Wednesday, April 28, 2010

Project will be in "pause" mode for some days

I am out of town for some days till then I'll not be able to do any advances in the HackMyZi8 project. Will update all later.
Thanks

Sunday, April 25, 2010

Confirmation of PrKERNELv4 in Kodak Zi8

I am confirming here the presence of PrKERNELv4 core in Kodak Zi8. I analyzed the firmware and found the core with all PrKERNELv4 functions and files inside the firmware.

Also PrKERNELv4 is ARM based in Kodak Zi8 so for the decompilation of firmware files we need to select "ARM" in IDA Pro for correct code display.

ARM assembly codes syntax are a little different from normal assembly codes we come across, so I think it'll take some time in making the exact modded firmware.

I also found out in developer mode that the ROM file size in the firmware is 2 MB, so for ROM analysis we need to check the 2 MB code in IDA Pro, still need to work out in finding the ROM start address.

Lastly, the firmware file is most probably a combination of different files such as
1. The boot ROM
2. The data files
3. PrKERNELv4 kernel
4. Null padding

Still searching for vector table that defines the different files in the firmware block.

Will update more later.

Zi8 CMOS Chip

Hi again,
i found the CMOS chip the Zi8 is probably using: Aptina MT9M002 MT9M002 data sheet (it's the same as the Zi6 :O) Aptina MT9P401 (MT9P401 data sheet)
- Thanks, Chuck ;)

Added a new member to the HackMyZi8 project

I have added a new member Leo Scherer to the HackMyZi8 project. Now our team can look forward for more speedy advances for the firmware hack.

Will update everyone on all the new advances we come across.

Analyzing firmware file with IDA Pro

Currently I am analyzing and decompiling the code inside firmware file of Kodak Zi8. The decompilation is still buggy due to some things still unknown to me.
1. The processor used in Kodak Zi8 and the SOC(System On Chip) is based on what platform.
2. The ROM start address.

When I'll sort out these two things I can pretty much decode the whole firmware and can make changes after that in no time.

Just need to relearn my assembly codes to edit the firmware.

If anyone knows some info about the above given things do comment.

Trying to look behind the curtain..

Hi there,
I've been "surfing" in the hexcode of the Zi8_106.fw and also opened the case of my Zi8. What I'm pretty sure of at this point is:

The Kodak Zi8 uses:

- PrKernel (perhaps a hint: http://bit.ly/9zKcPi)
- an Ambarella chip (& codec/software -> Ambarella AVC/AAC encoder)
- a (probably 128MB) NAND flash
(- ACD Systems Digital Imaging software)

perhaps there is also an ARM CPU @ 200Mhz used (ARMv5TEJ) but I'm not so sure about it..

Moreover I found hints to some files probably included in the firmware; there were some *.jpg (kodak0.jpg - kodak9.jpg), some *.pcm (poweron_12k.pcm, videostart_12k.pcm, videostop_12k.pcm, shutter_12k.pcm, poweroff_12k.pcm) and many *.bin files (fonts.bin, bitmaps.bin, etc. ). So the firmware is compressed in some way for sure!

I also found the segment where the firmware update seems to happen:
Download 1 firmware programming file
..firmware prowngram is loadede
Download 2 kernel files...wn
Prkernel is loaded
code is4 loaded
memdle is loaded
addefault_bin is loaded
(All the stuff I mention here can be text searched in the firmware with a hexeditor by everyone, of course! No magic ;))


Finally, here are the photos of the opened Zi8; I'm afraid they won't be of too much use since I couldn't manage to get shots of the actual chips :/

All the best,
Leo

Saturday, April 24, 2010

Update for firmware file

I tried to identify the compression used in "Zi8_106.fw" file but its some weird type of file that I am still not able to extract properly.
Two probable types are:-
1. MacBinary 2 file
2. Applesoft BASIC program data

Whatever this file is its related to Macs and Apples.

If anyone know how to strip MacBinary header and extract data from the file then do comment.

Friday, April 23, 2010

Zi8 firmware files dissection

I analyzed the contents of two files present in firmware update and found out that the file "Zi8_586.img" of the Zi8 firmware contains the whole partition of Zi8 which holds Arcsoft Media Impression.

So, we're left with the file "Zi8_106.fw" that contains the firmware files of Zi8.
Still finding some clues to decrypt the file.

One more thing is that the Kodak Zi8 may be based on platformOViA (www2.renesas.com/platformovia/en/index.html) as it contains many routines and functions from the system.

Will update with more later.

Kodak Zi8 Developer Mode

From vimeo kodakhd group I came to know about the developer mode in the Kodak Zi8.
To enter the developer mode you just have to press buttons "Trash" - "Camera" - "On/Off" when turning on the Zi8.

This mode gives some on screen tests for calibration, defective pixel testing, other calibrations as well as the lens test. You can also reset your device to factory settings and format from the on screen menus.

One thing to note here is that "FW Version" cites a SDK_VERSION:3.5.1001 which may be the SDK used by Kodak to upgrade/setup the firmware.

First post on the blog

Recently i bought a Kodak Zi8 and thought of adding some functionality that Kodak is not giving the much capable hardware. It's giving limited functionality and capping other features through the firmware.