Author Topic: Reverse EFS Lens firmware  (Read 1728 times)

leegong

  • New to the forum
  • *
  • Posts: 42
Reverse EFS Lens firmware
« on: November 15, 2017, 02:27:11 AM »
Lens firmware of EF-S 55-250 and EF-S 40 f2.8 are downloadable on Canon offical site ,
with great help from a1ex , i tried to analyze 55-250 firmware , but no progress ,
the BIN seems to be encrypted or i was wrong somewhere.
Now start to analyze Lens firmware of Sigma 24-105mm f4.0 .

leegong

  • New to the forum
  • *
  • Posts: 42
Re: Reverse EFS Lens firmware
« Reply #1 on: November 21, 2017, 04:34:35 AM »
On mainboard of Sigma 24-105 f4.0 EF lens , there is a MCU marked "EIS 944A" ,
Does anybody have more info of this MCU ?

leegong

  • New to the forum
  • *
  • Posts: 42
Re: Reverse EFS Lens firmware
« Reply #2 on: December 14, 2017, 05:38:31 PM »
Just get disassembly of Sigma 35mm F1.4 F-mount lens firmware successfully .
Todo :
1:Analyze firmware to understande how focus motor is driven .
2:Try to find datasheet of MCU EIS944A . then disassembly Sigma EF-mount firmware .

leegong

  • New to the forum
  • *
  • Posts: 42
Re: Reverse EFS Lens firmware
« Reply #3 on: January 07, 2018, 06:26:13 AM »
Just get disassembly of Sigma 35mm F1.4 EF-mount lens firmware successfully ,
lots of EF lens protocol CMDs are found in the firmware , start analyzing !!!

g3gg0

  • Developer
  • Hero Member
  • *****
  • Posts: 3123
Re: Reverse EFS Lens firmware
« Reply #4 on: January 07, 2018, 07:05:35 PM »
really a great idea :)
keep us informed

which CPU MCU is it?
Help us with datasheets - Help us with register dumps
magic lantern: 1Magic9991E1eWbGvrsx186GovYCXFbppY, server expenses: [email protected]
ONLY donate for things we have done, not for things you expect!

Indy

  • Developer
  • Member
  • *****
  • Posts: 110
Re: Reverse EFS Lens firmware
« Reply #5 on: January 16, 2018, 10:57:46 PM »
Hi,

Did you try measuring entropy on it?
Could you please dump of first 0x40 bytes in hex + ascii?

Indy

Lens firmware of EF-S 55-250 and EF-S 40 f2.8 are downloadable on Canon offical site ,
with great help from a1ex , i tried to analyze 55-250 firmware , but no progress ,
the BIN seems to be encrypted or i was wrong somewhere.
Now start to analyze Lens firmware of Sigma 24-105mm f4.0 .

a1ex

  • Administrator
  • Hero Member
  • *****
  • Posts: 11716
  • 5D Mark Free
Re: Reverse EFS Lens firmware
« Reply #6 on: January 22, 2018, 11:53:10 AM »
I don't think they are encrypted, just no human-readable strings or other things that could make sense.

@Indy: please find your dump_srec.py updated to parse *.lfu files.

0x40 byte headers:
Code: [Select]
EF012200.lfu:
00000000: 00 2c 00 00 4c 01 f0 02 00 00 00 00 00 00 00 00  .,..L...........
00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000020: 00 00 00 00 00 00 02 00 00 00 00 01 00 91 02 14  ................
00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

L_00000000-EF012200-24105.bin:
00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000020: ff 56 87 00 00 7c 00 00 7f 0e 00 00 00 00 00 00  .V...|..........
00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Entropy (binwalk):