SFL firmware file

[kmihaylov]

Hello. I'm fascinated with the engineering work done in decrypting the FT-70D firmware. Recently I broke my Yaesu FT-710 and I replaced the main CPU, Renesas R5F56514ADFB. Unfortunately the provided firmware is with SFL extension (unknown to me). It seems that the display unit of the radio flashes it using SPI. However my chip is blank and I have no firmware to get. My question is: would you please have a look at the SFL files and tell whether they contain usable firmware image. Thank you!

[kmihaylov]

I may be a bit naive to suggest that the same encryption applies for the big rigs. However this is my only option at the time. I had a look on the code. The SFL file should contain only the firmware (contrary to the PE file, a format that I'm also unaware of). The firmware section is easily extracted from the PE Id. I don't know how to replace the update_info_from_pe function to read the SFL file (not that I know where exactly the FW begins... I tried direct reading of the file with let update_info = pe_data.as_slice(); with no luck. For the record, the 710 FW resides here: https://www.yaesu.com/downloadFile.cfm?FileID=17879&FileCatID=42&FileName=FT%2D710%5FFirmware%5Fupdate%5F202311.zip&FileContentType=application%2Fx%2Dzip%2Dcompressed (I'm interested in the MAIN FW).

[ratmandu]

I am also interested in this. I found that the SCU-LAN10 also uses the SFL file extension, but is programmed via a software application (LAN10Setting.exe) . You can grab all of the files by using 7-zip to extract the setup.exe without installing it normally. I did find some strings relating to encodesfl and decodesfl in the application, which I assume are referencing what we would need to get the plaintext firmware files.

I do not have the knowledge or the time to really dig into this too deeply, but here is the SCU-LAN10 software/firmware package. https://www.yaesu.com/downloadFile.cfm?FileID=17907&FileCatID=42&FileName=SCU%2DLAN10%5FFirmware%5FSoftware.zip&FileContentType=application%2Fx%2Dzip%2Dcompressed

[ratmandu]

Update: Opened it up in dotPeek since I realized it was a .net application. It seems pretty clear how to decode it, and not nearly as involved or intense as the previous method, and the key is right there in the clear.

If I'm right, I should have something knocked up pretty quick.

[ratmandu]

@kmihaylov if you're still looking for it, go give this a try: sparerib

[kmihaylov]

Hello,

Meanwhile I purchased the IC via our local Yaesu authorized service and I have to confess that the IC came at about the average market price. The only drawback was the delivery period (few months). I had to replace the (already soldered empty) IC with theirs. Interesting to note was that the IC wasn't preloaded with the fw, but probably it contained some bootloader. I had to do the fw update w/ the sd card in order to boot the radio. Sorry for the delay. I will have a look on your comments once I'm on my pc.

Regards,

On 15 November 2024 09:47:10 EET, Justin Richards @.***> wrote:

@kmihaylov if you're still looking for it, go give this a try: sparerib

-- Reply to this email directly or view it on GitHub: https://github.com/landaire/porkchop/issues/3#issuecomment-2478154930 You are receiving this because you were mentioned.

Message ID: @.***>