Print Page - Reverse EFS Lens firmware

Title: Reverse EFS Lens firmware
Post by: leegong on November 15, 2017, 02:27:11 AM

Lens firmware of EF-S 55-250 and EF-S 40 f2.8 are downloadable on Canon offical site ,
with great help from a1ex , i tried to analyze 55-250 firmware , but no progress ,
the BIN seems to be encrypted or i was wrong somewhere.
Now start to analyze Lens firmware of Sigma 24-105mm f4.0 .

Title: Re: Reverse EFS Lens firmware
Post by: leegong on November 21, 2017, 04:34:35 AM

On mainboard of Sigma 24-105 f4.0 EF lens , there is a MCU marked "EIS 944A" ,
Does anybody have more info of this MCU ?

Title: Re: Reverse EFS Lens firmware
Post by: leegong on December 14, 2017, 05:38:31 PM

Just get disassembly of Sigma 35mm F1.4 F-mount lens firmware successfully .
Todo :
1:Analyze firmware to understande how focus motor is driven .
2:Try to find datasheet of MCU EIS944A . then disassembly Sigma EF-mount firmware .

Title: Re: Reverse EFS Lens firmware
Post by: leegong on January 07, 2018, 06:26:13 AM

Just get disassembly of Sigma 35mm F1.4 EF-mount lens firmware successfully ,
lots of EF lens protocol CMDs are found in the firmware , start analyzing !!!

Title: Re: Reverse EFS Lens firmware
Post by: g3gg0 on January 07, 2018, 07:05:35 PM

really a great idea :)
keep us informed

which ~~CPU~~ MCU is it?

Title: Re: Reverse EFS Lens firmware
Post by: Indy on January 16, 2018, 10:57:46 PM

Hi,

Did you try measuring entropy on it?
Could you please dump of first 0x40 bytes in hex + ascii?

Indy

Quote from: leegong on November 15, 2017, 02:27:11 AM
Lens firmware of EF-S 55-250 and EF-S 40 f2.8 are downloadable on Canon offical site ,
with great help from a1ex , i tried to analyze 55-250 firmware , but no progress ,
the BIN seems to be encrypted or i was wrong somewhere.
Now start to analyze Lens firmware of Sigma 24-105mm f4.0 .

Title: Re: Reverse EFS Lens firmware
Post by: a1ex on January 22, 2018, 11:53:10 AM

I don't think they are encrypted, just no human-readable strings or other things that could make sense.

@Indy: please find your dump_srec.py (https://bitbucket.org/hudson/magic-lantern/src/qemu/contrib/indy/dump_srec.py) updated to parse *.lfu files.

0x40 byte headers:

Code Select


EF012200.lfu:
00000000: 00 2c 00 00 4c 01 f0 02 00 00 00 00 00 00 00 00  .,..L...........
00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000020: 00 00 00 00 00 00 02 00 00 00 00 01 00 91 02 14  ................
00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

L_00000000-EF012200-24105.bin:
00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000020: ff 56 87 00 00 7c 00 00 7f 0e 00 00 00 00 00 00  .V...|..........
00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Entropy (binwalk):

(http://a1ex.magiclantern.fm/bleeding-edge/lensfir/L_00000000-EF012200-24105.bin.png)

Title: Re: Reverse EFS Lens firmware
Post by: dfort on May 26, 2019, 05:11:16 AM

Slightly off-topic but I just found out that there are firmware updates for some EF-M lenses that were released March 1, 2018 to support the "Dual Sensing IS" function on the EOS M50. The EF-M 15-45mm f/3.5-6.3 IS STM, EF-M 18-150mm f/3.5-6.3 IS STM and EF-M 55-200mm f/4.5-6.3 IS STM lenses got the firmware update.

Interesting that on the Canon U.S.A. website the 15-45mm has both the 3.0.1 and 2.0.0 firmware updaters, usually only the latest updater is available. In addition, the Driver/Software Details shows this obvious error:

QuoteIf the lens firmware is already the latest version (EF-M 55-200mm f/4.5-6.3 IS STM: Version 2.0.0), it is not necessary to update the firmware.

This is for the 15-45mm lens!

In any case, here is an opportunity if anyone wants to dive into some EF-M lens firmware.

Magic Lantern Forum

Developing Magic Lantern => Reverse Engineering => Topic started by: leegong on November 15, 2017, 02:27:11 AM