022D06C; *led_addr = 0x800C00; *led_addr = 0x138000; // drive_led_on *led_addr = 0x800C00; *led_addr = 0x38400; // led_off
in bootcode. does not work in updater1 FFFF53C0 LDR R4, =0xC0223000 FFFF53C4 MOV R1, #0x46 // on FFFF53C8 STR R1, [R4,#0x2C] FFFF5434 MOV R1, #0x44 FFFF5438 STR R1, [R4,#0x2C]