Magic Lantern Forum

Magic Lantern Releases => Camera-specific discussion => Topic started by: ariznaf on June 02, 2016, 09:27:03 AM

Title: Canon 80D
Post by: ariznaf on June 02, 2016, 09:27:03 AM
I have bought a Canon 80D right a few days ago.

I know it is to early to expect a magic lantern port for it, as probably no developer has one.

But hope is a human trait.

Is 80D hardware similar enough to 70D or 7DII in order to expect the port not being too difficult or lengthy?

I have read that the first thing developers need is a firmware image.

Is there a waty to obtain it?
Do we need to wait until a firmware update from Canon?
Title: Re: Canon 80D
Post by: Walter Schulz on June 02, 2016, 10:00:06 AM
Don't bother about firmware image.
Bother about DiGiC 6 featured. This will be the first ML port involving DiGiC 6.
This port will get as difficult and lengthy as you can imagine. It's a beastly task.
Title: Re: Canon 80D
Post by: violajsilver on June 03, 2016, 07:42:17 AM
The EOS 80D boasts a viewfinder coverage of approx. 100%. The newly-developed 45-point, all cross-type AF sensor and continuous shooting speed of up to 7.0fps makes it an excellent choice for capturing moving subjects. Movie shooting at a quality of up to Full HD 60p is also supported, and Dual Pixel CMOS AF, which makes it possible to achieve high speed AF during Live View shooting, has been enhanced to be compatible for use with all EF lenses. Remote shooting and image sharing with smart devices is also made simple as the camera supports Wi-Fi and NFC.
Title: Re: Canon 80D
Post by: ariznaf on June 05, 2016, 12:13:23 AM
Sorry to era that.

I would loke to teste ml for ten first time.
I was lookong for it in the 40d bit it dic note arribe.

Bit 7d ii has a digic 6 proceso top and ml is on the way...
Title: Canon 80D
Post by: a1ex on June 19, 2016, 09:01:51 PM
Current status:

My attempts to jump to Canon firmware failed on both 760D and 80D.

source (https://bitbucket.org/hudson/magic-lantern/commits/306fc3a33334)

Also tried to:
- identify the main firmware start address from the string "/_term" (tested on 7D2 in QEMU and on 60D; should work on all DIGIC 4/5 models)
- jump to 0xFFFF0000 (hivecs reset interrupt, tested on 60D, probably works on all DIGIC 4/5 models)
- jump to MEM(0xFC000000) (reset address for EOS M3 and M10)

All attempts resulted in black screen and camera locked up.

Then, from 7D2 thread:
The LED blinks!

That means, our current options are:

I need some help from somebody willing to do a small hardware mod (details (http://www.magiclantern.fm/forum/index.php?topic=13746.msg168431#msg168431)). The FIR from the linked post won't work here, but I can prepare one for 760D (or any other DIGIC 6 camera) on request.

Meanwhile, I've found the LED address on 7D2 (http://magiclantern.fm/forum/index.php?topic=13746.msg168514#msg168514). It's unlikely to be the same address on other DIGIC 6 cameras, but it's likely to be in the same range. Therefore, we could try to poke a few addresses nearby [1] (https://chdk.setepontos.com/index.php?topic=1493.msg13469#msg13469) [2] (https://chdk.setepontos.com/index.php?topic=11316.msg111290#msg111290).

The second one is easier, so I'm looking for a volunteer to try it.
Title: Re: Canon 80D
Post by: zloe on June 20, 2016, 08:08:42 AM
Volunteer found, but I need some assistance. It would take me some time to prepare the fir file myself.

- zlo
Title: Re: Canon 80D
Post by: dinissilva on June 20, 2016, 02:44:11 PM
Hey,

I don't know much about coding!! But i own a Canon 80D, and you have my support any time!!

Dinis Silva
Title: Re: Canon 80D
Post by: dinissilva on June 20, 2016, 02:56:42 PM
I have tested the LED Adress on Canon 80D and...BLINKS!!
Title: Re: Canon 80D
Post by: a1ex on June 20, 2016, 03:02:57 PM
8)

The LED address is somewhere between 0xd20b0800 and 0xd20b1000 (source) (https://bitbucket.org/hudson/magic-lantern/commits/89f7063cd9460ab3942c86b8e219891e02abff73) (credits 1) (https://chdk.setepontos.com/index.php?topic=11316.msg111290#msg111290) (credits 2) (https://chdk.setepontos.com/index.php?topic=1493.msg13469#msg13469).

Looks like we no longer need the power supply hack :)

Next steps: http://chdk.wikia.com/wiki/Obtaining_a_firmware_dump#Hardware-software_solution

Please let me know once you have the hardware ready.
Title: Re: Canon 80D
Post by: dinissilva on June 20, 2016, 10:01:41 PM
I can try! But I gonna need some help!  :-X
Title: Re: Canon 80D
Post by: zloe on June 21, 2016, 07:56:25 PM
Ok, photo transistor connected to Audacity, ready to record.
Just need to attach it a bit better to the cam.
Title: Re: Canon 80D
Post by: can-on on June 22, 2016, 12:39:27 PM
Hi

An important question is do you think will be the 80d in 4k video ??
or what is theoretically expected resolution?

thx
Title: Re: Canon 80D
Post by: Walter Schulz on June 22, 2016, 12:47:33 PM
4k video is totally out of the question. Won't happen but for very, very short shots.
No ML enabled cam is able to do 4k continuous and it won't change for 80D, 7D2, 750D/760D.
SD-card interface is in the 100 MByte/s area and will therefore not outperform 5D3.
Title: Re: Canon 80D
Post by: can-on on June 22, 2016, 09:12:17 PM
ok thanks for the quick response.
Now can 80D,  MOV: 1920 x 1080p / 29.97 fps (90 Mbps) / 23.98 fps (90 Mbps)
                        MP4: 1920 x 1080p / 59.94 fps (60 Mbps) / 29.97 fps (30 Mbps)

what to expect, ML development ? 2,5K RAW Video ?

thx
Title: Re: Canon 80D
Post by: Walter Schulz on June 22, 2016, 09:19:20 PM
You can expect ML for 80D ready when it's ready.
Title: Re: Canon 80D
Post by: Welles on June 23, 2016, 12:40:52 PM
I would say 2,5K is very unlikely, especially in continuous recording. Do you have an idea of the SD card writing speed?

To get an idea of what is already possible with older DiGiCs, have a look at http://www.magiclantern.fm/forum/index.php?topic=6215.msg46857#msg46857
Title: Re: Canon 80D
Post by: DenW on June 25, 2016, 12:55:59 PM
Hi,

I also own the Canon 80D and am available for testing.
Please contact me via PM if interested.

Thanks!
DenW
Title: Re: Canon 80D
Post by: KelvinK on June 27, 2016, 11:45:49 AM
Ok, photo transistor connected to Audacity, ready to record.
Just need to attach it a bit better to the cam.

Any news? All are waiting :)
Title: Re: Canon 80D
Post by: ariznaf on June 28, 2016, 12:00:24 AM
Great news to find you have been started working on the 80d.

I have not enough expertise in low level programming or electronics to help at this stage, but will try to help in testing as soon as an installable version is available.

I' ll keep an eye in your progress.
Thank you for your efforts
Title: Re: Canon 80D
Post by: yacenty on June 30, 2016, 10:19:01 PM
I have both 760d and 7d2
I can help
Title: Re: Canon 80D
Post by: OldMikeyJ on June 30, 2016, 11:43:34 PM
I've recently purchased an 80d and am willing to help in any way I can (mainly just testing a build). Please send me a msg if I can be of any assistance.
Title: Re: Canon 80D
Post by: a1ex on July 03, 2016, 09:02:15 PM
LED address identified, thanks zloe :)

https://bitbucket.org/hudson/magic-lantern/commits/6ea5fa498ef0
Title: Re: Canon 80D
Post by: mfituri on July 05, 2016, 09:06:54 PM
Hey, I have an 80D and would love to help. I know a thing or two about low level programming too.
Title: Re: Canon 80D
Post by: ccs86 on July 05, 2016, 09:27:20 PM
Exciting stuff!    :o 8)
Title: Re: Canon 80D
Post by: dinissilva on July 05, 2016, 09:47:10 PM
In deed guys let's give the developers some LOVE!! For the great work!!
Title: Re: Canon 80D
Post by: gsanchez922 on July 06, 2016, 04:38:35 AM
Hello I want to ask if you will work with 5Ds & R?
Title: Re: Canon 80D
Post by: _OLLE_ on July 06, 2016, 07:13:22 PM
Guys! please! it's not going faster because you are asking!
Title: Re: Canon 80D
Post by: ccs86 on July 07, 2016, 03:03:14 PM
Nobody is asking for it to go faster. All I see is people offering help, and appreciation.
Title: Re: Canon 80D
Post by: a1ex on July 12, 2016, 09:37:02 AM
Progress: zloe managed to dump the firmware using LED blinking :)

Early findings:

- the first address executed is *(uint32_t*)0xFC000000, just like EOS M3
- bootloader starts at FC000008, ARM code
- main firmware starts at FE0A0000, Thumb-2 code, and looks similar to 7D2 (http://www.magiclantern.fm/forum/index.php?topic=13746.msg147553;topicseen#msg147553)
- the bootloader prints progress in a way similar to LILO (https://en.wikipedia.org/wiki/LILO_%28boot_loader%29#Output): it prints "Boot" as the bootloader progresses, but in QEMU it just prints "Boo" :)

QEMU log so far:
Code: [Select]
FC000008: MCR p15,0,Rd,cr6,cr2,0:       RGNR <- 0x0
FC000010: MCR p15,0,Rd,cr6,cr1,0:      DRBAR <- 0x0
FC000018: MCR p15,0,Rd,cr6,cr1,2:       DRSR <- 0x3F
FC000020: MCR p15,0,Rd,cr6,cr1,4:      DRACR <- 0x320
FC000028: MCR p15,0,Rd,cr1,cr0,0:      SCTLR <- 0x2001
FE020040: MCR p15,0,Rd,cr9,cr1,1:       BTCM <- 0x1
FE025884: MCR p15,0,Rd,cr6,cr2,0:       RGNR <- 0x1
FE02588C: MCR p15,0,Rd,cr6,cr1,0:      DRBAR <- 0x0
FE025894: MCR p15,0,Rd,cr6,cr1,4:      DRACR <- 0x329
FE02589C: MCR p15,0,Rd,cr6,cr1,2:       DRSR <- 0x3B
FE0258A4: MCR p15,0,Rd,cr6,cr2,0:       RGNR <- 0x2
FE0258AC: MCR p15,0,Rd,cr6,cr1,0:      DRBAR <- 0xBFE00000
FE0258B4: MCR p15,0,Rd,cr6,cr1,4:      DRACR <- 0x324
FE0258BC: MCR p15,0,Rd,cr6,cr1,2:       DRSR <- 0x29
FE0258C4: MCR p15,0,Rd,cr6,cr2,0:       RGNR <- 0x4
FE0258CC: MCR p15,0,Rd,cr6,cr1,0:      DRBAR <- 0xDFE00000
FE0258D4: MCR p15,0,Rd,cr6,cr1,4:      DRACR <- 0x324
FE0258DC: MCR p15,0,Rd,cr6,cr1,2:       DRSR <- 0x29
FE0258E4: MCR p15,0,Rd,cr6,cr2,0:       RGNR <- 0x5
FE0258EC: MCR p15,0,Rd,cr6,cr1,0:      DRBAR <- 0xEE000000
FE0258F4: MCR p15,0,Rd,cr6,cr1,4:      DRACR <- 0x329
FE0258FC: MCR p15,0,Rd,cr6,cr1,2:       DRSR <- 0x31
FE025904: MCR p15,0,Rd,cr6,cr2,0:       RGNR <- 0x6
FE02590C: MCR p15,0,Rd,cr6,cr1,0:      DRBAR <- 0xFE000000
FE025914: MCR p15,0,Rd,cr6,cr1,4:      DRACR <- 0x329
FE02591C: MCR p15,0,Rd,cr6,cr1,2:       DRSR <- 0x31
FE025924: MCR p15,0,Rd,cr6,cr2,0:       RGNR <- 0x3
FE02592C: MCR p15,0,Rd,cr6,cr1,0:      DRBAR <- 0xC0000000
FE025934: MCR p15,0,Rd,cr6,cr1,4:      DRACR <- 0x305
FE02593C: MCR p15,0,Rd,cr6,cr1,2:       DRSR <- 0x3B
FE025944: MCR p15,0,Rd,cr15,cr5,0:        idk <- 0x0
FE025944: MCR p15,0,Rd,cr1,cr0,0:      SCTLR <- 0x1005
FE020400: MCR p15,0,Rd,cr9,cr1,0:       ATCM <- 0x80000001
BooBTCM Start
MR[5]=00000001
MR[6]=00000011
MR[7]=00000000
MR[8]=00000018
MID=SAMSUNG
Erase FROM(start:0xFC080000,size:0x68)
Sector erase error
MEMIF Uncomplete

For emulation, I've used the Cortex R5 CPU in QEMU.

I'd appreciate if somebody would interpret the p15 registers listed above (you probably just have to look them up in the ARM ARM v7-A&R (http://liris.cnrs.fr/~mmrissa/lib/exe/fetch.php?media=armv7-a-r-manual.pdf)).
Title: Re: Canon 80D
Post by: tecgen on July 12, 2016, 12:41:07 PM
If MCR p15,0,Rd,cr6,cr2,0:       RGNR <- 0x0
is the same as MCR p15, 0, <Rt>, c6, c2, 0 ; Write Rt to RGNR
then I found the following section.

Quote
Accessing the RGNR

To access the RGNR, software reads or writes the CP15 registers with <opc1> set to 0, <CRn> set to c6, <CRm> set to c2, and <opc2> set to 0. For example:
MRC p15, 0, <Rt>, c6, c2, 0 ; Read RGNR into Rt
MCR p15, 0, <Rt>, c6, c2, 0 ; Write Rt to RGNR


Do you need to know what RGNR and so on is?

RGNR = MPU Region Number Register
RGNR = MPU Region Number Register
DRBAR = Data Region Base Address Register
DRSR = Data Region Size and Enable Register
DRACR = Data Region Access Control Register
SCTLR = System Control Register (?)
BTCM =  B? Trapping Control Mechnism (?)
ATCM = A? Trapping Control Mechnism (?)

Title: Re: Canon 80D
Post by: a1ex on July 12, 2016, 01:01:59 PM
Yes, these registers show what memory ranges are configured for the memory protection unit, with what start address, what size, what access permisions and so on (in other words, the memory map).

You may fill the results on this page if you prefer: http://magiclantern.wikia.com/wiki/Memory_map
Title: Re: Canon 80D
Post by: tecgen on July 12, 2016, 01:18:57 PM
Done ;)
Title: Re: Canon 80D
Post by: nikfreak on July 12, 2016, 01:29:01 PM
 :P
Title: Re: Canon 80D
Post by: a1ex on July 12, 2016, 01:48:28 PM
404 ;)
Title: Re: Canon 80D
Post by: atonal on July 13, 2016, 07:48:31 PM
Added my interpretation of the memory mapping to the wiki.
Title: Re: Canon 80D
Post by: a1ex on July 14, 2016, 12:28:01 PM
Thanks atonal. I found a function in 80D firmware that reads these registers and decodes the base address, size and some access permissions:
Code: [Select]
[      init:fe237fa9 ] Memory region: start=00000000 end=00000000 flags=00000001
[      init:fe237fbf ] Memory region: start=00000000 end=00000000 flags=00000002
[      init:fe237fcb ] Memory region: start=E0000000 end=FFFFFFFF flags=00000020
[      init:fe237ffd ] Memory region: start=FE000000 end=FFFFFFFF flags=00000008
[      init:fe237ffd ] Memory region: start=EE000000 end=EFFFFFFF flags=00000008
[      init:fe237ffd ] Memory region: start=DFE00000 end=DFFFFFFF flags=00000004
[      init:fe237ffd ] Memory region: start=C0000000 end=FFFFFFFF flags=00000010
[      init:fe237ffd ] Memory region: start=BFE00000 end=BFFFFFFF flags=00000004
[      init:fe237ffd ] Memory region: start=00000000 end=3FFFFFFF flags=00000008
[      init:fe237ffd ] Memory region: start=00000000 end=FFFFFFFF flags=00000004
[      init:fe237e5f ] Memory region: start=00000000 end=FFFFFFFF flags=00000000

And here's CHDK cpuinfo log for the same memory regions:
Code: [Select]
MPU region 0 base 0x00000000
  Base address         0x0 0
MPU region 0 size & enable 0x0000003F
  Enabled              0x1 1
  Size                 0x1F 31 [4G]
  -                    0x0 0
  Sub-regions disabled 0x0 0 [00000000]
MPU region 0 access control 0x00000320
  Region attributes    0x20 32 [Inner Non-cacheable; Outer Non-cacheable; Non-shared]
  -                    0x0 0
  Access permission    0x3 3 [P:RW U:RW]
  -                    0x0 0
  Execute never        0x0 0
MPU region 1 base 0x00000000
  Base address         0x0 0
MPU region 1 size & enable 0x0000003B
  Enabled              0x1 1
  Size                 0x1D 29 [1G]
  -                    0x0 0
  Sub-regions disabled 0x0 0 [00000000]
MPU region 1 access control 0x00000329
  Region attributes    0x29 41 [Inner Write-back, write-allocate; Outer Write-back, write-allocate; Non-shared]
  -                    0x0 0
  Access permission    0x3 3 [P:RW U:RW]
  -                    0x0 0
  Execute never        0x0 0
MPU region 2 base 0xBFE00000
  Base address         0xBFE00000 -1075838976
MPU region 2 size & enable 0x00000029
  Enabled              0x1 1
  Size                 0x14 20 [2M]
  -                    0x0 0
  Sub-regions disabled 0x0 0 [00000000]
MPU region 2 access control 0x00000324
  Region attributes    0x24 36 [Inner Non-cacheable; Outer Non-cacheable; Shared]
  -                    0x0 0
  Access permission    0x3 3 [P:RW U:RW]
  -                    0x0 0
  Execute never        0x0 0
MPU region 3 base 0xC0000000
  Base address         0xC0000000 -1073741824
MPU region 3 size & enable 0x0000003B
  Enabled              0x1 1
  Size                 0x1D 29 [1G]
  -                    0x0 0
  Sub-regions disabled 0x0 0 [00000000]
MPU region 3 access control 0x00000305
  Region attributes    0x5 5 [Shareable device; Shareable]
  -                    0x0 0
  Access permission    0x3 3 [P:RW U:RW]
  -                    0x0 0
  Execute never        0x0 0
MPU region 4 base 0xDFE00000
  Base address         0xDFE00000 -538968064
MPU region 4 size & enable 0x00000029
  Enabled              0x1 1
  Size                 0x14 20 [2M]
  -                    0x0 0
  Sub-regions disabled 0x0 0 [00000000]
MPU region 4 access control 0x00000324
  Region attributes    0x24 36 [Inner Non-cacheable; Outer Non-cacheable; Shared]
  -                    0x0 0
  Access permission    0x3 3 [P:RW U:RW]
  -                    0x0 0
  Execute never        0x0 0
MPU region 5 base 0xEE000000
  Base address         0xEE000000 -301989888
MPU region 5 size & enable 0x00000031
  Enabled              0x1 1
  Size                 0x18 24 [32M]
  -                    0x0 0
  Sub-regions disabled 0x0 0 [00000000]
MPU region 5 access control 0x00000329
  Region attributes    0x29 41 [Inner Write-back, write-allocate; Outer Write-back, write-allocate; Non-shared]
  -                    0x0 0
  Access permission    0x3 3 [P:RW U:RW]
  -                    0x0 0
  Execute never        0x0 0
MPU region 6 base 0xFE000000
  Base address         0xFE000000 -33554432
MPU region 6 size & enable 0x00000031
  Enabled              0x1 1
  Size                 0x18 24 [32M]
  -                    0x0 0
  Sub-regions disabled 0x0 0 [00000000]
MPU region 6 access control 0x00000329
  Region attributes    0x29 41 [Inner Write-back, write-allocate; Outer Write-back, write-allocate; Non-shared]
  -                    0x0 0
  Access permission    0x3 3 [P:RW U:RW]
  -                    0x0 0
  Execute never        0x0 0

Side-note: the usual folks who were helping me are a bit busy these days; I'm looking for a volunteer to try a few things on 80D or 750D/760D.
Title: Re: Canon 80D
Post by: a1ex on July 15, 2016, 11:53:38 PM
(http://a1ex.magiclantern.fm/debug/portable-hello-world/80D/PALE180D.jpg)

8)
Title: Re: Canon 80D
Post by: dinissilva on July 15, 2016, 11:57:56 PM
Here back to do some tests!!
Title: Re: Canon 80D
Post by: Pierro777 on August 17, 2016, 03:37:45 AM
Picked up an 80d today. Let me know how I can help.
Title: Re: Canon 80D
Post by: hugovlnv on August 18, 2016, 11:53:27 AM
I'm hesitating buying an 80D right now just because I'm not sure how much time it'd take for ML to come out, probably quite a long way. Seems to be a great camera which could be made even greater with ML. Thanks for the appreciated work !

Title: Re: Canon 80D
Post by: a1ex on August 20, 2016, 12:22:27 PM
Please find a ROM dumper for 80D that does not require additional hardware:

DMPD_80D.FIR (http://a1ex.magiclantern.fm/bleeding-edge/80D/DMPD_80D.FIR)

Thanks zloe and Ant123 for confirmation.

The dumper is based on this code (http://www.magiclantern.fm/forum/index.php?topic=16534.0) and it saves 3 copies of the ROM, because the bootloader file I/O routines are tricky and sometimes they write invalid data. You only need one of the ROMs - check the MD5 sums to find out which copies are valid:

Code: [Select]
md5sum -c *.MD5

If it doesn't work, try a smaller card, or format it with an older filesystem (such as FAT12).

Please don't send me a copy of your ROM, I already have it. If your firmware version is not "1.0.1 6.2.2 9C(84)", please paste it. You can get the full firmware version with this command:
Code: [Select]
strings ROM1A.BIN | grep -C 2 "1\.0\.1"

To replicate my experiments in QEMU, duplicate the ROM contents to get a 64MB file, then run:

Code: [Select]
./run_canon_fw.sh 80D -s -S & arm-none-eabi-gdb -x 80D/debugmsg.gdb

Happy hacking. I'll probably need some help writing self-modifying code on this ARM platform (Cortex R4 (http://www.magiclantern.fm/forum/index.php?topic=17714)), so if you already have experience with that, please get in touch with me.
Title: Re: Canon 80D
Post by: Pierro777 on August 29, 2016, 03:16:31 PM
If there a step by step or anything I can follow to help with this last step id gladly do it. I'm no programmer so the above post looks like gibberish to me. Sorry.
Title: Re: Canon 80D
Post by: vzhivkov on August 30, 2016, 07:29:51 PM
I'm a newbie. I just boght 80D and I'm so very sorry for that. I need it for many other reasons where Canon is great but I also need it for HDMI output and as I found out after I bought it that's not working as expected on 80D. So my question is whenever (doesn't matter when) ML for 80D is ready will it allow me to use HDMI out as clean HDMI? If it is not going to offer such thing I'd rather try to return the camera now until it is too late.
Title: Re: Canon 80D
Post by: Walter Schulz on August 30, 2016, 09:54:45 PM
ML has no "delivery date". Nobody is able to say how long it will take and if your cam is not supported by ML you should act like there will be no ML for your cam ever.
Top of page -> User Guide -> FAQ -> Troll Questions section
Same for features ...
Title: Re: Canon 80D
Post by: jtvision on August 30, 2016, 09:59:29 PM
ML has no "delivery date". Nobody is able to say how long it will take and if your cam is not supported by ML you should act like there will be no ML for your cam ever.
Top of page -> User Guide -> FAQ -> Troll Questions section
Same for features ...

I have seen this quote several times in this forum. How many of your 4866 posts are copy paste of these, Walter Schulz? 
Title: Re: Canon 80D
Post by: Felipe on August 30, 2016, 10:17:46 PM
jtvision if you need ML functionality rareway, buy The Canon C100 Mark II only $4500,
The pleasure of using good things cost money,. ML Team is extremly generous
Title: Re: Canon 80D
Post by: jtvision on August 30, 2016, 10:26:18 PM
I am on this forum everyday. Because I am very curious of what developments are happening here. And developments are happening!
"if your cam is not supported by ML you should act like there will be no ML for your cam ever" is simply not true!
Title: Re: Canon 80D
Post by: Pierro777 on August 31, 2016, 11:04:48 PM
Can we stick on topic?

The devs do this out of the kindness of their heart. If you want ML on your camera like everyone else posting here offer to help...

That's the only way to get it.

If people are willing to chip in to get @A1ex a 80d id chip in.

Aside from that I could always offer to troubleshoot. I just don't know where to start.
Title: Re: Canon 80D
Post by: eduperez on September 01, 2016, 02:53:18 PM
"if your cam is not supported by ML you should act like there will be no ML for your cam ever" is simply not true!

If you are thinking about buying a new camera and you positively need ML, do not buy one not supported now with hopes that it will be supported in the future; it may never be supported, and you will be stuck to an unsupported camera.

If you need ML for your project, and your camera is not supported, do not wait until it gets support, or you might wait forever and lose the opportunity to create your project.

...
Title: Re: Canon 80D
Post by: yostergeo on September 20, 2016, 02:46:09 AM
So I've been combing the web for help on this, but my 80D won't work with Canon Image Gateway.  Tells me it's not avilable in my region, despite me living in the US.  This is probably because i purchased a camera from the graymarket via Abes of Maine.  What i'm wondering is if I can flash my camera with the US version of the firmware.  If so how would I go about converting a US .bin dumped from an 80D to a .fir and would any of you be so kind as to send me your US .bin
Title: Re: Canon 80D
Post by: davicorn on September 22, 2016, 09:56:27 AM
Hi! What is the state of this?

I am a engineer and would love to help bring MagicLantern to the 80D. How can I help? :)
Title: Re: Canon 80D
Post by: a1ex on September 22, 2016, 11:53:10 AM
Boots in QEMU, but not on the actual camera (caching issues). Details on reply #40.
Title: Re: Canon 80D
Post by: Greg on September 23, 2016, 08:20:52 PM
80D File I/O stubs :

Code: [Select]
NSTUB(0xFE482A00 + 1, FIO_CloseFile)           // Thumb
NSTUB(0xFE4834CC + 1, FIO_FindClose)           // Thumb
NSTUB(0xFE48344A + 1, FIO_FindNextEx)          // Thumb
NSTUB(0xFE482880 + 1, FIO_ReadFile)            // Thumb
NSTUB(0xFE4828F0 + 1, FIO_SeekSkipFile)        // Thumb
NSTUB(0xFE482992 + 1, FIO_WriteFile)           // Thumb
NSTUB(0xFE482FEE + 1, _FIO_CreateDirectory)    // Thumb
NSTUB(0xFE4827AA + 1, _FIO_CreateFile)         // Thumb
NSTUB(0xFE4833B6 + 1, _FIO_FindFirstEx)        // Thumb
NSTUB(0xFE482AEC + 1, _FIO_GetFileSize)        // Thumb
NSTUB(0xFE482734 + 1, _FIO_Open)               // Thumb
NSTUB(0xFE482814 + 1, _FIO_RemoveFile)         // Thumb
Title: Re: Canon 80D
Post by: Marsu42 on October 04, 2016, 12:06:47 PM
If you are thinking about buying a new camera and you positively need ML, do not buy one not supported now with hopes that it will be supported in the future; it may never be supported, and you will be stuck to an unsupported camera.

... or something in between. As ML mostly relies on fw hooks or accessible variables, and there's no telling what Canon cooked up again, it's not certain what ML features will work or won't work ever. Combining the expanded dynamic range of the 80d with dual_iso would be a dream and beat Sonikon, but notice the "but".

So if you need something specific even a general "Look at qemu, ML will run on camera xyz sooner or later" announcement isn't enough to go ahead and purchase it.
Title: Re: Canon 80D
Post by: a1ex on October 04, 2016, 01:00:42 PM
Combining the expanded dynamic range of the 80d with dual_iso would be a dream and beat Sonikon, but notice the "but".

Even if dual iso will work (which we don't know yet), the gain will be small, probably about 0.5 stops at 100/1600. From DxO data (https://www.dxomark.com/Cameras/Compare/Side-by-side/Canon-EOS-80D-versus-Canon-EOS-70D___1076_895), I expect the 80D sensor at ISO 100 to be nearly as good as the 70D at say 100/800, without the resolution loss.

it's not certain what ML features will work or won't work ever

That's very true.

The 80D hardware is promising (1GB RAM (http://www.magiclantern.fm/forum/index.php?topic=5071.msg169727#msg169727), faster card speeds (http://www.magiclantern.fm/forum/index.php?topic=17067)), the firmware looks more or less familiar (the usual strings are present), but there's no way to tell what exactly will work, what will never work, and what will work only with significant research effort.

In any case, the 80D is most likely to say Hello World*) first, for the following reasons:
- I know how to start Canon firmware (same for 750D/760D, but this step doesn't work on 7D2/5D4)
- good testers available (with programming skills, likely to become developers)

*) The Hello World message should printed over Canon's GUI screen (in other words, by code running alongside Canon's firmware). The display tests you have seen recently are all standalone code (similar to the Linux port, if you want), so they are of limited use. They are proof we can run code on the camera, and this codebase provides a way to debug things with a little more than just LED blinks.
Title: Re: Canon 80D
Post by: Marsu42 on October 04, 2016, 11:59:24 PM
Even if dual iso will work (which we don't know yet), the gain will be small, probably about 0.5 stops at 100/1600. From DxO data (https://www.dxomark.com/Cameras/Compare/Side-by-side/Canon-EOS-80D-versus-Canon-EOS-70D___1076_895), I expect the 80D sensor at ISO 100 to be nearly as good as the 70D at say 100/800, without the resolution loss.

Ugh!? How so? I understand the dr gain of the 80d is achieved by eliminating low-iso read noise, so higher iso values are just as they used to be - but still, an overlap should get us more than 0.5ev? https://www.dxomark.com/Cameras/Canon/EOS-80D---Measurements

And if dual_iso on 80d isn't really something to look forward to, it means even a ml'ed Canon doesn't reach recent Sonikon at all: https://www.dxomark.com/Cameras/Compare/Side-by-side/Canon-EOS-80D-versus-Nikon-D7200-versus-Canon-EOS-70D___1076_1020_895
Title: Re: Canon 80D
Post by: Greg on October 05, 2016, 01:36:18 AM
8MPx
Code: [Select]
ISO 100
80D -> 13.17EV
D7200 -> 14.59EV

ISO 100 + ISO 6400
80D -> 14.4EV
D7200 ->  15.22EV

24MPx
Code: [Select]
ISO 100
80D -> 12.33EV
D7200 -> 13.79EV

ISO 100 + ISO 6400
80D -> 13.37EV
D7200 ->  14.42EV

Loss of detail for 1EV more does not make sense.
Title: Re: Canon 80D
Post by: eduperez on October 05, 2016, 07:40:33 AM
Ugh!? How so? I understand the dr gain of the 80d is achieved by eliminating low-iso read noise, so higher iso values are just as they used to be - but still, an overlap should get us more than 0.5ev? https://www.dxomark.com/Cameras/Canon/EOS-80D---Measurements

And if dual_iso on 80d isn't really something to look forward to, it means even a ml'ed Canon doesn't reach recent Sonikon at all: https://www.dxomark.com/Cameras/Compare/Side-by-side/Canon-EOS-80D-versus-Nikon-D7200-versus-Canon-EOS-70D___1076_1020_895

Have a look at https://www.dpreview.com/reviews/canon-eos-80d-review/12 (https://www.dpreview.com/reviews/canon-eos-80d-review/12) and https://www.dpreview.com/reviews/canon-eos-80d-review/13 (https://www.dpreview.com/reviews/canon-eos-80d-review/13). In a 80D, there is little difference between raising the ISO and correcting the exposure in post processing, and dual-ISO's advantage is based precisely in that difference. With that camera, in most situations you can just take the shot at ISO 100 and then raise the shadows during post-processing.
Title: Re: Canon 80D
Post by: Marsu42 on October 05, 2016, 12:53:39 PM
With that camera, in most situations you can just take the shot at ISO 100 and then raise the shadows during post-processing.

Riiiight, so I understand with dual_iso the camera would basically capture the same information at both iso levels, minus the dynamic range that is clipped at higher iso values of every other scanline?

Loss of detail for 1EV more does not make sense.

I'd tend to disagree there, 1ev is double or half the light which is a lot. And it can be exactly the dynamic range that is clipped from the bright sky or detail drowned in deep shadows (like the eye of an animal, even though the rest of the scene is brighter). That's the hassle with digital photography - missing data is missing data, but a little data can be still recovered and worked with. Plus the afaik dual_iso's "loss of detail" only affects the semi-over/underexposed areas, so by definition with the 80d's little ev gain it would be little to worry about?

Anyway, I guess either the current dual_iso code works with the 80d or it doesn't b/c Canon has done some radical changes ... though knowing Canon, it's more likely everything is the same as before but the marketing brochure got a face-lift :->
Title: Re: Canon 80D
Post by: a1ex on October 05, 2016, 02:02:30 PM
I'd tend to disagree there, 1ev is double or half the light which is a lot.

Yes, but that comes at the cost of 4EV of aliased highlights at 100/1600, or 6EV at 100/6400.

And I somehow doubt the shadows at ISO 100/1600 will actually look cleaner than at ISO 100, because of the half resolution (which, in theory, reduces the DR by 0.5 stops and also affects the noise structure). So, without seeing the images, I'd say the tradeoff may not worth the extra effort.

If we have a bracketed image set, one at ISO 100 and another at ISO 1600, we can simulate a dual ISO image (lookup fake_dual_iso.exe) and see exactly if there is any extra shadow detail or not, compared to ISO 100.

Quote
Anyway, I guess either the current dual_iso code works with the 80d or it doesn't b/c Canon has done some radical changes ...

The CMOS registers are still used (strings are present), the implementation appears to have changed (strings look different), but ADTG strings are no longer there. Interesting that 5D4 contains ADTG strings on the AE processor, but none of them is present on the main procesor.

Some interesting strings from 80D, not present on earlier cameras (not even on 750D/760D):
Code: [Select]
RegisterSendCMOSGainCBR
( pCmosGain[0] & CMOS_ADDR_MASK ) == CMOS_REG_R_GAIN9
( pCmosGain[1] & CMOS_ADDR_MASK ) == CMOS_REG_R_GAIN10
( pCmosGain[2] & CMOS_ADDR_MASK ) == CMOS_REG_R_GAIN11
( pCmosGain[3] & CMOS_ADDR_MASK ) == CMOS_REG_R_GAIN12
(R_GAIN9_Param & CMOS_ADDR_MASK ) == CMOS_REG_R_GAIN9
(R_GAIN10_Param & CMOS_ADDR_MASK ) == CMOS_REG_R_GAIN10
(R_GAIN11_Param & CMOS_ADDR_MASK ) == CMOS_REG_R_GAIN11
(R_GAIN12_Param & CMOS_ADDR_MASK ) == CMOS_REG_R_GAIN12

Some strings from 750D/760D, not present in 80D:
Code: [Select]
( *pwRegister & 0xF000 ) == CMOS_VSKIP_START_ADDRESS
( *pwRegister & 0xF000 ) == CMOS_VSKIP_END_ADDRESS
( *pwRegister & 0xF000 ) == CMOS_HSKIP_ADDRESS
( *pwRegister & 0xF000 ) == CMOS_SAF_RESET_ADDRESS
[REG] @@@@@@@@@@@@ Start ADTGDMA[CS:%lx:%lx]size:%d

So, dual iso will probably work, maybe not out of the box, and there appears to be some potential for tweaking the gains.

However, at this point, it's just speculation. As in...

www.magiclanternrumours.com (https://www.youtube.com/watch?v=oHg5SJYRHA0)

:)
Title: Re: Canon 80D
Post by: Marsu42 on October 06, 2016, 04:58:18 PM
Quote from: a1ex link=topic=17360.msg172969#msg172969
date=1475668950
Yes, but that comes at the cost of 4EV of aliased highlights at 100/1600

Well, looking at my personal photography the highlights are usually in the sky so I couldn't care less about aliasing there, it's just important that it isn't blown. ymmv.

Quote
And I somehow doubt the shadows at ISO 100/1600 will actually look cleaner than at ISO 100, because of the half resolution

That's probably true, and my experience with current dual_iso, too. But again, for it it's about *any* recognizable data other than plain noise being there. For example viewers won't look at the deep black fur parts of an animal in detail, but it is disturbing if some black parts look either clipped or like pushed plain shadow noise. ymmv if you don't shoot moving black buffaloes in bright back lighting at noon :-)

Quote
(which, in theory, reduces the DR by 0.5 stops and also affects the noise structure).

You can translate the loss of resolution into dynamic range? That sound kind of strange, or is this some mathematic wizardry about noise?

Quote
If we have a bracketed image set, one at ISO 100 and another at ISO 1600, we can simulate a dual ISO image (lookup fake_dual_iso.exe) and see exactly if there is any extra shadow detail or not, compared to ISO 100.

Well, but you'd have to do this with actual 80d shots, right? If any 80d owner reads this, please do go ahead and shoot a grey patch @iso 100/1600 and run it through fake_dual_iso and let's compare with a pushed and bracketed-hdr shot.

Quote
Interesting that 5D4 contains ADTG strings on the AE processor, but none of them is present on the main processor.

Which means 5d4 users are screwed, but there's hope for 80d and 760d, right?

That would serve 'em right, b/c remembering the discussion about the 1d, a camera in the price range of the 5d4 isn't exactly covered by "poor enthusiasts adding features to their budget and midrange cameras" :-o ...

... if some other camera should be covered by ml, it'd be the 1d4 which should be about what the 7d1 tech is ... but the 1d4 is really cheap by now. But don't let Canon hear :-p
Title: Re: Canon 80D
Post by: Marsu42 on October 06, 2016, 05:08:49 PM
An off-dev-topic question to you 80d owners: The spec say that all af pts except the center one are only f5.6-precise.

I have some fast lenses, say a 50/1.8. Does this in *reality* mean that such a lens is completely unusable except with the center pt when wider open (like f2.5), or are the outer pts better than advertised, or is the af pt expansion so good it makes up for the lack of precision? That's b/c even with the 60d's center point (f2.8-precise) the af performance of this lens is dubious at best.

Thanks for actual experiences with this camera, I'm still not sure if I should get it or stick with an older and cheaper one that runs ml right now and can recover the lack of dr with dual_iso.
Title: Re: Canon 80D
Post by: Mr.Click on October 07, 2016, 08:07:55 PM
No you´re wrong. All AF points work as cross sensors even with a slow f5,6 lens , but only the mid Sensor works as a dual cross Sensor with a fast lens ( f 0..-f 2,8)
The Mid AF Sensor even works at f8 . With Special lenses & Converters even 27 AF Sensors work at f8.

Please excuse my worse English ;-)
Title: Re: Canon 80D
Post by: Marsu42 on October 08, 2016, 03:26:00 PM
No you´re wrong. All AF points work as cross sensors even with a slow f5,6 lens , but only the mid Sensor works as a dual cross Sensor with a fast lens ( f 0..-f 2,8)
The Mid AF Sensor even works at f8 . With Special lenses & Converters even 27 AF Sensors work at f8.

I didn't ask about if it's cross or not, but how the *precision* of the f5.6 points with a lens faster than f5.6 is (like the mentioned 50mm prime). This is a real question, b/c the specs don't tell the whole story - the outer cross points a) could work quite well even with a fast lens, or b) could be totally worthless making the 80d a one-point-center-only camera with fast lenses. I have tested the 80d in a store, but only with the kit lens, that's why I'm asking other actual 80d users.

Btw the new motor-operated mirror makes me worry. With the older spring-operated mirror I got 330k shutter cycles out of my 60d, but I very much doubt a 80d will live that long if a motor is involved. Another case of "planned obsolescence"? Atm I'm rather thinking about getting a sturdy 7d1 with full magic lantern support right now :-o

My other general 80d comment of the day: Canon again put a lot of work into withholding features as the most useful af mode is missing ... "af pt expansion" is only on 7d2 and 5d3. So for precise af, it's one-point only with the 80d b/c the 9-point mode covers a much too large area :-\

Quote
Please excuse my worse English ;-)

Always a pleasure to exchange bad English with another German :-p
Title: Re: Canon 80D
Post by: Mr.Click on October 08, 2016, 09:59:23 PM
Ah you are German too  :D
You are still thinking wrong.  The outer AFCross  Sensors don´t work worser with a brighter lens. They work the same with a f 1,2 lens as they work with a f 5,6 lens. ( Same as most other EOS DSLR´s like 70D, 60D, 7D, 50D etc)
That only means that the lens doesnt´t have to be darker than f 5,6 . With a f 8 lens they probably stop working.
Only the Mid AF Sensor works with f8 Lenses and works as a Dual Cross Sensor with better light sensitivity when you mount f 2,8 glass or brighter.
With some rare lens combinations you even get 27 Af Points working at f8.
But all AF Sensors work very good with bright lenses( f 1-f 2,8) and also with dark lenses.(3,2- 5,6) No Problem.
Surprisingly the 80DAF works more accurate at all than it´s predecessors. I nearly have no AF misses since I have the 80D.
Hope you understand now. ( einfach umgekehrt denken, die Canon Beschreibung ist so geschrieben das man es schnell falsch versteht)
Title: Re: Canon 80D
Post by: ccs86 on October 10, 2016, 04:08:08 AM
Take it to PMs guys.
Title: Re: Canon 80D
Post by: Marsu42 on October 11, 2016, 01:36:19 PM
Take it to PMs guys.

And you're using the forum to tell us to pm instead of sending us a pm yourself, Mr. spare-time mod? :-)

Anyway, this tech discussion is an important preliminary for supporting ML on the 80d as it details features found in this model vs. previous or other current d6 models, thus outlining the fw changes to be expected while looking for stubs.
Title: Re: Canon 80D
Post by: ariznaf on October 15, 2016, 11:04:01 AM
I am glad to know that there are experienced devs working in the port.

It is a ver y interesting camera, a step ahead previos models, with a very good focusing engine.

The day we could see the hello world message in it will be a great day.

With ML the camera will be a dream.

May be that ml could take advantages of the focusing system and put it a step further, closer to high end models.

Thanks for your grant work.

If I can help please tell me how, may be I have to wait to the alpha release to help in testing.
Title: Re: Canon 80D
Post by: jfkingsley on October 23, 2016, 09:46:20 PM
Hey all,

I've recently picked up an 80D, and also have a fair bit of experience working with low-level C, although admittedly less in terms of reverse-engineering embedded systems like this. I'd be very interested in lending a hand here if possible. I realise #40 is currently what we're up to, so if we're at a temporary waiting game so be it, but if not i'd be interested in gaining some pointers on where to start poking.

Jon.
Title: Re: Canon 80D
Post by: a1ex on October 23, 2016, 10:43:49 PM
Sounds good. Have you got it working in QEMU?
Title: Re: Canon 80D
Post by: LesterL on November 04, 2016, 03:07:41 PM
I own an 80D and have done some tests with low-iso dynamic range. I made a picture profile that expands the dynamic range in video and I've been very impressed by the clean results in the shadows. It looks very similar to the 13-stops that come off of the BMPCC. I think this camera would be amazing in RAW video, as the stills captured with this camera can be pushed a lot and still look clean. Plenty of youtube videos showing this.

I'm open for helping with the testing of a ML firmware. Also, if anyone would like the Custom Picture profile I created, I'd be glad to share it for use in the meantime. Just PM me.

Thanks to everyone working on this.
Title: Re: Canon 80D
Post by: LesterL on November 07, 2016, 08:08:06 PM
Some promising numbers from memory tests done with the 80D. Around 81MB/s possible sustained write speed. Which is really quite impressive.
Checkout the results from various cards.
http://www.cameramemoryspeed.com/canon-80d/sd-card-comparison/

With the recent progress in 10 and 12-bit raw recording options on the 5D III this could make for an impressive showing from the 80D down the road. If those can even be ported over to the 80D. We shall see.
Title: Re: Canon 80D
Post by: DeafEyeJedi on November 07, 2016, 10:27:58 PM
Interesting findings @LesterL and I'll be sending you a PM re: CP Profile. Thanks for sharing!
Title: Re: Canon 80D
Post by: dinissilva on November 25, 2016, 09:30:11 PM
Hey guys! Awesome progress! I was helping when we started testing the firmware! And now I'm back! Anythink i can help, please say it!
Title: Re: Canon 80D
Post by: julienpierb on December 10, 2016, 01:39:58 PM
Hey folks!
I just acquired a 80D two days ago and, I must say, that I already adore this camera.
I would be most interested in helping ML as best as I can.
I don't have coding knowledge, but I have a healthy amount of free time and I am a daily shooter.
If you need someone to test, I am most interested in doing so and answering as many questions.
Title: Canon 80D
Post by: AaronE on December 13, 2016, 10:41:06 PM
Hello as well!  Long time ML user on a T2i (and CHDK user before that on a P&S from a decade ago).

Just pulled the trigger on an 80D, and would love to lend a hand.  I've a lot of C and higher experience, a good bit of (rusty) embedded knowledge, some ASM and ARM chops, and a tiny bit of reverse engineering.  Looking forward to getting involved – the minds here (I'm looking at you, a1ex!) are pretty damn impressive.

Hopefully it's here by the end of the week and I'll be useful.  Anything I can do to get started (besides RTFM) to further the cause?
Title: Re: Canon 80D
Post by: Mashaal_m47 on December 16, 2016, 09:53:17 PM
I know thats its too early to expect an hack for canon 80d can i know that is there any work going on for canon 80d
Title: Re: Canon 80D ~ Dear Santa
Post by: OlRivrRat on December 21, 2016, 07:50:53 PM
      HeyThere St' Nik & Alex

   I'll bet You Can You guess what I would Really Like for Christmas ~

                     ORR ~ DeanB
Title: Re: Canon 80D
Post by: komocode on December 30, 2016, 10:12:56 AM
that sounds great guys. hopefully one day we'll see ML on 80D
Title: Re: Canon 80D
Post by: Jamie_Fenn on January 06, 2017, 02:21:19 AM
If ML is available for 80d in the future, what do you guys think the capabilities of the camera  will be?
Title: Re: Canon 80D
Post by: ltf3 on January 09, 2017, 10:51:36 PM
selfishly, all I need is Focus Peaking for video!
 ;D

Title: Re: Canon 80D
Post by: gsanchez922 on January 16, 2017, 08:32:16 AM
selfishly, all I need is Focus Peaking for video!
 ;D


Hello man if you only need focus peak checkout Feelworld FW759 7 Inches Here is the link for amazon. This is ready to go.

https://www.amazon.com/gp/product/B0196JVB0S/ref=oh_aui_detailpage_o00_s00?ie=UTF8&psc=1 (https://www.amazon.com/gp/product/B0196JVB0S/ref=oh_aui_detailpage_o00_s00?ie=UTF8&psc=1)
Title: Re: Canon 80D
Post by: gusjsph on February 05, 2017, 09:26:22 AM
hey there, just bought myself an 80D and would love to help if you need it! I really need the option to record video for longer than 30 minutes so if there's anything I can do to help the development process PM me and I'll do my best to assist. Thanks for your hard work on this software, much appreciated!
Title: Re: Canon 80D
Post by: Kaleb on February 18, 2017, 06:08:18 AM
Hey! First off, great work everyone! I love the progress that's being made.
 I would like to offer my help as I have an 80D and would love to help if needed.

PM me if you need me! It would be an honour to further with the development of Magic Lantern for 80D with you all!
Title: Re: Canon 80D
Post by: Mr.Click on February 19, 2017, 02:03:54 PM
There is a new firmware for the 80D available , maybe this will help developing an 80D ML Version ?
Title: Re: Canon 80D
Post by: Ant123 on February 19, 2017, 02:23:11 PM
There is a new firmware for the 80D available , maybe this will help developing an 80D ML Version ?
No. Only finding the developer with the camera would help...
Title: Re: Canon 80D
Post by: Kaleb on February 22, 2017, 12:58:00 AM
Nice eye! I didn't even notice there was an update!

How would a new firmware help in the development of Magic Lantern?
Title: Re: Canon 80D
Post by: ariznaf on February 22, 2017, 11:52:33 AM
Because they have a firmware in a file to play with it in the emulators.

It seems that it is not easy to get the firmware out from the camera.
Title: Re: Canon 80D
Post by: a1ex on February 22, 2017, 12:11:36 PM
It seems that it is not easy to get the firmware out from the camera.

Click! (http://www.magiclantern.fm/forum/index.php?topic=17360.msg171019#msg171019)

Anyone with basic command-line skills can get a copy of the firmware from his own camera and reproduce my experiments in the emulator. Hint, hint ;)
Title: Re: Canon 80D
Post by: Greg on February 24, 2017, 06:58:50 PM
(https://s8.postimg.org/asvnkyt4l/80d_qemu.png)
Title: Re: Canon 80D
Post by: Ant123 on February 24, 2017, 07:17:20 PM
When we will see exactly the same picture on the camera display?   :)
Title: Re: Canon 80D
Post by: walter_schulz on February 24, 2017, 07:18:17 PM
It's alive!
Title: Re: Canon 80D
Post by: DeafEyeJedi on February 24, 2017, 07:36:34 PM
Great work @Greg!
Title: Re: Canon 80D
Post by: Greg on February 24, 2017, 08:07:22 PM
I just ran qemu :

Code: [Select]
./run_canon_fw.sh 80D,firmware=\"boot=1\" -s -S & arm-none-eabi-gdb -x 80D/debugmsg.gdb
I do not have 80D. It's just a joke (changed artist in hex editor)  ;)
Title: Re: Canon 80D
Post by: OlRivrRat on February 25, 2017, 07:39:19 AM
                       @Greg

             NOT FUNNY ~

                               ORR ~ DeanB
Title: Re: Canon 80D
Post by: Pierro777 on February 26, 2017, 12:32:20 AM
Is this for real or trolling ?
Title: Re: Canon 80D
Post by: a1ex on February 26, 2017, 03:09:32 PM
When we will see exactly the same picture on the camera display?   :)

... about 7 months ago (http://www.magiclantern.fm/forum/index.php?topic=17360.msg169752#msg169752) ;)

Is this for real or trolling ?

Greg's screen is real; that's what any of you will get by running your ROM (http://www.magiclantern.fm/forum/index.php?topic=17360.msg171019#msg171019) in QEMU with default configuration (which runs the portable display test (http://www.magiclantern.fm/forum/index.php?topic=14732)).

Next step is figuring out how to fix the boot process. Experience with self-modifying code on ARMv7 will help.
Title: Re: Canon 80D
Post by: Ant123 on February 26, 2017, 03:26:48 PM
... about 7 months ago (http://www.magiclantern.fm/forum/index.php?topic=17360.msg169752#msg169752) ;)

I said "exactly", i.e. with "BOOT=-1"  :)
Title: Re: Canon 80D
Post by: Greg on February 26, 2017, 05:32:21 PM
EnableBootDisk
Code: [Select]
0xFE5F150C(0xFC040004, -1);
DisableBootDisk
Code: [Select]
0xFE5F150C(0xFC040004, 0);
Title: Re: Canon 80D
Post by: Ant123 on February 26, 2017, 07:24:28 PM
EnableBootDisk
Code: [Select]
0xFE5F150C(0xFC040004, -1);
DisableBootDisk
Code: [Select]
0xFE5F150C(0xFC040004, 0);
Try it on YOUR camera first.  ;D
Title: Re: Canon 80D
Post by: Greg on February 26, 2017, 08:06:25 PM
I do not have 80D. It's too expensive.
I have only qemu cameras :P
Title: Re: Canon 80D
Post by: Straight_Shooter on March 05, 2017, 05:01:32 PM
I am now the owner of an 80D, in addition to my old 1100D.  :)

As soon as we have some binary that we can test I will be happy to help with testing.
Title: Re: Canon 80D
Post by: pawl on April 04, 2017, 10:01:39 AM
I'm still using 60d
The main reason I didn't upgrade it yet to 80d is because of ML not ready  :D :D :D

(in addition: 80D comes with DIGIC6, but 77D comes with DIGIC7. I'm afraid Canon will release a 8xD with DIGICx)
Title: Re: Canon 80D
Post by: JaSt on April 10, 2017, 10:12:28 AM
Greetings to ML developers,
I have an 80D. Contact me if you want to help with testing of early version.
Thanks in advance.  :)
Title: Re: Canon 80D
Post by: benzett on April 18, 2017, 04:16:42 PM
hey folks, are there any news about a ML version for the 80d? Im thinking about buying it, but unless i can get rid of the focus boxes, i wont... :) thanks for your work!
Title: Re: Canon 80D
Post by: Muwex on April 20, 2017, 02:59:51 PM
Hi!
I am also owner of Canon 80D and been for a long while, i have had Canon 500D which i had Magic lantern on sooooo.... i would be more than happy to finally have it on 80D.
Ofcourse i understand that it takes time, but if help is needed, i can try my best and do some testing :)

I do videos into 5 channels, this is my main channel: https://www.youtube.com/channel/UCXzdh4S1HOEpTTLreDBprlw
So i have like 5 years experiance with video making and creativity on YouTube :)
Title: Re: Canon 80D
Post by: deathbyderps on April 23, 2017, 01:45:27 PM
Hey i too got an 80d about a month back.
I'd be happy to test any form of early software, as unstable as it may be.
Feel free to drop me an email.
Title: Re: Canon 80D
Post by: Spakes on April 29, 2017, 07:55:52 AM
Hi. New here.
I got 80D too, updated it to 1.0.2 through EOS Utility 3. Don't have enough knowledge for QEMU/Low-Level C (only learning C++ and Java for Android), but open for testing anything. If you have some manuals for reverse engineering or need to test something, I'm ready to help. Just tell me what to do.
Title: Re: Canon 80D 1.0.2
Post by: Spakes on May 02, 2017, 01:57:33 PM
I know, there are minor updates in 1.0.2, but I still made a dump of 1.0.2 (why not, better for Norwegians and lens registration).
I can give you a link to all dumps if you PM me.
Is there also anything I can do which doesn't require a lot of time? I'll try to do some disassembly after June 10th, maybe, can't do it now 'cause exams.
Title: Re: Canon 80D
Post by: Greg on May 09, 2017, 06:23:16 PM
Any plans with digic 6/7?
Title: Re: Canon 80D
Post by: Ant123 on May 10, 2017, 08:07:50 AM
Any plans with digic 6/7?

https://www.magiclantern.fm/forum/index.php?topic=17627.msg179772#msg179772 (https://www.magiclantern.fm/forum/index.php?topic=17627.msg179772#msg179772)
Title: Re: Canon 80D
Post by: Greg on May 10, 2017, 02:07:07 PM
It looks like no one wants a sensor in technology from 15 years ago.  :P
Title: Re: Canon 80D
Post by: emklap on May 11, 2017, 09:44:29 PM
Hi, I'm new here and have started on 80D reverse engineering.

I made custom firmware for the EOS 300D long time back and think its fun to try the port ML to the 80D.

I have virualbox setup and am able to compile the ML code, qemu still needs to be setup.

I use 80D FW1.0.2 because that was on my camera and could not find FW 1.0.1 . Th rom dumper worked fine a gave me three ROM1 dumps, one with a valid CRC.

(https://thumb.ibb.co/k1Soqk/IMG_0967.jpg) (https://ibb.co/k1Soqk)


I duplicated the file and load into IDA with offset 0xFC000000 and analysis of the code went smoothly. I now need to run an idc script because the automatic analyses does not start recognize the first character of a strings. See if my old code still works  :-)

Also the perl script disassamble.pl ran fine giving me lots of strings to work with. Some (2x) 330,000 way to may  :D to work with and I need to somehow remove the ones that do not make sense.

start of code looks like this
Code: [Select]
ROM:FC000000 ; Processor       : ARM
ROM:FC000000 ; ARM architecture: metaarm
ROM:FC000000 ; Target assembler: Generic assembler for ARM
ROM:FC000000 ; Byte sex        : Little endian
ROM:FC000000
ROM:FC000000 ; ===========================================================================
ROM:FC000000
ROM:FC000000 ; Segment type: Pure code
ROM:FC000000                 AREA ROM, CODE, READWRITE, ALIGN=0
ROM:FC000000                 ; ORG 0xFC000000
ROM:FC000000                 CODE32
ROM:FC000000
ROM:FC000000 loc_FC000000                            ; DATA XREF: sub_FC0274EC+34r
ROM:FC000000                                         ; sub_FC0274EC+40w
ROM:FC000000                 STC2            p0, c0, [R0], {8}
ROM:FC000004                 STC2            p0, c0, [R0], {0x48}
ROM:FC000008                 MOV             R0, #0
ROM:FC00000C                 MCR             p15, 0, R0,c6,c2, 0
ROM:FC000010                 MOV             R0, #0
ROM:FC000014                 MCR             p15, 0, R0,c6,c1, 0
ROM:FC000018                 MOV             R0, #0x3F
ROM:FC00001C                 MCR             p15, 0, R0,c6,c1, 2
ROM:FC000020                 MOV             R0, #0x320
ROM:FC000024                 MCR             p15, 0, R0,c6,c1, 4
ROM:FC000028                 MRC             p15, 0, R0,c1,c0, 0
ROM:FC00002C                 BIC             R0, R0, #0x20000
ROM:FC000030                 ORR             R0, R0, #1
ROM:FC000034                 DSB             SY
ROM:FC000038                 MCR             p15, 0, R0,c1,c0, 0
ROM:FC00003C                 ISB             SY
ROM:FC000040                 LDR             PC, =0xFE020000

and on FE0A0000 like this
Code: [Select]
ROM:FE0A0000                         ; ---------------------------------------------------------------------------
ROM:FE0A0000                         ; START OF FUNCTION CHUNK FOR sub_FE020000
ROM:FE0A0000
ROM:FE0A0000                         loc_FE0A0000                            ; CODE XREF: ROM:FC020E78j
ROM:FE0A0000                                                                 ; sub_FE020000+E78j
ROM:FE0A0000                                                                 ; DATA XREF: ROM:FC020E74o
ROM:FE0A0000                                                                 ; ROM:off_FC021278o ...
ROM:FE0A0000 04 00 8F E2                             ADR             R0, loc_FE0A000C
ROM:FE0A0004 01 00 80 E3                             ORR             R0, R0, #1
ROM:FE0A0008 10 FF 2F E1                             BX              R0 ; loc_FE0A000C
ROM:FE0A000C                         ; ---------------------------------------------------------------------------
ROM:FE0A000C                                         CODE16
ROM:FE0A000C
ROM:FE0A000C                         loc_FE0A000C                            ; CODE XREF: sub_FE020000+80008j
ROM:FE0A000C                                                                 ; DATA XREF: sub_FE020000:loc_FE0A0000o
ROM:FE0A000C 40 F2 00 00 C0 F2 00 00                 MOV             R0, #0
ROM:FE0A0014 40 F2 38 03 C0 F2 00 03                 MOV             R3, #0x38
ROM:FE0A001C 20 F0 01 00                             BIC.W           R0, R0, #1
ROM:FE0A0020 23 F0 01 03                             BIC.W           R3, R3, #1
ROM:FE0A0024 40 F2 00 01 C0 F2 00 01                 MOV             R1, #0
ROM:FE0A002C
ROM:FE0A002C                         loc_FE0A002C                            ; CODE XREF: sub_FE020000+80038j
ROM:FE0A002C 98 42                                   CMP             R0, R3
ROM:FE0A002E 3C BF                                   ITT CC
ROM:FE0A0030 50 F8 04 2B                             LDRCC.W         R2, [R0],#4
ROM:FE0A0034 41 F8 04 2B                             STRCC.W         R2, [R1],#4
ROM:FE0A0038 F8 D3                                   BCC             loc_FE0A002C
ROM:FE0A003A 4F F0 01 00                             MOV.W           R0, #1
ROM:FE0A003E 06 EE 12 0F                             MCR             p15, 0, R0,c6,c2, 0
ROM:FE0A0042 40 F2 21 11                             MOVW            R1, #0x121
ROM:FE0A0046 06 EE 91 1F                             MCR             p15, 0, R1,c6,c1, 4
ROM:FE0A004A BF F3 4F 8F                             DSB.W           SY
ROM:FE0A004E 19 EE 11 0F                             MRC             p15, 0, R0,c9,c1, 0
ROM:FE0A0052 00 F0 7D 00                             AND.W           R0, R0, #0x7D
ROM:FE0A0056 40 F2 01 01 C8 F2 00 01                 MOV             R1, #0x80000001
ROM:FE0A005E 40 EA 01 00                             ORR.W           R0, R0, R1
ROM:FE0A0062 09 EE 11 0F                             MCR             p15, 0, R0,c9,c1, 0
ROM:FE0A0066 40 F6 00 00 C8 F2 00 00                 MOV             R0, #0x80000800

The next step is to find stubs but have no clue where to start, IDA show just over 100000 functions!! again where do I start????
Can anyone provide some tips, e.g. which functions are important to find and which not? are there some easy one to start with.
Are the idc scripts available that can do some of the work for me/us.

Looking forward to some coding time

 

Title: Re: Canon 80D
Post by: a1ex on May 12, 2017, 01:50:52 PM
Hi - emklap from CHDK, right?

For IDA, you need to select ARMv7 A&R, and also*) load the same ROM at 0xFE000000.

*) Loading both ROMs makes IDA very slow (at least here), so it may be best to define two "projects": one for analyzing the bootloader at 0xFC000000 and another one for the main firmware at 0xFE000000.

The perl script has a custom version for DIGIC 6, but I didn't try it. You should know the CHDK forum better than me :D

Some of the stubs are listed in the digic6-dumper branch. There is an initial platform directory for 80D, which uses a minimal file structure (suitable for experimenting around) - this works fine in QEMU, but not on the actual hardware. I believe the issue is caching in the context of self-modifying code (ARMv7 has a different way to deal with this), but didn't look too much into it yet. Copying CHDK cache functions is probably enough to move forward.

When you are ready to run code on your camera, just get in touch with me on IRC.
Title: Re: Canon 80D
Post by: Ant123 on May 12, 2017, 10:15:02 PM
http://chdk.wikia.com/wiki/Digic_6_Porting (http://chdk.wikia.com/wiki/Digic_6_Porting)

Copying CHDK cache functions is probably enough to move forward.

What is "CHDK cache functions" ?
Title: Re: Canon 80D
Post by: a1ex on May 12, 2017, 10:32:30 PM
https://app.assembla.com/spaces/chdk/subversion/source/HEAD/trunk/lib/armutil/cache.c

Refer to ARM ARM v7, Cortex R4 TRM, and this blog post (https://community.arm.com/processors/b/blog/posts/caches-and-self-modifying-code).
Title: Re: Canon 80D
Post by: emklap on May 15, 2017, 12:54:33 PM
Hi A1ex,

Yes, I am the emklap of CHDK, there are not may of me around  :D
I already set IDA to ARMv7 A&R, didn't see any immediate change. I have no performance degradation with the entire FW Bootloader  & ROM RAM loaded in one IDA project, but the suggestion to split it is a nice one, might try that myself as well.

Next steps for me will be to get QEMU up and running and to adjust the CHDK IDC Scripts for my project.
I have limited time over the next weekends so it might take some time but I will report my progress in due time. I catch up with ARM disassembly as well.


Title: Re: Canon 80D
Post by: Pierro777 on May 20, 2017, 11:12:29 PM
Hi A1ex,

Yes, I am the emklap of CHDK, there are not may of me around  :D
I already set IDA to ARMv7 A&R, didn't see any immediate change. I have no performance degradation with the entire FW Bootloader  & ROM RAM loaded in one IDA project, but the suggestion to split it is a nice one, might try that myself as well.

Next steps for me will be to get QEMU up and running and to adjust the CHDK IDC Scripts for my project.
I have limited time over the next weekends so it might take some time but I will report my progress in due time. I catch up with ARM disassembly as well.





I really hope you get it working!!!
Title: Re: Canon 80D
Post by: Mr.Click on May 31, 2017, 09:06:17 PM
Thanks you for your engagement , keep the work up  :)
Title: Re: Canon 80D
Post by: adindie on June 02, 2017, 07:46:42 PM
I'am a 80D owner too and i really want to install ML on this camera. I really want to shoot 4k video on my camera.

There is any update with ML status?
Title: Re: Canon 80D
Post by: Walter Schulz on June 03, 2017, 11:03:42 PM
No.
Title: Re: Canon 80D
Post by: Muwex on June 05, 2017, 06:18:00 PM
Hi!

Just putting here my update, that if there is need for testing, feel free to contact me for example pm or [email protected]
I have Canon 80D and i have had Canon 500D with magic lantern, i am no help for any coding work for sure, but for some testing i might be  ;)
Title: Re: Canon 80D
Post by: emklap on June 07, 2017, 10:37:01 PM
I'm, Stuck  >:(

I tried for several days to start the ROM dumper and the display test in qemu 1.6 but no luck. Can someone help me. this is what I tried so far.

I updated the file qemu/qemu-1.6.0/hw/arm/eos.c and added the lines
Code: [Select]
ML_MACHINE(80D,   0xFE0A0000);
EOS_MACHINE(80D,  0xFE0A0000);
qemu_register_machine(&canon_eos_machine_ml_80D);
qemu_register_machine(&canon_eos_machine_80D);
I also tried 0xFC000000 and 0xFC000008

In  the folder magiclantern/magic-lantern/platform I created a new folder (80D.102) and copied all files from folder of the 60D fw 1.1.1.
I added 80D.102 to the Makefile of ML.
Made updated the files Makefile and Makefile.platform.default located in the 80D.102 folder to reflect the 80D.
I used the following address in Makefile.platform.default in the 80D.102 folder.

Code: [Select]
#Makefile.setup.platform for 80D

CANON_NAME_FIR = 80D00102.FIR
FIRMWARE_ID = 0x80000350
UPDATE_NAME_FIR = BOOT_80D.FIR
FIR_BASE = 0x00800120
AUTOEXEC_BASE = 0x00800000

RESTARTSTART    = 0x001CC400
ROMBASEADDR     = 0xFE0A0000
ML_SRC_PROFILE  = minimal


Now the command make fails  (FYI If I set  "ML_SRC_PROFILE = generic" the make command finishes without errors).

The make command fails with the error "
Quote
minimal.c: In function 'my_create_init_task':
minimal.c:72:5: error: too many arguments to function 'create_init_task'
In file included from ../../src/dryos.h:41:0,
                 from minimal.c:5:
../../src/tasks.h:104:1: note: declared here

When changing the line in task.h to
Quote
create_init_task( int a, int b, int c );
I get further but now the make command stops with a new error.
The new error is
Quote
font_direct.o: In function `font_draw':
font_direct.c:(.text+0xb0): undefined reference to `disp_set_pixel'
make: *** [magiclantern] Error 1

I am sure that disp_set_pixel is declared but the linker doesn't think so

Can some give me some tips / hints?. What am I doing wrong ? or what do I need to do to get the display test or ROM dumper  running in QEMU

Th s happens when i start quemu. I used the duplicate ROM from my 80D.102 to get a 64MB BIN file

Quote
make: Leaving directory `/home/magiclantern/qemu/qemu-1.6.0'
00000000 - 00000FFF: eos.tcm_code
40000000 - 40000FFF: eos.tcm_data
00001000 - 3FFFFFFF: eos.ram
40001000 - 7FFFFFFF: eos.ram_uncached
F0000000 - F0FFFFFF: eos.rom0
F1000000 - F1FFFFFF: eos.rom0_mirror_F1
F2000000 - F2FFFFFF: eos.rom0_mirror_F2
F3000000 - F3FFFFFF: eos.rom0_mirror_F3
F4000000 - F4FFFFFF: eos.rom0_mirror_F4
F5000000 - F5FFFFFF: eos.rom0_mirror_F5
F6000000 - F6FFFFFF: eos.rom0_mirror_F6
F7000000 - F7FFFFFF: eos.rom0_mirror_F7
F8000000 - F8FFFFFF: eos.rom1
F9000000 - F9FFFFFF: eos.rom1_mirror_F9
FA000000 - FAFFFFFF: eos.rom1_mirror_FA
FB000000 - FBFFFFFF: eos.rom1_mirror_FB
FC000000 - FCFFFFFF: eos.rom1_mirror_FC
FD000000 - FDFFFFFF: eos.rom1_mirror_FD
FE000000 - FEFFFFFF: eos.rom1_mirror_FE
FF000000 - FFFFFFFF: eos.rom1_mirror_FF
C0000000 - CFFFFFFF: eos.iomem
[EOS] loading 'ROM-80D.BIN' to 0xF0000000-0xF3FFFFFF
[EOS] loading 'ROM-80D.BIN' to 0xF8000000-0xFBFFFFFF

When I run ML-80D it loads autoexec.bin and qemu-helper.bin like this

Quote
[EOS] loading 'ROM-80D.BIN' to 0xF0000000-0xF3FFFFFF
[EOS] loading 'ROM-80D.BIN' to 0xF8000000-0xFBFFFFFF
[EOS] loading 'autoexec.bin' to 0x00800000-0x0080207F
[EOS] loading 'qemu-helper.bin' to 0x30000000-0x30008C9F
[QEMU_HELPER] stub ff86af64 -> 30000130 (d195d000)
[QEMU_HELPER] stub ff9abbf4 -> 30000768 (ce83cf89)
[QEMU_HELPER] stub ff9abd20 -> 3000073c (294b2030)
[QEMU_HELPER] stub ff9abe20 -> 3000010c (93b8e0b2)
[QEMU_HELPER] stub ff9ab304 -> 3000027c (64616c62)
[QEMU_HELPER] stub ff9aac68 -> 300000dc (e3a781e3)
[QEMU_HELPER] stub ff9aabb4 -> 3000022c (e080a0ee)
[QEMU_HELPER] stub ff9aafa0 -> 3000033c (6f76754e)
[QEMU_HELPER] stub ff9ab150 -> 30000078 (36206163)
[QEMU_HELPER] stub ff9aad10 -> 30000054 (617262)
[QEMU_HELPER] stub ff9ab050 -> 30000830 (a4e5b498)
[QEMU_HELPER] stub ff85f0f0 -> 300001b8 (84cfb7ce)
[QEMU_HELPER] stub ff85f228 -> 3000019c (b49be583)
[QEMU_HELPER] stub ff9a8170 -> 30000184 (baef208b)

which gets followed by endless lines like this
Code: [Select]
[???] [0xE0411003] -> [0xCFFF9534] PC: 0x00000004
[???] [0xE12FFF1E] -> [0xCFFF9538] PC: 0x00000004
[???] [0xFF811DC0] -> [0xCFFF953C] PC: 0x00000004
[???] [0xE0030092] -> [0xCFFF9520] PC: 0x00000004
[???] [0xE0411003] -> [0xCFFF9524] PC: 0x00000004
[???] [0xE12FFF1E] -> [0xCFFF9528] PC: 0x00000004
[???] [0xFF811DC0] -> [0xCFFF952C] PC: 0x00000004
[???] [0xE0030092] -> [0xCFFF9510] PC: 0x00000004
[???] [0xE0411003] -> [0xCFFF9514] PC: 0x00000004
[???] [0xE12FFF1E] -> [0xCFFF9518] PC: 0x00000004
[???] [0xFF811DC0] -> [0xCFFF951C] PC: 0x00000004

Again, can some give me some tips / hints?. What am I doing wrong ? or what do I need to do to get the display test or ROM dumper  running in QEMU.
After that i would like to create my own bin file, rename it to autoexec.bin and load this file.
Title: Re: Canon 80D
Post by: a1ex on June 08, 2017, 07:09:41 AM
When all else fails... read the instructions. Any recent post on the QEMU thread, that references the install instructions, should do the trick.

Or, this walkthrough (http://www.magiclantern.fm/forum/index.php?topic=15895.msg185103#msg185103). You'll want QEMU 2.5.0 (not 1.6.0 and neither 2.9.0 - for now).

Don't rush to get "Hello world" yet; on digic 6 we need some more baby steps. If you really want to run it, you can take a look in src/minimal.c from the unified branch (that shows hello world with a minimal "display driver"), and you'll probably get that working in QEMU without much trouble. Note the 80D (in the digic6-dumper branch) has a different minimal.c.

However, this won't boot on the actual hardware until the caching issues (discussed earlier) are addressed.

BTW, the "generic" ROM dumper and display test are compiled from the "recovery" branch, and they work directly from the bootloader (without starting the main firmware).
Title: Re: Canon 80D
Post by: Spakes on June 11, 2017, 06:15:51 AM
When all else fails... read the instructions. Any recent post on the QEMU thread, that references the install instructions, should do the trick.

Or, this walkthrough (http://www.magiclantern.fm/forum/index.php?topic=15895.msg185103#msg185103). You'll want QEMU 2.5.0 (not 1.6.0 and neither 2.9.0 - for now).

Don't rush to get "Hello world" yet; on digic 6 we need some more baby steps. If you really want to run it, you can take a look in src/minimal.c from the unified branch (that shows hello world with a minimal "display driver"), and you'll probably get that working in QEMU without much trouble. Note the 80D (in the digic6-dumper branch) has a different minimal.c.

However, this won't boot on the actual hardware until the caching issues (discussed earlier) are addressed.

BTW, the "generic" ROM dumper and display test are compiled from the "recovery" branch, and they work directly from the bootloader (without starting the main firmware).
What caching issues and babysteps you are talking about?
Title: Re: Canon 80D
Post by: a1ex on June 12, 2017, 12:08:52 AM
What caching issues and babysteps you are talking about?

Answered a few posts above yours.
Title: Re: Canon 80D
Post by: emklap on June 14, 2017, 05:59:47 PM
:D, fresh install of Ubuntu 17 (64 BIT), toolchain 4.8.4 and qemu 2.5.0 did the trick

Code: [Select]
./run_canon_fw.sh 80D,firmware=\"boot=1\" -s -S & arm-none-eabi-gdb -x 80D/debugmsg.gdb
gives this display I wanted  :)

(https://thumb.ibb.co/iCsoV5/80_D_102_qemu.png)
Title: Re: Canon 80D
Post by: ddelreal on June 15, 2017, 01:11:44 AM
Nice!
Title: Re: Canon 80D
Post by: leonarka on June 15, 2017, 08:04:46 PM
Very much looking forward to 80d can use magic lantern
Title: Re: Canon 80D
Post by: aSoG_ on June 16, 2017, 06:37:51 PM
Hi, I do not have experience with this programming language.

But is there anything I can do? I have a 80d.
Title: Re: Canon 80D
Post by: fazorni on July 10, 2017, 04:34:11 PM
any news?
Title: Re: Canon 80D
Post by: Walter Schulz on July 12, 2017, 03:03:29 PM
Sure! (http://www.bbc.com/news)
Title: Re: Canon 80D
Post by: garry23 on July 12, 2017, 06:15:18 PM
 :)
Title: Re: Canon 80D
Post by: ariznaf on July 13, 2017, 11:20:40 AM
I post just to thank emkap efforts and a1ex support.

As the author of the original post, I am following all your steps.

As I cannot help in this phase of development, I am not posting often here.
I don't want to make the impression that I am trying to put preassure over developers.

Thanks again I hope you could get it working.
Title: Re: Canon 80D
Post by: a1ex on July 14, 2017, 01:48:37 PM
Just a heads up - QEMU is updated often with DIGIC 6 (https://bitbucket.org/hudson/magic-lantern/commits/all?search=keyword(%22DIGIC+6%22)+or+keyword(%22Thumb%22)) stuff.

For example, latest update is able to track direct jumps (http://www.magiclantern.fm/forum/index.php?topic=2864.msg187186#msg187186) to functions, which are used all over the place in Thumb-2 code.
Title: Re: Canon 80D
Post by: sombree on July 18, 2017, 08:42:23 PM
I've built autoexec.bin from latest digic6-dumper branch and run it in QEMU: https://hastebin.com/oyitotuyon.hs

I assume this means that our code did actually run:
Code: [Select]
[      init:001cc438 ] task_create(dump, prio=1e, stack=1000, entry=1cc6c0, arg=0)
By the look of minimal.c from unified branch I guess that to print "Hello, World!" in QEMU we need few more stubs (like bmp_vram_info, LCD_Palette) - am I right?

Also I've tried running this:
Code: [Select]
python find_fnt.py ROM1.BIN 0xF0000000but this is the only output I'm getting:
Code: [Select]
Find bitmap fonts in Canon DSLR firmwares
Arm.Indy. based on work by Pel, Trammel Hudson and A1ex
Title: Re: Canon 80D
Post by: a1ex on July 18, 2017, 09:56:31 PM
The display backend changed significantly on DIGIC 6 - look it up on CHDK. I'm not sure of the pixel format used outside bootloader - first we need to run something on the camera alongside the main firmware (e.g. LED blinking).

Then we need to figure out how to print things on the screen; it will be probably similar to CHDK, but I'm not sure yet.

Only after doing this step we can see whether we need bmp_vram_info and LCD_Palette, or maybe some replacement.

The CanonGothic string is not present in the 80D ROM. No big deal - Canon fonts are not used in many places in our code.

BTW, the pixel format used in the bootloader is 8 BPP, palette-based; the palette is specified as YUV, but the U/V components are unsigned now (they were signed on previous cameras). See QEMU source and disp_direct.c on the recovery branch.
Title: Re: Canon 80D
Post by: sombree on July 18, 2017, 10:34:47 PM
Ok. Is it possible to test cache-related issues in QEMU? Or is it safe enough to test on real camera?
Title: Re: Canon 80D
Post by: a1ex on July 18, 2017, 11:17:22 PM
QEMU does not emulate cache behavior, other than a few status registers.

It's probably safe to perform these tests on the camera. However, at this point, you'll need some help from us to sign the binaries you want to run (currently the binaries can be run either as autoexec.bin or as FIR; the former needs a boot flag set in the ROM and the latter must be signed). To my knowledge, CHDK had trouble running the Canon firmware from a firmware update on most (if not all) digic 6 models, so we might have to enable the boot flag from the bootloader context, in order to run autoexec.bin. Traditionally, we enable the boot flag from main firmware, but we did enable it from bootloader on VxWorks models. It's probably best to try on a less expensive D6 model first; if anyone is willing to take the risk, I can prepare a FIR for enabling the boot flag in this way.

Having some other ARMv7 device to test things could be helpful, too.
Title: Re: Canon 80D
Post by: Walter Schulz on July 19, 2017, 12:06:44 AM
Cheapest option for Digic 6 today (Powershot derivates excluded): 750D, used. Listed at about 415 Euro (Germany).

And - if the offer is still standing - there is a 750D for free: https://www.magiclantern.fm/forum/index.php?topic=17627.msg179772#msg179772
Title: Re: Canon 80D
Post by: sombree on July 19, 2017, 12:20:40 PM
Are these settings correct? I know thah I have to change base architecture to ARMv7-A&R and uncheck both "delete instruction with no xfrefs" and "perform no-return analysis".

(https://thumb.ibb.co/c8JyC5/Clipboard01.png) (https://ibb.co/c8JyC5)
Title: Re: Canon 80D
Post by: a1ex on July 19, 2017, 05:12:16 PM
No, the ROM dump loads at FE000000 and FC000000 (http://www.magiclantern.fm/forum/index.php?topic=17360.msg184533#msg184533). The ROM is mirrored and code runs from both addresses, so you can either define two projects if you have a slow PC like mine, or just one (using the additional binary option in IDA) if you have a fast one like emklap's ;)

FE0A0000 is where you will find the main firmware after loading the ROM. The initialization code starts at FC000008, and the bootloader (LILO-style, prints "BootLoder" on the UART char by char) starts at FE020000. To start the main firmware, the bootloader writes 0 to 0xD20C0084, then jumps to FE0A0000.

There are a few additional blobs copied from ROM to RAM; you can get them from QEMU if you run it with "-d romcpy" (or just look them up in the QEMU test suite log (https://builds.magiclantern.fm/jenkins/view/QEMU/job/QEMU-tests/lastSuccessfulBuild/console)).
Title: Re: Canon 80D
Post by: sombree on July 19, 2017, 05:57:06 PM
Sorry for these basic questions, but I was basing on info from this post (https://www.magiclantern.fm/forum/index.php?topic=6785.msg68973#msg68973). Anyway, this is how should I load files - am I correct?

(https://thumb.ibb.co/jb1S5Q/c2.png) (https://ibb.co/jb1S5Q)

(https://thumb.ibb.co/hnEfQQ/c3.png) (https://ibb.co/hnEfQQ)
Title: Re: Canon 80D
Post by: a1ex on July 19, 2017, 06:17:48 PM
Looks mostly fine. In the second box, try Loading segment 0, Loading offset 0xFE000000, and (not sure if this is needed with latest versions) number of bytes 0x1FFFFFC.
Title: Re: Canon 80D
Post by: sombree on July 19, 2017, 07:11:33 PM
Looks mostly fine. In the second box, try Loading segment 0, Loading offset 0xFE000000, and (not sure if this is needed with latest versions) number of bytes 0x1FFFFFC.

I think I'm close - for example this is what I see when I'm jumping to 0xFE2DB945 (sysmem_info stub):
Code: [Select]
ROM:FC2DB944                 PUSH            {LR}
ROM:FC2DB946                 SUB             SP, SP, #0x2C
ROM:FC2DB948                 ADD             R0, SP, #0x30+var_2C
ROM:FC2DB94A                 BLX             sub_FC3FBC70
ROM:FC2DB94E                 ADR             R0, aSystemMemoryIn ; "System Memory Information\n"
ROM:FC2DB950                 BL              sub_FC483CF0
ROM:FC2DB954                 LDR             R1, [SP,#0x30+var_2C]
ROM:FC2DB956                 ADR             R0, aStartAddress0x ; "  Start Address       = 0x%08lx\n"
ROM:FC2DB958                 BL              sub_FC483CF0
ROM:FC2DB95C                 LDR             R1, [SP,#0x30+var_28]
ROM:FC2DB95E                 ADR             R0, aEndAddress0x08 ; "  End Address         = 0x%08lx\n"
ROM:FC2DB960                 BL              sub_FC483CF0
ROM:FC2DB964                 LDR             R2, [SP,#0x30+var_24]
ROM:FC2DB966                 ADR             R0, aTotalSize0x08x ; "  Total Size          = 0x%08x (%9d)\n"
ROM:FC2DB968                 MOV             R1, R2
ROM:FC2DB96A                 BL              sub_FC483CF0
ROM:FC2DB96E                 LDR             R2, [SP,#0x30+var_20]
ROM:FC2DB970                 ADR             R0, aAllocatedSize0 ; "  Allocated Size      = 0x%08x (%9d)\n"
ROM:FC2DB972                 MOV             R1, R2
ROM:FC2DB974                 BL              sub_FC483CF0
ROM:FC2DB978                 LDR             R2, [SP,#0x30+var_1C]
ROM:FC2DB97A                 ADR             R0, aAllocatedPeak0 ; "  Allocated Peak      = 0x%08x (%9d)\n"
ROM:FC2DB97C                 MOV             R1, R2
ROM:FC2DB97E                 BL              sub_FC483CF0
ROM:FC2DB982                 LDR             R2, [SP,#0x30+var_18]
ROM:FC2DB984                 ADR             R0, aAllocatedCount ; "  Allocated Count     = 0x%08x (%9d)\n"
ROM:FC2DB986                 MOV             R1, R2
ROM:FC2DB988                 BL              sub_FC483CF0
ROM:FC2DB98C                 LDR             R2, [SP,#0x30+var_14]
ROM:FC2DB98E                 ADR             R0, aFreeSize0x08x9 ; "  Free Size           = 0x%08x (%9d)\n"
ROM:FC2DB990                 MOV             R1, R2
ROM:FC2DB992                 BL              sub_FC483CF0
ROM:FC2DB996                 LDR             R2, [SP,#0x30+var_10]
ROM:FC2DB998                 ADR             R0, aFreeBlockMaxSi ; "  Free Block Max Size = 0x%08x (%9d)\n"
ROM:FC2DB99A                 MOV             R1, R2
ROM:FC2DB99C                 BL              sub_FC483CF0
ROM:FC2DB9A0                 LDR             R2, [SP,#0x30+var_C]
ROM:FC2DB9A2                 ADR             R0, aFreeBlockCount ; "  Free Block Count    = 0x%08x (%9d)\n"

Though after loading additional binary file as you advised I'm getting this:
Code: [Select]
seg001:FE2DB945                 DCB 0xB5 ; Á
seg001:FE2DB946                 DCB 0x8B ; ő
seg001:FE2DB947                 DCB 0xB0 ; -
seg001:FE2DB948                 DCB    1
seg001:FE2DB949                 DCB 0xA8 ; Ę
seg001:FE2DB94A                 DCB 0x20
seg001:FE2DB94B                 DCB 0xF1 ; ˝
seg001:FE2DB94C                 DCB 0x92 ; ĺ
seg001:FE2DB94D                 DCB 0xE9 ; Ú
seg001:FE2DB94E                 DCB 0xB6 ; Â
seg001:FE2DB94F                 DCB 0xA0 ; á
seg001:FE2DB950                 DCB 0xA8 ; Ę
seg001:FE2DB951                 DCB 0xF1 ; ˝
seg001:FE2DB952                 DCB 0xCE ; +
seg001:FE2DB953                 DCB 0xF9 ; ¨
seg001:FE2DB954                 DCB    1
seg001:FE2DB955                 DCB 0x99 ; Ö
seg001:FE2DB956                 DCB 0x5C ; \
seg001:FE2DB957                 DCB 0xA0 ; á
seg001:FE2DB958                 DCB 0xA8 ; Ę
seg001:FE2DB959                 DCB 0xF1 ; ˝
seg001:FE2DB95A                 DCB 0xCA ; ¦
seg001:FE2DB95B                 DCB 0xF9 ; ¨
seg001:FE2DB95C                 DCB    2
seg001:FE2DB95D                 DCB 0x99 ; Ö
seg001:FE2DB95E                 DCB 0x63 ; c
seg001:FE2DB95F                 DCB 0xA0 ; á
seg001:FE2DB960                 DCB 0xA8 ; Ę
seg001:FE2DB961                 DCB 0xF1 ; ˝
seg001:FE2DB962                 DCB 0xC6 ; Ă
seg001:FE2DB963                 DCB 0xF9 ; ¨
I suppose it's because it wasn't analyzed though I'm not sure why.

Edit:
Oh, I didn't know that I can simply select huge chunk of code (like from 0xFE000000 to almost the end) and analyse it xD
Title: Re: Canon 80D
Post by: BobMiles on July 23, 2017, 01:12:59 PM
Hi guys,

new here, too! Just ordered a 80d and i'll be happy to help wherever I can.

I have some programming knowledge but mainly perl... I'll try and get myself up to speed and in the meantime follow your progress!

Thank you for the support!!!