DSOX2000 and 3000 series - licence , have anyone tried to hack that scope ?

[JeffreyLatter]

...snip....

Code: [Select]


3000T series:

firmware 7.20
----------------


1) options patch:  0x486f3c  --> "04 00 A0 E1" --> "00 00 A0 E3"
2) nag patch:      0x4f22c8  --> "A8 F1 93 E5" --> "01 00 A0 E3"




To understand how to apply these patches, best way is to follow safar's post, details here... they seem to have taken the same approach with all of the firmware's now, the DLL is NO longer on disk, it has to be modified directly in the Windows CE image (nk.bin)


https://www.eevblog.com/forum/testgear/dsox2000-and-3000-series-licence-have-anyone-tried-to-hack-that-scope/msg1453285/#msg1453285

@PhillyFlyers, @Safar - Thank you.

7.20 on 3KT now has the nag gone.. I patched "options" and "nag".

Using Safar's instructions, it took me a bit to realize that I needed to use the offsets provided by Philly in infiiniivision.dll to get a signature to match in the uncompressed.bin, plus the viewbin's data dump to get the "Record" (Record[173 for 7.2/3KT), use the hex in that data dump to get the offset in nk.bin to find the beginning/end of the dll in the bin, patch up the 2 locations, update checksum, compress, copy to usb, flash via telnet... (hopefully this very quick chain of thought helps someone else later...).

What is unexpected is on boot I'm now seeing "System concerns detected: - Secure Storage is uninitialized. Please set instrument serial and licensing model numbers." as a per-boot popup. Once I close that, about shows the proper serial#/model/bandwidth and all options.

I'm using the simple loader that jeffrey helped with along with the patched offsets.

I don't see any direct reference to that string/message in the (printed) thread, although there are some similar messages.... I didn't get this before patching nk.bin -- did I hose the patch or just needed to expect "secure storage is uninitialized"?

Thanks,

-j

When using the patched offsets, you don't need to use the launcher but just the .lnk with added options and character count, this will remove any message in my experience.
When starting using the launcher, the popup occurs with my scope too, but then patched offsets is not neccesary for added options.

[cisco]

can you please tell me how i can punch for my friend and my friend punch for thanks

[SUKA_KRYSA]

First, I wanna say big thanks to all of you guys and especially to Safar for all of your help!
I've succesfully liberated pair of DSO-X 2012A and MSO-X 4034A respectively, and they works just fine.

As PhillyFlyers stated two posts earlier, 4k series can be succesfully hacked with the .bin.comp file that he generously provided. As .lnk file, I simply used that one for 3k series and it suites just well, thanks again to Safar. The license list is enormous, as you can see.


Sorry for my english though.

[Netroman]

Does the 4k patched file also work for MSOX3000T series  (because it has the same firmware revision number and date)?

Thanks in advance, Josef

[Netroman]

Thank you so much - great work. 
In the meanwhile I'm working on the 1 GHz mod, then Comes the Firmware hack 
Best regards from Austria, Josef

[PhillyFlyers]

Heya All,

Does anyone know the scoop on the 4k series, in regards to the PCB and bandwidth upgrades?


Is it the same as the 2k/3k setup, where 200mhz can go up to 350mhz?  ie is there different filters needed to go from 350 to 500, and then to 1Ghz or 1.5Ghz?



So if for example you have a DSOX4024, can it only go up to 350Mhz without frontend changes... just wondering what fun things can be done with a 4k series...

[TheSteve]

Heya All,

Does anyone know the scoop on the 4k series, in regards to the PCB and bandwidth upgrades?


Is it the same as the 2k/3k setup, where 200mhz can go up to 350mhz?  ie is there different filters needed to go from 350 to 500, and then to 1Ghz or 1.5Ghz?



So if for example you have a DSOX4024, can it only go up to 350Mhz without frontend changes... just wondering what fun things can be done with a 4k series...

The 4000 series hardware/software bandwidth limits are the same as a 3000 series with the exceptions the 4000 series has one extra step to 1.5 GHz and they don't sell a 100 MHz version. That means a DSOX4024 can go to 200 MHz max without a hardware upgrade. There are 4 hardware versions in the 4000 series - 200 MHz, 350/500 MHz, 1 GHz and 1.5 GHz.
So the only software bandwidth upgrade supported in the 4000 series is if you have the 350 MHz model, a software license can upgrade it to 500 MHz. Any other bandwidth upgrade requires a new mainboard from Keysight.

[Sparky]

Heya All,
Does anyone know the scoop on the 4k series, in regards to the PCB and bandwidth upgrades?
Is it the same as the 2k/3k setup, where 200mhz can go up to 350mhz?  ie is there different filters needed to go from 350 to 500, and then to 1Ghz or 1.5Ghz?
So if for example you have a DSOX4024, can it only go up to 350Mhz without frontend changes... just wondering what fun things can be done with a 4k series...

I was wondering this too... thanks TheSteve for the reply.  I attached some clips about upgrades from the Keysight documents.

I don't believe we have any info here about specific hardware mods that would be needed to upgrade a, say 500MHz model to 1GHz.  Is it likely to be just a few missing or different components?  Or, major differences necessitating complete board swaps?

Aside: The included probes (all models I believe) are N2894A (700MHz bandwidth)...so even if possible to do upgrade to 1GHz or more one will need to buy some new probes...

[PhillyFlyers]

Was just looking back over this..

back in MemSet's instructions for the 350/500Mhz mod, he did say the upgrade can be applied to 3000A and 4000A models, so the frontend filter components are prob. the same... I also remember someone saying the 3000T and 4000 mainboards are pretty much the same, except the extra memory sizes (ram/flash), and the larger screen on the 4k..

I'm willing to bet the 3000T 1Ghz upgrade components would be the same if doing it to a 4k series scope...

[TheSteve]

Active probes are generally used above 500 MHz so that isn't really an issue.
The part swap to go to 1 GHz should be the same or nearly the same as the 3000T however the PCB layout isn't identical so some research is needed in that area.
I would have tried it already but I don't seem to have a 4000 series scope on the bench.

[Pinkus]

I do 
I sold my DSOX3024a and purchased a DSOX4024a instead.
The larger screen (though unfortunately not higher resolution) and the touch (not always, but perfect for dragging or entering numbers/characters) are a really nice improvement over the 3000 series. And I compared it to an R&S RTB2004: the Keysight is way better suited for daily work (easier and quicker to use, more and better functionality, not artificially crippled as the RTB).

Btw, Keysight does have a nice offer of a DSOX4024a including a fresh calibration at the moment: (https://www.ebay.com/itm/183228321094) for approx. 3000 Euro including world wide shipping! This is a really nice deal! And you can make an offer. 10%-15% off is usually no problem at the Keysight store.
If you read the posts above: transforming it into a MSOX4024a with all options enabled is not too difficult.
I will do the 500Mhz modification in a month or maybe two and will make photos of all needed steps then and post them here.

[AcepilotNRW]

Can anyone give me a hint how to log in into my scope using telnet?
I am sitting in front of an DSOX3012T
On that scope the Firmware 2017.1026 is allready installed, never the less i prepared the hacked firmware to get all options.
Login into to scope using user infiniivision and pass skywalker1977 is not working, even when i try it more the one time.
Is there a need to flash an old firmeware to the scope to get the login running?
If yes it would be fine if someone will have an old working firmware

Kind regards

[JeffreyLatter]

Can anyone give me a hint how to log in into my scope using telnet?
I am sitting in front of an DSOX3012T
On that scope the Firmware 2017.1026 is allready installed, never the less i prepared the hacked firmware to get all options.
Login into to scope using user infiniivision and pass skywalker1977 is not working, even when i try it more the one time.
Is there a need to flash an old firmeware to the scope to get the login running?
If yes it would be fine if someone will have an old working firmware

Kind regards

Use this script to generate correct password for the 3000T series.

https://repl.it/repls/FrostyUnsungAcrobat

[TheSteve]

I do 
I sold my DSOX3024a and purchased a DSOX4024a instead.
The larger screen (though unfortunately not higher resolution) and the touch (not always, but perfect for dragging or entering numbers/characters) are a really nice improvement over the 3000 series. And I compared it to an R&S RTB2004: the Keysight is way better suited for daily work (easier and quicker to use, more and better functionality, not artificially crippled as the RTB).

Btw, Keysight does have a nice offer of a DSOX4024a including a fresh calibration at the moment: (https://www.ebay.com/itm/183228321094) for approx. 3000 Euro including world wide shipping! This is a really nice deal! And you can make an offer. 10%-15% off is usually no problem at the Keysight store.
If you read the posts above: transforming it into a MSOX4024a with all options enabled is not too difficult.
I will do the 500Mhz modification in a month or maybe two and will make photos of all needed steps then and post them here.

Very nice! If I didn't have a 3000T series already I'd be very interested in that scope.  If you run into any issues with the upgrade you think I can help with let me know. Looking forward to the pictures and results.

[Pinkus]

Btw, Keysight does have a nice offer of a DSOX4024a including a fresh calibration at the moment: (https://www.ebay.com/itm/183228321094) for approx. 3000 Euro including world wide shipping! This is a really nice deal! And you can make an offer. 10%-15% off is usually no problem at the Keysight store.

Was sold just a few hours after I mentioned it, for only 3200 USD = 2700 Euro. What a snatch! Congratulations to the buyer!
Usually you never ever get a 4000 series scope for this price. Well done. To be honest, I thought a moment of buying it myself, keeping it (because of the fresh calibration) and selling my own DSOX4024a with a profit, but my very limited time let me decide against this. (But the little devil  in my head now is nagging me: 'look - it could have been yours')

[maxpayne]

I m sure someone from here bought it after seeing your post !

[TheSteve]

I know who bought it(not me). At the price it sold for I was very tempted as well.
Hopefully we will end up with some good pictures and perhaps some mod info.

[TheSteve]

Well the buyer chickened out so it has been relisted - anyone else interested?

[PA0PBZ]

Well the buyer chickened out so it has been relisted - anyone else interested?

I don't see it?

[TheSteve]

Well the buyer chickened out so it has been relisted - anyone else interested?

I don't see it?

https://www.ebay.com/itm/192545547880

[PA0PBZ]

https://www.ebay.com/itm/192545547880

"This item does not ship to Netherlands " 
That's why it didn't show up for me.

[TheSteve]

https://www.ebay.com/itm/192545547880

"This item does not ship to Netherlands " 
That's why it didn't show up for me.

That is a shame. I still want it too, but then I'd have to sell my 3000t series.

[KrudyZ]

What does it really add over the 3000T, though?

[TheSteve]

What does it really add over the 3000T, though?

Bigger screen, builtin VGA and network, second waveform gen and 10 MHz ref in. Nothing I really need, the bigger screen is always nice of course. I'd just like to mod another scope and it would be fun to livestream the entire process.

[KrudyZ]

What does it really add over the 3000T, though?

Bigger screen, builtin VGA and network, second waveform gen and 10 MHz ref in. Nothing I really need, the bigger screen is always nice of course. I'd just like to mod another scope and it would be fun to livestream the entire process.

Well, if it's just for fun, then by all means get it!