Forgot Password
Pentax Camera Forums Home
 

Closed Thread
Show Printable Version Search this Thread
02-12-2018, 09:37 PM - 1 Like   #721
Senior Member




Join Date: Mar 2013
Location: Middle of Siberia
Photos: Gallery
Posts: 212
QuoteOriginally posted by polaco Quote
ps: I have downloaded GitHub - i-am-shodan/PentaxFirmwareTool: Pentax Firmware tool for the K30
I compiled it and tried it to decrypt the K3II firmware that is in the zip provided by pentax, however the process fails as the XOR.key provided in PentaxFirmwareTool does not match firmware size.
I wonder were did they got that xor.key and how could i get the one for k3II. If the non encrypted version is available then calculating the xor file would be easy, providing they are still using same xor approach.
pps: well after reading a bit, it seems efforts on hacking pentax firmware has been abandoned, and if it is pure assembly i guess i would be dead.
It's pure ARM assembly.

Anyway, if you or anyone else want to try, here's a hint.

To decrypt K-3II firmware, you'll need to use pfwtool. If you have a trouble compiling the tool, contact me, and I'll send you the compiled binary.
After the firmware is decrypted, you'll need to open the file in IDA Pro disassembler. Change processor to ARM Little-endian, set the ROM starting address to 0x02000000 (if I correctly guessed the offset), and set the input file loading address to the same 0x02000000. See the attached screenshots.

Attached Images
 

Last edited by ABel; 02-14-2018 at 08:23 AM.
02-13-2018, 10:19 AM - 1 Like   #722
Banned




Join Date: Oct 2014
Posts: 93
There is HexRay decompiler to C language. But it has many limitations and you still need to read a lot assembler; and C++ is not recognized. Also ARM Thumb code is not decompiled.
10-13-2018, 03:58 PM   #723
Senior Member




Join Date: May 2009
Location: Sweden
Photos: Gallery
Posts: 182
Hi, sorry for a maybe dumb (already answered?) question, I've tried a bit of googling but maybe not enough, but does debug menu 5 in K-1 as seen a few pages back:

QuoteOriginally posted by beholder3 Quote
Many thanks and kudos to you, bootcoder.
...
http://www.pic-upload.de/view-31419871/PentaxK-1DevelopmentMenu5.jpg.html
...
mean that K-1 can be used to screwdrive-convert lenses (by downloading lens fw, doing 0C=>08 in column 3 and putting it back)?

If not, would the k-01 do? (I've seen several old posts saying it doesn't work with k-01 because you can't enter debug, but then newer posts say you ("we") now can enter debug, but nothing about if lens conversion this way works).
10-13-2018, 08:49 PM   #724
Loyal Site Supporter
Loyal Site Supporter
UncleVanya's Avatar

Join Date: Jul 2014
Photos: Gallery | Albums
Posts: 20,089
Some cameras like the k-3 have the requisite screens but won't perform the write to the lens even when told to do so.

10-14-2018, 03:05 PM - 1 Like   #725
Pentaxian
ZombieArmy's Avatar

Join Date: Jun 2014
Location: Florida
Posts: 2,603
QuoteOriginally posted by MikeyBugs95 Quote
I'm curious for what purpose someone would "hack" a Pentax camera's firmware? What would it improve?
If the firmware was completely hacked you could do stuff like:

Focus peaking in video

SR in video

GPS on k-01

Different color focus peaking

Zebra in video

Higher output video

Clean HDMI
10-16-2018, 12:52 PM - 1 Like   #726
Banned




Join Date: Oct 2014
Posts: 93
QuoteOriginally posted by ZombieArmy Quote
If the firmware was completely hacked you could do stuff like:
It is completely hacked. But there is very poor understanding of difference between "hack" and "development". The first term is like "unlocking" features that are already inside, but disabled by manufacturer. This is pretty fast to do (days to months). Second word describe creating new features where you need a lot of knowledge and time (from months to years).

Debug Mode is unlocked and so far no other exciting hidden features were found in firmware. And seems nobody can/want invest huge amount of spare time in "development" of new features.
10-16-2018, 01:26 PM   #727
Loyal Site Supporter
Loyal Site Supporter
UncleVanya's Avatar

Join Date: Jul 2014
Photos: Gallery | Albums
Posts: 20,089
QuoteOriginally posted by bootcoder Quote
It is completely hacked. But there is very poor understanding of difference between "hack" and "development". The first term is like "unlocking" features that are already inside, but disabled by manufacturer. This is pretty fast to do (days to months). Second word describe creating new features where you need a lot of knowledge and time (from months to years).

Debug Mode is unlocked and so far no other exciting hidden features were found in firmware. And seems nobody can/want invest huge amount of spare time in "development" of new features.
It would seem the ability to program the lens ROM was removed from later models firmware - is it possible to graft back in from older models?

10-20-2018, 07:22 AM   #728
Banned




Join Date: Oct 2014
Posts: 93
QuoteOriginally posted by UncleVanya Quote
It would seem the ability to program the lens ROM was removed from later models firmware - is it possible to graft back in from older models?
In which model "program lens ROM" function was available? In what model was it removed? What model your question is related to?
I am no brain reader and, by the way, I do not even have pentax cam.

Also word "possible" is different from "will be done". A lot of things are possible, but will never appear.

Last edited by bootcoder; 10-20-2018 at 07:35 AM.
10-20-2018, 11:50 AM   #729
Loyal Site Supporter
Loyal Site Supporter
UncleVanya's Avatar

Join Date: Jul 2014
Photos: Gallery | Albums
Posts: 20,089
QuoteOriginally posted by bootcoder Quote
In which model "program lens ROM" function was available? In what model was it removed? What model your question is related to?
I am no brain reader and, by the way, I do not even have pentax cam.

Also word "possible" is different from "will be done". A lot of things are possible, but will never appear.
As far as I know the k-5 series was the last camera that allowed the debug functions related to lens eeprom reading and writing.

The k-50 did not allow this. The k-3 also did not.

The k-3 series also has the debug functions listed but they do not do anything when selected.
01-04-2019, 06:19 PM   #730
Forum Member




Join Date: Feb 2014
Posts: 86
I'm also a bit interested in EEPROM code. It was discussed in thread beside. It was told me it should work with older FW for bodies: K10D (FW < 1.31), K20D, K100D, K-5. I tested it on K-3 and K-30. The debug menu entries are present but they does nothing, no file with EEPROM data is created and interactive editor reads allways zeros and write doesn't have any effect. I will look again on lens PCB circuit if there is some standard serial EEPROM like 24Cxx or 93Cxx if so it could be read/write by cheap HW programmer. Of course better would be to be able to do from camera body but I'm not going to spend extra money for some old body.
01-04-2019, 06:51 PM   #731
Loyal Site Supporter
Loyal Site Supporter
UncleVanya's Avatar

Join Date: Jul 2014
Photos: Gallery | Albums
Posts: 20,089
QuoteOriginally posted by RayeR Quote
... but I'm not going to spend extra money for some old body.
Remember that you can resell the old body when you are done.
01-05-2019, 02:45 AM - 1 Like   #732
Pentaxian




Join Date: Dec 2011
Posts: 2,963
QuoteOriginally posted by UncleVanya Quote
It would seem the ability to program the lens ROM was removed from later models firmware - is it possible to graft back in from older models?
Your statement is only partially correct.

Most users only seem to remember that the lens ROM change can be done by saving a file to SD card, changing it on the PC and loading it into the camera again.

But that is only half the truth.

As you can see even in the K-1 there is an option "LENS ROM EDIT R/W" directly in the camera (see post #7 here How to deactivate SDM and allow for screw drive autofocus with DA* 16-50mm f/2.8 - PentaxForums.com).

This allows directly changing the bytes. I have not actually executed it personally, but I can say that clicking it does show the underlying edit interface (asking about address and data and if you want to read or write) on the K-1, so I do assume this still works there.


01-05-2019, 08:15 AM   #733
Loyal Site Supporter
Loyal Site Supporter
UncleVanya's Avatar

Join Date: Jul 2014
Photos: Gallery | Albums
Posts: 20,089
QuoteOriginally posted by beholder3 Quote
Your statement is only partially correct.

Most users only seem to remember that the lens ROM change can be done by saving a file to SD card, changing it on the PC and loading it into the camera again.

But that is only half the truth.

As you can see even in the K-1 there is an option "LENS ROM EDIT R/W" directly in the camera (see post #7 here How to deactivate SDM and allow for screw drive autofocus with DA* 16-50mm f/2.8 - PentaxForums.com).

This allows directly changing the bytes. I have not actually executed it personally, but I can say that clicking it does show the underlying edit interface (asking about address and data and if you want to read or write) on the K-1, so I do assume this still works there.

Others reported it as not working on the k-3 specifically but I haven't tried it myself. It is possible the reports of it not being useable were incorrect.
01-05-2019, 12:29 PM   #734
Pentaxian




Join Date: Dec 2011
Posts: 2,963
QuoteOriginally posted by UncleVanya Quote
Others reported it as not working on the k-3 specifically but I haven't tried it myself. It is possible the reports of it not being useable were incorrect.
Go ask whoever claims it is not working, if they also tried the above in camera edit.

I can confirm that the SD card dumping entries for lens roms do not work on K-3 or K-1.
01-05-2019, 09:02 PM   #735
Loyal Site Supporter
Loyal Site Supporter
UncleVanya's Avatar

Join Date: Jul 2014
Photos: Gallery | Albums
Posts: 20,089
QuoteOriginally posted by beholder3 Quote
Go ask whoever claims it is not working, if they also tried the above in camera edit.

I can confirm that the SD card dumping entries for lens roms do not work on K-3 or K-1.
I am very sick but at some point I can actually attempt to edit using either a k-3 or k-1. I normally do my conversions with a k100d or k100d super. After editing I can verify the changes if it works. But that may be weeks... If my wife's experience repeats itself.
Closed Thread

Bookmarks
  • Submit Thread to Facebook Facebook
  • Submit Thread to Twitter Twitter
  • Submit Thread to Digg Digg
Tags - Make this thread easier to find by adding keywords to it!
bit, camera, card, chdk, code, data, debug, dslr, file, firmware, flash, fp, gps, instruction, k-30, k-50, k30, love, magic, module, notes, pentax, photography, pin, pins, sd, text
Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads
Thread Thread Starter Forum Replies Last Post
NY area SDM Hacking dappercorpmonkey Troubleshooting and Beginner Help 11 07-26-2013 04:15 PM
Nature Resurrecting some old images - Angry Birds! Julie Post Your Photos! 4 03-07-2013 10:41 AM
k-5 firmware hacking anyone? secateurs Pentax K-5 & K-5 II 33 10-05-2012 03:05 PM
Hacking lens' memory plis Visitors' Center 6 11-28-2011 10:58 PM
Resurrecting a MX and Super ME LiMPiNg Pentax Film SLR Discussion 4 09-27-2011 02:55 PM



All times are GMT -7. The time now is 06:56 PM. | See also: NikonForums.com, CanonForums.com part of our network of photo forums!
  • Red (Default)
  • Green
  • Gray
  • Dark
  • Dark Yellow
  • Dark Blue
  • Old Red
  • Old Green
  • Old Gray
  • Dial-Up Style
Hello! It's great to see you back on the forum! Have you considered joining the community?
register
Creating a FREE ACCOUNT takes under a minute, removes ads, and lets you post! [Dismiss]
Top