@Vitaliy_Kiselev, any thoughts or future plans regarding a Pentax DSLR hack? I'm aware there was some research being done on the Pentax K-5, and now with the K-01 and K-30 (and the GH2 hack drawing close to maximum potential with the most recent patches), perhaps this may be an interesting topic to revisit?
Thank you for everything.
if only could some one state which part is the code which reads the previous installed software to permit upgradation
The K5IIs firmware is not accepted by the camera. I'll try to contact Pentax, but at the end I can leave the situation as is. Thanks!
Try normal K5IIs firmware and contact Pentax in any other case. No hacks help here.
Hi, I'm new to the forum. I have an early demo K5IIs that's working with a K5II firmware. When I generate JPG in camera I have a lot of sharpening, a sort of added sharpening that's not needed in K5IIs. My idea was to change to the correct firmware but reading some posts I don't think it's easy. But in this case cameras are virtually identical. I tried to modify the header with an hex editor with no success. Can you help me?
i attempted installation in win7 64 m/c and xp m/c, then searched frmcrypt, does not exist
@Vitaliy_Kiselev , before junking the camera just want to try frmcrypt, assist me how to use the programme. thanking you in advance.
ok, but still would like to know how does frmcrypt.exe installed and used, its a command line programme, but where did it install and as what-, sys32 or sys,
ok let me then upgrade to the k-m firmware, it does not accept as the version is 0.10 and not 1.0, what do i do
Just forget about any idea to upload wrong firmware, period.
Hi Vitaliy_Kiselev, that i am aware, but the question is when updating what does the firmware read to let it know that this (firmware) would be accepted, is it in the header (does not seem so) then any idea which part does it read. any idea how to use frmcrypt.exe
Get new camera, do not waste time. You can't flash another camera firmware.
could do with some input as i have a bricked a camera which reads as PENTAX K-M VER:0.10, but the mainboard is of k-x not k-m, having used google the mainboard of k-x and k-m are as attached files (ist is k-x second is k-m, jpeg recorded pixel reads as 14M, surely a experimental camera with k-7 sensor (being of same era, k-m is ccd and k-x/k-7 is cmos, pictures are yellow out of focus, thus not useable, i think flashing k-x firmware might help but thats not possible, thus now what, i have used ida pro hex neo notepad++, but do not know how to use frmcrypt.exe, i am on 64bit win7, neither is pk tether working, any ideas
hi can someone pls tell me how to use frmcrypt.exe on a windows platform, it loads as attached
Hi,
I'm work on K-r, ( 2 K-r)
Debug mode is Okay on K-r1,
Firmware of K-r 2 is partially failed ,
K-r 1 is full operational) , I had saved firmware in SD (backup of DSP & CPU) .
Now I need to boot on loader for K-r 2 ( but back screen is not operationnal )
Is there an idea ...
BTW did someone investigated communication protocol between pentax body and O-GPS1 module? It's connected via flash hot-shoe connector. Is there a better description of signal than this? http://www.pentaxforums.com/forums/attachments/125-flashes-lighting-studio/199956d1388264180-manual-flash-puzzle-hot-shoe.gif I found that some communication geos via pins Digital (initiator) and Mode. When camera is powered on, pin Digital goes high for about 10-20s awaiting response on Mode pin. If nothing it fall back low. If I make loopback from Digital to Mode a communication starts and GPS navigation menu in camera become available. I'm going to look on DSO. But I don't have any flash or other device to communicate with. My goal is to attach own cheap GPS module.
Yes, looks like I did.
I've RE the checksum routines and got a decrypted firmware dump. For fun I changed a string in the debug mode.
Next up I'll write a program to fix the checksum on the binary and then write some custom code.
Seems that Shodan makes some progress with full decrypting http://www.pentaxforums.com/forums/6-pentax-dslr-discussion/250555-resurrecting-pentax-firmware-hacking-5.html#post2725229
You can invite guys here.
We need also to add latest cameras to pentax tool, I think they are not present, as I did it last time for K-01 and cameras present one year ago. Also we need to complete decryption of small starting part and fixing all checksums.
Wow, it looks that fun has begun! Just found a short time ago when I registered at pentaxforums.com and was directed to this new fascinating thread: http://www.pentaxforums.com/forums/6-pentax-dslr-discussion/250555-resurrecting-pentax-firmware-hacking-2.html
From further search it seems that the problem is bigger. Someone suspects from comparing FWs, that file previously named "MODSET.xxx" now became "yyyyyyyy.xxx" on newer K-5, K30, etc. according to format string "C:\%08ld.%03ld" and nobody knows what number is yyyyyyyy. xxx should be 524. As the file is placed in rootdir there's no enough entries to try out all billions of file names. Maybe it would be easier to modify the "C:\%08ld.%03ld" string in firmware. I looked at haute's post describing chksum bypass but my K-30 FW looks different from his hexdump. He has quite clear line: 000000E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 98 EA 26 3D
but I have similar on farther offset with more numbers after FFFFFFFFFFFFF
00000F60: 00 56 65 72 73 69 6F 6E 20 31 2E 30 35 20 20 20 │.Version 1.05 00000F70: 20 20 20 00 00 07 25 FB 01 32 01 33 50 45 4E 54 │ ..•%ű☺2☺3PENT 00000F80: 41 58 00 50 45 4E 54 41 58 00 4B 2D 33 30 00 44 │AX.PENTAX.K-30.D 00000F90: 53 43 5F 4B 2D 33 30 00 01 00 50 45 4E 54 58 00 │SC_K-30.☺.PENTX. 00000FA0: 49 4D 47 50 00 5F 49 47 50 00 50 45 4E 54 41 58 │IMGP._IGP.PENTAX 00000FB0: 20 4B 2D 33 30 00 00 1C FF FF FF FF FF FF FF FF │ K-30..∟ 00000FC0: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF │ 00000FD0: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF │ 00000FE0: FF FF FF FF FF FF FF FF 00 00 00 1C A5 5A 5A A5 │ ...∟ąZZą 00000FF0: 15 55 ED C1 FF FF FF FF 02 0C 02 0C A5 5A 5A A5 │§UÝ┴ ☻♀☻♀ąZZą 00001000: B7 B5 C7 BF 4F 45 64 A2 48 54 3E 53 41 59 11 F1 │ĚÁă┐OEdóHT>SAY◄˝
You can make small script that will put big amount of AUTORUN.xxx files, were xxx is from 000 to 999 on SD card, and later use binary search to find proper one.
Did someone tried to run a script on K-30, K-5 or similar newer camera? According to googled older info I creaded file AUTORUN.524 in rootdir of SD card with content: PRINT "Hello World"; FILEOUT "TEST"; EXIT In decrypted FW I found a reference to C:\AUTORUN.%03ld and C:\CHKDAT.%03ld There's no reference to MODSET file The magic number 524 I took from firmware name KB524B.BIN and similar also from decr. FW. I also checked there are strings that belongs to script keywords. But I'm unable to run the script, I tried pressing menu button during power on an also do it in debug mode (I used pkteether to enable it - is there other way to enter debug via some file on SD?). Any Idea what else to try? Am I right that on old camera my steps would work?
hi good day i am pentax k-01 user currently running on 1.03 firmware version. i notice big differences from 1.00 to 1.01 in auto focus and now 1.03 it seem "scene mode" are missing i tried all and stuff from lcd monitor setting to dedicated "scene mode" in dial nothing happens. i wonder if someone is familliar with 1.03 firmware. and if there is possible hack in this camera?
It looks like you're new here. If you want to get involved, click one of these buttons!