[Jeff Lopez]

Firmware validation logic used in K-30/50/500 is added to PHDK Wiki here.

bookmarking!

[tr13]

Hi!

Let me know if you need any help from the guy who started all this Pentax hacking :-)

I have K-01, so can have some personal interest.

So, for now it is only model id change and reencryption?[COLOR="Silver"]

[ABel]

Hi!

Let me know if you need any help from the guy who started all this Pentax hacking :-)

I have K-01, so can have some personal interest.

If you are ready to sacrifice your K-01 for sake of progress, I can prepare a K-50 adapted for your camera
It's about 50/50 - either the camera will become quasi-K50, or it will be broken beyond the repair.

So, for now it is only model id change and reencryption?

Yes. Nothing that could be called a breakthrough

[ZombieArmy]

It's about 50/50 - either the camera will become quasi-K50, or it will be broken beyond the repair.

Or the third possibility which is it doesn't do certain functions and has to be reverted.

[Jeff Lopez]

Or the third possibility which is it doesn't do certain functions and has to be reverted.

I think this will mostly happen..if the K01 and the K50 share the same PRIME processor, then I dont see any problem, the would have the same registers. a mirror is not related to the exposure commands, like a shutter and aperture does. Probably it will hang if you select Bulb or mirror up for cleaning and I really doubt it, it most probably will return an Error as there is no way to provide feedback to the Prime..

Abel, could you provide a K30 firmware to mod a K01? it has less functions and probably will fit to the K01 DRAM

[tr13]

I am not big fan sacrificing K-01 at this stage as I love this yellow buddy :-)

One strange thing I see is 12MB xor decryption key.

As I understand it is obtained by xoring dumped firmware with encrypted one.

As far as I remember Pentax did not change algorithm for ages. So it can be good idea to add K30/K50 to my tool (as K-01 is present)

[ABel]

I think this will mostly happen..if the K01 and the K50 share the same PRIME processor, then I dont see any problem, the would have the same registers. a mirror is not related to the exposure commands, like a shutter and aperture does. Probably it will hang if you select Bulb or mirror up for cleaning and I really doubt it, it most probably will return an Error as there is no way to provide feedback to the Prime..

Abel, could you provide a K30 firmware to mod a K01? it has less functions and probably will fit to the K01 DRAM

I surely can make that firmware.

The problem is K-01 firmware is 0x40000 bytes less than for K-30. And existing K-01 cameras simply don't know and don't expect there's something more to flash into their memory. Which means the K-30/50 firmware will most likely be installed incompletely.

If this additional block doesn't contain any logic necessary for routine camera functioning, the camera would work (most of the time).
And we can possibly install the whole K-30/50 firmware by firstly installing, say, version 1.05, and then the latest one - in this case 1.05 from K-30 will already know about full size of its update, and will install the next version completely. But it would be hardly possible to revert the camera to the original firmware.

And in case the additional block contains some initialization code, or some functions used during normal camera operation, that K-01 will simply hang right after starting.

To summarize:
It can be possible to install K-30/50 into K-01, but already broken camera should be necessarily be used for the experiments.
If someone has such camera, or can obtain one for a bargain price, I can provide the necessary firmware(s) for the testing.

---------- Post added 04-10-17 at 10:04 AM ----------

One strange thing I see is 12MB xor decryption key.

Yes. Bearing in mind the decryption algorithm is rather simple, and even the XOR-key "seeds" are stored in the firmware file itself.

As I understand it is obtained by xoring dumped firmware with encrypted one.

It was obtained by decompiling the decryption routine with Hex-Rays decompiler, then compiled and run.

As far as I remember Pentax did not change algorithm for ages. So it can be good idea to add K30/K50 to my tool (as K-01 is present)

You are partially correct, the algorithm itself hasn't changed.

But there are two radical differences:
1. In older models the firmware file started with a non-encrypted header. And decryption started from the offset 0x100.
But in K-01/30/50/500, there's also a first block 0x000-0xF00, which should be decrypted using the same algorithm, then comes the same 0x100-bytes of plain header, which is started with the same XOR "seed" (HOKKTKIYHTNTMU) as in previous models.

2. In K-30/50/500, there is also a second block, with its own XOR key. The block starts at 0xC00000, and its header (well, it should be called a trailer) resides at 0xC3FF80 - it also starts with key "seed" (different one - SWaaTKouHI).

frmcrypt.exe version 3.00 you've posted on P-V.com correctly processes the main part of the K-01/30/50/500 firmwares, but leaves the starting portion intact, and it also incorrectly decrypts the second block of K-30/50/500 firmwares.
As far as I understand, it's a matter of slight changes to make your tool compatible with these firmwares.
And it would be just great if you can modify it and release an updated version, because all the community has right now is a firmware decoder/encoder which requires .Net 4.0+ for running, whereas your tool is made in Delphi(?) and runs even on my ancient Win XP

[ABel]

Firmware 1.10 for K-500 is also available.
If anyone is willing to test it, please send me a PM

[PiDicus Rex]

Honestly if I did have money to spare and an extra k-01 I'm pretty sure I'd test it.

If I get a third, cheap, I'd try it.

The most significant difference is the firmware files for K-30/50/500 are slightly larger than for K-01.

That would be the different functions in stills, Some of the functions of the K-30 are not present in the K-01, nor is any need to have a display in the viewfinder.

[ABel]

Firmwares 1.10 for K-30 and K-500 are "released" here.

[frankl]

Firmwares 1.10 for K-30 and K-500 are "released" here.

Hey there. New to the forum, I was looking for something similar for the K-X model. If I wanted to actually build that new firmware (I've got more than enough knowledge...), where do I start? You think what you've done could be ported to the K-X?
My main issues with my K-X is battery status, focus (I found that other site talking about adjusting the focus in debug mode) and under exposure for no specific reason when there is plenty of light.

[mee]

Hey there. New to the forum, I was looking for something similar for the K-X model. If I wanted to actually build that new firmware (I've got more than enough knowledge...), where do I start? You think what you've done could be ported to the K-X?
My main issues with my K-X is battery status, focus (I found that other site talking about adjusting the focus in debug mode) and under exposure for no specific reason when there is plenty of light.

It won't work. The K-30/K-50 used entirely different hardware from the K-x. Even if you could somehow force the K-50 firmware onto the K-x it would likely destroy the camera.

[frankl]

So it'd be an effort from scratch to decompile the firmware & all then? too bad...

[Pelican]

Is it possible to implant PEF support in K-50 firmware?

[PiDicus Rex]

(I've got more than enough knowledge...)

I'm beginning to think, it'd be easier to have a team start from scratch, with the SDK's for the chipsets, and build custom firmware from the ground up.
'least that way, we'd get features people want.