-
@Vitaliy_Kiselev, any thoughts or future plans regarding a Pentax DSLR hack? I'm aware there was some research being done on the Pentax K-5, and now with the K-01 and K-30 (and the GH2 hack drawing close to maximum potential with the most recent patches), perhaps this may be an interesting topic to revisit?
Thank you for everything.
-
No one is doing any research as far as I am aware.
-
perhaps focussing on Nikon hack research would be better ...
as we know, Nikon D3200 has the same electronic than D800, it would be fantastic to let HDMI free on the D3200 the same way than D800 ;-).
-
as we know, Nikon D3200 has the same electronic than D800
Where you got this?
-
Sure it was an expectation from myself...
both platfoms share Image-processing engine EXPEED 3 and same accessories (wi-fi connexion). Hoping they share big part of the firmware... that's all :-)
-
Hello, I wanted to revive the forum with the intention to progress more in the Hack of the pentax.
All this came the need of a friend downgrade a firmware 1.13 to 1.12 In a Pentax K-5 by problems in focus with tungsten light.
I did some research with a Pentax K-7 and its firmware and discovered several things. But the most important and which I think is the cause of the hack of the pentax has not been made possible, I have managed to introduce several ways firmware modified. I'm pretty sure that works in K-5, K-x and K-r as well, but I dare say that in older models and new models too like K-30
I want people who have contributed much in this thread, . to renew their illusions. Publish their progress.
The first thing you would need is a good disassembly of any of these models (very similar), but my knowledge of assembler are rather poor and I can not get to disassemble the code well.
If I can today, will try to test this in a K-5.
I leave you a snapshot of a small text change in the firmware of a K-7, which is the model that has left me a friend.
A great
Hacked_pentax-K7.JPG640 x 480 - 78K -
I do not understand most of the things you wrote.
But only valuable stuff here could be only firmware checksums.
IF you know how they are calculated, just publish it.
-
I dont know how calculate the checksum (because we have not any good code disassembled) but i know how bypass it, and two forms to load any firmware moded (encrypted and decrypted). sorry for my english. I do not understand how there is more information about the hack pentax cameras. In theory are similar to the Panasonic.
-
***** Update firmware (cold) ***** For K-7 other models other names.
KB474.bin for DSP only (no encripted). KB474C.bin for CPU only (no encripted). KB474B.bin for both, DSP and CPU (no encripted).
Howto: put any file in SD card c:\ . with card tape open, the machine On or off it is equal. Insert the SD.Then remove the SDcard for updating. Note: can not use the extracted files with the command StoreCpu, StoreDSP of debug menu, because these files contain parts as kb474.adj, kb474cam.log, kb474cpu.adj ... and breaks the firmware check (it is possible to bypass). You can only use the original firmwares files are not modified.
***** Update firmware (hot) ***** For K-7 other models other names. This method you know it all, is the normal firmware update.
FWDC204D.bin for DSP only (encripted). FWDC204C.bin for CPU only (encripted). FWDC204B.bin for both, DSP and CPU (encripted).
Note: can not use the extracted files with the command StoreCpu, StoreDSP of debug menu, because these files contain parts as kb474.adj, kb474cam.log, kb474cpu.adj ... and breaks the firmware check (it is possible to bypass). You can only use the original firmwares files are not modified.
***** Bypassing the check of firmware in hot and cold update. *****
You only need modiffy the headers, DSP and CPU.
Example: This is the DSP header of firmware 1.12 of Pentax K-7
00000000 48 4F 4B 4B 54 4B 49 59 48 54 4E 54 4D 55 20 00 00 00 01 DA 00 01 2D B8 00 00 00 00 01 0C 16 1C HOKKTKIYHTNTMU Ú -¸ 00000020 00 00 00 00 43 6F 70 79 72 69 67 68 74 20 28 43 29 20 48 4F 59 41 20 43 4F 52 50 4F 52 41 54 49 Copyright (C) HOYA CORPORATI 00000040 4F 4E 20 20 00 50 45 4E 54 41 58 20 4B 2D 37 00 56 65 72 73 69 6F 6E 20 31 2E 31 32 20 20 20 20 ON PENTAX K-7 Version 1.12 00000060 20 20 00 00 06 00 0A 17 00 DE 00 DF 50 45 4E 54 41 58 00 50 45 4E 54 41 58 00 4B 2D 37 00 44 53 Þ ßPENTAX PENTAX K-7 DS 00000080 43 5F 4B 2D 37 00 01 00 50 45 4E 54 58 00 49 4D 47 50 00 5F 49 47 50 00 50 45 4E 54 41 58 20 4B C_K-7 PENTX IMGP _IGP PENTAX K 000000A0 2D 37 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF -7 ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 000000C0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 000000E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 98 EA 26 3D ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ˜ê&=The check of the firmware is the last 4 bytes, 98 EA 26 3D, only need to replace the 4 bytes per FF FF FF FF.
000000A0 2D 37 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF -7 ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 000000C0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 000000E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿI hope this discovery reactivate the hack of Pentax cameras.
-
Important: The update in cold mode , the entire record in the rom file, sector by sector, this implies that many of the settings of the machine, files *. Adj and *. Log to be written up and lose our settings.
I have experimented with several changes to the firmware, and it seems difficult to bricking the machine by incorrect use of the firmware.
really sorry for my English arrghh....
-
Thanks.
But it is best to understand how this 4 bytes (CRC) is calculated.
-
Someone could post a DSP disassembly of a Pentax K-5 or K-7?
Just for note. You can't publically post disassembly :-)
-
To downgrade K5 v1.13 to other firmware, use this V1.13 patched firmware. It is confirmed. https://docs.google.com/open?id=0B8SoIuKX9p5SRE5ZLXpvRGpIcFk
-
Today a firmware update for the K-30 was released (V1.01 FWDC215B.BIN) - comparing it with the firmware update for the K-01 (V1.01 FWDC214B.BIN) shows that about 25% of the two files are identical :) Assuming that the firmware for the new Pentax Prime M processor (is it the Fujitsu Milbeaut MB91696AM?) is encrypted with a dynamic XOR key like for the older Pentax models and that this key is identical for the K-01 and K-30 this might help a lot in getting the encryption key. Lunch break is over so more to dive into over the weekend... :)
-
I'll try to look into this and add support to new cameras decryption, if you want towork on them.
-
I would like the K-01 firmware to be decrypted. Working on some things and having the firmware decrypted would help a lot.
-
Hello :)
I finally found time over the holidays to look into the encryption and it seems that there is again a dynamic 2048 bit key :). I haven't succeeded though in decoding the firmware, I assume that I do start at the wrong places in the file - does someone know the layout of the older .BIN Pentax files and where to start with the decryption?
I attached the Python source code how I tried to derive the basic 2048 bit XOR key and the dynamic change pattern.
analyzePentaxCrypt.py.txt5K -
If we can get some donations together from Pentax users is there anyway we could kick this thing going? There are many of us who would like a better video mode, and I don't really want to switch brand.
Plus the price of the K-01 has dropped so low, if we could make improve the video it would be a great cheap camera for low budget productions.
-
Do not worry, I bought K-01 already :-)
-
Are you working on trying to hack the Pentaxs'? Or should I start looking at a GH2 :p
-
Hi there,
I think I've managed to decrypt the main part of the firmware 1.03 for K-30. I've uploaded it here: http://www.sendspace.com/file/cwayir
Judging from the string in the file, there really is a debug menu, but I haven't found any mentions of MODSET.xxx, it seems that now AUTORUN.xxx is used instead.
-
Modset is dynamically generated, as I remember.
Otherwise I need to add modern cameras support to my decrypter. I'll try to do it soon.
-
Right now I have no idea.
Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Categories
- Topics List23,964
- Blog5,723
- General and News1,342
- Hacks and Patches1,151
- ↳ Top Settings33
- ↳ Beginners254
- ↳ Archives402
- ↳ Hacks News and Development56
- Cameras2,361
- ↳ Panasonic990
- ↳ Canon118
- ↳ Sony154
- ↳ Nikon96
- ↳ Pentax and Samsung70
- ↳ Olympus and Fujifilm99
- ↳ Compacts and Camcorders299
- ↳ Smartphones for video97
- ↳ Pro Video Cameras191
- ↳ BlackMagic and other raw cameras121
- Skill1,961
- ↳ Business and distribution66
- ↳ Preparation, scripts and legal38
- ↳ Art149
- ↳ Import, Convert, Exporting291
- ↳ Editors191
- ↳ Effects and stunts115
- ↳ Color grading197
- ↳ Sound and Music280
- ↳ Lighting96
- ↳ Software and storage tips267
- Gear5,414
- ↳ Filters, Adapters, Matte boxes344
- ↳ Lenses1,579
- ↳ Follow focus and gears93
- ↳ Sound498
- ↳ Lighting gear314
- ↳ Camera movement230
- ↳ Gimbals and copters302
- ↳ Rigs and related stuff272
- ↳ Power solutions83
- ↳ Monitors and viewfinders339
- ↳ Tripods and fluid heads139
- ↳ Storage286
- ↳ Computers and studio gear560
- ↳ VR and 3D248
- Showcase1,859
- Marketplace2,834
- Offtopic1,319
