| Products > Test Equipment |
| Siglent .ads firmware file format |
| << < (27/85) > >> |
| markus_jlrb:
@janekivi could you please confirm that my understanding of your FWF conversion/decryption is right or correct it if I made an error. 1) first step is turn the .ads file around (or look it backwards) 2) XOR FF it with pattern bytes 0, 1, 3, 6, A, F and so on - space increasing by 1 <== could yo please explain 0,1,3,6,A,F... 3) XOR FF it from center (file length - 72)/2 as file have 72 byte header (now at the end) <== XOR every FW byte with FF - right? So I extract your description and wrote my own Python script that do the tree actions like listed below: Reverse FW File: ============= according to outfile.write(bytes(byte_list[::-1])) First XOR: ========= a = 0 i = 0 j = 0 i = len(b) while j < i: b[j] ^= 0xFF j = j + a + 1 a = a + 1 Second XOR form Pos len(b)/2-36: ================================ i = len(b) j = len(b)/2-36 while j < i: b[j] ^= 0xFF j = j + 1 Thanks for your effort and helpfull hints. Markus |
| tv84:
Markus, msg 99 of this thread: https://www.eevblog.com/forum/testgear/siglent-ads-firmware-file-format/msg1335892/#msg1335892 You have the parsing of all files. You can see there some indication about the half-file to xor for question 3. Your 2nd step is correct. Before 1st step you could(should) parse the file header. But, since you can't decrypt yet... After doing the xor-deobfuscation you will be able to extract the shadow but you can't reconstruct the zip file because of the encrypted areas... you need to tackle the decryption. |
| markus_jlrb:
@tv84, thanks for your repley, but I'm a bit confused about the ads. fw file checksum issue. According to the thread #99 the FW file SDS2000x_1.2.2.2R10.ADS CRC32: FBD42874 has the above checksum, but according to the python fragment listed in thred #74 that I included in my script, see below, >./ads_fwf_checksum.py SDS2000x_1.2.2.2R10.ADS ED2FE8CD - 32 bit checksum CD - 8 bit checksum >cat ./ads_fwf_checksum.py #! /usr/bin/python3 import sys, os, shutil import functools input = sys.argv[1] data = bytearray(open(input, 'rb').read()) csum = functools.reduce(lambda x,y: x+y, data, 0) csum = ~csum + 1 csum = csum & 0xffffffff # the only difference is here print (format(csum, 'X'),"- 32 bit checksum") csum = csum & 0xff # the only difference is here print (" ",format(csum, 'X'),"- 8 bit checksum") the checksum differs <== ???? Have you an idea whats wrong? Thanks Markus |
| tv84:
When I mention: SDS2000x_1.2.2.2R10.ADS CRC32: FBD42874 is just for a integrity check of the ADS in question. It's calculated with the general CRC-32 algo and it's 100% correct. Maybe you are not implementing the right CRC-32. There are plenty of options, I don 't know if you are aware of. http://www.sunshine2k.de/coding/javascript/crc/crc_js.html It's the first option of CRC32. |
| markus_jlrb:
@tv84, >./ads_fwf_checksum.py SDS2000x_1.2.2.2R10.ADS ED2FE8CD - 32 bit checksum CD - 8 bit checksum FBD42874 - 32 bit checksum 74 - 8 bit checksum now the crc32 result looks ok. I had used the crc32.py module from https://github.com/StalkR/misc/blob/master/crypto/crc32.py After replacement of "ord(c)" by "c" as the read function fetch a byte stream, I was able to calc the crc32 sum of the .ads fwf. Thanks Markus >cat ./ads_fwf_checksum.py #! /usr/bin/python3 import sys, os, shutil import functools from crc32 import CRC32 input = sys.argv[1] data = bytearray(open(input, 'rb').read()) # Or data can be declared directly # data = bytes([0x02,0x00,0x00,0x04,0x00,0x00]); csum = functools.reduce(lambda x,y: x+y, data, 0) csum = ~csum + 1 csum = csum & 0xffffffff # the only difference is here print (format(csum, 'X'),"- 32 bit checksum") csum = csum & 0xff # the only difference is here print (" ",format(csum, 'X'),"- 8 bit checksum") csum2 = CRC32().calc(data) print (format(csum2, 'X'),"- 32 bit checksum") csum2 = csum2 & 0xff # the only difference is here print (" ",format(csum2, 'X'),"- 8 bit checksum") |
| Navigation |
| Message Index |
| Next page |
| Previous page |