Use PTP codes in includes where possible

[xaphod]

It seems Fuji's protocol is close to, but not the same as PTP/IP. The port numbers are even close (55740 instead of 15740 like canon and nikon use). Event codes are clearly PTP/IP-similiar, ie 0x100E is fire shutter in Fuji and in PTP/IP too.

So im just saying for the future you could grab libptp's includes and see what else maps 1:1.

[hkr]

Thanks for pointing this out. I obviously didn't know much about PTP when I started the project. Actually @tengelmeier mentioned at some point that https://github.com/tengelmeier/mtp-tools/ (has wireshark scripts for PTP) may be useful, but I never tried it.

Libptp may also be useful to check what or if features are supported that are not implemented in Fuji's app.

I wouldn't just add the headers as it seems to be GPL code. So I would have to think about license issues.

[mrosseel]

regarding the wireshark plugin, it specifically mentions Fuji XT-1 so could be interesting to research new commands.

[xaphod]

Yeah I tried playing with the mtp-tools wireshark plugin. It does surface a few extra commands, but many are missing. There's not enough there to reverse-engineer the camera communications to the point I need.

[tengelmeier]

What are you missing in detail?

For me it works sufficient to kind of understand the communication - just make sure you have also the 'packet bytes' section in the window visible (it is collapsed by default) The remaining bytes of the payload like the value for SetDeviceProperty or GetDeviceProperty appear there. You'll see where the payload remainder begins when you select e.g. pop -> transactionID in the Packet details pane.

P.S.: GetDeviceProperty 0xD212 seems to return an array of recent property changes. UInt16 size, then size *(UInt16 PropertyCode, UInt32 PropertyValue), all in Intel byte order. That should give an head start discovering properties ;-)

[xaphod]

The detail i'm missing is the codes themselves. For example, which code means a new photo is ready, how do I get its identifier, and download the photo? Which codes put the camera in or out of live-view mode, and once there, what are the codes to trigger the camera, or focus etc? Some of these are in the MTP tool, which I appreciate very much, thanks! Others are not there yet. cheers -tim

On Wed, Feb 22, 2017 at 5:06 PM Thomas Engelmeier notifications@github.com wrote:

What are you missing in detail?

For me it works sufficient to kind of understand the communication - just make sure you have also the 'packet bytes' section in the window visible (it is collapsed by default) The remaining bytes of the payload like the value for SetDeviceProperty or GetDeviceProperty appear there. You'll see where the payload remainder begins when you select e.g. pop -> transactionID in the Packet details pane.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/hkr/fuji-cam-wifi-tool/issues/3#issuecomment-281820033, or mute the thread https://github.com/notifications/unsubscribe-auth/ADmfLkbi7VpnrzryZwYXPcLl4wWjX4Mrks5rfLFqgaJpZM4Lw_Fw .

[tengelmeier]

OK, I see what you mean. Basically PTP uses a mix of standardized commands / identifiers and allows vendor specific extensions. Identifiers for these vendor extensions begin with 0xA (commands), 0xC (events) and 0xD (properties) - you'd need to reverse engineer the meaning for these identifiers. Live view e.g. is for sure vendor specific as the 15740 standard has no commands for that feature.

Regarding device properties, there are three different PTP/IP host modes the camera uses ('PTP mode', 'PC mode', and then there is the mode where new images are sent to the computer). there is a good chance there are different properties for each of these modes available (I could also imagine the GUID in the OpenSession packets are used as kind of protocol identifier).
At least my X-T1 responds with an error to most of the device property codes sniffed when connected to an Mac via USB, so I'm missing something. In most of the packet sniffs I also see usually the property 0xDF01 is set at the beginning - it might also set an transfer or camera mode..

[mrosseel]

is there a link somewhere which describes the setup to intercept the communication between the app and the camera? I'm only interested in controlling the shutterspeed, should be detectable in the commands sent I think.

[0x5e]

I reverse the official ios app, it has 3 class name which has "PTP" prefix.

PTPDeviecInfomation.h PTPDeviecMacAddress.h PTPDeviecModelInfomation.h

CameraRemote-Header.zip