Products > Test Equipment
DG4000 - a firmware investigation
cybernet:
just reversed the crc on the firmware files for the DG4000 ;-)
its actually a packaging format, that contains multiple segments which get loaded into the flash then (the loader addresses are still a bit off) anyhow i attach a link to the splitted files.
the big 2MB file is the main code - u can load it into LDRViewer and it dismantle it without a hitch, other stuff are help system files, etc ..
so theoretically it should now be possible to modify code, stuff it back together, crc it - and flash it ;-)
http://www.filedropper.com/dumpfilestar
--- Quote ---./gelfile ./DG4000Update.GEL
hdr_buf: RIGOL:DG4:UPDATE FILE ALL
fwr: CRC:7A57 ADDR:20040000 LEN:00228EF0 00000004 00000004
-> dumped dump_20040000.bin (2264816 bytes)
fwr: CRC:8CE7 ADDR:20300000 LEN:000C3DF6 00000008 00000008
-> dumped dump_20300000.bin (802294 bytes)
fwr: CRC:8C44 ADDR:20400000 LEN:00001661 00000008 00000008
-> dumped dump_20400000.bin (5729 bytes)
fwr: CRC:0611 ADDR:20440000 LEN:00000252 00000010 00000010
-> dumped dump_20440000.bin (594 bytes)
fwr: CRC:8845 ADDR:20440400 LEN:00002855 00000010 00000010
-> dumped dump_20440400.bin (10325 bytes)
fwr: CRC:D973 ADDR:20443400 LEN:00000252 00000010 00000010
-> dumped dump_20443400.bin (594 bytes)
fwr: CRC:BDC8 ADDR:20443800 LEN:000019FE 00000010 00000010
-> dumped dump_20443800.bin (6654 bytes)
fwr: CRC:8570 ADDR:20460000 LEN:00000206 00000010 00000010
-> dumped dump_20460000.bin (518 bytes)
fwr: CRC:3CB3 ADDR:20460400 LEN:0000F081 00000010 00000010
-> dumped dump_20460400.bin (61569 bytes)
fwr: CRC:D5A9 ADDR:2046FC00 LEN:00000206 00000010 00000010
-> dumped dump_2046fc00.bin (518 bytes)
fwr: CRC:0259 ADDR:20470000 LEN:000091B6 00000010 00000010
-> dumped dump_20470000.bin (37302 bytes)
fwr: CRC:219D ADDR:205B0000 LEN:00169DE8 00000020 00000020
-> dumped dump_205b0000.bin (1482216 bytes)
fwr: CRC:A299 ADDR:207B0000 LEN:0003D6C4 00000040 00000040
-> dumped dump_207b0000.bin (251588 bytes)
fwr: CRC:63BD ADDR:20830000 LEN:0004BB9C 00000040 00000040
-> dumped dump_20830000.bin (310172 bytes)
fwr: CRC:0000 ADDR:209B0000 LEN:00480000 00000080 00000080
-> dumped dump_209b0000.bin (2097152 bytes)
-> dumped dump_20bb0000.bin (2097152 bytes)
-> dumped dump_20db0000.bin (524288 bytes)
--- End quote ---
Rigby:
--- Quote from: cybernet on November 24, 2013, 02:28:14 am ---just reversed the crc on the firmware files for the DG4000 ;-)
its actually a packaging format, that contains multiple segments which get loaded into the flash then (the loader addresses are still a bit off) anyhow i attach a link to the splitted files.
the big 2MB file is the main code - u can load it into LDRViewer and it dismantle it without a hitch, other stuff are help system files, etc ..
so theoretically it should now be possible to modify code, stuff it back together, crc it - and flash it ;-)
http://www.filedropper.com/dumpfilestar
--- End quote ---
Wow... Nicely done.
Mark_O:
--- Quote from: cybernet on November 24, 2013, 02:28:14 am ---
http://www.filedropper.com/dumpfilestar
--- End quote ---
I may be doing something wrong, but I believe it says the linked file is 0 kB?
AndersAnd:
--- Quote from: Mark_O on November 24, 2013, 04:36:36 am ---
--- Quote from: cybernet on November 24, 2013, 02:28:14 am ---http://www.filedropper.com/dumpfilestar
--- End quote ---
I may be doing something wrong, but I believe it says the linked file is 0 kB?
--- End quote ---
Just checked, works fine for me. Filezize: 9.740 kB
AndersAnd:
--- Quote from: ted572 on November 24, 2013, 02:06:49 am ---Reference below for info on Software 07 bugs:
Re: Rigol DG4xxx ppulse and npulse
« Reply #5 on: October 22, 2013, 09:25:30 PM »
Quote
Yes, Rigol just confirmed it is a bug, I'll post here when they come up with the fix.
--- End quote ---
Link to that topic: https://www.eevblog.com/forum/testgear/rigol-dg4xxx-ppulse-and-npulse/
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version