Magic Lantern Forum

Developing Magic Lantern => Reverse Engineering => Topic started by: Maqs on March 18, 2014, 02:20:00 PM

Title: [6D] crypto and networking
Post by: Maqs on March 18, 2014, 02:20:00 PM
Hello,

I've just created a wiki page for some reverse engineering done for the Canon EOS 6D at http://magiclantern.wikia.com/wiki/6D (http://magiclantern.wikia.com/wiki/6D).

It contains some stuff I found out about a few month ago:

1. Networking

The same functions may or may not exist on the EOS 70D, which also has built in WiFi, and perhaps future cameras, but I think it's likely.

There's also IPv6 support, FTP functionality, DHCP, PTP over IP, ... and TLS hidden in the firmware.

2. Crypto

HMAC-SHA1, together with the networking functionality, could be used to implement OAuth and write a flickr/dropbox/... uploader.

Contributions are welcome!

Best,
Marcus
Title: Re: [6D] crypto and networking
Post by: Marsu42 on March 18, 2014, 03:06:35 PM
Quote from: Maqs on March 18, 2014, 02:20:00 PM
I've just created a wiki page for some reverse engineering done for the Canon EOS 6D

Great news you're on it, esp. since alex cannot help! The most interesting thing of course would be to get an api to interface a remote iOS/Android/Win app with ML functions and live view.
Title: Re: [6D] crypto and networking
Post by: Maqs on March 18, 2014, 04:36:17 PM
Quote from: Marsu42 on March 18, 2014, 03:06:35 PM
The most interesting thing of course would be to get an api to interface a remote iOS/Android/Win app with ML functions and live view.

An API for that purpose is already present in the firmware itself: PTP/IP.  :)

(New) wiki page: http://magiclantern.wikia.com/wiki/PTPIP (http://magiclantern.wikia.com/wiki/PTPIP).

The GPhoto devs have already re'ed PTP/IP (http://www.gphoto.org/doc/ptpip.php (http://www.gphoto.org/doc/ptpip.php)). As this is just another way of accessing the PTP functionality also available via USB, the ML PTP extensions should work with it as well.

Interfacing PTP/IP works like that:

The event connection can somehow be used to retrieve events, but the events need to be enabled and I don't know how to do that. However, 0x9116 (PTP Get Events) may be used as well.

There may be some kind of negotiation first (authentication?). For testing purposes, I just reused the GUID and device name from the connection I captured. It does not take more than a network sniffer (e.g. Wireshark) to spy on the communication between the camera and Canon software, so this is less complicated than reverse engineering the internals of the camera. Maybe somebody with basic knowledge about a programming/scripting language with networking capabilities can give it a try. I used Perl for my experiments and could provide some basic PTP/IP module to any volunteers. It would be nice to have the whole process documented in the wiki. :)

Best,
Marcus

PS: Does anybody happen to know if those WFT transmitters implement PTP/IP, too?

Edit: wiki page
Title: Re: [6D] crypto and networking
Post by: nikfreak on July 11, 2016, 10:15:42 PM
Quote from: Maqs on March 18, 2014, 04:36:17 PM
I used Perl for my experiments and could provide some basic PTP/IP module to any volunteers. It would be nice to have the whole process documented in the wiki. :)

Stumbled upon this hack to establish the wifi connection:
https://github.com/perlfu/6dpy

Based upon the "Paparazzi over IP" hack  (https://www.ernw.de/download/publikationen/PaparazzioverIP_shmoo2013.pdf) (scroll down to the end of the PDF starting with EOS utility mode)