Thanks Csaba for the suggestions/typo. You are welcome.

Sorry for the inconvenience. Can we make a fresh start? arm.indy>ok

Let's back to the serious things :-)

arm.indy>i was very serious

pel>see the smiley

Do you have any idea how can we figure out the updater2 checksum?

arm.indy>study the code of updater2

pel>If no other way...

Do you know why the Dual Digic cameras has two updaters?

arm.indy>to update each one digic I suppose

pel>OK, but I can imagine a software which can update both digic one by one.

Do you work on ML developing?

arm.indy>no programming, only reversing since I have no DryOs camera.

I have about hundred more question...

you can help by:

- testing code on your 7D. set up the compilation enviromnent

- do reverse on 7d updaters and dump. for example how the 7d is rebooting after an update.

then share your findings on the list. pel>I've not started to code digging because I don't know what is known and what is unknown.

I don't want to waste time to find something what is found by somebody else thousand years ago. :-)

Trammel said we don't need dumps anymore as payload decryption is possible.

For me it means Trammel knows how the decryption works, so any effort to find this is useless, isn't it?

As a 'lazy' developer I've started to make a disass/emu for the ARM.

Not as fancy as IDA Pro, but more comfortable and an emulator can speed up the reversing...

I saw the factory menus in the dump, do you know how can we start that?

PS: every changes on CHDK and MagicLantern wiki is recorded with the date and who has done it. A simple way to see that I had published FIR format details and when.

pel> There was no doubt at all you did.

pel>I hope you will answer my earlier questions and these also sometimes...

Another thoughts about the firmware file:

I still think that it would be better if you use some naming convention and not mix everything like flasher<>updater<>first updater or encrypted<>XOR cyphered or xor deciphering seed<>IV for xor decriptor etc.

By the way where did you find the 'updater', 'updater2' and 'firmware' texts?

I think changing any fields cause 'orange error' so you can write it to every fields.

I still think field 0x34 not the length of the payload based on what I wrote before.

Field 0x40: sha1 seed value. What do you mean? As I know the SHA1 is a hash algorithm which produce a digest from an array of bytes. What for the seed value?

Field 0x68: 1st flasher hmac-sha1 (hmac-sha1 is the final step) Is the 1st flasher means the 1st updater? The hmac-sha1 algorithm needs a key and data (an array of bytes). What is the key? And what is the data? From 0 to udater2 (or to firmware for 5D2)? Does the field 0x40 do something here?

Field 0x0x88: firmware flasher hmac-sha1 (hmac-sha1 is the final step) What is the firmware flasher? The updater1? The firmware? Other? Same questions: What is the key and what is the data?

Community content is available under CC-BY-SA unless otherwise noted.