A friend called me earlier this week to tell me that he had picked up one of the Dakota PV2 single-use cameras at a Wolf Camera here in San Francisco. Those who read here regularly will remember that I posted an article about the hacks possible with its predecessor; this one has a different chipset though. While it does connect to the PC using the same cable, and it is visible on the USB bus, it doesn’t respond well to any commands.
There is some information about it, including links to sites about the chipset and some photos of a disassembled camera at John Maushammer’s Dakota Camera page (look for the section with the yellow background).
So far, I have only made some very minor changes to the latest SMaL driver inside gphoto2 so that it will recognise the camera’s USB vendor/device ID and then tried talking to the camera.
All I have discovered so far is:
- Any write to the camera’s first configuration of greater than 36 bytes will timeout
- All the commands of 36 bytes or less that I’ve tried to send so far result in the camera refusing to accept any other commands
An email from John M. mentioned that the original camera required a special init sequence to authenticate the PC as a valid device for reading the photos. This was a simple hash of the camera’s serial number. Interestingly, one of the commands I sent it the other day seems to have zeroed my serial number (the hold all buttons down while switching on trick now shows my serial number as LAMSSMAL0000 whereas before it definitely contained something starting DAA…
More sites that are talking about hacking the PV2: