Great to see another Samsung NX hacker in the wild! I'm in the process of developing a mod for my NX300 and NX30 (with the NX2000 likely compatible). It doesn't do anything yet, but I've got a lot of work done on hooking ARM code [0] and compiling modern C++ for the cameras.

Personally I think the NX300/30/2000 are the most hackable cameras ever made, even compared to the NX1/500. The read-only rootfs isn't really a barrier, since the software runs a shell script from the SD card on boot (or rather resume from hibernation, it's a pretty clever system). And unlike the newer models, they don't have an RTOS coprocessor, so everything is handled in the easier-to-modify Linux code. It's not a design decision I would have made, but it makes in-depths mods easier.

The older cameras are also easy to unbrick, since the bootloader files used for firmware flashing without a working OS were released in the FLOSS code dump. The availability of some C headers in that dump is the cherry on top.

I'll admit I'd still rather have an NX500, I just bought the NX300 because I'm cheap :)

[0]: https://gitlab.com/dvdkon/pahil

Actually, half of the problem is vertical integration inside Sony cameras. It's all Sony from sensors to DSPs, and everything is designed and built by them.

The current firmware looks like a embedded Linux system designed for fast boot and is largely immutable, so the thing is pretty tightly secured down. You can put the board to flash mode and update the firmware, but that's all apparently.

Someone over DPReview was taking deltas of the file trees between firmware update packages to guess what has been updated, but going one step further was nigh impossible.

Sony doesn't even bin the DSPs from model to model, but create model-specific ones with different model numbers, and solder DRAM on top of them for latency and signal quality, so the cameras are complete black boxes.

The only missing thing is a complete epoxy pour over the board, but that thing gets hot and needs the case as a heat-sink, so it's not possible at this stage.

The fact that USB ptp is some baseline is kind of exceedingly great, even if yeah in practice it'a a huge mess of vendor extensions tacked on. I like trying to have some collaboration & specs! It's a monster oh sure but gphoto2 probably wouldn't have come about, as a sick compendium of all camera backs & vendor extensions, if there wasn't a common thread, common binding for cameras! Once you go from USB to IP you're (generally) untethered unmoored from anything shared!

What's done here is super admirable & super neat. But it's even more spelunking into the unknown than USB ptp imo! Thankfully there's some pretty old school direct on-the-line protocols that are kinda just working!

It's interesting to me at least to navel gaze over. The attempt to have common tools versus the just doing whatever.

One of my favorite connectivity solutions ever was the Nvidia Shield Controller (2015). A wifi (wifi direct/wifi-p2p at that!) video gaming controller. With audio that uses ozproto's stack, a usb-over-ip setup! Something about just tunneling USB being conceptually easier to reason about & do than deciding what IP services to make for a controller is so elegant and neat and weird. https://github.com/devmapal/nvidia-shield-controller-driver

Reading the title, I thought: finally someone rooted/jailbroke sony cameras.

On Canon you can run Magic Lantern, an extensive mod that adds many features to Canon cameras.

Even Samsung N1 had SD Card loadable mods before they moved away from the camera market.

Rooting sony seems impossible, I never saw someone Working on it Since their Fullframe lineup launched.

Interesting write-up. Does anyone have any context about Fujitsu RELC? Why a proprietary algorithm? Any particular advantages or features?