Author Topic: Portable ROM dumper  (Read 21735 times)

g3gg0

  • Developer
  • Hero Member
  • *****
  • Posts: 3109
Re: Portable ROM dumper
« Reply #50 on: October 27, 2017, 05:58:36 PM »
wondering why it failed in the first place.
maybe some counter overflowing? hmmm
Help us with datasheets - Help us with register dumps
magic lantern: 1Magic9991E1eWbGvrsx186GovYCXFbppY, server expenses: [email protected]
ONLY donate for things we have done, not for things you expect!

dfort

  • Developer
  • Hero Member
  • *****
  • Posts: 3031
Re: Portable ROM dumper
« Reply #51 on: April 10, 2018, 08:17:19 PM »
Got my hands on a 500D and thought I'd try dumping the 1.1.2 firmware but ran into this:



Same issue with 1.1.1. I have used the portable dumper a few times and have never seen this before.
5D3.* 7D.206 700D.115 EOSM.203 EOSM2.103 500D.112

a1ex

  • Administrator
  • Hero Member
  • *****
  • Posts: 11480
  • 5D Mark Free
Re: Portable ROM dumper
« Reply #52 on: April 10, 2018, 08:26:27 PM »
Old-style model; covered in first post.

The good old blind dumper appears to work in QEMU (should work on all D4 and D5 models with bootflag enabled, except 7D). Make sure you have a valid image on the card, then go to PLAY mode. Split the dump in two, like you did on M2.

dfort

  • Developer
  • Hero Member
  • *****
  • Posts: 3031
Re: Portable ROM dumper
« Reply #53 on: April 10, 2018, 09:18:10 PM »
Well that does look similar to what we were doing a year ago. Tried the "blind dumper" and it gave me a file named "As" that was apparently the ROM1.BIN and didn't need to be split. Disassembled it and it looks good.

Thanks again!
5D3.* 7D.206 700D.115 EOSM.203 EOSM2.103 500D.112

a1ex

  • Administrator
  • Hero Member
  • *****
  • Posts: 11480
  • 5D Mark Free
Re: Portable ROM dumper
« Reply #54 on: April 24, 2018, 09:54:20 AM »
The issue: Canon's bootloader routines for file I/O copy the data to some cacheable (!) memory; when that buffer reaches 0x4000 bytes, it's written to card using DMA.

Canon finally fixed this in DIGIC 7 8)

The bug is, however, present in DIGIC 6 and earlier.

Updated autoexec.bin (first post) with:
- DIGIC 6 support, including serial flash dump (thanks t3r4n)
- DIGIC 7 support, when the time will come
- same portable binary loads on DIGIC 2, 3, 4, 5, 6, 7 AND 8!

ROM dumpers ready for 200D, 77D, 6D2 and 800D; will post the FIR versions in the DIGIC 7 thread.

These dumpers still require a very small card, but just formatting with a smaller filesystem will do the trick. The easiest way is (still) to write the QEMU SD image onto the card (howto).

The issue can be reproduced in QEMU on a large SD image (or by running from a physical card), so it's clearly not a caching issue. It can be reproduced from the FROMUTILITY menu, without loading AUTOXEC.BIN (proof of concept and details available on request). I believe are two different issues in Canon code: writing from cacheable memory (fixed on D7) and large card support (still present on D7).

rafaelbf

  • New to the forum
  • *
  • Posts: 4
Re: Portable ROM dumper
« Reply #55 on: June 01, 2018, 04:50:44 AM »
Got my hands on a 500D and thought I'd try dumping the 1.1.2 firmware but ran into this:

Same issue with 1.1.1. I have used the portable dumper a few times and have never seen this before.

Hi dfort,

sorry for the late reply... I've tried Portable Dumper on my 500D, same screen on booth firmware, even with low capacity card.

dfort

  • Developer
  • Hero Member
  • *****
  • Posts: 3031
Re: Portable ROM dumper
« Reply #56 on: June 01, 2018, 10:29:20 PM »
@rafaelbf -- We need to use the blind dumper on the 500D.

Supported cameras:
- most DIGIC 4 (exceptions: 500D, 50D, 5D2, 7D)

The good old blind dumper appears to work in QEMU (should work on all D4 and D5 models with bootflag enabled, except 7D). Make sure you have a valid image on the card, then go to PLAY mode. Split the dump in two...

At first I had some issues splitting the dump in two but eventually figured it out.
5D3.* 7D.206 700D.115 EOSM.203 EOSM2.103 500D.112

DrEVILish

  • New to the forum
  • *
  • Posts: 3
Re: Portable ROM dumper
« Reply #57 on: June 15, 2018, 11:54:04 PM »
I have just ordered a 5Ds, which has D6+ like the 7D2, let me know if I can be of assistance, with testing and dumping.