Author Topic: Firmware Update/Downdate? (Read 109467 times)

yokashin · « **Reply #25 on:** September 29, 2019, 09:25:52 AM »

https://www.slrlounge.com/canon-trying-block-magic-lantern-upcoming-5diii-firmware/

Walter Schulz · « **Reply #26 on:** September 29, 2019, 09:34:35 AM »

[rant]That's the nonsensical FUD BS swept through the internet in January 2015 showing clearly people have no clue how things work and how far away from good journalistic practice most news aggregation sites are. This BS almost never got corrected.[/rant]

Quote

Accuracy and standards for factual reporting

Reporters are expected to be as accurate as possible given the time allotted to story preparation and the space available and to seek reliable sources.
Events with a single eyewitness are reported with attribution. Events with two or more independent eyewitnesses may be reported as fact. Controversial facts are reported with attribution.
Independent fact-checking by another employee of the publisher is desirable.
Corrections are published when errors are discovered.
Defendants at trial are treated only as having "allegedly" committed crimes, until conviction, when their crimes are generally reported as fact (unless, that is, there is serious controversy about wrongful conviction).
Opinion surveys and statistical information deserve special treatment to communicate in precise terms any conclusions, to contextualize the results, and to specify accuracy, including estimated error and methodological criticism or flaws.

Source: https://en.wikipedia.org/wiki/Journalism_ethics_and_standards#Accuracy_and_standards_for_factual_reporting
Highlights by me.

yokashin · « **Reply #27 on:** September 29, 2019, 10:23:04 AM »

Only now I noticed that it is news from 5 years ago ... Google found it as a novelty.

Walter Schulz · « **Reply #28 on:** September 29, 2019, 11:22:46 AM »

@Danne & dfort:
Would a spare 5D3 in your hands help?

Danne · « **Reply #29 on:** September 29, 2019, 11:41:25 AM »

I have a 5d3 but not moving from 1.1.3 to a locked state. I guess a rom dump from 1.3.6 is where to start. Thinking me and dfort could do this together.

Walter Schulz · « **Reply #30 on:** September 29, 2019, 11:55:15 AM »

Good! A1ex has a ROM dump from a working cam.
Let us hear if there is anything to do for non-coders like me.

chris_overseas · « **Reply #31 on:** September 29, 2019, 01:19:27 PM »

My time has been extremely limited for ML of late too but I'll try and help out with this as much as I can, I'm pretty familiar with stub hunting on the 5D3.

Danne · « **Reply #32 on:** September 29, 2019, 01:45:55 PM »

I started out here:
https://bitbucket.org/Dannephoto/magic-lantern/commits/c4ec4869702ea1c5c086f858cf3be9624fb244e2

Danne · « **Reply #33 on:** September 29, 2019, 03:46:17 PM »

A few more...
https://bitbucket.org/Dannephoto/magic-lantern/commits/dde404699bfd22f9518d33d8eaa40ff771c844ca

dfort · « **Reply #34 on:** September 29, 2019, 05:11:54 PM »

Got a question via PM that's probably best answered publicly since there seems to be a few people working on this:

Quote from: Danne on September 29, 2019, 01:16:47 PM

I disassembled firmware for both 1.1.3 and 1.3.6. I guess comparing stubs now is the way to go? Or should I dissasemble from 1.2.3 instead? hm. Guidance?

It is easier if you compare stubs with a more recent version. I've got branches for both 1.3.4 which is pretty much working and 1.3.5 which is pretty much finished except I don't know how to handle the change with RESTARTSTART that's required to get it working. Note that I also compared with Chris Miller's 5D3.133 branch (a.k.a. chris_overseas on the forum) which is a little old but it also pretty much works.

One shortcut to finding stubs is to run contrib/stub-checker/check-stubs.py on one of the recent versions and your work in progress. Look at the offset for the stubs you found and chances are it will help get you close on the other stubs you are looking for. The hard part is looking up the constants and searching for things that need to be changed that is sprinkled all over the place. Refer to the changes in my firmware update pull requests for hints.

Also note that these topics might be more appropriate for discussing porting to new firmwares:

Porting a Canon firmware update
Canon 5D Mark III / 5D3 / Firmware 1.3.4 (or start a new one for 1.3.6)

Danne · « **Reply #35 on:** September 29, 2019, 08:04:11 PM »

Ok, I just keep going from what I began to keep momentum. I guess most of the ones I find will be valid so completed about half in stubs.S for now.

Danne · « **Reply #36 on:** September 30, 2019, 01:25:39 PM »

Just finished stubs.S but there are a few TODO places that I can´t find. Hint/help needed. Following are missing atm:

Code: [Select]

NSTUB(   0x24B60,  dm_names) //todo
NSTUB(   0x25114,  task_max) //TODO
NSTUB(0xFFA02C54 - RAM_OFFSET,  post_isr_hook) // TODO (Not present in ROM1?)
NSTUB(0xFFA02C50 - RAM_OFFSET,  pre_isr_hook) // TODO (Not present in ROM1?)
NSTUB(   0x23E14,  current_task) // TODO CORRECT 0002731c?
NSTUB(     0x674,  current_interrupt) //TODO No idea what stub   
NSTUB(   0x23D00,  task_dispatch_hook) //TODO
NSTUB(0x23F4C,     terminateShutdown_save_settings) //TODO
NSTUB(0x23F50,     terminateAbort_save_settings) //TODO

Commit:
https://bitbucket.org/Dannephoto/magic-lantern/commits/de3c3c84d4ea8c9dd2893c207c5d7f11f1d86716

chris_overseas · « **Reply #37 on:** September 30, 2019, 10:14:50 PM »

Here's what I found so far when comparing to 1.2.3:

NSTUB( 0x27F78, dm_names)
NSTUB( 0x2731C, current_task)
NSTUB( 0x27208, task_dispatch_hook)
NSTUB( 0x2852C, task_max)

Where did the terminateShutdown_save_settings and terminateAbort_save_settings stubs come from, 1.3.4 I guess? I don't see those in 1.2.3.

Danne · « **Reply #38 on:** September 30, 2019, 10:27:21 PM »

I update from 1.1.3

Anyone, feel free to join in and continue stubs and constants updating. A bit busy next couple of days.

dfort · « **Reply #39 on:** September 30, 2019, 10:38:23 PM »

Quote from: chris_overseas on September 30, 2019, 10:14:50 PM

Where did the terminateShutdown_save_settings and terminateAbort_save_settings stubs come from, 1.3.4 I guess? I don't see those in 1.2.3.

Those are in crop_rec_4k and probably some other experimental branches.

Here's what I found for 1.3.6:

Code: [Select]

NSTUB(   0X27F78,  dm_names)
NSTUB(   0X2852C,  task_max)
NSTUB(   0x27214,  post_isr_hook)
NSTUB(   0x27210,  pre_isr_hook)
NSTUB(   0X2731C,  current_task)
NSTUB(     0x674,  current_interrupt) 
NSTUB(   0x27208,  task_dispatch_hook)
NSTUB(   0x27454,  terminateShutdown_save_settings)
NSTUB(   0x27458,  terminateAbort_save_settings)

Danne · « **Reply #40 on:** September 30, 2019, 10:50:21 PM »

Thanks. Added those to my stubs.S so complete now hopefully.

shakenda · « **Reply #41 on:** October 01, 2019, 01:36:50 AM »

So, I had to send one of my 5d mk IIIs in for repair recently. I've been using ML for firmware 1.2.3 for years now on all three of my mk IIIs without issue. They repaired the camera, but also upgraded the firmware to 1.3.6, locking it from downgrading. So now I'm stuck with a camera that is basically useless to me for video. I'll call CPS (of which I'm a Platinum member) tomorrow to see if they will let me send it in to be downgraded, but my hopes aren't high.

It's ridiculous that they would do this. ML makes the 5D actually usable for video. I have a mk IV that I only use for stills because there's no ML for it yet. If they won't downgrade it, I'm going to have to sell this camera and I guess I'll just buy a BlackMagic Pocket 6K with EF mount instead.

shakenda · « **Reply #42 on:** October 03, 2019, 08:44:30 PM »

Well, believe it or not, they did downgrade my firmware back to 1.2.3. They asked for a reason and I didn't want to say it was for ML, so I just said I've been using that version for years now on all three of my mk iii cameras bodies and feel most comfortable with it. Anyway, just FYI.

Walter Schulz · « **Reply #43 on:** October 03, 2019, 10:15:08 PM »

Never heard about people getting problems with support because of ML. Most users are unaware of the bootflag (which is easily detectable by support) giving away cam being "MLed".

@a1ex: Can you add some text regarding this downgrade option into Twitter and install instructions?

Lupo · « **Reply #44 on:** October 04, 2019, 08:42:55 PM »

I'm a 5D MarkIII owner/user and my knowledge ends there

Even so, if I can be helpful in anything as owner/user please let me know.

Walter Schulz · « **Reply #45 on:** October 04, 2019, 08:51:51 PM »

Haven't you read? Canon CPS is able to downgrade your cam. Depending on your support status (CPS membership or not) you may be charged or not.

dfort · « **Reply #46 on:** October 16, 2019, 05:53:09 PM »

Been working with Danne and critix on 5D3.136. Looks like everybody is busy lately. Same here, I really should be doing something else.

Found several stubs that were off by running the check-stubs.py script. I'm also working off my 1.3.5 port because it boots in QEMU and it shouldn't be too much of a jump going from 1.3.5 to 1.3.6. Still not working so it is probably a constant or something else that's off.

Here's the script comparing 1.2.3 against 1.3.5 and 1.3.6. Anything that looks amiss?

Code: [Select]

check-stubs.py ../../platform/5D3.123/stubs.S ~/magic-lantern_backup/platform/5D3.135/stubs.S 

STUB                                   OLD           NEW     DELTA
current_interrupt                   0x00000674 -> 0x00000674 [0x000]
create_init_task                    0x00002eb8 -> 0x00002eb8 [0x000]
DryosDebugMsg                       0x00005b90 -> 0x00005be8 [0x058] [!!!]
dm_set_store_level                  0x00005ef8 -> 0x00005f50 [0x058] [!!!]
SetHPTimerAfterNow                  0x00007218 -> 0x00007270 [0x058] [!!!]
SetHPTimerNextTick                  0x00007308 -> 0x00007360 [0x058] [!!!]
create_named_semaphore              0x00008420 -> 0x00008478 [0x058] [!!!]
take_semaphore                      0x00008580 -> 0x000085d8 [0x058] [!!!]
give_semaphore                      0x0000866c -> 0x000086c4 [0x058] [!!!]
msleep                              0x00008a5c -> 0x00008ab4 [0x058] [!!!]
task_create                         0x00008b10 -> 0x00008b68 [0x058] [!!!]
GetSizeOfMaxRegion                  0x000096ec -> 0x00009744 [0x058] [!!!]
GetMemoryInformation                0x00009740 -> 0x00009798 [0x058] [!!!]
_AllocateMemory                     0x000099a0 -> 0x000099f8 [0x058] [!!!]
_FreeMemory                         0x00009d3c -> 0x00009d94 [0x058] [!!!]
CreateMemoryChunk                   0x0000a604 -> 0x0000a65c [0x058] [!!!]
GetMemoryAddressOfMemoryChunk       0x0000aba8 -> 0x0000ac00 [0x058] [!!!]
DeleteMemorySuite                   0x0000ac1c -> 0x0000ac74 [0x058] [!!!]
CreateMemorySuite                   0x0000ae24 -> 0x0000ae7c [0x058] [!!!]
AddMemoryChunk                      0x0000b100 -> 0x0000b158 [0x058] [!!!]
GetFirstChunkFromSuite              0x0000b1d0 -> 0x0000b228 [0x058] [!!!]
GetNextMemoryChunk                  0x0000b96c -> 0x0000b9c4 [0x058] [!!!]
msg_queue_create                    0x0000c1bc -> 0x0000c214 [0x058] [!!!]
CreateRecursiveLock                 0x0000c3a4 -> 0x0000c3fc [0x058] [!!!]
SetTimerAfter                       0x0000d780 -> 0x0000d7d8 [0x058] [!!!]
CancelTimer                         0x0000d980 -> 0x0000d9d8 [0x058] [!!!]
task_trampoline                     0x0000de28 -> 0x0000de80 [0x058] [!!!]
SetEDmac                            0x000125f8 -> 0x00012650 [0x058] [!!!]
ConnectWriteEDmac                   0x000126a4 -> 0x000126fc [0x058] [!!!]
ConnectReadEDmac                    0x00012768 -> 0x000127c0 [0x058] [!!!]
StartEDmac                          0x00012910 -> 0x00012968 [0x058] [!!!]
AbortEDmac                          0x00012a5c -> 0x00012ab4 [0x058] [!!!]
RegisterEDmacCompleteCBR            0x00012afc -> 0x00012b54 [0x058] [!!!]
UnregisterEDmacCompleteCBR          0x00012b38 -> 0x00012b90 [0x058] [!!!]
RegisterEDmacAbortCBR               0x00012be4 -> 0x00012c3c [0x058] [!!!]
UnregisterEDmacAbortCBR             0x00012c20 -> 0x00012c78 [0x058] [!!!]
RegisterEDmacPopCBR                 0x00012c78 -> 0x00012cd0 [0x058] [!!!]
UnregisterEDmacPopCBR               0x00012cb4 -> 0x00012d0c [0x058] [!!!]
msg_queue_receive                   0x00014680 -> 0x000146d8 [0x058] [!!!]
msg_queue_post                      0x0001486c -> 0x000148c4 [0x058] [!!!]
msg_queue_count                     0x000148ac -> 0x00014904 [0x058] [!!!]
AcquireRecursiveLock                0x000149b8 -> 0x00014a10 [0x058] [!!!]
ReleaseRecursiveLock                0x00014acc -> 0x00014b24 [0x058] [!!!]
vsnprintf                           0x00015ff4 -> 0x0001604c [0x058] [!!!]
_alloc_dma_memory                   0x00017f9c -> 0x00017ff4 [0x058] [!!!]
_free_dma_memory                    0x00017fd0 -> 0x00018028 [0x058] [!!!]
is_taskid_valid                     0x00019918 -> 0x00019970 [0x058] [!!!]
bzero32                             0x0001c448 -> 0x0001c4a0 [0x058] [!!!]
task_dispatch_hook                  0x00023d00 -> 0x00027208 [0x3508] [!!!]
pre_isr_hook                        0x00023d08 -> 0x00027210 [0x3508] [!!!]
post_isr_hook                       0x00023d0c -> 0x00027214 [0x3508] [!!!]
current_task                        0x00023e14 -> 0x0002731c [0x3508] [!!!]
gui_main_struct                     0x00024120 -> 0x00027628 [0x3508] [!!!]
dm_names                            0x00024a70 -> 0x00027f78 [0x3508] [!!!]
task_max                            0x00025024 -> 0x0002852c [0x3508] [!!!]
gui_task_list                       0x000321c8 -> 0x000356e8 [0x3520] [!!!]
cf_device_ptr                       0x00036184 -> 0x000396a4 [0x3520] [!!!]
sd_device                           0x00039960 -> 0x0003ce80 [0x3520] [!!!]
LCD_Palette                         0x00041510 -> 0x00044a30 [0x3520] [!!!]
bmp_vram_info                       0x00042d10 -> 0x00046230 [0x3520] [!!!]
additional_version                  0x00046910 -> 0x00049e30 [0x3520] [!!!]
camera_engine                       0xc0220000 -> 0xc0220000 [0x000]
cstart                              0xff0c1ca0 -> 0xff0c1ca0 [0x000] [!!!]
init_task                           0xff0c5298 -> 0xff0c5298 [0x000] [!!!]
_malloc                             0xff0c8178 -> 0xff0c8178 [0x000] [!!!]
_free                               0xff0c81d0 -> 0xff0c81d0 [0x000] [!!!]
gui_main_task                       0xff0de948 -> 0xff0de948 [0x000] [!!!]
GUI_Control                         0xff0ded1c -> 0xff0ded1c [0x000] [!!!]
gui_init_end                        0xff0df384 -> 0xff0df384 [0x000] [!!!]
SRM_AllocateMemoryResourceFor1stJob 0xff0ee3e8 -> 0xff0ee3e8 [0x000] [!!!]
SRM_FreeMemoryResourceFor1stJob     0xff0f18f8 -> 0xff0f18f8 [0x000] [!!!]
StartASIFDMAADC                     0xff10e634 -> 0xff10e634 [0x000] [!!!]
StopASIFDMAADC                      0xff10e7b0 -> 0xff10e7b0 [0x000] [!!!]
StartASIFDMADAC                     0xff10e7ec -> 0xff10e7ec [0x000] [!!!]
StopASIFDMADAC                      0xff10e8c4 -> 0xff10e8c4 [0x000] [!!!]
SetNextASIFADCBuffer                0xff10ed68 -> 0xff10ed68 [0x000] [!!!]
SetNextASIFDACBuffer                0xff10ee1c -> 0xff10ee1c [0x000] [!!!]
prop_register_slave                 0xff12301c -> 0xff12301c [0x000] [!!!]
_prop_request_change                0xff123210 -> 0xff123210 [0x000] [!!!]
prop_deliver                        0xff1237cc -> 0xff1237cc [0x000] [!!!]
_prop_cleanup                       0xff123898 -> 0xff123898 [0x000] [!!!]
LoadCalendarFromRTC                 0xff135fd4 -> 0xff135fd4 [0x000] [!!!]
_audio_ic_write                     0xff136f68 -> 0xff136f68 [0x000] [!!!]
_audio_ic_read                      0xff137020 -> 0xff137020 [0x000] [!!!]
SetAudioVolumeOut                   0xff137168 -> 0xff137168 [0x000] [!!!]
PowerAudioOutput                    0xff1379d0 -> 0xff1379d0 [0x000] [!!!]
SetSamplingRate                     0xff137a68 -> 0xff137a68 [0x000] [!!!]
call                                0xff13b750 -> 0xff13b750 [0x000] [!!!]
AllocateMemoryResource              0xff13c1f8 -> 0xff13c1f8 [0x000] [!!!]
AllocateContinuousMemoryResource    0xff13c244 -> 0xff13c244 [0x000] [!!!]
FreeMemoryResource                  0xff13c35c -> 0xff13c35c [0x000] [!!!]
SetGUIRequestMode                   0xff18b6cc -> 0xff18b6cc [0x000] [!!!]
gui_massive_event_loop              0xff1a7bbc -> 0xff1a7d18 [0x15c]
GUI_SetRollingPitchingLevelStatus   0xff2763a4 -> 0xff276500 [0x15c]
_EngDrvOut                          0xff290c80 -> 0xff290ddc [0x15c]
shamem_read                         0xff290d1c -> 0xff290e78 [0x15c]
_engio_write                        0xff290f98 -> 0xff2910f4 [0x15c]
CreateResLockEntry                  0xff294ef0 -> 0xff29504c [0x15c]
LockEngineResources                 0xff2953b8 -> 0xff295514 [0x15c]
UnLockEngineResources               0xff29555c -> 0xff2956b8 [0x15c]
_FIO_OpenFile                       0xff30e3b4 -> 0xff30e524 [0x170]
_FIO_CreateFile                     0xff30e470 -> 0xff30e5e0 [0x170]
_FIO_RemoveFile                     0xff30e51c -> 0xff30e68c [0x170]
_FIO_ReadFile                       0xff30e5c4 -> 0xff30e734 [0x170]
FIO_SeekSkipFile                    0xff30e674 -> 0xff30e7e4 [0x170]
_FIO_WriteFile                      0xff30e764 -> 0xff30e8d4 [0x170]
FIO_CloseFile                       0xff30e814 -> 0xff30e984 [0x170]
_FIO_GetFileSize                    0xff30e990 -> 0xff30eb00 [0x170]
_FIO_CreateDirectory                0xff30f070 -> 0xff30f1e0 [0x170]
_FIO_FindFirstEx                    0xff30f638 -> 0xff30f7a8 [0x170]
FIO_FindNextEx                      0xff30f72c -> 0xff30f89c [0x170]
FIO_FindClose                       0xff30f80c -> 0xff30f97c [0x170]
dialog_set_property_str             0xff35921c -> 0xff35937c [0x160]
PlayMain_handler                    0xff36deb8 -> 0xff36e018 [0x160]
ptp_register_handler                0xff3fde4c -> 0xff3fe148 [0x2fc]
dialog_redraw                       0xff456524 -> 0xff456820 [0x2fc]
FSUunMountDevice                    0xff48b788 -> 0xff48ba84 [0x2fc]
ErrForCamera_handler                0xff4a7318 -> 0xff4a7600 [0x2e8]
CancelDateTimer                     0xff4aeddc -> 0xff4af104 [0x328]
HideUnaviFeedBack_maybe             0xff4b62e0 -> 0xff4b6608 [0x328]
LiveViewApp_handler                 0xff4ba780 -> 0xff4baaa8 [0x328]
ShootOlcApp_handler                 0xff4c13a4 -> 0xff4c16cc [0x328]
PlayMovieGuideApp_handler           0xff4d6494 -> 0xff4d67c0 [0x32c]
fsuDecodePartitionTable             0xff5c5e0c -> 0xff5c6140 [0x334]
ErrCardForLVApp_handler             0xff626ea0 -> 0xff627290 [0x3f0]
LiveViewWbApp_handler               0xff62e43c -> 0xff62e82c [0x3f0]
LiveViewLevelApp_handler            0xff663ce8 -> 0xff6640e0 [0x3f8]

Code: [Select]

check-stubs.py ../../platform/5D3.123/stubs.S ../../platform/5D3.136/stubs.S

STUB                                   OLD           NEW     DELTA
current_interrupt                   0x00000674 -> 0x00000674 [0x000]
create_init_task                    0x00002eb8 -> 0x00002eb8 [0x000]
DryosDebugMsg                       0x00005b90 -> 0x00005be8 [0x058] [!!!]
dm_set_store_level                  0x00005ef8 -> 0x00005f50 [0x058] [!!!]
SetHPTimerAfterNow                  0x00007218 -> 0x00007270 [0x058] [!!!]
SetHPTimerNextTick                  0x00007308 -> 0x00007360 [0x058] [!!!]
create_named_semaphore              0x00008420 -> 0x00008478 [0x058] [!!!]
take_semaphore                      0x00008580 -> 0x000085d8 [0x058] [!!!]
give_semaphore                      0x0000866c -> 0x000086c4 [0x058] [!!!]
msleep                              0x00008a5c -> 0x00008ab4 [0x058] [!!!]
task_create                         0x00008b10 -> 0x00008b68 [0x058] [!!!]
GetSizeOfMaxRegion                  0x000096ec -> 0x00009744 [0x058] [!!!]
GetMemoryInformation                0x00009740 -> 0x00009798 [0x058] [!!!]
_AllocateMemory                     0x000099a0 -> 0x000099f8 [0x058] [!!!]
_FreeMemory                         0x00009d3c -> 0x00009d94 [0x058] [!!!]
CreateMemoryChunk                   0x0000a604 -> 0x0000a65c [0x058] [!!!]
GetMemoryAddressOfMemoryChunk       0x0000aba8 -> 0x0000ac00 [0x058] [!!!]
DeleteMemorySuite                   0x0000ac1c -> 0x0000ac74 [0x058] [!!!]
CreateMemorySuite                   0x0000ae24 -> 0x0000ae7c [0x058] [!!!]
AddMemoryChunk                      0x0000b100 -> 0x0000b158 [0x058] [!!!]
GetFirstChunkFromSuite              0x0000b1d0 -> 0x0000b228 [0x058] [!!!]
GetNextMemoryChunk                  0x0000b96c -> 0x0000b9c4 [0x058] [!!!]
msg_queue_create                    0x0000c1bc -> 0x0000c214 [0x058] [!!!]
CreateRecursiveLock                 0x0000c3a4 -> 0x0000c3fc [0x058] [!!!]
SetTimerAfter                       0x0000d780 -> 0x0000d7d8 [0x058] [!!!]
CancelTimer                         0x0000d980 -> 0x0000d9d8 [0x058] [!!!]
task_trampoline                     0x0000de28 -> 0x0000de80 [0x058] [!!!]
SetEDmac                            0x000125f8 -> 0x00012650 [0x058] [!!!]
ConnectWriteEDmac                   0x000126a4 -> 0x000126fc [0x058] [!!!]
ConnectReadEDmac                    0x00012768 -> 0x000127c0 [0x058] [!!!]
StartEDmac                          0x00012910 -> 0x00012968 [0x058] [!!!]
AbortEDmac                          0x00012a5c -> 0x00012ab4 [0x058] [!!!]
RegisterEDmacCompleteCBR            0x00012afc -> 0x00012b54 [0x058] [!!!]
UnregisterEDmacCompleteCBR          0x00012b38 -> 0x00012b90 [0x058] [!!!]
RegisterEDmacAbortCBR               0x00012be4 -> 0x00012c3c [0x058] [!!!]
UnregisterEDmacAbortCBR             0x00012c20 -> 0x00012c78 [0x058] [!!!]
RegisterEDmacPopCBR                 0x00012c78 -> 0x00012cd0 [0x058] [!!!]
UnregisterEDmacPopCBR               0x00012cb4 -> 0x00012d0c [0x058] [!!!]
msg_queue_receive                   0x00014680 -> 0x000146d8 [0x058] [!!!]
msg_queue_post                      0x0001486c -> 0x000148c4 [0x058] [!!!]
msg_queue_count                     0x000148ac -> 0x00014904 [0x058] [!!!]
AcquireRecursiveLock                0x000149b8 -> 0x00014a10 [0x058] [!!!]
ReleaseRecursiveLock                0x00014acc -> 0x00014b24 [0x058] [!!!]
vsnprintf                           0x00015ff4 -> 0x0001604c [0x058] [!!!]
_alloc_dma_memory                   0x00017f9c -> 0x00017ff4 [0x058] [!!!]
_free_dma_memory                    0x00017fd0 -> 0x00018028 [0x058] [!!!]
is_taskid_valid                     0x00019918 -> 0x00019970 [0x058] [!!!]
bzero32                             0x0001c448 -> 0x0001c4a0 [0x058] [!!!]
task_dispatch_hook                  0x00023d00 -> 0x00027208 [0x3508] [!!!]
pre_isr_hook                        0x00023d08 -> 0x00027210 [0x3508] [!!!]
post_isr_hook                       0x00023d0c -> 0x00027214 [0x3508] [!!!]
current_task                        0x00023e14 -> 0x0002731c [0x3508] [!!!]
gui_main_struct                     0x00024120 -> 0x00027628 [0x3508] [!!!]
dm_names                            0x00024a70 -> 0x00027f78 [0x3508] [!!!]
task_max                            0x00025024 -> 0x0002852c [0x3508] [!!!]
gui_task_list                       0x000321c8 -> 0x000356e8 [0x3520] [!!!]
cf_device_ptr                       0x00036184 -> 0x000396a4 [0x3520] [!!!]
sd_device                           0x00039960 -> 0x0003ce80 [0x3520] [!!!]
LCD_Palette                         0x00041510 -> 0x00044a30 [0x3520] [!!!]
bmp_vram_info                       0x00042d10 -> 0x00046230 [0x3520] [!!!]
additional_version                  0x00046910 -> 0x00049e30 [0x3520] [!!!]
camera_engine                       0xc0220000 -> 0xc0220000 [0x000]
cstart                              0xff0c1ca0 -> 0xff0c1ca0 [0x000] [!!!]
init_task                           0xff0c5298 -> 0xff0c5298 [0x000] [!!!]
_malloc                             0xff0c8178 -> 0xff0c8178 [0x000] [!!!]
_free                               0xff0c81d0 -> 0xff0c81d0 [0x000] [!!!]
gui_main_task                       0xff0de948 -> 0xff0de948 [0x000] [!!!]
GUI_Control                         0xff0ded1c -> 0xff0ded1c [0x000] [!!!]
gui_init_end                        0xff0df384 -> 0xff0df384 [0x000] [!!!]
SRM_AllocateMemoryResourceFor1stJob 0xff0ee3e8 -> 0xff0ee3e8 [0x000] [!!!]
SRM_FreeMemoryResourceFor1stJob     0xff0f18f8 -> 0xff0f18f8 [0x000] [!!!]
StartASIFDMAADC                     0xff10e634 -> 0xff10e634 [0x000] [!!!]
StopASIFDMAADC                      0xff10e7b0 -> 0xff10e7b0 [0x000] [!!!]
StartASIFDMADAC                     0xff10e7ec -> 0xff10e7ec [0x000] [!!!]
StopASIFDMADAC                      0xff10e8c4 -> 0xff10e8c4 [0x000] [!!!]
SetNextASIFADCBuffer                0xff10ed68 -> 0xff10ed68 [0x000] [!!!]
SetNextASIFDACBuffer                0xff10ee1c -> 0xff10ee1c [0x000] [!!!]
prop_register_slave                 0xff12301c -> 0xff12301c [0x000] [!!!]
_prop_request_change                0xff123210 -> 0xff123210 [0x000] [!!!]
prop_deliver                        0xff1237cc -> 0xff1237cc [0x000] [!!!]
_prop_cleanup                       0xff123898 -> 0xff123898 [0x000] [!!!]
LoadCalendarFromRTC                 0xff135fd4 -> 0xff135fd4 [0x000] [!!!]
_audio_ic_write                     0xff136f68 -> 0xff136f68 [0x000] [!!!]
_audio_ic_read                      0xff137020 -> 0xff137020 [0x000] [!!!]
SetAudioVolumeOut                   0xff137168 -> 0xff137168 [0x000] [!!!]
PowerAudioOutput                    0xff1379d0 -> 0xff1379d0 [0x000] [!!!]
SetSamplingRate                     0xff137a68 -> 0xff137a68 [0x000] [!!!]
call                                0xff13b750 -> 0xff13b750 [0x000] [!!!]
AllocateMemoryResource              0xff13c1f8 -> 0xff13c1f8 [0x000] [!!!]
AllocateContinuousMemoryResource    0xff13c244 -> 0xff13c244 [0x000] [!!!]
FreeMemoryResource                  0xff13c35c -> 0xff13c35c [0x000] [!!!]
SetGUIRequestMode                   0xff18b6cc -> 0xff18b6cc [0x000] [!!!]
gui_massive_event_loop              0xff1a7bbc -> 0xff1a7d18 [0x15c]
GUI_SetRollingPitchingLevelStatus   0xff2763a4 -> 0xff2764d0 [0x12c]
_EngDrvOut                          0xff290c80 -> 0xff290ec0 [0x240]
shamem_read                         0xff290d1c -> 0xff290f5c [0x240]
_engio_write                        0xff290f98 -> 0xff2911d8 [0x240]
CreateResLockEntry                  0xff294ef0 -> 0xff295130 [0x240]
LockEngineResources                 0xff2953b8 -> 0xff2955f8 [0x240]
UnLockEngineResources               0xff29555c -> 0xff29579c [0x240]
_FIO_OpenFile                       0xff30e3b4 -> 0xff30e608 [0x254]
_FIO_CreateFile                     0xff30e470 -> 0xff30e6c4 [0x254]
_FIO_RemoveFile                     0xff30e51c -> 0xff30e770 [0x254]
_FIO_ReadFile                       0xff30e5c4 -> 0xff30e818 [0x254]
FIO_SeekSkipFile                    0xff30e674 -> 0xff30e8c8 [0x254]
_FIO_WriteFile                      0xff30e764 -> 0xff30e9b8 [0x254]
FIO_CloseFile                       0xff30e814 -> 0xff30ea68 [0x254]
_FIO_GetFileSize                    0xff30e990 -> 0xff30ebe4 [0x254]
_FIO_CreateDirectory                0xff30f070 -> 0xff30f2c4 [0x254]
_FIO_FindFirstEx                    0xff30f638 -> 0xff30f88c [0x254]
FIO_FindNextEx                      0xff30f72c -> 0xff30f980 [0x254]
FIO_FindClose                       0xff30f80c -> 0xff30fa60 [0x254]
dialog_set_property_str             0xff35921c -> 0xff359460 [0x244]
PlayMain_handler                    0xff36deb8 -> 0xff36e0fc [0x244]
ptp_register_handler                0xff3fde4c -> 0xff3fe22c [0x3e0]
dialog_redraw                       0xff456524 -> 0xff456904 [0x3e0]
FSUunMountDevice                    0xff48b788 -> 0xff48bb68 [0x3e0]
ErrForCamera_handler                0xff4a7318 -> 0xff4a76e4 [0x3cc]
CancelDateTimer                     0xff4aeddc -> 0xff4af1e8 [0x40c]
HideUnaviFeedBack_maybe             0xff4b62e0 -> 0xff4b66ec [0x40c]
LiveViewApp_handler                 0xff4ba780 -> 0xff4bab8c [0x40c]
ShootOlcApp_handler                 0xff4c13a4 -> 0xff4c17b0 [0x40c]
PlayMovieGuideApp_handler           0xff4d6494 -> 0xff4d68a4 [0x410]
fsuDecodePartitionTable             0xff5c5e0c -> 0xff5c6224 [0x418]
ErrCardForLVApp_handler             0xff626ea0 -> 0xff627374 [0x4d4]
LiveViewWbApp_handler               0xff62e43c -> 0xff62e910 [0x4d4]
LiveViewLevelApp_handler            0xff663ce8 -> 0xff6641c4 [0x4dc]

https://bitbucket.org/daniel_fort/magic-lantern/branch/update-to-5D.136-wip

dfort · « **Reply #47 on:** October 16, 2019, 08:03:16 PM »

Some progress - minimal working:

Got the firmware signature - yay!

Still rough around the edges, haven't been able to get into the ML menus and it crashes but it is a start:

DeafEyeJedi · « **Reply #48 on:** October 16, 2019, 08:42:25 PM »

That’s some progress. Amazing work @dfort!

GullRaDriel · « **Reply #49 on:** October 17, 2019, 05:44:44 PM »

Yes, good job !

News:

Author Topic: Firmware Update/Downdate? (Read 109467 times)

dfort

dfort

dfort

dfort