|
Forum: Pentax DSLR Discussion
01-11-2019, 08:53 PM
|
| |
Thank you for the link, I had to register.
|
|
Forum: Pentax DSLR Discussion
01-07-2019, 09:22 PM
|
| |
Hi, please do you have a link for lens EE dumps?
|
|
Forum: Pentax DSLR Discussion
01-06-2019, 11:27 PM
|
| |
I disassembled my DA 17-70mm f/4 AL [IF] SDM lens that have damaged SDM also to check if there is an EEPROM chip. I carefully looked at all chips but there is not common serial EEPROM. There is TI MSP430F1232 16-bit MCU with embedded 8,25 kB flashROM. So it may hold lens data inside. So it would not be such easy to read/write it as serial EEPROM.
Here is photo of the PCB
http://rayer.g6.cz/hardware/pentax.k30/da1770c.jpg
I'd also ask for help technical skilled users who own the same lens DA 17-70mm f/4 AL [IF] SDM to help me identify the value of blown resistor
(pointed by arrow) on bottom side of PCB.
http://rayer.g6.cz/hardware/pentax.k30/da1770d.jpg
It's not hard to disassemble (~10min) and there are step by step instructions
The chip list (most of them are tiny SMD parts with a short code hard to be identified. The big NEC chip seems to be something custom, google's silent):
top side:
TI M430F1232 17TG4 (TSSOP28, 16-bit MCU 8kB+256B FlashROM, 256B RAM, 10-bit ADC)
MF1 405 (micro SOT23-5)
bottom side:
B1AV (SOT23-5, near motor pins)
2* fairchild BHAA WZ08 (micro TSSOP8)
fairchild PB0AA LCX74 (DQFN14, 7474 dual D-type positive edge-triggered flip-flop 3,3V)
Z86F (micro SOT23-5)
Z16B (micro SOT23-5)
5W55 (micro TSSOP8)
5W56 (micro TSSOP8)
T6E5 (SOT23-5)
162Y (SOT23-5)
lens body FPC:
NEC LIC092 118M1 (TQFP48)
58C 171 (TSSOP8)
|
|
Forum: Pentax DSLR Discussion
01-06-2019, 12:28 PM
|
| |
The same for [lens - body communication test] menu item. It just hangs the camera with black screen. So the routines that communicate with lens (including EEPROM R/W) was changed some way. Only chance would be to search and compare old FW that has this function working with newer FW that doesn't work. Good candidate would be K10D where one can compare FW 1.31 with some older version. But it may not be easy to reimplement it to work again.
|
|
Forum: Pentax DSLR Discussion
01-06-2019, 10:50 AM
|
| |
I already wrote a few posts above that I tried it (of course) on K-3 akd K-30 and it doesn't work. I can change address but it reads all bytes as zeros and if I edit something it's not saved. So there was some change in firmware that debug menu doesn't reflect. Of course the FW must be able to read EEPROM data from lenses but it's done differently in newer FW and debug menu code was not updated to match.
|
|
Forum: Pentax DSLR Discussion
01-04-2019, 06:19 PM
|
| |
I'm also a bit interested in EEPROM code. It was discussed in thread beside. It was told me it should work with older FW for bodies: K10D (FW < 1.31), K20D, K100D, K-5. I tested it on K-3 and K-30. The debug menu entries are present but they does nothing, no file with EEPROM data is created and interactive editor reads allways zeros and write doesn't have any effect. I will look again on lens PCB circuit if there is some standard serial EEPROM like 24Cxx or 93Cxx if so it could be read/write by cheap HW programmer. Of course better would be to be able to do from camera body but I'm not going to spend extra money for some old body.
|
|
Forum: Pentax DSLR Discussion
08-23-2016, 08:02 AM
|
| |
Why your gov. restrict GPS logging on DSLR when every smartphone can do it? Can be this function turned on/off in camera menu?
|
|
Forum: Pentax DSLR Discussion
12-03-2015, 10:24 AM
|
| |
No, I just removed the pack for a few seconds, put back and it turned on normally. It was some FW bug/deadlock not damaged FW in the flash. I wrote it because I don't know if gamma77 did tried to remove his battery so it might be this stupid case :)
|
|
Forum: Pentax DSLR Discussion
12-02-2015, 04:10 PM
|
| |
It can happen that camera FW freeze so deep that it cannot be turned on via switch. Once it happened to me on my K-30. I though that battery is simply discharged but I tried to remove and reinsert it again and then I could turn it on normal way via switch. Battery indicator was at 1/2 so it was not fully discharged... I don't know why it happened...
I would guess that camera has some bootloader that is able to do a recovery flash but who knows how to activate. Maybe it would be enough to copy a file with right name on SD, maybe need to press something...
Also it can be programmed HW-way, if you disassemble it there would be probably testpoints that allow to connect a JTAG port and via JTAG chain it would be possible to programm the flash. But it's hard to do without any documentation. So I would rather buy another mechanically damaged camera and replace the circuit board in your camera.
|
|
Forum: Pentax DSLR Discussion
10-30-2015, 01:32 PM
|
| |
On that Canon I rewrote Finnish (Suomi) language messages with Czech. Of course I had to fit in total length of all strings but I can shift some messages a little bit. Also I have to check visual on display that the text is not running out of the bound...
BTW what do you want to do with this strings?
Here's my old Canon work but in CZ-only, maybe google translate helps..
http://rayer.g6.cz/hardware/a70.htm#A70FWH |
|
Forum: Pentax DSLR Discussion
10-30-2015, 08:00 AM
|
| |
Yes, back in time when I localized firmware of Canon Powershot A70 and A95 there was also block of language strings (normal ASCII) and at the beginning of block there was a pointer table to each string. So if you make some mesage longer and the following was shifted a few bytes further then you have to fix also the pointer in the table (that was pretty anoying to keep track both). I guess it may be similar here - the strings would be referenced by some intex that is then translated to selected language...
|
|
Forum: Pentax DSLR Discussion
10-29-2015, 08:45 AM
|
| |
Hehe, seems to be simply shifted by 0x1e (30) lower against standard ASCII code. Is it some specific string or you just pick a random? So if we shift entire FW we coul find much more strings? Maybe that only GUI strings are encoded this way, AFAIK there are also normal coded strings.
|
|
Forum: Pentax DSLR Discussion
01-08-2015, 03:10 AM
|
| |
>uttam.hathi
Just search for some string like "DEBUG MODE" and you'll find it (with many other interesting strings around) if properly decrypted :)
|
|
Forum: Pentax DSLR Discussion
10-16-2014, 08:18 AM
|
| |
Hi, I have already compiled the Sven Peter's pfwtool, here's package with binary for win32 and dos/djgpp if someone needs:
http://rayer.g6.cz/hardware/pentax.k30/pfwtool.zip
In file mode access I suggest to use "rb" / "wb" - it shouldn't affect linux but it's necessary for windows so I always use it instead of "r" / "w".
I also needed to define off_t type - it should be present in new compilers.
Shodan, thanks for putting effort to write the document, I will read through...
|
|
Forum: Pentax DSLR Discussion
08-11-2014, 09:10 AM
|
| |
Thanks :)
BTW why do you still refer to FW version 1.5 when it is officially 1.05? I don't belive pentax/ricoh will ever release true 1.5 version in future but it may be confusing...
To Prerequisite:
is the .NET 4.5 Framework required only for decrypting tool using XORkey? Some months ago I compiled it as tiny win32 program under MinGW, I'd like rather keep out of MS depencies and use GNU tools instead :) I posted the zip package here in some older post, you can upload it to github. Or I can drop a few words about it on wiki, just registered...
|
|
Forum: Pentax DSLR Discussion
08-05-2014, 08:58 AM
|
| |
Sure, but it's related to old Pentax models with different CPU/DSP and FW. I think it's the right place to continue. Vitaliy Kiselev would probably be kind to give access to the website to post updates if Shodan asks him...
|
|
Forum: Pentax DSLR Discussion
08-05-2014, 05:46 AM
|
| |
Good work. BTW did you discovered some function for drawing a pixel or rectangle? And if yes what color model is used? On canon there was some strange bitpacked YUV...
Did you make some change to previous firmware mod that loads SD module? Or do you think it could be final version?
I think it's a bit pitty there's no some wiki documentation that would simply describe how FW works, what tools, how to compile and what functions are available to call. That could motivate other programmers that are not direclty familiar with rev. eng. of ARM code. Of course I know that's extra effort taking time but I know that best time to write documentation is during the process by small part than try to write something a year later when it dropped from memory...
|
|
Forum: Pentax DSLR Discussion
08-04-2014, 09:08 AM
|
| |
When hacking of old Canon powershots and EOS 300D started about 10 years ago I knew only about 5 other hackers who worked on. As pentax user group is say 10 and more times smaller I wonder here's one :) Shodan made a lot of hardwork and enabled others to run theirs own module from SD to make further hacking more safe and easier but there's lack of other skilled people with enough free time...
BTW I found that K-30 was stopped selling in CZ. rep., just about a year after I bought mine...
|
|
Forum: Pentax DSLR Discussion
07-23-2014, 07:10 PM
|
| |
It doesn't matter, you can easily upgrade or downgrade to any available version. I bought K-30 with 1.04, then updated to 1.05 and 1.06 and back to hacked 1.05. BTW user lens FF/BF settings seems to be preserved during updates, no need to set it again...
|
|
Forum: Pentax DSLR Discussion
05-19-2014, 01:48 AM
|
| |
We are discussing some issues and it's reasonable to wait a moment until it will be adjusted.
Now I can say that I reflashed FW with loader (but didn't be able to rebuild it from github tree) without bricking my cam :).
|
|
Forum: Pentax DSLR Discussion
05-17-2014, 03:51 PM
|
| |
Congrat to breaking the wall /voted too/. I'm forward to run some small own code on the cam. I downloaded complete github tree but some tools called by *patch*.bat are missing:
FirmwareTools.exe - well I compiled my own (xor based) decrypter in mingw to do the enc/decripting that I attached here before
MergeBin - I don't have such tool is it your own or where can I get it?
gcc-arm-none-eabi - is it from here https://launchpad.net/gcc-arm-embedded or netx-arm-elf-gcc Project Top Page - SourceForge.JP here? I use this toolchain at work for a small bluetooth low energy chip with cortex M0 core :) Did you make some modifications to the toolchain like own linkerscript or startup file?
Will be easy to add support for latest 1.06 FW? It probably has different address for important functions and patch so currently it work only on 1.05 I expect... On pentax page is officially available only ver 1.06 but old files are still kept on their server so 1.05 is here http://www.ricoh-imaging.co.jp/english/support/digital/firmware/k30v105.EXE
Maybe you could write some readme or make some webpage with tech. facts about how things work and how use the tools.
Thanks
|
|
Forum: Pentax DSLR Discussion
04-25-2014, 06:31 PM
|
| |
Good work Shodan, did you hooked some function from dev. menu? Do you know how to recalc chksum or are you still bypassing it? Can you run some module from SD now? I'm forward when we will know how to call some GUI and buttons API calls to be able to write own app module :) I know, still at the beginning...
Do you have some photos of K-30 body from inside? PCBs, chips, etc?
---------- Post added 04-26-14 at 04:11 AM ----------
Yes, it's some proprietary binary protocol and it's getting complicated but maybe Shodan would be able to reverse some code or enable logging on SD..
Hm, it's quite short message to contain lat, lon, alt, azimuth, sat.list...
Please can you trap some more messages and wait until GPS got fix? Then we can compare early messages without valit pos. and later with fix. I would expect zeros first in lat/lon that will change when fix so it would be visible where are they located. Also I could try to replay some sequence via AVR MCU if it will be recognized by cam. Do you think that GPS module only transmit, no receive?
How much often?
Yes I have some problems when contacting a scope gnd crocodile to it...
|
|
Forum: Pentax DSLR Discussion
03-30-2014, 07:55 AM
|
| |
Yes, this cable capacitance is quite high. From my meas. seems to be camera driver output impedance about 500ohm (resistance of wires doesn't really matter) which should just work but we don't know how hard is line driver on GPS side. So only way would be to cut and shorten the cable length...
|
|
Forum: Pentax DSLR Discussion
03-25-2014, 02:23 PM
|
| |
FW 1.06 - FWDC215B.DEC, offset: 00C02174
|
|
Forum: Pentax DSLR Discussion
03-25-2014, 08:10 AM
|
| |
It's in decrypted FW 1.06, do you dasm 1.05? I can tell offset later.
|
