Parsing of versions: (thank you to dav and ted572 for sending them)
00.01.03.00.02
00.01.05.00.00
00.01.06.00.00
00.01.08.00.02
00.01.09.00.01
00.01.10.00.03
00.01.11.00.00
00.01.13.00.01
00.01.14.00.03
Conclusions so far:
- 1st byte in the 1st block header is used to decode the file.
- 2nd byte is a flag byte with these meanings:
X------- last block
-X------ normal block ?
---X---- special block 0x3C
----X--- bootloader block
-----X-- no block contents ?
- 2nd word in block headers seems to be a CRC/checksum.
- Special focus on the contents of the block with size=0x3C bytes.
- if you look the final words in the 0x3C block, it seems to increment with each version. Maybe it's directly related to the firmware version/release date.
DP800(Software)Update(Normal)_00.01.03.00.02
00000000 Header - Mask: 00 | Flags: 00 | 0000 | 00000000 | Size: 002EEF09 | 00000000 | 00000000
00000014 Block #1: [00000014-002EEF1C]
002EEF1D Header - Mask: 00 | Flags: 10 | 0000 | 00000214 | Size: 0000003C | 00000000 | 00000000
002EEF31 Hash/Encrypt ??: 3FF75ED5D6F06206F304DBD9BAA1A75E7459FC21
002EEF45 UInt32 (???): 0004B180 0004B180 0004B180 0004B180 0004B180
002EEF59 UInt32 (???): 0004B180 0004B180 0004B180 0004B180 0004B189
002EEF31 Block #2: [002EEF31-002EEF6C]
002EEF6D Header - Mask: 00 | Flags: 00 | 0000 | 00520000 | Size: 00002384 | 00000000 | 00000000
002EEF81 Block Size: 00002384
002EEF91 Block #3: [002EEF91-002F1304]
002F1305 Header - Mask: 00 | Flags: 94 | 0000 | 00000000 | Size: 00000010 | 0000FFFF | 00000000
002F1319 EOF - No Block contents!
*****************************************************************************************
DP800(Software)Update(Normal)_00.01.05.00.00
00000000 Header - Mask: 00 | Flags: 00 | 0000 | 00000000 | Size: 002F6391 | 0000FFFF | 00000000
00000014 Block #1: [00000014-002F63A4]
002F63A5 Header - Mask: 00 | Flags: 10 | 0000 | 00000214 | Size: 0000003C | 0000FFFF | 00000000
002F63B9 Hash/Encrypt ??: D5B2A1A71C6EBB7944B17F03AB122FF162031E59
002F63CD UInt32 (???): 0004BD28 0004BD28 0004BD28 0004BD28 0004BD28
002F63E1 UInt32 (???): 0004BD28 0004BD28 0004BD28 0004BD28 0004BD29
002F63B9 Block #2: [002F63B9-002F63F4]
002F63F5 Header - Mask: 00 | Flags: 00 | 0000 | 00520000 | Size: 000024E4 | 0000FFFF | 00000000
002F6409 Block Size: 000024E4
002F6419 Block #3: [002F6419-002F88EC]
002F88ED Header - Mask: 00 | Flags: 94 | 0000 | 00000000 | Size: 00000010 | 0000FFFF | 00000000
002F8901 EOF - No Block contents!
*****************************************************************************************
DP800(Software)Update(Normal)_00.01.06.00.00
00000000 Header - Mask: 00 | Flags: 00 | 0000 | 00000000 | Size: 002F7661 | 0000FFFF | 00000000
00000014 Block #1: [00000014-002F7674]
002F7675 Header - Mask: 00 | Flags: 10 | 0000 | 00000214 | Size: 0000003C | 0000FFFF | 00000000
002F7689 Hash/Encrypt ??: 42A86549B434F4D06827669679D7F06A6CBC505B
002F769D UInt32 (???): 0004BF09 0004BF09 0004BF09 0004BF09 0004BF09
002F76B1 UInt32 (???): 0004BF09 0004BF09 0004BF09 0004BF09 0004BF10
002F7689 Block #2: [002F7689-002F76C4]
002F76C5 Header - Mask: 00 | Flags: 80 | 0000 | 00520000 | Size: 00002698 | 0000FFFF | 00000000
002F76D9 Block Size: 00002698
002F76E9 Block #3: [002F76E9-002F9D70]
*****************************************************************************************
DP800(Software)Update(Normal)_00.01.08.00.02
00000000 Header - Mask: 00 | Flags: 00 | 0000 | 00000000 | Size: 00308A9D | 0000FFFF | 00000000
00000014 Block #1: [00000014-00308AB0]
00308AB1 Header - Mask: 00 | Flags: 10 | 0000 | 00000214 | Size: 0000003C | 0000FFFF | 00000000
00308AC5 Hash/Encrypt ??: CB1F0C46AC83A6E18455705ED7EFD0C07C83E23E
00308AD9 UInt32 (???): 0004DAA9 0004DAA9 0004DAA9 0004DAA9 0004DAA9
00308AED UInt32 (???): 0004DAA9 0004DAA9 0004DAA9 0004DAA9 0004DAAC
00308AC5 Block #2: [00308AC5-00308B00]
00308B01 Header - Mask: 00 | Flags: 80 | 0000 | 00520000 | Size: 00003520 | 0000FFFF | 00000000
00308B15 Block Size: 00003520
00308B25 Block #3: [00308B25-0030C034]
*****************************************************************************************
DP800(Software)Update(Normal)_00.01.09.00.01
00000000 Header - Mask: 00 | Flags: 40 | 08CE | 00520000 | Size: 00003520 | 0000FFFF | 0000009F
00000014 Block Size: 00003520
00000024 Block #1: [00000024-00003533]
00003534 Header - Mask: 00 | Flags: 40 | 301D | 00000000 | Size: 0031FE6D | 0000FFFF | 0000009F
00003548 String1: RIGOLL
00003558 Block #2: [00003558-003233B4]
003233B5 Header - Mask: 00 | Flags: 90 | 0000 | 00000214 | Size: 0000003C | 0000FFFF | 0000009F
003233C9 Hash/Encrypt ??: 464E7D130B7366357007E49384BCF81BE9F53C2F
003233DD UInt32 (???): 0004FFD7 0004FFD7 0004FFD7 0004FFD7 0004FFD7
003233F1 UInt32 (???): 0004FFD7 0004FFD7 0004FFD7 0004FFD7 0004FFDE
003233C9 Block #3: [003233C9-00323404]
*****************************************************************************************
DP800(Software)Update(Normal)_00.01.10.00.03
00000004 Header - Mask: 00 | Flags: 40 | E89F | 00520000 | Size: 00003694 | 0000FFFF | 0000009F
00000018 Block Size: 00003690
0000001C Block #1: [0000001C-000036AB]
000036AC Header - Mask: 00 | Flags: 40 | 5732 | 00000000 | Size: 0031DA25 | 0000FFFF | 0000009F
000036C0 String1: RIGOLL
000036D0 Block #2: [000036D0-003210E4]
003210E5 Header - Mask: 00 | Flags: 90 | 0000 | 00000214 | Size: 0000003C | 0000FFFF | 0000009F
003210F9 Hash/Encrypt ??: FC3999DF41FAC462946CE1BDC6E069E74D523C9C
0032110D UInt32 (???): 0004FC36 0004FC36 0004FC36 0004FC36 0004FC36
00321121 UInt32 (???): 0004FC36 0004FC36 0004FC36 0004FC36 0004FC3F
003210F9 Block #3: [003210F9-00321134]
*****************************************************************************************
DP800(Software)Update(Normal)_00.01.11.00.00
00000004 Header - Mask: 00 | Flags: 40 | E89F | 00520000 | Size: 00003694 | 0000FFFF | 0000009F
00000018 Block Size: 00003690
0000001C Block #1: [0000001C-000036AB]
000036AC Header - Mask: 00 | Flags: 40 | DC62 | 00000000 | Size: 00322285 | 0000FFFF | 0000009F
000036C0 String1: RIGOLL
000036D0 Block #2: [000036D0-00325944]
00325945 Header - Mask: 00 | Flags: 90 | 0000 | 00000214 | Size: 0000003C | 0000FFFF | 0000009F
00325959 Hash/Encrypt ??: A92B0C1660C0424D48D19499AE7BF4C70F647AA4
0032596D UInt32 (???): 00050373 00050373 00050373 00050373 00050373
00325981 UInt32 (???): 00050373 00050373 00050373 00050373 0005037A
00325959 Block #3: [00325959-00325994]
*****************************************************************************************
DP800(Software)Update(Normal)_00.01.13.00.01
00000004 Header - Mask: 00 | Flags: 40 | A1A0 | 00520000 | Size: 00003D58 | 0000FFFF | 0000009F
00000018 Block Size: 00003D54
0000001C Block #1: [0000001C-00003D6F]
00003D70 Header - Mask: 00 | Flags: 40 | 2D14 | 00000000 | Size: 00335605 | 0000FFFF | 0000009F
00003D84 String1: RIGOLL
00003D94 Block #2: [00003D94-00339388]
00339389 Header - Mask: 00 | Flags: 90 | 0000 | 00000214 | Size: 0000003C | 0000FFFF | 0000009F
0033939D Hash/Encrypt ??: 8A968039CF72794BA2BB2762B0708CBD822456D1
003393B1 UInt32 (???): 00052233 00052233 00052233 00052233 00052233
003393C5 UInt32 (???): 00052233 00052233 00052233 00052233 0005223A
0033939D Block #3: [0033939D-003393D8]
*****************************************************************************************
DP800(Software)Update(Normal)_00.01.14.00.03
00000004 Header - Mask: 00 | Flags: 40 | 4081 | 00520000 | Size: 00003DA0 | 0000FFFF | 0000009F
00000018 Block Size: 00003D9C
0000001C Block #1: [0000001C-00003DB7]
00003DB8 Header - Mask: 00 | Flags: 40 | 61AB | 00000000 | Size: 00336DA1 | 0000FFFF | 0000009F
00003DCC String1: RIGOLL
00003DDC Block #2: [00003DDC-0033AB6C]
0033AB6D Header - Mask: 00 | Flags: 90 | 0000 | 00000214 | Size: 0000003C | 0000FFFF | 0000009F
0033AB81 Hash/Encrypt ??: 68FC5AAA5F2AA7CFCFBC40371C20812A668FD4A9
0033AB95 UInt32 (???): 00052490 00052490 00052490 00052490 00052490
0033ABA9 UInt32 (???): 00052490 00052490 00052490 00052490 00052491
0033AB81 Block #3: [0033AB81-0033ABBC]
*****************************************************************************************
DP800(Software)Update(Bootloader)_01.06
00000000 Header - Mask: 00 | Flags: C8 | 8E34 | 00000000 | Size: 00040C70 | 000000B3 | 0000009F
00000014 Block #1: [00000014-00040C83]
*****************************************************************************************
DP800(Software)Update(Bootloader)_01.09
00000000 Header - Mask: 00 | Flags: C8 | 2733 | 00000000 | Size: 00040E20 | 00000031 | 0000009F
00000014 Block #1: [00000014-00040E33]
If anyone has the FW versions that are not listed here please repost or send me a pm:
00.01.01.02.04
00.01.02.00.03
00.01.04.00.02
Wow, you've made some real progress here! Can you please share the source code you're using to parse the files? The one that shows stuff like:
DP800(Software)Update(Bootloader)_01.06
00000000 Header - Mask: 00 | Flags: C8 | 8E34 | 00000000 | Size: 00040C70 | 000000B3 | 0000009F
00000014 Block #1: [00000014-00040C83]
Unfortunately, I think C# is mainly for Windows, although I guess there's a Mono C# compiler. But you're okay with sharing the code, maybe I could convert it to normal C real quick like and repost for Linux users?
I had made a collection of the various firmwares that I found for the unit. I will check on my Linux box and see if the ones you requested are there or not.
I had given up on this project because we had a daughter and that kind of changed priorities a lot. I am very impressed with the work that the community has done, including your work. You guys are amazing and discovered stuff I would have never have discovered.
That's what I love about forums. It's a place for society to come together and work on stuff together. I might not think of something, but you may. Or vice-versa. And together, we might be able to solve some pretty interesting problems.
Now I don't know a lot about cryptology, but for the bootloader code....the SHA-1 for the header, that's just a SHA-1 checksum of the contents, right? It's not anything to deal with signing, is it? Because my understanding is that brute-forcing an SHA-1 private key is not going to happen anytime soon, and I'm really hoping they're not signed with a private key.
But I did notice, as I mentioned on previous pages somewheres, that the last x amount of bytes in the firmware files match, and I thought perhaps that was some sort of signature, but I probably was wrong.