Camera Firmware Hack
Firmware versions in green are available in stable and/or dev for downloadFirmware versions in gray do not have official CHDK releases. Check porting status hereFor the development status of not-yet-supported cameras, see For Developers.
Camera Firmware Hack
Check out the "For Developers" page to see what progress is being made to port CHDK to additional cameras and firmware versions. You'll also find articles describing the porting process there. (Maybe you'd like to help?)
Magic Lantern is a software enhancement that offers increased functionality to the excellent Canon DSLR cameras. We have created an open framework, licensed under GPL, for developing extensions to the official firmware.
Magic Lantern is not a "hack", or a modified firmware, it is an independent program that runs alongside Canon's own software. Each time you start your camera, Magic Lantern is loaded from your memory card. Our only modification was to enable the ability to run software from the memory card.
Originally created by Trammell Hudson, Magic Lantern played a role in turning consumer digital cameras into tools suitable for high quality digital filmmaking and is now being developed by photo and video enthusiasts, adding functionality such as: HDR images and video, timelapse, motion detection, focus assist tools, manual audio controls much more.
Private questions regarding camera/feature availability or future plans will not be answered, as they are already covered on the download page, in the FAQ and/or on the forum (and we get a lot of these). Sorry.
Please remember this is just a hobby project done in our spare time, and progress is not always as quick as we would like. The best way to get a feature implemented or a new camera ported is to join the development efforts.
I presume the first step is to take the firmware, load it into a decompiler (any recommendations?) and examine the contents. I admit I've never decompiled code before, so this will be a good challenge to get me started, any advice? books? tutorials? what should I expect?
Gathering information about the camera system (main CPU, Image coprocessor, RAM/Flash chips..). Challenges: Camera system makers tend to hide such sensitive information. Also, datasheets/documentation for proprietary chips are not released to public at all.
Getting firmware: through dumping Flash memory inside the camera or extracting the firmware from update packages used for camera firmware update. Challenges: Accessing readout circuitry for flash is not a trivial job specially with the fact that camera systems have one of the most densely populated PCBs. Also, Proprietary firmware are highly protected with sophisticated encryption algorithms when embedded into update packages.
Dis-assembly: getting a "bit" more readable instructions out of the opcode firmware. Challenges: Although dis-assemblers are widely available, they will give you the "operational" equivalent assembly code out of the opcode with no guarantee for being human readable/meaningful.
I picked up a Wyze Cam v2 from eBay for AUD$54.99. This camera came recommended by a the Home Assistant reddit, Home Assistant Discord, and some other tech blogs around the internet. The camera's specs look like a very capable WiFi security camera, claiming:
Out of the box, this camera will want to use the Wyze CAM online cloud to deliver services. This won't meet my challenge of keeping all of my smart home tech within my own network and independant from the internet.
The custom firmware I'm going to go with is Xiaomi-Dafang-Hacks, a firmware made by security camera enthusiasts as a replacement for a number of WiFi cameras that use a T10/T20 embedded computer, including the Wyze Cam v2.
This approach of loading the firmware onto an SD card has the advantage of being able to revert back to the out-of-the-box firmware simply be removing the SD card and restarting the camera, which will detect that there's no SD card and load it's factory firmware. Cool, right?
Unfortunately, the factory firmware will automatically create some new files when it starts, including folders called "record" and "time_lapse". While the presence of these files doesn't mean that it failed, you will need to delete these files and folders between each attempt.
Although the firmware's web server uses secure connections over HTTPS, its security certificate is self-signed. This means that your web browser is going to complain about it almost every time you connect to it. This is OK, and is safe to ignore.
I had some issues trying to install the firmware, and I wanted to see if I was doing the right thing. When I read about there being a serial interface, I wanted to try for myself. This actually helped a lot, and it told me that I was doing something wrong, which put me on the right track.
Bogus enough that I decided to pwn the camera, reverse engineer the protocol, and write my own software to get the video stream.The end result is a new piece of open-source software called Neolink, which allows Blue Iris, Shinobi, or other NVR software to receive video from unmodified Reolink cameras.
What to do with my newfound power?I planned to start with a static analysis of the firmware, first reverse engineering the encryption scheme.If I got stuck, I could interrogate the camera binary as it executed.
An added benefit of this setup is that I could stick whatever gdb commands I wanted to run at startup at the end of the script, instead of writing a dedicated GDB script.These dynamic printf commands simply print in the GDB console when the camera hits a breakpoint, helpful for knowing which functions are being called without halting the camera:
If you have an Olympus E-m1 mark I/II, E-m5 mark I/II, E-m10 mark II/III, Pen-F, or E-PL9, there is an unofficial hack that raises the limit. Read the thread to see the limitations of this hack (note, I have not applied this hack to my cameras as I tend to use the G85 for video):
Chris and Jordan are enjoying some well deserved time off this week, so we're taking a trip in the wayback machine to revisit the launch of Canon's original full-frame mirrorless camera, the EOS R. Give it a watch to see how far Canon's mirrorless line has come.
The a7R V is the fifth iteration of Sony's high-end, high-res full-frame mirrorless camera. The new 60MP Mark IV, gains advanced AF, focus stacking and a new rear screen arrangement. We think it excels at stills.
Above $2500 cameras tend to become increasingly specialized, making it difficult to select a 'best' option. We case our eye over the options costing more than $2500 but less than $4000, to find the best all-rounder.
There are a lot of photo/video cameras that have found a role as B-cameras on professional film productions or even A-cameras for amateur and independent productions. We've combed through the options and selected our two favorite cameras in this class.
Family moments are precious and sometimes you want to capture that time spent with loved ones or friends in better quality than your phone can manage. We've selected a group of cameras that are easy to keep with you, and that can adapt to take photos wherever and whenever something memorable happens.
What's the best camera for shooting sports and action? Fast continuous shooting, reliable autofocus and great battery life are just three of the most important factors. In this buying guide we've rounded-up several great cameras for shooting sports and action, and recommended the best.
Unlike Canon, Sony does not leak their firmware to the community... they don't even offer anything open to develop additional apps. I wish they did. There have been some minor community hacks of pre-A9 models, using the Play Memories Apps as a way to install hacked code. So, mostly, the answer is "no."
To do what you want (which require low level functions not exposed to the android app system) , at a minimum you'd need to defeat sony's encryption to load non-sony firmware into the camera or find an exploit to side-load it somehow. Plus someone would need to write/hack the software itself which likely involves MIPS processor assembly (unfun). In the process of messing with firmware you are almost certain to brick multiple cameras so there is a multi thousand dollar real cost besides the copious time required.
Its too big an effort for little reward I fear - things like Xboxes and phones get hacked because there is fame and fortune to be had. No glory in hacking a niche product like a full frame mirrorless camera. The guys with the skills to do this are working on something more interesting...
Oh, it works brilliant. It is called OPEN MEMORY TWEAK. It also activates all menu languages (in case you bought a Japanese model with Japanese only) and most importantly it allowed removes the NTSC/PAL nag screen when starting up your camera. It's just like an app you install on your phone. If you don't like it, you delete it.