ARM + EOS Emulator

Started by g3gg0, September 24, 2012, 12:08:57 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

g3gg0

Quote from: 1% on September 25, 2012, 09:19:25 PM
Input device unique? Is that the serial.

not sure, it might be the signature for signing "authentic" camera photos?
afaik this feature was disabled because it was already hacked.
Help us with datasheets - Help us with register dumps
magic lantern: 1Magic9991E1eWbGvrsx186GovYCXFbppY, server expenses: [email protected]
ONLY donate for things we have done, not for things you expect!

1%


jplxpto

Thanks for your explanation ... either way I had managed to follow these steps. These files are new? had some correction?

g3gg0

Quote from: jplxpto on September 28, 2012, 03:58:59 AM
Thanks for your explanation ... either way I had managed to follow these steps. These files are new? had some correction?

yes i added some new features like MRC/MCR handling of basis CP15 functions.
this is needed e.g. for setting up cache etc. and some HWemu function.
its not complete yet.

are you interested in the source code of TriX/ARMulate/HWemuEOS?
Help us with datasheets - Help us with register dumps
magic lantern: 1Magic9991E1eWbGvrsx186GovYCXFbppY, server expenses: [email protected]
ONLY donate for things we have done, not for things you expect!

g3gg0

i updated the description in the first post.
you can checkout TriX and the emulator plugins from my SVN.
Help us with datasheets - Help us with register dumps
magic lantern: 1Magic9991E1eWbGvrsx186GovYCXFbppY, server expenses: [email protected]
ONLY donate for things we have done, not for things you expect!

jplxpto

Quote from: g3gg0 on September 29, 2012, 01:55:48 AM
i updated the description in the first post.
you can checkout TriX and the emulator plugins from my SVN.


How can I have access to your SVN?

g3gg0

Quote from: jplxpto on September 30, 2012, 03:38:09 PM

How can I have access to your SVN?

eeerh, thats in the first post ;)
Help us with datasheets - Help us with register dumps
magic lantern: 1Magic9991E1eWbGvrsx186GovYCXFbppY, server expenses: [email protected]
ONLY donate for things we have done, not for things you expect!

jplxpto


g3gg0

i updated the main post.
the package is now available here and gdbstub is avaible via menu id 16

i found a severe bug that i have fixed now (one kind of STRH wrote a whole word...)
but i am sure, there are still some bugs :)
Help us with datasheets - Help us with register dumps
magic lantern: 1Magic9991E1eWbGvrsx186GovYCXFbppY, server expenses: [email protected]
ONLY donate for things we have done, not for things you expect!

ilguercio

I guess non-developers can make no use of this, right?
Canon EOS 6D, 60D, 50D.
Sigma 70-200 EX OS HSM, Sigma 70-200 Apo EX HSM, Samyang 14 2.8, Samyang 35 1.4, Samyang 85 1.4.
Proud supporter of Magic Lantern.

nanomad

Not really... the section is called "Reverse Engineering and Firmware Design" after all
EOS 1100D | EOS 650 (No, I didn't forget the D) | Ye Olde Canon EF Lenses ('87): 50 f/1.8 - 28 f/2.8 - 70-210 f/4 | EF-S 18-55 f/3.5-5.6 | Metz 36 AF-5

coderat

My question is: how fat you can emulate ? Pushing shutter ?
And what about TX19A chip, how do you emulate this one ?

Best regards,
coderat

g3gg0

nah, we do not emulate the Tx19a, maybe it would make sense to add intercom via TCP/IP or some other kind of sockets to your emulator.
but we barely reverse engineered that MIPS firmware. it doesnt make any fun :)
Help us with datasheets - Help us with register dumps
magic lantern: 1Magic9991E1eWbGvrsx186GovYCXFbppY, server expenses: [email protected]
ONLY donate for things we have done, not for things you expect!

coderat

Quote from: g3gg0 on December 09, 2013, 10:48:11 PM
nah, we do not emulate the Tx19a, maybe it would make sense to add intercom via TCP/IP or some other kind of sockets to your emulator.
but we barely reverse engineered that MIPS firmware. it doesnt make any fun :)
Ok, how about this one: get an ARM CPU emulator into our existing NikonEmulator. You get in this way complete system with all frameworks: disassembler, debugger, logger, ports simulation, etc+ TX19A emulation, so can build a complete system may be ?

TCPIP is perhaps not so good because of performance issues?

We are also interested in ARM, because new cameras like D7100 are ARM Thumb-2.

Best regards,
coderat

g3gg0

when checking the "market" about 7 years ago, there was no suitable ARM emulator.
suitable = simple C, not bloated, easy to understand API

there were two major candidates - qemu and GBAemu.
qemu failed because the API was not structured well and it was not easy to integrate in the debugger/analyzer a friend and i coded (nok5rev)
so we chose to use GBAemu, but it had a few bugs that i fixed step by step.
in the end i learned a lot C during that time ;)
meanwhile i merged that code as plugin into my scriptable patching system (TriX) which this thread is about.

http://trix:[email protected]/svn/default/trunk/nokia/TriX/plugins/TriX_ARMulate/armulate.c
http://trix:[email protected]/svn/default/trunk/nokia/TriX/plugins/TriX_ARMulate/opcodes.h


what i want to say: i am not sure if it is the best choice.
Help us with datasheets - Help us with register dumps
magic lantern: 1Magic9991E1eWbGvrsx186GovYCXFbppY, server expenses: [email protected]
ONLY donate for things we have done, not for things you expect!

coderat

Quote from: g3gg0 on December 09, 2013, 11:32:47 PM
when checking the "market" about 7 years ago, there was no suitable ARM emulator.

suitable = simple C, not bloated, easy to understand API
I used several in fact (even Visual Studio Windows Phone Emulator :) ). But agree no one was simple and easy configurable.
Quotethere were two major candidates - qemu and GBAemu.
Qemu fails always due to the same reason ;)
Quotemeanwhile i merged that code as plugin into my scriptable patching system (TriX) which this thread is about.

http://trix:[email protected]/svn/default/trunk/nokia/TriX/plugins/TriX_ARMulate/armulate.c
http://trix:[email protected]/svn/default/trunk/nokia/TriX/plugins/TriX_ARMulate/opcodes.h


what i want to say: i am not sure if it is the best choice.
What about license for this source in TriX ? If I see correct, it is Thumb code ?

Well, our Emulator is in Java :) The point is that we had 2 Chips configuration from begining, so we got a lot of experience with it. You must have the same clock (we say MasterClock) for both chips and all other parts, otherwise you can't get system runing stable. The MasterClock guarantees that everything runs at same tact ratio relative to each other: if one CPU emulation needs more time, another one will be slowed down automatically because of design. After we got this, a box of Pandora opened :)

So asynchronous solutions with TCPIP connector will be pretty difficult to implement, because of clock synchronisation. Or ?

Next question will be Interrupt Controller and Cache Controller AND eventually MMU unit if your target have one ? I suppose almost each ARM core has one MMU.

P.S. I posted in your forum how to use our TX19A disassembler, for the case you want to poke on MIPS part.

Best regards,
coderat

bootrom

Quotehttp://trix:[email protected]/svn/default/trunk/nokia/TriX/plugins/TriX_ARMulate/armulate.c
http://trix:[email protected]/svn/default/trunk/nokia/TriX/plugins/TriX_ARMulate/opcodes.h

what i want to say: i am not sure if it is the best choice.
Checked this to max possible, but failed: Niccon using ARMv6, Thumb and Thumb2. You are lucky man that only need usual ARM.