Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - coon

Pages 1 ... 3 4 5
#101
Camera-specific Development / Re: Canon EOS R / RP
September 07, 2020, 08:45:48 PM
I've applied the M50 DIGIC8 QEMU draft patch by alex (https://www.magiclantern.fm/forum/index.php?topic=23296.msg210088#msg210088) and used the M50 instead of 200D as a template for the RP.
It immediately crashed on the first try with the following error:

Code Select

qemu-system-arm: /home/nimble-test/ML/qemu-eos/qemu-2.5.0/hw/arm/../eos/eos.c:2568: eos_handle_card_led: Assertion `s->card_led' failed.


After changing the RPs LED Address in model_list.c from M50 to 200D it is now booting even further. It is now booting the second core of the CPU and locks up a little bit later then before:

Code Select

00000000 - 3FFFFFFF: eos.ram
40000000 - 7FFFFFFF: eos.ram_uncached
DF000000 - DFFFFFFF: eos.ram_extra
E0000000 - E1FFFFFF: eos.rom0
E2000000 - E3FFFFFF: eos.rom0_mirror
E4000000 - E5FFFFFF: eos.rom0_mirror
E6000000 - E7FFFFFF: eos.rom0_mirror
E8000000 - E9FFFFFF: eos.rom0_mirror
EA000000 - EBFFFFFF: eos.rom0_mirror
EC000000 - EDFFFFFF: eos.rom0_mirror
EE000000 - EFFFFFFF: eos.rom0_mirror
F0000000 - F1FFFFFF: eos.rom1
F2000000 - F3FFFFFF: eos.rom1_mirror
F4000000 - F5FFFFFF: eos.rom1_mirror
F6000000 - F7FFFFFF: eos.rom1_mirror
F8000000 - F9FFFFFF: eos.rom1_mirror
FA000000 - FBFFFFFF: eos.rom1_mirror
FC000000 - FDFFFFFF: eos.rom1_mirror
FE000000 - FFFFFFFF: eos.rom1_mirror
BFE00000 - DEFFFFFF: eos.mmio
[EOS] enabling memory access logging (RW).
[EOS] loading './EOSRP/ROM0.BIN' to 0xE0000000-0xE1FFFFFF
[EOS] loading './EOSRP/ROM1.BIN' to 0xF0000000-0xF1FFFFFF
[MPU] FIXME: using generic MPU spells for EOSRP.
[MPU] FIXME: no MPU button codes for EOSRP.
Start address: 0xE0000000
Setting BOOTDISK flag to 0
[CPU0] E0008450: MRC p15,0,Rd,cr0,cr0,5:      MPIDR -> 0x80000000
[CPU0] E0008460: MCR p15,0,Rd,cr12,cr0,0:       VBAR <- 0xE000001D
[CPU0] E000848C: MRC p15,0,Rd,cr1,cr0,0:      SCTLR -> 0x8C50078
[CPU0] E0008482: MCR p15, ...          : CACHEMAINT x1 (omitted)
[CPU0] E000848C: MCR p15,0,Rd,cr1,cr0,0:      SCTLR <- 0x48C50878
[CPU0] E0004B62: MRC p15,0,Rd,cr1,cr0,0:      SCTLR -> 0x48C50878
[CPU0] E0004B62: MCR p15, ...          : CACHEMAINT x2 (omitted)
[CPU0] E0004B62: MCR p15,0,Rd,cr1,cr0,0:      SCTLR <- 0x48C51878
[ROMCPY] 0xE0008634 -> 0xDF001000 size 0x600      at 0xE000699C
Logging ROM-copied blocks to EOSRP/romcpy.sh.

[CPU0] E00084D8: MRC p15,0,Rd,cr0,cr0,5:      MPIDR -> 0x80000000
[CPU0] E0004B86: MRC p15,0,Rd,cr1,cr0,0:      SCTLR -> 0x48C51878
[CPU0] E0004C50: MCR p15, ...          : CACHEMAINT x512 (omitted)
[CPU0] E0004B86: MCR p15,0,Rd,cr1,cr0,0:      SCTLR <- 0x48C50878
[CPU0] E0004B96: MCR p15, ...          : CACHEMAINT x1 (omitted)
[CPU0] E0004AE2: MCR p15,0,Rd,cr3,cr0,0:       DACR <- 0x55555555
[CPU0] E0004AEA: MCR p15,0,Rd,cr2,cr0,0:  TTBR0_EL1 <- 0xE0004800
[CPU0] E0004AEE: MCR p15,0,Rd,cr2,cr0,1:  TTBR1_EL1 <- 0xE0000080
[CPU0] E0004AF2: MCR p15,0,Rd,cr13,cr0,1: CONTEXTIDR(S) <- 0x0       
[CPU0] E0004AF6: MCR p15,0,Rd,cr2,cr0,2:      TTBCR <- 0x7       
[CPU0] E0004AFE: MCR p15,0,Rd,cr8,cr7,0:    TLBIALL <- 0x0       
[CPU0] E0004B06: MRC p15,0,Rd,cr1,cr0,0:      SCTLR -> 0x48C50878
[CPU0] E0004B06: MCR p15,0,Rd,cr1,cr0,0:      SCTLR <- 0x48C50879
[CPU0] E0008546: MRC p15,0,Rd,cr1,cr0,0:      SCTLR -> 0x48C50879
[CPU0] E0008546: MCR p15, ...          : CACHEMAINT x1 (omitted)
[CPU0] E0008546: MCR p15,0,Rd,cr1,cr0,0:      SCTLR <- 0x48C51879
[CPU0] E000855E: MRC p15,0,Rd,cr1,cr0,0:      SCTLR -> 0x48C51879
[CPU0] E000855E: MCR p15,0,Rd,cr1,cr0,0:      SCTLR <- 0x48C5187D
[CPU0] E000856A: MRC p15,0,Rd,cr1,cr0,1:  ACTLR_EL1 -> 0x45
[CPU0] E000856A: MCR p15,0,Rd,cr1,cr0,1:  ACTLR_EL1 <- 0x45       
[CPU0] E000856A: MRC p15,0,Rd,cr15,cr0,0:  A9_PWRCTL -> 0x0
[CPU0] E000856A: MCR p15,0,Rd,cr15,cr0,0:  A9_PWRCTL <- 0x1       
[CPU0] E000858A: MRC p15,0,Rd,cr15,cr0,1:    A9_DIAG -> 0x0
[CPU0] E000858A: MCR p15,0,Rd,cr15,cr0,1:    A9_DIAG <- 0x400000   
[CPU0] E0004900: MRC p15,0,Rd,cr0,cr0,5:      MPIDR -> 0x80000000
[CPU0] E00049A6: MCR p15,0,Rd,cr12,cr0,0:       VBAR <- 0xDF000000
[ROMCPY] 0xE0008C34 -> 0xDF000000 size 0x100      at 0xE0004966
BootL[ROMCPY] 0xE0008D50 -> 0x40100000 size 0x116D4    at 0xE0007F4C
[ROMCPY] 0xE0000000 -> 0x40700000 size 0x4900     at 0x10F46C 
oade[CPU0] 001008F6: MCR p15, ...          : CACHEMAINT x584 (omitted)
[CPU0] E0040000: MCR p15,0,Rd,cr12,cr0,0:       VBAR <- 0xE073A000
[CPU0] E004000A: MRC p15,0,Rd,cr0,cr0,5:      MPIDR -> 0x80000000
Wake up CPU1
Wake up CPU1
[ROMCPY] 0xE12F43EC -> 0x4000     size 0x247CC    at 0xE004003C
[CPU1] E0008450: MRC p15,0,Rd,cr0,cr0,5:      MPIDR -> 0x80000001
[CPU1] E0008460: MCR p15,0,Rd,cr12,cr0,0:       VBAR <- 0xE000001D
[CPU1] E000848C: MRC p15,0,Rd,cr1,cr0,0:      SCTLR -> 0x8C50078
[CPU1] E0008482: MCR p15, ...          : CACHEMAINT x1 (omitted)
[CPU1] E000848C: MCR p15,0,Rd,cr1,cr0,0:      SCTLR <- 0x48C50878
[CPU1] E0004B62: MRC p15,0,Rd,cr1,cr0,0:      SCTLR -> 0x48C50878
[CPU1] E0004B62: MCR p15, ...          : CACHEMAINT x2 (omitted)
[CPU1] E0004B62: MCR p15,0,Rd,cr1,cr0,0:      SCTLR <- 0x48C51878
[CPU1] E0004B86: MRC p15,0,Rd,cr1,cr0,0:      SCTLR -> 0x48C51878
[CPU1] E0004C40: MCR p15, ...          : CACHEMAINT x512 (omitted)
[CPU1] E0004B86: MCR p15,0,Rd,cr1,cr0,0:      SCTLR <- 0x48C50878
[CPU1] E0004B96: MCR p15, ...          : CACHEMAINT x1 (omitted)
[CPU1] E0004AE2: MCR p15,0,Rd,cr3,cr0,0:       DACR <- 0x55555555
[CPU1] E0004AEA: MCR p15,0,Rd,cr2,cr0,0:  TTBR0_EL1 <- 0xE0004880
[CPU1] E0004AEE: MCR p15,0,Rd,cr2,cr0,1:  TTBR1_EL1 <- 0xE0000080
[CPU1] E0004AF2: MCR p15,0,Rd,cr13,cr0,1: CONTEXTIDR(S) <- 0x1       
[CPU1] E0004AF6: MCR p15,0,Rd,cr2,cr0,2:      TTBCR <- 0x7       
[CPU1] E0004AFE: MCR p15,0,Rd,cr8,cr7,0:    TLBIALL <- 0x0       
[CPU1] E0004B06: MRC p15,0,Rd,cr1,cr0,0:      SCTLR -> 0x48C50878
[CPU1] E0004B06: MCR p15,0,Rd,cr1,cr0,0:      SCTLR <- 0x48C50879
[CPU1] E0008546: MRC p15,0,Rd,cr1,cr0,0:      SCTLR -> 0x48C50879
[CPU1] E0008546: MCR p15, ...          : CACHEMAINT x1 (omitted)
[CPU1] E0008546: MCR p15,0,Rd,cr1,cr0,0:      SCTLR <- 0x48C51879
[CPU1] E000855E: MRC p15,0,Rd,cr1,cr0,0:      SCTLR -> 0x48C51879
[CPU1] E000855E: MCR p15,0,Rd,cr1,cr0,0:      SCTLR <- 0x48C5187D
[CPU1] E000856A: MRC p15,0,Rd,cr1,cr0,1:  ACTLR_EL1 -> 0x45
[CPU1] E000856A: MCR p15,0,Rd,cr1,cr0,1:  ACTLR_EL1 <- 0x45       
[CPU1] E000856A: MRC p15,0,Rd,cr15,cr0,0:  A9_PWRCTL -> 0x0
[CPU1] E000856A: MCR p15,0,Rd,cr15,cr0,0:  A9_PWRCTL <- 0x1       
[CPU1] E000858A: MRC p15,0,Rd,cr15,cr0,1:    A9_DIAG -> 0x0
[CPU1] E000858A: MCR p15,0,Rd,cr15,cr0,1:    A9_DIAG <- 0x400000   
[CPU1] E0004AA2: MRC p15,0,Rd,cr1,cr0,0:      SCTLR -> 0x48C5187D
[CPU1] E0004AA2: MCR p15,0,Rd,cr1,cr0,0:      SCTLR <- 0x48C5107D
[ROMCPY] 0xE1318BB8 -> 0x223B000  size 0xD1748    at 0xE0040050
[CPU0] E0040104: MRC p15,0,Rd,cr0,cr0,5:      MPIDR -> 0x80000000
[ROMCPY] 0xE13EA300 -> 0xDF002800 size 0xB94      at 0xE0040088
K433 READY
        4:4294966.271 [EEP] InstEEP: Rng_MDS(0x0 != 0x8000)
        5:4294966.271 [EEP] InstEEP: Srvc_MDS(0x0 != 0x100)
        8:4294966.271 [EEP] Rng_EEPH_RDS Invalid:0x0
        9:4294966.271 [EEP] Srvc_EEPH_RDS Invalid:0x0
       12:4294966.271 [STARTUP] K433 ICU Firmware Version 1.5.0 ( 3.8.7 )


romcpy does now generate a few more address:

Code Select

dd if=ROM0.BIN of=EOSRP.0xDF001000.bin bs=1 skip=$((0x8634)) count=$((0x600))
dd if=ROM0.BIN of=EOSRP.0xDF000000.bin bs=1 skip=$((0x8C34)) count=$((0x100))
dd if=ROM0.BIN of=EOSRP.0x40100000.bin bs=1 skip=$((0x8D50)) count=$((0x116D4))
dd if=ROM0.BIN of=EOSRP.0x40700000.bin bs=1 skip=$((0x0)) count=$((0x4900))
dd if=ROM0.BIN of=EOSRP.0x4000.bin bs=1 skip=$((0x12F43EC)) count=$((0x247CC))
dd if=ROM0.BIN of=EOSRP.0x223B000.bin bs=1 skip=$((0x1318BB8)) count=$((0xD1748))
dd if=ROM0.BIN of=EOSRP.0xDF002800.bin bs=1 skip=$((0x13EA300)) count=$((0xB94))


This is my current EOSRP definition in models_list.c:

Code Select

{
        .name                   = "EOSRP",
        .digic_version          = 8,
        .ram_size               = 0x40000000,   /* 1GB */
        .card_led_address       = 0xD208016C,   // 200D /* WLAN LED 0xD2080190 */
        .current_task_addr      = 0x28,         /* fixme: read from virtual memory */
        .uart_rx_interrupt      = 0x15D,
        .uart_tx_interrupt      = 0x16D,
        .rom0_size              = 0x02000000,   /* 32MB (main ROM) */
        .rom1_size              = 0x02000000,   /* 32MB (secondary ROM) */
        .dedicated_movie_mode   = 0, // camera has support for it. Set to 1 later.
    },
#102
Camera-specific Development / Re: Canon EOS R / RP
September 07, 2020, 01:01:51 AM
names_are_hard and I did some first research on the RP. With his help I am now able to run its firmware in QEMU partially.

I've added the RP into models_list.c file of qemu by just copying 200D definitions and renaming to EOSRP. I've also added a EOSRP rom folder and renamed gang100.bin -> ROM0.BIN, gang200.bin -> ROM1.BIN.
Then started emulation with:

Code Select
./run_canon_fw.sh EOSRP,firmware="boot=0" -d romcpy

It runs but locks up early.

QEMU log:

Code Select

00000000 - 1FFFFFFF: eos.ram
40000000 - 5FFFFFFF: eos.ram_uncached
DF000000 - DFFFFFFF: eos.ram_extra
E0000000 - E1FFFFFF: eos.rom0
E2000000 - E3FFFFFF: eos.rom0_mirror
E4000000 - E5FFFFFF: eos.rom0_mirror
E6000000 - E7FFFFFF: eos.rom0_mirror
E8000000 - E9FFFFFF: eos.rom0_mirror
EA000000 - EBFFFFFF: eos.rom0_mirror
EC000000 - EDFFFFFF: eos.rom0_mirror
EE000000 - EFFFFFFF: eos.rom0_mirror
F0000000 - F0FFFFFF: eos.rom1
F1000000 - F1FFFFFF: eos.rom1_mirror
F2000000 - F2FFFFFF: eos.rom1_mirror
F3000000 - F3FFFFFF: eos.rom1_mirror
F4000000 - F4FFFFFF: eos.rom1_mirror
F5000000 - F5FFFFFF: eos.rom1_mirror
F6000000 - F6FFFFFF: eos.rom1_mirror
F7000000 - F7FFFFFF: eos.rom1_mirror
F8000000 - F8FFFFFF: eos.rom1_mirror
F9000000 - F9FFFFFF: eos.rom1_mirror
FA000000 - FAFFFFFF: eos.rom1_mirror
FB000000 - FBFFFFFF: eos.rom1_mirror
FC000000 - FCFFFFFF: eos.rom1_mirror
FD000000 - FDFFFFFF: eos.rom1_mirror
FE000000 - FEFFFFFF: eos.rom1_mirror
FF000000 - FFFFFFFF: eos.rom1_mirror
BFE00000 - DEFFFFFF: eos.mmio
[EOS] enabling memory access logging (RW).
[EOS] loading './EOSRP/ROM0.BIN' to 0xE0000000-0xE1FFFFFF
[EOS] loading './EOSRP/ROM1.BIN' (expected size 0x01000000, got 0x02000000) to 0xF0000000-0xF0FFFFFF
[MPU] FIXME: using generic MPU spells for EOSRP.
[MPU] FIXME: no MPU button codes for EOSRP.
Start address: 0xE0000000
Setting BOOTDISK flag to FFFFFFFF
[CPU0] E0008450: MRC p15,0,Rd,cr0,cr0,5:      MPIDR -> 0x80000000
[CPU0] E0008460: MCR p15,0,Rd,cr12,cr0,0:       VBAR <- 0xE000001D
[CPU0] E000848C: MRC p15,0,Rd,cr1,cr0,0:      SCTLR -> 0x8C50078
[CPU0] E0008482: MCR p15, ...          : CACHEMAINT x1 (omitted)
[CPU0] E000848C: MCR p15,0,Rd,cr1,cr0,0:      SCTLR <- 0x48C50878
[CPU0] E0004B62: MRC p15,0,Rd,cr1,cr0,0:      SCTLR -> 0x48C50878
[CPU0] E0004B62: MCR p15, ...          : CACHEMAINT x2 (omitted)
[CPU0] E0004B62: MCR p15,0,Rd,cr1,cr0,0:      SCTLR <- 0x48C51878
[ROMCPY] 0xE0008634 -> 0xDF001000 size 0x600      at 0xE000699C
Logging ROM-copied blocks to EOSRP/romcpy.sh.

[CPU0] E00084D8: MRC p15,0,Rd,cr0,cr0,5:      MPIDR -> 0x80000000
[CPU0] E0004B86: MRC p15,0,Rd,cr1,cr0,0:      SCTLR -> 0x48C51878
[CPU0] E0004C50: MCR p15, ...          : CACHEMAINT x512 (omitted)
[CPU0] E0004B86: MCR p15,0,Rd,cr1,cr0,0:      SCTLR <- 0x48C50878
[CPU0] E0004B96: MCR p15, ...          : CACHEMAINT x1 (omitted)
[CPU0] E0004AE2: MCR p15,0,Rd,cr3,cr0,0:       DACR <- 0x55555555
[CPU0] E0004AEA: MCR p15,0,Rd,cr2,cr0,0:  TTBR0_EL1 <- 0xE0004800
[CPU0] E0004AEE: MCR p15,0,Rd,cr2,cr0,1:  TTBR1_EL1 <- 0xE0000080
[CPU0] E0004AF2: MCR p15,0,Rd,cr13,cr0,1: CONTEXTIDR(S) <- 0x0       
[CPU0] E0004AF6: MCR p15,0,Rd,cr2,cr0,2:      TTBCR <- 0x7       
[CPU0] E0004AFE: MCR p15,0,Rd,cr8,cr7,0:    TLBIALL <- 0x0       
[CPU0] E0004B06: MRC p15,0,Rd,cr1,cr0,0:      SCTLR -> 0x48C50878
[CPU0] E0004B06: MCR p15,0,Rd,cr1,cr0,0:      SCTLR <- 0x48C50879
[CPU0] E0008546: MRC p15,0,Rd,cr1,cr0,0:      SCTLR -> 0x48C50879
[CPU0] E0008546: MCR p15, ...          : CACHEMAINT x1 (omitted)
[CPU0] E0008546: MCR p15,0,Rd,cr1,cr0,0:      SCTLR <- 0x48C51879
[CPU0] E000855E: MRC p15,0,Rd,cr1,cr0,0:      SCTLR -> 0x48C51879
[CPU0] E000855E: MCR p15,0,Rd,cr1,cr0,0:      SCTLR <- 0x48C5187D
[CPU0] E000856A: MRC p15,0,Rd,cr1,cr0,1:  ACTLR_EL1 -> 0x45
[CPU0] E000856A: MCR p15,0,Rd,cr1,cr0,1:  ACTLR_EL1 <- 0x45     
[CPU0] E000856A: MRC p15,0,Rd,cr15,cr0,0:  A9_PWRCTL -> 0x0
[CPU0] E000856A: MCR p15,0,Rd,cr15,cr0,0:  A9_PWRCTL <- 0x1       
[CPU0] E000858A: MRC p15,0,Rd,cr15,cr0,1:    A9_DIAG -> 0x0
[CPU0] E000858A: MCR p15,0,Rd,cr15,cr0,1:    A9_DIAG <- 0x400000 
[CPU0] E0004900: MRC p15,0,Rd,cr0,cr0,5:      MPIDR -> 0x80000000
[CPU0] E00049A6: MCR p15,0,Rd,cr12,cr0,0:       VBAR <- 0xDF000000
[ROMCPY] 0xE0008C34 -> 0xDF000000 size 0x100      at 0xE0004966
BootL[ROMCPY] 0xE0008D50 -> 0x40100000 size 0x116D4    at 0xE0007F4C
[ROMCPY] 0xE0000000 -> 0x40700000 size 0x4900     at 0x10F46C 


romcpy.sh contains:

Code Select

dd if=ROM0.BIN of=EOSRP.0xDF001000.bin bs=1 skip=$((0x8634)) count=$((0x600))
dd if=ROM0.BIN of=EOSRP.0xDF000000.bin bs=1 skip=$((0x8C34)) count=$((0x100))
dd if=ROM0.BIN of=EOSRP.0x40100000.bin bs=1 skip=$((0x8D50)) count=$((0x116D4))
dd if=ROM0.BIN of=EOSRP.0x40700000.bin bs=1 skip=$((0x0)) count=$((0x4900))


But it seems to be incomplete. Boot process seems to lock up here.
When running QEMU like this:

Code Select
./run_canon_fw.sh EOSRP,firmware="boot=1"

I will get the following message in red color before it locks up:

Code Select

BootLoadCard Read Error!!!
e

#103
Camera-specific Development / Re: Canon EOS R / RP
September 05, 2020, 08:49:26 PM
I could upload my autoexec.bin but the code it is based on is a bit behind. Better wait until a1ex merges it into the official build.
It doesen't do anything useful anyways beside displaying the error message more nicely on the RP :).
#104
General Development / Re: Portable ROM dumper
September 05, 2020, 03:21:08 PM
Quote from: Walter Schulz on September 05, 2020, 06:33:57 AM
250D not working yet.
Enabled bootflag via srsa's script and used latest autoexec.bin on a 128 GB ExFAT and 8 GByte FAT32 (Eye-Fi) card. Same result.



I had the same issue with the RP. See R / RP thread: https://www.magiclantern.fm/forum/index.php?topic=22770.msg230480#msg230480

Changing the resolution values for disp_xres and disp_yres in src/disp_direct.c to the proper value for the RP did fix the issue. However, I cannot find the difinitions for the 250D there!?
#105
Camera-specific Development / Re: Canon EOS R / RP
September 05, 2020, 01:35:25 PM
After I've done some little adjustments in the display source code of the portable dumper, I am now able to see a clear picture :).



LCD of EOS RP has a resolution of 736x480. Next step is finding the stubs in the firmware.
#106
Camera-specific Development / Re: Canon EOS R / RP
September 05, 2020, 11:11:59 AM
I can also confirm that enabling the bootflag via

Code Select

private sub Initialize()
  EnableBootDisk()
end sub


does work aswell.

I've tried booting the portable ROM dumper (https://www.magiclantern.fm/forum/index.php?topic=16534.0) on the RP.
As soon as I close the battery lid, it loads in a glitchy way and crashes or aborts with an error message, since there is some text written in red.

https://www.youtube.com/watch?v=IZB5uWNAREI
#107
Camera-specific Development / Re: Canon EOS R / RP
September 04, 2020, 06:32:15 PM
Just tried that. It also worked out of the box and only took about 10 seconds.

Got two files: gang100.bin and gang200.bin which both have a size of 32MB.
This dump looks more reliable so this is the way to go I guess :)
#108
Camera-specific Development / Re: Canon EOS R / RP
September 04, 2020, 06:07:17 PM
I can confirm that the Canon Basic dumper also works on the EOS RP.

ROM size is 32MB. Dumping takes about ~2 hours and 15 minutes so you better have your battery charged before dumping :).
You don't have to set the bootflag for that so this can be done without opening the case at all.
#109
Camera-specific Development / Re: Canon EOS R5 / R6
September 02, 2020, 12:48:38 AM
I am going to try out the Jtagulator: http://www.grandideastudio.com/jtagulator/

This device can scan up to 24 pins simultaneously and figures out the pinout of UART or JTAG. You can also set the voltage via software at which the device scans the pins (pretty handy for 1.8V pins).
It is a bit expensive but it is also open source so I will solder it by myself within the next few days.

I will let you let you know once I've tried that out but first the PCB and the parts needs to arrive...
#110
Camera-specific Development / Re: Canon EOS R / RP
August 13, 2020, 11:10:31 PM
Hi,
I just got an EOS RP as my first camera recently. After watching some youtube videos about photography I've found out about magic lantern as a way to hack canon cameras. I have some experience with embedded software development (Arduino / AVR and STM32F4 / ARM) and I've also some knowledge about reverse engineering (x86/x64 on Windows). I've good knowledge in C / C++.

With the help of names_are_hard on discord I am already able to compile ML and qemu for the 50D, which meight help me getting familiar with ML development. Luckily a friend of mine has a 50D laying around which I can use for playing around, since he has a newer camera and doesn't need it right now.

Is there a way I can help? Is it possible to dump the firmware of the RP so I can take a look with Ghidra on it?
Pages 1 ... 3 4 5