| Products > Test Equipment |
| Rigol DSXXXX .GEL firmware file format |
| << < (21/38) > >> |
| Macbeth:
It's amusing to see this firmware .GEL cracking. I don't have a DSXXXX but I do have a DM3058 and its firmware is in an unencrypted format. Much like this thread I have memory mapped lots of plain text strings, private storage for calibration data, found plenty of instances of obvious IEEE floating points. I've also found all the large and small character maps for English and Chinese characters. I have an unhealthy reason for this, because I used Rigols Ultrasensor software and it bricked my DM3058. Long story, but I didn't trust sending it back to them for unbricking and then using Ultrasensor again and bricking it all over. I learned how to JTAG program it myself. Now I want to use it as a testbed to learn IDA with Blackfin. But then again I keep finding something better to do! :-DD |
| laj:
--- Quote from: smithnerd on July 23, 2016, 04:33:05 pm ---I've been looking at SparrowBootloader.sb with this: https://github.com/eewiki/elftosb --- Code: ---$ ./sbtool SparrowBootloader.sb ---- Boot image header ---- Signature 1: STMP Signature 2: sgtl Format version: 1.1 Flags: 0x0000 Image blocks: 19764 First boot tag block: 9 First boot section ID: 0x00000000 Key count: 1 Key dictionary block: 7 Header blocks: 6 Section count: 1 Section header size: 1 Timestamp: 446216079000000 Product version: 999.999.999 Component version: 999.999.999 Drive tag: 0x0000 SHA-1 digest of header: 0x00000000: 2d 5c 14 b8 10 81 fe 5f ee e2 09 ee 75 55 fe 80 0x00000010: bb 35 50 44 Header digest is correct. ---- Section table ---- Section 0: Identifier: 0x0 Offset: 10 blocks (160 bytes) Length: 19752 blocks (316032 bytes) Flags: 0x00000001 0x1 = ROM_SECTION_BOOTABLE ---- Key dictionary ---- error: the image is encrypted but no key was provided --- End code --- It should be encrypted with AES-128, the key for which is burned into the OTP area of the i.MX28. Hopefully though, it might only be using 'encrypted boot' mode and not the 'high assurance boot' mode. --- End quote --- Have a look at sbtool's "-z" option (Zero-Key) As in "sbtool -V -d -z SparrowBootloader.sb" or "sbtool -V -d -b -x 0 -z SparrowBootloader.sb >sp.bin" |
| smithnerd:
Crikey. |
| janekivi:
Of course You can use all the tools available in here, made by all of us. (Yes, I forgot paper and pencil, I'm a big paper user overall) I compiled with C this sbtool for windows, if anyone need. win_sbtool.zip It is acting funny and outcome is not correct. |
| laj:
Another alternative (on *nix) to sbtool from elftosb, is mxssb from uboot (at denx.de/mxssb.git) below is a patch to let it extract the individual csf parts into raw bin dump's |
| Navigation |
| Message Index |
| Next page |
| Previous page |