Sniffing the Rigol's internal I2C bus

[cybernet]

I have come a little further with my DB832. Here ist the JTAG pinout. I have already copied a part of the RAM. Exactly the same ECC parameters as the DS series! Can someone please send me a working serial / license combination? AAAB and DSAB not work...

  - did u figure out what compiler/libs they used ? - for ARM there should be plenty of FLAIR libs available which might ease the further disassembly.
@ecc params -> 

[metalphreak]

I have come a little further with my DB832. Here ist the JTAG pinout. I have already copied a part of the RAM. Exactly the same ECC parameters as the DS series! Can someone please send me a working serial / license combination? AAAB and DSAB not work...

Hmm, curious. In Dave's tear down of the DP832, the sticker inside said DP832A. Yours seems to show DP800....

-jbl

It's a screenshot from Dave's video @ 19:02. 

Ahhhh... I see.

They must have some that say DP832A and some that say DP800 inside then... </end conspiracy theory>.

:-)

-jbl

The top and bottom boards said DP832A didn't they? That's a photo of the front panel which would be the same for all of them regardless

[mickpah]

The top and bottom boards said DP832A didn't they? That's a photo of the front panel which would be the same for all of them regardless

photos here

https://www.eevblog.com/forum/testgear/new-rigol-dc-psu's/135/

https://www.eevblog.com/forum/testgear/new-rigol-dc-psu's/msg266949/#msg266949

[jasonbrent]

I just unboxed my DS2102 (got tired of waiting for the 2072) that was a drop ship from Rigol ordered through Tequipment.Net. Out of the box, it came with the RP3300 passive probes (not As) and the DS2102 shipped with:

Software Version: 00.01.00.00.03
Hardware Version: 1.0.1.0.0
FPGA Version:

SPU: 03.01.05
WPU: 00.06.05
CCU: 12.29.00
MCU: 00.05

.... now to find the post in the thread that had the key gen bits...

EDIT: And now I have a fully optioned DS2202. Wonder if I can find the 2202 faceplate sticker somehwere...:-)

-jbl

[studio25]

I have come a little further with my DB832. Here ist the JTAG pinout. I have already copied a part of the RAM. Exactly the same ECC parameters as the DS series! Can someone please send me a working serial / license combination? AAAB and DSAB not work...

  - did u figure out what compiler/libs they used ? - for ARM there should be plenty of FLAIR libs available which might ease the further disassembly.
@ecc params -> 

I only had time to copy the first few Mb. Using grep I have known ECC parameters found. I 'm on vacation until Monday. Hopefully I get a valid license code via PM. Then a decompile would possibly not necessary.

[darrylp]

I just unboxed my DS2102 (got tired of waiting for the 2072) that was a drop ship from Rigol ordered through Tequipment.Net. Out of the box, it came with the RP3300 passive probes (not As) and the DS2102 shipped with:

Software Version: 00.01.00.00.03
Hardware Version: 1.0.1.0.0
FPGA Version:

SPU: 03.01.05
WPU: 00.06.05
CCU: 12.29.00
MCU: 00.05

.... now to find the post in the thread that had the key gen bits...

EDIT: And now I have a fully optioned DS2202. Wonder if I can find the 2202 faceplate sticker somehwere...:-)

-jbl

What is the leading part of your serial number ?

So we can see date of assembly.

--
 Darryl

[jasonbrent]

I just unboxed my DS2102 (got tired of waiting for the 2072) that was a drop ship from Rigol ordered through Tequipment.Net. Out of the box, it came with the RP3300 passive probes (not As) and the DS2102 shipped with:

Software Version: 00.01.00.00.03
Hardware Version: 1.0.1.0.0
FPGA Version:

SPU: 03.01.05
WPU: 00.06.05
CCU: 12.29.00
MCU: 00.05

.... now to find the post in the thread that had the key gen bits...

EDIT: And now I have a fully optioned DS2202. Wonder if I can find the 2202 faceplate sticker somehwere...:-)

-jbl

What is the leading part of your serial number ?

So we can see date of assembly.

--
 Darryl

DS2A1517...

How does that decode to assembly date?

-jbl

[darrylp]

I just unboxed my DS2102 (got tired of waiting for the 2072) that was a drop ship from Rigol ordered through Tequipment.Net. Out of the box, it came with the RP3300 passive probes (not As) and the DS2102 shipped with:

Software Version: 00.01.00.00.03
Hardware Version: 1.0.1.0.0
FPGA Version:

SPU: 03.01.05
WPU: 00.06.05
CCU: 12.29.00
MCU: 00.05

.... now to find the post in the thread that had the key gen bits...

EDIT: And now I have a fully optioned DS2202. Wonder if I can find the 2202 faceplate sticker somehwere...:-)

-jbl

What is the leading part of your serial number ?

So we can see date of assembly.

--
 Darryl

DS2A1517...

How does that decode to assembly date?

-jbl

I've heard the 15 equates to 2013, 14 to 2012 and so on backwards. The 17 is week 17 of the year. So its older stock before the change. Mine is 1521 and has the A probes ie non switchable. I think its week 20 that they changed. One of the threads here has more info on it. What's your letter of calibration say for the date ?
--
 Darryl

[jasonbrent]

...snipped quotes...

I've heard the 15 equates to 2013, 14 to 2012 and so on backwards. The 17 is week 17 of the year. So its older stock before the change. Mine is 1521 and has the A probes ie non switchable. I think its week 20 that they changed. One of the threads here has more info on it. What's your letter of calibration say for the date ?
--
 Darryl

Regarding the probes, I'm going to go out on a limb and email Rigol NA and ask for the A probes to be sent to me... in part because the printed documentation shipped with my unit suggests the A probes.. long shot, but 0 cost to me to try it.

My calibration letter is from the first week of May.

This unit was a drop ship straight from Rigol to me via Tequipment (there was various confusion in the ordering process with Tequipment where they suggested it was in stock on this past Monday, but by Wednesday they told me it was back ordered and it would be a few weeks... I asked them to contact Rigol about a drop ship and I had it thursday AM at $0 cost shipping to me!).

I guess that means Rigol NA still has plenty of older stock on hand for the DS2102.

Now my goal is to actually learn some stuff about electronics. :-) I'm a hobbyist who goes all in with whatever hobby I pick up at a given point in time... after a few weeks of acquisition, I finally have a decent selection of test equipment and components to learn with.

DS2102, agilent E3610A, UDI DM383 DMM, another cheapo DMM, weller WES51, flux, solder, various tools for cutting, shaping, grabbing, holding, breadboards, ICs, a couple of microprocessors, tons of component grab bags from jameco, wires, and not enough time. :-)

As an aside, anyone know how much I should trust the DS2102's default calibration for voltage readings? The E3610A and the DS2012 agree on voltages  (at least the DS2012s average agrees, the peak is pretty far off sometimes, especially at lower voltages) but both of my DMMs read low. For example, on a 5 volt setting for the E3610A, the DS2012 average is ~= 5.00 volts, but the DM383 and the other cheapo DMM will read ~= 4.85 volts.

-jbl

[mtdoc]

Mucho Kudos to those who did the work that allowed me to turn my DS2072 into a DS2202 with all the options!

Got mine a couple of weeks ago from Tequipment. Serial no ..1521...  Calibration in June

It came with the non switchable probes which personally I like - I prefer the smaller form factor and I already have a few pairs of cheap switchable probes which are fine for the occasional very low amplitude measurement.

As an aside, anyone know how much I should trust the DS2102's default calibration for voltage readings? The E3610A and the DS2012 agree on voltages  (at least the DS2012s average agrees, the peak is pretty far off sometimes, especially at lower voltages) but both of my DMMs read low. For example, on a 5 volt setting for the E3610A, the DS2012 average is ~= 5.00 volts, but the DM383 and the other cheapo DMM will read ~= 4.85 volts.

-jbl

Mine reads a bit high when measuring DC voltages as well.    It's my  first digital scope so I'm not sure if this is unusual.  No big whoop I guess since it's not meant to used as a precision voltmeter - I already have a few of those. Overall, I'm very happy with it

[marcus]

Hi,
i got my DS2072 yesterday and what should i say, AMAZING!!! I made a DS2202 out of it today.

Since i am a Windows user i had to do a lot of troubleshooting with this damn Linux-LIVE-CD, with no results.
So i searched for a .exe and found this FTP-Server with a lot of useful Documents: http://www.gotroot.ca/rigol/

I thought i may be useful for some people here.

Marcus

[studio25]

Can someone explain to me how the private key with ECDLP solver v0.2a calculated?
I have read the following constants from my DP832:

prime1 unsigned char [] = "AEBF94CEE3E707";
prime2 unsigned char [] = "AEBF94D5C6AA71";
curve_a unsigned char [] = "2982";
curve_b unsigned char [] = "3408";
point1 unsigned char [] = "7A3E808599A525";
point2 unsigned char [] = "5EC2D25AE85124"; <--- Not sure yet

PS
I still hope for a DP832 option code. I need only the code that is entered on the device.

[zombie28]

Can someone explain to me how the private key with ECDLP solver v0.2a calculated?
I have read the following constants from my DP832:

prime1 unsigned char [] = "AEBF94CEE3E707";
prime2 unsigned char [] = "AEBF94D5C6AA71";
curve_a unsigned char [] = "2982";
curve_b unsigned char [] = "3408";
point1 unsigned char [] = "7A3E808599A525";
point2 unsigned char [] = "5EC2D25AE85124"; <--- Not sure yet

PS
I still hope for a DP832 option code. I need only the code that is entered on the device.

There are 2 possible private keys for these parameters:

5C393C30FACCF4
528658A4CBDD7D

If the key verification method in DP832 is exactly the same as in DS2k, then the first one will be valid.

[docmandu]

Can someone explain to me how the private key with ECDLP solver v0.2a calculated?
I have read the following constants from my DP832:

prime1 unsigned char [] = "AEBF94CEE3E707";
prime2 unsigned char [] = "AEBF94D5C6AA71";
curve_a unsigned char [] = "2982";
curve_b unsigned char [] = "3408";
point1 unsigned char [] = "7A3E808599A525";
point2 unsigned char [] = "5EC2D25AE85124"; <--- Not sure yet

PS
I still hope for a DP832 option code. I need only the code that is entered on the device.

---
GF := GF(49187291794761479);
E := EllipticCurve([GF|10626,13320]);
G := E![34408668876875045,11468454688366674];
K := E![26672856534896932,39931304602480539];
/*
FactorCount:=4;
17;
53;
905461;
60291817;
*/
---

GF = prime1
E = curve_a, curve_b
G = uncompressed point1 (Gx, Gy)
K = uncompressed point2 (Rx, Ry)

ECDLP requires them to be in decimal format. Use ECCTOOL by readyu to get the decimal values and to uncompress the points.

[studio25]

Can someone explain to me how the private key with ECDLP solver v0.2a calculated?
I have read the following constants from my DP832:

prime1 unsigned char [] = "AEBF94CEE3E707";
prime2 unsigned char [] = "AEBF94D5C6AA71";
curve_a unsigned char [] = "2982";
curve_b unsigned char [] = "3408";
point1 unsigned char [] = "7A3E808599A525";
point2 unsigned char [] = "5EC2D25AE85124"; <--- Not sure yet

PS
I still hope for a DP832 option code. I need only the code that is entered on the device.

---
GF := GF(49187291794761479);
E := EllipticCurve([GF|10626,13320]);
G := E![34408668876875045,11468454688366674];
K := E![26672856534896932,39931304602480539];
/*
FactorCount:=4;
17;
53;
905461;
60291817;
*/
---

GF = prime1
E = curve_a, curve_b
G = uncompressed point1 (Gx, Gy)
K = uncompressed point2 (Rx, Ry)

ECDLP requires them to be in decimal format. Use ECCTOOL by readyu to get the decimal values and to uncompress the points.

Thank you very much. I'll test it tonight.

[cybernet]

same results with DLP&ECDLP Solver v0.6 - probably the first one 0x5C393C30FACCF4

[studio25]

Thanks to all! Maybe someone wants to help.
Here is the DP832 NAND dump.

http://rapidshare.com/files/3695164600/Rigol%20DP832%20dump.rar

[hmlittle59]

Hello All,

Got my Rigol 2102 a couple of weeks ago and still getting use to it.  Up dated the FW from :00.01.00.03 - to - 00.01.00.05. As I stated before, they said it was up to date when I bought it. Any way, I am lost on how you guys that just got your units and in one day was able to do the upgrades so quickly.  I'm just chasing my tale on trying to figure out the proper steps.  And if I do get that far, will I have to do any HEX adjustments for (Voltage reading/Bandwidth/other things...etc.). 

So my question is,  is there just one(1) file to run that will do these hack or will I have to open it up to attach some wire and hack board?

Thanks for any help and guidance.  And, yes I'm nervous about doing this, I don't want to have a BRICK

Howard


 

[tlu]

Hello All,

Got my Rigol 2102 a couple of weeks ago and still getting use to it.  Up dated the FW from :00.01.00.03 - to - 00.01.00.05. As I stated before, they said it was up to date when I bought it. Any way, I am lost on how you guys that just got your units and in one day was able to do the upgrades so quickly.  I'm just chasing my tale on trying to figure out the proper steps.  And if I do get that far, will I have to do any HEX adjustments for (Voltage reading/Bandwidth/other things...etc.). 

So my question is,  is there just one(1) file to run that will do these hack or will I have to open it up to attach some wire and hack board?

Thanks for any help and guidance.  And, yes I'm nervous about doing this, I don't want to have a BRICK

Howard

Howard, I believe you have it backwards. Latest should be .02, then .03, and .05 should be the oldest of the three firmware. Update to .02 before implementing the key.

[fqahmad66]

[quote author=synapsis link=topic=17002.msg276813#msg276813 date=1376517256]

Would it be possible (and practical) to develop license codes for Rigol's 'UltraSpectrum' program for the DSA815 that go beyond the 15 day free trial?

Thanks again.

Somebody succeeded to generate LC for UltraSpectrum??

Regards

[hmlittle59]

Now I'm really confused .  I already had FW.xxxxxxx03, I installed FWxxxxxxx05.  Now I must go to FWxxxxxx02 then do the key that I can't find, correct.   After I install FWxxxxxxx02, implement key, then do I do any more FW updates?

Howard

[Marc M.]

.....then do the key that I can't find....

The key is posted somewhere earlier in this thread.  Spend a little time reading thru it and you'll find the key and lots of other relevant information.  Time well spent.

After I install FWxxxxxxx02, implement key, then do I do any more FW updates?

AFAIK, version 02 is the latest version available so No, after installing the 02 firmware then key(s) you are finished.  Marmad has been keeping track of the revisions in one of the first posts in his review thread: https://www.eevblog.com/forum/testgear/first-impressions-and-review-of-the-rigol-ds2072-ds2000-series-dso/  You'll also find the firmware there if you need it.

[Rory]

With the DSA815-TG, what is the procedure to uninstall the options?  :SYSTEM:OPTION:UNINSTALL  in various forms did not work for me.

I'm having problem with nonresponsive keyboard.  Is there a way to reset the device to factory state other than *RST?

[Fagear]

Now I'm really confused .  I already had FW.xxxxxxx03, I installed FWxxxxxxx05.  Now I must go to FWxxxxxx02 then do the key that I can't find, correct.   After I install FWxxxxxxx02, implement key, then do I do any more FW updates?

Look carefully at firmware's order. There are known versions:
- v.00.01.00.02
- v.00.01.00.05
- v.01.00.00.03
- v.01.01.00.02

So, there are TWO .xxxxxx02 versions, and latest one is newer then .xxxxxxx03 and .xxxxxxx05. You need the latest one to apply codes.

[studio25]

Rigol 3in1 Keygen (includes DP832)

http://pastebin.com/t75UYN3g