Quote: I think I understand some basics, but I don't get the thing as a whole.
For example what can be done with this dll?
What does it mean that you have decrypted the firmware? You don't get source code from it, do you?
How could it look like when you change the firmware - codewise? Do you get to some point where you have the whole firmware as sourcecode and then change it, compile it and finally encrypt it? Or do you just bent some interrupts with a hex-editor?
It would be great if you provide some visible, tangible stuff, so that the average programmer can follow.
The .dll was a possible tool to get the unencrypted firmware. It is not needed for that purpose now. It still could be useful in reversing the code in the future. As far as source code, this is as basic as it gets. With the memory maps and the start the folks got with K10D along with the white paper on the chipset things are off to a good start. Now the hard nose reverse engineering begins. The code is right here it's all a matter of figuring/sorting it out. There's nothing that says what ports or bits of ports do and/or what they are connected to. It's a matter of using the clues within the code to figuring that out. Telling if a port is a matrix of buttons or a bus can usually be determined by the way they are handled within the code. Telling what button is what can be a little more difficult.
Back to the .dll.... If everything works right, the planets align and a lucky break is given, the dll could be the quickest helper in figuring out a lot of the routines. For instance, while running Remote Assistant and a USB snooper, the communication protocol could be figured out and ultimately the commands sent to the camera to do a particular function. Armed with that knowledge, you could search the firmware for the jump tables corresponding to those commands. From there you can follow the code for each command and document it (shutter activation, WB, ISO... anything you can do in RA). You can also see what part of the code utilizes the jump table and follow it backwards all the way to the parser. A lot of information can be gained from just what little is given us...
possibly. That could be the first round of attack on the code. It's going to take a good amount of time to figure out even the basic stuff, but as our knowledge of the code grows it ends up being kind of like a snowball effect and each hurdle/mystery gets smaller and easier to solve. It truly is exciting the kind of attention this is getting and the how far along the project has gotten. It would be funny if in the future that a used K20d would be more sought after for the mods you could do to it as opposed to a new K7 out of the box. It might wake up Hoya/Pentax and release firmware as open source for discontinued products (well maybe not - but maybe make them listen closer to its users). Anyways, enough ranting....