Not necessarily. First, you can get parts of firmware (contents of A:
and B: drives) through USB. This will let you start working on
disassembly. Second, Wasia & Ravil apparently figured out a way to
connect to the debugger built into the camera.exe
> Под аккумулятором контактные площадки две
немного отдельно
> - это RX TX ну еще массу надо, потом обычный
конвертер RS/TTL и все.
> 115200 8N1
Translation:
Under the battery there are contacts, two of them separated a little
from the rest are RX/TX. Add ground and a regular RS/TTL converter and
you are done. 115,200 8N1

Using the debugger you should be able to peek into different memory
locations. Wasia is working on using debugger to read the Toshiba
firmware out.

As far as what you are planning to do, you can forget about
decompiling it back to C and recompiling. It's quite messy just
reading it in IDA because of RXE conversion and paging scheme to get
around 1 MB addressable space limit. Morever, until now hacking was
centered around enabling hidden features that are already there and
modifying defualt behavoirs. Writing entirely new features will be
quite a bit more complicated.

-- Alex

----- Original Message -----
From: y557373 <y557373@...>
Date: Thu, 24 Jun 2004 17:35:34 -0000
Subject: [canondigicamhacking] Re: Possible firmware hack for Canon S1?
To: canondigicamhacking@yahoogroups.com


Hmm... That's a stumbling block right off then I guess...

There haven't been any firmware updates issued yet and they don't
seem to have the original firmware available for download. Does this
mean I'll have to wait until the update the firmware before I can
embark upon this project?

--- In canondigicamhacking@yahoogroups.com, Michael Tan
<michael.tan@g...> wrote:
> You need to get the firmware from Canon's website. There is no way
> that I know of that you can do the reverse.
>
> Mike


>
> ----- Original Message -----
> From: y557373 <y557373@y...>
> Date: Thu, 24 Jun 2004 12:52:43 -0000
> Subject: [canondigicamhacking] Re: Possible firmware hack for Canon
S1?
> To: canondigicamhacking@yahoogroups.com
>
>
> Thanks for the reply!
>
> Is there a guide out there that details how to get the .fir file
(and
> the rest of the firmware) off of the camera and onto a computer?
>
> --- In canondigicamhacking@yahoogroups.com, "eos_hacker"
>
>
> <eos_hacker@y...> wrote:
> > for the hidden mode...
> > you can try decrypting the FIR file, changing .JPG to .JP(null)
and
> > then encrypting it. hopefully, there are 2 instances of .JPG in
> your
> > FIR file, and one is for reading and one is for writing.
> >
> > --- In canondigicamhacking@yahoogroups.com, "y557373"
> <y557373@y...>
> > wrote:
> > >
> > > Hi all,
> > >
> > > Bought an S1 a couple of months ago & found this group via some
> > > discussions at dpreview.
> > >
> > > Anyway, I'm wondering about the viability of making the
following
> > > changes to the S1's firmware:
> > >
> > > **************
> > >
> > > Enable a toggle function for a 'hidden' mode which would record
> the
> > > image to the CF card, but the image would not be viewable while
> in
> > > the camera (ie, would be on the CF card, but not browsable via
> the
> > > camera).
> > >
> > > Two thoughts I have on this:
> > > 1. The record button does nothing while the camera is not in
> record
> > > mode. This would be a good option for toggling hidden mode on
> and
> > > off while in snapshot mode.
> > >
> > > 2. A simple way to supress browsing would be to save the
picture
> as
> > > a .JP file rather than a .JPG file. The browser simply skips
> files
> > > with a .JP extension when browsing through pics.
> > >
> > > **************
> > >
> > > I'm a software engineer by trade, but haven't worked in
assembler
> > for
> > > 15+ years when I had a half semester of it in college - mostly
I
> > work
> > > in client/server/n-tier database business apps.
> > >
> > > So... to me, the process of adding these changes _seems_
simple
> > > enough, ie:
> > >
> > > 1. track toggle of record button when not in record mode.
> > > 2. show toggle state somehow on the display
> > > 3. based on toggle, write file as .JP or .JPG
> > >
> > > I think the trick will be to learn how to do the following:
> > > 1. Download S1 firmware to XP machine
> > > 2. Decompile the firmware... hopefully into c rather than
> > > assembler ;)
> > > 3. Make the necessary changes (figure out how to monitor the
> record
> > > button click, show something on the display, change the
extension
> > for
> > > the written file).
> > > 4. Recompile
> > > 5. Upload the firmware to the S1.
> > >
> > > I didn't seem much discussion here about the S1, but I'd
imagine
> > the
> > > process is similar to that used with other Canon's... Are
there
> > any
> > > guide docs out there that details any of the processes above?
> > >
> > > If you read all of this - thanks! Any comments?
>
>
>
>
>
>
> Yahoo! Groups Sponsor
>
>
> ADVERTISEMENT
>
>
> ________________________________
> Yahoo! Groups Links
>
> To visit your group on the web, go to:
> http://groups.yahoo.com/group/canondigicamhacking/
>
> To unsubscribe from this group, send an email to:
> canondigicamhacking-unsubscribe@yahoogroups.com
>
> Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.






Yahoo! Groups Sponsor


ADVERTISEMENT


________________________________
Yahoo! Groups Links

To visit your group on the web, go to:
http://groups.yahoo.com/group/canondigicamhacking/

To unsubscribe from this group, send an email to:
canondigicamhacking-unsubscribe@yahoogroups.com

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.