Hmm.. I think it doesn't work for me, or I didnt understand correct...
Scanning for keys still won't work with this version?
Thanks in clarifying this...
Trying to use pv2tool-linux with 6600
Hi Cho,
Thanks for your note. I have a red pv2 6600-27. So far I have yet to get any real pictures downloaded. I have tried to use your pv2tool and pv2tool-linux and it will open the camera but not unlock it. I have had the most success using the programs in USBTool-0.5. With this and the short pins get into boot mode technique I am pretty sure I have extracted the correct challenge-response pair. (I find 5 pairs as I search with hexedit for 11008000 and 12008000. All pairs are 132 bytes apart, but the last response is different from the first 4! Tricky guys. I can use dakota_pv2 modified to respond to 2B to download (I presume) the flash contents (after I put the pv2 into debug mode). Which brings me to my real point. I find a FAT12 filesystem at offset 0x23000. This mounts fine but has a garbage directory :( So, I am assuming that the clever pv2 folks have made their own filesystem version?! (maybe). Or there is a bug in my download process.
I wonder if you would mind sharing your file extraction program/method in hopes it will work with my 6600? Also, if you have any comments about what I have written I would most appreciate hearing from you. It would be nice to use the pv2 as a slave picture taker for some prototype stuff I am working on.
The pv2 effort has been lots of fun :) My thanks to CVS! I actually am thinking about getting one of their discount cards as a result of the pv2!
wiz -- xxx at nei dot mv dot com
Thanks for your patch Cho, I've committed it into the cvs repository. If you'd like to contribute more to the project you can register a sourceforge account and ask BillW to add you as a developer so you can have cvs access and make file releases as you deem appropriate. I'm too busy to work on it more, and I've pretty much lost the motivation to keep pv2tool for linux updated to its windows counterpart.
Hmm.. I think it doesn't work for me, or I didnt understand correct...
Scanning for keys still won't work with this version?
I think key scanning should work. I've done it to my camera before (I can't remember what model it was though).
hm maybe i just did something wrong, maybe my timing isn't right... I follow this procedure:
1. Have camera laying around without batteries for one hour or more
2. Insert batteries again
3. plug into usb and connect with the pv2tool
4. short pins 6 and 7
5. remove camera for 3 secs and plugin again
6. keep the short until it beeps twice, then remove it
7. press disconnect in pv2tool
8. press connect again pv2tool .. I still see 0028:
Found the camcorder: SMaL Digital Camera, VID:0DCA PID:0028
Found camcorder.
Connected to camcorder.
Attempting download of SDRAM for keyscan
create_command: 4c 61 4d 53 1d ba ab 1d 00 00 0f 00 80 04 00 52 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ReadMemory entry 4c 61 4d 53 1d ba ab 1d 00 00 0f 00 80 04 00 52 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Write(001f) 4c 61 4d 53 1d ba ab 1d 00 00 0f 00 80 04 00 52 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Write returns 0
Write1 failed rc 0
Scanning SDRAM for keys
WARNING: (unlock_camera.c, 939): No keys were found
Follow brite_eye's method to the letter:
forumer.com/viewtopic.php?t=339&start=0" target="_blank">http://camerahacks.10.
forumer.com/viewtopic.php?t=339&start=0
He states to leave the batteries in.
bluesceada,
a. I thought that the PID should be 002B when in the boot loader.
b. Write returns 0 implies that the usb_bulk_write failed (or at least didn't write anything).
What level of libusb are you using? What level of Linux kernel (and which Linux distribution)?
I don't remember exactly how I got my camera keys, but I'm sure it didn't work more than 5% of the time.
I'd suggest trying > 10 times (and thats with PID 002B each time).
I did have some additional debugging code in this area when I obtain my camera key. This did:
<Code>
memset(sdram, 0xee, SCANSIZE);
</Code>
after the malloc for the sdram area and once the sdram had been obtain it wrote it to a file for manual examination.
<Code>
int xfd;
xfd = open(\"keyscan-image.bin\", O_WRONLY|O_CREAT|O_TRUNC, 0777);
if (xfd < 0) {
perror(\"keyscan-image.bin open failed\");
} else {
write(xfd, sdram, SCANSIZE);
close(xfd);
fprintf(stderr, \"wrote keyscan-image.bin\n\");
}
Log(NOTICE, \"Scanning SDRAM for keys\");
</Code>
I might have manually obtain the key for my camera from this file.
PS: remove \ before \" in above code...
ahm i'm not really a coder :S
ok i will have to try this more often .. i dont even get 2B :/
thanks so far
another question: how can i permanently unlock the camera then?
Use the PV2Patch program to mod the firmware to be "unlocked".
forumer.com/viewtopic.php?t=3826" target="_blank">http://camerahacks.10.
forumer.com/viewtopic.php?t=3826
check that out for recieving challenge. Couldnt figure it out for a while, but I finall got it working!
unofficial totally patched version of pv2tool-linux, should work fine, instructions for mounting the flash are in a file in it called "mount-flash.txt"
http://jeff.crowell.googlepages.com/pv2tool-for-linux.tar.gz
you *will* need to get the challenge from your camera first, using pv2challenger-linux if you dont have the C/R pair, then you will need to use cronus witht the output of pv2challenger. If you already have your pv2keys, then no need to use the challenger
okay...i've read through this, and i'm trying to see what we've tried and what hasn't worked to communicate with the camera. this is the main focus of my "mediadownload" app, unified RAW and AVI downloads all from one app...but this unlock business is absurd.
a discrete method would be "does the camera accept the request if it was split into two 64 byte boundary commands?"...and the obtrusive method would be to see if we can obliterate the c/r section of the firmware altogether...not needing to unlock it at all would be wonderful...
okay...i've read through this, and i'm trying to see what we've tried and what hasn't worked to communicate with the camera. this is the main focus of my "mediadownload" app, unified RAW and AVI downloads all from one app...but this unlock business is absurd.
a discrete method would be "does the camera accept the request if it was split into two 64 byte boundary commands?"...and the obtrusive method would be to see if we can obliterate the c/r section of the firmware altogether...not needing to unlock it at all would be wonderful...
I really dont know, I simply compiled cho's patch, made a few corrections to ygfperson's work. Never really read through the code. The Open unlock, close open unlock is really a pain, there has to be a workaround.
Hey Enigma, what am i doing wrong?
me@Cadstation:~/Desktop/pv2tool-for-linux$ sudo ./pv2tool-linux
External key file, pv2keys.txt was found and will be loaded
usb device with VID==0000 PID==0002
usb device with VID==0dca PID==0002
Found the camcorder: SMaL Digital Camera, VID:0DCA PID:0027
Found camcorder.
Connected to camcorder.
Requesting challenge from camera
WARNING: (unlock_camera.c, 690): No challenge received.
I have brought the pv2keys.txt file over from the windows box and
put it in the la-*test*-('") pv2tool directory from your site and
it wont even begin to unlock, what gives?
:roll: