Hack of Sigllent spectrum analyzer ssa3021X?

[yo4hfu]

Good luck! Ask if you have something unclear.

This is my procedure (Microsoft Word .docx file). Nothing new inside, all instructions are according Eevblog forum. It is not my contribution.

73 de Robert

Robert Thanks so much for the great document. It explains it in a way that makes it very easy.
I emailed you because I think that there is one problem.  It does not seem to remove the NSP_np_Bandwidth.xml file.  It just makes a copy with the x added to the end of the name and I end up with the two files in the directory.  This means that nothing changes, the unit operates as it did before the attempt.   The backup folder just has only the X copy in it.

73s

Indeed, you still have old bandwidth file inside of firmdata0 and i don't why... I'm quite sure, similar issue was reported in the past by other eevblog user (LE: #370...#377).
Please check my email reply. There you have the instruction for how to delete "NSP_sn_Bandwidth.xml" located inside of "Firmdata0".

[rf-loop]

Good luck! Ask if you have something unclear.

This is my procedure (Microsoft Word .docx file). Nothing new inside, all instructions are according Eevblog forum. It is not my contribution.

73 de Robert

Robert Thanks so much for the great document. It explains it in a way that makes it very easy.
I emailed you because I think that there is one problem.  It does not seem to remove the NSP_np_Bandwidth.xml file.  It just makes a copy with the x added to the end of the name and I end up with the two files in the directory.  This means that nothing changes, the unit operates as it did before the attempt.   The backup folder just has only the X copy in it.

73s

If you see there
NSP_np_Bandwidth.xml   then something have gone totally wrong,  b and B are not same in real operating systems.

------------

(I give also warning about this microsoft total junk crap story writing program Word.  Who is programmer who even think to use this kind of total junk. There is text handling programs what do not mess anything, like example notepad++  and of course also others. Even windows Notepad is better than this total junk Word for programs (and other things where we need plain text without hidden control character and other messy things what is more like made for artists than programmers.)

Example if I wrongly open this docx  and take copy (copypaste) from this docx  and then paste it here,  after then it is NSP_sn_Bandwidth.xml.

It is also explained original but very old V05 (1) instructions what can find somewhere (even when it have some residues from older times but today we do not meet anymore new SSA's what have been pre installed generation 7 FW and then changed to 8 etc... )


(1) I mean this V05 (clip from start of it):

* Some experimental instructions for SSA30??X
*
* This is ONLY FOR SSA30??X running original FW 1.2.8.1  ( P08.01 )
*
* IF YOUR SYSTEM IS NOT THIS VERSION - EXIT NOW
*
*********************************************************************************
*********************************************************************************
*
*
* Status: Preliminary V0.5
* Author: Li Xiu Ying
* Date:   1888-08-08
*
* This document is best read using fixed spacing fonts, example: Consolas or FixedSys
* If you use Windows, please open this document using example windows Notepad, WordWrap turned OFF.
*
*
* IF you are familiar with UNIX, Kylin, NeoKylin or Linux systems no need read all. You can now jump
* directly to CHAPTER 8. There all is compressed without any boring comments.
*
* After V0.3
*
* V0.4    Removed Chapter 2.
*
* V0.5    Add instructions and notes what to do with some file names
*         which are possibly missing in some SSA's

<clip>

Let's hope some day we get next revised and updated edition!

[yo4hfu]

I'm quite sure it's just a typing mistake here on forum thread.
Dread sent me next snapshot of his SSA Firmdata0 content and both files seem to be OK. He made a new backup in order to check the files...
Of course is more better to check the files using telnet and V05 instructions!

[rf-loop]

And what happen with
NSP_trends_config_info.xml

is it now original or system self made dummy version as it goes in older times.

[Dread]

And what happen with
NSP_trends_config_info.xml

is it now original or system self made dummy version as it goes in older times.

Man you guys are making me nervous.   I have always kind of stayed away from Linux which was a mistake but anyway I know very little about Linux.  I did some reading and was able to navigate to the directory and try to remove the "NSP_sn_bandwidth.xml" located inside of "Firmdata0 using the "rm" command and I got back a message saying it's read only and cannot be deleted.  So I guess it has something to do with the mounting of the file or the directory.  I am not sure how to proceed so I am waiting to see if anyone can help.

Thanks

[Dread]

OK I got it working   I am now at 3.2GHZ with all Lic options now permanent.
I looked back on page 22 of this thread and saw the command for mounting the directory in RW mode.

"mount -o remount,rw /dev/ubi2_0 /usr/bin/siglent/firmdata0"

So now I was able to remove the file.

Should I leave it in R/W mode or should I revert it back to read only?
Also for future users does anybody have any idea why this did not work right the first time and it left behind the file?

Thanks again for all the help guys.

[rf-loop]

And what happen with
NSP_trends_config_info.xml

is it now original or system self made dummy version as it goes in older times.

Man you guys are making me nervous.   I have always kind of stayed away from Linux which was a mistake but anyway I know very little about Linux.  I did some reading and was able to navigate to the directory and try to remove the "NSP_sn_bandwidth.xml" located inside of "Firmdata0 using the "rm" command and I got back a message saying it's read only and cannot be deleted.  So I guess it has something to do with the mounting of the file or the directory.  I am not sure how to proceed so I am waiting to see if anyone can help.

Thanks

I did some reading and was able to navigate to the directory and try to remove the "NSP_sn_bandwidth.xml" located inside of "Firmdata0 using the "rm" command and I got back a message saying it's read only and cannot be deleted.

I will recommend Nintendo. If you guess wrong you can always start a new game without losing anything but perhaps most valued thing what exist - time.
Playing inside  SSA  system is as elephant is in porcelain store.  Nice thing is that system is least even somehow protected.
 

EDit:

Oh now I can see, removed. Why removed? What a heck is idea to remove something.
Rename is your 1st friend.

[Dread]

I will recommend Nintendo. If you guess wrong you can always start a new game without losing anything but perhaps most valued thing what exist - time.
Playing inside  SSA  system is as elephant is in porcelain store.  Nice thing is that system is least even somehow protected.
 

EDit:

Oh now I can see, removed. Why removed? What a heck is idea to remove something.
Rename is your 1st friend.

I had it backed onto the USB stick and now my NAS drives so I think I am safe removing the file.
When I said remove BTW I meant the original and just leave the one that ended with X.

YO4HFU was really a great help with this, he actually had sent me an email to fix the issue but for some reason the email system stripped the attachment.  I found it after I had already fixed the problem.

Your right about playing with Nintendos rather than a SA for the first time out.  I typically proceed very cautiously when I am using a programming languages or OS I am not versed in.  Even if I see a solution by one person I look up the command to make sure the syntax and application are correct before using it.

As for the Analyzer, I am loving it now even more than before.  There is just something about being able to play around with it and not have those dam timers ticking down!  I really wish that companies would start the timer when you are actually using that feature and only on that feature.  It would be better to give me 10 hours of real usage time then 48 hours that starts the moment I power the machine.  Anyway it's great to feel like a bird set free !

Thanks to all that helped, especially YO4HFU and you rf-loop.

[yo4hfu]

Well done Dread!

Something was wrong during your first attempt. Maybe "mount -o remount,rw /dev/ubi2_0 /usr/bin/siglent/firmdata0"  operation was not correctly done and one more file has born by renaming of "NSP_sn_Bandwidth". The solution was to delete "NSP_sn_Bandwidth" and to keep "NSP_sn_Bandwidthx".

Conclusion:
- SSA3021x [SW1: 1.2.9.a; SW2: 20180708-1; SW3: 000000E1; HW:  0C.03.00] can be hacked be renaming only the "NSP_sn_Bandwidth" files.
- Read "V05" txt file in order to be familiar with Linux commands.

Regards,

[nomadd]

Rename is your 1st friend.

Actually..

"cp" is your first friend.
"mv" is your second friend.
"tar" is your best friend.

And "rename"? Crazy foreign talk.

[creas002]

Hi all
  This thread has gotten pretty long over the last 2 years. I read 20ish pages of the 25 and received my new SSA3021 yesterday and profiled a couple of bandpass filters to get familiar with options and functionality/use.

I thought I was ready to mod and familiar with many OS's, so I set out to perform the mod and now telnet connections are refused. Thought I would try telnet/ssl, ssh1 and ssh2 thinking they may have locked down telnet and running an ssh daemon, but no luck.

My device is :

Model SSA3021X

SW1 1.2.9.2.a
SW2 20180708-1
SW3 000000E1
HW  0C.03.00

EMI, AMK and Refl are temporarily enabled for 44 hours remaining and TG permanently enabled

I intended to perform the following:

Part 1 - Backup files

1. Insert USB stick
2. Go in System => System info
3. Establish a telnet session with root/ding1234
4. cp -R /usr/bin/siglent/usr/backup /usr/bin/siglent/usr/mass_storage/U-disk0/SA-backup
5. cp -R /usr/bin/siglent/firmdata0 /usr/bin/siglent/usr/mass_storage/U-disk0/SA-firmdata0
8. sync
9. logout

Part 2 - Perform hack
 
1. Establish a telnet session with root/ding1234
2. mv /usr/bin/siglent/firmdata0/NSP_sn_bandwidth.xml /usr/bin/siglent/firmdata0/NSP_sn_bandwidthx.xml
3. mv /usr/bin/siglent/usr/mass_storage/U-disk0/SA-backup/NSP_sn_bandwidth.xml  /usr/bin/siglent/usr/mass_storage/U-disk0/SA-backup/NSP_sn_bandwidthx.xml
4. sync
5. logout
6. Soft power cycle (power off and power on with button "power")
7. Go in System => Pwr On/Preset => Reset & Clear => Enter
8. Soft power cycle (power off and power on with button "power")

But I mistaking performed the following instead:

Part 1 - Backup files

1. Insert USB stick
2. Go in System => System info
3. Establish a telnet session with root/ding1234
4. cp -R /usr/bin/siglent/usr/backup /usr/bin/siglent/usr/mass_storage/U-disk0/SA-backup
5. cp -R /usr/bin/siglent/firmdata0 /usr/bin/siglent/usr/mass_storage/U-disk0/SA-firmdata0
8. sync
9. Soft power cycle (power off and power on with button "power")  <-- 
10. Go in System => Pwr On/Preset => Reset & Clear => Enter  <-- 
11. Soft power cycle (power off and power on with button "power") <-- 
12. logout

Part 2 - Perform hack
 
1. Establish a telnet session with root/ding1234   <-- Now refusing connections   

Please advise if there is anyway I can undo the damage as I'm not able to telnet in anymore. I wonder if performing a factory reset would resolve issue or trash my license and halt all operations.

SSA is still fully functioning, I’m just unable to telnet in and rename the bandwidth files to perform the mod.

Thank you
Rich

[kahuna0k]

What you did couldn't break anything, make sure that the SSA network connection is enabled and the IP address is still the same .

[creas002]

I checked the IP address and it had change do a different subnet, so I assigned a static IP as I do everything and verified it worked. The refused connection is from the SSA. So it is responding and never prompts for a username.  In my experience with rebooting servers this message it normal when all the services for that run level are still starting and the daemon does not accept new connections until some other dependency is meet. Normally it is another service at that run level that is still starting.

Good idea, but IP address, netmask and gateway are not the cause of the refused connection in my case.

[analogRF]

I checked the IP address and it had change do a different subnet, so I assigned a static IP as I do everything and verified it worked. The refused connection is from the SSA. So it is responding and never prompts for a username.  In my experience with rebooting servers this message it normal when all the services for that run level are still starting and the daemon does not accept new connections until some other dependency is meet. Normally it is another service at that run level that is still starting.

Good idea, but IP address, netmask and gateway are not the cause of the refused connection in my case.

I also don't think you have damaged anything and the reason must be something else. I just didn't figure out how you did "logout" in step 12 after two power cycles?

[creas002]

Good catch, logout was done before 2 power cycles.  I copied intended instructions down and merge the unintended power cycle steps before the logout and should have been pasted after it.

My fear is that the reset/clear removed some key data or file that is needed for all the services to start and allow the telnet to start accepting connections.

[BillB]

I checked the IP address and it had change do a different subnet, so I assigned a static IP as I do everything and verified it worked. The refused connection is from the SSA.

So, the SSA does respond to a ping at the static address you expect?

[creas002]

Yes, it pings instantly

[analogRF]

I checked the IP address and it had change do a different subnet, so I assigned a static IP as I do everything and verified it worked. The refused connection is from the SSA.

So, the SSA does respond to a ping at the static address you expect?

I was just going to ask exactly the same thing!
and does the SA work normally (except the telnet issue)?

[creas002]

Yes, the SSA seems to be in perfect health otherwise. Thank goodness.

Telnet session to SSA gets a response of -->  "The remote system refused the connection."

I’ve scared myself at this point and afraid to try resetting to factory settings

** Update - I decided to try Pwr On/Present/Factory Reset and the only change I can tell is it went back to static IP with a dot 10 class IP assignment. I switched back to DHCP and pings promptly and same telnet "The remote system refused the connection." message.  I did 3 Pwr On/Present/Factory Reset with a power cycle between each thinking it may implement some sort of poor mans registry and swap previous setting back in. Nada, problem has not changed.

[BillB]

Which telnet application?  OS?

[creas002]

Windows 10
SecureCRT 6.7

[MavMitchell]

Use a port scanner to see if the telnet port has changed!

[Bicurico]

Just use putty or even Windows own telnet command.
100% sure you are doing something wrong as you could not have changed root password by mistake.

Regards,
Vitor

[creas002]

Hi Vitor
  Its the little stuff that can get you. I have putty but was so confident in SecureCRT as I've used it for  ~25 years that I thought there is no way. Well guess what, yes way!

Putty worked like a charm and I performed the mod and all options are permanently and it now reports as a SSA3032x with X's for a serial number.

Here is the updated steps:

Model SSA3021X

SW1 1.2.9.2.a
SW2 20180708-1
SW3 000000E1
HW  0C.03.00

Part 1 - Backup files

1. Insert USB stick
2. Go in System => System info
3. Establish a telnet session with root/ding1234
4. cp -R /usr/bin/siglent/usr/backup /usr/bin/siglent/usr/mass_storage/U-disk0/SA-backup
5. cp -R /usr/bin/siglent/firmdata0 /usr/bin/siglent/usr/mass_storage/U-disk0/SA-firmdata0
8. sync
9. logout

Part 2 - Perform hack
 
1. Establish a telnet session with root/ding1234
2. mount -o remount,rw /dev/ubi2_0 /usr/bin/siglent/firmdata0
2. mv /usr/bin/siglent/firmdata0/NSP_sn_bandwidth.xml /usr/bin/siglent/firmdata0/NSP_sn_bandwidthx.xml
3. mv /usr/bin/siglent/usr/backup/NSP_sn_bandwidth.xml  /usr/bin/siglent/usr/backup/NSP_sn_bandwidthx.xml
4. sync
5. logout
6. Soft power cycle (power off and power on with button "power")
7. Go in System => Pwr On/Preset => Reset & Clear => Enter  # Wait for SSA to complete the erase and it will reboot on its on
8. Soft power cycle (power off and power on with button "power")

Regards to all and all the suggestions were very much appreciated

[gorillamotors]

I just ordered a Siglent SSA3021X with 2.1 tracking generator for $948 brand new with free shipping from Amazon. I had to triple check everything to make sure but yes.

Here is the link https://www.amazon.com/Siglent-SSA3021X-Spectrum-Analyzer-9KHz-2-1GHz/dp/B01N6M4UNQ/ref=sr_1_fkmrnull_9?hvadid=316076274941&hvdev=c&hvlocphy=9012068&hvnetw=g&hvpos=1t3&hvqmt=e&hvrand=16359178291538897281&hvtargid=kwd-316747328064&keywords=siglent+ssa3021x&qid=1550356053&s=gateway&sr=8-9-fkmrnull&tag=googhydr-20

Let me know if I screwed up on this.

Jim