Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Chucho

Pages: [1]
1
General Chat / Gopro scripts
« on: April 29, 2013, 09:03:09 AM »
Hi there, So I got a gopro hero 3 black edition this evening and was wondering if anybody had some scripts to share.
Code: [Select]
######################################################
# Firmware ROM Dumper For GoPro Hero 3 Black edition #
######################################################

savebin D:\ROMFS.bin 0xc0100000 l 0x900000
sleep 2
t app button power P
sleep 5
t app button power R

This script will dump the firmware to your micro sd card. Save this code as a autoexec.ash file and place it in your micro sd root path. You don't have to make your card bootable like you do with canon's. Wait for the camera to shut down and remove the card. Remove the autoexec.ash file when you have a rom dump. Gopro firmware uses ┬ÁITRON4.0 specification so it looks similar to canon firmware. I like to make it clear this is not an attempted to port ML to gopro. To view the firmware just use your "favorite" disassembler and disassemble it like you could disassemble canon firmware use 0xc0100000 as the starting address. At the moment I have firmware verson HD3.03.02.39. I found some stubs
Code: [Select]
0xC014CE18 fopen
0xC014CDB8 fclose
0xC014CE48 fread
0xC014CF00 _fstat
0xC014CF60 fwrite
0xC02AD93C fseek
I also found what looks to be the gui main task for the lcd touch bacpac at 0xC044BD7C and the switch statement at 0xC044BD9C. If someone could figure out a script command to load a binary file to the memory that would be great some hints may be found here http://spritesmods.com/?art=zx3hack&page=4
This script will enable exposure lock
Code: [Select]
######################################################
#       Enable/Disable exposure module lock          #
#         For GoPro Hero 3 Black edition             #
#         Usage: t ia2 -exp lock [en]                #
#         en = [0|1], 0:disable, 1:enable            #
######################################################

t ia2 -exp lock 1/n
The exposure script seems buggy in photo mode. Hopefully I'll have more time next weekend to look at the firmware and figure out some more scripts.
A reminder this scripts can damage your camera use on your own risk.

2
Tutorials and Creative Uses / Kaleidoscopic acid trip with magic lantern
« on: October 12, 2012, 09:57:56 PM »
Great idea from Oscar Lhermitte. You will need a electric drill or a buffer. Set fps to 15fps. And start spinning. Some great example of what you can do from Oscar Lhermitte web page http://oscarlhermitte.com/work/9

3
Reverse Engineering / (M)JPEG encoder
« on: September 11, 2012, 03:40:07 AM »
HA!!! I guess Alex is already working on this. From 500d stub FA_GetJpegBuffForLV jpeg stream address 0x42004070, FA_GetJpegSizeForLV size of buffer 0x41349. I guess will we be getting mpeg 422 pretty soon.

4
Reverse Engineering / Initializing the h.264 encoder
« on: September 10, 2012, 01:38:11 AM »
Hi, I'm trying to pin point exactly were the h264 encoder gets initialize but I can't seem to figure it out. There's initializeH264encoder @ 0xffc8288 in the 600d but that not what I'm looking for. I'm looking for something in the MovieRecoder task or in the MovWriter task. Anybody have any hints?
I've found some of the mjpeg decoding tables that can also be used as encoding tables bit_dc_luminance @ 0xff65c2a0, val_dc_chrominance @ 0xff65c2b0, bit_dc_chrominance @ 0xff65c2d0, bit_ac_luminance @ 0xff65c300, val_ac_luminance at 0xff65c310, bit_ac_chrominance @ 0xff65c3b2, val_ac_chrominance @ 0xff65c3c4, Huffman_something_fixed_table1 @ 0xff65c468, Huffman_something_fixed_table2 @ 0xff65c4c8, Huffman_something_fixed_table3 @ 0xff65c528, Qtable_something_ table1 @ 0xff65c588, Qtable_something_ table2 @ 0xff65c608, Qtable_something_ table3 @ 0xff65c688 and Qtable_something_ table4 @ 0xff3db970.

5
Reverse Engineering / Digic DVII and DVIII
« on: July 08, 2012, 08:22:38 AM »
Digic DVII HV30 and HF100
Digic DVIII HFS21, XF305, XF105 and C300

All 6 camcorder firmwares are XOR encoded with a 0x1040 bytes block key.
All 6 camcorders use some sort of DRYOSV2 shell.
Camcorders XF305, XF105 and C300 use DRYOS version 2.3, release #0012.
Digic Dv processor are not arm architecture.
Good info can be found here
http://chdk.wikia.com/wiki/HF10/100_Firmware_Analysis
http://chdk.setepontos.com/index.php?topic=1641.0
http://www.hv20.com/showthread.php?20098-Official-Firmware-Hacking-Thread-(new)

Pages: [1]