| Products > Test Equipment |
| Siglent .ads firmware file format |
| << < (50/85) > >> |
| janekivi:
Seems like this is Siglent fla file format there... Inside are 8 files. First is BIG. Probably software, app or this kind of stuff. Some parts are 300 bytes. Last 4 bytes of all parts are probably some kind of CRC. Looking at this shortest part, in 2 firmware they are identical, except last 16 bytes and last 4 after that. So there may be some kind of encryption using 8 or 16 byte chunks. All they may be reversed of course. And after that all is in Chinese. No files yet but there was even SDS5000 |
| tv84:
Seems like a checksum, not a CRC. But I haven't figure it out. Maybe it's used after decryption... SDS3K_SPO3ND_8.0.4.7.fla --- Code: ---00000000 - Manufacturer: Siglent 00000010 - Name 2: RELSVR (Release Version) 00000016 - FW Version: 8_0 00000020 - Encrypted Block [00000020-0A7EF09F] Size: 0A7EF080 0A7EF0A0 - (?) Checksum: D4CF5466 0A7EF0A4 - Manufacturer: Siglent 0A7EF0B4 - Name 2: RELSVR (Release Version) 0A7EF0BA - FW Version: 8_0 0A7EF0C4 - Encrypted Block [0A7EF0C4-0A9B1113] Size: 001C2050 0A9B1114 - (?) Checksum: 0047D675 0A9B1118 - Manufacturer: Siglent 0A9B1128 - Name 2: RELSVR (Release Version) 0A9B112E - FW Version: 8_0 0A9B1138 - Encrypted Block [0A9B1138-0AA71147] Size: 000C0010 0AA71148 - (?) Checksum: 0058FB6E 0AA7114C - Manufacturer: Siglent 0AA7115C - Name 2: RELSVR (Release Version) 0AA71162 - FW Version: 8_0 0AA7116C - Encrypted Block [0AA7116C-0AAB117B] Size: 00040010 0AAB117C - (?) Checksum: 010E0CB7 0AAB1180 - Manufacturer: Siglent 0AAB1190 - Name 2: RELSVR (Release Version) 0AAB1196 - FW Version: 8_0 0AAB11A0 - Encrypted Block [0AAB11A0-0AAB55EF] Size: 00004450 0AAB55F0 - (?) Checksum: 001A4498 0AAB55F4 - Manufacturer: Siglent 0AAB5604 - Name 2: RELSVR (Release Version) 0AAB560A - FW Version: 8_0 0AAB5614 - Encrypted Block [0AAB5614-0AB86743] Size: 000D1130 0AB86744 - (?) Checksum: 03CF6A7F 0AB86748 - Manufacturer: Siglent 0AB86758 - Name 2: RELSVR (Release Version) 0AB8675E - FW Version: 8_0 0AB86768 - Encrypted Block [0AB86768-0AB868B7] Size: 00000150 0AB868B8 - (?) Checksum: 00005FBB 0AB868BC - Manufacturer: Siglent 0AB868CC - Name 2: RELSVR (Release Version) 0AB868D2 - FW Version: 8_0 0AB868DC - Encrypted Block [0AB868DC-0AB8894B] Size: 00002070 0AB8894C - (?) Checksum: 000985B9 --- End code --- SDS3000E_8.4.1.4.fla --- Code: ---00000000 - Manufacturer: Siglent 00000010 - Name 2: RELSVR (Release Version) 00000016 - FW Version: 8_4 00000020 - Encrypted Block [00000020-0AD9DD3F] Size: 0AD9DD20 0AD9DD40 - (?) Checksum: F7B98E71 0AD9DD44 - Manufacturer: Siglent 0AD9DD54 - Name 2: RELSVR (Release Version) 0AD9DD5A - FW Version: 8_4 0AD9DD64 - Encrypted Block [0AD9DD64-0AF5FDB3] Size: 001C2050 0AF5FDB4 - (?) Checksum: 0047D675 0AF5FDB8 - Manufacturer: Siglent 0AF5FDC8 - Name 2: RELSVR (Release Version) 0AF5FDCE - FW Version: 8_4 0AF5FDD8 - Encrypted Block [0AF5FDD8-0B01FDE7] Size: 000C0010 0B01FDE8 - (?) Checksum: 0058FB6E 0B01FDEC - Manufacturer: Siglent 0B01FDFC - Name 2: RELSVR (Release Version) 0B01FE02 - FW Version: 8_4 0B01FE0C - Encrypted Block [0B01FE0C-0B05FE1B] Size: 00040010 0B05FE1C - (?) Checksum: 010E0B14 0B05FE20 - Manufacturer: Siglent 0B05FE30 - Name 2: RELSVR (Release Version) 0B05FE36 - FW Version: 8_4 0B05FE40 - Encrypted Block [0B05FE40-0B06428F] Size: 00004450 0B064290 - (?) Checksum: 001A4498 0B064294 - Manufacturer: Siglent 0B0642A4 - Name 2: RELSVR (Release Version) 0B0642AA - FW Version: 8_4 0B0642B4 - Encrypted Block [0B0642B4-0B135693] Size: 000D13E0 0B135694 - (?) Checksum: 03D03F96 0B135698 - Manufacturer: Siglent 0B1356A8 - Name 2: RELSVR (Release Version) 0B1356AE - FW Version: 8_4 0B1356B8 - Encrypted Block [0B1356B8-0B135807] Size: 00000150 0B135808 - (?) Checksum: 00005FB9 0B13580C - Manufacturer: Siglent 0B13581C - Name 2: RELSVR (Release Version) 0B135822 - FW Version: 8_4 0B13582C - Encrypted Block [0B13582C-0B13789B] Size: 00002070 0B13789C - (?) Checksum: 000985B9 --- End code --- maui_8.4.1.5.fla (LeCroy WS3000) --- Code: ---00000000 - Manufacturer: LeCroy 00000010 - Name 2: RELSVR (Release Version) 00000016 - FW Version: 8_4 00000020 - Encrypted Block [00000020-0AEE972F] Size: 0AEE9710 0AEE9730 - (?) Checksum: 0100856F 0AEE9734 - Manufacturer: LeCroy 0AEE9744 - Name 2: RELSVR (Release Version) 0AEE974A - FW Version: 8_4 0AEE9754 - Encrypted Block [0AEE9754-0B0AB7A3] Size: 001C2050 0B0AB7A4 - (?) Checksum: 00444D1E 0B0AB7A8 - Manufacturer: LeCroy 0B0AB7B8 - Name 2: RELSVR (Release Version) 0B0AB7BE - FW Version: 8_4 0B0AB7C8 - Encrypted Block [0B0AB7C8-0B16B7D7] Size: 000C0010 0B16B7D8 - (?) Checksum: 0058FB6E 0B16B7DC - Manufacturer: LeCroy 0B16B7EC - Name 2: RELSVR (Release Version) 0B16B7F2 - FW Version: 8_4 0B16B7FC - Encrypted Block [0B16B7FC-0B1AB80B] Size: 00040010 0B1AB80C - (?) Checksum: 010E10CC 0B1AB810 - Manufacturer: LeCroy 0B1AB820 - Name 2: RELSVR (Release Version) 0B1AB826 - FW Version: 8_4 0B1AB830 - Encrypted Block [0B1AB830-0B1AFC7F] Size: 00004450 0B1AFC80 - (?) Checksum: 001A4498 0B1AFC84 - Manufacturer: LeCroy 0B1AFC94 - Name 2: RELSVR (Release Version) 0B1AFC9A - FW Version: 8_4 0B1AFCA4 - Encrypted Block [0B1AFCA4-0B281083] Size: 000D13E0 0B281084 - (?) Checksum: 03D03F96 0B281088 - Manufacturer: LeCroy 0B281098 - Name 2: RELSVR (Release Version) 0B28109E - FW Version: 8_4 0B2810A8 - Encrypted Block [0B2810A8-0B2811F7] Size: 00000150 0B2811F8 - (?) Checksum: 00005FBA 0B2811FC - Manufacturer: LeCroy 0B28120C - Name 2: RELSVR (Release Version) 0B281212 - FW Version: 8_4 0B28121C - Encrypted Block [0B28121C-0B28328B] Size: 00002070 0B28328C - (?) Checksum: 000985B9 --- End code --- |
| janekivi:
Exactly, siglent checksum or crc like I name checksum for some reason. Like in "ads" calculations, value is depending from data size. For me the second header line looks like this: RELSVR8_0 - release version 8.0 RELSVR8_4 - release version 8.4 |
| tv84:
--- Quote from: janekivi on November 25, 2018, 04:09:54 pm ---Exactly, siglent checksum or crc like I name checksum for some reason. Like in "ads" calculations, value is depending from data size. For me the second header line looks like this: RELSVR8_0 - release version 8.0 RELSVR8_4 - release version 8.4 --- End quote --- Nice conclusion about "relsvr". But the rest is encrypted chinese. Without a memdump, I think I can't go any further... Unless your notepad/calculator produce some magic! |
| ewaller:
--- Quote from: tv84 on October 04, 2018, 09:02:12 pm ---How to open a telnet session in a Siglent when the root password is unknown? Use the following scripts, according to each equipment. They provide a root session via port 10101. --- End quote --- tv84, I have been lurking for a few days and am impressed by your contributions. I have ordered an SDS 1204x-e, but have not taken delivery of it as yet. I gather that when one "Installs" one of these ads files, it runs some script as root to do magic to the scope. Two questions: First, I cannot find where you have conveyed what these scripts specifically do. Would you state what it is they do? Second: Have you automated the process of creating an ads file? As many here may be aware, this instrument has been recently reported to have security issues by online security forums. The crux of the issue being a static root password for which the hash has been found. This thread, of course has promoted a hack by which the password is changed to a rather publicly known password. Ideally, it would be nice to provide a means for users to conveniently change the default root password for their own instrument. Also, it seems there are SCPI commands to permit the execution of command line commands. I have seen an indication these may run as root. Has anyone tried using this mechanism to send something along the lines of: bash -c "echo -e 'my_password\nmy_password" | passwd ?? I would not expect this to survive a reboot, but it might allow one to login in via telenet as root on the standaard port until said reboot. |
| Navigation |
| Message Index |
| Next page |
| Previous page |