"Ah shit, here we go again." (c)

I've made a draft version of full firmware repacker for Z-Cam E1 cameras.

Now you can simply unpack firmwares for E1, make any changes, and pack it back. Packed file will be ready to be flashed into the camera. This thing will help any researchers and reverse-engineers to make own firmware versions for Z-Cam E1.

WARNING! YOUR USE OF THIS UTILITY IS AT YOUR OWN RISK! INCORRECT USE COULD DAMAGE YOUR CAMERA!

Source code is here: https://github.com/storyboardcreativity/Z-Cam-E1-Firmware-Repacker

How to use?

After build you can use it as a terminal tool:

• To unpack: zcame1repacker -u {firmware_file_path}
• To pack: zcame1repacker -p {firmware_folder_path}

What do you get when you unpack firmware?

You get a folder with ".ini" file (settings) and next firmware parts (if they exist in source firmware file):

• Bootstrap

I have not met this part of the E1 firmware yet.

• Partition Table

I have not met this part of the E1 firmware yet.

• Bootloader

I have not met this part of the E1 firmware yet.

• SD Firmware Update Code

Code, that reads new firmware file from SD card, unpacks it and flashes the camera.

• System Software

The first OS (yes, E1 has 2 operating systems on board that work simultaneously on separate CPU ARM-cores). It's RTOS (Real-Time Operating System). It's used to process huge data through itself. All recording processes are started and finished here. In addition, RTOS draws video preview on screens (own and HDMI) while camera is on. RTOS is controlled from Linux, and DSP is controlled from RTOS. All settings for recording start/stop are located here (video resolutions, framerates and bitrates). All patches I've done before were made for this firmware part.

• DSP uCode

THE ROOT OF EVIL. DSP is a specific part of Ambarella's SOC. It processes all compression algorithms for images and video. In E1 it processes H.264 and MJPEG compression in realtime. But I can't do anything with this firmware part because DSP has it's own proprietary architecture (if we had any, even very tiny, data leak from Ambarella about DSP opcodes, we could set absolutely any video and compression settings).

• System ROM Data

RTOS filesystem. All files for RTOS lie here. Here we can find some fonts, SuperView warp tables (yes, like in GoPro LOL), color-correction settings and MCTF (Motion Compensated Temporal Filtering) tables (settings for noise-reduction).

• Linux Kernel

The second OS on E1. Linux kernel starts separately on single ARM core. Linux uses Qt GUI to draw and show all menus. In addition, Linux handles each button press and draws OSD on HDMI output through framebuffer.

• Linux Root FS

Linux file system (UBI FS format) with Qt binaries, bash tools and other "high-level" things. You can make changes to this part to change GUI, for example.

• Linux Hibernation Image

I have not met this part of the E1 firmware yet.

• Storage 1

I have not met this part of the E1 firmware yet.

• Storage 2

I have not met this part of the E1 firmware yet.

• Index For Video Recording

Filesystem (UBI FS format), but almost empty. At this time I'm not sure, what it is.

• User Settings

I have not met this part of the E1 firmware yet.

• Calibration Data

I have not met this part of the E1 firmware yet.

• Bluetooth Firmware

Seems like firmware for separate wireless chip. Have not checked yet.