Personal View site logo
Make sure to join PV on Telegram or Facebook! Perfect to keep up with community on your smartphone.
Please, support PV!
It allows to keep PV going, with more focus towards AI, but keeping be one of the few truly independent places.
Firmware dumping?
  • Hi, did anyone ever post info about how to dump firmware from Panasonic cameras? I'd like to assist in the dumping/decryption of one of the as-yet-unsupported models but cannot find information as to how dumping was actually done.

  • 21 Replies sorted by
  • To be very short:

    Body disassembling, desoldering of flash chip, reballing of same chip, using expensive tools to dump contents, using software to get actual data, etc, etc

  • I wonder if you find what you are looking for if you download the .bin update file for your target from the Panasonic support site and try to analyze it.

  • I wonder if you find what you are looking for if you download the .bin update file for your target from the Panasonic support site and try to analyze it.

    LOL. Nope. It is encrypted files.

  • Is the algorithm common to all update files? Key re-use? For instance, there are multiple firmware updates for my model. Comparing the two, it is clear where encrypted blocks begin and end. Even if I do not dump the firmware physically, with enough background knowledge (your previous reverse engineering), could one still decrypt the contents?

  • Even if I do not dump the firmware physically, with enough background knowledge (your previous reverse engineering), could one still decrypt the contents?

    No

  • Hi, Vitaliy,

    Can you explain why this is? Have you documented the algorithm used in other models? I saw hints about XOR keys and checksum bytes in previous posts but could never find the fully reversed algorithm. What is it that we'd be missing in order to decrypt a new firmware?

    Best regards!

  • Can you explain why this is?

    because it is properly encrypted. Simple.

  • "because it is properly encrypted. Simple."

    It is not simple for self-contained systems which are under hacker control.

    Encrypted files that undergo decryption under hacker control (I am talking here about the camera's user, who owns and control the camera which does the decryption when updated firmware is expanded inside the camera) can theoretically be hacked, since the decryption key (in case of symmetrical encryption), or private key or X.509 certificate (in case of asymmetrical encryption) must reside inside the camera.

    Those decryption keys or files may be obfuscated, hooked to some hardware ID or whatever, but they are inside the camera and if retrieved can unlock the code. Not a trivial task - one may need to probe the camera circuitry and trace the code in order to discover the key, but it just might be possible. However, if the encryption keys reside in a protected area inside the MCU, then, although theoretically possible to trace the bits flow inside the MCU with sophisticated and very expensive probing system, it is not practical for the average Joe Hacker.

    I just don't know how Panasonic protects its decryption keys inside the camera. If you are an expert in reverse engineering and want to proceed and try, and the keys are stored outside of the MCU, you just might get lucky :-)

  • @Kob

    I am really sorry, it all sounds smart, but is meaningless.

  • I'm glad you guys know what you're talking about, because I surely do not. Good to know someone is doing this stuff though, so that it may continue to unlock future possibilities with our consumer grade electronics.

  • Vitaliy does not hack anymore, to busy running PV I am sure

  • Vitaliy does not hack anymore, to busy running PV I am sure

    Not only, but hacking Panasonic bodies now is huge waste of time.

  • @Vitaliy_Kiselev So...it will not happen any more? :(

  • @konjow

    I did not say this, I am thinking about G7 now.

  • G7 could be nice.... Old projects like Gh3 are closed since GH4 exists? I presume

  • Hack stuff is mind boggling to me. I applaud Vitality efforts' wholeheartedly! I've been a lurker here since the start but I've had the itch for a new hack to tinker with ;)

  • Yea, Panasonic throws one camera after another so it's waste of time trying to hack all bodies.. G7 is for sure nice temptation :) Anyway Vitaliy has done great job with GH1/2 and other lower models.. I'm still using GH2s to record some events and they can still outperform som newer cameras.. If you (Vitaliy) ever come to Slovak paradise (for hiking os smth.) just ping me, I have some beer waiting for you :)

  • @Vitaliy_Kiselev

    Why is it a waste of time?

  • Since the codec of new Panasonic bodies is vastly improved, maybe the hack should take another direction. For example, hack to provide multi-languages, to make GX7 in-body IS available in video mode, to unlock PAL region time restriction, and to enable PAL/NTSC switch.

    But given all latest firmware are encrypted, such hack of "small" addition to the firmware function may be not time worth. I am a bit jealous with the Canon camp with their MagicLantern hack which add many additional functions to the original manufacturer firmware. However, what else that we could say?
  • I'm still hoping for GH3 basic firmware hack to lift 30 minute time restriction.

  • I haven't posted on here for a while, but keep coming back to see if there is GH3 news.

    It would be nice if there was a proper announcement that the GH3 hack was abandoned so that we can move on.