Products > Test Equipment
Siglent .ads firmware file format
<< < (27/85) > >>
markus_jlrb:
@janekivi

could you please confirm that my understanding of your FWF conversion/decryption
is right or correct it if I made an error.

1) first step is turn the .ads file around (or look it backwards)

2) XOR FF it with pattern bytes 0, 1, 3, 6, A, F and so on - space increasing by 1 <== could yo please explain 0,1,3,6,A,F...

3) XOR FF it from center (file length - 72)/2 as file have 72 byte header (now at the end) <== XOR every FW byte with FF - right?

So I extract your description and wrote my own Python script that do the tree actions like listed below:

Reverse FW File:
=============
according to  outfile.write(bytes(byte_list[::-1]))


First XOR:
=========
a = 0
i = 0
j = 0
i = len(b)
while j < i:
    b[j] ^= 0xFF
    j = j + a + 1
    a = a + 1

Second XOR form Pos len(b)/2-36:
================================
i = len(b)
j = len(b)/2-36
while j < i:
    b[j] ^= 0xFF
    j = j + 1


Thanks for your effort and helpfull hints.

Markus
tv84:
Markus,

msg 99 of this thread:

https://www.eevblog.com/forum/testgear/siglent-ads-firmware-file-format/msg1335892/#msg1335892

You have the parsing of all files. You can see there some indication about the half-file to xor for question 3.

Your 2nd step is correct.

Before 1st step you could(should) parse the file header. But, since you can't decrypt yet...

After doing the xor-deobfuscation you will be able to extract the shadow but you can't reconstruct the zip file because of the encrypted areas... you need to tackle the decryption.
markus_jlrb:
@tv84,

thanks for your repley,

but I'm a bit confused about the ads. fw file checksum issue.

According to the thread #99 the FW file

SDS2000x_1.2.2.2R10.ADS  CRC32: FBD42874

has the above checksum, but

according to the python fragment listed in thred #74
that I included in my script, see below,

>./ads_fwf_checksum.py SDS2000x_1.2.2.2R10.ADS
ED2FE8CD - 32 bit checksum
      CD -  8 bit checksum

>cat ./ads_fwf_checksum.py
#! /usr/bin/python3

import sys, os, shutil
import functools

input = sys.argv[1]

data = bytearray(open(input, 'rb').read())

csum = functools.reduce(lambda x,y: x+y, data, 0)
csum = ~csum + 1
csum = csum & 0xffffffff # the only difference is here
print (format(csum, 'X'),"- 32 bit checksum")
csum = csum & 0xff # the only difference is here
print ("     ",format(csum, 'X'),"-  8 bit checksum")


the checksum differs <== ????

Have you an idea whats wrong?


Thanks

Markus
tv84:
When I mention:

SDS2000x_1.2.2.2R10.ADS  CRC32: FBD42874

is just for a integrity check of the ADS in question.

It's calculated with the general CRC-32 algo and it's 100% correct. Maybe you are not implementing the right CRC-32. There are plenty of options, I don 't know if you are aware of.

http://www.sunshine2k.de/coding/javascript/crc/crc_js.html

It's the first option of CRC32.
markus_jlrb:
@tv84,

>./ads_fwf_checksum.py SDS2000x_1.2.2.2R10.ADS
ED2FE8CD - 32 bit checksum
      CD -  8 bit checksum
FBD42874 - 32 bit checksum
      74 -  8 bit checksum

now the crc32 result looks ok.

I had used the crc32.py module from
https://github.com/StalkR/misc/blob/master/crypto/crc32.py

After replacement of "ord(c)" by "c" as the read function fetch
a byte stream, I was able to calc the crc32 sum of the .ads fwf.

Thanks
Markus

>cat ./ads_fwf_checksum.py
#! /usr/bin/python3

import sys, os, shutil
import functools
from crc32 import CRC32

input = sys.argv[1]

data = bytearray(open(input, 'rb').read())

# Or data can be declared directly
# data = bytes([0x02,0x00,0x00,0x04,0x00,0x00]);

csum = functools.reduce(lambda x,y: x+y, data, 0)
csum = ~csum + 1
csum = csum & 0xffffffff # the only difference is here
print (format(csum, 'X'),"- 32 bit checksum")
csum = csum & 0xff # the only difference is here
print ("     ",format(csum, 'X'),"-  8 bit checksum")

csum2 = CRC32().calc(data)
print (format(csum2, 'X'),"- 32 bit checksum")
csum2 = csum2 & 0xff # the only difference is here
print ("     ",format(csum2, 'X'),"-  8 bit checksum")
Navigation
Message Index
Next page
Previous page
There was an error while thanking
Thanking...

Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod