Products > Test Equipment

Siglent .ads firmware file format

<< < (38/85) > >>

janekivi:
Oh crap. I could have let you to walk the same way. But you can test my theory and find those
patterns and XOR regions and crypted places. It was straightforward because inside was zip.
Some stuff you can find by scrolling id up and down in "notepad", because XOR FF pattern is
easily visible in 00 regions and in other places data is looking so alien. Crypted parts I found
simply by unziping it by cutted pieces to see if output ends now as it ends by unziping full file.
If output was shorter - I did cut file too early, if output was the same - my piece was longer
or right size, then I shortened it by one byte for test. With this method I found exact places
without decompiling update file reading part in app. I don't know can I now find something
like this with IDA... probably no, I would use notepad and calculator, maybe a little bit python.

I didn't cut the header off - 72 or 112 bytes and after reverse it was at the end, that's why
there was offset in file center calculation (j = len(b)/2-36) or (j = len(b)/2-56)

tv84:
The file is attached.

The 2 encrypted blocks have 0x2800 and 0x1400 sizes, as my parsings show. It shouldn't be too dificult to find where they are located. The key is available inside an .app file.

Study what janekivi linked (the 3DES implemented is "Siglent 3DES", not standard 3DES).

Have fun!

kerouanton:
Thank you both of you for your kind answer, and the file.

I will keep you informed of my findings! it is like a puzzle game, indeed.

PhilipPeake:
This may be common knowledge, but I was about to try fixing the root password for my SDS1102X running SDS1000X_V100R001B01D02P1510.ADS, and discovered that there is no telnet service running. Only Ports 111 and 9009.

So much for my idea of trying to upgrade the bandwidth - at least until there is enough progress here to decode and re-assemble the entire thing.

BillB:

--- Quote from: PhilipPeake on July 17, 2018, 10:46:09 pm ---This may be common knowledge, but I was about to try fixing the root password for my SDS1102X running SDS1000X_V100R001B01D02P1510.ADS, and discovered that there is no telnet service running. Only Ports 111 and 9009.

So much for my idea of trying to upgrade the bandwidth - at least until there is enough progress here to decode and re-assemble the entire thing.

--- End quote ---

The same with the SPD3303X-E.  Open ports 111,9009 and no telnet.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

There was an error while thanking
Thanking...
Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod