|
Forum: Pentax DSLR Discussion
08-06-2016, 07:03 AM
|
| |
Now that K-3 II firmware is out it would be possible to do some comparisons with K-3 firmware. Has anyone given any thought about this?
|
|
Forum: Pentax DSLR Discussion
07-03-2016, 03:25 AM
|
| |
Those firmware tweaks might be harder than you think. In embedded systems the things are little bit different. Also sensor contract may restrict how to use the sensor.
I don't know how software is developed for Pentax cameras, but I've written some code for embedded systems. Many times small change on concept level is breaking everything. If the video code is old and engineer who wrote it is gone, continuing development might be little bit hard and time consuming.
|
|
Forum: Pentax DSLR Discussion
03-13-2016, 01:41 PM
|
| |
If all commands are read from firmware and given to people see what can be done, then some program could implement them. I doubt there isn't any array in firmware which represents all SCSI commands so this would need some serious reverse engineering.
My educated guess is that there are no such commands and controlling zoom with tether isn't possible.
|
|
Forum: Pentax DSLR Discussion
12-02-2015, 11:53 PM
|
| |
Did you try to have batteries off the camera for few hours and reflashing? I necromanced my K100 from that way. Bootloader which loads FW update should be rather tough to kill. And use small (<2GB) SD card.
|
|
Forum: Pentax DSLR Discussion
04-19-2015, 03:51 PM
|
| |
One part is Shodan's PHDK
Another is Svenpeters Chrome decrypter.
I have some notes somewhere home about K-3 FW. I spent something like one night with so nothing much. K-3 and K-30 are different beasts.
So as always, start with other work and study what Shodan did. The pdf is great thing to read. Then start appyling IDA and your mind to FW and find something useful from FW and document it.
And so yes, you need to read first 20 pages of this to understand Shodan's work (it is really interesting stuff) and last ten to see how we are arguing boring stuff :)
|
|
Forum: Pentax DSLR Discussion
04-02-2015, 04:44 AM
|
| |
End-user beneficial: No. shodan's work is most ready work there is and others just poke around and see what there is.
Hacker beneficial: Yes
These small bits of information give possibility to hackers get on hacking easier as not everyone needs to do all the same steps multiple times.
|
|
Forum: Pentax DSLR Discussion
03-29-2015, 05:28 AM
|
| |
It's called hacking for a reason. You create a hack which lets you install any firmware you wish. And it might be true that version has to be bigger or same. Needless to say that software which is meant to another hardware can't work. I would be rather curious how to hack the bootloader so that I can run any firmware.
Yes you are wrong. I tested K-3 firmware with the javascript decrypter, disassembled it and found even images. then I encrypted it with some tool linked in this thread. After that I decrypted it again and got same file. I didn't flash my camera.
And disassembling you get machine codes which you can interpret to higher level language if you know which kind of structures higher level language compiler produces and it is total guess what are the variables and function names.
And if you think frmcrypt is so superrior, disassemble and analyze it and then write good post why it works better than anything else.
You should start your way from something simple to learn to do stuff. First take Arduino and learn to read the assembly listing file. Then continue to arm and intel machines. You'll start to see pattern how the sourcecode is generated to binary.
But please. Stop whining decryption isn't working. It works. Encryption works. But I don't have time to work with Pentax firmwares :(
|
|
Forum: Pentax DSLR Discussion
01-13-2015, 12:33 AM
|
| |
As I have K-3 I have the firmware and I threw it through the online decryption tool.
I get a lot of strings
Code:
$ strings decrypted-fwdc220b.bin| awk '{ print length, $0 }' | sort -n | cut -d" " -f2->strs.txt That extracts strings, sorts them by line length and puts to strs.txt file.
Code:
[ASensor] VdTimeUs / HdTimeNs / Svr / Shr
[ASS] Retry AE Sensor LiveView Allocate.
[ASS] Retry Pre Flash Exposure Allocate.
[Calc] m_dwAeTarget256 / m_dwAeAverage256
CCCR
Command Response Data
Command Response Status
Copyright (C) RICOH IMAGING COMPANY, LTD.
Copyright (C) RICOH IMAGING COMPANY, LTD.
DSP Prefech Abort before PC-%08X LR-%08X!
FBR %d
[FDLS] AHFD ERROR: AHFD_DETECTOR is NULL
Function #%d Capability
Function #%d Status
General Information And here is md5sum
What else is in the file decrypted file? I gave two shots of binwalk. First searching opcodes and then what it thinks the data is.
Code:
DECIMAL HEX DESCRIPTION
-------------------------------------------------------------------------------------------------------
72 0x48 ARM function prologue
45840 0xB310 ARM function prologue
45980 0xB39C ARM function epilogue
46112 0xB420 ARM function prologue
46252 0xB4AC ARM function epilogue
46904 0xB738 ARM function prologue
47084 0xB7EC ARM function epilogue
DECIMAL HEX DESCRIPTION
-------------------------------------------------------------------------------------------------------
32415 0x7E9F Ubicom firmware header, checksum: 0xFA3200B0, image size: -97386272
9852140 0x9654EC LZMA compressed data, properties: 0x01, dictionary size: 33554432 bytes, uncompressed size: 50331649 bytes
9865723 0x9689FB mcrypt 2.2 encrypted data, algorithm: blowfish-448, mode: CBC, keymode: MD5 hash
14431139 0xDC33A3 TIFF image data, little-endian
14858270 0xE2B81E TROC filesystem, 1448159232 file entries
15610721 0xEE3361 LZMA compressed data, properties: 0x03, dictionary size: 16777216 bytes, uncompressed size: 349 bytes
Code:
$ md5sum decrypted-fwdc220b.bin
69c8551d705119855e7782b6a7c84703 decrypted-fwdc220b.bin Now what do you think my next course of action would be?
Reverse engineering compiled firmware isn't easy and a lot of depends on experience and intuition.
I'm not really working with K-3 firmware. Just poking around...
|
|
Forum: Pentax DSLR Discussion
01-12-2015, 05:02 AM
|
| |
So if you get that same result running md5sum for k-30 1.05 firmware after decryption, you have identical file with MooseV2 and I would say that the method you used for decryption is working one.
And the result file is still binary form. You need to disassemble it get something interesting out of it. Or if the strings are interesting enough you can extract them and wonder what they are but nothing further.
|
|
Forum: Pentax DSLR Discussion
01-04-2015, 05:55 AM
|
| |
You are trying to build graphical application somehow. You should try to build blank project or console application.
Undefined reference to WinMain@16 - C++ Forum
google gives quite a lot information about undefined reference to winmain
|
|
Forum: Pentax DSLR Discussion
12-04-2014, 02:41 PM
|
| |
And there is small difference. If Pentax has 3 FW hackers, Canon has 30 as their user base is much bigger. And the need for custom firmware is much greater as normal user interface is only little bit better than Nikon's UI.
However Shodan's work is great start. Now it is possible to start dumping, testing, tweaking and hopefully documenting how the system works and how to make it better.
|
|
Forum: Pentax DSLR Discussion
10-16-2014, 04:28 AM
|
| |
I liked your document. It gave me some ideas how to proceed with one other device.
I know what to do when I buy next camera :)
BTW footnotes 1 and 2 to chdk are exactly same.
|
|
Forum: Pentax DSLR Discussion
10-15-2014, 06:49 AM
|
| |
The error report suggest, it's 32-bit software on 64-bit system and behaving bad.
I haven't catch the idea why you want to use frmcrypt in stead of pfwtool. Try pfwtool and if it doesn't work like it should, help to make it work. If I'm correct frmcrypt is propietary code from rather untrusted source.
|
|
Forum: Pentax DSLR Discussion
09-08-2014, 03:50 AM
|
| |
| |
|
Forum: Pentax DSLR Discussion
08-03-2014, 11:02 AM
|
| |
I have done some RE on MCUs. I had Atmel 8k binary, drawn schematics of device and good tools. To write the documentation what the device did, it took 2 months.
This was some high security device where two systems were bought and both devices were audited. My task was on black box testing of software to find the corner cases where it didn't work. I had to think every opcode and make a conclusion if system would be still safe.
Now increase the size of binary with factor of couple of thousand. Subtract the level of details required to obtain. 10 manyears might be good estimation to say for firmware to be hacked thoroughly. So Shodan has done some very impressive work. But as always when passion drives engineer to work other stuff is irrelevant like eating or sleeping.
|
|
Forum: Pentax DSLR Discussion
06-18-2014, 02:06 PM
|
| |
I hate my first post being Are we there yet post. However I really wish to see some updates on this project or requests how to help. Last commit in github is in May and I hope this project hasn't been drop. So. Any news?
|
