What do you do with this gel file. I can untar it, and get four .img.gz files, plus the encrypted shell scripts. Futher untarring and and i get some .img files..
What do you do with those?
MSO5000 FW v01.01.02.03
(link will expire after 24h)
Thanks for that! This is the original GEL, as in the version that comes shipped on the scopes yeah? Do you have this for the 7000 as well? For that I only have 00.01.01.07.01 so far ...
Well mostly compare between the different versions, as for the image files, they are regular linux filesystem images.
So the system.img file, is a FIT image that you can extract the kernel and initrd from. The kernel shouldn't be important, as we should be getting the sources from RIGOL on request (GPLv2). The initrd is interesting as that is the 'boot OS'. I'm not sure yet if this is their entire rootfs (likely) or just their first stage OS (which then in turn mounts the correct disks to continue booting). But since the other image is the 'app' image, my guess is that its the actual rootfs.
The final file in the system.img file is the ftd, flattened device tree, which contains the system configuration, such as all the various busses, gpios, LED's etc etc etc. Think ACPI tables for ARM if anything.
As for the app.img, well that contains the UI only as far as I can tell. It's based off of qt5, so replacing the shipped qt5 libraries with unstripped libraries may be an interesting thing to do (if they are stripped even), making gdb work a little easier if we'd want to gdb their main application.
The two script files are interesting, as it actually shows two potential upgrade paths. One is from within linux, the other from within u-boot. My guess is that if the upgrade fails via linux, if you have the usb stick with GEL inserted during boot, u-boot will parse the update file and perform the update. Why they did this I am not sure yet.
Further more, having the images, allows us to install them onto a zynq dev board (which can be had for about 100 USD) reducing the bricking risk of the scope immensely. As there is one way you can brick it, it seems. If one would wipe the 'env' partition, then we'd have an environment-less u-boot and without serial access, we don't know what the u-boot fallback would be.
Of course, the final goal is to blink a few LED's on the scope
(and to RE the keys of course, where more information is always better)