Products > Test Equipment
Hantek DSO1152S - Wont boot after firmware update
<< < (3/26) > >>
bwat:

--- Quote from: WanaGo on July 13, 2014, 09:07:22 am ---More playing, but nothing discovered, just more questions..

Thought I would try to decrypt the update file. Found a bit of info on this site, but I didnt know the password for the up file.

> gpg -d dso1kb_2.01.1_DSO1152S\(140408.0\).up > dso1kb_2.01.1.gz
gpg: CAST5 encrypted data
gpg: encrypted with 1 passphrase
gpg: decryption failed: bad key
gpg: block_filter 0xaf0730: read error (size=16233,a->size=16233)
gpg: block_filter: pending bytes!

tried what I found on here, and guessed at a dozen more, but nothing seemed to work.

WanaGo

--- End quote ---

CAST uses 128-bit keys, so if you brute force it  expect to take 2^127 attempts. Also, many keys may end up giving you an executable binary, just not the right one. Note the universe is roughly 2^80 microseconds old. Source: The Block Cipher Companion, Knudsen and Robshaw.

If you want to save time, the key is somewhere in the machine doing the decryption and CAST is a symmetric cipher so you can encrypt with the same key if you want to load your own software.
WanaGo:
yeah wasnt hopeful guessing would work, however the passwords I had seen on this forum and others were the model numbers of the scope, or the family models.

I tried:
dso1000
dso1000s
dso1152
dso1152s
etc

No joy.
In terms of hunting out the key on this machine - wouldnt know where to start to be honest.
bwat:
Is it a linux process that decrypts the file? If you're lucky it'll be a script so they'll probably use the openssl command. I use a script like this:

--- Code: ---#!/bin/sh
openssl des3 -d -salt -in secret_file.tar.gz.des3 -out secret_file.tar.gz

--- End code ---
Somewhere on that machine will be a similar script using cast instead of des3. Maybe try an update and run "ps" at the same time to see what is doing the decryption. If it's a binary linked with the openssl libs then hexdump that binary looking for the password which you know will probably start with "dso" and be NUL terminated.

Edit: Maybe just build your own openssl libs that dump debug info giving you the passwords used on the machine. That would be quickest.
tinhead:
don't play too much, i will help you on that.
WanaGo:
great, thanks!

Ready when you are.

Noticed when logged in to the linux console, after a few minutes one of the relay clicks on and off, and then again, and then again... and gets faster and faster. I shut it down after a couple of clicks as I dont know why its doing it.
Thought it was due to it getting hot, but I have put a big case fan above the scope board and its still doing it.
Navigation
Message Index
Next page
Previous page
There was an error while thanking
Thanking...

Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod