Eos 650d not working after an attempt to install magic lantern

Started by MANGOMHF, March 09, 2023, 08:14:04 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages 1 2 All
User actions

MANGOMHF

#25
March 10, 2023, 10:17:55 PM
I don't have the log files anymore... BUT! I noticed something new. It seemed that the dumping was successful!

Should i remove the battery and send you the dumped files somewhere? You got discord? Camera is still on. I haven't removed the battery yet. Waiting for instructions.

Sorry some images were blurry.

https://i.imgur.com/eyDogGL.jpeg

https://i.imgur.com/LmjVUol.jpeg

https://i.imgur.com/ntOvcrG.jpeg

https://i.imgur.com/ovSTkNO.jpeg

https://i.imgur.com/17PJZwp.jpeg

kitor

#26
March 10, 2023, 10:23:48 PM
You can take out the battery now.
Copy ROM0.bin, ROM1.bin, SFDATA.bin. Upload them somewhere and send the link via private message.

I'll take a look in emulator what is going on.

In any case - do not format this card, as we know it is set up properly. It will be useful in next steps if this is recoverable.

BTW: You still didn't confirm it is in fact 1.0.4 update and where you got it from...
Also, that last firmware update was run with 16GB card, right?
Too many Canon cameras.
If you have a dead R, RP, 250D mainboard (e.g. after camera repair) and want to donate for experiments, I'll cover shipping costs.

MANGOMHF

#27
March 10, 2023, 10:31:12 PM
I have sent you the download link via pm.

MANGOMHF

#28
March 10, 2023, 10:37:50 PM
I got the firmware from https://builds.magiclantern.fm/650D-104.html

and yes the firmware install attempt was from a micro sd card 16gb using an adapter.

kitor

#29
March 10, 2023, 11:18:43 PM
Checked the ROMs in QEMU and Ghidra.

The firmware seems gone beyond repair. It looks that for some reason firmware update program is not able to write the ROM after erasing it.
Either main board or rom chip itself is failing (both cases unfortunately mean replacement of the board).

This is likely what triggered "firmware is disabled" error in the first place - when you load any firmware update (including our "installer"), Canon code writes to rom "hey, he wants to update the firmware". The region where this information should be stored is all erased too (full of 0xFF)...

For experienced users: entire 2nd stage loader and huge chunk of DryOS is gone in 0xFF. Looks like firmware update successfully erased a part of ROM and then was unable to program it.
Whole "flags" ROM region is also erased - setting this way all flags to 0xFFFFFFFF which accidentally enabled the bootflag:
Code Select
6.Firm   flag 0xF8000000 0xFFFFFFFF OFF
7.Boot   flag 0xF8000004 0xFFFFFFFF ON
8.UpDate flag 0xF800000C 0xFFFFFFFF OFF

Code Select
>>G
Input Addr : 0xF8000000
Input Size : 0x1000
         0        4        8        C
F8000000 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
F8000010 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
F8000020 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
F8000030 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
F8000040 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
F8000050 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
F8000060 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
F8000070 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
F8000080 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
F8000090 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
F80000A0 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
F80000B0 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
F80000C0 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
F80000D0 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
F80000E0 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
F80000F0 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
F8000100 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
F8000110 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF

Code Select
g>>g
Input Addr : 0xFF0C0000
Input Size : 0x1000
         0        4        8        C
FF0C0000 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0010 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0020 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0030 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0040 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0050 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0060 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0070 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0080 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0090 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C00A0 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C00B0 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C00C0 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C00D0 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C00E0 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C00F0 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0100 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0110 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0120 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0130 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0140 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0150 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0160 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0170 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0180 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0190 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C01A0 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C01B0 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C01C0 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C01D0 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C01E0 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C01F0 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0200 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0210 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0220 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0230 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0240 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0250 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0260 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0270 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0280 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0290 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C02A0 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C02B0 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C02C0 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C02D0 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C02E0 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C02F0 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0300 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0310 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0320 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0330 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0340 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
FF0C0350 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF
Too many Canon cameras.
If you have a dead R, RP, 250D mainboard (e.g. after camera repair) and want to donate for experiments, I'll cover shipping costs.

MANGOMHF

#30
March 10, 2023, 11:23:41 PM
Wow, this is sad news. Had my hopes up.. Thank you for your time and support. Guess i will have to take it to the shop after all.

Walter Schulz

#31
March 11, 2023, 12:00:13 AM
Sorry to hear this result

Quote from: MANGOMHF on March 10, 2023, 11:23:41 PM
Guess i will have to take it to the shop after all.

But frankly, this doesn't sound like a good idea. You will get a hefty bill - if a shop is accepting the cam for repair in the first place.
In Germany average price for a working 650D is around 165 Euro. A replacement board (via AliExpress or else) is not much cheaper and there may be tariffs/taxes/custom duties and handling + shipping costs. Doesn't sound like a good deal.

I see two viable options: Get a defunct 650D where shutter or rear display is broken and get a working frankencam.
Or move on to another cam within your budget.
ATM used DSLRs are dirt cheap and sellers have to reduce their prices because of low demand. 

kitor

#32
March 11, 2023, 08:16:21 AM
If you live in EU and want to ship it to Poland, I can try to reprogram missing areas using a service port (UART). Likelyhood of this being succesfull is very low though. More like an interesting experiment for me than a viable option for you.

Unfortunately older models have parallel ROM chip, which is BGA - even if there was a golden copy of the firmware, new chip and all the work needed to replace it would probably exceed the price of a replacement board/cam.

I recently fixed 1300D with rom chip failed even more - it was reading random junk. But this was a newer model with SPI ROM that is easy to unsolder and program in external reader...
Too many Canon cameras.
If you have a dead R, RP, 250D mainboard (e.g. after camera repair) and want to donate for experiments, I'll cover shipping costs.

MANGOMHF

#33
March 12, 2023, 05:45:51 PM
Hey, could you search for a board on ebay? i don't know what i'm looking for exactly. Main board or power board. Thank you.
Print
Go Up Pages 1 2 All
User actions