Magic Lantern Firmware Wiki

7D internals

328pages on
this wiki
Add New Page
Talk0 Share

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

7d updatesEdit

Update (8Jan2012): managed to compute updater2 checksum, but not sure it is a useful progress...

7D is dual Digic so they are 2 updaters:Edit

Fir_tool 0.6 (8Jan2012)

fileLen = 0xc0170c
---.fir header---
0x000: modelId = 0x80000250, (7D, DryOS)
0x010: version = 1.2.3
0x020: checksum = 0xa0577e5f
 checksum computing [0x0-0xc0170c] is OK!
0x024: updater1 header = 0xb0
0x028: updater1 offset = 0x120
0x02c: updater2 offset = 0x1a65d0
0x030: firmware offset = 0x214390
0x034: 0xffffffff
0x038: embedded file size = 0xc0170c
0x03c: 0x0
0x040: sha1 seed = 0x43be8381
0x044: 0x00000004 0x00000000 0x00000020 0x00000024 0x00000044 0x000000b0 0x002142e0
0x060: 0x214390
0x064: firmware length = 0x9ed37c
0x068: updater1 hmac-sha1 = 0b6640b60071040abb10ea30c99aabe05566665a
0x088: firmware hmac-sha1 = 498586e645b182c1aaeec6aa8b45d570dc2b6cfb
---updater1 header---
0x0b0: updater1 length = 0x1a64b0. starts at 0x120
0x0b4: 0x1a64ac
0x0b8: 0x0
0x0bc: xor seed value = 0xec33fb74
0x120: --- updater1 (ciphered) ---
---updater2 header---
0x1a65d0: (+0x000), modelId = 0x80000250, (7D, DryOS)
0x1a65e0: (+0x010), version = 1.2.3
0x1a65f0: (+0x020), checksum? = 0xfd545a3e
 checksum computing [0x1a65d0-0x214390] is OK!
0x1a65f4: (+0x024), 0xb0
0x1a65f8: (+0x028), 0x120
0x1a65fc: (+0x02c), ffffffff ffffffff ffffffff
0x1a6608: (+0x038), updater length (including header) = 0x6ddc0. starts at 0x1a65d0
0x1a6680: (+0x0b0), updater length = 0x6dca0. starts at 0x1a66f0
0x1a6684: (+0x0b4), 0x6dc9c
0x1a6688: (+0x0b8), 0x0
0x1a67ac: (+0x0bc), xor seed value = 0xfbeac87f
0x1a66f0: (+0x120), --- updater2 (ciphered) ---
---firmware header--- can be used to extract the 2 updaters.

Officially, updater1 is called K250SU (Slave Updater) and updater2 is K250MU (Master Updater).

Similarly, main firmware (patch#8) is called K250S and second one (patch#2) is called K250M. you can notice the addresses both at 0xf8010000 (copy of 0xff010000), but K250S loads at 0xff010000 and K250M at 0xff810000.

Dump_fir 0.3 (01Jan2011)

fileLen = 0x9ed300
0x000: checksum = 0xc3153d27
0x004: 0x00000000
0x008: 0x00000002
0x00c: 0x00000000
0x010: nb_record = 0xa
0x014: table_offset = 0x20
0x018: nb_record = 0x18
0x01c: size_after = 0x9ed1f0
0x020: ---patches table---
      + tag  + foffset  +   size   + moffset
 0x01: 0x0101 0x00000110 0x00034fac 0xf8300000
 0x02: 0x0101 0x000350bc 0x001be874 0xf8010000 <-K250M (Master)
 0x03: 0x0200 0x001f3930 0x00000521 0x00000000
 0x04: 0x0200 0x001f3e52 0x000245bf 0x00000000
 0x05: 0x0200 0x00218412 0x0008b7e8 0x00000000
 0x06: 0x0100 0x002a3bfa 0x00034fac 0xf8910000
 0x07: 0x0100 0x002d8ba6 0x001f0b30 0xf85b0000
 0x08: 0x0100 0x004c96d6 0x00523aec 0xf8010000 <-K250S (Slave)
 0x09: 0x0103 0x009ed1c2 0x0000009d 0x00000000
 0x0a: 0x0102 0x009ed260 0x0000009f 0x00000000
0x110: ---patch#1---

Firmwares analysisEdit

Master Firmware (K250M, 0xff810000, 1.7 Mbytes)Edit

  • No GUI functions
  • has FIO_* funtions, with a RequestRPC call
  • has MAC_* functions
  • hotplug task (USB/HDMI/VIDEO/Mic/TOE)
  • ...

Slave Firmware (K250S, 0xff010000, 5.1 Mbytes)Edit

  • has GUI functions
  • has FIO_* funtions
  • has SD/CF read/write funtions
  • MVP_* (MoviePlayer), MOVW_* (MovieFileWriter)
  • MVR_* (MovieRecord), MOVR_* (MovieFileReader)
  • PD_*, FM_*, FC_*, Ceres functions
  • LiveviewAE, LiveviewAF
  • ASIF, Audio, USB, DryShell
  • Vram, Bitmap
  • VFAT, exFAT
  • Pre/Rear/Front Develop
  • FA_* (Factory), FaceDetection
  • SVG code, MAC_*, CRP_*, DirectPrint
  • LensCom, PTP
  • HASH, ENG[ine]


(works in updater1 context)
unsigned int *led_addr = 0xC022D06C;
*led_addr = 0x800C00;
*led_addr = 0x138000; // drive_led_on

*led_addr = 0x800C00;
*led_addr = 0x38400; // led_off
in bootcode. does not work in updater1

FFFF53C0                 LDR     R4, =0xC0223000
FFFF53C4                 MOV     R1, #0x46  // on
FFFF53C8                 STR     R1, [R4,#0x2C]

FFFF5434                 MOV     R1, #0x44
FFFF5438                 STR     R1, [R4,#0x2C]

Also on Fandom

Random Wiki