Nikon Emulator

All things embedded.
*NO FEATURE REQUESTS*

Re: Nikon Emulator

Postby leegong » Mon Sep 01, 2014 10:09 pm

Just tried v2.52 , it always popups "Start-up error" and battery err warning ,
here are my steps to get UI menu and eliminate err info above :
1)open emulator and load firmware A and B file
2)load eeprom file in the attachment .
3)set PA0 = VCC , press button "menu" ,
EDIT : set dial mode = M
4)open Screen emulator windows
5)start emulator debugging
Leegong
Attachments
v252.PNG
D5100-eeprom-patched_to_skip_battery_check.rar
(313 Bytes) Downloaded 308 times
leegong
Core Developer
 
Posts: 2143
Joined: Mon Mar 19, 2012 12:21 am
Location: Hangzhou , China
Been thanked: 553 times

Re: Nikon Emulator

Postby Vicne » Tue Sep 02, 2014 8:38 am

Hi, leegong,

If I understand correctly what coderat said, what you describe is the expected behaviour.
Thanks for the "bypass" procedure.

Kind regards,

Vicne
Vicne
Core Developer
 
Posts: 1730
Joined: Tue Nov 29, 2011 2:30 pm
Been thanked: 167 times

Re: Nikon Emulator

Postby leegong » Tue Sep 02, 2014 8:50 am

Hi ,Vicne ,
"Startup-up err" is due to uncorrect checksum of eeprom data on TMP19 side ,
so i modified checksum @0x3F of eeprom bin file .
"Bad battery err" is due to battery AUC , so just load patched eeprom file .
Dial mode "M" is for disabling "AE error" , if not in "M mode" ,
"AE err" appeared sometime , but not always appeared , still a puzzle .

Best regards,
Leegong
leegong
Core Developer
 
Posts: 2143
Joined: Mon Mar 19, 2012 12:21 am
Location: Hangzhou , China
Been thanked: 553 times

Re: Nikon Emulator

Postby Geraint » Mon Oct 13, 2014 12:43 am

I've come across a (potential) issue with NikonEmulator 2.52 (with Java 1.7.0_67) when attempting to disassemble the FR80 code for D5100 firmware v1.01.

Steps followed:
  • Started with fresh install of NikonEmulator 2.52, preference files deleted
  • Decode D5100_101.bin
  • Analyse /Disassemble FR80 code
  • Select b640101b.dfr.txt
  • Use default values for checkboxes etc.
The result is as follows. Disassembly window:
Code: Select all
  1. Initializing disassembler...

  2. Starting disassembly...

  3. Disassembling the code ranges...

  4. Post processing...

  5. Preprocessing interrupt table...

  6. Following flow starting at entry point...

  7. Following flow starting at each interrupt...

  8. WARNING : Cannot determine dynamic target of CALL. Add -j 0x001D9962=addr1[, addr2[, ...]] to specify targets

  9. WARNING : Cannot determine dynamic target of CALL. Add -j 0x00040D46=addr1[, addr2[, ...]] to specify targets

  10. WARNING : Cannot determine dynamic target of CALL. Add -j 0x000408BC=addr1[, addr2[, ...]] to specify targets

  11. Processing remaining statements as 'unknown' functions...

  12. WARNING : Cannot determine dynamic target of CALL. Add -j 0x000406FA=addr1[, addr2[, ...]] to specify targets

  13. ERROR : java.lang.NullPointerException: null

  14. See console for more information



Console:
Code: Select all
  1. java.lang.NullPointerException

  2.         at com.nikonhacker.disassembly.fr.FrCodeAnalyzer.getCallTableEntrys(FrCodeAnalyzer.java:122)

  3.         at com.nikonhacker.disassembly.CodeAnalyzer.followFunction(CodeAnalyzer.java:335)

  4.         at com.nikonhacker.disassembly.CodeAnalyzer.followFunction(CodeAnalyzer.java:417)

  5.         at com.nikonhacker.disassembly.CodeAnalyzer.followFunction(CodeAnalyzer.java:417)

  6.         at com.nikonhacker.disassembly.CodeAnalyzer.followFunction(CodeAnalyzer.java:417)

  7.         at com.nikonhacker.disassembly.CodeAnalyzer.followFunction(CodeAnalyzer.java:417)

  8.         at com.nikonhacker.disassembly.CodeAnalyzer.followFunction(CodeAnalyzer.java:417)

  9.         at com.nikonhacker.disassembly.CodeAnalyzer.followFunction(CodeAnalyzer.java:417)

  10.         at com.nikonhacker.disassembly.CodeAnalyzer.followFunction(CodeAnalyzer.java:417)

  11.         at com.nikonhacker.disassembly.CodeAnalyzer.postProcess(CodeAnalyzer.java:149)

  12.         at com.nikonhacker.disassembly.Disassembler.disassembleMemRanges(Disassembler.java:473)

  13.         at com.nikonhacker.gui.component.analyse.AnalyseProgressDialog$2.run(AnalyseProgressDialog.java:76)

  14.         at java.lang.Thread.run(Thread.java:745)

  15.  



However executing
./startDfr.sh -wstructure -wparameters -wint40 -wmemory -waddress -whexcode -x b640101b.dfr.txt -o b640101b.asm b640101b.bin
as given in the header of gives expected output:
Code: Select all
  1.  

  2. Starting Dfr

  3. Disassembling the code ranges...

  4. Post processing...

  5. Preprocessing interrupt table...

  6. Following flow starting at entry point...

  7. Following flow starting at each interrupt...

  8. WARNING : Cannot determine dynamic target of CALL. Add -j 0x001D9962=addr1[, addr2[, ...]] to specify targets

  9. WARNING : Cannot determine dynamic target of CALL. Add -j 0x00040D46=addr1[, addr2[, ...]] to specify targets

  10. WARNING : Cannot determine dynamic target of CALL. Add -j 0x000408BC=addr1[, addr2[, ...]] to specify targets

  11. Processing remaining statements as 'unknown' functions...

  12. WARNING : Cannot determine dynamic target of CALL. Add -j 0x000406FA=addr1[, addr2[, ...]] to specify targets

  13. WARNING : Cannot determine dynamic target of CALL. Add -j 0x0004374E=addr1[, addr2[, ...]] to specify targets

  14. WARNING : Cannot determine dynamic target of CALL. Add -j 0x00043788=addr1[, addr2[, ...]] to specify targets

  15. WARNING : Cannot determine dynamic target of CALL. Add -j 0x00044202=addr1[, addr2[, ...]] to specify targets

  16. WARNING : Cannot determine dynamic target of CALL. Add -j 0x00044214=addr1[, addr2[, ...]] to specify targets

  17.  

  18. ---snip---

  19.  

  20. WARNING : Cannot determine table size for CALL. Add -j 0x003759F4=@(0x8F96BCA8+...*4) to specify targets

  21. WARNING : Cannot determine dynamic target of CALL. Add -j 0x00376A14=addr1[, addr2[, ...]] to specify targets

  22. WARNING : Cannot determine dynamic target of CALL. Add -j 0x003792AC=addr1[, addr2[, ...]] to specify targets

  23. Generating names for functions...

  24. Overwriting function names with given symbols...

  25. Generating names for labels...

  26. Renaming label @000408FC from 'part_2_of___start' to 'part_2_of___start_/__kernel_start'.

  27. Renaming label @001F14C0 from 'jmp_target_1f14a0_3' to 'jmp_target_1f14a0_3_/_CecTask_OnMessage_StartOneTouchPlay'.

  28. Renaming label @001A87C2 from 'loc_1a87c2_' to 'Tsk19_loop'.

  29. Renaming label @001F154E from 'jmp_target_1f14a0_7' to 'jmp_target_1f14a0_7_/_CecTask_OnMessage_SetDeviceMenuStatus'.

  30. Renaming label @00311A34 from 'jmp_target_311a06_0' to 'jmp_target_311a06_0_/_err_card_bad'.

  31. Renaming label @00311A1E from 'jmp_target_311a06_4' to 'jmp_target_311a06_4_/_err_eye_fi_locked'.

  32. Renaming label @00311A08 from 'jmp_target_311a06_3' to 'jmp_target_311a06_3_/_err_wrong_battery'.

  33. Renaming label @00311A60 from 'jmp_target_311a06_2' to 'jmp_target_311a06_2_/_err_card_not_fmtd'.

  34. Renaming label @00311A4A from 'jmp_target_311a06_1' to 'jmp_target_311a06_1_/_err_card_locked'.

  35. Label generation took 2582ms

  36. Structure analysis results :

  37.   933369 statements

  38.   62060 labels

  39.   11507 functions

  40.   11568 returns

  41.  

  42. Writing output to disk...

  43.  

Geraint
 
Posts: 40
Joined: Sat Apr 06, 2013 11:29 pm
Been thanked: 11 times

Re: Nikon Emulator

Postby Tweener » Sun Jun 12, 2016 6:21 am

Hi all.
I try get a firmware disassembly D7000 firmware (A:Ver.1.04/B:Ver.1.05) by Nikon Emulator.
I followed the Nikon Hacker wiki:
  1. Open the binary firmware using "File > Load [chip] firmware image" or the "Eject" button - OK
  2. Select your options using "Tools > [chip] options" or the "Gear" button - OK
  3. Open the code disassembly window using "Source > Analyse / Disassemble [chip] code" or the "Screwdriver" button - OK
  4. Select an "options" file, which contains code structure definition and identified symbols. Sample files are provided for the D5100 firmware in the "conf" folder of the NikonEmulator distribution. They use the same base name as the firmware itself, followed by dfr.txt or dtx.txt depending on the chip you work on
    b750105a.dfr.txt and a750010400.dtx.txt missing in NikonEmulator-2.54.zip. How to build these files?
Tweener
 
Posts: 7
Joined: Fri Oct 16, 2015 3:00 am
Been thanked: 1 time

Re: Nikon Emulator

Postby Tommy » Tue Aug 09, 2016 1:06 pm

I'm having some troubles. I followed the instructions but when I start the FR80 screen emulator it's just green. The front panel of TX19 is working. Has anyone else seen this problem? Could it be caused by graphics drivers perhaps? I'm on a windows machine with amd radeon graphics.
Tommy
 
Posts: 2
Joined: Tue Aug 09, 2016 12:58 pm
Been thanked: 0 time

Previous

Return to Firmware

Who is online

Users browsing this forum: No registered users and 5 guests