« Plan of Action
Perl Parser »

Strings in Version 1.01

June 8, 2008 12:47 pm

 Lets take a look at the strings in the ver 1.01 SD14 firmware file.

We can dump the strings using the strings program:

$ strings s14v101.bin > s14v101.strings.txt

This dumps all the strings in the s14v101.bin file to the s14v101.strings.txt file. Open that text file. You see right near the top:

 Converted using Foveon CamXML2Bin 1.2.15.2924 Release (Mar 20 2007 16:31:42)

This is located at offset 0×00016C in the original file. Looks like they use some tool to take an XML file and convert it to a bin file. Googling this name does no good, it looks to be an internal proprietary tool.

Directly below that we see the text “CMbH”. In two more lines, we see “CMbT”, then “CMbM.” You can grep the strings file for all occurrences of CMb*

$ grep “^CMb.” s14v101.strings.txt > sections.txt

Taking a look at this, we can see that there are four unique CMb* sections:

  • CMbT
  • CMbH
  • CMbM
  • CMbP

I’m thinking that these are the section identifiers we are looking for. the next step would be to break the binary file up based on these sections and to collect some basic data on these sections. Spend some time looking into the strings, these sections may not be the only ones.

We can grep for all the 4 character stings that are on one line in the strings  file. Lets try this:

$ grep “^….$” s14v101.strings.txt > sections.txt

There are lots of mishits here. a quick glance makes me want to look into the following more closely:

  • SETN
  • SETH
  • FBIN
  • BINS
  • SIFC
  • SIFD
  • MCMN
  • MCBT
  • EXEC

Also, of interest from the strings file:

  • SECi
  • SECp
  • SECc
  • FOVb

Hey, those are the sections in the X3F files :-) And:

Update MCDSP bootstrap code from CF.
Update BFDSP bootstrap code from CF.
Reprogram FPGA code from CF.
Update CAMCPU firmware from CF. 

Looks like code for all the processors can be updated via the CF card! Awesome!

 Starting debug console.  (type HELP for help)

I want access to this debug console. The software fror it appears to be included in te firmware. There is lots you can do with this, just take a look at all he descriptions for the possible commands!

The next step will be to break down the firmware into sections based on the CMb* tags. I’ll also take a closer look at the other sections.

Categories: SD14 Firmware Hacking

No Responses to “Strings in Version 1.01”

RSS feed for the comments of this post

Care to comment?

Use this URL to trackback from your own blog

Matt Merry's blog

Pseudorandom

Sidebar Block

* WPG2 Plugin Not Validated *

Categories

Archives

Links