Sniffing the Rigol's internal I2C bus

[eurofox]

Afterward. It failed about 3 weeks after lkeys installed.

Damn! Rory, what do you think to do now?

You guy's really think that service people at Rigol will check if you legally got those key or not? 

eurofox

[auato]

Afterward. It failed about 3 weeks after lkeys installed.

Damn! Rory, what do you think to do now?

You guy's really think that service people at Rigol will check if you legally got those key or not? 

eurofox

Yep, I think Rigol's guys will not look into the keys.

[Rory]

Afterward. It failed about 3 weeks after lkeys installed.

Damn! Rory, what do you think to do now?

I will wait and see what Rigol does.  They should have it by Tuesday.

[Wim13]

In the FW ( DS2000 and DG4000) and there are named two TCP-IP ports, 5555 and 5566
Did a port scan and the ports indeed gave an ack. But could not start a comm.
Yet, no idea where they use it for.

Ultra Sigma uses tcp-ip port 4097, for the DS2000 and Sun-rpc port 111,  for the DG4000.

[commongrounder]

Wim13:  When I spoke with Rigol NA about the details of the firmware upgrade to my DS4000 series scope, they mentioned that the ver 2.00 firmware has "unlocked"  some ports so that other, non-proprietary, software could access it (no NI drivers?).  I am not at all familiar with this aspect of the network connections to the scope, so I will leave this to others to sort out.  But it sounds like they are loosening up things a bit to allow more flexible machine control.

[Wall-E]

Rigol has announced that there is very soon going to to be a DS2000A series available that will also include a DS2302A 300 MHz Bandwidth unit.
Re. http://www.rigol.com/prodserv/DS2000A/

There is also going to be a (Vector) Signal Generator DSG3000 Series. This looks like it will be expensive (?) but very nice.
Re. http://www.rigol.com/prodserv/DSG3000/

   Cheers . . .

 

[JDubU]

Any chance that
HW version 1 = DS2000
HW version 2 = DS2000A

If so, I wonder if there is a software option that takes HW version 2 up to 300Mhz and 1ns/div?

[Carrington]

Rigol has announced that there is very soon going to to be a DS2000A series available that will also include a DS2302A 300 MHz Bandwidth unit.
Re. http://www.rigol.com/prodserv/DS2000A/

https://www.eevblog.com/forum/testgear/first-impressions-and-review-of-the-rigol-ds2072-ds2000-series-dso/msg260433/#msg260433

I am not surprised, just changing a transistor (MMBTH10L by MMBTH10-4L) and done. So easy.
Not need to change the FET, the DS4000 series uses the same and achieves 500MHz.
Since the N-FET work in no gain mode (0dB, only follower) it can go probably until 1GHz.


But where did you read that? For http://www.rigol.com/prodserv/DS2000A/  I get this (see atached image):

[flolic]

http://cn.rigol.com/prodserv/DS2000A/

[Carrington]

http://cn.rigol.com/prodserv/DS2000A/

OK, now I see. 
Thanks.

[Clint]

300MHz    2    2GSa/s    14Mpts (??) ?56Mpts (??)    50,000 wfms/s    19?800



Right you lazy lot where is my key

Only joking, but would be great if this is the same hardware as the rest of the 'A's !

[1design]

Is there any chance the DSA1030 will get hacked? With a tracking generation option installed all the others are just SW activated

Best Regards!

[elecBlu]

Maybe I wasn't clear enough. Yes, I HAVE read the whole thread. No, I haven't applied any keys with the earliest software - I've downgraded AFTER I've applied the keys and uninstalled them.
I've made all uninstallations with SCPI command.
Regarding DSAA, I thought that if DSAR updates the model to 2102 and DSAZ to 2202 then DSAA might revert it back to 2072. No dice.

any news about the problem with uninstall the keys on DS2000 Scope?

[cybernet]

Is there any chance the DSA1030 will get hacked? With a tracking generation option installed all the others are just SW activated

Best Regards!

as soon as somebody comes up with a memory dump or a firmware file might also work.

[Carrington]

Cybernet, I do not know if you already know about this, from rigol-new-instruments-coming-soon:

Comparing data sheets (DS2000A from Rigol's Chinese web site), the only differences that I can see are:

1)  Added model DS2302A with 300MHz BW and 1ns/div horizontal.
2)  Switchable 50 ohm input termination
3)  Optional CAN bus trigger and decode

Another new option to add, CAN bus. 

[ilya]

any news about the problem with uninstall the keys on DS2000 Scope?

Well, here's the news.
The :SYSTEM:OPTIONS:UNINSTALL string didn't change the scope model, but did removed all licenses ("All licenses deleted"). The :SYStem OPTions:UNINSTall did the same thing but put the trials instead.

However, there was a very strange bug with my scope that did revert it to DS2072 with SN 0000000001. I did the following: connected the scope to the USB port and powered the scope on. It froze during boot-up on the "Rigol" screen. I turned it off and unplugged it from USB. Turned on again - booted fine. Connected the USB and ran the ScopeCommander with :SYSTEM:OPTIONS:UNINSTALL string. After looking at the program output I noticed that the scope was recognized as DS2072 (instead of DS2202) and the serial was 0000000001.

I've generated new licenses for 2202 and installed them. I wasn't able to revert my scope to DS2072 after that.

I'm really stuck. Hope sometimes it would be possible to change the SN... 

[elecBlu]

thanks for your reply. Sad to hear you have the problem with the serial number 
One thing i notice is that you did the fw-downgrade during your uninstall attempts. Maybe this is the reason, but who knows.

So there is still no approved way for uninstalling all this keygen-enabled software options including reset the scope model for the case of e.g. warranty? A lot of people tell the :SYSTEM:OPTIONS:UNINSTALL would do but i doubt?

[Marc M.]

... there is still no approved way for uninstalling all this keygen-enabled software options including reset the scope model for the case of e.g. warranty? A lot of people tell the :SYSTEM:OPTIONS:UNINSTALL would do but i doubt?

For the vast majority of users, the uninstall works fine.  I've uninstalled/reinstalled options at least a dozen times with no issues.  It reverts back to a 2072 and all options disappear every time I've performed it (via Ethernet and Python scripts).  It still hasn't been determined what the exact process is that caused a few users to have s/n's reset and/or unable to change the model back to a 2072.  It may be connected to older firmware so it's recommended to update to the latest version prior to installing any keys.  Keep in mind that currently there are no known uninstall options for either the DG4000 func. gens., the DSA815 spectrum analyzers or the DP800 series power supplies.

[1design]

Is there any chance the DSA1030 will get hacked? With a tracking generation option installed all the others are just SW activated

Best Regards!

as soon as somebody comes up with a memory dump or a firmware file might also work.

I will try to arrange that, I guess the .GEL is easier to get without loosing the warranty

[true]

any news about the problem with uninstall the keys on DS2000 Scope?

Well, here's the news.
The :SYSTEM:OPTIONS:UNINSTALL string didn't change the scope model, but did removed all licenses ("All licenses deleted"). The :SYStem OPTions:UNINSTall did the same thing but put the trials instead.

However, there was a very strange bug with my scope that did revert it to DS2072 with SN 0000000001. I did the following: connected the scope to the USB port and powered the scope on. It froze during boot-up on the "Rigol" screen. I turned it off and unplugged it from USB. Turned on again - booted fine. Connected the USB and ran the ScopeCommander with :SYSTEM:OPTIONS:UNINSTALL string. After looking at the program output I noticed that the scope was recognized as DS2072 (instead of DS2202) and the serial was 0000000001.

I've generated new licenses for 2202 and installed them. I wasn't able to revert my scope to DS2072 after that.

I'm really stuck. Hope sometimes it would be possible to change the SN... 

Once someone uses JTAG to dump the machine and post it here I'll take a look at it to see what can be done. Nobody has done this yet.

[Circlotron]

I have created a Windows executable with MinGW.

In the options matrix J-R is for 100MHz, S-Z is for 200MHz but 2-9 is for both 100 AND 200MHz.
What is the difference between choosing 200MHz and choosing 100 and 200MHz?

Getting a 2072 in early October.
Woo!

[ilya]

I have created a Windows executable with MinGW.

In the options matrix J-R is for 100MHz, S-Z is for 200MHz but 2-9 is for both 100 AND 200MHz.
What is the difference between choosing 200MHz and choosing 100 and 200MHz?

Getting a 2072 in early October.
Woo!

100 MHz makes 2102, 200 MHz makes 2202 from 2072. 2-9 activates both options and shows them in the "installed options" screen - not recommended.

Once someone uses JTAG to dump the machine and post it here I'll take a look at it to see what can be done. Nobody has done this yet.

Unfortunately I have neither equipment, nor expertise to make a JTAG dump. Where can I find more info on that subject?

[Circlotron]

Cool. Thanks ilya.

[Carrington]

Once someone uses JTAG to dump the machine and post it here I'll take a look at it to see what can be done. Nobody has done this yet.

You can buy a cheap jtag here:
http://www.seeedstudio.com/depot/bus-blaster-v3-p-1415.html
http://www.seeedstudio.com/depot/bus-blaster-v4-p-1416.html

[Krakonos]

Hi, I've found a bug in your code, here is the patch: http://pastebin.com/92CjSqJv

(Your code ate up first character, since my compiler (reasonably new gcc) optimized a bit and increased p before read. You can't rely on such constructs, beside bad practice I think it violates the C standard and the result is undefined, in your case, different :-))

Anyway, thanks for the keygen, I'll try it soon!

Update for DS1000z support.
Now we have:
- DS1000z
- DS2000
- DS4000
- DSA815
- DP832

http://pastebin.com/ifTEf2pq