Products > Test Equipment
Rigol DSXXXX .GEL firmware file format
RhymeMess:
Here are a few more:
--- Code: ---DS1000Z-00.04.00.00.00-7/footer
93 9b 52 47 96 e8 8e d5 84 37 fa bf c7 ba 87 5a ..RG.....7.....Z
85 ad f6 db b1 7b bd 9c 00 1c a4 ab 69 3e 7f 1f .....{......i>..
02 7e b3 49 10 eb 6b 06 6d d5 c8 64 1c 34 6d a9 .~.I..k.m..d.4m.
9f ad b0 22 0d d5 54 5d cc 19 f2 19 30 50 6b 96 ..."..T]....0Pk.
a1 de 19 3e 3d 8d 89 c0 ae 14 d8 b9 a4 f2 a9 f4 ...>=...........
05 76 75 ea de ad 99 8e af cf 29 b9 e4 21 0e 4a .vu.......)..!.J
46 d2 60 39 07 47 d5 3e 28 24 50 e9 fd e3 e1 db F.`9.G.>($P.....
5e eb c0 2b 6e 94 c4 21 f0 5e 3c 5f ef 40 30 6f ^..+n..!.^<_.@0o
ee 5d 5b fc 01 00 01 01 01 00 01 01 00 01 01 01 .][.............
00 01 01 00 01 01 00 01 01 01 00 01 01 00 01 01 ................
01 00 01 01 00 01 01 00 01 01 01 00 01 01 00 01 ................
01 01 00 01 01 00 01 01 00 01 01 01 00 01 01 00 ................
a7 48 04 01 01 00 01 01 00 01 01 01 00 01 01 00 .H..............
01 01 01 00 01 01 00 01 01 00 01 01 01 00 01 01 ................
00 01 01 01 00 01 01 00 01 01 00 01 01 01 00 01 ................
01 00 01 01 01 00 01 01 00 01 01 00 01 01 01 00 ................
DS1000Z-00.04.01.02.00-7/footer
3d 84 28 8c 01 05 50 51 bd 72 d2 e6 98 6c 8b 38 =.(...PQ.r...l.8
8b b7 8f 6e fe 3b 4c c5 60 ba 78 43 18 d9 c8 81 ...n.;L.`.xC....
08 b8 bb 8a f0 65 9a a4 f2 ed e5 b3 41 bb 7b f7 .....e......A.{.
33 42 7a bb 77 27 3d 91 09 e8 81 02 dc 4c 7a 65 3Bz.w'=......Lze
ef a8 e5 cb b0 65 8d 52 0d ee b5 b9 9b 22 96 3e .....e.R.....".>
d4 eb d0 23 87 6e 46 54 22 f7 40 b0 32 4a a9 26 ...#.nFT".@.2J.&
24 64 34 25 a9 81 f7 73 63 74 9b 3e 4d 5c 88 18 $d4%...sct.>M\..
27 4c 03 1d 9a 8e cd ce 4f ea 83 85 c0 41 43 56 'L......O....ACV
a0 03 5c 00 00 00 00 00 00 00 00 00 00 00 00 00 ..\.............
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 c0 08 91 91 90 91 91 90 91 90 91 90 91 91 90 ................
6f 3e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 o>..............
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 90 91 90 91 90 91 90 91 91 90 91 90 91 90 ................
DS1000Z-00.04.02.04.07-7/footer
c0 59 10 67 65 49 50 96 a6 1b 47 42 3e 2a b5 87 .Y.geIP...GB>*..
0d 56 87 48 4b c6 a3 76 8d 9c ca 84 34 98 32 2a .V.HK..v....4.2*
f0 d9 08 8f f7 bd 18 04 04 84 49 36 7b 51 36 2b ..........I6{Q6+
d1 5e a3 3f f8 96 ea 5d 61 64 53 14 24 ad d8 50 .^.?...]adS.$..P
93 84 5e 75 ff 9a af 76 01 30 e8 9d 4e cc ac 23 ..^u...v.0..N..#
0a 30 00 85 30 59 67 da 02 91 bb a2 15 e8 03 c0 .0..0Yg.........
48 58 a2 06 84 a7 42 9d f5 79 f7 b3 00 4b 2d 41 HX....B..y...K-A
eb dc a9 b8 4c 08 d7 ca f6 73 72 dd 97 9f 7d 95 ....L....sr...}.
f6 cc bf 00 00 00 01 00 00 01 00 00 00 01 00 00 ................
01 00 00 01 00 00 01 00 00 00 01 00 00 01 00 00 ................
01 00 00 01 00 00 01 00 00 00 01 00 00 01 00 00 ................
01 00 00 01 00 00 00 01 00 00 01 00 00 01 00 00 ................
5a 4f 02 00 00 01 00 00 01 00 00 01 00 00 00 01 ZO..............
00 00 01 00 00 01 00 00 01 00 00 00 01 00 00 01 ................
00 00 01 00 00 01 00 00 00 01 00 00 01 00 00 01 ................
00 00 01 00 00 01 00 00 00 01 00 00 01 00 00 01 ................
DS1000Z-00.04.03.01.05-7/footer
7e 53 6a 54 5c 89 71 7f 88 20 f0 22 ae 10 93 7d ~SjT\.q.. ."...}
44 95 91 e7 d9 bc 76 a6 31 7b 76 cc 65 9e 73 33 D.....v.1{v.e.s3
c7 77 8a cd a0 cb 1d d4 25 67 41 16 d9 40 2e fd .w......%gA..@..
e3 19 e6 2a 8d 2f ce d6 79 a1 b3 95 74 71 63 cf ...*./..y...tqc.
cc 8c d7 49 26 d2 50 00 d6 37 7f f6 bd d7 b3 67 ...I&.P..7.....g
a2 d6 bb 02 6f 7e dc 7c d6 df 29 a1 94 1b 08 10 ....o~.|..).....
e7 df 96 e6 fb d4 a3 8a ee f9 35 09 7f 6d d9 e6 ..........5..m..
3c 60 32 e9 1d cb 3f b0 35 69 8f 80 f3 2d a2 8a <`2...?.5i...-..
5a 81 e4 ff 00 00 00 00 00 00 00 00 00 00 00 00 Z...............
00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
a2 ca 02 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 ................
DS1000Z-00.04.00.00.00-15/footer
da 5a 4d 70 5c 55 15 22 b8 df f1 ef 3b 36 ad aa .ZMp\U."....;6..
26 db 84 b8 5d db 26 06 ee af b4 a4 2e 04 a9 35 &...].&........5
4a 98 d4 d2 5b 56 73 18 ae d1 34 3a 24 4c 01 f1 J...[Vs...4:$L..
e9 41 df 4b 56 93 fc ed 99 62 c5 51 b1 3a f3 20 .A.KV....b.Q.:.
a6 69 c9 56 7d 17 2d fd 82 6f eb 2d d4 53 2d 72 .i.V}.-..o.-.S-r
c7 4e 41 c4 e2 e5 5c b0 f1 6f cc c3 d3 47 aa a0 .NA...\..o...G..
40 d0 09 9f 76 8c 7f f5 dd 5a 7a 93 a6 c9 7f 6c @...v....Zz....l
73 fa a3 c9 85 e9 aa 0b 9d cb 07 80 79 1a 49 5e s...........y.I^
31 90 f5 00 00 01 00 00 01 00 00 00 01 00 00 00 1...............
01 00 00 01 00 00 00 01 00 00 00 01 00 00 01 00 ................
00 00 01 00 00 00 01 00 00 01 00 00 00 01 00 00 ................
00 01 00 00 01 00 00 00 01 00 00 01 00 00 00 01 ................
c0 69 01 00 00 01 00 00 00 01 00 00 01 00 00 00 .i..............
01 00 00 00 01 00 00 01 00 00 00 01 00 00 01 00 ................
00 00 01 00 00 00 01 00 00 01 00 00 00 01 00 00 ................
00 01 00 00 01 00 00 00 01 00 00 00 01 00 00 01 ................
--- End code ---
The first 20 and last 4 bytes are always the same. The value I substracted is not and I have no real clue where to look for it. I just used the difference between bytes 160 and 161 because that kinda worked.
Userli:
Very interesting!
Look at it like this:
--- Code: ---A3 30 20
2B 37 43 4F
5B 67 73 7F
8B 97 A3 AF
BB C7 D3 DF
EB F7 03
10
1C 28 34 40
4C 58 64 70
7C 88 94 A0
AC B8 C4 D0
DC E8 F4 00
0D 19 25 31
3D 49 55 61
6D 79 85 91
9D A9 B5 C1
CD D9 E5 F1
FD
4F 79
6B 5F 53 47
3B 2F 23 17
0B FF F2 E6
DA CE C2 B6
AA 9E 92 86
7A 6E 62 56
4A 3E 32 26
1A 0E 02 F6
E9 DD D1 C5
B9 AD A1 95
89 7D 71 65
59 4D 41 35
29 1D 11 05
F9
EC E0 D4 C8
BC B0 A4 98
8C
--- End code ---
RoGeorge:
This post is just to easily follow the subject.
janekivi:
After reading some memory dumps thru the jtag I didn't find there anything helpful.
In one point was license code and serial number did end there with DSER. Before
was some 7 byte keys, like from RIGLOL source: 7A3E808599A525
and 46C5B8D451045C which is not from there.
I didn't find any other keys used in RIGLOL.
When it reads the SD, I saw there all my deleted files too in TOC.
During update there was full previous GEL file and next from SD card. In one point
it reads last 486 bytes from update file where at the end is 280 bytes footer.
But how it checking this footer and what's there inside I don't know yet.
Somehow the last part is having strange pattern and there are probably zeros
with 3 byte and 2 byte data. Then it can be crypted with RC5 and 8 bit buffer.
But I don't know... there are probably some more algorithms for key and data.
smithnerd:
--- Quote from: janekivi on November 23, 2016, 06:57:27 pm --- there are probably some more algorithms for key and data.
--- End quote ---
I've made quite a bit of progress with this. I'll try to spend a couple of hours tomorrow documenting what I've found...
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version