I've read the topic and from what I've understood Digic 6 and Digic 6+ are pretty much uncharted territory, is there any info at all on how to get started on Thumb2?
Is
this not clear enough,
or too hard to find?
(for some reason, it requires a few page reloads in Firefox, but loads out of the box in Chrome - bitbucket issue?)
More importantly, I'd really like a smaller, simpler task to get started
- re-read the thread
- read other DIGIC 6 threads
- read DIGIC 6 threads from CHDK
- find other posts on DIGIC 6, e.g. on the reverse engineering area
- find the latest post related to DIGIC 6 (hint: it was yesterday)
- find recent commits related to DIGIC 6
- find the previous work done for this camera (stubs, emulation, RE notes) and verify it
- run your firmware in QEMU
- pick something that doesn't work and try to fix it
Now the interesting (and difficult) ones (mostly valid for all other D6 models):
- port
io_trace to ARMv7 (can be debugged in QEMU)
- port the 80D, 750D and 5Ds findings (
boot process,
serial flash dumper,
boot flag enabler,
LED blinker, etc) - mostly DONE
-
fix the emulation so it can save files to the virtual card (likely easy, maybe time-consuming) DONE (september 10)
- try to understand the communication between the two cores (main and AE)
-
find a way to jump to main firmware (depends on previous step) DONE (september 7)
-
get debug logs and RAM dumps from the camera*) DONE (september 7)
- find out how the display works (best done by somebody who has a DIGIC 6 camera in their hands; look up 5DS experiments, posts from Ant123 and read the CHDK threads on this topic)
*) This requires the boot flag enabled, and the ability to jump to main firmware on real hardware (non-issues in the emulator); if you get it working in QEMU, I'll take care of these.I really can't afford to brick my 5D4
At this stage, you can't. There's nothing that lets you run user code on the camera; currently, all the analysis is done in the emulator. The only code you can run right now on your camera is the ROM dumper (which does not modify it). If you want to run your own code on the physical camera, you will either need the boot flag enabled, or ask us to sign the binary for you.
The code that enables the boot flag is easy to adapt from 80D/750D/7D2/5DS (where it was confirmed to work), but given the unusual dual-core configuration and the price of the camera, it's a little more risky to try. I'd wait until the communication between the two cores will be understood (that is, until we'll be able to emulate the dual-core boot process in QEMU). I'm working on that, but not full-time.
[...] break down the necessary tasks and distribute them among old and new devs?
There's no such thing here. Anyone (old or new) is free to work on anything they are interested in, whenever they feel like (there are no commitments; this is just a hobby project). There's plenty of low-hanging fruit, but it all starts with reading the previous work (on DIGIC 6 for this particular thread) and running it on your machine. The development tools should work on all major operating systems (with minor rough edges).
Search keyword: easy coding task
