[Sergey Ilyin]

Привет!

Найдено на первой странице dpreview:

hacking: 300D runs DOS on x86 compatible CPU

Цитата:

Сообщение от [b

Цитата[/b] ]There has been a lot talk in this forum about hacking 300D firmware. Some say that this is something next to impossible, mainly because of proprietary processor/architecture used in the camera and "encrypted" firmware. Here's what I found after a few searches in Google:

In their older cameras Canon appears to have used a version of DOS from Datalight ( http://www.datalight.com ). Here's a BusinessWire press release reprinted by the DPReview in 1999: http://www.dpreview.com/news/9902/99...anonromdos.asp . This basically means that processor in these cameras is x86 compatible and not some unknown proprietary architecture. Does 300D use ROM-DOS? Read on.

USB protocol used by Canon cameras have been reverse engineered by folks at Gphoto ( http://www.gphoto.org ) to enable using them with Linux. Additionaly, a simple application s10sh ( http://www.reynoldsnet.org/s10sh/ ) has been developed that uses this protocol to send "arbitrary" USB commands to the camera. Using s10sh, it is clear that in addition to CF picture storage drive (C: or D:), two other drives A: and B: are present that store camera firmware. It appears that drive A: contains DOS executable camera.exe that runs all the functions. Here's a page describing contents of S40: http://www.darkskiez.co.uk/digital.html

Moreover, folks at http://translate.google.com/transla....&u=http have even managed to run a simple program on the S40.

After mucking around for a few hours with my 300D, Knoppix Linux-on-CD, and making a few trivial changes to s10sh to support 300D here's what I found on my 300D (v1.1.1 firmware):
[Canon EOS DIGITAL REBEL] C:> dir A:

--n- CAMERA .EXE 391k Wed Oct 8 14:56:36 2003
1 files 401000 bytes

[Canon EOS DIGITAL REBEL] A:> dir B:

--n- CAMERA .EXE 117k Wed Oct 8 14:57:32 2003
--n- LOGSAVE .EXE 34k Wed Oct 8 14:51:36 2003
-i-- DATA Thu Jan 1 00:00:00 1970
-i-- BOOTDISK Thu Jan 1 00:00:00 1970
4 files 396492 bytes

[Canon EOS DIGITAL REBEL] B:> dir B:\DATA

--n- NOTHM .JPG 5k Wed Oct 8 14:50:38 2003
1 files 5145 bytes

[Canon EOS DIGITAL REBEL] B:\DATA> dir B:\BOOTDISK

--n- COMMAND .COM 27k Wed Oct 8 14:51:02 2003
--n- VSSVER .SCC 48 bytes Wed Oct 8 14:51:02 2003
--n- RESTOOL .EXE 56k Wed Oct 8 14:51:36 2003
--n- CAMERA .EXE 6k Wed Oct 8 14:51:32 2003
--n- AUTOEXEC.BAT 10 bytes Wed Oct 8 14:51:32 2003
5 files 93171 bytes

[Canon EOS DIGITAL REBEL] B:\BOOTDISK> dir C:

-i-- DCIM Thu Jan 1 00:00:00 1970
1 files 0 bytes

I've transferred files to my PC, and found references to ROM-DOS and Datalight in them (as if .exe extension, command.com and autoexec.bat are not telling enough). Any real hackers want to takeover from here?