Open dreambold opened 1 year ago
Do you mean physical removal or destruction? The wifi is usually turned off on the camera and must be actively turned on in the menu for transmission. It's not on permanently anyway.
What exactly do you want to achieve?
I would need either way. Or completely disable it so it can't be turned permanently on in the camera menu.
Do you mean physical removal or destruction?
I would need either way. Or completely disable it so it can't be turned permanently on in the camera menu.
Can you tell me your camera modell? The most efficient way is to remove or destroy the Wifi module or the antenna. Depending on your camera modell and your soldering skills that can be very easy or very complex. The removal of the option isn't part of the available options I assume.
Here is a list off possible command addresses and their IDs
Search term: WLAN
Thank you for your reply, @masterflai , I have SONY a6400
How do I use these commands? I already have the current repo set up on my Ubuntu machine, can you let me know what I should do to run these commands? I really appreciate your help! @masterflai
Thank you for your reply, @masterflai , I have SONY a6400
You can get the Service Manual - Level 2 (Dissasembling) here. Just scroll down.
When you got the file, you can search for Wifi/BT. You will find the component CP7330 directly soldered on the mainboard and also the antenna is directly part of the mainboard, so there is no opportunity to remove the hardware without causing a malfunction within the camera.
@masterflai Thank you for the info! Can we just make the wifi not enabled in the settings? I tried to update the wifi config, but got this error in the Ubuntu console. Do you have any ideas?
sudo ./pmca-console.py wifi -f wifi.cfg
No native drivers available
Using drivers libusb-MSC, libusb-MTP, libusb-vendor-specific
Looking for Sony devices
Querying mass storage device
Sony DSC is a camera in mass storage mode
Traceback (most recent call last):
File "./pmca-console.py", line 104, in <module>
main()
File "./pmca-console.py", line 96, in main
wifiCommand(args.write, args.file, args.multi, args.driver)
File "/home/dream/Documents/Sony-PMCA-RE/pmca/commands/usb.py", line 641, in wifiCommand
for key in next(settings)._asdict().items():
File "/home/dream/Documents/Sony-PMCA-RE/pmca/usb/sony.py", line 395, in getWifiAPInfo
for ap in self._parseAPs(BytesIO(self._sendCommand(self.SONY_CMD_NetworkServiceInfo_GetWifiAPInfo))):
File "/home/dream/Documents/Sony-PMCA-RE/pmca/usb/sony.py", line 272, in _sendCommand
data = self.dev.sendSonyExtCommand(cmd[0], (self.ExtCmdHeader.pack(
File "/home/dream/Documents/Sony-PMCA-RE/pmca/usb/sony.py", line 95, in sendSonyExtCommand
self._checkResponse(response)
File "/home/dream/Documents/Sony-PMCA-RE/pmca/usb/__init__.py", line 42, in _checkResponse
raise InvalidCommandException(msg)
pmca.usb.InvalidCommandException: Mass storage error: Sense 0x5 0x20 0x0
@dreambold Unfortunately I'm still not experienced enough to guide you in this context. I got this error also some times running on debian. Obvious your camera storage seems to be mounted in the expected way (r/w).
Please verify if you are still using the latest version ot the script. I assume, you copied the repo and this is the last one, but I'm not shure. I assume it, cause running the GUI script within debian shows also the missing "service mode" button in the GUI, which is not applicable in the last compiled version 0.18.
I'm currently working on a similar topic cause I want to activate a installed GPS module, which is disabled in cause of the regional setting.
I posted a download option for the latest compiled version 0.18-22 of the console and the GUI for Windows. You can try to run these commands under Windows 11. For me it worked there flawless. Due to missing information about the development progress and activities I'm not shure, which information or error message is caused by my input or by a broken code line within the console. ;)
@dreambold Unfortunately, I have only now seen that you are already using the latest version. Currently I can't contribute anything, but if you find out something, it would be great if you post it here. I got the commands from the Personal-View forum. There Malco and other developers were quite active and collected their knowledge. Unfortunately I don't know yet exactly how some puzzle pieces fit into the big picture. I'm missing instructions how to address these registers exactly and if there are checksums for adjusted values.
@masterflai Thank you for your collaboration so far! I will post if I figure out something, for sure!
@dreambold Within the PlayMemories Repo there is a functionality described on how to permanently enable Wifi. Maybe by analyzing the code you can figure out the right command and register to disable it permanently.
@dreambold In the meantime, I realized how to use the addresses to read and write values. I use an old camera for my tests therefore the updatershell is sufficient. With your A6400 the serviceshell seems to be the better base for experiments. You have to use the latest version 0.18-22.
The settings are stored in backup.bin, which contains all the firmware stuff for all regions and languages.
Backup.bin contains the data, within \0110_backup\SYSAVIP-DSLR. My camera is available with gps and without. Therefore there are two subfolders PS_UUG (with gps) and PS_UUGN (without gps).
I have choosen the path with gps. In your case, there should be only one folder PS_UUG.
Very important: Before you go on you should choose the info command to read out your model and your region (destination). Depending on the region the according file within this folder here will be used as your relevant "firmware".
An overview about the regions can be found here.
Now you have all relevant information to go on and the following post directed me to the right direction.
You can read and write addresses within your running firmware and also within the backup firmware. Therefore you can choose the commands bk r, bk w, bk patch, bk s, bk unlock, bk lock.
Here is an example from my updatershell:
So, now you can use the linked addresses to read the values. To modify them it seems to be a good idea to unlock the bk with bk unlock and to lock them afterwards. I assume, that this is exactly what happens by choosing the unlock option in the gui version without the possibility to modify something else than the available options.
Do you have Skype or Slack? @masterflai Or can you send me an email to asenfan0723@gmail.com
?
@dreambold In the meantime, I realized how to use the addresses to read and write values. I use an old camera for my tests therefore the updatershell is sufficient. With your A6400 the serviceshell seems to be the better base for experiments. You have to use the latest version 0.18-22.
The settings are stored in backup.bin, which contains all the firmware stuff for all regions and languages.
Backup.bin contains the data, within \0110_backup\SYSAVIP-DSLR. My camera is available with gps and without. Therefore there are two subfolders PS_UUG (with gps) and PS_UUGN (without gps).
I have choosen the path with gps. In your case, there should be only one folder PS_UUG.
Very important: Before you go on you should choose the info command to read out your model and your region (destination). Depending on the region the according file within this folder here will be used as your relevant "firmware".
An overview about the regions can be found here.
Now you have all relevant information to go on and the following post directed me to the right direction.
You can read and write addresses within your running firmware and also within the backup firmware. Therefore you can choose the commands bk r, bk w, bk patch, bk s, bk unlock, bk lock.
Here is an example from my updatershell:
So, now you can use the linked addresses to read the values. To modify them it seems to be a good idea to unlock the bk with bk unlock and to lock them afterwards. I assume, that this is exactly what happens by choosing the unlock option in the gui version without the possibility to modify something else than the available options.
Am not sure How you see the folders @masterflai
@masterflai I will pay for your effort, if necessary, do you have some time to chat with me over zoom?
I will pay for your effort, if necessary, do you have some time to chat with me over zoom?
No, I do not want money. The work has been done by others. I'm just analyzing and experimenting a bit here.
I downloaded the current update file from the Sony website and disassembled it with the fwtool accordingly. You can find a description in the fwtool repo from malco. Afterwards, I have always used this as the basis of my analyses. The advantage is that you can analyze at this point in peace and can not yet break anything on the camera.
@masterflai Am trying to unpack the firmware file now. :)
@masterflai Can you do me a favor? I have uploaded firmware from Sony on my gdrive, can you decrypt them for me? https://drive.google.com/file/d/111t2ZCzFMv4ANw6ejee0vAASDGSAFvy3/view?usp=sharing, https://drive.google.com/file/d/18dBrMmfufpgcakHz7SzCyJJOIGctglqa/view?usp=sharing I really appreciate your effort!
I will extract the firmware file for you. Are you shure about the file? You wrote, that you own a A6400. The file contains A6300 within the file name . . .
Just to ensure, that you use the right file. 😉
I have both 6400 and 6300, and am trying with 6300 first. :)
I have both 6400 and 6300, and am trying with 6300 first. :)
OK, just to ensure. ;)
I will add the extract to your drive. You will find the relevant files here: Sony A6300\Outdir\firmware.tar_unpacked
Awesome! Can you extract 6400 firmware as well? ;)
Awesome! Can you extract 6400 firmware as well? ;)
Shure. Can you enable the writing to the folder of your google drive, please. I will place both within it. And just send me the A6400 firmware, please.
Did you receive my mails?
Yes, I shared 2 files, https://drive.google.com/file/d/111t2ZCzFMv4ANw6ejee0vAASDGSAFvy3/view?usp=sharing https://drive.google.com/file/d/18dBrMmfufpgcakHz7SzCyJJOIGctglqa/view?usp=sharing
And you can use wetransfer to share the extracted files as a zip, https://wetransfer.com/
@masterflai I received the files, thank you!
I will provide you the A6300 firmware extracted. The firmware V2.0 of the sony A6400 seems to use another decryption method or key, which isn't supported by the latest version of the fwtool for windows. Maybe using the repo directly with Ubuntu solves the issue. You will find the command to extract within the last provided screenshot.
First of all, use the version option of the pmca-console to realize the backup.bin file, your camera uses.
Afterwards you can search for this file within the extracted backup folder I sent to you. Now you can copy this file in a folder together with the fwtool-v1.2-win. Open a cmd promt (windows).
To read the current values, you type :
fwtool-v1.2-win print_backup -f 23000000_CX86801_CEE5.bin
Replace the file name by the name of your file. You will receive all IDs with their values and the length.
With this information, you can manipulate by using pmca-console-v0.18-22-ga82f5ba-win and the bk command the value. The only thing you have to figure out, is the ID you are looking for.
@masterflai @dreambold
Guys, any update on this issue?
I am also interested in this.
Thanks!
@openedhardware Do you have experience with this kind of mod? Or are you just starting it? I didn't have a chance to try it further yet. What model of Sony camera do you have?
Hey, @dreambold
I am just starting with A6400 model.
Thank you!
@openedhardware Mine is a6400 as well, but it doesn't seem to be able to decrypt the firmware for that model. @masterflai managed to decrypt the firmware for the a6300 model. Anyway, you can try it and we can discuss the details.
Is there any update?
I would need either way. Or completely disable it so it can't be turned permanently on in the camera menu.
Can you tell me your camera modell? The most efficient way is to remove or destroy the Wifi module or the antenna. Depending on your camera modell and your soldering skills that can be very easy or very complex. The removal of the option isn't part of the available options I assume.
Here is a list off possible command addresses and their IDs
Search term: WLAN
@masterflai where did you get this ID list?
Is there a way to disable the built-in WIFI for a6400? I'd like to pay for the effort!