Author Topic: changing the rigol DS1052E to DS1102E using USB , the dummy guide  (Read 415193 times)

0 Members and 5 Guests are viewing this topic.

Offline Mr-400-Volt

  • Newbie
  • Posts: 4
Re: changing the rigol DS1052E to DS1102E using USB , the dummy guide
« Reply #885 on: October 26, 2011, 05:50:15 AM »
Hi, i have done the Patch, and upgrade to the 2.05.02 original FW. So my screen is flickering. Can i downgreade again, and then to the FW 2.02.01 (bugfree)?

Offline gmdavies

  • Contributor
  • Posts: 6
Re: changing the rigol DS1052E to DS1102E using USB , the dummy guide
« Reply #886 on: November 01, 2011, 08:14:43 AM »
Have anyone managed to downgrade 2.06 yet? Ive managed to patch a 2.02 firmware file to be detected as a 2.06 but since i dont have a raw dump of my flash yet i dont want to try and cause a corrupt firmware only minutes after unpacking :S

I really would like to know how to do downgrade from 2.06 to 2.02 firmware as I have several scopes to hack. What did you do to patch the 2.2 file (or did you simply copy the header over, which of course shows the same upgrade screen but I guess won't actually work)? Well, if anyone has found how to do this, please tell.
« Last Edit: November 01, 2011, 09:23:50 AM by gmdavies »

Offline torch

  • Regular Contributor
  • *
  • Posts: 219
Re: changing the rigol DS1052E to DS1102E using USB , the dummy guide
« Reply #887 on: November 01, 2011, 10:54:24 AM »
A. Hellene cracked the header code in this post: http://www.eevblog.com/forum/index.php?topic=553.msg42404#msg42404

Theoretically, the same approach can be used to modify the 2.06 header

Offline amspire

  • Super Contributor
  • ***
  • Posts: 2333
  • Country: au
Re: changing the rigol DS1052E to DS1102E using USB , the dummy guide
« Reply #888 on: November 01, 2011, 10:56:09 AM »
I still haven't heard of anyone downgrading the 2.06 firmware. As far as I know, no-one has even posted a copy of the 2.06 firmware anywhere yet.

I did come across someone who has written a dissembler for the Rigol DS1052E Blackfin processor, in case anyone wants to start poking around:

http://codenaschen.de/tichyblog/?action=blog&entry=1_Blackfin%20Disassembler%20Processor%20IDA%20Pro%20Plugin
https://github.com/krater/Blackfin-IDA-Pro-Plugin

It includes the sourcecode for the Rigol firmware file loader.

On a different note, Screen flicker has been one of the problem some people have with their Rigol DS1052E series.  It has been blamed on firmware, but could it just be a bad connector?

http://the1.eyeit.org/index.php/2011/06/30/rigol-ds1052e-02-05-02

Richard
« Last Edit: November 01, 2011, 11:09:48 AM by amspire »

Offline Lightages

  • Supporter
  • ****
  • Posts: 1665
  • Country: cl
  • Canadian po
Re: changing the rigol DS1052E to DS1102E using USB , the dummy guide
« Reply #889 on: November 01, 2011, 11:30:49 AM »
I have a DS1052E  HW58 modified for 150Mhz, and was using 2.04.01 as suggested. It never flickered. As soon as I tried 2.05 it would flicker and more depending on math and more intensive CPU loads. Going back to 2.04.01 removed the flicker again.

Offline vtl

  • Regular Contributor
  • *
  • Posts: 135
  • Country: au
Re: changing the rigol DS1052E to DS1102E using USB , the dummy guide
« Reply #890 on: November 01, 2011, 04:06:37 PM »
Has anyone got a link to download 2.06 firmware for the DS1052e/1102e?

Offline A Hellene

  • Frequent Contributor
  • **
  • Posts: 451
  • Country: gr
Hacking the latest firmware, which currently is v2.06 SP0 (2.06.00.01).
« Reply #891 on: November 02, 2011, 12:38:26 AM »
Alright, my fellow EEVBloggers!

I would be happy to post the new hacked firmware that downgrades every FW revision up to v2.06 SP0 included, down to v2.02 SP2 along with the original FW v2.06 SP0 (2.06.00.01).
But, given that all the "illegal" firmware attachments were removed from this blog at some point, makes obvious that posting the FW files above puts the blog at risk.

Let's review some facts:
I still haven't heard of anyone downgrading the 2.06 firmware. As far as I know, no-one has even posted a copy of the 2.06 firmware anywhere yet.

Well, I have done it, Richard! And reverted back to v2.04 SP1.
Drieg led the way, providing us with some valuable information:
...don't waste your time, seems that Rigol made a stupid mistake and forgot to prevent a FW "upgrade" to the same version  ;)

Besides that, I didn't notice any difference between v2.5 and v2.6, at least the menu is very same.

The fact that v2.06 can "upgrade" itself is the key!

A. Hellene cracked the header code in this post: http://www.eevblog.com/forum/index.php?topic=553.msg42404#msg42404

Theoretically, the same approach can be used to modify the 2.06 header

Exactly, Torch! The method remains the same.
Recently, I posted the header of FW v2.06 SP0 (2.06.00.01) along with other ones at this message:
Code: [Select]
---------------------------------------------------------------------------
HEX Address: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14
---------------------------------------------------------------------------
v2.05.01.00: 44 53 31 30 30 30 45 20 20 20 82 85 84 88 C3 7B 47 92 39 C8 7E
v2.05.01.02: 44 53 31 30 30 30 45 20 20 20 82 85 84 82 8B B8 96 41 63 FF 33
v2.05.02.00: 44 53 31 30 30 30 45 20 20 20 82 85 82 88 C0 7E D7 6A 15 B6 B6
v2.06.00.01: 4A E3 3E 5E 1C EA 8D 39 9A 23 82 86 88 84 02 8C E9 A6 50 D0 BC
---------------------------------------------------------------------------


The steps to take are the following:

1. Find the original v2.02 SP2 (v2.02.02.00).
Original v2.02 SP2 file CRC32 checksum: A3370F0E
Original v2.02 SP2 file MD5 hash: 272086B2037231C62446617436544A77

2. Open it with a hex editor and replace the first 21 bytes of the header with the 21 bytes of the v2.06 SP0 (2.06.00.01) header, posted above.

3. Save the new file, which is recognised by the DS1000E as v2.06 (2.06.00.01) but it actually is v2.02 SP2 (2.02.02.00) and can change the model and the serial number of the device.
Hacked v2.02 SP2 file CRC32 checksum: 0C83CBD6
Hacked v2.02 SP2 file MD5 hash: 19EB82AB1FA4FE57CC9410F2074E9E67

Note that changing only the model will not work after a reboot. In order to save the model permanently it will also be needed to re-enter the serial number. Enter the serial number the device will return after the ":INFO:SERIAL?" command, or as it is displayed in the sticker at the back of the device; there is no need to change the model letter (D/B/F) within.

4. Change your device's model & serial number and upgrade your firmware to v2.04 SP1 (2.04.01.02), or higher, immediately!
DO NOT operate any further the HW58 devices with the hacked firmware or with any other firmware of a revision lower to v2.04 SP1.
Try also to avoid all the v2.05 revisions that introduced flickering or other bugs.

5. Done! Enjoy your crime! :P


P.S. The files mentioned above can be found online. So, please, do not start asking me to be sending or emailing them individually...

[EDIT]: All the files needed can be found here and here.




Something different, now:
[...]
I did come across someone who has written a dissembler for the Rigol DS1052E Blackfin processor, in case anyone wants to start poking around:

http://codenaschen.de/tichyblog/?action=blog&entry=1_Blackfin%20Disassembler%20Processor%20IDA%20Pro%20Plugin
https://github.com/krater/Blackfin-IDA-Pro-Plugin

It includes the sourcecode for the Rigol firmware file loader.
[...]

Richard

Ah, this is a very nice finding! Thank you, Richard.

I do not know what the main plug-in is able to do. There are listed a few bugs at the included README file, though.

Having spent some time on the BlackFin documentation, this is what I've quickly found in the rigol_ldr.h:
Code: [Select]
struct rgl_hdr {
uchar name[10];
uchar version[4];
uchar dummy1[2];
uint32 crc32;
uchar dummy2;
};

struct ldr_hdr {
uint32   addr;
uint32   size;
uint16   flags;
};

Well, according to the BlackFin "Loader and Utilities Manual" rev. 2.2, page 3-5:
"The boot ROM evaluates the first byte of the boot stream at address 0x2000 0000.
If it is 0x40, eight-bit boot is performed.
A 0x60 byte assumes a 16-bit memory device and performs eight-bit DMA.
A 0x20 byte also assumes 16-bit memory but performs 16-bit DMA.".


Since there is such an entry (with a value equal to 0x60) at all the .RGL firmware upgrade files (right after the 21-byte revision header and before the 10-byte bootloader header) I think that the source file above should rather read something in the lines of:
Code: [Select]
struct rgl_hdr {
uchar name[10];
uchar version[4];
uchar dummy1[2];
uint32 crc32;
uchar dummy2;
};

struct ldr_hdr {
uint16   bmode;
uint32   addr;
uint32   size;
uint16   flags;
};

[EDIT] I was wrong: Actually, the first boot Byte in the ldr_hdr (the 0x60 one in the DS1000 firmware upgrade files case) is the LSB of the first firmware file dword after the 21 bytes version header. [/EDIT]

I am also not sure how dummy the dummyX entries are...
Yet, I welcome and applaud any such efforts!


-George
« Last Edit: November 09, 2011, 01:05:05 AM by A Hellene »

Offline Lightages

  • Supporter
  • ****
  • Posts: 1665
  • Country: cl
  • Canadian po
Re: changing the rigol DS1052E to DS1102E using USB , the dummy guide
« Reply #892 on: November 02, 2011, 12:54:13 AM »
I again applaud the efforts here to keep the DS1052E hacks working!

I have a question. Is 2.06 bug free? Free of the any of the bugs in 2.04.01?

Offline amspire

  • Super Contributor
  • ***
  • Posts: 2333
  • Country: au
Re: changing the rigol DS1052E to DS1102E using USB , the dummy guide
« Reply #893 on: November 02, 2011, 01:06:29 AM »
That is an amazing piece of work from George (A Hellene).

Brilliant!

Thanks for pulling together so much information from previous posts into one great tutorial.


Richard

Offline A Hellene

  • Frequent Contributor
  • **
  • Posts: 451
  • Country: gr
Re: changing the rigol DS1052E to DS1102E using USB , the dummy guide
« Reply #894 on: November 02, 2011, 01:46:12 AM »
You are welcome, gentlemen!


I have a question. Is 2.06 bug free? Free of the any of the bugs in 2.04.01?

I cannot answer this question because when I resoldered the FPGA back on my board I did not extensively test FW v2.06, since the reference data I have in my hands were collected using the firmware v2.04 SP1; neither my device's noise problem was fixed, in order to start anew.

After a while, discovering a few mistakes in the PCB wiring diagrams I drew, I removed the FPGA once more to correct them and resoldered the FPGA back; but it seems that I did not align the chip properly and I mangled my calibration data... So, I started studying the DSP processor, since this guy's family is a total stranger to me; this is the reason why I immediately recognised the mistake in the BlackFin bootloader, above.

But, the worst part is that my spare time is very very limited these days, in order to make any further progress...


-George

Offline Lightages

  • Supporter
  • ****
  • Posts: 1665
  • Country: cl
  • Canadian po
Re: changing the rigol DS1052E to DS1102E using USB , the dummy guide
« Reply #895 on: November 02, 2011, 01:59:38 AM »
Would it be possible for you to link to the latest schematics that you have drawn?

Thank you

Les

Offline A Hellene

  • Frequent Contributor
  • **
  • Posts: 451
  • Country: gr
Re: changing the rigol DS1052E to DS1102E using USB , the dummy guide
« Reply #896 on: November 02, 2011, 02:45:36 AM »
Of course I will, Les. I will post them at the same location I have already have the analog schematics posted when I will have them drawn, since what I have in my hands right now cannot be called schematics; it is plain text files describing the PCB components interconnections data.

By the way, I have already posted a quick preview of the DS1000X design at the link in my very previous message, above.


-George

Online EEVblog

  • Administrator
  • *****
  • Posts: 11567
  • Country: au
    • EEVblog
Re: Hacking the latest firmware, which currently is v2.06 SP0 (2.06.00.01).
« Reply #897 on: November 02, 2011, 09:03:52 AM »
I would be happy to post the new hacked firmware that downgrades every FW revision up to v2.06 SP0 included, down to v2.02 SP2 along with the original FW v2.06 SP0 (2.06.00.01).
But, given that all the "illegal" firmware attachments were removed from this blog at some point, makes obvious that posting the FW files above puts the blog at risk.

Correct.
Please do not attach any copyrighted firmware files on this forum, they will be removed.
However, no one will stop you from posting a URL to somewhere else  ;)

Dave.

Offline A Hellene

  • Frequent Contributor
  • **
  • Posts: 451
  • Country: gr
Re: changing the rigol DS1052E to DS1102E using USB , the dummy guide
« Reply #898 on: November 02, 2011, 10:26:07 AM »
Fair enough, Dave.

This is an archive containing a few useful files:
- Firmware v2.02 SP2 (2.02.02.00)
- Firmware v2.04 SP1 (2.04.01.02)
- Firmware v2.06 SP0 (2.06.00.01)
- Firmware 2.06.00.01 to 2.02.02.00 downgrade
- DemoIDN USB tool

Since it is unknown if and when the file will be removed, you are strongly encouraged to download it and mirror it on your servers.


-George

Offline amspire

  • Super Contributor
  • ***
  • Posts: 2333
  • Country: au
Re: changing the rigol DS1052E to DS1102E using USB , the dummy guide
« Reply #899 on: November 02, 2011, 11:00:39 AM »
George,

Is the firmware the same for the DS1052e and the hacked 100MHz version? So after converting can we load firmware 2.06?

Also after converting and upgrading, can we use the same hacked 2.02 firmware to allow us to go back to an earlier firmware, or to revert to a 50MHz scope?

Are these firmware for particular hardware builds?

Thanks for the files.

Richard


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf