Tagged with engineering - Personal View Talks https://www.personal-view.com/talks/discussions/tagged/engineering/feed.rss Mon, 29 Apr 24 00:05:43 +0000 Tagged with engineering - Personal View Talks en-CA Lumix G9 firmware reverse engineering https://www.personal-view.com/talks/discussion/24266/lumix-g9-firmware-reverse-engineering Fri, 14 Aug 2020 08:31:54 +0000 jverbeek 24266@/talks/discussions Hey there, I recently got myself a Lumix G9 and was keen to look into the firmware. I'm hitting a roadblock, but maybe somebody can help me :)

The .bin firmware you can download from Panasonic (https://av.jpn.support.panasonic.com/support/share2/eww/com/dsc/fts/zip/G9___V22.zip) has the "UPD " magic, followed by 8 bytes I couldn't associate, and then what seems like a product identifier "MC471" (MC = mirrorless camera?)

The interesting stuff starts at 0x2EC, where something which looks like a partition table starts. This section is 4884 bytes long (including some padding I believe) and contains 48 partitions which I managed to reverse engineer:

// 92 bytes - index entry of the partition listing struct partitionIndexEntry { char name[12]; // 12 bytes - name of the partition int offsetFile; // 4 bytes - offset in the firmware file int size; // 4 bytes - size of the partition int offsetMemory; // 4 bytes - offset in the memory on the camera int encryption; // 4 bytes - whether the partition is encrypted (0x3) or not (0x2) char checksum[32]; // 32 bytes - SHA-256 checksum of unencrypted partitions? char key[16]; // 16 bytes - encryption key?, if encryption == 0x3 char padding[16]; // 16 bytes - padding };

Reading that in in my custom C tool I've written for this logs out 48 partitions with their offset (in the firmware file, the real data starts at 0x1600) and size. I added automatic dd'ing so I now got 48 .bin files which are the extracted partitions out of the big firmware file. Adding all the sizes of the partitions together is also exactly the size of the original .bin minus the 0x1600/5120 bytes at the beginning which are the headers and partition table. You can download the extracted partition files here: https://drive.google.com/file/d/1P4681aZkRlCUuaiL10nH_En1g70iRLKS/view

Now, they obviously seem to be encrypted, and I haven't been able to figure out how. As you can see I was thinking whether the 16 byte long key in the partition index might be a key, because it's filled with zeros if encryption is 0x2.

This is my progress, I greatly appreciate any hints!

]]> Birger Engineering still exist? https://www.personal-view.com/talks/discussion/10888/birger-engineering-still-exist- Sat, 26 Jul 2014 05:12:08 +0000 elementalracer 10888@/talks/discussions Does anyone here know if Birger Engineering still exists? Their website looks like it hasn't been updated in over a year. I have a Birger Canon EF mount for a RED ONE that needs to be serviced and I'm not sure where to send it off to? I sent them an email just to try but I have yet hear back from them.

Anyone out there happen to have any dealings with them recently? Or possibly know of another place one could send a lens mount like this to get repaired?

Thanks guys!

]]> Mosaic Engineering VAF-XTi filter for T2i, T3i, T4i (550D-650D) https://www.personal-view.com/talks/discussion/6635/mosaic-engineering-vaf-xti-filter-for-t2i-t3i-t4i-550d-650d Mon, 08 Apr 2013 10:14:06 +0000 eyenorth 6635@/talks/discussions Bought the Mosaic Engineering Anti-Aliasing filters for my 550D and 5d mkii, and am pretty pleased with breathing new life in the 550D. Doesn't remove all artifacts, but quite a lot. Also tested it on a Sigma 8-16mm. No vignetting on wide end, but focusing is no longer reliable according to markings on the lens - so must be done by eye. Stress test video below:

]]>