Products > Test Equipment
Rigol DSXXXX .GEL firmware file format
Userli:
I guess that guiResData contains the references to the images in guiPicData.
Most likely their address and geometry is coded in there as well as the position at which they must be shown on the screen.
Fungus:
A really nice thing to do to start with which shouldn't be too difficult is to find the version number of the GEL file and hack it.
This would allow people to downgrade their firmware by fooling the scope into thinking old versions are actually newer so they can downgrade their firmware.
janekivi:
This is easiest trick. (In first look...)
You edit the firmware number by smallest step needed and scope say:
"A newer software version detected.
Update?
Model :DS1000Z
Version:00.04.03.02.05"
Where is the numbers. Just at the beginning. Bytes 10 .... 1F
Why smallest step? Because then You can update it many times.
If there is too big version nr, You need always increase it ...
(Actually I didn't let it to do update at this time, so it may not be sucess, but barely)
...and that's it, he checking it in all other places too
Userli:
Next success!
I decompressed guiPicData and compressed it again.
Then I created a new .GEL file with the newly compressed guiPicData and deployed it successfully to the scope.
Now we know that the Rigol decompression mechanism can handle files compressed by the 7z SDK.
This obviously doesn't mean, that it will always work but the probability is high that it does.
The next step will now be to change the Pluses, of which I still found two occurrences in the latest FW.
Concerning changing the version number: this is indeed easy.
You can even make it the same number as the one installed.
The scope will then ask you if you want to reinstall this version.
However, if by accident you put a number much bigger than the current one, you will have to tweak all subsequent FW files to this very version to make them install.
smithnerd:
--- Quote from: Userli on July 21, 2016, 05:46:12 pm ---Next success!
I decompressed guiPicData and compressed it again.
Then I created a new .GEL file with the newly compressed guiPicData and deployed it successfully to the scope.
Now we know that the Rigol decompression mechanism can handle files compressed by the 7z SDK.
This obviously doesn't mean, that it will always work but the probability is high that it does.
The next step will now be to change the Pluses, of which I still found two occurrences in the latest FW.
--- End quote ---
Great news about LZMA. I would counsel against trying to patch SparrowAPP.out at the moment, unless you have the ability to recover via JTAG. I have reason to believe that even trivial modification of this file will brick the scope.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version