DSOX2000 and 3000 series - licence , have anyone tried to hack that scope ?

[PA0PBZ]

Our command line is -l All -l SCPIPS

I see you have been playing already

[Daxxin]

I see you have been playing already

  Done ..tried another nk.bin but crashed too ..so i put 2.35 inside a folder  and with booted scope i did the update to 2.35 everything fine 

thanks a lot for helping guys

[PA0PBZ]

Done ..tried another nk.bin but crashed too ..so i put 2.35 inside a folder  and with booted scope i did the update to 2.35 everything fine 

Well done... any idea what caused this? Probably not but good to see that you made it this far 

You might as well update a bit further to get the corruption prevention, 2.41 should be fine.

[TK]

Anyone got recommendations (tips/tricks) on how to attack the InfiniiVision 1000 X-Series? Unlock the three licenses DSOX1EMBD, DSOX1B7T102 and DSOX1AUTO.

Does it have a RS232 console port? I'd start by logging the boot sequence.

Keysight 1000X hack attempts: https://www.eevblog.com/forum/blog/eevblog-978-keysight-1000x-hacking/msg1154923/#msg1154923

[Daxxin]

Done ..tried another nk.bin but crashed too ..so i put 2.35 inside a folder  and with booted scope i did the update to 2.35 everything fine 

Well done... any idea what caused this? Probably not but good to see that you made it this far 

You might as well update a bit further to get the corruption prevention, 2.41 should be fine.

really no idea what i happened , now i need to read well the 3ad if and how prepare modified stick
and let untouched internsl flash ...by the way this the orrible self made home lan card

 

[PA0PBZ]

Anyone got recommendations (tips/tricks) on how to attack the InfiniiVision 1000 X-Series? Unlock the three licenses DSOX1EMBD, DSOX1B7T102 and DSOX1AUTO.

Does it have a RS232 console port? I'd start by logging the boot sequence.

Keysight 1000X hack attempts: https://www.eevblog.com/forum/blog/eevblog-978-keysight-1000x-hacking/msg1154923/#msg1154923

Ah yes, I totally forgot about that one 

[PA0PBZ]

by the way this the orrible self made home lan card

Well, it did the job so it's excellent

[TheAmmoniacal]

Anyone have a good photo (high res, IC models visible) of the 2000 X series, PCB area where the LAN connects?

[Daxxin]

Anyone have a good photo (high res, IC models visible) of the 2000 X series, PCB area where the LAN connects?

Lan card have a edge connector 80pin its very well visible in the right hand side around the center in vertical
but they asked if you have serial connector inside my 2012a there only 1 connector 2 rows with 5 pin if you look at this
3ad past pics there also pinout.

[ELIK]

Are you working with firmware version 4.08.2016071801?

I've been trying at this, but even an unpatched infiniiVisionCore.dll from the firmware image is giving me issues. With CFF Explorer, you can see its header has the machine type set to MIPS R4000, yet the disassembled instructions only make sense if you treat it as ARM.

About version 4.08 - no, sorry, have no any versions older than 7.10 for my scope. Very interest to look at this update pack.

By the way, have anyone the oldest update files by these MSOX300T? Will be great if you can share older files here.

About dll.
Mmm.. Yes, I saw this strange thing with it (MIPS), but after editing of one sign byte in this .dll file, the IDA detects this dll properly and disassemble it successfully, as ARM. Say more, the lot of DLLs inside nk.bin are have sign "MIPS" but have a code absolutely not for MIPS MCU. I think, the WinCE core ignore this sign byte, maybe this byte was maded for us, for make disassembly impossible. It's my opinion only.

Now, because have no DSOXLAN, I have a fight with MagJack for LAN pcb - can't found it somewhere not far from me... Thinking, for the first probe, use the usual separated pair of LAN frontend: transformer pack + usual LAN connector.

[Daxxin]

For what i remember MIPS R4000 was the chip of playstation 1 ..so far away years ago  or SGI graphics workstation Unix Irix driven.

[PA0PBZ]

I got the same when working on the Flir E4, also WinCE:

https://www.eevblog.com/forum/thermal-imaging/flir-e4-thermal-imaging-camera-teardown/msg317292/#msg317292

[Sbampato12]

Tested here in a 2014A, firmware 2.42 the LAN hack still working to me.

I don't remember if it is discussed before, but when --help, it has --4GSa and --5GSa, but seens to take no effect on DSOX2000.

[PA0PBZ]

I don't remember if it is discussed before, but when --help, it has --4GSa and --5GSa, but seens to take no effect on DSOX2000.

There's no need for --help, when you do something invalid like --eevblog it will spit out the options also

[Sbampato12]

I don't remember if it is discussed before, but when --help, it has --4GSa and --5GSa, but seens to take no effect on DSOX2000.

There's no need for --help, when you do something invalid like --eevblog it will spit out the options also

Yep, it did it with the --forcemaxmem option. But the --perf is ok.

[Ivan7enych]

Thanks to all, who made this mod possible!

I've got on ebay DSOX3014 model, already unlocked to 200MHz.

with -l BW20 unlock it shows 1.7ns rise time,
after all required components replacement to 350MHz model it shows 940ps rise time,

with -l BW50 option it shows 660ps rise time
and 600MHz signal looks very good (little amplitude drop) and trigger is very stable (actually trigger works well up to 1GHz, but amplitude drops significantly).

It was tested with NWT6000 board (25M-6GHz), it generates good rectangular shape signals, at least my old tek 744 -> 784 sees 350ps rise time.

[sportq]

If anyone needs a DSOXLAN I've got 2 left over from an OSHPark order (minimum order is 3 pcbs). Assembled and tested.

UPDATE: Both boards now sold.

Pete

[ELIK]

The "tramp" version of DSOXLAN PCB, with standalone pulse transformer and SMD RJ45 Jack. Was made for the items from my trash under the table 
If anyone have interest, I can present the gerbers of this pcb.

[tivoi]

you mentioned "bricked the scope" ,i'm not good at english ,does it mean this way may be harmful to scope  ,such as breaking the scope ?
DE BD7JAT

Yes, a wrong step or wrong link might lead to your scope being unusable, and you'd need to send it back to the factory for repair.
That being said... has anyone actually BRICKED their scope yet? I don't remember of one but eh... it's quite a long thread.

Also, I've attached the file all inside a zip. The steps are basically :

1) Extract all files (including the .lnk) to the root of your usb drive
2) From the scope's front panel, press Utility ->File Explorer -> Press to go to: <USB Drive label>(usually "usb")
3) From the drop down, scroll to the v241_link_install.cab to select
4) Press Load file

The scope will ask for your confirmation and then it will load/update and reboot.

FYI, my link file is :
160#\Secure\infiniiVision\infiniivisionLauncher.exe -l DIS -l MSO --perf -l MEMUP -l SCPIPS -l CABLE -l SGMC -l FLEXC -l TOM -l BW20 -l ADVMATH -l EMBD -l EDK -l VID

the other cab uninstall the link file and restores your previous setting.

Cheers

i was test with dsox2014 V2.42 , it work well
thanks you

[TheSteve]

Bumping up this thread again. I am still dreaming of the 1 GHz mod for the 3000T series - we're still looking for someone to remove and measure a few capacitors from the front end of one channel(from a 3104A or 3104T). Or someone sell me one for a reasonable price and I'll measure the caps. I am also offering a reward of an Agilent 2.5 GHz active probe with case and accessories to the person who gets the values for us. I'll pay for shipping anywhere in the world as well.

[TheCloser]

Hi guys,
please forgive me if this question has been asked and answered before (I have read the last 30 pages or so) - How can you tell which number to put at the beginning of the the file - I've seen all sorts of numbers - 53#, 160# and etc.
Thanks in advanced!

[georgd]

The number in front of command line is the count of characters in it.

[TheCloser]

Great!
Many many thanks!

[ELIK]

Count of all symbols after #

[daflory]

The "trump" version of DSOXLAN PCB, with standalone pulse transformer and SMD RJ45 Jack.   
If anyone have interest, I can present the gerbers of this pcb.

This a beautiful LAN card. I especially like the fact that it has LED's and nicely radiused edges. That big pulse transformer also inspires confidence.
Did you design this yourself? Do you have any for sale, or that gerbers you mentioned with a BOM?
Thanks!