Products > Test Equipment
Siglent .ads firmware file format
<< < (50/85) > >>
janekivi:
Seems like this is Siglent fla file format there...
Inside are 8 files. First is BIG. Probably software, app or this kind of stuff.
Some parts are 300 bytes. Last 4 bytes of all parts are probably some kind
of CRC. Looking at this shortest part, in 2 firmware they are identical, except
last 16 bytes and last 4 after that. So there may be some kind of encryption
using 8 or 16 byte chunks. All they may be reversed of course. And after that
all is in Chinese.

No files yet but there was even SDS5000
tv84:
Seems like a checksum, not a CRC. But I haven't figure it out. Maybe it's used after decryption...

SDS3K_SPO3ND_8.0.4.7.fla

--- Code: ---00000000 - Manufacturer: Siglent
00000010 - Name 2: RELSVR  (Release Version)
00000016 - FW Version: 8_0
00000020 - Encrypted Block [00000020-0A7EF09F]  Size: 0A7EF080
0A7EF0A0 - (?) Checksum: D4CF5466

0A7EF0A4 - Manufacturer: Siglent
0A7EF0B4 - Name 2: RELSVR  (Release Version)
0A7EF0BA - FW Version: 8_0
0A7EF0C4 - Encrypted Block [0A7EF0C4-0A9B1113]  Size: 001C2050
0A9B1114 - (?) Checksum: 0047D675

0A9B1118 - Manufacturer: Siglent
0A9B1128 - Name 2: RELSVR  (Release Version)
0A9B112E - FW Version: 8_0
0A9B1138 - Encrypted Block [0A9B1138-0AA71147]  Size: 000C0010
0AA71148 - (?) Checksum: 0058FB6E

0AA7114C - Manufacturer: Siglent
0AA7115C - Name 2: RELSVR  (Release Version)
0AA71162 - FW Version: 8_0
0AA7116C - Encrypted Block [0AA7116C-0AAB117B]  Size: 00040010
0AAB117C - (?) Checksum: 010E0CB7

0AAB1180 - Manufacturer: Siglent
0AAB1190 - Name 2: RELSVR  (Release Version)
0AAB1196 - FW Version: 8_0
0AAB11A0 - Encrypted Block [0AAB11A0-0AAB55EF]  Size: 00004450
0AAB55F0 - (?) Checksum: 001A4498

0AAB55F4 - Manufacturer: Siglent
0AAB5604 - Name 2: RELSVR  (Release Version)
0AAB560A - FW Version: 8_0
0AAB5614 - Encrypted Block [0AAB5614-0AB86743]  Size: 000D1130
0AB86744 - (?) Checksum: 03CF6A7F

0AB86748 - Manufacturer: Siglent
0AB86758 - Name 2: RELSVR  (Release Version)
0AB8675E - FW Version: 8_0
0AB86768 - Encrypted Block [0AB86768-0AB868B7]  Size: 00000150
0AB868B8 - (?) Checksum: 00005FBB

0AB868BC - Manufacturer: Siglent
0AB868CC - Name 2: RELSVR  (Release Version)
0AB868D2 - FW Version: 8_0
0AB868DC - Encrypted Block [0AB868DC-0AB8894B]  Size: 00002070
0AB8894C - (?) Checksum: 000985B9

--- End code ---

SDS3000E_8.4.1.4.fla

--- Code: ---00000000 - Manufacturer: Siglent
00000010 - Name 2: RELSVR  (Release Version)
00000016 - FW Version: 8_4
00000020 - Encrypted Block [00000020-0AD9DD3F]  Size: 0AD9DD20
0AD9DD40 - (?) Checksum: F7B98E71

0AD9DD44 - Manufacturer: Siglent
0AD9DD54 - Name 2: RELSVR  (Release Version)
0AD9DD5A - FW Version: 8_4
0AD9DD64 - Encrypted Block [0AD9DD64-0AF5FDB3]  Size: 001C2050
0AF5FDB4 - (?) Checksum: 0047D675

0AF5FDB8 - Manufacturer: Siglent
0AF5FDC8 - Name 2: RELSVR  (Release Version)
0AF5FDCE - FW Version: 8_4
0AF5FDD8 - Encrypted Block [0AF5FDD8-0B01FDE7]  Size: 000C0010
0B01FDE8 - (?) Checksum: 0058FB6E

0B01FDEC - Manufacturer: Siglent
0B01FDFC - Name 2: RELSVR  (Release Version)
0B01FE02 - FW Version: 8_4
0B01FE0C - Encrypted Block [0B01FE0C-0B05FE1B]  Size: 00040010
0B05FE1C - (?) Checksum: 010E0B14

0B05FE20 - Manufacturer: Siglent
0B05FE30 - Name 2: RELSVR  (Release Version)
0B05FE36 - FW Version: 8_4
0B05FE40 - Encrypted Block [0B05FE40-0B06428F]  Size: 00004450
0B064290 - (?) Checksum: 001A4498

0B064294 - Manufacturer: Siglent
0B0642A4 - Name 2: RELSVR  (Release Version)
0B0642AA - FW Version: 8_4
0B0642B4 - Encrypted Block [0B0642B4-0B135693]  Size: 000D13E0
0B135694 - (?) Checksum: 03D03F96

0B135698 - Manufacturer: Siglent
0B1356A8 - Name 2: RELSVR  (Release Version)
0B1356AE - FW Version: 8_4
0B1356B8 - Encrypted Block [0B1356B8-0B135807]  Size: 00000150
0B135808 - (?) Checksum: 00005FB9

0B13580C - Manufacturer: Siglent
0B13581C - Name 2: RELSVR  (Release Version)
0B135822 - FW Version: 8_4
0B13582C - Encrypted Block [0B13582C-0B13789B]  Size: 00002070
0B13789C - (?) Checksum: 000985B9

--- End code ---

maui_8.4.1.5.fla  (LeCroy WS3000)

--- Code: ---00000000 - Manufacturer: LeCroy
00000010 - Name 2: RELSVR  (Release Version)
00000016 - FW Version: 8_4
00000020 - Encrypted Block [00000020-0AEE972F]  Size: 0AEE9710
0AEE9730 - (?) Checksum: 0100856F

0AEE9734 - Manufacturer: LeCroy
0AEE9744 - Name 2: RELSVR  (Release Version)
0AEE974A - FW Version: 8_4
0AEE9754 - Encrypted Block [0AEE9754-0B0AB7A3]  Size: 001C2050
0B0AB7A4 - (?) Checksum: 00444D1E

0B0AB7A8 - Manufacturer: LeCroy
0B0AB7B8 - Name 2: RELSVR  (Release Version)
0B0AB7BE - FW Version: 8_4
0B0AB7C8 - Encrypted Block [0B0AB7C8-0B16B7D7]  Size: 000C0010
0B16B7D8 - (?) Checksum: 0058FB6E

0B16B7DC - Manufacturer: LeCroy
0B16B7EC - Name 2: RELSVR  (Release Version)
0B16B7F2 - FW Version: 8_4
0B16B7FC - Encrypted Block [0B16B7FC-0B1AB80B]  Size: 00040010
0B1AB80C - (?) Checksum: 010E10CC

0B1AB810 - Manufacturer: LeCroy
0B1AB820 - Name 2: RELSVR  (Release Version)
0B1AB826 - FW Version: 8_4
0B1AB830 - Encrypted Block [0B1AB830-0B1AFC7F]  Size: 00004450
0B1AFC80 - (?) Checksum: 001A4498

0B1AFC84 - Manufacturer: LeCroy
0B1AFC94 - Name 2: RELSVR  (Release Version)
0B1AFC9A - FW Version: 8_4
0B1AFCA4 - Encrypted Block [0B1AFCA4-0B281083]  Size: 000D13E0
0B281084 - (?) Checksum: 03D03F96

0B281088 - Manufacturer: LeCroy
0B281098 - Name 2: RELSVR  (Release Version)
0B28109E - FW Version: 8_4
0B2810A8 - Encrypted Block [0B2810A8-0B2811F7]  Size: 00000150
0B2811F8 - (?) Checksum: 00005FBA

0B2811FC - Manufacturer: LeCroy
0B28120C - Name 2: RELSVR  (Release Version)
0B281212 - FW Version: 8_4
0B28121C - Encrypted Block [0B28121C-0B28328B]  Size: 00002070
0B28328C - (?) Checksum: 000985B9

--- End code ---
janekivi:
Exactly, siglent checksum or crc like I name checksum for some reason.
Like in "ads" calculations, value is depending from data size.

For me the second header line looks like this:
RELSVR8_0  -  release version 8.0
RELSVR8_4  -  release version 8.4
tv84:

--- Quote from: janekivi on November 25, 2018, 04:09:54 pm ---Exactly, siglent checksum or crc like I name checksum for some reason.
Like in "ads" calculations, value is depending from data size.

For me the second header line looks like this:
RELSVR8_0  -  release version 8.0
RELSVR8_4  -  release version 8.4

--- End quote ---

Nice conclusion about "relsvr". But the rest is encrypted chinese.

Without a memdump, I think I can't go any further...  Unless your notepad/calculator produce some magic!
ewaller:

--- Quote from: tv84 on October 04, 2018, 09:02:12 pm ---How to open a telnet session in a Siglent when the root password is unknown?

Use the following scripts, according to each equipment.

They provide a root session via port 10101.

--- End quote ---

tv84,

I have been lurking for a few days and am impressed by your contributions.   I have ordered an SDS 1204x-e, but have not taken delivery of it as yet.  I gather that when one "Installs" one of these ads files, it runs some script as root to do magic to the scope.   Two questions:  First, I cannot find where you have conveyed what these scripts specifically do.  Would you state what it is they do?  Second:  Have you automated the process of creating an ads file?

As many here may be aware, this instrument has been recently reported to have security issues by online security forums.  The crux of the issue being a static root password for which the hash has been found.  This thread, of course has promoted a hack by which the password is changed to a rather publicly known password.   Ideally, it would be nice to provide a means for users to conveniently change the default root password for their own instrument.

Also, it seems there are SCPI commands to permit the execution of command line commands.  I have seen an indication these may run as root.  Has anyone tried using this mechanism to send something along the lines of:

bash -c "echo -e 'my_password\nmy_password" | passwd

??
I would not expect this to survive a reboot, but it might allow one to login in via telenet as root on the standaard port until said reboot.
Navigation
Message Index
Next page
Previous page
There was an error while thanking
Thanking...

Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod