How to hack the firmware
1. Unpack the firmware *.cab by 7zip
2. Unpack infiniiVisionSetup.cab ( e.g. with WinCE CAB Manager 3.0)
Find \Secure\infiniiVision\infiniiVisionCore.dll
3. Change at location 0x277e50 in infiniiVisionCore.dll
byte sequence 04 00 a0 e1 to byte sequence 00 00 a0 e3
4. Enable startup Overide by creating USB flash with following structure in root of USB drive (copy structure from Secure folder from point 2)
Edit in Startup folder file infiniivision.lnk to contains following sequence "62#\usb\infiniiVision\infiniivisionLauncher.exe -l All -l SCPIPS"
Replace in infiniiVision folder infiniiVisionCore.dll with patched infiniiVisionCore.dll file
5. Create infiniivisionStartupOverride.txt file in root of USB flash drive containing "True"
6. Plug the USB drive to scope and turn it ON
7. There will be red message in letf top corner "Unfinalized Software" and "System Concerns detected: OS version is not correct. Please reload system firmware"
Applications needed:
WinCE CAB Manager http://www.ocpsoftware.com/products.php
7Zip http://www.7-zip.org/
How to hack the firmware
1. Unpack the firmware *.cab by 7zip
2. Unpack infiniiVisionSetup.cab ( e.g. with WinCE CAB Manager 3.0)
Find \Secure\infiniiVision\infiniiVisionCore.dll
3. Change at location 0x277e50 in infiniiVisionCore.dll
byte sequence 04 00 a0 e1 to byte sequence 00 00 a0 e3
4. Enable startup Overide by creating USB flash with following structure in root of USB drive (copy structure from Secure folder from point 2)
Edit in Startup folder file infiniivision.lnk to contains following sequence "62#\usb\infiniiVision\infiniivisionLauncher.exe -l All -l SCPIPS"
Replace in infiniiVision folder infiniiVisionCore.dll with patched infiniiVisionCore.dll file
5. Create infiniivisionStartupOverride.txt file in root of USB flash drive containing "True"
6. Plug the USB drive to scope and turn it ON
7. There will be red message in letf top corner "Unfinalized Software" and "System Concerns detected: OS version is not correct. Please reload system firmware"
Applications needed:
WinCE CAB Manager http://www.ocpsoftware.com/products.php
7Zip http://www.7-zip.org/
These steps can be used in the 2.37 firmware?
These steps can be used in the 2.37 firmware?
How to hack the firmware
1. Unpack the firmware *.cab by 7zip
2. Unpack infiniiVisionSetup.cab ( e.g. with WinCE CAB Manager 3.0)
Find \Secure\infiniiVision\infiniiVisionCore.dll
3. Change at location 0x277e50 in infiniiVisionCore.dll
byte sequence 04 00 a0 e1 to byte sequence 00 00 a0 e3
4. Enable startup Overide by creating USB flash with following structure in root of USB drive (copy structure from Secure folder from point 2)
Edit in Startup folder file infiniivision.lnk to contains following sequence "62#\usb\infiniiVision\infiniivisionLauncher.exe -l All -l SCPIPS"
Replace in infiniiVision folder infiniiVisionCore.dll with patched infiniiVisionCore.dll file
5. Create infiniivisionStartupOverride.txt file in root of USB flash drive containing "True"
6. Plug the USB drive to scope and turn it ON
7. There will be red message in letf top corner "Unfinalized Software" and "System Concerns detected: OS version is not correct. Please reload system firmware"
Applications needed:
WinCE CAB Manager http://www.ocpsoftware.com/products.php
7Zip http://www.7-zip.org/
These steps can be used in the 2.37 firmware?
No.
These steps can be used in the 2.37 firmware?
No. The structure and length of the new firmware cab is different.
My firmware is 2.37 I can drop to 2.35 firmware?
After getting a request from someone here what I did:
1) Upgrade from 2.35 to 2.37: OK!
2) Test SCPI on port 5024 with FW 2.37 (require LAN Module): OK!
3) downgrade from 2.37 to 2.35: FAILED!
A quick analysis of 2.37 shows that Startup Override functionality is disabled in ProcessStartupFolder.exe: it still looks for infiniivisionStartupOverride.txt file, but instead of executing lnk/exe files it runs "ipconfig.exe /all > ipconfig.txt" (what is it? a "tampered" mark?), then "rebootInfiniiVision.exe", which surprisingly results in reboot 2.36 has the same problem I guess.
We should focus on downgrade I think.
My firmware is 2.37 I can drop to 2.35 firmware?
You should go back and read the last couple of pages...After getting a request from someone here what I did:
1) Upgrade from 2.35 to 2.37: OK!
2) Test SCPI on port 5024 with FW 2.37 (require LAN Module): OK!
3) downgrade from 2.37 to 2.35: FAILED!
So i did some tests with the "Unfinalized Software" Hack on the 2.37 Firmware.
On my Scope is currently the version 2.35 with the most options enabled by DSOAPP Bundle except the MSO Function.
I extracted the cab file of the 2.37 with this tool MSCEInf - CAB Analyzer (No Setup needed and free)
And searched for the same code location and it has moved to 0x27A9A0, changed the 4 byte to 00 00 A0 E3 and put the whole Infiniivision folder to the usb stick.
The Scope boots the 2.37 and the additional features are enabled. (see Screenshots)A quick analysis of 2.37 shows that Startup Override functionality is disabled in ProcessStartupFolder.exe: it still looks for infiniivisionStartupOverride.txt file, but instead of executing lnk/exe files it runs "ipconfig.exe /all > ipconfig.txt" (what is it? a "tampered" mark?), then "rebootInfiniiVision.exe", which surprisingly results in reboot 2.36 has the same problem I guess.
We should focus on downgrade I think.Nice find!
Maybe it's posible the change the exe with an older one that supports usb booting
Thank you for your reply, post too long, not scrutiny. Sorry.
So i did some tests with the "Unfinalized Software" Hack on the 2.37 Firmware.
...
The Scope boots the 2.37 and the additional features are enabled. (see Screenshots)
A quick analysis of 2.37 shows that Startup Override functionality is disabled in ProcessStartupFolder.exe: it still looks for infiniivisionStartupOverride.txt file, but instead of executing lnk/exe files it runs "ipconfig.exe /all > ipconfig.txt" (what is it? a "tampered" mark?), then "rebootInfiniiVision.exe", which surprisingly results in reboot 2.36 has the same problem I guess.
We should focus on downgrade I think.
Hello guys!
I seemed to have a FW problem with the oscilloscope and had to upgrade the firmware unfortunately before I found this forum...
Now I have 2.37 fw revision.
I tried to downgrade by tricking the process into thinking the 2.35 files are 2.37 indeed by changing strings in INFINI~1.028
I have recalculated the MD5 for the infiniVIsionSetup.cab too to set it in the recipe.xml
I unpacked the .cab files with 7zip and packed them back with CABPACK.
It did not work, I get error message about the file loading unsuccessful.
I am not sure though if it was a wrong packing method I used, or something else.
Did anybody approach the downgrade process from this angle?
So i did some tests with the "Unfinalized Software" Hack on the 2.37 Firmware.
On my Scope is currently the version 2.35 with the most options enabled by DSOAPP Bundle except the MSO Function.
I extracted the cab file of the 2.37 with this tool MSCEInf - CAB Analyzer (No Setup needed and free)
And searched for the same code location and it has moved to 0x27A9A0, changed the 4 byte to 00 00 A0 E3 and put the whole Infiniivision folder to the usb stick.
The Scope boots the 2.37 and the additional features are enabled...
Tools to extract the firmware/kernel.