Sniffing the Rigol's internal I2C bus

[marmad]

And from what I can tell Tequipment is already offering DS2302A even tough they just write "call us" for price. But their website say they have 3 in stock: http://www.tequipment.net/Rigol/DS2302A/

Remind me again - which model do you own?

[AndersAnd]

Remind me again - which model do you own?

DS1052E 

[marmad]

Remind me again - which model do you own?

DS1052E 

So you can be the first to take the DS2302A plunge?

[marmad]

Just to clarify - here's a chart showing typical BW curves for a 500MHz Nyquist frequency - in other words, the Nyquist frequency of the DS2000 when you have 2 channels ON at max. sampling rate (1GSa/s). Even though most people agree that sin(x)/x should have a sampling rate 2.5x the highest frequency, let's just assume, for simplicity sake, that it can work adequately with 2x. But any frequencies HIGHER than that 2x can cause problems for the interpolation.

The chart shows the hypothetical "brickwall" filter which would be ideal to have (the red line), a maximally flat response curve (the blue line), and a typical Gaussian response curve (the green line). The gray diagonal lines show the area of trouble: where higher-frequency signals can leak through the filter to cause mistakes in the interpolation. With the given response curves, that area is all below -8dB.

On top of this, I've overlaid the results (the yellow line) that someone posted here for the response curve of a 300MHZ "enabled" DS2000 HW v.2.  If these results are correct, the area of filter leakage (the orange diagonal lines) increases to a point above -6dB when using two channels.

I would suggest, for anyone enabling 300MHz on ANY DS2000 - that wants to be certain of signal fidelity (unless/until we see further tests), to use it only with 1 channel @ 2GSa/s (otherwise use the channel BW filter).

[George10256]

I think this is an official Rigol shop. 
http://www.rigol-uk.co.uk/Rigol-Digital-Oscilloscopes-DS2302A-p/ds2302a.htm#.UtXHMHmI3E1
And there is one DS2302A in stock.

I have a Rigol DS2072A with serial DS2D1543... seems week 43.
With a Firmware downgrade to 00.01.01. i got a DS2202A with all options using the keygen and DSAZ, so thats no problem.
If i upgrade to Firmware 00.02.01., the scope stay on DS2202A but all options are gone, not even the trial Version remains.

I could check the weekly key for week 43.

I can't tell for sure yet since I don't know enough about it: I just tried some keys of a DSO that has the same production week as mine
and I got "license unavailable"
so it seems a memdump IS needed for every a-series DSO

But it looks like i have to take a memdump. For that i have to order a JTAG dongle, cause i don't have one.
Is there a recommendation for a fast JTAG dongle?

[fqahmad66]

Hi,

Can this be used as JTAG dongle?

[NikWing]

alright, I'm one step closer ...
I digged in the old hardware oddments of my company's development dept and found an AVR jtag ice mk2
and it's got USB connection, yay (and even an easy to change pinout adapter was attached)
but using google I didn't find any clear information about compatibility with urjtag

can anyone tell me these 2 things: will it work with urjtag and can I safely connect to the DSO's 3V3 pin? (there's also nothing about Vref and Vsupply in the how-to, so I assume they're not connected ... or is UTST or VTST = Vref?)
that would get me a big step closer to dumping the mem ...

[neslekkim]

alright, I'm one step closer ...
I digged in the old hardware oddments of my company's development dept and found an AVR jtag ice mk2
and it's got USB connection, yay (and even an easy to change pinout adapter was attached)
but using google I didn't find any clear information about compatibility with urjtag

can anyone tell me these 2 things: will it work with urjtag and can I safely connect to the DSO's 3V3 pin? (there's also nothing about Vref and Vsupply in the how-to, so I assume they're not connected)
that would get me a big step closer to dumping the mem ...

http://urjtag.org/book/_system_requirements.html#_supported_jtag_adapters_cables

[poida_pie]

Marmad, where did you get the DS2000 b/w response data that extends up to 1 GHz? Was this data posted here on this board?



[/quote]

[NikWing]

@neslekkim: I've seen that, along with this: http://sourceforge.net/apps/mediawiki/urjtag/index.php?title=Cables
but I'm still not smarter than before XD

ok, adapter nearly done, I don't know what the UTST or VTST pin is ... I suppose it's Vref?
(Vref is the name of the pin on the AVR jtag connector)

[Pehtoori]

I would like to see summary table with difference between DS2072 HW1, DS2072 HW2 and DS2072A to get overall picture all at once.

How about you make one and share with us?

Given that people open up their scope for making memory dumps, visual inspection might be done at same time as well

Look pictures and comments in this and other threads

Note that my questions were just trying to get an overall summary in place on current status of hacks/verifications, as this information is spreaded throughout the forum

To get overall summary you need only information of this thread, no other threads needed.

Then I can wait until the generic hack is in place, as I dont want to open my scope.

 

You don't want to read this thread, do the summary table, open your scope. Just to be clear, what will be your contribution?

[Pehtoori]

Got my scope now, waiting for JTAG. Should be in customs atm.

Serial: DS2D1542***** so from week 42.

If dump from this puppy isn't needed, I don't expect free lunch. I can donate 50€ (~65$) before getting the keys. Money can be used towards buying genuine key or something else.

[Posterisan]

Got my scope DS2072A yesterday, Serial # DS2D1542.....

I try to dump with Segger J-Link this evening, but i read the segger jlink is extreme slow 

[ju1ce]

Got my scope DS2072A yesterday, Serial # DS2D1542.....

I try to dump with Segger J-Link this evening, but i read the segger jlink is extreme slow 

My J-Link dump is progressing at a whopping 1% per hour at the moment... Oh well, still faster than buying another JTAG tool and waiting for it to arrive.

[NikWing]

so, since you're taking dumps (lol) ... where did you connect the UTST/VTST (can't tell if it's U or V lol) to?

[neslekkim]

Did you read the guide at all?

"Ignore the confusing pin UTST I guess cybernet used it just to probe the voltage."

[NikWing]

don't laugh, I stopped reading after "have an ARM 20 pin connector" ... 

ok, so my cable is done ^^

[sled]

Rigol can't afford to ignore the hacks, but they would be wise to view them as an opportunity rather than an attack.

It would be very wise for us if we did not bite the hand that feeds us by making the hacks too easy to use.  There needs to be a minimum amount of skill required to accomplish the hacks.  I don't know what this skill level should be, but making web apps capable of providing valid keys by providing a serial number and a four character option code is definitely something that I would consider "biting the hand that feeds us."

Exactly what happened, the skill level required is to dump the memory via JTAG

[granz]

I'm somewhat amazed at the confusion involving JTAG.  The original DS2k pinout image is confusing.  It makes it look like you need to APPLY 3.3V to what he labeled as UTST (wrong label) from another point on the board.  Do NOT do this, because you may be tying two separate regulated outputs together on the RIGOL board.  I've reworked the JTAG image to show how you should be connecting your JTAG adapter.  If the tutorial author is reading, the tutorial should be corrected.

Be sure to check the signal levels on your JTAG adapter before attaching anything, some don't use a VREF voltage and have a jumper or something instead to set the levels.  Much older JTAG adapters especially might use 5V.  Everyone obviously has a scope, so it only takes a few minutes to be safe if you are just using something you had lying around.

[NikWing]

I still don't understand the connection XD
what's high-Z output and what to attach there?

so I HAVE to connect to Vref from the jtag lik eI thought before?

linux is a PITA atm, it's not that simple to run the bfin program as written in the how-to
it's missing additional software -_-;
glibc, I have 2.13 here ... it needs 2.14 and/or 2.15 -_-

[granz]

See updated attachment.  VREF comes from the board and goes into your adapter.

[NikWing]

ahh, so the difference is that pin 1 will not be connected and trst and tsrt are hard to see now (but still connected?)

[Posterisan]

I need help with mit Segger j-link.

If i try to run bfin-gdbproxy i got:

Code: [Select]

C:\Program Files (x86)\Analog Devices\GNU Toolchain\2013R1\uclinux\bin>bfin-gdbp
roxy --debug bfin --frequency=5000000

Remote proxy for GDB, v0.7.2, Copyright (C) 1999 Quality Quorum Inc.
MSP430 adaption Copyright (C) 2002 Chris Liechti and Steve Underwood
Blackfin adaption Copyright (C) 2008 Analog Devices, Inc.

GDBproxy comes with ABSOLUTELY NO WARRANTY; for details
use `--warranty' option. This is Open Source software. You are
welcome to redistribute it under certain conditions. Use the
'--copying' option for details.

debug:     bfin: bfin_open ()
Found USB cable: jlink
error:     bfin: cable initialization failed
debug:     bfin: bfin_open ()
Found USB cable: jlink
error:     bfin: cable initialization failed

3.3V from SPI are connected to VRef (Segger Pin 1)
Only TRST and SRST are not connected to the segger jlink.
OS is Windows 8 - 64Bit.

Any ideas?

[granz]

3.3V from SPI are connected to VRef (Segger Pin 1)
Only TRST and SRST are not connected to the segger jlink.
OS is Windows 8 - 64Bit.

Any ideas?

Try connecting with the generic UrJTAG from here first: http://sourceforge.net/projects/urjtag/files/urjtag/0.10/

If it sees the cable with the generic version then you'll probably have to switch to 32-bit Linux to get the blackfin toolchain version to see it.

Also, TRST and SRST must either be connected to your JTAG adapter or pulled-up with resistors, see diagram above.

[Posterisan]

Try connecting with the generic UrJTAG from here first: http://sourceforge.net/projects/urjtag/files/urjtag/0.10/

If it sees the cable with the generic version then you'll probably have to switch to 32-bit Linux to get the blackfin toolchain version to see it.

Also, TRST and SRST must either be connected to your JTAG adapter or pulled-up with resistors, see diagram above.

TRST and SRST are pulled-up 10k/3k9 to 3.3V.

I tried urjtag - doesnt work :

Code: [Select]

jlink         Segger/IAR J-Link, Atmel SAM-ICE and others.
jtag> cable jlink
Couldn't connect to suitable USB device.
Error: Cable connection failed!
jtag>
if i try the the segge commander i got:

Code: [Select]

SEGGER J-Link Commander V4.80a ('?' for help)
Compiled Jan 10 2014 21:21:55
DLL version V4.80a, compiled Jan 10 2014 21:21:47
Firmware: J-Link ARM V8 compiled Nov 25 2013 19:20:08
Hardware: V8.00
S/N: xxxxxxx
OEM: SEGGER-EDU
Feature(s): FlashBP, GDB
VTarget = 3.377V
Info: TotalIRLen = 5, IRPrint = 0x01
Info: TotalIRLen = 5, IRPrint = 0x01
Info: TotalIRLen = 5, IRPrint = 0x01
No devices found on JTAG chain. Trying to find device on SWD.
No device found on SWD.
i try linux