Products > Test Equipment
Rigol DSXXXX .GEL firmware file format
Userli:
Cybernet refers in his post
https://www.eevblog.com/forum/testgear/sniffing-the-rigol's-internal-i2c-bus/msg265156/#msg265156
several times to AD.
Does anybody know what AD stands for?
smithnerd:
--- Quote from: Userli on August 04, 2016, 10:03:56 pm ---Cybernet refers in his post
https://www.eevblog.com/forum/testgear/sniffing-the-rigol's-internal-i2c-bus/msg265156/#msg265156
several times to AD.
Does anybody know what AD stands for?
--- End quote ---
Analog Devices.
janekivi:
This is a notepad tutorial time again. Maybe in another thread this time.
Let's open latest DS1000Z-00.04.04.00.07 or DS1000Z-00.04.03.01.05 update file footer and start
analyzing it. File compare is good thing, so we put both of them side by side. After scrolling them
quickly up and down we see some pattern. If we concentrate our look into it we start seeing...
OK... nothing.
Let's take hex view from one of them. So, first 20 bytes are header I think:
80 00 00 00 01 00 00 00 80 00 00 00 01 00 00 00
04 00 00 00
Then comes 128 bytes strange code:
64 29 7F D9 1A C9 9B D5 74 5C 2B 8E A3 5E 57 7A
62 DF 99 D4 BA DC 33 FE F2 37 40 E8 78 71 12 E6
10 E9 B4 B4 B5 54 17 47 73 65 9D EB 5D 4F A1 10
3E CF 7E 43 35 A9 0B A8 28 1F A3 8D 26 F2 A4 0E
44 2B 67 F0 BE E1 A3 63 CA 9F 17 56 53 32 7A F4
F8 07 7F 8C 0D 91 A7 C9 8E 99 8B 22 A9 6D 4E 0D
BE 89 A2 56 A7 58 B6 C7 99 39 48 54 91 5A 11 39
F4 D6 0C D7 7D 99 26 24 7A 94 7C 52 1E B9 17 D0
Next is another not too strange 128 bytes:
A3 30 20 2B 37 43 4F 5B 67 73 7F 8B 97 A3 AF BB
C7 D3 DF EB F7 03 10 1C 28 34 40 4C 58 64 70 7C
88 94 A0 AC B8 C4 D0 DC E8 F4 00 0D 19 25 31 3D
49 55 61 6D 79 85 91 9D A9 B5 C1 CD D9 E5 F1 FD
4F 79 6B 5F 53 47 3B 2F 23 17 0B FF F2 E6 DA CE
C2 B6 AA 9E 92 86 7A 6E 62 56 4A 3E 32 26 1A 0E
02 F6 E9 DD D1 C5 B9 AD A1 95 89 7D 71 65 59 4D
41 35 29 1D 11 05 F9 EC E0 D4 C8 BC B0 A4 98 8C
At the end is footer:
01 00 01 00
Today we looking at the second part here:
A3 30 20 - 30 is "0" and 20 is "space" in ASCII but what is the next row of data?
A3 30 20 2B 37 43 4F 5B 67 73 7F 8B 97 A3 AF BB C7 D3 DF EB F7
03 10 1C 28 34 40 4C 58 64 70 7C 88 94 A0 AC B8 C4 D0 DC E8 F4
00 0D 19 25 31 3D 49 55 61 6D 79 85 91 9D A9 B5 C1 CD D9 E5 F1 FD
If we start from 20 - add 0B - you got next, then add 0C - got next and next and next...
Next row 03 is 0103 if we add 0C to F7 and maybe 01 is added to the next, so:
now we add 0D to the 03 - got 10, then add 0C - got next and next and next...
Next row 00 is 0100 if we add 0C to F4 and maybe 01 is added to the next, so:
now we add 0D to the 00 - got 0D, then add 0C - got next and next and next...
And now what... there is 4F 79 6B
4F 79 6B 5F 53 47 3B 2F 23 17 0B
FF F2 E6 DA CE C2 B6 AA 9E 92 86 7A 6E 62 56 4A 3E 32 26 1A 0E 02
F6 E9 DD D1 C5 B9 AD A1 95 89 7D 71 65 59 4D 41 35 29 1D 11 05
F9 EC E0 D4 C8 BC B0 A4 98 8C
If we start from 79 - subtract 0E - you got next, then subtract 0C - got next and next and next...
Next row FF is right if we subtract 0C from 010B and maybe 01 is subtracted from next, so:
now we subtract 0D from the FF - got F2, then subtract 0C - got next and next and next...
Next row F6 is right if we subtract 0C from 0102 and maybe 01 is subtracted from next, so:
now we subtract 0D from to the 9C - got EC, then subtract 0C - got next and next and next...
So, half of 128 bytes next byte is 0C bigger than previous and in middle is turning
point from where next byte is 0C smaller than previous. Very hi-tech code.
(Sometimes I use excel for help and visualization... to get sharper look for hacking)
That's all. Long story, short question - what pattern is this?
janekivi:
It reminds me something like crypted data.
In Sparrow(ARM)update_00.04.00.00.00 pattern is more visible
and the same only other updates have different step.
I rearrange the columns for You:
79 8A 99 49 FE B2 67 1C D1 85 3A EF A3 58 0D C2 76 2B E0 94
49 FE B2 67 1C D1 85 3A EF A3 58 0D C2 76 2B E0 94
49 FE B2 67 1C D1 85 3A EF A3 58 0D C2 76 2B E0 94
49 FE B2 67 1C D1 85 3A EF A3
48 4C 94 DF 2A 76 C1 0C 58 A3 EE 39 85 D0 1B 67 B2 FD 48
94 DF 2A 76 C1 0C 58 A3 EE 39 85 D0 1B 67 B2 FD 48
94 DF 2A 76 C1 0C 58 A3 EE 39 85 D0 1B 67 B2 FD 48
94 DF 2A 76 C1 0C 58 A3 EE 39 85
RhymeMess:
I tried to apply the same scheme to the first 128 bytes, but nothing meaningful appeared. Also subtracting 0x0c resulted in this:
7e 53 6a 54 5c 89 71 7f 88 20 f0 22 ae 10 93 7d ~SjT\.q.. ."...}
44 95 91 e7 d9 bc 76 a6 31 7b 76 cc 65 9e 73 33 D.....v.1{v.e.s3
c7 77 8a cd a0 cb 1d d4 25 67 41 16 d9 40 2e fd .w......%gA..@..
e3 19 e6 2a 8d 2f ce d6 79 a1 b3 95 74 71 63 cf ...*./..y...tqc.
cc 8c d7 49 26 d2 50 00 d6 37 7f f6 bd d7 b3 67 ...I&.P..7.....g
a2 d6 bb 02 6f 7e dc 7c d6 df 29 a1 94 1b 08 10 ....o~.|..).....
e7 df 96 e6 fb d4 a3 8a ee f9 35 09 7f 6d d9 e6 ..........5..m..
3c 60 32 e9 1d cb 3f b0 35 69 8f 80 f3 2d a2 8a <`2...?.5i...-..
5a 81 e4 ff 00 00 00 00 00 00 00 00 00 00 00 00 Z...............
00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
a2 ca 02 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 ................
Still not meaningfull, but the lower 128 bytes are not empty. 0x0c was chosen to zero out most of the lower half. "5a 81 e4 ff " might be a checksum1), "a2 ca 02 00" translates to 182946, but that doesn't mean anything to me... maybe I should check more footers...
*edit*
1) looking into more footers, it doesn't look like a checksum.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version