Sniffing the Rigol's internal I2C bus

[Buzz239]

I've gone through 95 pages of the post to try to find the information for the Rigol DSA815-TG. I downloaded 3 license keys from the key generator at http://rigol.avotronics.co.uk. I have the firmware to 01.08.00 installed already and
I need to downgrade the firmware to 01.06.00 ( I guess).  When I enter the software key, Is this going to add it to the list of license keys or, will it erase one of the existing keys (see attachment)? The www.riglol.3owl.com site times out every time I try to access it. Where do I get the 01.06.00 firmware for the downgrade? If
someone could please direct me to the information (the search engine stinks) I need it would be greatly appreciated.

TNX, Gary

[olepr01@gmail.com]

Riglol works just fint from here (Northern Europe). The licenses will replace the inactive entries in the list. Don't know about downgrading.

[Altemir]

Buzz239
If you want, you can find 00.01.06 and 00.01.07 firmwares from this folder

[Buzz239]

Thanks Guys,
I didn't have to downgrade and every thing works GREAT.

73 Gary,KF9CM

[AndersAnd]

The www.riglol.3owl.com site times out every time I try to access it.

There's a mirror of that site here: http://rigol.avotronics.co.uk/mirrors/riglol/

[tsmith35]

The www.riglol.3owl.com site times out every time I try to access it.

Strangely, it's the same for me here. Before the mirror, I just went to the site through a random free proxy.

[pascal_sweden]

Do you need to open the scope to generate the license keys specific to your scope?

Or are they working on finding the private key so that you can generate the license keys without opening the scope?
I don't like the idea of opening up my scope =)

[Buzz239]

All I did was go to SYSTEM > 2nd page> license>INSTALL and enter the key code.

73, Gary KF9CM

[Gunb]

I've gone through 95 pages of the post to try to find the information for the Rigol DSA815-TG. I downloaded 3 license keys from the key generator at http://rigol.avotronics.co.uk. I have the firmware to 01.08.00 installed already and
I need to downgrade the firmware to 01.06.00 ( I guess).  When I enter the software key, Is this going to add it to the list of license keys or, will it erase one of the existing keys (see attachment)? The www.riglol.3owl.com site times out every time I try to access it. Where do I get the 01.06.00 firmware for the downgrade? If
someone could please direct me to the information (the search engine stinks) I need it would be greatly appreciated.

TNX, Gary

Hi Gary,

short question, didn't follow the thread for a while: why do you need to downgrade? Don't the keys work for V. 01.08.00 anymore?


Kind regards
Gunb

[hammy]

Hi Gary,
short question, didn't follow the thread for a while: why do you need to downgrade? Don't the keys work for V. 01.08.00 anymore?
Kind regards
Gunb

He wrote it five messages before. See Reply #2463.

[Gunb]

Hi Gary,
short question, didn't follow the thread for a while: why do you need to downgrade? Don't the keys work for V. 01.08.00 anymore?
Kind regards
Gunb

He wrote it five messages before. See Reply #2463.

OK, thx!

Hmm, slowly this thread seems to need a TOC 

[NikWing]

does the new secret A-version keygen need dumps or will it work without?

[granz]

Here are some pictures of the internals of my DS2072A, including images of the input stage under the RF shield, for those interested.

My version info is:

Serial: DS2D....
Hardware version: 1.0.2.0.2
FPGA version:
    SPU: 03.01.09
    WPU: 00.07.01
    CCU: 12.29.00
    MCU: 02.13

Also, I can confirm that tirulerbach's keygen works nicely (scope now thinks it is a DS2202A  ).  I'll try to take some bandwidth measurements hopefully soon and report back...

Hopefully the image names make sense (feel free to ask for clarification).  Some of the close-ups are low resolution unfortunately, because I could only get a cheap USB microscope in there without further disassembly.

Another thing I thought of that tirulerbach mentioned about the JTAG connection: You shouldn't need the pull-ups at all as long as your adapter is driving the nTRST and nSRST lines high (my FT2232H-based adapter does that, and I assume almost all would).  If you use the pull-ups you don't need to connect those lines to your adapter at all--just leave them pulled-high for the mem dump.

Hope the images are useful !

(full back image, jumper image, and one input stage image attached, all in .zip)

https://mega.co.nz/#!I89GxaqI!bTPeSVsWpN8jEXoa44ejMDz3aOM5A-zmMqczeo_31c8

[dr.diesel]

Keygen worked great for unlocking all decode options on the new MSO4000s.

Thanks again to all involved.

[whotopia]

Hi all,
With all the JTAG memory image mining going on has anyone figured out where the serial number is stored in the DS2xxx?  I rolled back my firmware and the serial number was reset to default.  Anyone have any ideas on how to 'fix' this?  Also, has anyone determined if the firmware allows for the serial number to be changed via uploading a file like on the DG4000? 
My JTAG adaptor is in the mail.  I hope to help out soon.
Thanks!

[AndersAnd]

Hope the images are useful !

(full back image, jumper image, and one input stage image attached, all in .zip)

https://mega.co.nz/#!s0tHDKYY!RoQZ1XR5ecREZNLoEFXJkRJ_YFhdCeikPaEczS07pb4

Looks like you linked to the wrong file "ds2072a_00.02.01.00.03-enter-key.tar.gz", this looks like memory dumps (.bin files) and not images.

[marmad]

With all the JTAG memory image mining going on has anyone figured out where the serial number is stored in the DS2xxx?  I rolled back my firmware and the serial number was reset to default. 

It would be helpful if you posted the following info about your loss of serial number:
a) Exact model and HW revision you have (e.g. non-A, HW v.1.0.1)
b) Which FW versions you rolled back FROM and TO (e.g. FROM: FW v.02.01.00.03 TO: FW v.01.01.00.02)
c) Which FW up/downgrading method you used to roll back the FW (e.g. at boot)
d) If you had any options installed when you rolled back the FW (e.g. all options installed)

[granz]

Looks like you linked to the wrong file "ds2072a_00.02.01.00.03-enter-key.tar.gz", this looks like memory dumps (.bin files) and not images.

Weird, I'm like 99% sure I selected the right file in mega.  (Guess I should double check afterwards).  Anyhow, I've fixed the link, thanks for the heads up.

[Carrington]

LOL... 

Hardware version: 1.0.2.0.2:

[tirulerbach]

does the new secret A-version keygen need dumps or will it work without?

The keygen still need dumps and some developers too to make further investigations.

[NikWing]

ahh darn ... I dun have linux or a USB jtag lol

btw: if not ferrites, are these 0603 resistors?
step by step, they won't print values on resistors anymore to reduce costs
could be the reason, doesn't have to be the reason xD

[elecBlu]

LOL... 

nothing special about this, there are some unmarked resistor series out there. i doubt they choose this resistors because of the missing value on it, it should be a tolerance/price/availability thing.

[tirulerbach]

JTAG DS2000A

[anson80]

I just joined the forums,My English is not good.
 I have a newly purchased DS2102A.Its system info on the picture
 I would like to help and I'm ready to open my oscilloscope to JTAG this dump, but I'm not very familiar with in windows system JTAG,Can some guidance?

[zombie28]

I found function responsible for loading and decrypting keys from flash, so I can confirm that the keys are not generated by the firmware itself (this wouldn't make any sense in case of public key anyway). I have also analyzed a few memory dumps from scopes of the same model (DS2072A), manufactured in consecutive weeks of 2013, and all of them had different key sets. So the keys are changed at least once a week.

Update: Rigol doesn't need to maintain database of all keys, because they can be generated algorithmically from scope's serial number, including ECC private key. However it is practically impossible to find out what algorithm it is, having only the keys.