Author Topic: DG4000 - a firmware investigation  (Read 207426 times)

0 Members and 1 Guest are viewing this topic.

Offline Harvs

  • Super Contributor
  • ***
  • Posts: 1202
  • Country: au
Re: DG4000 - a firmware investigation
« Reply #75 on: November 16, 2013, 09:50:21 am »
A sweep from 1 to 200MHz, Hack DG4202 to DS2202.  Using a short coax and 50ohm term.

The falling edge of CH2 is a 100MHz.
 

Offline TMM

  • Frequent Contributor
  • **
  • Posts: 471
  • Country: au
Re: DG4000 - a firmware investigation
« Reply #76 on: November 16, 2013, 10:06:51 am »
Looks like the analog bandwidth is 160Mhz. Still worth modding to DG4202 for the 5Mhz Ramp though  :-+
 

Offline Rory

  • Frequent Contributor
  • **
  • Posts: 410
  • Country: us
Re: DG4000 - a firmware investigation
« Reply #77 on: November 16, 2013, 10:41:09 pm »
Amazing job Cybernet...  8)

Anywho, I've compiled it fine on Ubuntu 13.10 under Vbox, but when run I always get an error "Invalid <CURRENT_MODEL> len"

I thought this was a bit odd, as there's only so many ways you can get DG4062 wrong.  So I copied and pasted the example command, and I get the same error.  So obviously there's something wrong with the setup.

My guess is it's going to be something to do with local terminal options or the like?  Can any linux guru's shed light on that one for me?

I have something similar when I compile it using gcc under cygwin both 32 and 64 bit versions.  I added some debug code and it appears that the first character of the argv[] parameters is being truncated by strtoupper() . I got a workaround by adding a dummy character at the beginning of each parameter:   

./cengen xDG4062 xDG4202 xDG4D1000000001

then it passes the error checking and generates the license.CEN file

*edited - strtoupper is truncating, not when the parm is passed via argv.

*edited again - tried an alternative strtoupper() from cplusplus.com forum and works fine. /* */ commented out original function and inserted this:
Code: [Select]
char *strtoupper(char *str){
    int i = 0;
    char *p = (char*) malloc((strlen(str) + 1) * sizeof(char)); // EDIT: + 1 important!
    for(; str[i]; ++i){
        if((str[i] >= 'a') && (str[i] <= 'z'))
            p[i] = str[i] + 'A' - 'a';
        else
            p[i] = str[i];
    }
    p[i] = '\0';
    return p;
}


« Last Edit: November 16, 2013, 11:22:41 pm by Rory »
 

Offline cybernetTopic starter

  • Regular Contributor
  • *
  • Posts: 247
  • Country: 00
  • pm deactivated, use the search function ...
Re: DG4000 - a firmware investigation
« Reply #78 on: November 16, 2013, 11:15:27 pm »
FW 07 also tested okay
___________________
"all rights reversed :-)"
R0=-0x18;
UNLINK;
RTS;
 

Offline Mark_O

  • Frequent Contributor
  • **
  • Posts: 939
  • Country: us
Re: DG4000 - a firmware investigation
« Reply #79 on: November 16, 2013, 11:19:18 pm »
Looks like the analog bandwidth is 160Mhz. Still worth modding to DG4202 for the 5Mhz Ramp though  :-+

TMM, that conclusion assumes the measuring device (scope) is itself perfectly flat to 200 MHz.  Thus the falloff is completely due to the generator.  That's unlikely to be the case.

Also, Harvs wrote:

> Using a short coax and 50ohm term. <

and an external 50-ohm terminator does not eliminate the internal capacitance on the front end.  I'm assuming he's using one of the DS2000-series scopes.
 

Offline Rigol-Friend

  • Contributor
  • Posts: 35
  • Country: de
Re: DG4000 - a firmware investigation
« Reply #80 on: November 16, 2013, 11:21:04 pm »
At first I have to say 'THANK YOU so much' to RORY
, because he helped me with "CygWin"
and so it was possible for me to compile "cengen.c" in Win XP.

But after this I got the next problem:
I started "cengen.exe" with correct parameters, I got every time an error
message like attachment. Then -for a test- I deleted in "cengem.c" these
6 if-lines [first line begins "if (strlen(cur_model)!=6)..."]
and after that I got the "license.cen" with 751 bytes without errors.
But as the DG4062 has read it, it answered: "invalid license file"  :-((

After no sleep last night, now I gave it up very tired. I think, I'm to old (72 Y.)
for those adventures with no knowledge from Linux.

Maybe it's a problem with the firmware?

My DG4062 shows:
Softvers. 00.01.04
FPGA Vers. 00.01.07
Hardw.vers. 01.01
Keyb.vers. 04.01

Is there any chance? Thank you and forgive my terible english.

Rigol-Friend
My english is VERY poor, sorry. I learned in school, about more than 55 years ago.

But I'am a happy owner of Rigol DSA815-TG with all options + DS2302 (was DS2072) + DG4202 (was DG4062)
Mega thanks to the developers of the key-generator ! Especially to CYBERNET with his brilliant brain !
 

Offline cosmos

  • Regular Contributor
  • *
  • Posts: 110
  • Country: 00
Re: DG4000 - a firmware investigation
« Reply #81 on: November 16, 2013, 11:22:13 pm »
Great work cybernet.

This hack sounds like it could be applied to the DS4000 too.
Is it enough to search the GEL file for similar code to confirm it uses the same method? any specific string to look for?
I tried searching the DS4000 GEL for  "YZDHZSGCX" and segments of it but came up empty.
 

Offline cybernetTopic starter

  • Regular Contributor
  • *
  • Posts: 247
  • Country: 00
  • pm deactivated, use the search function ...
Re: DG4000 - a firmware investigation
« Reply #82 on: November 16, 2013, 11:27:34 pm »
the DS4k software is based on the DS2k software - there is no CEN support that i would have spotted on my way through this piece of s...oftware ;)
but there are still some bits to be discovered in that software ... internal filesystem (and how to access it), some SCPI commands that seem "unreachable", bootloader update, and custom firmware - running linux would be fun ;)

« Last Edit: November 16, 2013, 11:30:33 pm by cybernet »
___________________
"all rights reversed :-)"
R0=-0x18;
UNLINK;
RTS;
 

Offline Rory

  • Frequent Contributor
  • **
  • Posts: 410
  • Country: us
Re: DG4000 - a firmware investigation
« Reply #83 on: November 16, 2013, 11:41:14 pm »
At first I have to say 'THANK YOU so much' to RORY
, because he helped me with "CygWin"
and so it was possible for me to compile "cengen.c" in Win XP.

But after this I got the next problem:
I started "cengen.exe" with correct parameters, I got every time an error
message like attachment. Then -for a test- I deleted in "cengem.c" these
6 if-lines [first line begins "if (strlen(cur_model)!=6)..."]
and after that I got the "license.cen" with 751 bytes without errors.
But as the DG4062 has read it, it answered: "invalid license file"  :-((

After no sleep last night, now I gave it up very tired. I think, I'm to old (72 Y.)
for those adventures with no knowledge from Linux.

Maybe it's a problem with the firmware?

My DG4062 shows:
Softvers. 00.01.04
FPGA Vers. 00.01.07
Hardw.vers. 01.01
Keyb.vers. 04.01

Is there any chance? Thank you and forgive my terible english.

Rigol-Friend

I had same problem Rigol-Friend.  Look at my earlier message above for the change to strtoupper() function. If you just remove the error checking code as you did, the .cen file will not be correct. (missing the D's....)

 

Offline Rigol-Friend

  • Contributor
  • Posts: 35
  • Country: de
Re: DG4000 - a firmware investigation
« Reply #84 on: November 17, 2013, 12:13:09 am »
CYBERNET and the other friends:

Jesus Christ, Cybernet, the cen-file you sent to me worked 100%. Now my generator (DG4062) produces frequencies up to 200 mhz, WOW.
THANK YOU, THANK YOU, THANK YOU THANK YOU, THANK YOU, THANK YOU THANK YOU, THANK YOU, THANK YOU.
For me as radioamateur this is more than interessting.

If you like, I want to invite you for a bottle of Champain, or more :-))

Phantastig,
Rigol-Friend
My english is VERY poor, sorry. I learned in school, about more than 55 years ago.

But I'am a happy owner of Rigol DSA815-TG with all options + DS2302 (was DS2072) + DG4202 (was DG4062)
Mega thanks to the developers of the key-generator ! Especially to CYBERNET with his brilliant brain !
 

Offline cybernetTopic starter

  • Regular Contributor
  • *
  • Posts: 247
  • Country: 00
  • pm deactivated, use the search function ...
Re: DG4000 - a firmware investigation
« Reply #85 on: November 17, 2013, 12:14:19 am »
CYBERNET and the other friends:

Jesus Christ, Cybernet, the cen-file you sent to me worked 100%. Now my generator (DG4062) produces frequencies up to 200 mhz, WOW.
THANK YOU, THANK YOU, THANK YOU THANK YOU, THANK YOU, THANK YOU THANK YOU, THANK YOU, THANK YOU.
For me as radioamateur this is more than interessting.

If you like, I want to invite you for a bottle of Champain, or more :-))

Phantastig,
Rigol-Friend

np, that was no champagne, that was just a 'radler' ;)
___________________
"all rights reversed :-)"
R0=-0x18;
UNLINK;
RTS;
 

Offline sprocket

  • Regular Contributor
  • *
  • Posts: 52
  • Country: dk
Re: DG4000 - a firmware investigation
« Reply #86 on: November 17, 2013, 12:28:30 am »
Damit I'm getting tempted to get a DG4062, just so I can hack it.. A signal gen like that is actually rather over kill for my needs. I usually just need PWM signals when I'm messing around with SMPS's.
 

Offline Rigol-Friend

  • Contributor
  • Posts: 35
  • Country: de
Re: DG4000 - a firmware investigation
« Reply #87 on: November 17, 2013, 12:30:23 am »
That's fine Cybernet  :-))
I think you are a German. The word 'Radler' only Germans are using. And remember the bottle of beer at your picture, isn't it ??


Anyway, I think you are more than genius, yes I think so !!

Good night,
Rigol-Friend
« Last Edit: November 17, 2013, 12:32:50 am by Rigol-Friend »
My english is VERY poor, sorry. I learned in school, about more than 55 years ago.

But I'am a happy owner of Rigol DSA815-TG with all options + DS2302 (was DS2072) + DG4202 (was DG4062)
Mega thanks to the developers of the key-generator ! Especially to CYBERNET with his brilliant brain !
 

Offline cybernetTopic starter

  • Regular Contributor
  • *
  • Posts: 247
  • Country: 00
  • pm deactivated, use the search function ...
Re: DG4000 - a firmware investigation
« Reply #88 on: November 17, 2013, 12:47:00 am »
That's fine Cybernet  :-))
I think you are a German. The word 'Radler' only Germans are using. And remember the bottle of beer at your picture, isn't it ??


Anyway, I think you are more than genius, yes I think so !!

Good night,
Rigol-Friend

more mountains than germany ...  :P
___________________
"all rights reversed :-)"
R0=-0x18;
UNLINK;
RTS;
 

Offline Rigol-Friend

  • Contributor
  • Posts: 35
  • Country: de
Re: DG4000 - a firmware investigation
« Reply #89 on: November 17, 2013, 12:57:43 am »
What do you think? Can we write in german also?

Mountains? Here, where I live, we have no mountains  :-DD
My english is VERY poor, sorry. I learned in school, about more than 55 years ago.

But I'am a happy owner of Rigol DSA815-TG with all options + DS2302 (was DS2072) + DG4202 (was DG4062)
Mega thanks to the developers of the key-generator ! Especially to CYBERNET with his brilliant brain !
 

Offline Harvs

  • Super Contributor
  • ***
  • Posts: 1202
  • Country: au
Re: DG4000 - a firmware investigation
« Reply #90 on: November 17, 2013, 01:25:21 am »
Looks like the analog bandwidth is 160Mhz. Still worth modding to DG4202 for the 5Mhz Ramp though  :-+

TMM, that conclusion assumes the measuring device (scope) is itself perfectly flat to 200 MHz.  Thus the falloff is completely due to the generator.  That's unlikely to be the case.
Yes, I wouldn't go as far as drawing any conclusions yet.  We need someone with a scope with significantly higher bandwidth to test this one.

Quote
Also, Harvs wrote:

> Using a short coax and 50ohm term. <

and an external 50-ohm terminator does not eliminate the internal capacitance on the front end.  I'm assuming he's using one of the DS2000-series scopes.

Yes as stated, a DS2202.

I posted this as more of an encouragement for someone on here to post a sweep taken with much higher performance equipment.
 

Offline elCap

  • Regular Contributor
  • *
  • Posts: 109
  • Country: jp
Re: DG4000 - a firmware investigation
« Reply #91 on: November 17, 2013, 03:16:32 am »
I'm unlucky  :'(...  I have a DG4102 with a serial number starting with DG4B1. cybernet's program requires DG4D1..
Guess I have to take the JTAG route.. Anyway, thanks for your work!! :-+
 

Offline cybernetTopic starter

  • Regular Contributor
  • *
  • Posts: 247
  • Country: 00
  • pm deactivated, use the search function ...
Re: DG4000 - a firmware investigation
« Reply #92 on: November 17, 2013, 03:18:18 am »
I'm unlucky  :'(...  I have a DG4102 with a serial number starting with DG4B1. cybernet's program requires DG4D1..
Guess I have to take the JTAG route.. Anyway, thanks for your work!! :-+

change the strcmp in the code ....
___________________
"all rights reversed :-)"
R0=-0x18;
UNLINK;
RTS;
 

Offline elCap

  • Regular Contributor
  • *
  • Posts: 109
  • Country: jp
Re: DG4000 - a firmware investigation
« Reply #93 on: November 17, 2013, 03:32:43 am »
I'm unlucky  :'(...  I have a DG4102 with a serial number starting with DG4B1. cybernet's program requires DG4D1..
Guess I have to take the JTAG route.. Anyway, thanks for your work!! :-+

change the strcmp in the code ....

Thanks!! It worked perfect!  :)

By the way, I have version 01.02. I will upgrade to 01.07 now.
« Last Edit: November 17, 2013, 03:34:24 am by elCap »
 

Offline TMM

  • Frequent Contributor
  • **
  • Posts: 471
  • Country: au
Re: DG4000 - a firmware investigation
« Reply #94 on: November 17, 2013, 03:49:54 am »
Looks like the analog bandwidth is 160Mhz. Still worth modding to DG4202 for the 5Mhz Ramp though  :-+

TMM, that conclusion assumes the measuring device (scope) is itself perfectly flat to 200 MHz.  Thus the falloff is completely due to the generator.  That's unlikely to be the case.
We can assume the DS2202 does a bit better than 200MHz so it is a little less than 3dB (70.7% p-p) down at 200MHz. From that you can conclude that the bandwidth of the function gen falls between 100MHz and 200MHz. You wouldn't expect a function gen to be less than 6dB down at 200MHz if it's bandwidth was 60MHz.
Spec for the DG4162 states <-0.8dB @ 160MHz. Spec at 100MHz and 60MHz is identical to the lower models so you can bet money that the hardware is no different.
« Last Edit: November 17, 2013, 03:55:33 am by TMM »
 

Offline Rigol-Friend

  • Contributor
  • Posts: 35
  • Country: de
Re: DG4000 - a firmware investigation
« Reply #95 on: November 17, 2013, 09:45:31 am »
A hint for the german speaking users: Since some weeks Rigol offers the user manual now in german language also. :-)

http://www.batronix.com/pdf/Rigol/UserGuide/DG4000_UserGuide_DE.pdf
My english is VERY poor, sorry. I learned in school, about more than 55 years ago.

But I'am a happy owner of Rigol DSA815-TG with all options + DS2302 (was DS2072) + DG4202 (was DG4062)
Mega thanks to the developers of the key-generator ! Especially to CYBERNET with his brilliant brain !
 

Offline AndyC_772

  • Super Contributor
  • ***
  • Posts: 4208
  • Country: gb
  • Professional design engineer
    • Cawte Engineering | Reliable Electronics
Re: DG4000 - a firmware investigation
« Reply #96 on: November 17, 2013, 10:36:01 am »
If you're interested in the hardware capabilities of the DG4xxx series above their rated frequency response check out this thread:

https://www.eevblog.com/forum/testgear/250-mhz-out-of-a-rigol-dg4102-a-100-mhz-waveform-generator/

I took a bunch of measurements using an Arb waveform which consists of 10 cycles of a sine wave, which quite clearly show the true response of the hardware and the extent to which high frequency roll-off is being corrected for by software calibration. The plots were all taken using a 500 MHz Tektronix scope, so they should be pretty flat across the range of interest.

Offline ted572

  • Frequent Contributor
  • **
  • Posts: 399
  • Country: us
  • Radio Communications Equipment/System Design Engr.
Re: DG4000 - a firmware investigation
« Reply #97 on: November 17, 2013, 08:41:44 pm »
First:  Thank you very much cybernet for all the fine work you have done for us. I'm sure we all appreciate it so much!
          You certainly have made me very happy with my souped up Rigol equipment.

Question for the forum about 'DG4000 cengen':

If you use the 'cengen'  to go from 'DG4062' to 'DG4202', (with, or without changing the S/N) can you then later go back to 'DG4062' (original) using 'cengen' if you find a bug, flaw, or worst yet, have to send your unit back for warranty repair?

BTW I prefer leaving the S/N as is.  Could this cause any potential future issues?

I would like to try this myself, but I'm not a Linux user and I have not been able to figure out how to generate the key as of yet. Cybernet's instructions look clear if you have some basic knowledge of the Linux OS, but I don't, and that's my problem! If there were some step-by-stbep instructions available, I would jump on it. In the mean time I'll continue to try to figure it out.
« Last Edit: November 18, 2013, 10:41:33 pm by ted572 »
 

Offline cybernetTopic starter

  • Regular Contributor
  • *
  • Posts: 247
  • Country: 00
  • pm deactivated, use the search function ...
Re: DG4000 - a firmware investigation
« Reply #98 on: November 17, 2013, 10:08:07 pm »
try it and let us know ;)
___________________
"all rights reversed :-)"
R0=-0x18;
UNLINK;
RTS;
 

Offline elCap

  • Regular Contributor
  • *
  • Posts: 109
  • Country: jp
Re: DG4000 - a firmware investigation
« Reply #99 on: November 17, 2013, 11:07:58 pm »
I tried to go back from DG4202 to DG4102, no problem. I kept the SN, only changed the model.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf