Messages

The best way to start learning, in my (biased) opinion, is to use the emulator. That way, the risk of bricking the camera drops to zero (as you will not experiment with real hardware, but with a PC-based program). Besides, the emulator shows a LOT of internals that are not obvious when running the code on the camera (at this stage, you'll most likely see a black screen and you'll wonder why it doesn't work).

Sure, at some point you will want to try the code on your camera. Having something that works in the emulator decreases the odds of getting into trouble, and during these early boot experiments, I'd say the bricking risk is fairly low - should anything go wrong, the camera will most likely not boot. Non-volatile memories with camera settings (ROM, serial flash, MPU eeprom) are updated on successful shutdown, to my knowledge. Experiments from bootloader (e.g. the "recovery" branch) should be fairly safe, as long as you are not calling things like EraseSectorOfRom.

Even if you manage to get some invalid setting written to ROM, we now understand how these things work and can look into it. Already recovered a couple of D4/5 cameras that way, soft-bricked by either our programming mistakes, or also by third party apps, on cameras that never ran ML before. Sure, we've never tried to recover a D6, so if your camera is mission-critical, don't try it.

To get the emulation further, I need two things:

- a log of MPU communication (see mpu_send/mpu_recv stubs in the dm-spy-experiments branch)
- a serial flash dump (sf_dump module)

The first one can be probably started (but not completed) from bootloader. It's a bit tricky, I've got it somewhat (not reliably) working on D4/5 a while ago, the test code is somewhere in the Linux branch (look for MPU), but can be fully tested in QEMU.

The second one will probably not work from bootloader, but I haven't tested it. Todo: try on 700D/100D/M/6D/M2 in QEMU and ask owners of these cameras to try on real hardware).

Both of those will be a lot easier after being able to start DryOS tasks alongside Canon's main firmware, but if that step keeps proving difficult, there are still things to try.

BTW, high-resolution photos of the main board are always welcome (for any camera model, not just 80D). No coding skills required for this one

Hi, will VMWare mess with QEMU or it is going to be okay? I have enough power to do nice emulation (i7-6700HQ, 16 GB, GTX 1060), but don't want to mess with installation of Linux on main machine, since I wanted to get new SSD and install clover and Hackintosh with Windows (don't ask why).

UPD: Nevermind, I'll install it on Windows. Next question: where can I read about assembler and everything related to DIGIC 6 (including emulation) and what you have found except this topic? All I learned is basic C++ and Java.

When all else fails... read the instructions. Any recent post on the QEMU thread, that references the install instructions, should do the trick.

Or, this walkthrough. You'll want QEMU 2.5.0 (not 1.6.0 and neither 2.9.0 - for now).

Don't rush to get "Hello world" yet; on digic 6 we need some more baby steps. If you really want to run it, you can take a look in src/minimal.c from the unified branch (that shows hello world with a minimal "display driver"), and you'll probably get that working in QEMU without much trouble. Note the 80D (in the digic6-dumper branch) has a different minimal.c.

However, this won't boot on the actual hardware until the caching issues (discussed earlier) are addressed.

BTW, the "generic" ROM dumper and display test are compiled from the "recovery" branch, and they work directly from the bootloader (without starting the main firmware).

What caching issues and babysteps you are talking about?

I know, there are minor updates in 1.0.2, but I still made a dump of 1.0.2 (why not, better for Norwegians and lens registration).
I can give you a link to all dumps if you PM me.
Is there also anything I can do which doesn't require a lot of time? I'll try to do some disassembly after June 10th, maybe, can't do it now 'cause exams.

Hi. New here.
I got 80D too, updated it to 1.0.2 through EOS Utility 3. Don't have enough knowledge for QEMU/Low-Level C (only learning C++ and Java for Android), but open for testing anything. If you have some manuals for reverse engineering or need to test something, I'm ready to help. Just tell me what to do.