I wrote a small sequence, which will help us to find the signature.
We know that the functions are in the boot loader area, from FFFF0000 to FFFFFFFF.
The program will create a log file on the SD card with the address and content within the boot loader area.
// Function to read the content of the bootloader and write it to logfile
void booloader_mem_dump_0()
{
// Create a logfile
MyGlobalStdSet();
// We use this pointer to read the content of an address
unsigned int *p_addr = NULL;
// The address range of the boot loader is from 0xFFFF0000 to 0xFFFFFFFF
// START_ADR: 0xFFFF0000
// END_ADR: 0xFFFFFFFC (last address not relevant, therefore 0xFFFFFFFC instead of 0xFFFFFFFF)
//
// Each address holds a 32 bit value => 4 bytes, therefore we have to increment the address by 4.
// 0xFFFF0000
// 0xFFFF0004
// 0xFFFF0008
// 0xFFFF000C
// ...
//
printf("\nAddr: Data");
printf("\n---------------");
for(unsigned int i=START_ADR; ((i <= END_ADR) && (i!=0)); i=i+4)
{
// Before assignment, "reset" the pointer to null
p_addr = NULL;
// Now point to the content of the address (in this case "i" is the address)
p_addr = *(int*)i;
// Write the data to the log file
printf("\n%x : %x", i, p_addr);
}
printf("\n\n END \n\n");
// Set pointer to null, since we not needed anymore.
p_addr = NULL;
// Signal finish
SleepTask(5000);
LEDRED = LEDON;
LEDBLUE = LEDON;
SleepTask(5000);
LEDRED = LEDOFF;
LEDBLUE = LEDOFF;
}
// ------------------------------------------------
@shmadul and Levas
We will continue once we found the boot flag functions, therefore we have to make sure that the boot flag functions are correct.
Note: The program will not do anything to the boot flag!
Link:
https://1drv.ms/f/s!AsC1K_kH7N9pbYhpDPUbSuC8Iss1. Download the zip "bootloader_mem_dump.zip" and extract it
2. Build the project by "./run" in terminal (inside the folder)
3. Set the "Auto power of" to 8 or 15 minutes on your camera, we don't want to cancel the write process in between
4. Copy the .fir file on the SD card and execute it (don't touch any buttons afterwards)
5. After the sequence finish (both led, red and blue, turn on and off), copy the "address_log.txt" to your computer
6. Search now for signatures
Log file should look like this (example):
Addr: Data
------------------------
ffff0000 : e59ff018
ffff0004 : e59ff018
....
Now, go through the file and search for the signature (see below, compare Data with the values below).
Once you found them copy the whole section (including address and data) and post it here, then we compare if we all have the same addresses.
// ---------------------------------------------
Signatures
Attention: The order is very important!
The write function should be easy to find. Compare the data values in the log file with the following values.
write_bootflag signature (order of the data):
Data
--------------
E92D41F0
E1A05001
E3A04000
E3500000
13A0733E
The read function will differ from the one that is posted here.
Hint, search first all sequences that has E52DE004 and E3500000. Then search if the sequence has the rest values (3E33A013, 12833A02, 13A02040). The read functions has 2 values (unique) which differs from the sequence listed below.
Lets see if you guys can find the sequence.
read_bootflag signature (order of the data):
Data
--------------
E52DE004
E3500000
3E33A013
12833A02
13A02040
PS: Can you guys provide me your log files so I can check if there is any differences between them? Just PM me with the link.
