SPD3303X-E HW revision 6.2 and 1.01.01.03.11R1 FW public availability

[ironcurtain]

This has been commented in this thread:

https://www.eevblog.com/forum/testgear/siglent-spd3303x-e-hi-resolution-output-unlock/msg5430968/#msg5430968

I wanted to create a separate thread just in case anyone is interested in dumping the FW from a fresh out of factory unit. As of today there is no publicly available file for the 1.01.01.03.11R1 firmware shipped with the recently manufactured units.

There is another angle to the issue, beyond any cursory interest from hobbyists to unlock options, and that's the fact that any corporate or business client acquiring Siglent equipment may want to be able to (either directly or contracting the job out to a specialized firm) do reverse engineering of the firmware and either locate and resolve vulnerabilities, or, do due diligence and figure out if there are any hidden surprises in the system. These surprises can either come from the factory in China, or during transit.

It seems like a pressing issue for Siglent to actually provide public images of the firmware shipped in their products, or at least, worth looking into for any non-hobbyist customers.

There is no sinophobia in the slightest here, this is just par the current climate and widespread awareness of supply chain attacks. I love Siglent gear, but found it odd that firmware would not be available when, for example, with the lower end oscilloscopes all firmware for all HW revisions is made publicly available.

[KungFuJosh]

I love Siglent gear, but found it odd that firmware would not be available when, for example, with the lower end oscilloscopes all firmware for all HW revisions is made publicly available.

Siglent often releases new firmware on new hardware before releasing the newer firmware versions for download. That's nothing new.

[thm_w]

I wanted to create a separate thread just in case anyone is interested in dumping the FW from a fresh out of factory unit. As of today there is no publicly available file for the 1.01.01.03.11R1 firmware shipped with the recently manufactured units.

There is another angle to the issue, beyond any cursory interest from hobbyists to unlock options, and that's the fact that any corporate or business client acquiring Siglent equipment may want to be able to (either directly or contracting the job out to a specialized firm) do reverse engineering of the firmware and either locate and resolve vulnerabilities, or, do due diligence and figure out if there are any hidden surprises in the system. These surprises can either come from the factory in China, or during transit.

It seems like a pressing issue for Siglent to actually provide public images of the firmware shipped in their products, or at least, worth looking into for any non-hobbyist customers.

No companies are going to bother spend weeks or months reverse engineering the binaries for all of their test equipment. If you really care about extreme security you'd isolate the equipment or just disable the network port.

There is no sinophobia in the slightest here, this is just par the current climate and widespread awareness of supply chain attacks. I love Siglent gear, but found it odd that firmware would not be available when, for example, with the lower end oscilloscopes all firmware for all HW revisions is made publicly available.

Its not that odd. Sometimes a new version is used internally but never uploaded.
Maybe its needed to support a new hardware revision for example.

[ironcurtain]

No companies are going to bother spend weeks or months reverse engineering the binaries for all of their test equipment. If you really care about extreme security you'd isolate the equipment or just disable the network port.

I'm going to disagree on that based on actual experience. There are also some legal requirements depending on where the equipment is deployed.

As for isolation, that is a slippery slope. I have yet to see properly segmented networks in many small and not so small engineering firms, let alone their employees' homes (and often work is taken home, as we all know). How do you also handle the fact that the hardware might contain RF-capable components? How do you know your "isolation" works? Can you confidently claim that the traffic you see is exactly what you think it is? How do you know it is not something operating in a store-and-forward fashion (ex. it never phones home)?

It also does not take months to RE firmware, most of the time. Truth be told, a lot of workplaces might just ban equipment not coming from R&S, or Agilent, or a domestic/approved vendor.

Still, reverse engineering contracts regularly happen for things like this, always under NDA. Beyond the odd research getting published, most of the time RE commissioned by a customer won't be disclosed to anyone else besides the client itself.

No companies are going to bother spend weeks or months reverse engineering the binaries for all of their test equipment. If you really care about extreme security you'd isolate the equipment or just disable the network port.

There is no sinophobia in the slightest here, this is just par the current climate and widespread awareness of supply chain attacks. I love Siglent gear, but found it odd that firmware would not be available when, for example, with the lower end oscilloscopes all firmware for all HW revisions is made publicly available.

Its not that odd. Sometimes a new version is used internally but never uploaded.
Maybe its needed to support a new hardware revision for example.

Siglent has always released firmware for HW revisions and the bootloader and flashing facilities are capable of rejecting images not compatible with the running HW. Case in point, all their SDS line, especially the 1000X series.
Please name one single example of a case where this did not happen (beyond the one I reference in this thread). The only times this happened, and it is debatable, are initial FW revisions.