Sniffing the Rigol's internal I2C bus

[marmad]

However, it would be nice, if a non-A-owner will remove his keys and try this procedure with the newest firmware (which is for both scopes, "a" and "non-a") to check if it still works.

BTW, there's a good chance that it still works - since it was never published before - and the A-models still use trial minutes. It's clearly part of some procedure that Rigol does at the factory to initiate the DSO (setting the clock for the first time, calibrating, initiating trial minutes, etc) which they never thought any owners would stumble upon. We only found it because the early firmware had a bug which reset trial minutes on a self-calibration - and so we thought we might also use it to restart the trial.

But no reason to try until your minutes run out - and hopefully a keygen will come soon anyway.

[Pehtoori]

Hi everyone! Just read the whole thread, what a journey, my head is bit sore. Not my native language and have dyslexia so took 2 days straight, ok to be honest skipped German parts

Planning to buy Rigol DS2072A, but maybe waiting for the hack before ordering or if no one can get that JTAG dumbed try to step in. Would be my first with JTAG so don't hold your breath.

Maybe we should put fundraising to buy one and send it to (cybernet?). 20€/25$ each would take around 40 to donate. After it gets hacked sell it in ebay and funds goes to next target. Or to hacker, but that may make him legal target as hi is profiting from the activity.

[MrsR]

Hi! guys,
Well I have had no luck in updating my DS2072 to a DS 2202.
I have tried 3 FW versions. 1.0.05, 1.0.03 and 2.001.0.03 ( NOT WRITTEN PROPERLY ) but I am sure you's will know what versions I am talking about.

 ON REFLECTION

A)- Has anyone done the upgrades with a RIGOL official upgrade loaded.( mine is the larger memory )

B)- I noticed that the official key has 21 numbers and the NOT official key is 16.

C)- The NOT official generated upgrade is 4 groups of 7 letter/numbers the first two 7 letter/number groups are the same for all the upgrades.

D)- The official 4- 7 letter/number groups for the memory upgrade are completely different to the official ones.

E)- I have been wondering if I used the Key number on the RIGOL upgrade site would it generate the 4-7 letter/number group.

Anyone have any suggestions what to try next.    HELP!!!!!

[AndersAnd]

@MrsR

Have you tried to uninstall all keys before installing a new one?
What 4 letter option did you use to generate your key?
Did you type in the correct serial number?
What key generator did you use? This one? http://riglol.3owl.com/
Can you post your generated key?

It's easier to help if you post the exact procedure you used.

B)- I noticed that the official key has 21 numbers and the NOT official key is 16.

What do you mean by 16 and 21 numbers? The keys consists of 28 alphanumeric values.

[marmad]

A)- Has anyone done the upgrades with a RIGOL official upgrade loaded.( mine is the larger memory )

@MrsR: Yes. Upgraded to the new v.2 firmware with my official key for all options already installed - no problem. I used my serial number and the code DSEA in the Riglol key generator to generate a CAN license key. Installed with no problem. A couple of days later I did the same again using DSCA for the 300MHz option to measure waveform update rates at 1ns/div- again installed with no problem.

[van-c]

A)- Has anyone done the upgrades with a RIGOL official upgrade loaded.( mine is the larger memory )

@MrsR: Yes. Upgraded to the new v.2 firmware with my official key for all options already installed - no problem. I used my serial number and the code DSEA in the Riglol key generator to generate a CAN license key. Installed with no problem. A couple of days later I did the same again using DSCA for the 300MHz option to measure waveform update rates at 1ns/div- again installed with no problem.

Marmad:  Do you know if the firmware keeps a record of what option code (DSAZ, DSEA, DSHH, etc.) was used to enable "official" options, or does it just keep track of what options are enabled and forgets how it got there?  I have a similar case to yours before you upgraded to v.2 firmware and extended your options, except that I have HW version 2.  If I upgraded to FW v.2 and then applied DSHH (instead of DSEA followed by DSCA, as you did) do you think I would end up in essentially the same state as you, except of course for the HW version?

[wilheldp]

http://riglol.3owl.com/

I've seen that site mentioned a number of times, but I can't ever get it to load.  Am I doing something wrong?

[Sparky]

Rigol have updated their list of current firmware versions on their Firmware Request Page.  If it wasn't obvious that DS2000/DS2000A are going to use the same firmware moving forward, it is now.  Same goes for DS4000/MSO4000.  Would have liked to see DP832 added to this list...

Here are the latest Firmware versions by Rigol product family as of December 16th, 2013:

DS2000/DS2000A FW-Version: 00.02.01
MSO4000/DS4000 FW-Version: 00.02.00
DS6000 FW-Version: 00.01.04
DSA815 FW-Version: 00.01.07
DSA1000 FW-Version: 00.01.16
DG4000 FW-Version: 00.01.07
DG5000 FW-Version: 01.01.08

[AndersAnd]

http://riglol.3owl.com/

I've seen that site mentioned a number of times, but I can't ever get it to load.  Am I doing something wrong?

Try this mirror site: http://rigol.avotronics.co.uk/mirrors/riglol/

[AndersAnd]

Would have liked to see DP832 added to this list...

All DS1000 series scopes are missing too: http://beyondmeasure.rigoltech.com/acton/form/1579/0012:d-0001/1/index.htm

[MrsR]

Hi! Guys,
Well I went back and tried again. same PRIVATE KEY came up.
TRIED:
DSAB    Adv. Trig.
DSAC    Decoders
DSEA    CAN Decoders
DSAS    200MHz     This is all I wanted to add mainly for the 1ns Time.
Nothing worked so I got a bit frustrated and tried DSHH.

Well I have a 300 MHz DSO with my 1ns.
Also got all the triggers. Decoders, my Trial bits turned into Official and still kept 56M memory.
I guess it was the memory that caused the problems, being overwritten most likely allowed the code to work.
Thanks again guys,

Rachael

............................. 

[MrsR]

 I have the A version FW as I was trying to get the latest FW. for the DS2000. and RIGOL HEAD OFFICE
lied to me and said that the 1000003 was the latest FW and If I wanted to up date I had to have the A version.

I think the A version will stop the theft of the options that we have already paid for. Well it's theft in their eyes. Not mine though I paid over$350 for the extended memory, that was already in my DSO at the time I thought I would get a board to fit into the DSO and then I got a  fancy printed page that left it to me to make sure I got the memory from RIGOL via email.

I better get back to work or I might have to fire my self

CATCH YOU LATER
Rachael

[alank2]

Does anyone know what type of async memory the DS2000 has/uses?  The blackfin manual talks about 4 banks of 1M each at 0x20000000.  They configure the registers for all 4 banks although two are configured the same so I don't know if they use all four banks or not.

[MrsR]

DSAS    200MHz     This is all I wanted to add mainly for the 1ns Time.
Nothing worked so I got a bit frustrated and tried DSHH.

Hi Rachael (and all)
   Note:  DS2202 --> 200MHz only sets the fastest Timebase limit to 2nSec/Div (NOT 1nSec/div)

Thanks Len I forgot 

Rachael

[DL5TOR]

Does anyone know what type of async memory the DS2000 has/uses?  The blackfin manual talks about 4 banks of 1M each at 0x20000000.  They configure the registers for all 4 banks although two are configured the same so I don't know if they use all four banks or not.

Use all 4 banks and the other banks

[alank2]

Use all 4 banks and the other banks

Any idea what type of memory is attached to these banks or what it is used for?

Pages 7-20 to 7-22 cover the registers and they are set to:

EBIU_AMBCTL0 = 0xbbc3bbc3
EBIU_AMBCTL1 = 0x66ab77c3
EBIU_AMGCTL = 0x0009

[Avotronics]

download, rename to DS4000Update.GEL -> http://www.filedropper.com/ds405xupdate

This download seems to be broken, anyone have a mirror?

I have had my DS4014 for several hours already, it desperately needs some unauthorized modification 

not sure on versions. Try http://rigol.avotronics.co.uk

Sent from my Nexus 4 using Tapatalk

[apelly]

Someone can take a better picture of the DS2xxxA's input stage?    Apelly for example.

Busy, but I'll take a look in the next 48 hrs.

[alank2]

If anyone with a jtag can dump 0x201e0000 to 0x20200000, I'd be interested in finding out what is there.

[Carrington]

Someone can take a better picture of the DS2xxxA's input stage?    Apelly for example.

Busy, but I'll take a look in the next 48 hrs.

Ok, perfect, if you can take pictures of the rest, jumpers, DC / DC ...
Thanks. 

[wilheldp]

I really apologize if this has been answered already in this thread, but I'm late to the game and pouring over 141 pages of posts is a bit daunting.  But are there firmware limitations on the use of Keygens on Rigol equipment (namely the DP832 and DS1074Z)?  For instance, do the keys not work with newer firmwares, and has anyone lost keygen activated features after upgrading the firmware on the equipment?

[Rigby]

I really apologize if this has been answered already in this thread, but I'm late to the game and pouring over 141 pages of posts is a bit daunting.  But are there firmware limitations on the use of Keygens on Rigol equipment (namely the DP832 and DS1074Z)?  For instance, do the keys not work with newer firmwares, and has anyone lost keygen activated features after upgrading the firmware on the equipment?

One of the most commonly stated rules in this thread is that you should update your firmware to the latest release before you apply a keygen-created key.

[wilheldp]

One of the most commonly stated rules in this thread is that you should update your firmware to the latest release before you apply a keygen-created key.

So it's not a good idea to update the firmware until the sniffers of the I2C have figured out if it borks the keys?

[true]

The only firmware that was known to have a problem was the early version of the DS2000, which would cause reset serial numbers (like it did for my unit).

For DP832, I believe I may have (mis?)read that .08 has problems; use .06 to apply the keys then update.

Otherwise, yes, you want to update first.

[alank2]

The only firmware that was known to have a problem was the early version of the DS2000, which would cause reset serial numbers (like it did for my unit).

I used to believe the S/N could not be mangled with 00.01.01.00.02, but I was wrong.  Not sure how I did it, playing around with keys, but mine did get mangled on 00.01.01.00.02.

Thanks,

Alan