Scope of this section is not to explain how to use Ghidra, but how to create a project based on pre-made ROM dump.

As time of writing, this guide can be applied to Digic 6,7,8,X models running EOS firmware variant. This includes some non-EOS cameras (like PowerShot SX740 HS) and excludes some EOS ones (eg M10) which run PowerShot firmware variant. For later, refer to CHDK Wiki.

What you need:

• ROM dumps (see: Obtaining ROM dumps
• Ghidra installation

First, select the file that contains actual code. On Digic 6 cameras there's only “ROM1.bin”, Digic 7, 8 and X models use ROM0.bin and (in most cases) ROM1.bin, where ROM0.bin contains the code.

Simply drag and drop ROM file into a project window. Import dialog will pop up.

Following settings are required:

Language: For Digic 6 and up select ARM, v7, little endian, default compiler

Options: In this dialog we define at what memory address image will be loaded.

• Block name: as you wish, but something meaningful is recommended (eg ROM0, ROM1)
• Base Address:
  • Digic 6: ROM1 loads at 0xF0000000
  • Digic 7,8,x: ROM0 loads at 0xE0000000
• Leave all other options as default.

Close by clicking OK on all dialogs, and then acknowledge the import result. File will appear in a project.