Any ideas what creates a .sgl firmware file ?

Anything not related to STM32
Post Reply
User avatar
RogerClark
Posts: 7690
Joined: Mon Apr 27, 2015 10:36 am
Location: Melbourne, Australia
Contact:

Any ideas what creates a .sgl firmware file ?

Post by RogerClark » Tue Jan 16, 2018 9:19 pm

Hi have a firmware file for a digital radio, which has the .sgl extension, and I'm trying to work out what created it.

The file is being uploaded using STM's DFU DLL's, so I initially thought the processor in the radio was a STM32

However someone sent me some photos of the inside of the radio and it seems to be using a NXP MK22 processor

So I think the manufacturer must have somehow compiled the STM32 DFUSe bootloader code for the MK22, and is simply using STM's DLLs as that was the easiest thing to do.

(I suspect they may be in breach of STM's license, as their DLL's and source code for DFUse is likely to have clauses in the licenses which says its only for use on STM devices - but since the radio is made in China, these things don't seem to apply ;-)

Anyway. Looking in the start of the firmware file, it has this data in its fist 16 bytes
(Hex codes and their ASCII values)

53 47 4C 21 16 09 0F 77 63 77 7D 18 8C 47 62 E7 SGL!...wcw}.ŒGbç

So whatever is writing the file has put the file extension "SGL" at the beginning

The unfortunate thing, is I'm fairly sure the file is either compressed or encrypted as it doesn't look like it contains any text strings :-(






So do any of you clever people have any idea what type of file this could be ??

User avatar
mrburnette
Posts: 2216
Joined: Mon Apr 27, 2015 12:50 pm
Location: Greater Atlanta
Contact:

Re: Any ideas what creates a .sgl firmware file ?

Post by mrburnette » Wed Jan 17, 2018 3:42 am

Open Office... https://www.google.com/search?q=sgl+fil ... +extension

StarOffice/LibreOffice: http://extension.nirsoft.net/sgl

LabVIEW: https://forums.ni.com/t5/LabVIEW/How-do ... d-p/205991

But, I suppose someone out to roll their own could have just picked something out of the air...
Here in the deep South of the USA, we boys put our 3 initials on our belt buckles as a clue to what our name is in the event we drink too much beer.


Ray

User avatar
ahull
Posts: 1729
Joined: Mon Apr 27, 2015 11:04 pm
Location: Sunny Scotland
Contact:

Re: Any ideas what creates a .sgl firmware file ?

Post by ahull » Wed Jan 17, 2018 5:08 am

mrburnette wrote:
Wed Jan 17, 2018 3:42 am
Here in the deep South of the USA, we boys put our 3 initials on our belt buckles as a clue to what our name is in the event we drink too much beer.
Might not work here in Scotland, they'd never remember to stop drinking before they hit the point where they were unable to read. ;)

@Roger, are these the droids we are looking for? > GD-77 F-V3.0.6 And S-V2.0.5 (2017.12.14).zip <

If so... http://radioaficion.com/cms/gd-77-fcc-certification/
... and .... https://www.digikey.com/product-detail/ ... ND/4915408
... and ... http://uk.farnell.com/freescale-semicon ... dp/2434225
.. might be of some interest. :D
As to what the .sgl file is developed with .. Most probably Keil based -> http://uk.farnell.com/b/arm?ICID=Button-FRNL-OrderARM
.. so perhaps some of this might lead us in the right direction.
My visual scan over a hex dump of the .sgl suggests it is indeed compressed and/or encrypted, but the linux file command doesn't get anywhere.
file -i GD-77_V3.0.6.sgl
GD-77_V3.0.6.sgl: application/octet-stream; charset=binary
- Andy Hull -

User avatar
RogerClark
Posts: 7690
Joined: Mon Apr 27, 2015 10:36 am
Location: Melbourne, Australia
Contact:

Re: Any ideas what creates a .sgl firmware file ?

Post by RogerClark » Wed Jan 17, 2018 9:19 am

Andy

Yes. The radio is a Radioddity GD-77.
Well I've already figured out that its actually a Tytera MD-760 but that Tytera (as there are tell-tail signs of the product code in the data files, and Tytera are selling this radio under the Radioddity brand name with the GD-77 model number.

It would be nice to be able to make modifications to the firmware but I suspect that won't be possible, though I'm not the only person investigating this, and someone has taken their radio apart and is going to be reading out the Winbond flash memory chip inside it, to see whats inside.

User avatar
RogerClark
Posts: 7690
Joined: Mon Apr 27, 2015 10:36 am
Location: Melbourne, Australia
Contact:

Re: Any ideas what creates a .sgl firmware file ?

Post by RogerClark » Thu Jan 18, 2018 9:35 pm

Guys,
Thanks for your help,but I think trying to decode the firmware update file is impossible / impractical, and there are probably better ways to get at the firmware.

I found a post on Hackaday, where someone had managed to extract the firmware from another radio by the same company, by exploiting a coding mistake in the firmware , where the settings stored in the Flash were downloaded.
As the firmware would download the beginning of Flash ( the decrypting bootloader) if a download address was not specified ( as the download address was initialised to zero)

However I don’t know if the same trick will work on this radio, as it uses a NXP MK22 processor instead of the STM32F405

Its a pity I didn’t know that the Tytera MD-380 has a STM32F405 in it, before I bought this MD-760, as I may have been inclined to buy the MD-380 instead of the MD-760. But the 760 is dual band ( VHF and UHF) and the 380 is single band with separate VHF and UHF versions, so the 760 is better value for money., as it’s cheaper and has better frequency range.

Anyway, when I get time, I will investigate the exploit used in the MD-380 and see if it may work in the 760 even though it’s a different processor

Post Reply