There exist a number of IDC scripts to ease the code analysis (useful when you start hating these sub_DEADBEAF -) Now, the initial disassemling stage is completed. Please do not interrupt the IDA untill it finished. Then choose the 'CHDK.idc' file saved in the preparing section. Then, you can close the window.Ĭlick on 'Execute an IDC file' tool-button. Choose it.Īfter a short analysis you will see the number of functions recognized. If you correctly installed the signatures file, as described in the preparing section, you will see "CanonFW_A-Series Firmware" item. IDA will show the list of signature files are available for current processor. In window appeared click right mouse button and choose 'Apply new signature.' menu item.
#IDA PRO JUMP LINE 32 BIT#
So for a camera that loads at 0xFFC00000, size should be 0x3FFFFC, not 0x400000 (C rather than F so the final address is 32 bit aligned.) If your dump is shorter, just use whatever size IDA defaults to.ĪTTENTION: For DryOS Cameras you have to use the sizes & startadresses specified here: DryOS Porting - Load into IDA and Disassemble codeĬlick on 'Open signatures window' tool-button. The loaded size must such that 'start address' + 'size' < 2 32, and the total size should be a multiple of 4. If the firmware was dumped with the ubasic dumper the correct address will be listed in CBDUMPER.LOG. You have to specify the correct 'ROM start address' and 'Loading address'. ( Mariush 20:25, 14 February 2009 (UTC))Ĭhoose 'ARM processor ARM' as target platform. Note: While attempting to port a camera using IDA 5.2, I have found that I have to check this option in order to get a good listing.
Choose the dump file ('PRIMARY.BIN') to load.Ĭhoose 'Binary/Raw File' format under 'Various files' tab. You can do it by pressing NEW button on 'Welcome' window.
Unpack the IDC folder to whatever you want. The main script ( CHDK.idc) runs all other scripts automatically, manual definition of the ROM_START address is not required anymore (MinEA() used instead).Ĭopy file "sig/CanonFW_A-Series.sig" from the archive to "/sig/arm/". Since the original CHDK.idc script does not run all sub scripts correctly, there's a modified versions of the IDC scripts: [ IDA_CHDK-idc-DryOS-singlerun.7z.
You can get them here and also in the "Development" folder here.
#IDA PRO JUMP LINE INSTALL#
To semi-automate initial stage you need to download and install FLIRT-signatures and IDC-scripts. It is assumed that you have IDA (Interactive Disassembler) installed on your machine.