Re: CHDK NEWS: Year 2010 Powershots Just May Get CHDK After All

Discussion in 'Digital Photography' started by RichA, Aug 17, 2010.

  1. RichA

    RichA Guest

    On Aug 16, 10:41 am, Schneider <> wrote:
    > In an interesting turn of events coming from an unknown-before independent
    > research project (see link below), some people managed to figure out
    > Canon's own on-board "CBASIC" language. They are now able to run programs
    > without loading CHDK and using its (safe) uBASIC or LUA languages as an
    > intermediary. Using this "CBASIC", they then wrote an experimental firmware
    > dumping program just to see if it would work, while testing all the
    > commands they found.
    >
    > Someone else from the CHDK clan tried using this method on one of this
    > year's 2010 Powershot cameras (the A3100) which has so far been unable to
    > have its firmware dumped for CHDK porting by using all past available
    > techniques (blinking it out of an LED or using small utility programs).
    >
    > It worked.
    >
    > So all of you 2010 Powershot buyers/owners may get CHDK available faster
    > than anyone suspected. It just requires someone who actually owns one of
    > the camera models in mind and also having the ability to modify a CBASIC
    > program correctly to get the firmware to the CHDK gang.
    >
    > The caveat is that this CBASIC may be exploited by the less-reputable and
    > could potentially be a malware security risk for many Canon cameras from
    > now on.
    >
    > <http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&ty...>
    >
    > Would someone working for Nikon release some Canon malware to increase
    > their sales? Who knows.


    There are all kinds of rumours about malicious software being out
    there, from camera makers to studios releasing flawed copies of movies
    to torrent groups. I don't think anyone has ever proven a
    connection. It would seem to be a stupid thing to do given that such
    software users represent a fraction of the whole camera user base.
    RichA, Aug 17, 2010
    #1
    1. Advertising

  2. RichA

    Schneider Guest

    On Mon, 16 Aug 2010 17:05:00 -0700 (PDT), RichA <>
    wrote:

    >On Aug 16, 10:41 am, Schneider <> wrote:
    >> In an interesting turn of events coming from an unknown-before independent
    >> research project (see link below), some people managed to figure out
    >> Canon's own on-board "CBASIC" language. They are now able to run programs
    >> without loading CHDK and using its (safe) uBASIC or LUA languages as an
    >> intermediary. Using this "CBASIC", they then wrote an experimental firmware
    >> dumping program just to see if it would work, while testing all the
    >> commands they found.
    >>
    >> Someone else from the CHDK clan tried using this method on one of this
    >> year's 2010 Powershot cameras (the A3100) which has so far been unable to
    >> have its firmware dumped for CHDK porting by using all past available
    >> techniques (blinking it out of an LED or using small utility programs).
    >>
    >> It worked.
    >>
    >> So all of you 2010 Powershot buyers/owners may get CHDK available faster
    >> than anyone suspected. It just requires someone who actually owns one of
    >> the camera models in mind and also having the ability to modify a CBASIC
    >> program correctly to get the firmware to the CHDK gang.
    >>
    >> The caveat is that this CBASIC may be exploited by the less-reputable and
    >> could potentially be a malware security risk for many Canon cameras from
    >> now on.
    >>
    >> <http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&ty...>
    >>
    >> Would someone working for Nikon release some Canon malware to increase
    >> their sales? Who knows.

    >
    >There are all kinds of rumours about malicious software being out
    >there, from camera makers to studios releasing flawed copies of movies
    >to torrent groups. I don't think anyone has ever proven a
    >connection. It would seem to be a stupid thing to do given that such
    >software users represent a fraction of the whole camera user base.


    It should be no big deal to detect if this happens to a Canon camera. Three
    things must be in place for it to occur.

    1) The string "SCRIPT" must be at offset 0x1F0 of the first sector (Boot
    sector). This will be invisible to the average user. And a simple format
    will wipe it out if it is there.

    2) The file "script.req" must exist on the root directory on the SD card,
    and must only contain the string "for DC scriptdisk"

    3. The file "extend.m" must exist on the root directory on the SD card.
    This file must contain the BASIC script to execute.

    CHDK uses none of these. Though an empty "ver.req" or "vers.req" file in
    the root directory is often used to determine the camera's firmware version
    for CHDK, but at no time will you see a "script.req" or "extend.m" file in
    the root directory of any camera using CHDK. Should some malware drop a
    trojan to your SD cards when you insert them in a card-reader, and those
    two files show up in the root directory, proceed with caution. As-in,
    delete them and reformat your card before putting it back into your camera.
    Then scan your system for any new malware that might have been accidentally
    installed which put those two files onto your SD card. It'll be very easy
    to detect AND fix.
    Schneider, Aug 17, 2010
    #2
    1. Advertising

  3. RichA

    LOL! Guest

    On Wed, 18 Aug 2010 00:19:19 -0500, SneakyP
    <> wrote:

    >RichA <> wrote in news:234a6f35-c2bc-4991-9ec3-
    >:
    >
    >> There are all kinds of rumours about malicious software being out
    >> there, from camera makers to studios releasing flawed copies of movies
    >> to torrent groups. I don't think anyone has ever proven a
    >> connection. It would seem to be a stupid thing to do given that such
    >> software users represent a fraction of the whole camera user base.
    >>

    >
    >Almost all of the malicious software out now has a criminal element
    >involved, to find a way to steal money from others.
    >What will such malware do to a camera? Brick it? (locks-up any device to
    >make it as useful as a brick).


    I could tell you precisely how it could be used. But since you like to
    filter any posts with this header, and you're also not worth my time to
    boot up any of the other newsreaders and NNTP hosts that I also use to
    bypass your childish filters. So ... YOUR LOSS.

    What a perfectly prime example of the fate of someone that craves a bliss
    of self-induced ignorance by poking their own eyes out.

    I love it!

    LOL!!!!!!!!!!!!
    LOL!, Aug 18, 2010
    #3
  4. RichA

    DanP Guest

    On Aug 18, 6:19 am, SneakyP <>
    wrote:

    > Almost all of the malicious software out now has a criminal element
    > involved, to find a way to steal money from others.  
    > What will such malware do to a camera?  Brick it? (locks-up any device to
    > make it as useful as a brick).


    No harm can be done to the camera, only to the pictures.
    CHDK resides on the card and Canon says using it does not void the
    warranty.
    Formatting the card or even moving the read only tab in write mode
    removes it.

    DanP
    DanP, Aug 18, 2010
    #4
  5. RichA

    Peter Guest

    "SneakyP" <> wrote in message
    news:Xns9DD82F2597D748umofa02sneakemailc@127.0.0.1...

    >
    > Almost all of the malicious software out now has a criminal element
    > involved, to find a way to steal money from others.
    > What will such malware do to a camera? Brick it? (locks-up any device to
    > make it as useful as a brick).
    >


    A lot of may be criminally related, however I am not convinced that "almost
    all" is. There are a lot of sick minds who get their rocks off by screwing
    things up. Just look at the trolls in news groups.


    --
    Peter
    Peter, Aug 18, 2010
    #5
  6. RichA

    Peter Guest

    "Outing Trolls is FUN!" <> wrote in message
    news:eek:...
    > On Wed, 18 Aug 2010 08:42:43 -0400, "Peter" <>
    > wrote:
    >
    >>"SneakyP" <> wrote in message
    >>news:Xns9DD82F2597D748umofa02sneakemailc@127.0.0.1...
    >>
    >>>
    >>> Almost all of the malicious software out now has a criminal element
    >>> involved, to find a way to steal money from others.
    >>> What will such malware do to a camera? Brick it? (locks-up any device
    >>> to
    >>> make it as useful as a brick).
    >>>

    >>
    >>A lot of may be criminally related, however I am not convinced that
    >>"almost
    >>all" is. There are a lot of sick minds who get their rocks off by screwing
    >>things up. Just look at the trolls in news groups.

    >
    > Yes. Your relentless off-topic thread-hijacking trolling gets tedious. Do
    > us all a favor, at least buy a toy-store camera or one of those
    > keychain-cams at the checkout counter of your grocery store so you'll have
    > a modicum of real experience behind any of your words. At least this way,
    > it'll finally be true if you ever claim to have held a camera during your
    > lifetime.
    >



    Ah!
    The voice of experience!
    Wonder if you take your own advice, or is your allowance too small to cover
    the expense.

    --
    Peter
    Peter, Aug 18, 2010
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Renee
    Replies:
    5
    Views:
    331
    Dave Martindale
    Oct 27, 2004
  2. HokusPokus
    Replies:
    23
    Views:
    1,345
    ASAAR
    Jul 16, 2007
  3. D. Larson

    CHDK NEWS: A Discussion Forum Dedicated to CHDK

    D. Larson, Nov 28, 2007, in forum: Digital Photography
    Replies:
    0
    Views:
    377
    D. Larson
    Nov 28, 2007
  4. Ron Anchors
    Replies:
    0
    Views:
    374
    Ron Anchors
    Dec 6, 2007
  5. Rajesh5575
    Replies:
    1
    Views:
    1,275
    bedro
    Apr 20, 2010
Loading...

Share This Page