Author Topic: Hack of Sigllent spectrum analyzer ssa3021X?  (Read 105205 times)

0 Members and 2 Guests are viewing this topic.

Online Bicurico

  • Frequent Contributor
  • **
  • Posts: 538
  • Country: pt
    • VMA's Satellite Blog
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #125 on: November 11, 2016, 08:47:14 AM »
I know that, but when I purchased mine, I did my research and concluded that the current state of the firmware was good enough for me. I don't really care about PNG file format and I prefer to use a noise source over the TG for my applications.

Also, I doubt you get new FW for older units and they certainly have bugs, too.

But of course you are right: I might end up in a situation where I have to decide between keeping the hacked options or getting the new options from a newer FW. However, in that case I still have the option to purchase the missing keys, like the one for advanced measurements.

Also, knowing that the hardware is there and it is just software-locked gives the hope one might end up hacking it again... Still better, than having different hardware between models.

And I guess my unit just got more valuable over night! lol

Regards,
Vitor
 

Offline bozidarms

  • Regular Contributor
  • *
  • Posts: 94
  • Country: ch
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #126 on: November 12, 2016, 01:04:51 AM »
Hi to all,

despite the momentary situation, SSA3000X is and stay one marvelous instrument,
with price (and given possibilities for that price) unattainable from every other manufacturer.

I hope that Siglent is wise enough,  to make right decision. :D

Regards
 

Offline videobruce

  • Frequent Contributor
  • **
  • Posts: 349
  • Country: us
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #127 on: November 12, 2016, 02:40:44 AM »
I contacted a dealer via e-mail if he had existing stock and received this reply;
Quote
Thank you for your interest in our unit.
Currently, we sold all our stock. The new stock will be available as of next Friday Nov 18th.
We are currently running a 5% discount on Siglent units, if you are interested in moving ahead with this analyzer, please send us your email and we will forward the update price.
I called another dealer and was told (not surprisingly) that they don't 'stock' these, they come from Siglent (which seems very typical for all of these T&M dealers).

Interesting about the date of availability.  ;)
 

Online Bicurico

  • Frequent Contributor
  • **
  • Posts: 538
  • Country: pt
    • VMA's Satellite Blog
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #128 on: November 12, 2016, 03:28:32 AM »
That was the same with me. When I purchased the device it said "IN STOCK", yet the device had to come from China to EU first and only then was shipped to me.

The truth is, that it kind of makes sense. A SSA is not a mass consumer product and I imagine there are not that many being sold. So it would not make much sense for a small to medium distributor to actually stock them, when the retail price is almost 1500 Euro!

If you place yourself in the distributor role, you would do exactly the same or close business very quickly.

And again: Even without any hack - the Siglent SSA3021X is a fantastic product at this price and there is no other option in this class. You get a full 9kHz to 2.1GHz sweep spectrum analyzer at 1449 Euro. End of story.

Regards,
Vitor
 

Offline DL4RAJ

  • Contributor
  • Posts: 28
  • Country: de
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #129 on: November 12, 2016, 04:04:47 AM »
(actually there is one, that seems moderatly interesting - http://www.ebay.de/itm/Advantest-U3641N-Spectrum-Analyzer-9kHz-3GHz-/262392475296).
Regards,
Vitor

Moderately interesting,that's true.
It has a 75Ohm input and no TG.

Unless you need some huge frequency range, where a new unit would literally cost a 5 digit number and you could get a second hand one for a 4 digit number, I would steer away from them. Too complex, too difficult to repair, too difficult to get spare parts.

In my opinion, the Siglent SSA3021X is great value and let's be honest: even without hacking it, it is a spectacular device for its price range

I agree with you on this.

Regards
 

Offline rf-loop

  • Super Contributor
  • ***
  • Posts: 2502
  • Country: fi
  • Starting with DLL21
If practice and theory is not equal it tells that used application of theory  is wrong or the theory itself is wrong.
It is much easier to think an apple fall to the ground than to think that the earth and the apple will begin to move toward each other and collide.
 

Offline janekivi

  • Frequent Contributor
  • **
  • Posts: 266
  • Country: ee
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #131 on: November 12, 2016, 05:51:27 AM »
You already had funeral ceremony ... ?
OK, but christmas already here, I'm back from work and had time to sit down.
After scrolling this file up and down quickly and slowly, my eyes... did start shutting down.
But in some state I saw this code in this nsp_data_b file.
Code: [Select]
<?xml version="1.0" encoding="UTF-8"?>?<sn_backup_root>?  <factory>TRUE</factory>?  <pro_mode>TRUE</pro_mode>?</sn_backup_root>?
 

Online Bicurico

  • Frequent Contributor
  • **
  • Posts: 538
  • Country: pt
    • VMA's Satellite Blog
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #132 on: November 12, 2016, 05:55:13 AM »
No funeral ceremony!

The games have just started!  :)

Regards
 

Offline DL4RAJ

  • Contributor
  • Posts: 28
  • Country: de
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #133 on: November 12, 2016, 08:04:18 AM »
The new firmware offers some appealing features (except #5):
1. Add “PNG“ file type for screenshot.
2. Support TG in RBW less than 30 kHz.
3. Modify default TG output power, -20 dBm in spectrum analyzer mode and 0 dBm in reflection measure mode, and some other TG issues.
4. Updating the format of “LIM“ file. After this firmware , the old limit files will not be supported. You can re?????? them through “EasySpectrum” free software easily.
5. After this firmware, do not support downgrade operation.

Particularly #2 seems most interesting because it lowers the noise floor when using TG and thus
extends dynamic range of measurements of highly selective filters,see
http://www.eevblog.com/forum/testgear/hack-of-sigllent-spectrum-analyzer-ssa3021x/?action=dlattach;attach=268127;image

Regards
 

Offline tautech

  • Super Contributor
  • ***
  • Posts: 10288
  • Country: nz
    • Taupaki Technologies Ltd.
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #134 on: November 12, 2016, 08:20:45 AM »
Another remaining and very concerning issue with P08.01 FW is that the remaining Option trial times vanish.  :rant:  :wtf:

I have just sent a stern email to Siglent about this.

My advice is DO NOT install P08.01 FW at this time.
Avid Rabid Hobbyist & NZ Siglent Distributor
 

Offline tautech

  • Super Contributor
  • ***
  • Posts: 10288
  • Country: nz
    • Taupaki Technologies Ltd.
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #135 on: November 12, 2016, 07:31:50 PM »
I contacted a dealer via e-mail if he had existing stock and received this reply;
Quote
Thank you for your interest in our unit.
Currently, we sold all our stock. The new stock will be available as of next Friday Nov 18th.
We are currently running a 5% discount on Siglent units, if you are interested in moving ahead with this analyzer, please send us your email and we will forward the update price.
I called another dealer and was told (not surprisingly) that they don't 'stock' these, they come from Siglent (which seems very typical for all of these T&M dealers).

Interesting about the date of availability.  ;)
AFAIK all USA stock is held in Ohio at the Siglent US subsidiary and if they're out of stock then only "on hand" dealer stock will be available.
Did you try Saelig ?
http://www.eevblog.com/forum/testgear/equipment-discounts-from-saelig/

Avid Rabid Hobbyist & NZ Siglent Distributor
 

Offline rf-loop

  • Super Contributor
  • ***
  • Posts: 2502
  • Country: fi
  • Starting with DLL21
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #136 on: November 13, 2016, 07:18:45 PM »
This quoted is last message (now) in SSA3000X thread. (I will quote all after last FW 8.01 things from there to here. This thread is right place for SSA mods....

So please wait

from http://www.eevblog.com/forum/testgear/siglent-ssa3000x-spectrum-analyzers/
Quote from: SSA3000 thread


*** These posts should really be moved to the "Hack of Sigllent spectrum analyzer ssa3021X?" @thread... Can some MOD do this, please? ***

Regards,
Vitor

Lets hope all "how to try hack or how to hack" etc is important to move to this thread:

http://www.eevblog.com/forum/testgear/hack-of-sigllent-spectrum-analyzer-ssa3021x/

It looks like moderators are not interested about this.

The situation in which all messed up should be avoided.

Without MOD help it is possible also to other way. Some people can make one message where is quoted all this kind of messages. The chronology is also an important.

But, still I think that doing it now is better than later. After then there is small chronology mess with hack thread messages. But if do not it now, later it is perhaps more hard.

What is good point to start quote and copy to hack thread. I recommend that starting from first message about new 8.01FW.

I will do it starting from message 502 in this thread by tautech. Even when it confflict time order in hack thread.

I will do it but please do not send new messages to this or hack tread until done.
Later after done, please post all hack related messages to hack thread, only.   (use and test results wwith hacked or factory condition SSA of course to what ever thread.

So, please do not send new message until done!
« Last Edit: November 13, 2016, 08:25:24 PM by rf-loop »
If practice and theory is not equal it tells that used application of theory  is wrong or the theory itself is wrong.
It is much easier to think an apple fall to the ground than to think that the earth and the apple will begin to move toward each other and collide.
 

Offline rf-loop

  • Super Contributor
  • ***
  • Posts: 2502
  • Country: fi
  • Starting with DLL21
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #137 on: November 13, 2016, 08:24:39 PM »
New FW for the SSA3kX
http://www.siglentamerica.com/USA_website_2014/Firmware&Software/firmware/SSA3000X-P08.01.rar
P08.01
7.2 Mb

From the changelog:
1. Add “PNG“ file type for screenshot.
2. Support TG in RBW less than 30 kHz.
3. Modify default TG output power, -20 dBm in spectrum analyzer mode and 0 dBm in reflection measure mode, and some other TG issues.
4. Updating the format of “LIM“ file. After this firmware , the old limit files will not be supported. You can re?????? them through “EasySpectrum” free software easily.
5. After this firmware, do not support downgrade operation.

Warning: A quick check revealed to me that the root password has changed!

Because you cannot downgrade the firmware, you would be stuck at the moment!

Regards,
Vitor

And the liberated options are also gone.

So BEWARE!

My quick check shows exactly the same files in \passwd folder
so nothing changed there...


You are right.  :palm:

Both passwd and shadow are the same, at least for root.

I must have gotten stressed, as I was lecturing while doing the anlysis through RDP.

Sorry.

Regards,
Vitor


To make up for my mistake, here is a Windows tool that will convert an *.ADS file into a *.ZIP file.

It will open with 7Zip, but the resulting ZIP is not free of errors. Most can be extracted, though.

All credits go to janekivi for his brilliant insights, which he shared.

Have fun.

Regards


http://www.eevblog.com/forum/testgear/siglent-ssa3000x-spectrum-analyzers/?action=dlattach;attach=269048


And the liberated options are also gone.

So BEWARE!

Have you tried activating them again through TELNET?

It kind of makes sense for Siglent to replace the edited license file with a new one, as offical customers will have the activation code to reactivate everything.

I wonder if they only reset the evaluation time settings or the actual activation settings: the hacks described in the other thread point to two different ways of doing the hack. One way is to change the eval period to infinite, the other consists in setting the option as activated.

Regards


Have you tried activating them again through TELNET?

Yes.
Seems to be a completely different method now.

There is a new file w/ entered license keys.
The liberation method described above doesn't work anymore.

Cheers


Sorry to hear that.

Probably the application executable checks the signature of the authorised options. Without the key, nothing can be done, which is why they didn't even bother to replace the root password.

I would say that Siglent spectrum analyzers are locked again and probably for good.

Regard


Two things I noticed after upgrading from P07.07 (100.01.02.07.07) to P08.01 (01.02.08.01)

I had enabled all options and changed the model from SSA3021X to SSA3032X prior to the upgrade.
After the upgrade all options were lost but the model stayed with SSA3032X. In addition the newly created NSP_sn_bandwidth.xml has been appended with a license key for 3032.

Firmware downgrade is very simple. If you overwite ecomb (5054420 Bytes) with the previous ecomb (5007948 Bytes) from P07.07 all options are back.

ecomb is the main application located at /usr/bin/siglent. In order to replace ecomb you need to temporarily remount the rootfs as rw (read-write).

mount rootfs -o remount,rw
cd /usr/bin/siglent
cp /usr/bin/siglent/usr/mass_storage/U-disk0/ecomb . (in case the downgrade ecomb is located at USB stick)
sync
mount rootfs -o remount,ro
shutdown -r now


Thanks!

For all: The ecomb file can be accessed easily by converting the P07.07 ADS firmware file with the tool I attached a few posts before.

Open the resulting ZIP with 7Zip and extract ecomb.

So this is step 1: downgrade is possible again!

One thought:

If you can just copy ecomb from P07.07 and it works fine with all options back, how about writing a script for /etc to alternate between one ecomb and the other? Like you turn the SSA on and get P08.01. Turn it on again and you get P07.07 and so on. Even better would be some kind of boot menu...

*** These posts should really be moved to the "Hack of Sigllent spectrum analyzer ssa3021X?" @thread... Can some MOD do this, please? ***

Regards,
Vitor


Well, the situation isn't as hopeless as initially assumed: if you use peterdb's method of "liberating" the machine (http://www.eevblog.com/forum/testgear/hack-of-sigllent-spectrum-analyzer-ssa3021x/msg998095/#msg998095) and modify the license node in /usr/bin/siglent/firmdata0/NSP_system_info.xml to look like this:

<license><_3032>TRUE</_3032><_3021>FALSE</_3021><_TG>TRUE</_TG><_EMI>TRUE</_EMI><_Meas>TRUE</_Meas><_CAT>TRUE</_CAT></license></system_information>

and make sure all traces of previous hacking are eliminated -- don't forget to delete the "monster.txt " (not sure if all this is really necessary) and then apply the firmware update, a set of license codes will be generated automatically and the options will stay active (just tried it on my SSA*X).

The new firmware apparently doesn't support 1Hz and 3MHz RBW anymore. Operation with the tracking generator active has been improved, yet when operated in the area that normally is covered in FFT mode, it continues to sweep and gets unbelievably slow. I always thought the Rigol DSA was a dog but if you have to use the Siglent in this high-res TG modes, you'll get a new definition of "slow"! Yet, the results are better than before, the SSA hasn't got a problem to properly measure the parallel resonance of my high-accuracy 1MHz glass-tube crystal. But still, when zooming further into the spectrum, funny artefacts become visible, yet I'ld say the result is now completely usable as it is. Did I tell it's slow?  ;)

So much for now, I may report back once I had more time to play with it.

Cheers,
Thomas


Hi,

Finally got some time...

I upgraded mine and had no problem. All options remain active.

As I thought:

Quote
I wonder if they only reset the evaluation time settings or the actual activation settings: the hacks described in the other thread point to two different ways of doing the hack. One way is to change the eval period to infinite, the other consists in setting the option as activated.

Those who actually activated the option instead of messing with the trial time will have those options with P08.01.

I confirm that the 3MHz RBW is gone. Maximum RBW is 1MHz.

I have not tested the 1Hz RBW, as I did not activate it.

So apparently, Siglent is not being too harsh.  :-+

Regards


There is a new version of the EasySpectrum software, too:

ReleaseDate
2016/11/10 18:04:23
Version: P03.02

Note:
1. Support manually IP connection.
2. Support editing and exporting “Correction” file.
3. Support editing and exporting “Limit” file, and off-line editing.
4. Add scale line to “Spectrum Monitor” mode

Regards



...

So apparently, Siglent is not being too harsh.  :-+

...

True but I guess for those who will purchase the machine with a firmware newer than 7.07, things may look different. Apparently, during the update 7.07 -> 8.01 the encrypted license codes will be generated if the corresponding files are correctly "prepared". During this update, the machine boots twice (at least mine) - would be interesting to know what it's doing there  ;).

And since a "proper" downgrade of the firmware is inhibited now (at least Siglent states this - I believe them and didn't test it), this "easy road" will be closed for future machines. There might be other options, for example if a set of files in the /usr/bin/siglent/firmdata0/ directory of a "liberated" machine gets leaked, it might run as well on a new machine, of course cloning the serial number of the "donor".

Cheers,
Thomas


P.S.  I modifed the attachment in my "patch instructions post" to be compatible with the firmware update (they have to be applied before the performing the update!) -- see here: http://www.eevblog.com/forum/testgear/hack-of-sigllent-spectrum-analyzer-ssa3021x/msg998366/#msg998366


As mentioned before, you can downgrade, copying the P07.07 ecomb file on top of the current one.

This would allow modifying the license file and then copying back the P08.01 ecomb file.

I have not tested this, though.

Regards


These are copy (quote) from SSA3000X thread. All msg including and after tautech message #502.

Please continue all SSA3000X modification messages here. If you guote from these quoted msg do not forget include original member name from quote.

Keep these introductions, test and other discussion in SSA3000X thread.

All modifications related instructions and study to this "hack" thread for avoid mess.



If practice and theory is not equal it tells that used application of theory  is wrong or the theory itself is wrong.
It is much easier to think an apple fall to the ground than to think that the earth and the apple will begin to move toward each other and collide.
 
The following users thanked this post: videobruce, tautech, nugglix

Offline rf-loop

  • Super Contributor
  • ***
  • Posts: 2502
  • Country: fi
  • Starting with DLL21
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #138 on: November 13, 2016, 08:58:33 PM »
Please continue in this thread  all SSA3000X "modifications - hack" and hack study messages to this thread.
If practice and theory is not equal it tells that used application of theory  is wrong or the theory itself is wrong.
It is much easier to think an apple fall to the ground than to think that the earth and the apple will begin to move toward each other and collide.
 

Online TurboTom

  • Frequent Contributor
  • **
  • Posts: 295
  • Country: de
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #139 on: November 13, 2016, 11:37:16 PM »
Thanks @rf-loop for relocating the recent SSA "improvement" posts to the proper thread.

Today I had a good laugh - Siglent made "liberating" the machine after the update even easier for us: Just delete all files (but not! the "calib" directory) from the directories /usr/bin/siglent/firmdata0/ and /usr/bin/siglent/usr/backup/ (of course after backing up to USB pen drive). If you reboot the SSA after this, the serial number will be displayed as "xxxxxxxx" but all options will be enabled along with 1Hz and 3MHz RBW, so nothing lost against firmware 7.07. In case the machine needs to be sold / repaired, the deleted contents can be copied back and everything returns to normal. Probably upon the next F/W update, Siglent will close this hole for good reason, so enjoy it as long as it's available  8).

Cheers,
Thomas

P.S. I also attached a screenshot of a TG scan of my "difficult" crystal that the SSA had problems to analyze with the 7.07 F/W.
 
The following users thanked this post: nugglix, DL4RAJ

Offline nugglix

  • Regular Contributor
  • *
  • Posts: 173
  • Country: de
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #140 on: November 14, 2016, 12:52:26 AM »
Confirmed the joke     :-DD

Thanks for finding that out.
 

Offline bozidarms

  • Regular Contributor
  • *
  • Posts: 94
  • Country: ch
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #141 on: November 14, 2016, 06:54:22 AM »
Turbo Tom -  :-+ :-+ :-+
 

Offline xenonfire

  • Newbie
  • Posts: 3
  • Country: se
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #142 on: November 17, 2016, 05:44:34 AM »
I'm planning to order a new SSA3021X.
Do you guys think that I could hack my machine and get all options ?  :popcorn:
 

Online TurboTom

  • Frequent Contributor
  • **
  • Posts: 295
  • Country: de
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #143 on: November 17, 2016, 06:42:04 AM »
@xenonfire:

for the 8.01 firmware yes, what the future will bring, noone knows.

Cheers,
Thomas
 

Offline DL4RAJ

  • Contributor
  • Posts: 28
  • Country: de
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #144 on: November 21, 2016, 02:02:40 AM »
 

Offline DL4RAJ

  • Contributor
  • Posts: 28
  • Country: de
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #145 on: November 21, 2016, 06:17:45 AM »
To make up for my mistake, here is a Windows tool that will convert an *.ADS file into a *.ZIP file.
It will open with 7Zip, but the resulting ZIP is not free of errors. Most can be extracted, though.
Regards

Here the tool did not work on a W7/64 machine.
The resulting ***ADS.zip file could not be opened or extracted at all with 7Zip .
The error message says just this "...could not be opened as archive..."
What might be the reason?

Regards
 

Online Bicurico

  • Frequent Contributor
  • **
  • Posts: 538
  • Country: pt
    • VMA's Satellite Blog
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #146 on: November 21, 2016, 06:35:06 AM »
The ZIP will be still corrupted, but everything essential is extractable. Check if you are using a recent 7zip version.

Also, this tool only works for firmware files of the SSA3921X.

Regards,
Vitor
 

Offline DL4RAJ

  • Contributor
  • Posts: 28
  • Country: de
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #147 on: November 21, 2016, 09:18:02 AM »
Check if you are using a recent 7zip version.

Thanks,that did the trick.
I had v9.2,now it's v16.04 and it works.

BTW:Is there a difference between the *genuine* files
NSP_system_info.xml
and
fun_opt_valid_config.xml
of FW 7.07 and FW 8.1?

Regards
 

Offline jobber

  • Contributor
  • Posts: 9
  • Country: ru
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #148 on: November 30, 2016, 08:21:32 AM »
Hey!

Thank you for the awesome hack and instructions. I just successfully unlocked all the features on my SSA with sw 7.07.

Now I wanted to upgradeto firmware v8.01 but it doesn't seem to be working - there is no progress bar and it nothing is happening for almost 20min now. How long should the upgrade process take? Have anyone experienced similar problem?

Edit: I turned off and on the device and tried again. Immediately after pressing upgrade "System upgrade failed" message is displayed and nothing happens.
« Last Edit: November 30, 2016, 08:36:03 AM by jobber »
 

Offline jobber

  • Contributor
  • Posts: 9
  • Country: ru
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #149 on: November 30, 2016, 06:28:41 PM »
I tried to upgrade once again with version 7.07 and after 40% device restarted and never came back from boot screen.  :-[ I see green light flashing inside the housing but nothing is happening. Is there a way to restore it back or will I have to send it back for service?
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf