Author Topic: Lecroy options -=recovery=-  (Read 73329 times)

0 Members and 2 Guests are viewing this topic.

Offline abyrvalgTopic starter

  • Frequent Contributor
  • **
  • Posts: 823
  • Country: es
Lecroy options -=recovery=-
« on: September 29, 2017, 01:10:10 pm »
Combing pastebin.com reveals interesting things sometimes. Like these sources useful in lost Lecroy scope option keys recovery process: https://pastebin.com/tALEEWDZ

Edit: Too shy thread name. This is Lecroy hacking thread actually. The sources are tested to work for fw versions prior to 8.xxx.
Python 2.7.x, PyCrypto
« Last Edit: September 29, 2017, 09:16:39 pm by abyrvalg »
 
The following users thanked this post: Mechatrommer, eliocor, Ivan_Vetrov, analogRF, ArsenioDev

Online eliocor

  • Supporter
  • ****
  • Posts: 519
  • Country: it
    • rhodiatoce
Re: Lecroy options -=recovery=-
« Reply #1 on: October 01, 2017, 01:49:46 am »
Any more details on usage?
 
The following users thanked this post: sprit

Online darkstar49

  • Frequent Contributor
  • **
  • Posts: 309
Re: Lecroy options -=recovery=-
« Reply #2 on: October 01, 2017, 09:27:19 pm »

indeed... relatively cryptic...  probably the typical "it was hard to write, it should be hard to read" syndrome...   ;-)
No, more seriously, seems quite well-written, if you download all pieces, it's pretty self-explanatory...

I'm pretty sure this will make some people in the forum veeeeeerrryyyy happy, and others (including some outside the forum...) veeeeerrrryyyyyy angry !!!    >:D


 

Offline abyrvalgTopic starter

  • Frequent Contributor
  • **
  • Posts: 823
  • Country: es
Re: Lecroy options -=recovery=-
« Reply #3 on: October 01, 2017, 11:34:07 pm »
Remembering Tek’s reaction against similar things I didn’t wanted to make too much noise this time.
Short instructions:
- install Python 2.7.x from python.org
- install VC for Python from here https://www.microsoft.com/en-us/download/details.aspx?id=44266
- install PyCrypto ("pip install pycrypto" in console. Or use any available installer)
- copy all pieces from pastebin to files naming them according to paste names and putting to respective folders
- use gen/validate/list scripts. The optional cfg file some scripts asking for is X-STREAM options.cfg. Either get it from scope or from firmware package. This file contains option bits to names mapping.
 
The following users thanked this post: Mechatrommer, rplabs, Tinu

Online eliocor

  • Supporter
  • ****
  • Posts: 519
  • Country: it
    • rhodiatoce
Re: Lecroy options -=recovery=-
« Reply #4 on: October 02, 2017, 04:11:32 am »
stupid me: I was saving the files with the 'raw' name, instead of using the 'download' option!  :palm:
 

Offline MilkmanCDN

  • Contributor
  • Posts: 38
  • Country: ca
Re: Lecroy options -=recovery=-
« Reply #5 on: December 16, 2017, 07:50:15 pm »
OK.   So I managed to get everything installed, and downloaded the files.    I have the following:

- gen.py.py
- lec_crypto.py.py
- lec_db.py.py
- lec_key.py.py
- list.py.py
- validate.py.py

I do have C:\Python27 in my path and I've copied all these files to a single directory.

Upon running "python list.py.py" at the command prompt, I'm returned with the following error "ImportError: No module named lec.db"

I did use the "Download" option, however I suspect many of these files should be placed in various different locations.   Any clues on these locations?
 

Offline alm

  • Super Contributor
  • ***
  • Posts: 2837
  • Country: 00
Re: Lecroy options -=recovery=-
« Reply #6 on: December 16, 2017, 10:20:38 pm »
Read the filenames on Pastebin more closely. For example, the file you called lec_db.py.py is called lec/db.py according to Pastebin. Try creating a directory 'lec' and moving the file there with the correct name. Same for the other files. If it still does not work, try creating an empty file called '__init__.py' inside the lec directory.
 
The following users thanked this post: Mechatrommer

Offline MilkmanCDN

  • Contributor
  • Posts: 38
  • Country: ca
Re: Lecroy options -=recovery=-
« Reply #7 on: December 17, 2017, 05:32:50 pm »
That did it!    I renamed files accordingly, and no dice.    Adding the __init__.py blank file into the lec directory made it work.

More so, I had upgraded my firmware to v8.1.0.1 some time ago and the list.py does not work with the new options file.   However, I did a search on the scope for an older rev options.cfg file and found it.    Use that instead and generation worked like a champ.   

THANK YOU!!!
 

Offline bson

  • Supporter
  • ****
  • Posts: 2259
  • Country: us
Re: Lecroy options -=recovery=-
« Reply #8 on: December 17, 2017, 08:10:11 pm »
How did you get options.cfg off the scope?
 

Offline MilkmanCDN

  • Contributor
  • Posts: 38
  • Country: ca
Re: Lecroy options -=recovery=-
« Reply #9 on: December 17, 2017, 08:20:57 pm »
I have a WaveRunner 104Mxi-A, which is a Windows XP scope.   The file is actually called "X-STREAM options.cfg", so I looked for "options.cfg" using the windows xp search tool.   

I found "X-STREAM options.cfg" in two places.   One dated from 2010 (the original one) and one dated from 2016 (the regenerated one when I updated the Firmware file).

Once you find the file, copy it to a USB stick with windows file explorer.
« Last Edit: December 17, 2017, 08:46:17 pm by MilkmanCDN »
 

Offline bson

  • Supporter
  • ****
  • Posts: 2259
  • Country: us
Re: Lecroy options -=recovery=-
« Reply #10 on: December 18, 2017, 01:13:08 pm »
My WaveSurfer 3000 is also a Windows scope but does't seem to have a windows desktop accessible.  (It runs WinCE, so no, no desktop.) The firmware updates come in a flash container (.FLA) that is executed by Adobe Flash Lite, which I'm not familiar enough with to know how it's used to package firmware and hence how to unpack it...

Edit: on close inspection it's not FLA, they just use that extension.  It's a custom container that starts with two 16-byte 0 padded text strings identifying LeCroy and the release, and then what I assume to be compressed data.  Not sure why they call it FLA but I assume maybe they have some SWF associated with that extension.  I'll take a look and see if anything in it looks like gzip/lz/zip/stuffit...
« Last Edit: December 18, 2017, 02:30:20 pm by bson »
 

Offline MilkmanCDN

  • Contributor
  • Posts: 38
  • Country: ca
Re: Lecroy options -=recovery=-
« Reply #11 on: December 19, 2017, 10:01:09 pm »
hmmm.   Can't say I'm familiar with the Windows CE scopes; however, I do notice that there's a menu bar on the top.    With the Windows XP scopes, you can select File->Exit and that will close the Lecroy scope application revealing the windows desktop.    If that works for you, then you may be able to poke around a little further.   My options.cfg file was found in C:\Program Files\Lecroy.
 

Online darkstar49

  • Frequent Contributor
  • **
  • Posts: 309
Re: Lecroy options -=recovery=-
« Reply #12 on: December 21, 2017, 08:49:42 pm »
this works with options DB from software version up to 7.9.x.x, anything after that won't work...
options generation scheme remained unchanged, but the encryption of the database with all possible options has changed from version 8 onwards... thus all options that appeared after the release of the very first 8.x.x.x version are unknown...   :-//
 

Online darkstar49

  • Frequent Contributor
  • **
  • Posts: 309
Re: Lecroy options -=recovery=-
« Reply #13 on: December 21, 2017, 08:52:47 pm »
and about the DB, get a decent package manager / unpacker and find the file directly in the installer package if you can't manage to get it from your scope... but be careful not to use options that are unknown to your current software version...
The options DB file is the same, whatever the platform... get a Windows (x86 or x64) installer for simplicity, even if you're using a WS3000 (for example)
« Last Edit: December 21, 2017, 08:58:49 pm by darkstar49 »
 

Offline xemax

  • Contributor
  • Posts: 10
  • Country: de
Re: Lecroy options -=recovery=-
« Reply #14 on: December 22, 2017, 04:59:32 pm »
For WaveRunner LTxxx / WavePro 9xx
https://pastebin.com/GijjVqbQ
« Last Edit: December 22, 2017, 09:51:20 pm by xemax »
 
The following users thanked this post: Mechatrommer, alm, Tinu

Offline bson

  • Supporter
  • ****
  • Posts: 2259
  • Country: us
Re: Lecroy options -=recovery=-
« Reply #15 on: December 22, 2017, 10:48:35 pm »
I can't seem to manage to locate any pre-8 installer.  All I could find is a 7.2 installer, but that predates my scope and doesn't have those options in it.  If anyone should happen to have one for say 7.9...
 

Offline Mr Nutts

  • Regular Contributor
  • *
  • Posts: 142
  • Country: us
Re: Lecroy options -=recovery=-
« Reply #16 on: May 03, 2018, 06:32:13 am »
For WaveRunner LTxxx / WavePro 9xx
https://pastebin.com/GijjVqbQ

Has anyone successfully used this? Because I can't get it to work. I got the python files setup under Linux. Gen.py tells me it expects some arguments, <ScopeID> (self-explanatory), <flags> (this one isn't), and <mask> (is this the option code, ie WP02?). And what are list.py and validate.py for?

Of course it's great that these files exist but whoever wrote it could have put a bit more information as to how to use them into the files.

Would be great if anyone could give me a hand here...
 
The following users thanked this post: Tinu

Offline abyrvalgTopic starter

  • Frequent Contributor
  • **
  • Posts: 823
  • Country: es
Re: Lecroy options -=recovery=-
« Reply #17 on: May 03, 2018, 10:25:35 pm »
Example:
From xemax’s pastebin:
00-00000008   DDM      Disk Drive Measurements
00 is "flags", 00000008 is "mask"
It is possible to combine multiple options with the same flag value to a single key: just OR their masks. So entire xemax’s list can be packed into two keys:
flags 00, mask ffffffff
flags 01, mask 7f

List is for generating the flags-mask list from options.cfg. Validate is for decoding an existing key back to InstrumentID, flags, mask.

Edit: a bonus of using numbers instead of option names: you can generate something even if you don’t have the options mapping. I.e. flags 00 mask ffffffff seems to be a valid combination on all models.
« Last Edit: May 03, 2018, 10:39:48 pm by abyrvalg »
 
The following users thanked this post: Mechatrommer, Tinu

Offline aj4ks

  • Newbie
  • Posts: 2
Re: Lecroy options -=recovery=-
« Reply #18 on: May 04, 2018, 10:56:16 am »
The people who have figured this out before you have kept this private.  As such, the mechanism did not change.  Now it surely will for new machines.  Thanks for ruining it for all.
 

Offline Mr Nutts

  • Regular Contributor
  • *
  • Posts: 142
  • Country: us
Re: Lecroy options -=recovery=-
« Reply #19 on: May 04, 2018, 12:58:01 pm »
Example:
From xemax’s pastebin:
00-00000008   DDM      Disk Drive Measurements
00 is "flags", 00000008 is "mask"

Ok, that makes sense. Thanks a lot!

The people who have figured this out before you have kept this private.  As such, the mechanism did not change.  Now it surely will for new machines.  Thanks for ruining it for all.

Stop whining, it's not ruined for anyone. They can hardly change the key system retroactively for those old non-Windows scopes, and I doubt they care about scopes that had their last software update 15 years ago.

Besides, if you really think they don't know about this then you're deluding yourself. This discussion is one of the first results when googling for "lecroy hacking", so much for your effort of keeping this to yourself   :palm:.

Of course they will change the key system for new scopes at some point, and once these scopes get older and fall into the hands of hobby user they will get hacked, too. It's inevitable.
 
The following users thanked this post: uski

Offline abyrvalgTopic starter

  • Frequent Contributor
  • **
  • Posts: 823
  • Country: es
Re: Lecroy options -=recovery=-
« Reply #20 on: May 04, 2018, 11:08:01 pm »
The people who have figured this out before you have kept this private.  As such, the mechanism did not change.  Now it surely will for new machines.  Thanks for ruining it for all.
What a pity :palm:
 

Online darkstar49

  • Frequent Contributor
  • **
  • Posts: 309
Re: Lecroy options -=recovery=-
« Reply #21 on: May 05, 2018, 03:23:12 am »
The people who have figured this out before you have kept this private.  As such, the mechanism did not change.  Now it surely will for new machines.  Thanks for ruining it for all.

This is the most selfish and ridiculous comment I’ve read since quite a while here...  :palm:

numerous hacks were published on this forum, and many hobbyists took avantage of that... much more people can now enjoy getting more out of their h/w... but indeed, there’s a risk that YOU might loose the « exclusivity » and that the manufacturer will react (for some models, this btw occurred already BEFORE this was published !!)

Furthermore, some people had this knowledge indeed before this thread popped up, but in the very most cases, not because they worked hard to get to that info, but simply because they took advantage of some insider info that leaked quite a while ago... so, yes, indeed, we blew their little secret...
 
The following users thanked this post: uski, analogRF, Mr Nutts

Offline Warranty

  • Newbie
  • Posts: 3
  • Country: de
Re: Lecroy options -=recovery=-
« Reply #22 on: May 11, 2018, 02:14:33 pm »
Seems to work fine.
Is there a way to undo this?

Regards
Warranty
 

Offline Mr Nutts

  • Regular Contributor
  • *
  • Posts: 142
  • Country: us
Re: Lecroy options -=recovery=-
« Reply #23 on: May 11, 2018, 02:23:49 pm »
At least on the non-Windows scopes there doesn't appear to be a way to remove options - or if there is then I haven't found it.
« Last Edit: May 11, 2018, 02:25:34 pm by Mr Nutts »
 

Offline eb4eqa

  • Regular Contributor
  • *
  • Posts: 98
Re: Lecroy options -=recovery=-
« Reply #24 on: May 11, 2018, 10:22:35 pm »
Well, on the non-windows scopes (at least on the LT series) you can actually delete option keys easily via the maintenance menu:

MAINTENANCE MENU
- Exit any menu.
- Press and hold 3rd menu key AUTO SETUP being key 1)
- Press and hold 4th menu key, 3rd still held.
- Press and hold 5th menu key, 3rd and 4th still held.
- Release only 3rd menu key, leave 4th and 5th still held.
- Release all keys
- Press 6th menu key
- * Sometimes if you get the wrong sequence the scope will
  not react to the right one for some time, try
  bringing-up any menu then exiting. (i.e: "Timebase setup"
  key -> "Return" key and retry above 3,4,5 sequence.)


That menus has A LOT of functionality, be careful not to upset something badly...

Roberto EB4EQA
 
The following users thanked this post: Ivan_Vetrov, Tinu


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf