Messages

Hey guys, thank you for all the support so far! I haven't been making too much progress since I had to catch up on a bunch of homework and now that I am procrastinating again I wanna dive into this more.

So far I have been finding stubs with the help of some contributors, I have loaded my rom dump into IDA Pro and have been using that for a while but I think I am going to try and use Ghidra! I am also going through a crisis and as a result of that I am replacing my Windows 10 operating system with Ubuntu. It turns out that I've been using my MacBook to run QEMU and my Windows machine was where I disassembled the 750D Dump, in conclusion, I don't like having two workmachines for one task so I am getting a better dev environment. I also really kinda need to get someones 80D dump, I'll go and bother that thread later.

I will not disappear probably and I will work on this in my downtime, I think I still need to learn a few more things and maybe try building an OS for a raspberry pi and then work myself up knowledge-wise. 

Long live the revolution!

Thanks for the pm nikifreak.

So update guys, I have gotten dry-shell to work on my 750D dump and I am doing more research on dryshell and its uses. (maybe it can help me find stubs faster and more efficiently)

I got IDA to work better for me because I didn't set specific architecture before and it made me get weird opcodes so I changed the architecture to armv7 from whatever it was set to before and bam, I have found the disassembled bootloader and I am trying to find more stubs but having a hard time.

I also recently got my hands on my friends 60D and T5i so I will be dumping those and learning from digic5.

I think I will be going to the 80D thread after all that and find a dump that I can inspect(or that someone can let me borrow) in order to see how I'll be able to help port the 80Ds progress to the 750D and then we move on from there.

If anyone would like to point me in the right direction or show me their progress and explain to me what they are stuck on, that would be amazing!

[SO I HAVE A BUDGET OF AROUND $200 MORE OR LESS AND HERE ARE MY OPTIONS:]

Okay sounds good, I will get started in looking at some other threads of Digic-5 cameras, and I will look at the 80Ds progress and follow along with that thread. Also! I have some extra cash on me, so I think I'll be able to buy like the body of an old used camera that has a Digic-5 processor so I can get the hang of how this all works. But I need advice on which would be the best one to get:

SO I HAVE A BUDGET OF AROUND $200 MORE OR LESS AND HERE ARE MY OPTIONS:

• EOS M
• 100D(SL1)
• 60D
• T3i or 600D?(not digic-5)
• T4i or 650D?(pushing the budget)

Lemme know which one I should buy for a better learning experience, and if yall got a secret repository of firmware dumps, pm me! 

[WHAT I KNOW/HAVE DONE(correct me if I'm wrong please):]

Hey guys, so I've been lurking these forums for the past few years because I thought it'd be interesting to see how the implementation of magic lantern would turn out for my Canon 750D(T6i). I never made any comments on this forum but I have recently gained more knowledge on these subjects to the point where I see myself being able to drive this project forward, so because of that I already started to make some progress on my journey through these forums! So far...

WHAT I KNOW/HAVE DONE(correct me if I'm wrong please):

• I understand that the opcodes for my Digic 6 processor are in both the arm and the thumb2 instruction set.
• I successfully set the boot flag on my Canon 750D, then I successfully got a ROM dump.
• I successfully ran the 750D dump on qemu with the bootflag on. (doesn't post when bootflag=0)
• Debugging in qemu I found the address location of the CARD LED and the SERIAL FLASH CS(unless the address changes around and I found nothing).
• I have decompiled and disassembled the ROM dump from my 750D on IDA Pro setup with the ARM processor(that's how I found out that it digic6 contains two different instruction sets(or more) but haven't progressed from there.

WHAT I WANT TO KNOW/DO:

• I want to figure out how to emulate the rom dump on 'bootflag=0' and get the GUI to post.
• I want to find a way to use the dry shell on qemu with my rom dump, it doesn't seem to work for me when I run it in different bootflags.
• I want to be pointed in the right direction in order to find stubs more efficiently for the 750D, I got IDA from an internship and I want to know what range the data in the dump should I be looking into first to find the stubs I need. (maybe it would be easier to find them since we know where the 80Ds are)
• Basically I just want to find a way forward in this project and I want to be able to do my part since I have the resources available to me.
• Probably a guide on porting 80D progress to 750D
• Maybe we can look more into the battery pin serial connection thing I saw about earlier in the forum. I can probably order a grip to take it apart and solder a serial connection/controller and do some more investigating that way.
• I also noticed that canon released a new firmware update for the 750D since they found a vulnerability with their PTP connection service. (Picture Transfer App) LINK: https://tinyurl.com/ybssmbn2

Basically thank you guys in advance for the patience and support you guys had in this forum throughout the years. I hope that now that we have more time at home because of the quarantine, we will be able to make even more strides for further discovery and implementation in this field.