Author Topic: RE contributions  (Read 12224 times)

Indy

  • Developer
  • Member
  • *****
  • Posts: 109
RE contributions
« on: March 02, 2013, 10:05:39 AM »
hi,

Just to let you know, I put on the bitbucket most of my python scripts (the public ones)
https://bitbucket.org/hudson/magic-lantern/src/fa4b9a00d0ca859ea86a4a0c9b0b144ef2e9b02b/contrib/indy/readme.TXT?at=unified

"it is working at least for me" ;-)

Indy

1%

  • Developer
  • Hero Member
  • *****
  • Posts: 5936
  • 600D/6D/50D/EOSM/7D
Re: RE contributions
« Reply #1 on: March 02, 2013, 05:41:42 PM »
The fir scripts let you get a bin from the canon updates? I need to look in 5d3 fir.... also that property dumper dumps props with values? That would be a godsend.

Indy

  • Developer
  • Member
  • *****
  • Posts: 109
Re: RE contributions
« Reply #2 on: March 02, 2013, 09:31:54 PM »
updates need to be decrypted first.
the script (dec_fir.py) is not public because it contains keys and crypto algorithms from Canon.

Indy


1%

  • Developer
  • Hero Member
  • *****
  • Posts: 5936
  • 600D/6D/50D/EOSM/7D
Re: RE contributions
« Reply #4 on: March 02, 2013, 09:46:47 PM »
Awesome have to use all of these on the 6D bins


1%

  • Developer
  • Hero Member
  • *****
  • Posts: 5936
  • 600D/6D/50D/EOSM/7D
Re: RE contributions
« Reply #6 on: March 02, 2013, 09:52:51 PM »
I get:

Code: [Select]

[I] Autodetected property offset: 00080000
[Block: 00, Length: 00001054, Flag: 00000000] [Base: 00080000]
  [E] Invalid block size
[Block: 01, Length: 00000000, Flag: 00000000] [Base: 00081000]
  [E] Invalid block size
[Block: 02, Length: 00001054, Flag: 00000000] [Base: 00082000]
  [E] Invalid block size
[Block: 03, Length: 00000000, Flag: 00000000] [Base: 00083000]
  [E] Invalid block size
[Block: 04, Length: 00001054, Flag: 00000000] [Base: 00084000]
  [E] Invalid block size
[Block: 05, Length: 00000000, Flag: 00000000] [Base: 00085000]
  [E] Invalid block size
[Block: 06, Length: 00001054, Flag: 00000000] [Base: 00086000]
  [E] Invalid block size
[Block: 07, Length: 00000000, Flag: 00000000] [Base: 00087000]
  [E] Invalid block size
[Block: 08, Length: 00001054, Flag: 00000000] [Base: 00088000]
  [E] Invalid block size
[Block: 09, Length: 00000000, Flag: 00000000] [Base: 00089000]
  [E] Invalid block size
[Block: 0A, Length: 00001054, Flag: 00000000] [Base: 0008A000]
  [E] Invalid block size
[Block: 0B, Length: 00000000, Flag: 00000000] [Base: 0008B000]
  [E] Invalid block size
[Block: 0C, Length: 00001054, Flag: 00000000] [Base: 0008C000]
  [E] Invalid block size
[Block: 0D, Length: 00000000, Flag: 00000000] [Base: 0008D000]
  [E] Invalid block size
[Block: 0E, Length: 00001054, Flag: 00000000] [Base: 0008E000]
  [E] Invalid block size
[Block: 0F, Length: 00000000, Flag: 00000000] [Base: 0008F000]
  [E] Invalid block size
[Block: 10, Length: 00001054, Flag: 00000000] [Base: 00090000]
  [E] Invalid block size
[Block: 11, Length: 00000000, Flag: 00000000] [Base: 00091000]
  [E] Invalid block size
[Block: 12, Length: 00001054, Flag: 00000000] [Base: 00092000]
  [E] Invalid block size
[Block: 13, Length: 00000000, Flag: 00000000] [Base: 00093000]
  [E] Invalid block size
[Block: 14, Length: 00001054, Flag: 00000000] [Base: 00094000]
  [E] Invalid block size
[Block: 15, Length: 00000000, Flag: 00000000] [Base: 00095000]
  [E] Invalid block size
[Block: 16, Length: 00001054, Flag: 00000000] [Base: 00096000]
  [E] Invalid block size
[Block: 17, Length: 00000000, Flag: 00000000] [Base: 00097000]
  [E] Invalid block size
[Block: 18, Length: 00001054, Flag: 00000000] [Base: 00098000]
  [E] Invalid block size
[Block: 19, Length: 00000000, Flag: 00000000] [Base: 00099000]
  [E] Invalid block size
[Block: 1A, Length: 00001054, Flag: 00000000] [Base: 0009A000]
  [E] Invalid block size
[Block: 1B, Length: 00000000, Flag: 00000000] [Base: 0009B000]
  [E] Invalid block size
[Block: 1C, Length: 00001054, Flag: 00000000] [Base: 0009C000]
  [E] Invalid block size
[Block: 1D, Length: 00000000, Flag: 00000000] [Base: 0009D000]
  [E] Invalid block size
[Block: 1E, Length: 00001054, Flag: 00000000] [Base: 0009E000]
  [E] Invalid block size
[Block: 1F, Length: 00000000, Flag: 00000000] [Base: 0009F000]
  [E] Invalid block size




1%

  • Developer
  • Hero Member
  • *****
  • Posts: 5936
  • 600D/6D/50D/EOSM/7D
Re: RE contributions
« Reply #10 on: March 02, 2013, 10:29:53 PM »
Thanks, I think it dumped everything now.

Output is slightly different though.

Ie 0x80010006

would be

    [Property: 02010006, Length: 0000000C] [Base: 000A6178]
?


Length is different... or are props numbered differently in rom?

g3gg0

  • Developer
  • Hero Member
  • *****
  • Posts: 2888
Re: RE contributions
« Reply #11 on: March 02, 2013, 10:41:23 PM »
well, there are a few more property sections (just realized that not all is in the autodetected one)

for example 600D:

TUNE: 0xBE0000
FIX:  0xB60000
RING: 0xAE0000
RASEN: 0xB00000
LENS:  0xEC0000

all with different block sized etc. just figuring out how to autodetect that ....

Code: [Select]
v3 = PROPAD_CreateFROMPropertyHandle((unsigned int *)&v14, 1, (int)&unk_F8B60000, 0x10000u, 8u, 0x80000u, 0x1000000);
  if ( v3 & 1 )
    DryosDebugMsg(139, 6, "PROPAD_CreateFROMPropertyHandle : FIX (%#x)", v3);
  v14 = 0x2000000;
  v4 = PROPAD_CreateFROMPropertyHandle((unsigned int *)&v14, 1, (int)&unk_F8AE0000, 0x10000u, 2u, 0x1000u, 0x1000000);
  if ( v4 & 1 )
    DryosDebugMsg(139, 6, "PROPAD_CreateFROMPropertyHandle : RING (%#x)", v4);
  v14 = 0x4000000;
  v15 = 83886080;
  v16 = 234881024;
  v5 = PROPAD_CreateFROMPropertyHandle((unsigned int *)&v14, 3, (int)&unk_F8B00000, 0x10000u, 6u, 0x20000u, 0x1000000);
  if ( v5 & 1 )
    DryosDebugMsg(139, 6, "PROPAD_CreateFROMPropertyHandle : RASEN (%#x)", v5);
  v14 = 184549376;
  v6 = PROPAD_CreateFROMPropertyHandle((unsigned int *)&v14, 1, (int)&unk_F8EC0000, 0x10000u, 6u, 0x20000u, 0x1000000);
  if ( v6 & 1 )
    DryosDebugMsg(139, 6, "PROPAD_CreateFROMPropertyHandle : LENS (%#x)", v6);

1%

  • Developer
  • Hero Member
  • *****
  • Posts: 5936
  • 600D/6D/50D/EOSM/7D
Re: RE contributions
« Reply #12 on: March 02, 2013, 10:48:21 PM »
6D has those sections too with separate dumps like on 600D.. I only tried getting the main props but instead got a 400mb 00.bin Looks a bit like ram dump. The other functions for tune/fix/ring/rasen look to be the same.

g3gg0

  • Developer
  • Hero Member
  • *****
  • Posts: 2888
Re: RE contributions
« Reply #13 on: March 03, 2013, 12:06:26 AM »
update

http://magiclantern.fm/modules/modules/PropertyEditor.exe/PropertyEditor.exe

use it with arguments:
 1: ROM-filename
 2: FROM base address
 3: blocksize
 4: number of blocks

How to get the parameters:
look for a call to CreateFROMPropertyHandle and check the arguments
the number of blocks (argument 4:) is "sectorsize * sectors / blocksize"

int PROPAD_CreateFROMPropertyHandle(unsigned int *prop_types, int prop_count, unsigned int base_address, unsigned int sectorsize, unsigned int sectors, unsigned int blocksize, int a7)

if you are not sure how to calculate, you can just pass 0 as block count or completely omit it.
then the dumper will only dump until the first block marked "valid" is found.
if you supply that count, it will dump all blocks, even old and invalid ones.

for 7D:
PropertyEditor.exe ROM1.bin 0x910000 0x040000 0x1
PropertyEditor.exe ROM1.bin 0xA00000 0x2C0000 0x1

Type  Offset  Properties
FIX:  0x910000 (0x00000000)
TUNE: 0xA00000 (0x01000000)

for 600D:
PropertyEditor.exe ROM1.bin 0xAE0000 0x001000 0x20
PropertyEditor.exe ROM1.bin 0xB00000 0x020000 0x3
PropertyEditor.exe ROM1.bin 0xB60000 0x080000 0x1
PropertyEditor.exe ROM1.bin 0xBE0000 0x2C0000 0x1
PropertyEditor.exe ROM1.bin 0xEC0000 0x020000 0x3

Type  Offset  Properties
RING: 0xAE0000 (0x02000000)
RASEN 0xB00000 (0x04000000 0x05000000 0x0E000000)
FIX:  0xB60000 (0x00000000)
TUNE: 0xBE0000 (0x01000000)
LENS  0xEC0000 (0x0B000000)


for 60D:
PropertyEditor.exe ROM1.bin 0x9D0000 0x001000 0x20
PropertyEditor.exe ROM1.bin 0x9F0000 0x020000 0x3
PropertyEditor.exe ROM1.bin 0xA50000 0x080000 0x1
PropertyEditor.exe ROM1.bin 0xAD0000 0x370000 0x1
PropertyEditor.exe ROM1.bin 0x00C000 0x000800 0x4

Type  Offset  Properties
RING: 0x9D0000 (0x02000000)
RASEN 0x9F0000 (0x04000000 0x05000000 0x0E000000)
FIX:  0xA50000 (0x00000000)
TUNE: 0xAD0000 (0x01000000)
LENS: 0xEC0000 (0x0B000000)
CUST: 0x00C000 (0x03000000)


for 6D:
PropertyEditor.exe ROM1.bin 0x080000 0x002000 0x20
PropertyEditor.exe ROM0.bin 0x060000 0x020000 0x3
PropertyEditor.exe ROM0.bin 0x0C0000 0x100000 0x1
PropertyEditor.exe ROM0.bin 0x1E0000 0x020000 0x3
PropertyEditor.exe ROM0.bin 0x020000 0x001000 0x20


Type  ROM  Offset  Properties
RING: ROM1 0x080000 (0x02000000)
RASEN ROM0 0x060000  (0x04000000 0x05000000 0x0E000000)
FIX:  ROM0 0x0C0000  (0x00000000)
LENS: ROM0 0x1E0000  (0x0B000000)
CUST: ROM0 0x020000 (0x03000000)

1%

  • Developer
  • Hero Member
  • *****
  • Posts: 5936
  • 600D/6D/50D/EOSM/7D
Re: RE contributions
« Reply #14 on: March 03, 2013, 04:05:42 AM »
Rom0 is the ram segment or...

I just get same dump from 0xff000000 for both rom0.bin and rom1.bin

The roms dissected from the firmware updates start at 0xff00 or at program area (5d3  0xf80c0000)?




g3gg0

  • Developer
  • Hero Member
  • *****
  • Posts: 2888
Re: RE contributions
« Reply #15 on: March 03, 2013, 11:56:37 AM »
ROM0: 0xF0000000 - 0xF7FFFFFF (when camera has a ROM0, then its 8 or 16M, so its 0xF0000000-0xF0FFFFFF)
ROM1: 0xF8000000 - 0xFFFFFFFF (most cameras have 16M, so its 0xF8000000-0xF8FFFFFF)

Indy

  • Developer
  • Member
  • *****
  • Posts: 109
Re: RE contributions
« Reply #16 on: March 03, 2013, 12:15:25 PM »
I'm happy to see it is useful !
again and as usual, excellent work G3gg0!

any idea about lens00.bin content ?
it seems it contains vignetting and chromatic aberration tables for correction...
I can provide 60D and 550D data if needed.

would it be useful to create a custom update with modified properties / bitmap / strings ?
yes it is risky.

Indy

g3gg0

  • Developer
  • Hero Member
  • *****
  • Posts: 2888
Re: RE contributions
« Reply #17 on: March 03, 2013, 01:06:25 PM »
upload it to http://upload.g3gg0.de/ - i will look what is inside.

i played with this thought a long time.
did the same for nokia phones - providing tools for extracting, modifying and repacking language packs.
that was, because nokia sold some phones only in some countries and did not put translation for e.g. europe into it.
so there was a "market" for such translation tools.

not sure if the userbase we are focusing on needs such translations.

g3gg0

  • Developer
  • Hero Member
  • *****
  • Posts: 2888
Re: RE contributions
« Reply #18 on: March 03, 2013, 01:16:47 PM »
LENS content seems to be blocks of 0xA90 byte size.
blocks end with a sequence of: 22 22 22 22

these blocks are split into two parts, separated by 44 44 44 44. first is 0x360 bytes, second part is 0x730.
second part consists mostly of words with 0x18 byte size, some with 0x20 byte

thats what i can see from the hex file

g3gg0

  • Developer
  • Hero Member
  • *****
  • Posts: 2888
Re: RE contributions
« Reply #19 on: March 03, 2013, 02:12:06 PM »
LENS format: (property 0x0B000000, can be modified with EOSUtiliy's abberation profile manager)

0x00-0x30 header
 0x00: 0x0F3C
 0x02: number of LENS_ENTRIES
 0x04: 0x0030 (this header size)
 0x06: 0x0080 (number of reserved LENS_ENTRIES)

0x30-0x830 LENS_ENTRIES:
 0x10 bytes per entry
 format:
 0x00: 0x00000034 lens_id, see PROP_LENS second word. (0x0032001D = nifty fifty, 0x00000034 = 18-55 IS II)
 0x04: 0x000000FF
 0x08: 0x00000000
 0x0C: start offset in LENS_DATA

0x830-... LENS_DATA: (offset depends on header information)
 [header with 0x20 byte size]
 0x000: 0x0000
 0x002: 0x0001
 0x004: 0x0012 (min focal length)
 0x006: 0x0037 (max focal length)
 0x008: 0x00FA (min focus distance in mm. 450, 250, 280, 340, 380, ....)
 0x00A: 0x0000
 ..
 0x01E: 0x0000
 
 [section with 0x340 byte size]
 0x000: 0x0012 (focal length 1)
 0x002: 0x0017 (focal length 2)
 0x004: 0x0021 (focal length 3)
 0x006: 0x0037 (focal length 4)
 0x008: 0x0FA0 (unknown 4000, 2222, ...)
 0x00A: 0x0A6B (unknown 2667, 1481, ..., its above value / 1.5)
 0x00C: 0x0535 (unknown 1333, 741, ..., its above value / 2)
 0x00E: 0x0000
 ..
 0x33C: 0x44444444

 [section with 0xF0 byte size]
 0x000: unknown
 ...
 0x010: 0x0012 (focal length 1)
 0x012: 0x0017 (focal length 2)
 0x014: 0x0021 (focal length 3)
 0x016: 0x0037 (focal length 4)
 ...
 0x0EC: 0x33333333

 [section with 0x640 byte size]
 0x000: 0x0012 (focal length 1)
 0x002: 0x0017 (focal length 2)
 0x004: 0x0021 (focal length 3)
 0x006: 0x0037 (focal length 4)
 ...
 0x63C: 0x22222222

1%

  • Developer
  • Hero Member
  • *****
  • Posts: 5936
  • 600D/6D/50D/EOSM/7D
Re: RE contributions
« Reply #20 on: March 03, 2013, 04:15:03 PM »
Quote
would it be useful to create a custom update with modified properties / bitmap / strings ?

That would be cool. Especially to add back properties missing for certain things, etc. Also fix annoying things with cannon FW.

Ditch the canon fw/interface completely if at all possible.... but that would be a mountain of work.

Indy

  • Developer
  • Member
  • *****
  • Posts: 109
Re: RE contributions
« Reply #21 on: March 03, 2013, 10:35:44 PM »
I was on the path with my parse_lens*.py scripts. I'll study your findings tomorrow.
thank you, you definitely went further !


coutts

  • Developer
  • Senior
  • *****
  • Posts: 401
Re: RE contributions
« Reply #22 on: March 04, 2013, 03:53:47 PM »
Thank you for this Indy, great  8)