Forgot Password
Pentax Camera Forums Home
 

Reply
Show Printable Version Search this Thread
02-02-2024, 06:30 PM   #46
Forum Member
akinas's Avatar

Join Date: Dec 2022
Posts: 52
Original Poster
I'm having a hard time reading the disassembly list.
Work is stagnant.


[OPEN_FACTORY_DEBUG_MENU]


*Let's decompile!

Attached Images
 
02-16-2024, 07:19 PM - 4 Likes   #47
Forum Member
akinas's Avatar

Join Date: Dec 2022
Posts: 52
Original Poster
A story gets off the subject.

Visit my home town,YOKOHAMA,Japan
Attached Images
   
02-16-2024, 08:27 PM - 1 Like   #48
Loyal Site Supporter
Loyal Site Supporter
UncleVanya's Avatar

Join Date: Jul 2014
Photos: Gallery | Albums
Posts: 28,348
QuoteOriginally posted by akinas Quote
A story gets off the subject.

Visit my home town,YOKOHAMA,Japan
Nice night scenes.
02-20-2024, 09:21 AM - 1 Like   #49
New Member




Join Date: Oct 2014
Posts: 19
This is some serious work! Well done. I've read your posts and managed to get latest firmware into ghidra and I am overwhelmed by what this disassembler can do. However, I lack skills in reverse engineering software, so I will probably be of no use. However, I will try to contribute to this noble endeavor as much as I can.

I am seriously impressed.

Sam

02-20-2024, 06:00 PM   #50
Site Supporter
Site Supporter




Join Date: May 2014
Location: Minnesota
Photos: Gallery | Albums
Posts: 2,045
Couldn't you have just left well enough alone ?
02-22-2024, 04:34 AM   #51
Forum Member
akinas's Avatar

Join Date: Dec 2022
Posts: 52
Original Poster
QuoteOriginally posted by hjoseph7 Quote
Couldn't you have just left well enough alone ?

Thanks for your comment.
Firmware contains a huge amount of information, and less than 1% of it has been examined yet.
I can't do it alone, so I want someyone to help me.

------
Pentax K-3 Mark III uses the PRIME V engine,
the original Milbeaut M10V SC2000 from SocioNext is used.
SC2000 includes a Quad-Core Cortex A7 w/ NEON and a Single Cortex M0 Power Management.

RTOS uses "SMP T-Kernel " from the TRON forum. Linux is also used as an OS.
-----
There seems to be a Script execution environment, but I can't run it well.
I hope someone will try this as well.

Enable script execution with [SCRIPT_EN_MODE EN].
Place the script file in C:\script.

C:\script\startup.ttl //startup
C:\script\shutdown.tt //shutdown
C:\script\dbgparam.ttl //debug??

debug log
-------------
2024/01/28 20:53:21 [CD] 00000639 [BOOT ] search for Script...
2024/01/28 20:53:21 [DD] 00000645 [SystemCo] start script file is found!!
2024/01/28 20:53:21 [DD] 00000674 [Script ] script startup.ttl 0001: dispstr "Hello World"
2024/01/28 20:53:21 [FD] 00000680 [Script ] script startup.ttl 0002: exit


but Nothing happens!!

Last edited by akinas; 02-22-2024 at 08:53 PM. Reason: erratum
02-22-2024, 07:21 AM   #52
Loyal Site Supporter
Loyal Site Supporter
UncleVanya's Avatar

Join Date: Jul 2014
Photos: Gallery | Albums
Posts: 28,348
QuoteOriginally posted by hjoseph7 Quote
Couldn't you have just left well enough alone ?
I donít understand this comment.

02-22-2024, 08:47 PM   #53
Forum Member
akinas's Avatar

Join Date: Dec 2022
Posts: 52
Original Poster
QuoteOriginally posted by akinas Quote
Thanks for your comment.
Firmware contains a huge amount of information, and less than 1% of it has been examined yet.
I can't do it alone, so I want someyone to help me.

------
Pentax K-3 Mark III uses the PRIME V engine,
the original Milbeaut M10V SC2000 from SocioNext is used.
SC2000 includes a Quad-Core Cortex A7 w/ NEON and a Single Cortex M0 Power Management.

RTOS uses "SMP T-Kernel " from the TRON forum. Linux is also used as an OS.
-----
There seems to be a Script execution environment, but I can't run it well.
I hope someone will try this as well.

Enable script execution with [SCRIPT_EN_MODE EN].
Place the script file in C:\script.

C:\scriptstartup.ttl //startup
C:\scriptshutdown.tt //shutdown
C:\script\dbgparam.ttl //debug??

debug log
-------------
2024/01/28 20:53:21 [CD] 00000639 [BOOT ] search for Script...
2024/01/28 20:53:21 [DD] 00000645 [SystemCo] start script file is found!!
2024/01/28 20:53:21 [DD] 00000674 [Script ] script startup.ttl 0001: dispstr "Hello World"
2024/01/28 20:53:21 [FD] 00000680 [Script ] script startup.ttl 0002: exit


but Nothing happens!!
Scrip keywords are follow,

break basename call code2str do dispstr dirname else elseif endif enduntil endwhile execcmnd exit
fileclose fileconcat filecopy filecreate filedelete filemarkptr fileopen filereadln fileread filerename
filesearch fileseek fileseekback filestat filestrseek filestrseek2 filetruncate filewrite filewriteln
findclose findfirst findnext foldercreate folderdelete foldersearch for getdir getfileattr goto ifdefined
include int2str intdim makepath messagebox not random setexitcode sendln setfileattr setdir sprintf
sprintf2 str2code str2int strcompare strconcat strcopy strdim strinsert strjoin strlen strmatch
strremove strreplace strscan strspecial strsplit strtrim tolower toupper until while xor

why not "if" keyword?

Last edited by akinas; 02-22-2024 at 08:48 PM. Reason: erratum
02-22-2024, 08:53 PM - 1 Like   #54
Loyal Site Supporter
Loyal Site Supporter
UncleVanya's Avatar

Join Date: Jul 2014
Photos: Gallery | Albums
Posts: 28,348
Script Enable has been known for a long time - but I don't recall ever seeing anyone saying they used it or they knew what it was used for. My guess is that there are specific scripts used during calibration or during repair/testing. They may not need an IF as the purpose may be very focused for each script and not a lot of choices - only a need to end it with endif, endwhile, elseif etc.
02-23-2024, 05:08 AM   #55
New Member




Join Date: Oct 2014
Posts: 19
QuoteOriginally posted by akinas Quote
RTOS uses "SMP T-Kernel " from the TRON forum. Linux is also used as an OS.
-----
There seems to be a Script execution environment, but I can't run it well.
I hope someone will try this as well.
Interesting. While doing the text search in firmware, I noticed some references to linux kernel, but I dissmissed Linux being used immediately. Primary OS is probably some RTOS (as you found it is SMP T-Kernel) and Linux is some helper OS, however I don't know what could be achieved by having embedded linux running in the camera. But I find it totally cool.

I would like to have something like terminal access to camera for fun . I wasn't aware of shell execution environment, but as UncleVanya says it has been here for long and nobody found any use of it.

It is fun pastime to run though the decompiled code. Still trying to make heads and tails out of it, is there a tool in ghidra to find pieces of code that references to a string data found somewhere in the firmware? For example: I've found string "RecoveryBoot" at FW location 1786f10 (latest firmware), but I couldn't find any reference to this string in the code. I would really like to force the camera to misbehave somehow, based on new information we get from the decompiled firmware.
02-23-2024, 07:08 AM - 1 Like   #56
Loyal Site Supporter
Loyal Site Supporter
UncleVanya's Avatar

Join Date: Jul 2014
Photos: Gallery | Albums
Posts: 28,348
I also wonder if some of the code is dead end code from the older cameras that wasnít properly removed. The older cameras have been around a long time and itís possible they ported the code and didnít find and remove all dead branches.
02-25-2024, 03:28 AM   #57
Forum Member
akinas's Avatar

Join Date: Dec 2022
Posts: 52
Original Poster
QuoteOriginally posted by UncleVanya Quote
I also wonder if some of the code is dead end code from the older cameras that wasnít properly removed. The older cameras have been around a long time and itís possible they ported the code and didnít find and remove all dead branches.
The firmware for the Pentax K-3 Mark III is created with a new architecture.
Of course, inherited the technology of the past, but I don't think it contains much useless logic from the past.
02-25-2024, 04:47 AM   #58
Forum Member
akinas's Avatar

Join Date: Dec 2022
Posts: 52
Original Poster
QuoteOriginally posted by samop Quote
Interesting. While doing the text search in firmware, I noticed some references to linux kernel, but I dissmissed Linux being used immediately. Primary OS is probably some RTOS (as you found it is SMP T-Kernel) and Linux is some helper OS, however I don't know what could be achieved by having embedded linux running in the camera. But I find it totally cool.

I would like to have something like terminal access to camera for fun . I wasn't aware of shell execution environment, but as UncleVanya says it has been here for long and nobody found any use of it.

It is fun pastime to run though the decompiled code. Still trying to make heads and tails out of it, is there a tool in ghidra to find pieces of code that references to a string data found somewhere in the firmware? For example: I've found string "RecoveryBoot" at FW location 1786f10 (latest firmware), but I couldn't find any reference to this string in the code. I would really like to force the camera to misbehave somehow, based on new information we get from the decompiled firmware.
>is there a tool in ghidra to find pieces of code that references to a string data found somewhere in the firmware?
I want one too. Maybe you won't be able to find the reference unless the logic side is decompile(disassembled).

I found "RecoveryBoot!!" at 0x532be52c

RTOS start address is 0x52500000. I use older version firmware(ver2.11) ,but RTOS start address will be same.
Attached Images
   
02-25-2024, 05:30 AM - 1 Like   #59
Loyal Site Supporter
Loyal Site Supporter
UncleVanya's Avatar

Join Date: Jul 2014
Photos: Gallery | Albums
Posts: 28,348
QuoteOriginally posted by akinas Quote
The firmware for the Pentax K-3 Mark III is created with a new architecture.
Of course, inherited the technology of the past, but I don't think it contains much useless logic from the past.
I had assumed so initially, but so much seemed similar I wondered.
02-29-2024, 11:16 PM   #60
Forum Member
akinas's Avatar

Join Date: Dec 2022
Posts: 52
Original Poster
I found the string 'KB582CPU project RX113' in the firmware.
CPU could be Renesas' RX113.

https://www.renesas.com/us/en/document/dst/rx113-group-datasheet-rev120
Reply

Bookmarks
  • Submit Thread to Facebook Facebook
  • Submit Thread to Twitter Twitter
  • Submit Thread to Digg Digg
Tags - Make this thread easier to find by adding keywords to it!
address, camera, code, data, decompress, firmware, firmware for ricoh, gr, hacking, k-1, k-3, k-3 mark iii, k-3iii, linux, mode, os, pentax, pentax k-3 markiii, photography, photoshop, pieces, reference, references, ricoh gr, system, tool, types
Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads
Thread Thread Starter Forum Replies Last Post
Need Help - My K3-MarkIII Is Stuck On MF mhsp1948 Pentax K-3 III 12 08-12-2023 09:19 AM
What is better than a K3 MarkIII? Rush2112 Pentax K-3 III 24 01-21-2023 06:16 AM
Pentax K10D firmware reverse engineering/hacking ergoa Pentax DSLR Discussion 4 09-13-2022 09:17 AM
Macro Wet Berries reveal a scene.......... eaglem Post Your Photos! 4 07-15-2016 07:46 AM
How taking pictures through windows can inadvertently reveal your location EarlVonTapia Photographic Industry and Professionals 6 05-22-2014 09:05 AM



All times are GMT -7. The time now is 11:18 AM. | See also: NikonForums.com, CanonForums.com part of our network of photo forums!
  • Red (Default)
  • Green
  • Gray
  • Dark
  • Dark Yellow
  • Dark Blue
  • Old Red
  • Old Green
  • Old Gray
  • Dial-Up Style
Hello! It's great to see you back on the forum! Have you considered joining the community?
register
Creating a FREE ACCOUNT takes under a minute, removes ads, and lets you post! [Dismiss]
Top