Author Topic: Door to improve Siglent SSA3021X PLUS now closed?  (Read 4527 times)

0 Members and 1 Guest are viewing this topic.

Offline ltvs88

  • Contributor
  • Posts: 8
  • Country: at
Door to improve Siglent SSA3021X PLUS now closed?
« on: December 24, 2019, 02:35:27 am »
Hi there,

I have ordered a brand new Siglent SSA3021X Plus Spectrum Analyzer and wanted to improve it a bit.

I have used the following script to get telnet access

https://www.eevblog.com/forum/testgear/hack-of-sigllent-spectrum-analyzer-ssa3021x/?action=dlattach;attach=885686

from the thread about the Non-Plus-Version.

The trick to use the ecomb8 did not work and longer as the PLUS Model is using another hw plattform.

I know that the license is stored at nsp_data_b1 and this file is encrypted.

I have downloaded the 15MB(!!!) ecomb binary and tried to analyze it using Ghidra.

I found the functions for encrypted read and write and also for adding new license but unfortunately i cannot figuren out any further because i cannot fingure out what is behind the relevat pointers cause the memory adresses seems to be obfuscated.

Please don't laugh about my missing skills but I studying electronics not informatics and I have 0 experiance with reversing...

But it finally seems it is based in the serial number only.

Any ideas or help would be great!

Thanks
« Last Edit: January 02, 2020, 08:52:22 pm by ltvs88 »
 

Offline ltvs88

  • Contributor
  • Posts: 8
  • Country: at
Re: Door to improve Siglent SSA3021X PLUS now closed?
« Reply #1 on: January 02, 2020, 08:53:45 pm »
Nobody has am Idea?
I have seen in another Post it should be possible but no ideal how.....
Any help would be great. No PLUS owner here?

 

Online tautech

  • Super Contributor
  • ***
  • Posts: 20107
  • Country: nz
  • Taupaki Technologies Ltd. NZ Siglent Distributor
    • Taupaki Technologies Ltd.
Avid Rabid Hobbyist
Come visit us at EMEX 15th - 17th February. Hall 1 Stand 1002
https://www.emex.co.nz/
 

Offline ltvs88

  • Contributor
  • Posts: 8
  • Country: at
Re: Door to improve Siglent SSA3021X PLUS now closed?
« Reply #3 on: January 02, 2020, 11:33:04 pm »
Done so far. But I have the PLUS Model.
Walked through all pages of this Monster thread but nothig is working for the PLUS with latest firmware...  :-//
« Last Edit: January 02, 2020, 11:58:10 pm by ltvs88 »
 

Online tautech

  • Super Contributor
  • ***
  • Posts: 20107
  • Country: nz
  • Taupaki Technologies Ltd. NZ Siglent Distributor
    • Taupaki Technologies Ltd.
Re: Door to improve Siglent SSA3021X PLUS now closed?
« Reply #4 on: January 03, 2020, 12:23:49 am »
Done so far. But I have the PLUS Model.
Walked through all pages of this Monster thread but nothig is working for the PLUS with latest firmware...  :-//
Nope, look harder, tubularnut now has a SSA3032X+ and fully optioned.  ;)
Avid Rabid Hobbyist
Come visit us at EMEX 15th - 17th February. Hall 1 Stand 1002
https://www.emex.co.nz/
 

Offline ltvs88

  • Contributor
  • Posts: 8
  • Country: at
Re: Door to improve Siglent SSA3021X PLUS now closed?
« Reply #5 on: January 04, 2020, 01:21:44 am »
I had a chat with him. He did not unlock the device himself and he has no access to the source anymore.
If you would have read the thread you would have seen that the are only screenshots but northing lese.

If somebody has an idea it would be great to share it here....
 

Online tautech

  • Super Contributor
  • ***
  • Posts: 20107
  • Country: nz
  • Taupaki Technologies Ltd. NZ Siglent Distributor
    • Taupaki Technologies Ltd.
Re: Door to improve Siglent SSA3021X PLUS now closed?
« Reply #6 on: January 04, 2020, 02:19:36 am »
Done so far. But I have the PLUS Model.
Walked through all pages of this Monster thread but nothig is working for the PLUS with latest firmware...  :-//
Really, then what is this ?



I had a chat with him. He did not unlock the device himself and he has no access to the source anymore.
If you would have read the thread you would have seen that the are only screenshots but northing lese.

If somebody has an idea it would be great to share it here....
Yes well tv84 posted a special script and the rest you must do via Telnet or Putty editing the code using info posted long ago.
If you are not confident in the Linux file system (I'm not  :() get a close friend who is to help.
Avid Rabid Hobbyist
Come visit us at EMEX 15th - 17th February. Hall 1 Stand 1002
https://www.emex.co.nz/
 

Offline ltvs88

  • Contributor
  • Posts: 8
  • Country: at
Re: Door to improve Siglent SSA3021X PLUS now closed?
« Reply #7 on: January 04, 2020, 02:44:54 am »
Again, Linux is not the Problem here.

Plus and the Non-Plus have a different Hardware and CPU architecture. The binaries used for the Hack "long before" are not running on the new model anymore.
So the encryption algorithm and also the keys and procedures are somwhere in the binaries.

I know only that it depends only on the serial number and on the option codes which are slightly different from plus and non-plus version.

My Problem os not linux but reversing ARM binaries as I am an electrical engineer not an programmer.

The picture proofs just that it is possible as stated. But again: tv84's script does only provide telnet access.

ecomb is now 14MB (instead of 5MB on the non-plus version) and renaming or moving the files is no longer possible as the new app stops working if no license file (correctly encrypted and filles) is there.

So what I can say fore sure: none of the Ideas is all 32pages are working and the source which was used to generate the codes for thismscreenshot is no lomger available as I have been told.

I just started a thread to support the PLUS Model probably with some help of an experienced programmer.

If somebody knows how to do this it would be great. If not then we can close here. But the old thread stuff is defenitely not working without deeper modifications now.

The story behind the screenshot is clear but as mentioned the source for the keys was lost....that is the reason why ther is no info Howto do this on the plus version. But I can confirm the ideas from the old thread is not working.
« Last Edit: January 04, 2020, 03:02:27 am by ltvs88 »
 

Offline ltvs88

  • Contributor
  • Posts: 8
  • Country: at
Re: Door to improve Siglent SSA3021X PLUS now closed?
« Reply #8 on: January 04, 2020, 02:57:03 am »
Just one thing: The firmware files (ADS-Files) seems to use the same screwed DES algorithm than the license files, but this does not help a lot as the "key string" is missing inside which is calculated feom the option+serial plus something else.

The initial FW Version used a file called "alladin" imstead of ecomb used for generating the Trakking Generator License. So this binary could help to figure out what the secret key is.
I have the file if necessary.

If you have a look in the recent firmware using the ADS to ZIP thool you can see that the update script is deleting ALLADIN and replacing it with ecomb in the new Version. (The tool is abailable in the thread)

Verification of the license/option code is still done inside ecomb. So I see 2 Options:

1. Extracting the Key and the procedure
2. Patching ecomb or aladdin to create the other licenses as well

This is everything I can provide if helpful.

 
The following users thanked this post: thm_w

Offline fugazi

  • Newbie
  • Posts: 2
  • Country: nl
Re: Door to improve Siglent SSA3021X PLUS now closed?
« Reply #9 on: February 19, 2020, 11:21:06 pm »
Hello all,

I have a SSA3021x Plus which has firmware 2.2.1.2.5. My Ecomb seems to be replaced by an Ecomb_p version. Further i cannot remount the OS to be writeable.
Perhaps i am missing something, but it looks like Siglent closed some doors again.
(EDIT) I understood the hack is possible with older firmwares than the 2.2.1.2.5, who has the older version for me?

Fugaz
« Last Edit: February 19, 2020, 11:29:49 pm by fugazi »
 

Offline ltvs88

  • Contributor
  • Posts: 8
  • Country: at
Re: Door to improve Siglent SSA3021X PLUS now closed?
« Reply #10 on: March 11, 2020, 08:51:49 pm »
I can confirm this. With the newer Version it is no longer possible. I have seen some posts where people were able to unlock the options but they have lost the serial number which is not a very great option for me as I am using external software.
So If there is any idea please let me know!
 

Offline TrAndy

  • Contributor
  • Posts: 5
  • Country: it
Re: Door to improve Siglent SSA3021X PLUS now closed?
« Reply #11 on: June 24, 2020, 08:32:13 pm »
OK, I've just unpacked and fired up my mint SSA3021X Plus.
Whatever the future opening solution will be, this unit is loaded with the FW v.2.2.1.2.3r1, so I'll wait with upgrading it as this unit represents one more chance to find a solution for those, as you are, having acquired a newer one.

Already attempted to downgrade your SSA, say to the named version?
BTW few releases younger, Aladdin, no ecomb, telnet works, TG is permanent etc. etc..

PM me for fine-grained discussion.
 

Offline Emo

  • Regular Contributor
  • *
  • Posts: 97
  • Country: nl
Re: Door to improve Siglent SSA3021X PLUS now closed?
« Reply #12 on: June 24, 2020, 08:51:05 pm »
The 2.2.1.2.5 firmware is dated november 2019. Before "doors" were discussed here. A separate correction file must have been written to the device or a different hardware platform does exist

 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 1968
  • Country: pt
Re: Door to improve Siglent SSA3021X PLUS now closed?
« Reply #13 on: June 24, 2020, 09:15:42 pm »
Why do you still keep this thread rolling ?!?   :-//

Everyone with a SSAX+ is converting it to SVA.

https://www.eevblog.com/forum/testgear/siglent-ssa3000x-spectrum-analyzers/msg3084766/#msg3084766
 
The following users thanked this post: Elasia, Simon_RL

Offline Elasia

  • Frequent Contributor
  • **
  • Posts: 715
  • Country: us
Re: Door to improve Siglent SSA3021X PLUS now closed?
« Reply #14 on: June 24, 2020, 11:36:58 pm »
Why do you still keep this thread rolling ?!?   :-//

Everyone with a SSAX+ is converting it to SVA.

https://www.eevblog.com/forum/testgear/siglent-ssa3000x-spectrum-analyzers/msg3084766/#msg3084766

lol i thought this was something new... i see i got trolled
 

Offline mrprecision

  • Regular Contributor
  • *
  • Posts: 51
  • Country: de
Re: Door to improve Siglent SSA3021X PLUS now closed?
« Reply #15 on: September 20, 2020, 02:53:01 pm »
Hello,

I want to by a Siglent SSA3021X PLUS. Can be the device hacked to SSA3031X PLUS with the actual firmware?

Regards
 

Offline mawyatt

  • Frequent Contributor
  • **
  • Posts: 568
  • Country: us
Re: Door to improve Siglent SSA3021X PLUS now closed?
« Reply #16 on: September 20, 2020, 05:32:46 pm »
Yes it can be "upgraded" to a SSA3032X Plus and then "upgraded" to a SVA1032X.

I was able to do this with the helpful folks on here.

Best,
Research is like a treasure hunt, you don't know where to look or what you'll find!
~Mike
 

Online Ordinaryman1971

  • Frequent Contributor
  • **
  • Posts: 302
  • Country: us
Re: Door to improve Siglent SSA3021X PLUS now closed?
« Reply #17 on: November 06, 2020, 05:37:05 pm »
Here is a screenshoot from the sysinfo on mine.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf