Please find a ROM dumper for 80D that does not require additional hardware:DMPD_80D.FIR
Thanks zloe and Ant123 for confirmation.
The dumper is based on this code
and it saves 3 copies of the ROM, because the bootloader file I/O routines are tricky and sometimes they write invalid data. You only need one of the ROMs - check the MD5 sums to find out which copies are valid:
md5sum -c *.MD5
If it doesn't work, try a smaller card, or format it with an older filesystem (such as FAT12).
Please don't send me a copy of your ROM, I already have it. If your firmware version is not "1.0.1 6.2.2 9C(84)", please paste it. You can get the full firmware version with this command:
strings ROM1A.BIN | grep -C 2 "1\.0\.1"
To replicate my experiments in QEMU, duplicate the ROM contents to get a 64MB file, then run:
./run_canon_fw.sh 80D -s -S & arm-none-eabi-gdb -x 80D/debugmsg.gdb
Happy hacking. I'll probably need some help writing self-modifying code on this ARM platform (Cortex R4
), so if you already have experience with that, please get in touch with me.