CHDK firmware hack discussion (19)

[zdravko]

This is a sequel to the old threads discussing the CHDK firmware. The CHDK fw is a hacked firmware for DIGIC II and DIGIC III cameras. Currently supported Digic II cameras are A610, A620, A630, A640, A710 IS, S2 IS and S3 IS. For now the only supported Digic III camera is G7, but there are attempts to port CHDK to G9 and S5 IS too. (see the FAQ for a complete list).

The CHDK fw implements new features like RAW, battery indicator, live histogram (RGB/luminance), zebra mode (blinking areas of over- underexposure), DOF calculator, scripts (intervalometer, exposure/focus ... bracketing etc.), text reader, file browser, calendar, games and much more. There are now several different builds, implementing features assisting taking 3D-Stereo photos, motion detection etc. New features get implemented frequently, so check the timeline for the latest changes, or the FAQ for a complete list.

The CHDK firmware does not touch the original firmware of your camera. It is an additional program which gets loaded into the memory of the cam. If you have a problem, just turn your cam off or remove the batteries, and the CHDK fw is gone.

For further information, a guide, download links and FAQ see the english WIKI:
http://chdk.wikia.com/wiki/CHDK

Timeline:
http://tools.assembla.com/chdk/timeline

Dear Vitalyb, GrAnd and all the others: Thank you so much for creating this wonderful piece of software!
http://chdk.wikia.com/wiki/Talk:THANKS

Some screenshots:

Main menu



Histogram (Blended) and Zebra overexposure indicator



Script menu



Link to the previous thread:
http://forums.dpreview.com/forums/readflat.asp?forum=1010&thread=25165847

 

[jonquil]

(re-copied from last thread).

Hi GrAnd, rossig,

I have uploaded the firmware dump in http://www.zshare.net/download/4295284cd838ba/
I have dumped it twice and the results were the same.

I have begin looking at the code to compile the chdk.. I have copy-pasted the rossig src, since I thing there should be lot of similarities.. but now, I don't know how to run the autodetection tool for the signatures and so on...
Could you give me some advises or something to compile the chdk?

Thanks in advance

 

[HjvPT]

Ahhh ...............
try this :-

@title ISO Test2
get_prop 149 i
print i
end

The values should be 1,2,3,4 ....

The print values:
80 for ISO80, 100 for ISO100, 200 for ISO200 ect (not 1,2,3,4)

It's the first time I see get_prop actually returning some values (other than 0).
))

 

[microfunguy]

It's the first time I see get_prop actually returning some values

Good !

All the Property case 'magic numbers' are different to the WIKI.

I will post a separate message for Rossig.

On the A570, the magic number '5' for white-balance is probably self-destruct

 

[microfunguy]

The property case 'magic numbers' are different for the A570.

I assume Grand and Rossig know them, could you post the ones that you know ?

Thanks.

David

 

[HjvPT]

Nice work.

So all we need is to find the "white balance" parameter number for 570IS get_prop/set_prop functions. I thing I'm starting to understand this issue.

And there should be differences also in the md_detect_motion.

Regards

 

[Ruud Westerhout]

@exmonkey and
@yournamehere

Thanks for the compliment (hehe), but that signature I have been usig for ages already, just was not posting for long (ages too).

@mx32

Thanks for that info, will keep researching for a while then, to decide what I need. Maybe the "Russian" guy will manage something until then.

Regards,

Ruud

--

 

[microfunguy]

And there should be differences also in the md_detect_motion.

I am not convinced that it is not working.

Point camera at a live TV screen and zoom-in to fill screen.

Run script 'md_test1.bas'.

Whenever things move on TV you should see a lot of numbers scroll-by, many will simply be '0'.

David

 

[HjvPT]

Well,
I'm new on this stuff but I'm pretty sure it doesn't work.

It waits 30 seconds for the md_detect_motion response but f came always with 0 value.

I changed the function call for wait only 10 secs and draw the green boxes just to see if these parameters work (md_detect_motion a, b, 1, 10000, d, c, 1, f) and the lines are drawn and the wait time goes to 10 sec but f always return 0 and the motion is never detected (I've just done the tv thing and a lot of others "MUST DETECT something change" things).

Maybe someone else can post they experience please.

But I'me pretty sure something is wrong with md_detect_motion and A570IS

 

[microfunguy]

But I'me pretty sure something is wrong with md_detect_motion and A570IS

Oh well, let us hope MX3 can pick this up and suggest tests.

One final thing, did all the LED's light, I had to guess the location of a couple of them ?

 

[HjvPT]

Yes,
all the correct leds lit correctly (test_leds.bas). No prob there.

Regards

 

[microfunguy]

One other thing I have just tried is this little script to find the white-balance (or other property) magic number :-

@title find_wb
@param a propid
@default a 0
@param b value
@default b 0

print_screen 1

for a =0 to 300

get_prop a b

print b

next a

end

A text file will be saved in your Scripts folder with name PR_SCREEN.TXT.
Rename it to something else.

Change the white balance and run script again.

Open both text files with Wordpad and compare.
Starting from 0, get the number of the location where the numbers are different.

That is the magic number for white balance.

 

[microfunguy]

This is better, no counting

@title find_wb
@param a propid
@default a 0
@param b value
@default b 0

print_screen 1

for a =0 to 300

get_prop a b

print a " " b

next a

end

 

[rossig]

Have You read this ?
http://tools.assembla.com/chdk/wiki/HDK/Adding%20support%20for%20new%20camera
and this
http://chdk.wikia.com/wiki/Compiling_CHDK_under_Windows

If You have some specific questions ask me.

Gio

 

[rossig]

For magic number do You mean the property case number or their values ?

Porting chdk to A570 I looked for Property Cases nedded by CHDK only.

If You have A570 sources You can find them in platform/generic/shooting.c.

I put it in #if #else #endif cluase such this:

int shooting_get_tv()
{
short int tvv;
long i;

1. if !defined (CAMERA_a570)

GetPropertyCase(40, &tvv, sizeof(tvv));

1. else

GetPropertyCase(264, &tvv, sizeof(tvv));

1. endif

for (i=0;i
if (shutter_speeds_table.prop_id == tvv)
return shutter_speeds_table.id;
}
return 0;
}

The corrisponding values are in platform/a570/main.c, shooting.c

Gio

 

[jonquil]

yes and yes

Right now I am familiarizing with the source code ....

Concretely...

• I have modified the Makefiles and related make files
• Add the A560 and 100a folder into the platform and loader.. copying the files that you sent (src_570) previously.

• I have put the firmware in the a560/100a folder

But.. the first problem is that I don't know what to do with the sig_ref_1.bin and sig_ref_2.bin files, wheter they are created by hand, generated.. or whatever.

Later, I have to disassemble the dump and search for the correct addresses, and put them into the makefile file

If I try to compile, I have a known issue:

CAUTION! 'signatures.h' is not uptated due to 'sig_ref_1.bin' or 'sig_ref_2.bin' is empty!

and continuing:

-> stubs_entry.S

ERROR! There are unresolved addresses in 'stubs_entry.S' (a560-100a) for the following names:
GetSystemTime
MoveFocusLensToDistance
Please, add them into 'stubs_entry_2.S' manually!

Any hint?:

 

[microfunguy]

You mean the property case number or their values ?

Numbers.

If You have A570 sources You can find them in platform/generic/shooting.c.

Yes, I had already found four property case numbers.

Maybe A570 users will look for other ones.

David

 

[HjvPT]

The only numbers that chage are:

61
65
196
245
268
269

Daylight:
61 3329
65 4100
196 23
245 4100
268 1
269 852

Cloudy:
61 1
65 4100
196 98
245 4100
268 2
269 825

Tungsten:
61 1
65 3487
196 30246
245 3487
268 3
269 813

Fluorescent:
61 1
65 4100
196 109
245 4100
268 4
269 841

FluorescentHi:
61 1
65 4100
196 15438
245 4100
268 5
269 796

Underwater:
61 1
65 3487
196 115
245 3487
268 10
269 791

Custom:
61 1
65 4100
196 -28697
245 4100
268 7
269 1005

Auto:
61 1
65 4100
196 16351
245 4100
268 0
269 923

So the number 268 is suspicious so I run the folowing script:
@title propcase
@param a propid
@default a 268
@param b value
@default b 0
:loop
wait_click
is_key k "left"
if k=1 then get_prop a b
is_key k "set"
if k=1 then goto "lend"
print a,b
goto "loop"
:lend
end

But the return was always 0 (I've changed the white balance)

((

Then I run this:

@title White Balance
@param a propid
@default a 268
@param b value
@default b 5

sleep 2000
set_prop a 2
print "Cloudy"

sleep 2000
set_prop a 3
print "Tungsten"

sleep 2000
set_prop a 4
print "Fluorescent"

sleep 2000
set_prop a 5
print "Fluorescent H"

sleep 2000
set_prop a 10
print "Underwater"

sleep 2000
set_prop a 7
print "Custom"

sleep 2000
set_prop a 1
print "Daylight"

end

and the camera shut down!

((

 

[rossig]

But.. the first problem is that I don't know what to do with the
sig_ref_1.bin and sig_ref_2.bin files, wheter they are created by
hand, generated.. or whatever.

I left them untouched, if I remeber right.

Later, I have to disassemble the dump and search for the correct
addresses, and put them into the makefile file

Yes, normally are simple to find, they are near the start of code. If You follow it You will find it very quickly.

-> stubs_entry.S
ERROR! There are unresolved addresses in 'stubs_entry.S' (a560-100a)
for the following names:
GetSystemTime
MoveFocusLensToDistance
Please, add them into 'stubs_entry_2.S' manually!

Seem that You are lucky, only two entry points wasn't recognized

You must search with Your disassembler the entry point of thiese functions comparing them with code found in signatures.h.

Gio

 

[GrAnd]

But.. the first problem is that I don't know what to do with the
sig_ref_1.bin and sig_ref_2.bin files...

Nothing to do with them (see below).

If I try to compile, I have a known issue:
CAUTION! 'signatures.h' is not uptated due to 'sig_ref_1.bin' or
'sig_ref_2.bin' is empty!

You should ignore this message unless you exported a new functions from the original firmware.

and continuing:
-> stubs_entry.S
ERROR! There are unresolved addresses in 'stubs_entry.S' (a560-100a)
for the following names:
GetSystemTime
MoveFocusLensToDistance
Please, add them into 'stubs_entry_2.S' manually!

You have to find these functions in the disassemblered dump manually and put the correct address in the file mentioned.