Author Topic: The Dark Side of the Rigol Hack -- Bricked Scope & How to Fix it...  (Read 105553 times)

0 Members and 2 Guests are viewing this topic.

Offline adron

  • Contributor
  • Posts: 9
  • Country: se
Re: The Dark Side of the Rigol Hack -- Bricked Scope & How to Fix it...
« Reply #150 on: July 06, 2020, 11:46:15 pm »
Sorry about the late reply. These were the settings I used. Same?

I'll also throw in the C# program that I used to compare the dump to the rigol firmware image and to extract sections of it as a .hex file for writing. I have not cleaned it up, so there are hard coded paths and firmware offsets, but perhaps it can be useful.

Edit: I had some trouble dumping the flash sometimes, probably because of the state the hardware was in at the time that topflash started accessing it. I found that it was safest to always start by dumping the first 32 or so bytes from the flash before doing anything else, just to ensure that nothing else in the scope was using the data bus or address bus, and if those bytes came out wrong, I restarted before trying again.
« Last Edit: July 06, 2020, 11:53:05 pm by adron »
 
The following users thanked this post: rezinj

Offline rezinj

  • Contributor
  • Posts: 5
  • Country: cn
Re: The Dark Side of the Rigol Hack -- Bricked Scope & How to Fix it...
« Reply #151 on: July 17, 2020, 06:14:12 am »
I used your setting file and started to read the dump file. i did it throuth xillinx prallel cable programmer and it took about 6 hours. once i used jlink programer the reading time was more(frequency should be very low_1khz). i read the dump file 2 times and each time it wase different. i have to say because my programer need power i turn on oscilloscope to source it throuth +3.3v pin.
 

Offline adron

  • Contributor
  • Posts: 9
  • Country: se
Re: The Dark Side of the Rigol Hack -- Bricked Scope & How to Fix it...
« Reply #152 on: July 17, 2020, 08:39:26 am »
I used the segger programmer clocked at 1 MHz; I started at 500 kHz and it was stable so I tried increasing. At 1 MHz I had no errors that seemed to be due to the clock frequency. Dumping the entire flash took a little over one hour, but it is only relevant to dump the parts that are written by the rom, which was the first half in my case. I used 15 cm interconnection wires, it is good to keep them short. The scope has to be powered, the programmer does not power the circuitry. I had a few instances of different dump because the scope was in a bad state when the JTAG interface took control, which caused the first few hundred bytes of the dumps to come out different. Every other time the dumps were exactly the same. When there was a problem, the beginning of the dump was alternating 0x25 0x00 bytes.
 
Compare your dumps: Do they differ in a few bits? Do they differ in many places but are same in some? Is there only a particular range that is different?

Try dumping only the first kilobyte so you can test quickly?
 

Offline rezinj

  • Contributor
  • Posts: 5
  • Country: cn
Re: The Dark Side of the Rigol Hack -- Bricked Scope & How to Fix it...
« Reply #153 on: July 17, 2020, 11:28:11 am »
are you sure about the setting that you uploaded? i used your setting and read several time. each time some different datas.
 

Offline adron

  • Contributor
  • Posts: 9
  • Country: se
Re: The Dark Side of the Rigol Hack -- Bricked Scope & How to Fix it...
« Reply #154 on: July 17, 2020, 12:56:50 pm »
are you sure about the setting that you uploaded? i used your setting and read several time. each time some different datas.

I am fairly sure about it. At least it was the settings file that I used for reading out my dumps, and I reloaded it a few times. It is possible that your oscilloscope is a different hardware version and that it requires different parameters. I screenshotted all of the settings as well, do they match what you had set up?

If most of the data that you read is the same but some differs, I would guess that you are clocking it too fast or that your adapter is malfunctioning. Are all your connections secure? Does detecting/validating the jtag chain work? Does detecting the flash type work?
 
The following users thanked this post: rezinj

Offline patty.o.furniture

  • Newbie
  • Posts: 2
  • Country: us
Re: The Dark Side of the Rigol Hack -- Bricked Scope & How to Fix it...
« Reply #155 on: July 18, 2020, 09:17:40 pm »
Thanks for posting the settings @adron. I've been crazy busy lately.

I can dump the ROM with your settings just fine at 4 MHz. Only a few bytes change here and there between power cycles, but it's the same one or two addresses. I went down to 1 MHz with the same behavior so I'm hoping it's normal.

My dump starts to differ very early on, at address 0xFFEB, but I find long chains of bytes from the RGL data scattered throughout the dump. They tend to be on page boundaries. It's very odd to me.

The other thing I noticed is that I can't seem to write to the low addresses. Probably need to change AWE_B to '0' for that to work.
 

Offline rezinj

  • Contributor
  • Posts: 5
  • Country: cn
Re: The Dark Side of the Rigol Hack -- Bricked Scope & How to Fix it...
« Reply #156 on: July 19, 2020, 05:18:42 am »
i agree with you. my hardware version is different than others. for example my flash ic is on the buttom layer. how can i found out i read the flash right? i'm sure aboaut reading the chain. should i use multimeter to check the pin connection of flash and other ICs?
 

Offline rezinj

  • Contributor
  • Posts: 5
  • Country: cn
Re: The Dark Side of the Rigol Hack -- Bricked Scope & How to Fix it...
« Reply #157 on: September 01, 2020, 07:03:48 pm »
any one know where Mr drieg is? i was in connect with him via Gmail. he told me send your dump file for me to repair it. i sent my dump file to him and now he dosen't answer me! any one know him? any one know how i can connect him? any thing bad happend to him?
 

Offline darciopp

  • Newbie
  • Posts: 2
  • Country: br
Re: The Dark Side of the Rigol Hack -- Bricked Scope & How to Fix it...
« Reply #158 on: September 04, 2020, 03:30:04 am »
Hello Folks

Anyone here would like to get my DS1052E board to bring it back to life, since it is bricked after an original rigol firmware "upgrade"?

I can pay for that.

Please, PM me!

 

Offline MiguelAReis

  • Newbie
  • Posts: 2
  • Country: pt
Re: The Dark Side of the Rigol Hack -- Bricked Scope & How to Fix it...
« Reply #159 on: September 09, 2020, 09:24:59 am »
Hello, I managed to dump my bricked DS1102E's Flash. Can someone fix it for me? I have no idea on how to do it.

Thanks
 

Offline darciopp

  • Newbie
  • Posts: 2
  • Country: br
Re: The Dark Side of the Rigol Hack -- Bricked Scope & How to Fix it...
« Reply #160 on: September 09, 2020, 01:56:00 pm »
Welcome to the Happy Rigol Bricks Owners Club.

Maybe some units were counterfeit or "after hours" production from a third party manufacturer and Rigol decided that it was hurting its business.

Maybe some genius thought "Lets brick them, just like FTDI made with the counterfeit USB-UART bridge chips" and voilá: a complete set of unusable products. Very clever!

Do they have the right to do it? Sure, but this raised only anger from the community. I can't believe that there wasn't another way to get this around.
 

Offline MiguelAReis

  • Newbie
  • Posts: 2
  • Country: pt
Re: The Dark Side of the Rigol Hack -- Bricked Scope & How to Fix it...
« Reply #161 on: September 11, 2020, 10:21:40 am »
Well I managed to unbrick my DS1102E but now the serial number is gone and it says its mode is the DS1052E. If anyone could help, I would appreciate it.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf