Author Topic: Portable ROM dumper  (Read 48899 times)

a1ex

  • Administrator
  • Hero Member
  • *****
  • Posts: 12241
  • Maintenance mode
Re: Portable ROM dumper
« Reply #125 on: July 27, 2019, 12:04:55 PM »
I tried DUMP_40D.FIR with 4 different CF cards, also old ones with 256 MB capacity, but it does not seem to work: the MD5 for ROM1.BIN is different each time (even if the check with PC always succeeds).
ROM0.MD5 is always the same though...

Already answered this one in the 40D thread (noticed this message afterwards).

That's probably alright - Canon firmware reflashes the ROM at every shutdown, to save their settings. If you compare the two ROMs, you will see differences only in the settings area (not in the executable code).

To get the same MD5 every time, you need to avoid starting the main Canon firmware between the two attempts (i.e. just run the dumper twice, possibly on different cards, without booting the camera normally in-between).

chapan

  • New to the forum
  • *
  • Posts: 5
Re: Portable ROM dumper
« Reply #126 on: August 07, 2019, 05:51:12 PM »
I tried running DMP2000D.FIR on my Canon EOS Rebel T7 and RESCUE.LOG shows this:

  Magic Lantern Rescue
 ----------------------------
 - Model ID: 0x432 2000D
 - Camera model: Canon EOS Rebel T7 / K432
 - Firmware version: 1.0.0 / 2.3.2 13(03)
 - IMG naming: 100CANON/IMG_0786.JPG
 - Boot flags: FIR=0 BOOT=0 RAM=-1 UPD=-1
 - ROMBASEADDR: 0xFE0C0000
 - card_bootflags 1069ec
 - boot_read/write_sector 1071e0 1072d8
 - 101F70 Card init => 2
 - Dumping ROM0... 100%
 - MD5: 66354cabd287d45faae4c6158ba09606
 - Dumping ROM1... 100%
 - MD5: 65a90329df0b77b083a27a1f5583810f
 - No serial flash.
 - Saving RESCUE.LOG ...


But when I try to check the MD5 I get this:

root@craig-ubuntu:~# md5sum -c ROM0.BIN
md5sum: ROM0.BIN: no properly formatted MD5 checksum lines found
root@craig-ubuntu:~# md5sum -c ROM1.BIN
md5sum: ROM1.BIN: no properly formatted MD5 checksum lines found


I tried recreating the ROM files several times but the results are always the same.

Walter Schulz

  • Contributor
  • Hero Member
  • *****
  • Posts: 6762
Re: Portable ROM dumper
« Reply #127 on: August 07, 2019, 07:47:12 PM »
Code: [Select]
md5sum ROM?.BIN -c ROM?.MD5
Photogs and videographers: Assist in proof reading upcoming in-camera help!. Your input is wanted and needed!

chapan

  • New to the forum
  • *
  • Posts: 5
Re: Portable ROM dumper
« Reply #128 on: August 14, 2019, 11:23:24 PM »
This is what I see for Canon EOS Rebel T7.

Magic Lantern Rescue
 ----------------------------
 - Model ID: 0x432 2000D
 - Camera model: Canon EOS Rebel T7 / K432
 - Firmware version: 1.0.0 / 2.3.2 13(03)
 - IMG naming: 100CANON/IMG_0786.JPG
 - Boot flags: FIR=0 BOOT=0 RAM=-1 UPD=-1
 - ROMBASEADDR: 0xFE0C0000
 - card_bootflags 1069ec
 - boot_read/write_sector 1071e0 1072d8
 - 101F70 Card init => 2
 - Dumping ROM0... 100%
 - MD5: 66354cabd287d45faae4c6158ba09606
 - Dumping ROM1... 100%
 - MD5: 65a90329df0b77b083a27a1f5583810f
 - No serial flash.
 - Saving RESCUE.LOG ...


root@craig-ubuntu:~# ls -l ROM*
-rw-r--r-- 1 root root 33554432 Dec 31  1979 ROM0.BIN
-rw-r--r-- 1 root root       43 Dec 31  1979 ROM0.MD5
-rw-r--r-- 1 root root 33554432 Dec 31  1979 ROM1.BIN
-rw-r--r-- 1 root root       43 Dec 31  1979 ROM1.MD5

root@craig-ubuntu:~# md5sum -c ROM0.MD5
ROM0.BIN: FAILED
md5sum: WARNING: 1 computed checksum did NOT match
root@craig-ubuntu:~# md5sum -c ROM1.MD5
ROM1.BIN: OK

md5sum: ROM1.BIN: no properly formatted MD5 checksum lines found
ROM1.BIN: OK

Does that mean ROM1.BIN is the good firmware?




r

chapan

  • New to the forum
  • *
  • Posts: 5
Re: Portable ROM dumper
« Reply #129 on: August 20, 2019, 04:50:28 PM »
Dumping EOS Rebel T7 gives this:

- Model ID: 0x432 2000D
 - Camera model: Canon EOS Rebel T7 / K432
 - Firmware version: 1.0.0 / 2.3.2 13(03)
 - IMG naming: 100CANON/IMG_0786.JPG
 - Boot flags: FIR=0 BOOT=0 RAM=-1 UPD=-1
 - ROMBASEADDR: 0xFE0C0000
 - card_bootflags 1069ec
 - boot_read/write_sector 1071e0 1072d8
 - 101F70 Card init => 2
 - Dumping ROM0... 100%
 - MD5: 66354cabd287d45faae4c6158ba09606
 - Dumping ROM1... 100%
 - MD5: 65a90329df0b77b083a27a1f5583810f
 - No serial flash.


-rw-r--r-- 1 root root 33554432 Aug 15 15:05 ROM0.BIN
-rw-r--r-- 1 root root 33554432 Aug 15 15:05 ROM1.BIN


The MD5 checksum for ROM1.BIN is good. If I run disassemble.pl I get this:

root@craig-ubuntu:/usr/local/qemu-eos/1500D# perl disassemble.pl 0xFE0C0000 ROM1.BIN
offset + filesize - 1 > 0xffffffff. We can't wrap around!

game over at disassemble.pl line 50.


Does that mean the ROM1.BIN file is too big? Is the ROMBASEADDR of 0xFE0C0000 from the RESCUE.LOG the correct address to use?





names_are_hard

  • Contributor
  • Freshman
  • *****
  • Posts: 60
  • 200D idiot
Re: Portable ROM dumper
« Reply #130 on: August 20, 2019, 10:28:10 PM »
Try this:
perl disassemble.pl 0xFE000000 ROM1.BIN

Magiclantern is a bit inconsistent about what "base address" means.  In some places it uses it to mean "entry point address", which is confusing.  0xFE000000 is the base address, ie, the address at which the first byte in the ROM is loaded into memory.  0xFE0C0000 is the entry point address, the address at which execution of the code starts.