FINALLY!!! After 3 years searching/waiting I was able to find this unicorn and look at some its innerworkings!
I confirmed the suspicions that the LeCroy WS3000 FW packages are AES128-CBC encrypted and the licensing methods used are the same as all other old WinCE LeCroy stuff. However it uses a different Blowfish key from the one that is public.
The analysis is ongoing as I want also to try and correctly parse the Siglent SDS3000 FW packages.
As a useless teaser, here is the "usual" options config file taken from inside.