Hi,
I have started firmware hacking project, current plan is to dump and decrypt complete firmware.
Currently I'm reversing flashing protocol used for FW upgrading, hoping for some undocumented commands.
Also as mentioned on WIKI, XORing firmware files produces short blocks of clear text.
This suggests file isn't really encrypted, just XORed with pseudo-random sequence that is static among ALL compatible cameras.
After some research, I found this is same for all Alpha Axx and NEX series. This indicates common firmware is used in all these models.
Pattern is different for compact cameras like HX5 and VG video cameras.
From parts of firmware, I can see there is debug console with commands to read/write memory and other interesting stuff.
So far, I have found one interesting feature in Firmware updater:
Create empty FirmwareUpdater.log file in updater directory (where SPUFirmwareUpdater.exe is).
When updater finds this file, it will be used for nicely detailed debug logging of all data send and received.
I have already updated my camera firmware, but if anyone here will be doing firmware upgrade (Axx,NEX or LA-EA1),
please enable logging and upload the log. It will greatly help me with understanding the protocol.
EDIT: If you can, run firmware updater on already updated camera (just to the point it says camera version, then close it).
I have only NEX3 log file, logs for other cameras are welcome (even without actual flashing).
More good stuff will come soon...
p.s. I'm well known for other similar projects, but Sony isn't really happy when hackers are having fun and likes to sue and cause problems...
So I will be posting under this new user without any link to my previous work.
I have started firmware hacking project, current plan is to dump and decrypt complete firmware.
Currently I'm reversing flashing protocol used for FW upgrading, hoping for some undocumented commands.
Also as mentioned on WIKI, XORing firmware files produces short blocks of clear text.
This suggests file isn't really encrypted, just XORed with pseudo-random sequence that is static among ALL compatible cameras.
After some research, I found this is same for all Alpha Axx and NEX series. This indicates common firmware is used in all these models.
Pattern is different for compact cameras like HX5 and VG video cameras.
From parts of firmware, I can see there is debug console with commands to read/write memory and other interesting stuff.
So far, I have found one interesting feature in Firmware updater:
Create empty FirmwareUpdater.log file in updater directory (where SPUFirmwareUpdater.exe is).
When updater finds this file, it will be used for nicely detailed debug logging of all data send and received.
I have already updated my camera firmware, but if anyone here will be doing firmware upgrade (Axx,NEX or LA-EA1),
please enable logging and upload the log. It will greatly help me with understanding the protocol.
EDIT: If you can, run firmware updater on already updated camera (just to the point it says camera version, then close it).
I have only NEX3 log file, logs for other cameras are welcome (even without actual flashing).
More good stuff will come soon...
p.s. I'm well known for other similar projects, but Sony isn't really happy when hackers are having fun and likes to sue and cause problems...
So I will be posting under this new user without any link to my previous work.
Last edited:
