How do you hack/decompile Camera firmware? (w/ decompiling tangent)

Question

I wanted to know what steps one would need to take to "hack" a camera's firmware to add/change features, specifically cameras of Canon or Olympus make.

I can understand this is an involved topic, but a general outline of the steps and what I issues I should keep an eye out for would be appreciated.

I presume the first step is to take the firmware, load it into a decompiler (any recommendations?) and examine the contents. I admit I've never decompiled code before, so this will be a good challenge to get me started, any advice? books? tutorials? what should I expect?

Thanks stack as always!

Note : I know about Magic Lantern and CHDK, I want to get technical advise on how they were started and came to be.

http://magiclantern.wikia.com/wiki/Decompiling

http://magiclantern.wikia.com/wiki/Struct_Guessing

http://magiclantern.wikia.com/wiki/Firmware_file

http://magiclantern.wikia.com/wiki/GUI_Events/550D

http://magiclantern.wikia.com/wiki/Register_Map/Brute_Force

Answer 1

I wanted to know what steps one would need to take to "hack" a camera's firmware to add/change features, specifically cameras of Canon or Olympus make.

General steps for this hacking/reverse engineering:

1. Gathering information about the camera system (main CPU, Image coprocessor, RAM/Flash chips..). Challenges: Camera system makers tend to hide such sensitive information. Also, datasheets/documentation for proprietary chips are not released to public at all.

2. Getting firmware: through dumping Flash memory inside the camera or extracting the firmware from update packages used for camera firmware update. Challenges: Accessing readout circuitry for flash is not a trivial job specially with the fact that camera systems have one of the most densely populated PCBs. Also, Proprietary firmware are highly protected with sophisticated encryption algorithms when embedded into update packages.

3. Dis-assembly: getting a "bit" more readable instructions out of the opcode firmware. Challenges: Although dis-assemblers are widely available, they will give you the "operational" equivalent assembly code out of the opcode with no guarantee for being human readable/meaningful.

4. Customization: Just after understanding most of the code functionalities, you can make modifications that need not to harm normal operation of the camera system. Challenges: Not an easy task.

Alternatively, I highly recommend you to look for an already open source camera software (also HW). You can learn a lot about camera systems. Such projects are: Elphel and AXIOM