Sniffing the Rigol's internal I2C bus

[Monkey]

I'm also a new owner of a DS2072 and done what trevorklat has done above with the new Hardware V2.

Sorry, but where trevorklat says that his is the 2.0 version? 
Or what you mean is, that yours DS2072 is 2.0 HW Ver.

Sorry about that, Hope this pic should clarify it

[Carrington]

Congratulations, then both are the H.W. version 2.0. 

[tlu]

is anyone working on gaining JTAG access to a DSA ? i can provide the schematics on how to patch it up ... dump the memory 0x0-0x20000000 with gdb, and then u should have the curve parameters. contact me if u need jtag access guidance.

I planned on picking up a dsa815-tg and would like to help out on the jtagging process. In Dave's tear-down video, it contains the black fin uC. Will this lead to a potential 3Ghz?

[Uup]

I planned on picking up a dsa815-tg and would like to help out on the jtagging process. In Dave's tear-down video, it contains the black fin uC. Will this lead to a potential 3Ghz?

I doubt it could be done. The next two models up are different instruments. Unfortunately, it appears as though the DSA815 is in a hardware class of its own.

[leafi]

I would like to thank the team who made this mod possible! I unlocked my DS2072 and it has retained the serial number. If only they would sell it like this for 850 they would sell a ton more. After all I may talk my boss into buying some for work. We have CRAP tektronix scopes... SO pathetic. We purchased one DS1053E for another office and that kicks the butt of all but one tec scope the company owns. It is so funny that a 350 scope will kick the butt of a 1500 scope... so much so he asks me if I think the software engineer could get by with the crappy tek scope and swap the Rigol for it..... WTF the Rigol 1052E is a VERY low end scope, JUST BUY A FEW DS2072s for christ sake! It is insane when you realize that the low end 1052E is better than most of the company equipment in our office. (Does not include my stuff) Get with the program and get the tools you need to do the job!

Thanks Dave for running the forum and making the videos for I would never have known about the Rigol stuff. I very much like watching / listening to your videos while I do my work although it is a bit hard on tear downs as I want to watch but ehhh.

[olsenn]

I doubt it could be done. The next two models up are different instruments. Unfortunately, it appears as though the DSA815 is in a hardware class of its own.

There's no switching to another model, but there exists several software add-ons for the DSA815, including:
              * Advanced Measurement Kit ($499)
              * EMI Filter & Quasi-Peak Detector Kit ($599)
              * VSWR Measurement Kit  ($459)
...and there is a missing space shown in the listed options panel for an additional option which Rigol has not made public yet. It very well could be 10Hz RBW or 3GHz bandwidth

[leafi]

How about the DG4000 waveform generators? Are they software unlockable too? I would buy a DG4062 if it can be unlocked to be a DG4162. I just can not justify the extra expense.

[true]

How about the DG4000 waveform generators? Are they software unlockable too? I would buy a DG4062 if it can be unlocked to be a DG4162. I just can not justify the extra expense.

There is no serial entry mechanism. It is yet to be determined if there is any other way to unlock or change the model number.

Back to the DG2000, nobody doing JTAG dump? And any help with the blackfin IDA stuff? I still can't get it to compile.

[olsenn]

Why do people still care about the DS2000 stuff; it's done isn't it? I mean, it's been unlocked/cracked... why aren't we moving on to other hardware?

[true]

Why do people still care about the DS2000 stuff; it's done isn't it? I mean, it's been unlocked/cracked... why aren't we moving on to other hardware?

I'm not done.

"We," meaning you, can move on if you like. But many things from Rigol and others use blackfin so being able to work that in IDA would be nice. And as I said, I'm not done.

[tlu]

I doubt it could be done. The next two models up are different instruments. Unfortunately, it appears as though the DSA815 is in a hardware class of its own.

There's no switching to another model, but there exists several software add-ons for the DSA815, including:
              * Advanced Measurement Kit ($499)
              * EMI Filter & Quasi-Peak Detector Kit ($599)
              * VSWR Measurement Kit  ($459)
...and there is a missing space shown in the listed options panel for an additional option which Rigol has not made public yet. It very well could be 10Hz RBW or 3GHz bandwidth

Does this mean there is a slight remote chance the dsa815 may be software mod to achieve 10Hz RBW and 3Ghz full span? How is the options entered on the dsa815? Is it just a key entry like the ds2072?

[DL5TOR]

I doubt it could be done. The next two models up are different instruments. Unfortunately, it appears as though the DSA815 is in a hardware class of its own.

There's no switching to another model, but there exists several software add-ons for the DSA815, including:
              * Advanced Measurement Kit ($499)
              * EMI Filter & Quasi-Peak Detector Kit ($599)
              * VSWR Measurement Kit  ($459)
...and there is a missing space shown in the listed options panel for an additional option which Rigol has not made public yet. It very well could be 10Hz RBW or 3GHz bandwidth

Does this mean there is a slight remote chance the dsa815 may be software mod to achieve 10Hz RBW and 3Ghz full span? How is the options entered on the dsa815? Is it just a key entry like the ds2072?

the Options are enterd jutst with a key similar as the ds2072 there are some differences  to the ds2072 what, that i am checking now. as for the Options there are 4 known Options

TG, AMK, VSWR and EMI

but the Option Screen schows 5 available Options. Option no 3 is unknown.

I have a dump of the Blackfin so if anyone wants it then send me a pm or E-Mail

73 de DL5TOR
Torsten

[tlu]

Thanks DL5TOR for the provided information. This may be promising? I'm hoping the gurus on here will look into this  .

[Spark]

From label on box looks like these are the 5 options.

[olsenn]

Bingo!!! 10Hz RBW!

[tlu]

Thanks Spark. It looks like 10Hz RBW is software locked () but I do not see a bandwidth option () so that one maybe a hardware different between the 1.5Ghz and the 3Ghz model.

[ted572]

10 Hz Resolution Bandwidth (RBW) is a software enhancement to the IF DSP of the DA851. We all have compatible hardware for it, but Rigol China is NOT going to make it available to us. So the ONLY way to get it is to figure out a hack for it. I have the 10 Hz RBW software on my unit (but it is about to expire),  and I understand that there are quite a few others out there that also have it, but just haven't noticed it (?). I kind of wish that I had never seen it, because now I want it permanently.  But it is being saved for the next generation of the DSA800.

The 10 Hz RBW works great and it gives you 10 dB more on sensitivity for seeing the weak signals down in the noise. When measuring IMD of a SSB transmitter the resolution between the two signal and their IMD product is much cleaner, and you can see IMD products that you can't with the 100 HZ RBW. If you are testing for IMD products of -35 dB or better you should be using 10 Hz RBW.

Rigol advertises and spec's that you can differentiate two signal 100 Hz apart. Well this is pushing the reality a bit, but with the 10 Hz RBW it is very easy and clear.
 

[jeeff47]

Wow there is a lot of reading here, it took me a few hours to catch up (not looking forward to the other thread with 110 pages, I think I was on page 51 last time I had a chance to jump on here  . Great work everyone! I haven't had a chance to try it all out yet and I hope I do it correctly.
Am I able to save an image of my scope onto a flash stick for use at a later time? I thought I read that somewhere way back, (or maybe I'm making it up  ). Would you then be able to revert it back to how it was originally set from factory? I'm sure if it were possible someone on here would have thought about it already but I figured I would inquire either way.   

Thanks again for everyones hard work and time, its quite impressive what has been done.

[ted572]

Re. 10 Hz RBW.

I should have clarified that the 10 Hz RBW came on my DSA815-TG as a Trial Option. This of course was an unexpected treat at the time, until I realized that it was a Trial Option that would be gone when all the other Trial Option expired. Except this particular option could not be purchased! (at any price). So what is with this 'Chinese teaser'?

I was told that this option was sold on units at the Dayton Hamfest.  So what is a Hamfest anyway? -  Just kidding!

I purchased my unit directly from a test equipment distributor, and so did some others that were graced with this temporary treat.

If anyone knows how to get an image of my units SSD, and knows what to do with it, please advise how and I will provide a copy of it to you. If it had a removable hard drive, I would already have had made an image of it.

[jsykes]

How do you get to the 10Hz option? I purchased my 815 in April SN# DSA8A1444xxxxx. Serial# indicates it was manufactured week 44 of 2012. I have never seen a selection for 10Hz on any menu.

[StubbornGreek]

I only now realized that I never said thank you to all those involved in this thread for their efforts hard work. 

[ted572]

Quote of jsykes' question (Reply #800 on: Today at 05:43:38 PM):

How do you get to the 10Hz option? I purchased my 815 in April SN# DSA8A1444xxxxx. Serial# indicates it was manufactured week 44 of 2012. I have never seen a selection for 10Hz on any menu.

---------------------------------------------------------------------------

Answer:

If you have it then it will be listed as a Trial (software) Option (NOT hardware). Then you have it, if NOT then there is no way currently to get, or purchase it.

The guy that can resolve this will be our Super Hero.

[olsenn]

DL5TOR, can you send me that DSA815 Blackfin dump you were talking about? Thanks!

[cybernet]

bfin ida cpu module
be warned however, it has bugs - if aX registers are in use (math heavy stuff) you can not trust the ida output, take it from objdump or gdb bfin if so.
the bfin stuff is kraters work, not mine. those modules where compiled on a x86 32 bit, for ida 6.2 - might not work with other ida versions.

im currently working on enhancing the bfin flirt tools from krater or probably rewrite them because somehow they dont seem to work right.
then it should be possible to get better matchrate for VDSP libraries to the firmwares - which will ease reversing them.

[ilya]

After installing the keys on my DS2072 and making it 2202 I've got a strange bug that corrupts saved to external USB key images (format independent). Has anybody noticed this?