D7100 decoding, anyone ?

All things embedded.

D7100 decoding, anyone ?

Postby Vicne » Tue Jun 25, 2013 6:08 am

Nikon D7100 firmware update C 1.01 released :
http://nikonrumors.com/2013/06/25/nikon ... ased.aspx/

Core Developer
Posts: 1730
Joined: Tue Nov 29, 2011 2:30 pm
Been thanked: 167 times

Re: D7100 decoding, anyone ?

Postby Simeon » Tue Jun 25, 2013 1:43 pm

Firmware bundle opens just like the previous packages did. Also the B firmware is 24mb but the first 16mb is almost 100% match of what we dumped previously.
Core Developer
Posts: 2626
Joined: Wed Nov 30, 2011 6:12 am
Location: Christchurch, New Zealand
Been thanked: 620 times

Re: D7100 decoding, anyone ?

Postby D80 » Sun Jun 30, 2013 10:19 am

Vitaliy Kiselev should join us, maybe he already is here on this community?

http://www.eoshd.com/content/10691/niko ... on-patches
Posts: 52
Joined: Mon Apr 09, 2012 4:30 am
Been thanked: 9 times

Re: D7100 decoding, anyone ?

Postby Vicne » Sun Jun 30, 2013 11:36 am

Core Developer
Posts: 1730
Joined: Tue Nov 29, 2011 2:30 pm
Been thanked: 167 times

Re: D7100 decoding, anyone ?

Postby RMJ » Sun Jun 30, 2013 3:20 pm

Then maybe you shoud seriously consider to make it both-way process ?

I'm concerned only as a Nikon user. I cannot provide much of a help myself but seeing that there is clearly plenty of knowledge beyond this forum, it makes me wonder how far we'd be if we'd combine the resources.

Re: D7100 decoding, anyone ?

Postby coderat » Sun Jun 30, 2013 3:38 pm

Core Developer
Posts: 2283
Joined: Fri Apr 26, 2013 10:21 am
Been thanked: 450 times

Re: D7100 decoding, anyone ?

Postby Simeon » Mon Jul 01, 2013 12:58 am

On the D7100 with it ARM processor, his ARM knowledge and the Magic Lantern guys knowledge is could be useful, I fully acknowledge that. But to date Vitaliy has not been very giving.
Core Developer
Posts: 2626
Joined: Wed Nov 30, 2011 6:12 am
Location: Christchurch, New Zealand
Been thanked: 620 times

Re: D7100 decoding, anyone ?

Postby Vicne » Mon Jul 01, 2013 5:35 am

Core Developer
Posts: 1730
Joined: Tue Nov 29, 2011 2:30 pm
Been thanked: 167 times

Re: D7100 decoding, anyone ?

Postby indy » Thu Jul 04, 2013 11:16 am

loads at 0x50000000. (thanks Alex)

this is the kernel used:
tkernel from ESOL. source code and doc is available, lucky men !

ROM:50000000 ; Base Address: 0000h Range: 50000000h - 517C94AAh Loaded length: 17C94AAh
ROM:50000000 ; Processor : ARM
ROM:50000000 ; ARM architecture: ARMv6
ROM:50000000 ; Target assembler: Generic assembler for ARM
ROM:50000000 ; Byte sex : Little endian
ROM:50000000 ; ===========================================================================
ROM:50000000 ; Segment type: Pure code
ROM:50000000 ; ORG 0x50000000
ROM:50000000 CODE32
ROM:50000000 LDR PC, =loc_50351790
ROM:50000004 ; ---------------------------------------------------------------------------
ROM:50000004 LDR PC, =loc_50366014
ROM:50000008 ; ---------------------------------------------------------------------------
ROM:50000008 LDR PC, =loc_503660C4
ROM:5000000C ; ---------------------------------------------------------------------------
ROM:5000000C LDR PC, =loc_5036613C
ROM:50000010 ; ---------------------------------------------------------------------------
ROM:50000010 LDR PC, =loc_5036614C
ROM:50000014 ; ---------------------------------------------------------------------------
ROM:50000014 NOP
ROM:50000018 B loc_50000054
ROM:5000001C ; ---------------------------------------------------------------------------
ROM:5000001C LDR PC, =loc_50366180
ROM:5000001C ; ---------------------------------------------------------------------------
ROM:50000020 off_50000020 DCD loc_50351790 ; DATA XREF: ROM:50000000r
ROM:50000024 off_50000024 DCD loc_50366014 ; DATA XREF: ROM:50000004r
ROM:50000028 off_50000028 DCD loc_503660C4 ; DATA XREF: ROM:50000008r
ROM:5000002C off_5000002C DCD loc_5036613C ; DATA XREF: ROM:5000000Cr
ROM:50000030 off_50000030 DCD loc_5036614C ; DATA XREF: ROM:50000010r
ROM:50000034 DCD 0
ROM:50000038 DCD 0
ROM:5000003C off_5000003C DCD loc_50366180 ; DATA XREF: ROM:5000001Cr
ROM:50000040 off_50000040 DCD loc_5036615C ; DATA XREF: ROM:5000008Cr
ROM:50000044 DCD 0x430
ROM:50000048 aVer_1_01a DCB "Ver.1.01a",0
ROM:50000052 DCB 0
ROM:50000053 DCB 0

$ grep eBinder b760101a.txt
279f PC:\eSOL\eBinder\projects\Product\Driver\DrvInit\DriverInit.cpp
3c43 PC:\eSOL\eBinder\projects\JCommonDSLR\Driver\SD\SdFsDriver.cpp
3fa8 C:\eSOL\eBinder\projects\JCommonDSLR\Driver\SIO\SioDriver.cpp
41df PC:\eSOL\eBinder\projects\JCommonDSLR\Driver\UART\UartDriver.cpp
7e37 PC:\eSOL\eBinder\projects\JCommonDSLR\Driver\SD\SdDriver.cpp
1241b PC:\eSOL\eBinder\projects\JCommonDSLR\Driver\DSP\DspDriver.cpp
12b29 2HQC:\eSOL\eBinder\projects\Product\Driver\FD\FdDriver.cpp
12f5c '8HQC:\eSOL\eBinder\projects\JCommonDSLR\Driver\HDR\HdrDriver.cpp
1a21f PC:\eSOL\eBinder\projects\Product\Driver\AfnRs\AfnRsDriver.cpp
d7658 C:\eSOL\eBinder\projects\JCommonDSLR\Driver\JPEG\JpegDriver.cpp
d7cb4 C:\eSOL\eBinder\projects\Product\Driver\AF\AfDriver.cpp
d81e3 PC:\eSOL\eBinder\projects\Product\Driver\CEC\CecDriver.cpp
10b15a HQC:\eSOL\eBinder\projects\JCommonDSLR\Driver\ADC\AdcDriver.cpp
10c193 PC:\eSOL\eBinder\projects\JCommonDSLR\Driver\Timer\Timer.cpp
148943 PC:\eSOL\eBinder\projects\JCommonDSLR\Driver\KR\KrDriver.cpp
1494a7 PC:\eSOL\eBinder\projects\JCommonDSLR\Driver\LED\LedDriver.cpp
269eeb PC:\eSOL\eBinder\projects\JCommonDSLR\Driver\GPIO\GpioDriver.cpp
26d0d5 !HQC:\eSOL\eBinder\projects\Product\Driver\SCU\ScuDriver.cpp
26dad9 !HQC:\eSOL\eBinder\projects\Product\Driver\TRRS\TrrsDriver.cpp
295647 PC:\eSOL\eBinder\projects\Product\Driver\M2M\M2mDriver.cpp
296053 PC:\eSOL\eBinder\projects\JCommonDSLR\Driver\RAW\RawDriver.cpp
2973c9 >HQC:\eSOL\eBinder\projects\JCommonDSLR\Driver\DMA\DmaDriver.cpp
971c9c C:\eSOL\eBinder\projects\Product\Driver\PreProcess\PreProcessDriver.cpp
9925c4 C:\eSOL\eBinder\projects\JCommonDSLR\Driver\Display\DisplayDriver.cpp
992644 C:\eSOL\eBinder\projects\JCommonDSLR\Driver\DrvMng\DriverMng.cpp
99381c C:\eSOL\eBinder\projects\JCommonDSLR\Driver\RelayTsk\RelayEventTask.cpp
9938b8 C:\eSOL\eBinder\projects\JCommonDSLR\Driver\RelayTsk\RelayEventTaskEx.cpp
14638a0 C:\eSOL\eBinder\projects\JCommonDSLR\Driver\TYSens\TYSensDriver.cpp
14639a0 C:\eSOL\eBinder\projects\Product\Driver\TempMatch\TempMatchDriver.cpp
153db50 C:\eSOL\eBinder\projects\JCommonDSLR\Driver\DrawBuffer\DrawBuffer.cpp

bitmap fonts ?
1551a7c !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~

direct print
16048b8 <?xml version="1.0"?><dps xmlns="http://www.cipa.jp/dps/schema/">

symbols table ?
160d5c9 10CGUICEntry
160d5d6 10CGUICTimer
160d5e3 10CIENUJpegM
160d5f0 10CIENUJpegS
160d5fd 10CJAPFParam
160d60a 10CJFFEPlant
160d617 10CJFFEStage
161a23d 43CIENUM2mPlanar2PackParameterWithMessagePort
161a26b 54CIENUM2mNearestNeighborMagnifyParameterWithMessagePort
161a2a4 7CIENUFd
161a2ad 7CUsbSem

kernel/debug variables or params ?
165755c ConsDrvEnable
1657574 RsDrvEnable
1657599 OS_Ver
16575a0 TSysName
16575a9 T-Kernel
16575b2 TMaxTskId
16575bc TMaxSemId
16575c6 TMaxFlgId
16575d0 TMaxMbxId
16575da TMaxMtxId
16575e4 TMaxMbfId
16575ee TMaxPorId
16575f8 TMaxMpfId
1657602 TMaxMplId
165760c TMaxCycId

index for in camera help pictures and text ?
1657a17 IMG_SubTitle_Icon_1
1657a2b TXT_L_Title_2
1657a39 IMG_SubTitle_Icon_2
1657a4d TXT_List1_Txt_2
1657a5d TXT_List2_Txt_2

168bff4 sAUTO_90x40.PNG
168c00c AUTO_90x40.PNG
168c023 AUTO+SLOW_90x40.PNG
168c03f AUTO+SLOW_90x40.PNG
168c05b +SLOW_90x40.PNG
168c077 SLOW_90x40.PNG
168c08e SLOW_90x40.PNG
168c0a4 ~_90x40.PNG
168c0b8 _90x40.PNG
168c0cf _90x40.PNG
168c0e2 _90x40.PNG
168c100 F.PNG

kernel code
16a2add /sd0/Debug.log
16a2aec R0 (A1)
16a2af4 R4 (V1)
16a2afc R1 (A2)
16a2b04 R5 (V2)
16a2b0c R2 (A3)
16a2b14 R6 (V3)
16a2b1c R3 (A4)
16a2b24 R7 (V4)
16a2b2c R8 (V5)
16a2b34 R9 (V6)
16a2b3c R10(V7)
16a2b44 Write-back (register 7 operations, format A)
16a2b71 Undefined Instruction (JAVA)
16a2b8e Write-back (register 7 operations, format B)
16a2bbb Write-back (register 7 operations, format C)
16a2be8 R15(PC)
16a2bf0 Software Interrupt (SWI) #6 (T-Kernel/OS & Extended SVC)
16a2c29 Write-back (register 7 operations, format D)
16a2c56 Undefined Instruction (ARM)
16a2c72 R11(FP)
16a2c7a R12(IP)
16a2c82 R13(SP)
16a2c8a Fast Interrupt Request (FIQ)
16a2ca7 R14(LR)
16a2caf Software Interrupt (SWI) #9 (T-Kernel/DS)
16a2cd9 Undefined Instruction (Thumb)
16a2cf7 Software Interrupt (SWI) #11 (KillProc)

16c989c ------------------------------------------------------------
16c996c Name Value
16c9c71 -- Current System Information --
16c9c94 Elapsed Time : hi=
16c9ca8 lo=
16c9cb4 days,
16c9cbc hours,
16c9cc4 minutes,
16c9cd0 seconds,
16c9cdc milliseconds)
16c9cec System state :
16c9cfc Task independent part
16c9d14 Quasi-task part
16c9d28 Task part
16c9d34 Task dispatching :
16c9d48 Disabled
16c9d54 Enabled
16c9d60 Interrupt :
16c9e50 Interrupt ID in execution
16c9e6c Not executing interrupt handler
16c9e90 Extended SVC in execution
16c9eac Not executing subsystem function
16c9ed0 T-Kernel/OS SVC in execution
16c9ef0 Not executing T-Kernel/OS SVC
16caa58 Exception manager : Too many exceptions.
16caeb9 !HQ`
16cd0d0 |>HQ
16cef64 gfff
16cf258 DMLk
16cf261 BHQDMSy
16cf26c TMaxRegDev
16cf27c TDEvtMbfSz
16cf289 BHQDEvt
16cfd58 System Control Coprocessor (CP15) Registers
16cfd84 C0.C0.0 (Main ID)
16cfd98 Motorola - Freescale Semiconductor Inc.
16cfdc0 ARM Limited
16cfdcc Digital Equipment Corporation
16cfdec Marvell Semiconductor Inc.
16cfe08 Intel Corporation
16cfe20 Implementor
16cfe2c Variant
16cfe38 Architecture
16cfe48 MPCore
16cfe54 Primary Part Number
16cfe68 Revision
16cfe74 C0.C0.1 (Cache Type)
16cfe90 ctype
16cfe9c Dsize.P
16cfea8 Dsize.size
16cfebc Dsize.assoc
16cfec8 Dsize.M
16cfed4 Dsize.len
16cfee0 Isize.P
16cfee8 Isize.size
16cfef4 Isize.assoc
16cff00 Isize.M
16cff08 Isize.len
16cff14 C0.C0.2 (TCM Type)
16cff28 DTCM
16d02d8 ITCM

16eb1ec Incompatible libpng version in application and library
16eb22c 1.2.3

179570d libpng version 1.2.37 - June 4, 2009
1795733 Copyright (c) 1998-2009 Glenn Randers-Pehrson
1795764 Copyright (c) 1996-1997 Andreas Dilger
179578e Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.
17957cc 0123456789ABCDEFApplication uses deprecated png_read_init() and should be recompiled.

17981f2 inflate 1.2.3 Copyright 1995-2005 Mark Adler
Posts: 13
Joined: Fri Jan 13, 2012 1:01 pm
Been thanked: 0 time

Re: D7100 decoding, anyone ?

Postby leegong » Thu Jul 04, 2013 11:14 pm

Hi , indy ,
First of all , thanks so much for your info .
Do you think it doable to get disassembly then import it into ebinder project to debug FirmWare ?
Best regards
Core Developer
Posts: 2143
Joined: Mon Mar 19, 2012 12:21 am
Location: Hangzhou , China
Been thanked: 553 times


Return to Firmware

Who is online

Users browsing this forum: No registered users and 12 guests