Re-assembly for FIVE firmware versions now working!!

Re-assembly for FIVE firmware versions now working!!
I now have redistributable scripts to create re-assembleable, bit-identical firmware for the following versions: FW_6410_27 FW_6520_2B FW_6520_2F FW_6550_2B FW_FF2 Of course being able to disassemble and re-assemble one's firmware is not so exciting in itself. What is exciting is that the source files can be compared and then modifications to the firmware made to add functionality. The scripts also attempt to transfer the comments from the 6410 comments any you can forumer.com/viewtopic.php?p=19865#19865>read more about that here. Tomorrow I can zip them up after I remove all the non-redistributable firmware and email them to BillW or someone who could put them on the PV2 sourceforge site to make them available to everyone. The scripts could use quite a bit of cleaning up or optimizing by translating to C++ or something, but they work! If anyone wants to donate a camera of a firmware version that I don't have, I'd be happy to create a set of scripts for it. Now that I have as much practice at this as I do, I should be able to add a new version in under a day. The full-on fun of firmware modification is about to begin!!!

Great work zapped! I'd love to see some flatfoto 2mp or 3mp comment files for disassembly. Morcheeba did an incredible job on PV2 Type 27, but much of that will probably not transfer. My only current personal interest is trying to get a 12 bit pixel value back from SMaL ultrapocket imagers. That would be great for further Autobrite -*test*-('")s/verification using my type 2F debayered CVS blue: http://www.photo.net/bboard/q-and-a-fetch-msg?msg_id=00CM0R http://www.photo.net/photodb/folder?folder_id=506144 Note that there is a lot of 2 3mp and 1 1.3 mp on currently on ebay: http://cgi.ebay.com/LOT-OF-3-FLATFOTO-3-0MP-ULTRA-SLIM-DIGITAL-CAMERAS-LQQK_W0QQitemZ7582294839QQcategoryZ30020QQssPageNameZWDVWQQrdZ1QQcmdZViewItem I have restored 4 dead Flatfoto 2mp (cost $44) and 3 dead Flatfoto 3mp (cost $30) in lots I bought off of ebay using BillW's PV2Tool. Basically any firmware can be run as a .pv2 and used to download flash which usually can be repaired and then uploaded to revive a dead camera (although it is far easier when you already have copies of valid firmware and other necessary files). I doubt we will see any more use of firmware used for SMaL ultrapocket imagers since they were aquired by Cypress. Cypress based on advertising appears to have downgraded Autobrite performance to just 72db in unreleased new versions of imagers. With recent change in model 220 camcorders reverting to a Micron imager (used on initial model 100s), I would not be surprised to eventually see Pure Digital cameras using larger mp Micron imagers (original Dakota PV1s used a 1.3 Micron imager). Darn I missed playing recent Rambus stock jump based on lifted stay from Delaware court allowing them to file patent suit against Micron.

Looks cool zapped! One thing that always bothered me about the 6410 disassembly was that it would decide that a function header/entry point was before a block of hex data that was before the actual function code. On looking at the hex data, I could see that this was another function which wasn't being disassembled because it wasn't clearly called from anywhere. So, this means that the original function header is in the wrong place, as far as I can tell. It would be nice to fix this before much further manipulation of assembly is performed. Of course, fixing this would also involve shifting all the existing assembly comments for those situations... brite: I can't help but wonder if the original SMaL claim to 120 dB wasn't a bit hyped and is now being adjusted back to the 72 dB conservative reality that a public company needs to project. The 3.0MP Cypress imager with a datasheet seems to be very close to SMaL's products. I think it shows three different ranges of data output - which would total 120 dB overall if they could all be used at once... 72 dB may be the best range you can get from the imager for any one single image.

Great work zapped! I'd love to see some flatfoto 2mp or 3mp comment files for disassembly. Morcheeba did an incredible job on PV2 Type 27, but much of that will probably not transfer. My only current personal interest is trying to get a 12 bit pixel value back from SMaL ultrapocket imagers. That would be great for further Autobrite -*test*-('")s/verification using my type 2F debayered CVS blue: http://www.photo.net/bboard/q-and-a-fetch-msg?msg_id=00CM0R http://www.photo.net/photodb/folder?folder_id=506144 The files are on their way to you and include the comment files for the flatfoto 2mp. I'd like to make the transfer scripts a little more intelligent before starting to do manual tranfer of comments. At a minimum I'd like to get them to translate variable refrences in the comments. I forgot to mention that there is a bug that causes the function comment header to look like

;**{--------------------------------------------- 0F74AD71.1AFEC ----
;**{--------------------------------------------- B8B2CF7F.1A176 ----
;** Return from subroutine (RTS)
;**}-----------------------------------------------------------------

where the first line has the CRC.ENTRY of the function, and the second line has the CRC.ENTRY for the 6410 firmware. I started to fix it and I realized that it was really a feature. I originally had included just the CRC.ENTRY and what firmware version and bank it was from in the comments, but it became very long. Also I forgot to mention that you will need AutoHotkey installed as well as Cygwin.

zapped, would your scripts work like being able to mix features from different Firmware, to combine them into ONE new firmware for upload to the camera? and will it eventually be a Graphic User Interface style utility, or will we have to cut/paste code with a HEX editor?

all this email ?
I dropped into and signed up for the camer hacking forum. Not it seems, my mail box is being flooded with emails from several differnt subtopic under camer hacking WHY ? :?

Re: all this email ?
I dropped into and signed up for the camer hacking forum. Not it seems, my mail box is being flooded with emails from several differnt subtopic under camer hacking WHY ? :? seems that this is a problem with forumer (our forum host)

It seems to just be the NEW registrations being affected, mine hasn't had this problem ... unless it will start soon ... :? :shock: I wouldn't be surprised if Pure Digital is hacking this site, to make the new members angry and complain. :wink: :lol: :P ... after all .. we ARE hacking THEIR camera's :roll: :D you never know :twisted:

zapped, would your scripts work like being able to mix features from different Firmware, to combine them into ONE new firmware for upload to the camera? and will it eventually be a Graphic User Interface style utility, or will we have to cut/paste code with a HEX editor? The scripts attempt to apply the comments from the 6410 firmware to the other firmwares so that a person can more easily understand what is going on in the disassembled firmware for their camera. By creating re-assemblable source files, someone could modify the firmware and then re-asseble it. The scripts don't support drag and drop and I don't plan on adding a gui to them. You could cut and paste from one firmware to the other, however that would probably not work well because one function that does "X + Y = Z" in one firmware version may be "A + B =C" in the other and if you cut and pasted, the firmware would be looking at C instead of Z for the result. Also to keep in mind is that a function may not be called from within the bank, and if you move the location of that function, confusion may result. You would not need to use a HEX editor, instead you will be working with the assembly instructions. You might want to get the pv2devkit and play with the programs there as well as looking at the firmware disassembly to learn more about it. The neat thing about the pv2 cameras is that you can always do the short to get into bootloader mode if your modified firmware causes you camera to not boot.

Error found already in bank8 of FF2 firmware, entry point 110D should be 110F.

zapped ... could this X + Y = Z ... and the ... A + B = C ... theory explain how Defraging the P2 Image and re-upping it to the camera (3.62) cause it to BRICK? I made changes to the original Cam's settings like RESOLUTION to 640x480, and FPS @ 24, and the main change I suspect, adding the Mass Storage Device Script code... then, as MY theory goes, when I upped a Defragmented P0 Image, it was OK.. and still came back ON ... so I tried upping the P2 Defragged Image I had on my Hard Drive, made from the original UNCHANGED P2 Image I originally took off the Camera, after First unlocking it way back when .. :roll: My theory is ... something MAY have ALSO been altered within the P2 Image still in the Flash, after the settings changes, and when I upped the original one NOT altered, from the Hard Drive, except for JUST Degragmenting it using WinImage, and saving it as an IMA file, not IMZ ... a CRC error happened within the Flash OS, and stopped the camera from working anymore... because something in it didn't match what was changed from doing the settings updates within USP.BIN, and may have also been changed in the P2 of the Flash Image. I'm thinking, IF I read out the P2 Image within the Flash, Defragmented THAT one, and re-upped it to the Flash, this may not have corrupted the OS of the Camcorder. does this sound possible :?: :idea: I mentioned this to BillW, and also suggested to put an UNDO feature in OPS, where the original Flash partition is stored either in RAM, or put to hard drive FIRST, before shutting off the camera, ... so the user could change his/her mind if it's realized a wrong file was sent up... also, why does the camera have to be powered down after a partition upload... is it like windows, where it has to reboot for the new settings to take affect? :?:

View Full Version: Re-assembly for FIVE firmware versions now working!!