Author Topic: Sniffing the Rigol's internal I2C bus  (Read 1091597 times)

0 Members and 2 Guests are viewing this topic.

Offline cybernet

  • Regular Contributor
  • *
  • Posts: 240
  • Country: 00
  • pm deactivated, use the search function ...
Re: Sniffing the Rigol's internal I2C bus
« Reply #475 on: July 21, 2013, 11:38:38 PM »
Just some quick feedback.

I have a DS2072 with a DS2A1517xxxxx serial. I can generate the license key, but the scope does not accept it. I have used "DSAZ" as the option key.

Did you set the private key value in rikey.c?

cybernet, my serial is 13 chars also, DS2A1527XXXXX

guess all of them are 13, but mine is 14, because its been flushed to 0000001 ;-) code has been updated to accept >=13 as serial.
___________________
"all rights reversed :-)"
R0=-0x18;
UNLINK;
RTS;
 

Offline alez

  • Newbie
  • Posts: 2
Re: Sniffing the Rigol's internal I2C bus
« Reply #476 on: July 21, 2013, 11:40:21 PM »
Just some quick feedback.

I have a DS2072 with a DS2A1517xxxxx serial. I can generate the license key, but the scope does not accept it. I have used "DSAZ" as the option key.

use DSA9

That did the trick! Thank you!
 

Offline dmginc

  • Contributor
  • Posts: 6
  • Country: au
Re: Sniffing the Rigol's internal I2C bus
« Reply #477 on: July 21, 2013, 11:47:42 PM »
there is some bug, working in it ... so hold your breath for now ;-)

bug fixed. SERIAL is 14 chars not 13 .. i corrected that - and one word of caution, my SERIAL number has just reverted to DS2A0...1 after playing with FW up/down grades
i give a f*ck - but be carefull ;-)

tested with FW05 and FW02 - works.
as long as you can spot the common.ecs parameters in the firmware (aka riglol.c) it should be fine.

some DS4 user should give it a try and report ;-)

Indeed! Anyone with a DS4xxx willing to try?
« Last Edit: July 21, 2013, 11:50:13 PM by dmginc »
 

Offline jonese

  • Contributor
  • Posts: 21
  • Country: ca
Re: Sniffing the Rigol's internal I2C bus
« Reply #478 on: July 22, 2013, 12:12:18 AM »
Just wondering if the key is uninstallable in case of warranty repair?
 

Offline alank2

  • Super Contributor
  • ***
  • Posts: 1467
Re: Sniffing the Rigol's internal I2C bus
« Reply #479 on: July 22, 2013, 12:16:48 AM »
Just wondering if the key is uninstallable in case of warranty repair?

yes using the uninstall command - note the programming manual is wrong however on its abbreviation:

Works:

:SYSTem:OPTion:UNINSTall

Does Not Work:

:SYST:OPT:UNINST

Probably Works:

:SYST:OPT:UNIN
 

Offline metalphreak

  • Frequent Contributor
  • **
  • Posts: 817
  • Country: au
  • http://d.av.id.au
    • D.av.id.AU
Re: Sniffing the Rigol's internal I2C bus
« Reply #480 on: July 22, 2013, 12:36:45 AM »
Pretty easy to compile :)

mkdir MIRACL
cd MIRACL/
wget https://github.com/CertiVox/MIRACL/archive/master.zip
unzip -j -aa -L master.zip
bash linux (or bash linux64 if running 64bit OS)

Paste the code from cybernet into rikey.c (make sure to add in the private key!)

gcc rikey.c -I ./ miracl.a -o rikey

Took less than 5mins. I'm sure someone will package a windows EXE or you can PM someone who has it already compiled with your serial.

Offline jonese

  • Contributor
  • Posts: 21
  • Country: ca
Re: Sniffing the Rigol's internal I2C bus
« Reply #481 on: July 22, 2013, 12:42:42 AM »
The only problem I had was stub-32.h not being found on my x64 box.  Tried to get the proper devel package installed, but I just reverted to a x32 machine instead.
 

Offline Chet T16

  • Frequent Contributor
  • **
  • Posts: 511
  • Country: ie
    • Retro-Renault
Re: Sniffing the Rigol's internal I2C bus
« Reply #482 on: July 22, 2013, 12:50:44 AM »
Whats the reason for not including the private key?

I got mine working no probs with a virtual machine after giving up on cygwin, thanks to all involved
Chet
www.chet.ie - projects/electronics blog
BSc Engineering Science - Electronics
Studying ME Computer and Electronics
 

Online darrylp

  • Regular Contributor
  • *
  • Posts: 122
  • Country: gb
Re: Re: Sniffing the Rigol's internal I2C bus
« Reply #483 on: July 22, 2013, 12:54:35 AM »
Whats the reason for not including the private key?

I got mine working no probs with a virtual machine after giving up on cygwin, thanks to all involved

Cos then, you've not released anything that is "hacking" the system rigol is using to make money. Ie their key gen. Of course if you ( the individual ) decides to finish the puzzle then Rigol will have to come after you the individual directly. Which of course they won't.

--
 Darryl

« Last Edit: July 22, 2013, 01:06:02 AM by darrylp »
 

Offline metalphreak

  • Frequent Contributor
  • **
  • Posts: 817
  • Country: au
  • http://d.av.id.au
    • D.av.id.AU
Re: Sniffing the Rigol's internal I2C bus
« Reply #484 on: July 22, 2013, 01:33:27 AM »
Whats the reason for not including the private key?

I got mine working no probs with a virtual machine after giving up on cygwin, thanks to all involved

Yeah I managed to get an exe from Cygwin, it "appears" to work but the information it outputs is bogus.

Offline Orange

  • Frequent Contributor
  • **
  • Posts: 259
  • Country: nl
Re: Sniffing the Rigol's internal I2C bus
« Reply #485 on: July 22, 2013, 02:59:51 AM »
Pretty easy to compile :)

mkdir MIRACL
cd MIRACL/
wget https://github.com/CertiVox/MIRACL/archive/master.zip
unzip -j -aa -L master.zip
bash linux (or bash linux64 if running 64bit OS)

Paste the code from cybernet into rikey.c (make sure to add in the private key!)

gcc rikey.c -I ./ miracl.a -o rikey

Took less than 5mins. I'm sure someone will package a windows EXE or you can PM someone who has it already compiled with your serial.

I'm using Linux Mint 15 Cinnamon, 64 bit. I had to install g++ additionally
sudo apt-get install g++

And maybe a missing bits/predefs.h error
sudo apt-get install gcc-multilib

After that I could build the MIRACL package

The rikey application generates a valid license code, very cool work cybernet et al :)
 :-+
« Last Edit: July 22, 2013, 05:19:05 AM by Orange »
 

Offline bmwnomad

  • Contributor
  • Posts: 21
  • Country: us
Re: Sniffing the Rigol's internal I2C bus
« Reply #486 on: July 22, 2013, 03:02:56 AM »
Got it working under cygwin.  Default install, then add the gcc, gcc-g++ and unzip packages.

Don't forget to edit the rikey.c and add the private key in the approprate area.

Follow the instructions in the comments of the rikey.c file.

Thanks,
Steve
 

Offline Carrington

  • Super Contributor
  • ***
  • Posts: 1138
  • Country: es
Re: Sniffing the Rigol's internal I2C bus
« Reply #487 on: July 22, 2013, 03:09:25 AM »
Short summary:


Make the Keygen:

mkdir MIRACL
cd MIRACL/
wget https://github.com/CertiVox/MIRACL/archive/master.zip
unzip -j -aa -L master.zip
bash linux (or bash linux64 if running 64bit OS)

Paste the code from cybernet into rikey.c (make sure to add in the private key!) -> rikey.c code:
http://www.eevblog.com/forum/testgear/sniffing-the-rigol%27s-internal-i2c-bus/msg264876/#msg264876

gcc rikey.c -I ./ miracl.a -o rikey



How to use it?

./rikey <DSA2XXXXXXXXX> <OPTS>

where:
  <DSA2XXXXXXXXX> = S/N of the device.
  <OPTS> = DSAx for official [Permanent Options] or VSAx for trial [Temporary Options].



All Possible Options:

Code table: Use DSAx for a official key, and use VSAx for a trial key.

x  200, 100, Mem, Dec, Trig

A   none
B   ==   ==   ==   ==   on
C   ==   ==   ==   on   ==
D   ==   ==   ==   on   on
E   ==   ==   on   ==   ==
F   ==   ==   on   ==   on
G   ==   ==   on   on   ==
H   ==   ==   on   on   on

Note: keys A..H wont change the model, only ADD an option.

2102:

J   ==   on   ==   ==   ==   
K   ==   on   ==   ==   on
L   ==   on   ==   on   ==
M   ==   on   ==   on   on
N   ==   on   on   ==   ==
P   ==   on   on   ==   on
Q   ==   on   on   on   ==
R   ==   on   on   on   on   <-  All 2102

2202:

S   on   ==   ==   ==   ==   
T   on   ==   ==   ==   on
U   on   ==   ==   on   ==
V   on   ==   ==   on   on
W   on   ==   on   ==   ==
X   on   ==   on   ==   on
Y   on   ==   on   on   ==
Z   on   ==   on   on   on   <-  All 2202

DONT USE BELOW Not recommended, as activates 2102 and also 2202:

2   on   on   ==   ==   ==
3   on   on   ==   ==   on
4   on   on   ==   on   ==
5   on   on   ==   on   on
6   on   on   on   ==   ==
7   on   on   on   ==   on
8   on   on   on   on   ==
9   on   on   on   on   on



How install/unistall keys?

Using a SCPI command via Rigol Ultra Sigma, connect DSO via USB, boot the DSO, start Ultra Sigma, open SCPI Control Panel, and type the following:

:SYSTem:OPTion:INSTall <GeneratedKey>

Then, if you want to get rid of it, enter:

:SYSTem:OPTion:UNINSTall

« Last Edit: July 23, 2013, 07:45:12 AM by Carrington »
My English can be pretty bad, so suggestions are welcome. ;)
Space Weather.
Lightning & Thunderstorms in Real Time.
 

Offline metalphreak

  • Frequent Contributor
  • **
  • Posts: 817
  • Country: au
  • http://d.av.id.au
    • D.av.id.AU
Re: Sniffing the Rigol's internal I2C bus
« Reply #488 on: July 22, 2013, 03:12:41 AM »
Cygwin:
options:          DSA9
lic1-code:        42D818229EAE3D
lic2-code:        846DD600607AF4
target-code:      42D818229EAE3D0846DD600607AF4

Linux:
options:          DSA9
lic1-code:        6CDA7B4CFB7267
lic2-code:        46D85196962A32
target-code:      6CDA7B4CFB7267046D85196962A32

lic1 stays the same between different serial numbers. However, is lic1 supposed to be the same for all compiles? If not, and there are multiple valid keys per serial, then my Cygwin compile may be fine, I just don't have a scope to test with. Also, on some serial numbers (randomly generated) the key generated has a few characters at the end missing (both linux and cygwin).

DS2A000000450 for example has characters cutoff under linux, but is fine for cygwin. Maybe a different seed is required for some :)
« Last Edit: July 22, 2013, 03:14:20 AM by metalphreak »
 

Offline HK3R

  • Newbie
  • Posts: 3
Re: Sniffing the Rigol's internal I2C bus
« Reply #489 on: July 22, 2013, 04:09:21 AM »
Compiled in a Mac with Mountain Lion using the linux64 script, both kind of keys worked perfect in my DS2072 with latest firmware!! ;D, I entered the keys using the DSO editos not the USB connection.



Thanks for the great work!  :clap:
 

Offline cybernet

  • Regular Contributor
  • *
  • Posts: 240
  • Country: 00
  • pm deactivated, use the search function ...
Re: Sniffing the Rigol's internal I2C bus
« Reply #490 on: July 22, 2013, 04:23:40 AM »
while grabbing some fresh air ...

... i thought it would be very cool, if rigol, as the platform is now somewhat "open" decides to make the DS2K series a real open platform.
just imagine that u have proper input stages, ADC, plenty of memory, FPGA's, a powerful enough DSP to run linux + custom GUI, keypad - mighty display, LAN etc..

i would have been more than happy to pay 1000$ for such a platform - if they release some starter kit with a basic functional scope, that would take the market by storm i think,
and their R&D could be spent on their more high end models, or even transfer features from that platform. it would be no match for the cheap ass arduino + some ADC kits that are out there.
i believe there is no serious project like that in existence ?

it could be done without rigol, but i dont have plans to get in touch with the bootloader anymore, maybe somebody else wants to (he can have my stuff then) - also the fpga part would be hard to
reverse ..
___________________
"all rights reversed :-)"
R0=-0x18;
UNLINK;
RTS;
 

Offline DL5TOR

  • Contributor
  • Posts: 35
  • Country: de
Re: Sniffing the Rigol's internal I2C bus
« Reply #491 on: July 22, 2013, 04:27:55 AM »
one quick question:

is it posible to reverse the Serialnumber used??

why the question: i have a DSA815 the license looks the same but i can not figure out what the serrial is that is used. and if this works then we also have  aworking keygen for the das hihi

thx
 

Offline cybernet

  • Regular Contributor
  • *
  • Posts: 240
  • Country: 00
  • pm deactivated, use the search function ...
Re: Sniffing the Rigol's internal I2C bus
« Reply #492 on: July 22, 2013, 04:29:12 AM »
one quick question:

is it posible to reverse the Serialnumber used??

why the question: i have a DSA815 the license looks the same but i can not figure out what the serrial is that is used. and if this works then we also have  aworking keygen for the das hihi

thx

dont think so, because its a hash value .... if u have a GEL fiel for the DSA, the answer is in the gel file ... ;-)
___________________
"all rights reversed :-)"
R0=-0x18;
UNLINK;
RTS;
 

Offline true

  • Frequent Contributor
  • **
  • Posts: 288
  • Country: us
  • INTERNET
Re: Sniffing the Rigol's internal I2C bus
« Reply #493 on: July 22, 2013, 04:31:02 AM »
Used DSAZ, works fine, had to hard power-cycle the scope though before it would boot again. Serial number has now been set to DS2A0000000001 (might be wrong about the amount of 0's) and model to DS2202.

Should I make a web frontend for this? Can anyone host it?
 

Offline alank2

  • Super Contributor
  • ***
  • Posts: 1467
Re: Sniffing the Rigol's internal I2C bus
« Reply #494 on: July 22, 2013, 04:44:53 AM »
Used DSAZ, works fine, had to hard power-cycle the scope though before it would boot again. Serial number has now been set to DS2A0000000001 (might be wrong about the amount of 0's) and model to DS2202.

Does anyone have a theory as to why some serial numbers get reset to the above?  What exactly did you do prior to this happening?  What firmware are you on?
 

Offline ilya

  • Contributor
  • Posts: 10
Re: Sniffing the Rigol's internal I2C bus
« Reply #495 on: July 22, 2013, 05:34:11 AM »
I have DS2072 with the earliest firmware. The only option set that worked for me was DSAH.

Going to upgrade the FW now  O0
 

Offline true

  • Frequent Contributor
  • **
  • Posts: 288
  • Country: us
  • INTERNET
Re: Sniffing the Rigol's internal I2C bus
« Reply #496 on: July 22, 2013, 05:35:12 AM »
Used DSAZ, works fine, had to hard power-cycle the scope though before it would boot again. Serial number has now been set to DS2A0000000001 (might be wrong about the amount of 0's) and model to DS2202.

Does anyone have a theory as to why some serial numbers get reset to the above?  What exactly did you do prior to this happening?  What firmware are you on?

Should I even respond to you? You're just going to delete your post later.

Not sure which FW, haven't even looked. I entered via on-screen keyboard. Accepted, rebooted, hard-power-cycled since it wouldn't boot, checked system info and there it is. I can't remember what I read about this, I think they proper serial comes back if the key is uninstalled, no?

====

I wrote a web front-end for setting options and generating a key, very user-friendly, I just need a place to host it. I could also put in a field for requiring the private key to be put in.

====

edit: added webgen screenshot (again)
« Last Edit: July 22, 2013, 06:51:28 AM by true »
 

Offline ilya

  • Contributor
  • Posts: 10
Re: Sniffing the Rigol's internal I2C bus
« Reply #497 on: July 22, 2013, 05:55:00 AM »
I wrote a web front-end for setting options and generating a key, very user-friendly, I just need a place to host it. I could also put in a field for requiring the private key to be put in.

PM sent

EDIT:

Updated to latest FW and was able to enter DSAR code! Now my 2072 shows that it's 2202 :)
« Last Edit: July 22, 2013, 06:02:56 AM by ilya »
 

Offline Chet T16

  • Frequent Contributor
  • **
  • Posts: 511
  • Country: ie
    • Retro-Renault
Re: Sniffing the Rigol's internal I2C bus
« Reply #498 on: July 22, 2013, 06:24:20 AM »
I can host too if a mirror is needed
Chet
www.chet.ie - projects/electronics blog
BSc Engineering Science - Electronics
Studying ME Computer and Electronics
 

Offline doma

  • Contributor
  • Posts: 11
  • Country: 00
Re: Sniffing the Rigol's internal I2C bus
« Reply #499 on: July 22, 2013, 06:28:42 AM »

DONT USE BELOW, as activates 2102 and also 2202:

2   on   on   ==   ==   ==
3   on   on   ==   ==   on
4   on   on   ==   on   ==
5   on   on   ==   on   on
6   on   on   on   ==   ==
7   on   on   on   ==   on
8   on   on   on   on   ==
9   on   on   on   on   on


Great work! I used DSA9 as cybernet recommended and it works fine.

Why do you still recommend not to use DSA9?
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf