Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - chris_overseas

Pages: [1] 2 3 ... 9
Tutorials and Creative Uses / Re: Firmware Update/Downdate?
« on: June 11, 2020, 02:18:53 PM »
EOS Utility doesn't seem to recognize my camera when I connect it to the I need to upgrade to 1.3.6 to be able to proceed?

I've hit that one before and it can be frustrating to figure out because there is no error or obvious reason why its not working. Try starting EOS Utility by running it as Administrator. Does it now detect your camera?

Hi Ilia3101, looks like an interesting and promising project. Are you familiar with the dual pixel RAW mode of the newer Canon cameras? It seems like (multiple?) dual pixel images could be a good candidate to use as input to your algorithm.

Here are a few relevant links:

Tutorials and Creative Uses / Re: Firmware Update/Downdate?
« on: September 30, 2019, 10:14:50 PM »
Here's what I found so far when comparing to 1.2.3:

NSTUB(   0x27F78,  dm_names)
NSTUB(   0x2731C,  current_task)
NSTUB(   0x27208,  task_dispatch_hook)
NSTUB(   0x2852C,  task_max)

Where did the terminateShutdown_save_settings and terminateAbort_save_settings stubs come from, 1.3.4 I guess? I don't see those in 1.2.3.

Tutorials and Creative Uses / Re: Firmware Update/Downdate?
« on: September 29, 2019, 01:19:27 PM »
My time has been extremely limited for ML of late too but I'll try and help out with this as much as I can, I'm pretty familiar with stub hunting on the 5D3.

This quote is an interesting one from a security PoV, and potentially problematic for ML going forwards:

"There is a PTP command for remote firmware update, which requires zero user interaction. This means that even if all of the implementation vulnerabilities are patched, an attacker can still infect the camera using a malicious firmware update file"

Of course this approach requires the secret AES key, but the attackers have demonstrated this isn't too difficult to obtain. The specific vulnerability covering this is It's interesting they describe it as a "missing authorization" problem. That seems to imply the fix involves the addition of an authorization step (to the PTP negotiation or call?) rather than an overhaul of the encryption itself. If so then ML shouldn't be impacted, but I think that still remains to be seen.

As a side note, I need to take my 5DIV in for a service this week due to a sticky scroll-wheel. They normally update to the latest firmware as part of the service, so I'll find out soon enough where things stand on the 5DIV at least.

[edit: implies the patch isn't a problem as far as ML is concerned]

Any word about the fix affecting the key currently used by ML devs?

I doubt this is a concern, the vulnerabilities found aren't related to the firmware encryption. I also wonder if it's even possible for Canon to update the AES key with a firmware update.

EDIT: And why aren't other D5 cams like 650D, 100D, M/M2, 700D *not* vulnerable (according to Canon)?

"Even though our camera model doesn’t support Bluetooth, some Bluetooth-related commands were apparently left behind, and are still accessible to attackers. In this case, we found a classic Stack-Based Buffer Overflow" - maybe those cameras don't have the Bluetooth code in their firmware, or different versions of it that aren't vulnerable?

General Chat / Re: What photo manager do you recommend?
« on: May 07, 2019, 03:48:43 PM »
Photo Mechanic might be worth a look though doesn't have any face recognition AFAIK. Also, Honeyview for image viewing.

General Chat / Re: Guessing 1st April for 2020 - Share your thoughts
« on: April 04, 2019, 11:08:03 AM »
No, I guess he just pressed "delete" instead of modify  :D Happened to me once.

Yes I can confirm that if you delete your own message it goes to a hidden "Hall of Shame" section, which is the same place all the spam ultimately ends up. It can be confusing initially when moderating to see seemingly good posts mixed in with the spam (apologies to a1ex who had to help clean things up that time I restored a bunch of seemingly good posts that had in fact been intentionally deleted!).

If anyone does accidentally delete something substantial, feel free to drop me a PM and I'll restore it for you.

My 5D4 work-in-progress repo is here:

It's digic 6+ of course but has some similar challenges to the ones faced with digic 7 so may well still be helpful.

I'm a bit disappointed that I couldn't find a larger chunk of memory. I think logging will be very limited with only 6MB.

Don't be too disappointed by this, I had the same problem with the 5D4. I created a workaround using a ring buffer that gets periodically flushed and hence allows continuous logging. With this I managed to get 45MB+ log files with 8MB of buffer.

It is still a bit experimental and not yet merged into the ML repo, but if you're willing to get your hands dirty with the code you can try merging in the relevant parts from my repo. The initial commit was this one but there were a few more improvements and fixes added later, so you'll probably want to cherry pick those bits too if you want to give it a try. Note also that it was only hacked together for the 5D4, but should be trivial enough to use on other cameras.

Camera-specific discussion / Re: Canon 5D Mark IV
« on: March 02, 2019, 06:57:33 PM »
Some good progress today:

Camera-specific discussion / Re: Canon 5D Mark IV
« on: February 28, 2019, 01:33:15 AM »
I managed to get continuous logging working using a smaller buffer on the 5D4 ( This gave me a 30MB log file recorded over 50 seconds worth of camera workout. The log is available here:

I've also made a few attempts to get MMIO logs but without success so far. I can generate MMIO logs in QEMU but I've had no luck with the real camera even after trying a few different memory areas for the MMIO log buffers - the camera always just hangs, reboots, or gives an Err 80 after a few seconds. I've still got other ideas to investigate/test to try and get this working, but any tips appreciated.

Camera-specific discussion / Re: Canon 5D Mark IV
« on: February 20, 2019, 01:46:41 AM »
I scanned for free memory regions (as per the 80D). The log file fills up extremely quickly on the 5D4 even with filtering, so I hacked the logging code a bit so the memory results overwrite the start of the log file instead of disappear off the end. Across 4 attempts I found these common unused areas:

Code: [Select]
42600000-42FFFFFF = 10MB
4B100000-4BCFFFFF = 12MB
5D100000-5D6FFFFF = 6MB
60B00000-614FFFFF = 10MB
7C500000-7D0FFFFF = 12MB

The areas aren't as big as the 80D unfortunately, nevertheless I managed to capture a few 12MB logs here using 0x7C500000:

I tried to get an MMIO log but my first/only attempt came up empty, will hopefully have time to try that again in a couple of days.

Camera-specific discussion / Re: Canon 5D Mark IV
« on: February 17, 2019, 01:43:36 PM »
Thanks a1ex, the updated BOOTF5D4.FIR and ROM dumper are both now working fine on 1.1.2. I'm happy to report that the bootflag being enabled on the 5D4 doesn't seem to introduce nearly as much lag as it does on the 5D3.

Logging on the physical camera with 1.1.2 works using the code from my 5d4-112 branch, as does the intervalometer. I'll generate more/better logs and chip away at the various other outstanding tasks (as per replies #397, #417, 80D thread #468) when I can, but my spare time is sadly very limited so anyone else willing to join in is most welcome to do so.

Camera-specific discussion / Re: Canon 5D Mark IV
« on: February 17, 2019, 12:12:37 PM »
I finally found some time to update the rest of the stubs for 1.1.2. I've hit a problem getting further though.

Please find the FIR to enable the boot flag on the 5D Mark IV:

BOOTF5D4.FIR (works on any*) firmware version; source code).

The above doesn't work on 1.1.2. When I try to run it I get "Firmware older than Ver 1.1.2 is on memory card. Delete old file and update using a later verison". a1ex, could you please create a BOOTF5D4.FIR with a higher version number for me to try?

Camera-specific discussion / Re: Canon 5D Mark IV
« on: September 14, 2018, 07:31:53 PM »
I've ported some of the 5D4 stubs from 1.0.4 to 1.1.2 but I won't have a chance to look at it further for another week or so. If anyone wants to carry on in the meantime my changes are here:

Camera-specific discussion / Re: Canon 5D Mark IV
« on: September 11, 2018, 01:53:21 PM »
So... it looks like we need to update all our stubs to 1.1.2 - who's going to help? I've started by updating the emulation - it goes as far as the 80D, including file I/O on the virtual SD card.

I've started on this but my time is quite limited over the next week so it may take me a little while to get it done.

Reverse Engineering / Re: new Canon CR3 raw format from M50 camera
« on: April 04, 2018, 02:34:02 PM »
There's something of a suggestion here that the cr3 compression might be lossy:

It looks like Visual Studio now has support for building using MinGW-64 and Cygwin:

Scripting Corner / Re: Lua Scripting (
« on: July 23, 2017, 12:06:31 PM »
It might be worth looking at IntelliJ IDEA Community edition ( combined with the Lua plugin ( - don't download this, just install it through IDEA by choosing File->Settings->Plugins->Browse Repositories and search for "Lua"). Note that I haven't tried the Lua plugin myself (and given it is written by the 3rd party, it's quality is uncertain), but it does appear to have some debugging support and a host of other useful features. IDEA itself is superb for the other languages I use (Java, Kotlin, Python) and I can't imagine using any other IDE for those. I also dabble in a bit of C/C++ for Arduino using CLion which is a C++ IDE based on the same codebase as IDEA, so the Lua plugin should work with CLion too.

If anyone does try the above, I'd be interested to hear how it goes.

Raw Video / Re: Solar Eclipse MLV filming?
« on: June 13, 2017, 04:54:57 PM »

Camera-specific discussion / Re: Canon 5D Mark IV
« on: May 18, 2017, 01:47:59 AM »
I took a look at the 1.0.4 firmware and managed to find a few stubs. Not much, but it's a start.

Scripting API suggestions / Re: Lua string.format
« on: May 05, 2017, 01:50:40 PM »
What happens if you use %%f instead of just %f? This is just a guess and I don't know Lua, but based on your output it seems like there's an escape issue of some sort.

General Help Q&A / Re: 550d only turns on without card in it
« on: March 21, 2017, 11:03:05 PM »
It sounds like a physical issue of some sort - have you checked to see if there is some dirt/obstruction (or possibly some damage) in the memory card slot?

Pages: [1] 2 3 ... 9