Author Topic: changing the rigol DS1052E to DS1102E using USB , the dummy guide  (Read 490595 times)

0 Members and 6 Guests are viewing this topic.

Offline amspire

  • Super Contributor
  • ***
  • Posts: 2333
  • Country: au
Re: changing the rigol DS1052E to DS1102E using USB , the dummy guide
« Reply #885 on: November 01, 2011, 10:56:09 AM »
I still haven't heard of anyone downgrading the 2.06 firmware. As far as I know, no-one has even posted a copy of the 2.06 firmware anywhere yet.

I did come across someone who has written a dissembler for the Rigol DS1052E Blackfin processor, in case anyone wants to start poking around:

http://codenaschen.de/tichyblog/?action=blog&entry=1_Blackfin%20Disassembler%20Processor%20IDA%20Pro%20Plugin
https://github.com/krater/Blackfin-IDA-Pro-Plugin

It includes the sourcecode for the Rigol firmware file loader.

On a different note, Screen flicker has been one of the problem some people have with their Rigol DS1052E series.  It has been blamed on firmware, but could it just be a bad connector?

http://the1.eyeit.org/index.php/2011/06/30/rigol-ds1052e-02-05-02

Richard
« Last Edit: November 01, 2011, 11:09:48 AM by amspire »

Offline Lightages

  • Supporter
  • ****
  • Posts: 1898
  • Country: cl
  • Canadian po
Re: changing the rigol DS1052E to DS1102E using USB , the dummy guide
« Reply #886 on: November 01, 2011, 11:30:49 AM »
I have a DS1052E  HW58 modified for 150Mhz, and was using 2.04.01 as suggested. It never flickered. As soon as I tried 2.05 it would flicker and more depending on math and more intensive CPU loads. Going back to 2.04.01 removed the flicker again.

Offline vtl

  • Regular Contributor
  • *
  • Posts: 136
  • Country: au
Re: changing the rigol DS1052E to DS1102E using USB , the dummy guide
« Reply #887 on: November 01, 2011, 04:06:37 PM »
Has anyone got a link to download 2.06 firmware for the DS1052e/1102e?

Offline A Hellene

  • Frequent Contributor
  • **
  • Posts: 451
  • Country: gr
Hacking the latest firmware, which currently is v2.06 SP0 (2.06.00.01).
« Reply #888 on: November 02, 2011, 12:38:26 AM »
Alright, my fellow EEVBloggers!

I would be happy to post the new hacked firmware that downgrades every FW revision up to v2.06 SP0 included, down to v2.02 SP2 along with the original FW v2.06 SP0 (2.06.00.01).
But, given that all the "illegal" firmware attachments were removed from this blog at some point, makes obvious that posting the FW files above puts the blog at risk.

Let's review some facts:
I still haven't heard of anyone downgrading the 2.06 firmware. As far as I know, no-one has even posted a copy of the 2.06 firmware anywhere yet.

Well, I have done it, Richard! And reverted back to v2.04 SP1.
Drieg led the way, providing us with some valuable information:
...don't waste your time, seems that Rigol made a stupid mistake and forgot to prevent a FW "upgrade" to the same version  ;)

Besides that, I didn't notice any difference between v2.5 and v2.6, at least the menu is very same.

The fact that v2.06 can "upgrade" itself is the key!

A. Hellene cracked the header code in this post: http://www.eevblog.com/forum/index.php?topic=553.msg42404#msg42404

Theoretically, the same approach can be used to modify the 2.06 header

Exactly, Torch! The method remains the same.
Recently, I posted the header of FW v2.06 SP0 (2.06.00.01) along with other ones at this message:
Code: [Select]
---------------------------------------------------------------------------
HEX Address: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14
---------------------------------------------------------------------------
v2.05.01.00: 44 53 31 30 30 30 45 20 20 20 82 85 84 88 C3 7B 47 92 39 C8 7E
v2.05.01.02: 44 53 31 30 30 30 45 20 20 20 82 85 84 82 8B B8 96 41 63 FF 33
v2.05.02.00: 44 53 31 30 30 30 45 20 20 20 82 85 82 88 C0 7E D7 6A 15 B6 B6
v2.06.00.01: 4A E3 3E 5E 1C EA 8D 39 9A 23 82 86 88 84 02 8C E9 A6 50 D0 BC
---------------------------------------------------------------------------


The steps to take are the following:

1. Find the original v2.02 SP2 (v2.02.02.00).
Original v2.02 SP2 file CRC32 checksum: A3370F0E
Original v2.02 SP2 file MD5 hash: 272086B2037231C62446617436544A77

2. Open it with a hex editor and replace the first 21 bytes of the header with the 21 bytes of the v2.06 SP0 (2.06.00.01) header, posted above.

3. Save the new file, which is recognised by the DS1000E as v2.06 (2.06.00.01) but it actually is v2.02 SP2 (2.02.02.00) and can change the model and the serial number of the device.
Hacked v2.02 SP2 file CRC32 checksum: 0C83CBD6
Hacked v2.02 SP2 file MD5 hash: 19EB82AB1FA4FE57CC9410F2074E9E67

Note that changing only the model will not work after a reboot. In order to save the model permanently it will also be needed to re-enter the serial number. Enter the serial number the device will return after the ":INFO:SERIAL?" command, or as it is displayed in the sticker at the back of the device; there is no need to change the model letter (D/B/F) within.

4. Change your device's model & serial number and upgrade your firmware to v2.04 SP1 (2.04.01.02), or higher, immediately!
DO NOT operate any further the HW58 devices with the hacked firmware or with any other firmware of a revision lower to v2.04 SP1.
Try also to avoid all the v2.05 revisions that introduced flickering or other bugs.

5. Done! Enjoy your crime! :P


P.S. The files mentioned above can be found online. So, please, do not start asking me to be sending or emailing them individually...

[EDIT]: All the files needed can be found here and here.




Something different, now:
[...]
I did come across someone who has written a dissembler for the Rigol DS1052E Blackfin processor, in case anyone wants to start poking around:

http://codenaschen.de/tichyblog/?action=blog&entry=1_Blackfin%20Disassembler%20Processor%20IDA%20Pro%20Plugin
https://github.com/krater/Blackfin-IDA-Pro-Plugin

It includes the sourcecode for the Rigol firmware file loader.
[...]

Richard

Ah, this is a very nice finding! Thank you, Richard.

I do not know what the main plug-in is able to do. There are listed a few bugs at the included README file, though.

Having spent some time on the BlackFin documentation, this is what I've quickly found in the rigol_ldr.h:
Code: [Select]
struct rgl_hdr {
uchar name[10];
uchar version[4];
uchar dummy1[2];
uint32 crc32;
uchar dummy2;
};

struct ldr_hdr {
uint32   addr;
uint32   size;
uint16   flags;
};

Well, according to the BlackFin "Loader and Utilities Manual" rev. 2.2, page 3-5:
"The boot ROM evaluates the first byte of the boot stream at address 0x2000 0000.
If it is 0x40, eight-bit boot is performed.
A 0x60 byte assumes a 16-bit memory device and performs eight-bit DMA.
A 0x20 byte also assumes 16-bit memory but performs 16-bit DMA.".


Since there is such an entry (with a value equal to 0x60) at all the .RGL firmware upgrade files (right after the 21-byte revision header and before the 10-byte bootloader header) I think that the source file above should rather read something in the lines of:
Code: [Select]
struct rgl_hdr {
uchar name[10];
uchar version[4];
uchar dummy1[2];
uint32 crc32;
uchar dummy2;
};

struct ldr_hdr {
uint16   bmode;
uint32   addr;
uint32   size;
uint16   flags;
};

[EDIT] I was wrong: Actually, the first boot Byte in the ldr_hdr (the 0x60 one in the DS1000 firmware upgrade files case) is the LSB of the first firmware file dword after the 21 bytes version header. [/EDIT]

I am also not sure how dummy the dummyX entries are...
Yet, I welcome and applaud any such efforts!


-George
« Last Edit: November 09, 2011, 01:05:05 AM by A Hellene »

Offline Lightages

  • Supporter
  • ****
  • Posts: 1898
  • Country: cl
  • Canadian po
Re: changing the rigol DS1052E to DS1102E using USB , the dummy guide
« Reply #889 on: November 02, 2011, 12:54:13 AM »
I again applaud the efforts here to keep the DS1052E hacks working!

I have a question. Is 2.06 bug free? Free of the any of the bugs in 2.04.01?

Offline amspire

  • Super Contributor
  • ***
  • Posts: 2333
  • Country: au
Re: changing the rigol DS1052E to DS1102E using USB , the dummy guide
« Reply #890 on: November 02, 2011, 01:06:29 AM »
That is an amazing piece of work from George (A Hellene).

Brilliant!

Thanks for pulling together so much information from previous posts into one great tutorial.


Richard

Offline A Hellene

  • Frequent Contributor
  • **
  • Posts: 451
  • Country: gr
Re: changing the rigol DS1052E to DS1102E using USB , the dummy guide
« Reply #891 on: November 02, 2011, 01:46:12 AM »
You are welcome, gentlemen!


I have a question. Is 2.06 bug free? Free of the any of the bugs in 2.04.01?

I cannot answer this question because when I resoldered the FPGA back on my board I did not extensively test FW v2.06, since the reference data I have in my hands were collected using the firmware v2.04 SP1; neither my device's noise problem was fixed, in order to start anew.

After a while, discovering a few mistakes in the PCB wiring diagrams I drew, I removed the FPGA once more to correct them and resoldered the FPGA back; but it seems that I did not align the chip properly and I mangled my calibration data... So, I started studying the DSP processor, since this guy's family is a total stranger to me; this is the reason why I immediately recognised the mistake in the BlackFin bootloader, above.

But, the worst part is that my spare time is very very limited these days, in order to make any further progress...


-George

Offline Lightages

  • Supporter
  • ****
  • Posts: 1898
  • Country: cl
  • Canadian po
Re: changing the rigol DS1052E to DS1102E using USB , the dummy guide
« Reply #892 on: November 02, 2011, 01:59:38 AM »
Would it be possible for you to link to the latest schematics that you have drawn?

Thank you

Les

Offline A Hellene

  • Frequent Contributor
  • **
  • Posts: 451
  • Country: gr
Re: changing the rigol DS1052E to DS1102E using USB , the dummy guide
« Reply #893 on: November 02, 2011, 02:45:36 AM »
Of course I will, Les. I will post them at the same location I have already have the analog schematics posted when I will have them drawn, since what I have in my hands right now cannot be called schematics; it is plain text files describing the PCB components interconnections data.

By the way, I have already posted a quick preview of the DS1000X design at the link in my very previous message, above.


-George

Online EEVblog

  • Administrator
  • *****
  • Posts: 13363
  • Country: au
    • EEVblog
Re: Hacking the latest firmware, which currently is v2.06 SP0 (2.06.00.01).
« Reply #894 on: November 02, 2011, 09:03:52 AM »
I would be happy to post the new hacked firmware that downgrades every FW revision up to v2.06 SP0 included, down to v2.02 SP2 along with the original FW v2.06 SP0 (2.06.00.01).
But, given that all the "illegal" firmware attachments were removed from this blog at some point, makes obvious that posting the FW files above puts the blog at risk.

Correct.
Please do not attach any copyrighted firmware files on this forum, they will be removed.
However, no one will stop you from posting a URL to somewhere else  ;)

Dave.

Offline A Hellene

  • Frequent Contributor
  • **
  • Posts: 451
  • Country: gr
Re: changing the rigol DS1052E to DS1102E using USB , the dummy guide
« Reply #895 on: November 02, 2011, 10:26:07 AM »
Fair enough, Dave.

This is an archive containing a few useful files:
- Firmware v2.02 SP2 (2.02.02.00)
- Firmware v2.04 SP1 (2.04.01.02)
- Firmware v2.06 SP0 (2.06.00.01)
- Firmware 2.06.00.01 to 2.02.02.00 downgrade
- DemoIDN USB tool

Since it is unknown if and when the file will be removed, you are strongly encouraged to download it and mirror it on your servers.


-George

Offline amspire

  • Super Contributor
  • ***
  • Posts: 2333
  • Country: au
Re: changing the rigol DS1052E to DS1102E using USB , the dummy guide
« Reply #896 on: November 02, 2011, 11:00:39 AM »
George,

Is the firmware the same for the DS1052e and the hacked 100MHz version? So after converting can we load firmware 2.06?

Also after converting and upgrading, can we use the same hacked 2.02 firmware to allow us to go back to an earlier firmware, or to revert to a 50MHz scope?

Are these firmware for particular hardware builds?

Thanks for the files.

Richard

Offline torch

  • Regular Contributor
  • *
  • Posts: 225
Re: changing the rigol DS1052E to DS1102E using USB , the dummy guide
« Reply #897 on: November 02, 2011, 11:20:04 AM »
Interesting thing, copyright. Under Canadian law (which conforms to the international Berne Convention treaty) copyright subsists in any work, whether or not it is explicitly declared. Now, "What is a 'work'?" you might well ask. The definition is very broad, so it's easier to define what is not a work. And in that short list we find that a set of instructions for the operation, maintenance or service of a product supplied by a manufacturer of that product is NOT a work.

It doesn't matter whether the instructions are printed or filmed or electronic.

So, I keep a backup copy of the latest electronic on-board help files supplied by the manufacturer of my scope in this secure off-site location, without any worry that it will be "taken down" by someone who is not familiar with copyright law. I understand that laws in other lands may be slightly different, so I urge any foreign readers to check before following either my link or my example. The MD5 hash is 5c8bba8e8d5237e890a2348a0069ebe8

Offline A Hellene

  • Frequent Contributor
  • **
  • Posts: 451
  • Country: gr
Re: changing the rigol DS1052E to DS1102E using USB , the dummy guide
« Reply #898 on: November 02, 2011, 11:40:42 AM »
Richard,

The firmware is the same for all the DS1000E products: The 50 MHz DS1052E, the 100 MHz DS1102E and the 150 MHz DS1152E, therefore, if you wish, you can aim higher than the 100 MHz model in order to unlock the full potential of your device. Remember that the DS1000E hardware can go up to 170 MHz; the top frequency filtering is purely digital.

The whole idea is to downgrade to the v2.02 FW because it is one of the last revisions that can execute the specific commands which can change the device model and serial number. So, loading the v2.02 you can always instruct your device what model it will become; you can go either upwards or downwards.

As for the hardware revisions, let me quote Drieg:
Here's the table which FW supports which HW. Higher FW supports all older HW versions.
HW version    FW version
58
00.02.04.01.00
57
00.02.04.00.03
07
00.02.02.02.00
__________


torch,

This was a very interesting piece of information.
Thank you.


-George
« Last Edit: November 02, 2011, 11:42:32 AM by A Hellene »

Offline amspire

  • Super Contributor
  • ***
  • Posts: 2333
  • Country: au
Re: changing the rigol DS1052E to DS1102E using USB , the dummy guide
« Reply #899 on: November 02, 2011, 12:08:22 PM »
So is 2.06.00.01 only for HW 59 or does it work on HW58 as well?

Richard



Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf