Products > Test Equipment
Hantek DSO1152S - Wont boot after firmware update
bwat:
--- Quote from: WanaGo on July 13, 2014, 09:07:22 am ---More playing, but nothing discovered, just more questions..
Thought I would try to decrypt the update file. Found a bit of info on this site, but I didnt know the password for the up file.
> gpg -d dso1kb_2.01.1_DSO1152S\(140408.0\).up > dso1kb_2.01.1.gz
gpg: CAST5 encrypted data
gpg: encrypted with 1 passphrase
gpg: decryption failed: bad key
gpg: block_filter 0xaf0730: read error (size=16233,a->size=16233)
gpg: block_filter: pending bytes!
tried what I found on here, and guessed at a dozen more, but nothing seemed to work.
WanaGo
--- End quote ---
CAST uses 128-bit keys, so if you brute force it expect to take 2^127 attempts. Also, many keys may end up giving you an executable binary, just not the right one. Note the universe is roughly 2^80 microseconds old. Source: The Block Cipher Companion, Knudsen and Robshaw.
If you want to save time, the key is somewhere in the machine doing the decryption and CAST is a symmetric cipher so you can encrypt with the same key if you want to load your own software.
WanaGo:
yeah wasnt hopeful guessing would work, however the passwords I had seen on this forum and others were the model numbers of the scope, or the family models.
I tried:
dso1000
dso1000s
dso1152
dso1152s
etc
No joy.
In terms of hunting out the key on this machine - wouldnt know where to start to be honest.
bwat:
Is it a linux process that decrypts the file? If you're lucky it'll be a script so they'll probably use the openssl command. I use a script like this:
--- Code: ---#!/bin/sh
openssl des3 -d -salt -in secret_file.tar.gz.des3 -out secret_file.tar.gz
--- End code ---
Somewhere on that machine will be a similar script using cast instead of des3. Maybe try an update and run "ps" at the same time to see what is doing the decryption. If it's a binary linked with the openssl libs then hexdump that binary looking for the password which you know will probably start with "dso" and be NUL terminated.
Edit: Maybe just build your own openssl libs that dump debug info giving you the passwords used on the machine. That would be quickest.
tinhead:
don't play too much, i will help you on that.
WanaGo:
great, thanks!
Ready when you are.
Noticed when logged in to the linux console, after a few minutes one of the relay clicks on and off, and then again, and then again... and gets faster and faster. I shut it down after a couple of clicks as I dont know why its doing it.
Thought it was due to it getting hot, but I have put a big case fan above the scope board and its still doing it.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version