Author Topic: Hack of Sigllent spectrum analyzer ssa3021X?  (Read 407755 times)

bkmit and 2 Guests are viewing this topic.

Offline PartialDischarge

  • Super Contributor
  • ***
  • Posts: 1611
  • Country: 00
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #50 on: July 04, 2016, 08:47:02 pm »
root password is "ding1234"  8)
Kudos to you!
 

Online TurboTom

  • Super Contributor
  • ***
  • Posts: 1388
  • Country: de
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #51 on: July 05, 2016, 06:21:37 am »
root password is "ding1234"  8)
Kudos to you!

Actually I don't deserve the merits but rather janekivi who provided the relavant information in this post: https://www.eevblog.com/forum/testgear/hack-of-sigllent-spectrum-analyzer-ssa3021x/msg969909/#msg969909

Cheers,
Tom
 

Online TurboTom

  • Super Contributor
  • ***
  • Posts: 1388
  • Country: de
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #52 on: July 05, 2016, 07:31:59 pm »
Today I had a little time to play around in the files system of the analyzer, but so far I wasn't able to identify the file that configures the device as a 3021 or a 3032.

Yet, there's an interesting directory "/usr/bin/siglent/firmdata0/" that contains a file "fun_opt_valid_config.xml". This file defines the evaluation period of the add-on options. They can easily be adjusted to higher values (first the corresponding partition has to be re-mounted read-write, then the file can be edited). Deleting the file will cause a new one to be generated during the next bootup with the standard 48 hours test period reenabled.

There's one more funny file in this directory which (almost...) caused me some headaches, named "monster.txt ". This file is seven bytes long and just contains the phrase "hack!!!" The file only appears after the analyzer date had been set to 1st January 1970 and hence the software restriction circumvented. It's important to notice that there's a space behind the extension "txt" and so the name cannot be entered on the console. Wildcards etc. have to be used to access it. If an analyzer that had been used in "Werewolf Mode"  ;) has to be returned for repair and the file system is still accessible, it's probably a good idea to delete this file (after resetting the date to something "reasonable" of course).

There's another "monster.txt" that just contains the phrase "NULL" in "/usr/bin/siglent/usr" but this doesn't appear to be an indicator of any "tampering" it seems. It also doesn't have the added "space" behind the file name, so it's accessible without any tricks.

It's quite funny that during bootup, regardless of the device model, always calibration data for the whole 3.2GHz range are loaded.

Anybody else poking around in the analyzer?
« Last Edit: July 05, 2016, 07:42:10 pm by TurboTom »
 
The following users thanked this post: kado, TrAndy

Offline cio74

  • Regular Contributor
  • *
  • Posts: 173
  • Country: gb
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #53 on: July 05, 2016, 07:51:47 pm »
I know you'll be surprised but some of us are actually considering buying the options we need.


 

Offline nctnico

  • Super Contributor
  • ***
  • Posts: 26751
  • Country: nl
    • NCT Developments
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #54 on: July 05, 2016, 08:35:44 pm »
There's one more funny file in this directory which (almost...) caused me some headaches, named "monster.txt ". This file is seven bytes long and just contains the phrase "hack!!!" The file only appears after the analyzer date had been set to 1st January 1970 and hence the software restriction circumvented. It's important to notice that there's a space behind the extension "txt" and so the name cannot be entered on the console.
You can enter the name on the console by putting the filename between "".
There are small lies, big lies and then there is what is on the screen of your oscilloscope.
 
The following users thanked this post: TurboTom

Offline phs

  • Contributor
  • Posts: 26
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #55 on: July 30, 2016, 01:36:23 am »
FYI:

Recently received SSA 3021X -w- TG option
SW1    100.01.02.07.06
HW     07.03.00
Cal date: early July

Can telnet/log in as root via LAN.  Tried changing date/time:

# date -u 010100001970

Date/time is successfully updated, and it can be verified on the unit LCD.  System Info/Option: All options stay the same, showing just TG Permanent.

Power-cycle unit (did reboot from CLI) and date reverts to current date, options not changed.

Change date successfully to epoch via System/Data & Time on unit keypad.  All options stay the same.  Reboot.  Date stays @ epoch, options still unchanged.

That was all with firmware that was originally installed on the unit when received, v6.  Installed the v5 firmware Tautech linked to, and repeated all of the above.  Still no werewolf to be found, boo hoo...

Conclusion:  The version 6 firmware, or having an option pre-installed, like the TG, operator error, or some other issue prevents this unit from entering "werewolf mode".

Or, maybe they changed the v5 firmware?  I noticed in one of the pics from the post from Deuze that the firmware version was "100.01.02.07.05.h".  My version 5 shows "100.01.02.07.05".  Deuze's HW version is also different than this one, but all else looks the same.

Anyway, just wanted to let folks know, in case this may affect their purchase decision, or these additional data points are helpful in general.

Unfortunately, I'm just a low-life lurker who has way more projects than I can handle right now.  However, if I discover anything more interesting, I will absolutely let you folks know.  Love the characters on these forums, by the way, and best of luck to all!
 

Offline tautech

  • Super Contributor
  • ***
  • Posts: 28136
  • Country: nz
  • Taupaki Technologies Ltd. Siglent Distributor NZ.
    • Taupaki Technologies Ltd.
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #56 on: July 30, 2016, 01:40:53 am »
Can we have an update as to which FW versions have been used to enable "werewolf" (3.2 GHz) mode?

Anybody want to write an upgrading  "For Dummies" guide?
Avid Rabid Hobbyist
Siglent Youtube channel: https://www.youtube.com/@SiglentVideo/videos
 

Offline PartialDischarge

  • Super Contributor
  • ***
  • Posts: 1611
  • Country: 00
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #57 on: July 30, 2016, 05:46:05 am »
phs, what about editing the fun_opt_valid_config file that TurboTom mentioned above?
 

Offline phs

  • Contributor
  • Posts: 26
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #58 on: July 30, 2016, 01:43:59 pm »
Hi MasterTech,

At this point I trust that editing fun_opt_valid_config.xml works, but I'm hoping there is a better solution.

Edit to clarify sentence...
« Last Edit: July 30, 2016, 01:45:56 pm by phs »
 

Offline peterdb

  • Contributor
  • Posts: 12
  • Country: nl
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #59 on: August 05, 2016, 11:04:17 am »
Can we have an update as to which FW versions have been used to enable "werewolf" (3.2 GHz) mode?

Anybody want to write an upgrading  "For Dummies" guide?

Hacking the SSA3021x for experienced dummies.

Login to the machine using telnet or a direct serial connection all described earlier in this thread.

Optionally plugin an USB stick in the system for securing backups from the system.
It will be automatically mounted at /usr/bin/siglent/usr/mass_storage/U-disk0

the “mount” command shows you what’s mounted where and if it’s in rw or ro mode.

make a backup of the relevant folders in the /usr/bin/siglant folder in case you break anything.
example:
cp -R /usr/bin/siglent/usr/backup /usr/bin/siglent/usr/mass_storage/U-disk0/SSA3021x_backup
cp -R /usr/bin/siglent/firmdata0 /usr/bin/siglent/usr/mass_storage/U-disk0/SSA3021x_firmdata0

If you feel comfortable it’s time to start hacking.

Stop your analyser with this command.
killall ecomb
Your spectrum analyser display will go into freeze and stop operating, but don't worry it’s computer is still running.

Killing is necessary because the spectrum analyser is monitoring the /usr/bin/siglent/firmdata0 folder and we want to play with the contents of this folder, and it’s using almost all the cpu time, so your console becomes more responsive as a bonus.

now remount the firmdata0 folder in rw mode with this command.

mount -o remount,rw /usr/bin/siglent/firmdata0

now edit the system info file with “vi”
vi /usr/bin/siglent/firmdata0/NSP_system_info.xml

change the licence node into this:

<license><_3032>TRUE</_3032><_3030>FALSE</_3030><_3021>FALSE</_3021><_tTG>TRUE</_tTG><_tEMI>TRUE</_tEMI><_tMeas>TRUE</_tMeas><_tCAT>TRUE</_tCAT><_TG>TRUE</_TG><_EMI>TRUE</_EMI><_Meas>TRUE</_Meas><_CAT>TRUE</_CAT></license></system_information>

Notice that temporally licences have a lower case “t” in front of them.
To make them permanent just add them at the end without the “t” as shown above.

now use the “sync” command to write all data to disk.

now remount the firmdata0 folder in ro mode with this command.

mount -o remount,ro /usr/bin/siglent/firmdata0

It’s now time to start the analyser again with this command:
/usr/bin/siglent/ecomb &

The analyser starts logging to the console.
The hack is complete and all options should be permanent and you have 3.2 GHz bandwidth.

you should now give the "reboot" command to reboot the machine.
There is still one little thing you need to take care of.
Wipe the user data because it was stored when the machine thought is was a SSA3021x where it’s now a 3022x, and this results in errors in the logs because the XML isn’t compatible.
Goto: System —> Pwr On/Preset —> Reset & Clear to remove all previously local stored user data.

That was easy, actually a little bit to easy as I might say.
« Last Edit: August 05, 2016, 11:20:00 am by peterdb »
 
The following users thanked this post: ebclr, kado, klaus11, bitseeker, zitt, JaspaJami, TrAndy

Offline kado

  • Regular Contributor
  • *
  • Posts: 51
  • Country: de
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #60 on: August 05, 2016, 02:33:43 pm »
@peterdb
thanks a lot for your guide.
Since i am not very familiar with linux, vi and telnet i have some questions:

what fw version have you edited? 7.05 or 7.07
is the "sync" a vi command or linux? Type in sync on linux promt without any parameter?
what does sync do?

In vi after editing is finished i have to :wq! for write and quit is that correct?

Thanks for help
Karsten
« Last Edit: August 05, 2016, 02:36:02 pm by kado »
 

Offline nctnico

  • Super Contributor
  • ***
  • Posts: 26751
  • Country: nl
    • NCT Developments
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #61 on: August 05, 2016, 02:51:01 pm »
sync is a Linux command and it doesn't need parameters. When it comes to vi you better read a tutorial first: http://www.howtogeek.com/102468/a-beginners-guide-to-editing-text-files-with-vi/
I have used vi in the past but had a skilled operator sitting behind the keyboard and I told him the changes I wanted. He insisted we should use vi for a complex text editing job ^-^
There are small lies, big lies and then there is what is on the screen of your oscilloscope.
 

Offline peterdb

  • Contributor
  • Posts: 12
  • Country: nl
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #62 on: August 05, 2016, 02:53:04 pm »
@Kado

I used fw version 7.07 but it would surprise me if this doesn’t work with 7.05

sync is a linux command that writes all data that is currently somewhere in the cache to disk so you can remount the volume without loosing data, but not using the command will probably work as well.

sync works without any parameters.

vi is ended with the :wq! command, and if your lost somewhere jou can always abort with :q!
No data will be saved and you can try to edit again.

Once your in vi you can navigate to the part you want to edit with your cursors and then press i to enter edit mode.
pressing escape leaves the edit mode.

If you want to delete a character move your cursor over it and press x when not in edit mode of course.

 

Offline kado

  • Regular Contributor
  • *
  • Posts: 51
  • Country: de
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #63 on: August 05, 2016, 03:01:25 pm »
@nico and peter

thank you both for your advice.
Will read the vi tutorial first, then give it a try on my machine.
Karsten
« Last Edit: August 05, 2016, 03:05:02 pm by kado »
 

Offline peterdb

  • Contributor
  • Posts: 12
  • Country: nl
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #64 on: August 05, 2016, 03:09:46 pm »
If you want to practice on a similar OS as the spectrum analyser try the virtual BusyBox
https://busybox.net/live_bbox/live_bbox.html

The spectrum analyser OS is based on this BusyBox distribution, so you can practice al your commands.
 
The following users thanked this post: TrAndy

Offline kado

  • Regular Contributor
  • *
  • Posts: 51
  • Country: de
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #65 on: August 05, 2016, 05:23:38 pm »
@ all

peters guide is working !!! Could upgrade with success, but lost SN  :-\

BTW: if you are gone in FW 07.05 into "Werewolf Mode" you should remove the file "monster.txt " which TurboTom mentioned in this thread because if this file is present the actual FW showed in SYS Info has an .h appended. (h = hack !?)

So now have 3.2 GHz and all Options Sta: ON and Valid: Permanent, but SN now 0123456789 !!!

Karsten
 

Offline peterdb

  • Contributor
  • Posts: 12
  • Country: nl
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #66 on: August 05, 2016, 05:39:39 pm »
Strange, I did not loose my SN during the procedure.

But no worries, the SN is stored in the same file you had to edit to get it working, so just repeat the procedure, but now re-enter the original serial number.

You made a backup I hope to retrieve the original serial?

Peter
 

Offline kado

  • Regular Contributor
  • *
  • Posts: 51
  • Country: de
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #67 on: August 05, 2016, 05:51:20 pm »
Ohh O.K. you dont lost your SN, let see what i have made wrong!?

FYI: i also lost the original Host ID, so have to put in a new IP-Adress after reboot! (DHCP active)
I have edited the file with the vi, not copy anything from your text. Maybe any typos...
I will try to edit the SN in the NSP_system_info.xml file.

Again thanks for your help
Karsten
 

Offline kado

  • Regular Contributor
  • *
  • Posts: 51
  • Country: de
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #68 on: August 05, 2016, 06:11:59 pm »
think anything is going wrong:

after reboot and new telnet session the file dont contend the lincence node i has edited and has only 237 bytes:
-rw-r--r--    1 root     root           237 Aug  5 19:04 NSP_system_info.xml

root@am335x-evm:/usr/bin/siglent/firmdata0# cat NSP_system_info.xml
<?xml version="1.0" encoding="UTF-8"?>
<nsp_system_info_root>
  <device>
    <system_information>
      <serial_number>
        <chip>0123456789</chip>
      </serial_number>
    </system_information>
  </device>
</nsp_system_info_root>
This is looking without mounting filesystem to rw.
Karsten
 

Offline peterdb

  • Contributor
  • Posts: 12
  • Country: nl
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #69 on: August 05, 2016, 06:33:17 pm »
this is what the file should look like:

<?xml version="1.0" encoding="UTF-8"?>
<nsp_system_info_root>
  <device>
    <system_information>
      <serial_number>
        <chip>0000000000000</chip>
      </serial_number>
    <license><_3032>TRUE</_3032><_3030>FALSE</_3030><_3021>FALSE</_3021><_tTG>TRUE</_tTG><_tEMI>TRUE</_tEMI><_tMeas>TRUE</_tMeas><_tCAT>TRUE</_tCAT><_TG>TRUE</_TG><_EMI>TRUE</_EMI><_Meas>TRUE</_Meas><_CAT>TRUE</_CAT></license></system_information>
  </device>
</nsp_system_info_root>

I made my <chip>00000000000</chip> zero only for the post.

Are you sure you stopped the analyser with the “killall ecomb” command prior to mounting the filesystem in rw mode.

Did the analyser go into freeze?
The analyser must be stopped before you continue with remounting the file system.
the ecomb process is also the process that makes the monster.txt file and acts as a watchdog, so it may not run during editing.

after you edited the file make sure you remount the system in ro mode
check with the mount command that firmdata0 is really in read-only mode
before you start the analyser with the /usr/bin/siglent/ecomb & command.

dont forget the & sign.
It runs the analyser in the background.

Once the analyser is running give the reboot command, and then it will make a backup of the system_info file in a regular way.

also make sure there are no other files in the firmdata0 folder then these:
NSP_system_info.xml
NSP_trends_config_info.xml
calib
fun_opt_valid_config.xml
 

Offline peterdb

  • Contributor
  • Posts: 12
  • Country: nl
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #70 on: August 05, 2016, 06:47:31 pm »
another way of fixing this is to edit the NSP_system_info.xml in the backup folder in here:

/usr/bin/siglent/usr/backup

then delete the NSP_system_info.xml in the firmdata0 folder bij the procedure where you stop the analyser with the kill command and remount the firmdata0 in rw mode.
after the file is deleted and you gave the sync command unplug the power.

After powering up the earlier edited backup file will be restored.

But only use this as a last resort.
« Last Edit: August 05, 2016, 06:49:05 pm by peterdb »
 

Online TurboTom

  • Super Contributor
  • ***
  • Posts: 1388
  • Country: de
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #71 on: August 05, 2016, 06:55:05 pm »
Okay, since it's now public anyway, please see the attached method that I figured out. The good news is that also the 1HZ RBW is now working even though it's quite slow (but for obvious reasons).

Cheers,
Thomas

P.S.: I found out that in order to make the instrument more responsive during the telnet session, it's not necessary to kill any application but to just open the "System -> System Info" screen.


Edit: Updated Attachment -- This modified version of the patch instructions will work up to firmware 7.07, will not activate the 1Hz and 3MHz RBW options but is compatible with the firmware update to the new 8.01 version without losing the "liberated" options. Apply it before updating the firmware, even if you used the "old" patch before!
« Last Edit: November 13, 2016, 12:01:43 am by TurboTom »
 
The following users thanked this post: videobruce, kado, klaus11, MF-jockey, bitseeker, dk5ya, TrAndy

Offline peterdb

  • Contributor
  • Posts: 12
  • Country: nl
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #72 on: August 05, 2016, 07:28:29 pm »
Compliments Thomas,

This is defiantly a more safer way of doing it and it could also help Karsten to fix his problem.
Consider implementing my hack for obtaining a permanent licence this could be a winner.

Cheers,

Peter
 

Offline kado

  • Regular Contributor
  • *
  • Posts: 51
  • Country: de
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #73 on: August 05, 2016, 07:31:48 pm »
@peter and tom

i have edited the NSP_system_info.xml fully new by hand with vi! After mount ro and start ecomb & and reboot i got my SN back  :-+
All Options stay ON  :-+

Should i test anything before power off / on 230V again?

Greetings
Karsten
 

Offline kado

  • Regular Contributor
  • *
  • Posts: 51
  • Country: de
Re: Hack of Sigllent spectrum analyzer ssa3021X?
« Reply #74 on: August 05, 2016, 07:33:44 pm »
@tom

where are the differences between your guide and peters ?
should i make it again by your guide?

Karsten
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf