Products > Test Equipment
Siglent .ads firmware file format
markus_jlrb:
@janekivi
could you please confirm that my understanding of your FWF conversion/decryption
is right or correct it if I made an error.
1) first step is turn the .ads file around (or look it backwards)
2) XOR FF it with pattern bytes 0, 1, 3, 6, A, F and so on - space increasing by 1 <== could yo please explain 0,1,3,6,A,F...
3) XOR FF it from center (file length - 72)/2 as file have 72 byte header (now at the end) <== XOR every FW byte with FF - right?
So I extract your description and wrote my own Python script that do the tree actions like listed below:
Reverse FW File:
=============
according to outfile.write(bytes(byte_list[::-1]))
First XOR:
=========
a = 0
i = 0
j = 0
i = len(b)
while j < i:
b[j] ^= 0xFF
j = j + a + 1
a = a + 1
Second XOR form Pos len(b)/2-36:
================================
i = len(b)
j = len(b)/2-36
while j < i:
b[j] ^= 0xFF
j = j + 1
Thanks for your effort and helpfull hints.
Markus
tv84:
Markus,
msg 99 of this thread:
https://www.eevblog.com/forum/testgear/siglent-ads-firmware-file-format/msg1335892/#msg1335892
You have the parsing of all files. You can see there some indication about the half-file to xor for question 3.
Your 2nd step is correct.
Before 1st step you could(should) parse the file header. But, since you can't decrypt yet...
After doing the xor-deobfuscation you will be able to extract the shadow but you can't reconstruct the zip file because of the encrypted areas... you need to tackle the decryption.
markus_jlrb:
@tv84,
thanks for your repley,
but I'm a bit confused about the ads. fw file checksum issue.
According to the thread #99 the FW file
SDS2000x_1.2.2.2R10.ADS CRC32: FBD42874
has the above checksum, but
according to the python fragment listed in thred #74
that I included in my script, see below,
>./ads_fwf_checksum.py SDS2000x_1.2.2.2R10.ADS
ED2FE8CD - 32 bit checksum
CD - 8 bit checksum
>cat ./ads_fwf_checksum.py
#! /usr/bin/python3
import sys, os, shutil
import functools
input = sys.argv[1]
data = bytearray(open(input, 'rb').read())
csum = functools.reduce(lambda x,y: x+y, data, 0)
csum = ~csum + 1
csum = csum & 0xffffffff # the only difference is here
print (format(csum, 'X'),"- 32 bit checksum")
csum = csum & 0xff # the only difference is here
print (" ",format(csum, 'X'),"- 8 bit checksum")
the checksum differs <== ????
Have you an idea whats wrong?
Thanks
Markus
tv84:
When I mention:
SDS2000x_1.2.2.2R10.ADS CRC32: FBD42874
is just for a integrity check of the ADS in question.
It's calculated with the general CRC-32 algo and it's 100% correct. Maybe you are not implementing the right CRC-32. There are plenty of options, I don 't know if you are aware of.
http://www.sunshine2k.de/coding/javascript/crc/crc_js.html
It's the first option of CRC32.
markus_jlrb:
@tv84,
>./ads_fwf_checksum.py SDS2000x_1.2.2.2R10.ADS
ED2FE8CD - 32 bit checksum
CD - 8 bit checksum
FBD42874 - 32 bit checksum
74 - 8 bit checksum
now the crc32 result looks ok.
I had used the crc32.py module from
https://github.com/StalkR/misc/blob/master/crypto/crc32.py
After replacement of "ord(c)" by "c" as the read function fetch
a byte stream, I was able to calc the crc32 sum of the .ads fwf.
Thanks
Markus
>cat ./ads_fwf_checksum.py
#! /usr/bin/python3
import sys, os, shutil
import functools
from crc32 import CRC32
input = sys.argv[1]
data = bytearray(open(input, 'rb').read())
# Or data can be declared directly
# data = bytes([0x02,0x00,0x00,0x04,0x00,0x00]);
csum = functools.reduce(lambda x,y: x+y, data, 0)
csum = ~csum + 1
csum = csum & 0xffffffff # the only difference is here
print (format(csum, 'X'),"- 32 bit checksum")
csum = csum & 0xff # the only difference is here
print (" ",format(csum, 'X'),"- 8 bit checksum")
csum2 = CRC32().calc(data)
print (format(csum2, 'X'),"- 32 bit checksum")
csum2 = csum2 & 0xff # the only difference is here
print (" ",format(csum2, 'X'),"- 8 bit checksum")
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version