In the CHDK forum I once heard the statement that as soon as CHDK became more commercial, Canon could protect its cameras better for debugging. Is that to be expected here too?
They could have done so back in 2012, when we were accepting donations, or in 2013, when we've got a massive popularity spike after announcing raw video (see e.g.
Petapixel,
EOSHD and several others). To date, Canon have not removed the ability to run AUTOEXEC.BIN from the card (feature present in all EOS models from DIGIC 2 to DIGIC X), they have not removed the massive amount of debug messages we are relying on, they have not locked down the UART interface and so on.
What they did: they removed the ability to downgrade from certain firmware versions, but this seems to be in response to
vulnerabilities recently identified by Checkpoint Research. In other words, they do react quickly if anything bothers them.
They have also changed the encryption in EOS R/RP and newer models, but we didn't even have to figure it out. That's because, at the same time, they also enabled
Canon Basic on those models - the scripting engine
documented by CHDK some 10 years ago - making it even easier to execute code on these cameras, without even having to worry about DMCA. This scripting engine is likely present on all DIGIC 8 and X models, already confirmed on R/RP, R5/R6, M50, 250D and others.
On top of that, on DIGIC 7/8/X, you can temporarily patch pretty much anything in Canon firmware, by remapping parts of the ROM into RAM. This was possible to a very limited extent on DIGIC 2..5 ("cache hacks"), and no known possibility to patch ROM contents on DIGIC 6.
Longer version here.
In other words, recent models are likely a lot more hackable than previous ones. The main reason why there is no ML on these models yet, is lack of developer time. Proof of concept was already done back in 2018 - all those "Hello World" screenshots actually demonstrate running custom code alongside Canon's own firmware. Though, the initial plan was to delegate the porting efforts for new models entirely to the community... hence all of that work on
emulator and
development documentation.
Yes, there are some technical difficulties, as the hardware changed significantly (so porting is no longer "just" a matter of tweaking the existing code), and the instruction set also changed to Thumb (so, many of our low-level tricks will no longer out of the box), but all of these can be solved given sufficient development time.
BTW, operating under Open Collective's umbrella is somewhat like a nonprofit - Open Collective themselves call it a "virtual nonprofit". Does this count as "commercial" or otherwise a threat for Canon? I don't know, and I hope they don't see it that way. One of the biggest advantages of this approach is - if you ask me - that two fiscal hosting organizations with no previous connections to our project (Open Collective and Conservancy) have reviewed our reverse engineering activities and - after multiple rounds of legal advice - they have (finally) found our project acceptable. I hope this is going to give some peace of mind to everyone involved in the project - at least compared to previous state, where quite a few ex-contributors asked me to remove their e-mail / username / etc from this website because of the legal uncertainty.
We are not the only ones doing this - there are also other "alternative firmware" projects moving in the same direction, for example, OpenWrt joined Software Freedom Conservancy
a few months ago, and Rockbox
considered joining as well.
And it wasn't a rushed decision either. I've started to consider Open Collective at the beginning of 2019, but fiscal hosting isn't a recent idea - back in 2013 we've tried to apply to Software Freedom Conservancy. As it didn't work out, back in 2014 I've started to work with Apertus, hoping to "subsidize" ML development that way. That didn't work either. Earlier this year I've tried my luck with freelancing (again, didn't work out), and also started some side projects that don't rely on reverse engineering, but none of them had the potential to cover any costs of living within the next few years without *massive* time involvement from my side. So, the only sensible choice was to... change my mind towards fundraising for ML development.
I've submitted the application to Open Collective a long time after crossing a critical point of
no longer being able to dedicate long hours to hobby projects (ML in particular). The alternative - for me - would have been to watch from the sidelines - as I did since mid-2019 - at least for the next few years, and hope for the best. Yes, the project can definitely progress without my involvement - Danne and others already proved this - so I can also step back if there are serious concerns about Canon getting upset by this change. As I said before, things will only move in this direction as long as there will be consensus.
This video - very similar to the previous one - explains the situation very well. It's from one of the founders of Open Collective - meeting with them scheduled for Tuesday
