Jump to content

M9 Firmware is Encrypted

marknorton

By marknorton
in Leica M9 / M-E

Recommended Posts

marknorton

marknorton

Posted
Posted

Advertisement (gone after registration)

It used to be possible to open the M8 firmware update files with a HEX editor to take a look to check, for example, the update rules, lens table contents and so on. It's not just Leica who have fallen into this trap, Nikon did exactly the same with the D3 and inadvertently leaked details of the D3x.

 

Not any more! Do the same with the M9 file and you see nothing readable. It's likely the firmware loader burned into the flash memory applies an extra step to decode the file before applying it. I can't see any characteristic strings which might, for example, confirm the use of standard data compression libraries though experts like Sandy, Carl, Scott and Carsten may be able to...

 

So, our sport of reading the firmware tea-leaves looks like it is no more...

Link to post
Share on other sites
scott kirkpatrick

scott kirkpatrick

Posted
Posted

Sigh. You're right. It's possible that they did something really sneaky but simple, like shifting the whole file one bit to the right. I couldn't outsmart it last night, but Sandy or Carl might step up to the challenge.

 

When I first reported an error to Leica (a bad table entry) that could be identified by reading the firmware in Notepad, the absolutely bog-level text editor in Windows), they were amazed. "You can't read that!" was the reply. Now they have learned.

 

scott

Link to post
Share on other sites
luigi bertolotti

luigi bertolotti

Posted
Posted
Sigh. You're right. It's possible that they did something really sneaky but simple, like shifting the whole file one bit to the right. I couldn't outsmart it last night, but Sandy or Carl might step up to the challenge.

 

When I first reported an error to Leica (a bad table entry) that could be identified by reading the firmware in Notepad, the absolutely bog-level text editor in Windows), they were amazed. "You can't read that!" was the reply. Now they have learned.

 

scott

Similar tricks are very common in the world af microprocessor based systems for various automation devices : a friend of mine has just developed a system for gathering data from "intelligent" home-heating devices, to concentrate-analyze them for billing purposes, and he used a kind of very simple "apparently random bit shifting algorithm" to avoid that a "smart plumber" can fool the system: of course, those algorithm can be patiently cracked... but is a question of balancing of time, risk and "is it worth ?".

I hope some of the people hereby mentioned can succed into the M9 task... after all, it's just to understand better how works a camera that intrigues all of us.... :).

Link to post
Share on other sites
Guest BigSplash

Guest BigSplash

Posted
Posted
I think it's time the CIA (US) and GCHQ (UK) did something useful for us then...

 

I believe that GCHQ (UK) already has considerable experience braking codes that have German origins!

Link to post
Share on other sites
marknorton

marknorton

Posted
  • Author
Posted

Advertisement (gone after registration)

Geoff, I'm only buying one M9, so no more dissections!

 

There are some pictures from the factory tour on DP Review and they show the motor wind section and viewfinder largely unchanged. The camera control electronics is simplified, due presumably to greater integration and the circuirty in the top cover is truncated due to the removal of the LCD.

 

The Sensor board seems to extend upwards and has a lower component count, again presumably due to improved technology. Finally, I haven't seen a picture of the new DSP board but I would expect that to be somewhat simpler at first sight than the board we're used to.

Link to post
Share on other sites
cbretteville

cbretteville

Posted
Posted
Sigh. You're right. It's possible that they did something really sneaky but simple, like shifting the whole file one bit to the right. I couldn't outsmart it last night, but Sandy or Carl might step up to the challenge.

 

When I first reported an error to Leica (a bad table entry) that could be identified by reading the firmware in Notepad, the absolutely bog-level text editor in Windows), they were amazed. "You can't read that!" was the reply. Now they have learned.

 

Looking at the file it does not look like a simple bit shift or single byte xor algo. That said any form or encryption is simply a delay mechanism. This is probably what we call 'encoding' or obfuscation rather than true crypto simply based on the fact that the camera can load the file without the operator entering a key, the processing power of the camera and what Leica's (or Jenoptik's) need is.

 

- Carl

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...