Hey Guys,
I have a ZVR, SN is 835068/005. and I found the SW sn \R_S\INSTR\INI\OPTOIN.INI
Is't anyone know how to decode it?
--------------------------------------------------------
4056071223; EMBED DEEMBED
0436723430; TIME DOMAIN
1234299954; CONVERTER 4 CHAN
--------------------------------------------------------
maybe
feat_0 = 'HARMONIC MEAS', 'B3', 'Harmonic Measurements'
feat_1 = 'MIXER MEAS', 'B4', 'Mixer Measurements'
feat_2 = 'NONLINEAR MEAS', 'B5', 'Nonlinear Measurements'
feat_3 = 'REF MIXER PORTS', 'B6', 'Reference Mixer Ports'
feat_4 = 'POWER CALIBRATION', 'B7', 'Power Calibration'
feat_5 = '4 PORT MEAS', 'B99', '4-Port Measurements'
feat_6 = 'QUARTZ MEAS', 'BXX', 'Quartz Measurements'
This is an old public algorithm.
test Feat_2+, if all OK - test b3-b4 too,
in newer devices - these numbers(0 or 1) used for demo.
now r&s used new long key.
many know how to create new too,
but no one wants to share it to public ))Code: [Select]sn: 835068.005 id: 00 option key: 1542267991 desc: feat_0
sn: 835068.005 id: 01 option key: 2797899109 desc: feat_1
sn: 835068.005 id: 02 option key: 2277388772 desc: feat_2
sn: 835068.005 id: 03 option key: 2328386865 desc: feat_3
sn: 835068.005 id: 04 option key: 0302356071 desc: feat_4
sn: 835068.005 id: 05 option key: 3024766616 desc: feat_5
sn: 835068.005 id: 06 option key: 4252011699 desc: feat_6
sn: 835068.005 id: 07 option key: 4056071223 desc: TIME DOMAIN, B2, Time Domain Measurements
sn: 835068.005 id: 08 option key: 0436723430 desc: CONVERTER 4 CHAN, C4C, 4 Channel Converter
sn: 835068.005 id: 09 option key: 1234299954 desc: EMBED DEEMBED, K9, Virtual Embedding Networks
sn: 835068.005 id: 10 option key: 0493488890 desc: feat_A
from Crypto.Cipher import ARC2
import struct
serial = 835068
serial2 = 005
option = 9
record = struct.pack("<II", serial, serial2 + (option <<20))
encyphered = ARC2.new("Revision\0").encrypt(record)
print encyphered.encode("hex")
24147d39d5347618
Hello
Can anyone convert the script into Python 3.6? Been struggling for too long with converting it but there are just a few things im not familiar with..
Hi tv84,
I attached a API.DLL form a ZVR. could you decode the option from it?
I don't think so. Do you have examples of options for that equipment?
I double checked with ZVR manual, the only K option for ZVR is K9 only, there is nothing to do with this unit.
So I am looking in another one, FSEA30. the datasheet say the K option for FSEA is:
---------------------------------------------------------------
FSE-K4 Phase Noise Measurement Software,
FSE-K3 Noise Measurement Software
FSE-K10 GSM Test Software, Mobile
FSE-K11 GSM Test Software, Base Station
FSE-K20 GSM Test Software, Edge Mobile
FSE-K21 GSM Test Software, EDGE Base Station
FSE-K30 GSM Test Software, 850 GHz band Mobile
FSE-K31 GSM Test Software, 850 GHz band Base Station
----------------------------------------------------------------
Just decoded the SN using "Rohde & Schwarz FSP option generator".
Notice: that I decode all seeds, the comment "Kx xxxx Application Firmware" is not correct, it's for FSP
--------------------------------------------------------------------------
3780795724 - K5 - GSM/EDGE Application Firmware
0284552823 - K7 - AM/FM/PM Measurement Demodulator
4196994763 - B17 - IQ Online
0684125256 - None
1514211661 - K84 - 1xEV-DO BTS Application Firmware
0579586646 - K84 - 1xEV-DO MS Application Firmware
3285910640 - None
1332515167 - FSP-B15 FSP-B70 FS-K7
1746004935 - K72 prior K74
0425836556 - None
3914572062 - K9 - Power Meter
0367944746 - FSP-B15 FS-K7
0178533596 - None
0084427020 - None
0973137605 - K76 - 3GPP TD-SCDMA BTS Application Firmware
4058089560 - K77 - 3GPP TD-SCDMA MS Application Firmware
2816669065 - K30 - Noise Figure Measurament
0774785927 - K82 - CDMA2000 BTS Application Firmware
1251526595 - K83 - CDMA2000 MS Application Firmware
0364322959 - K8 - Bluetooth Application Firmware
3912188941 - K40 - Phase Noise Measurament
2043795852 - None
2216559242 - None
3509799288 - None
0667766505 - None
2179962388 - 31 days trial period
4232888520 - 78 days trial period
1998016984 - None
1665344687 - None
0081926458 - Frequency Extension
1876889287 - None
2554963261 - Trasducer Set
0989643314 - None
1367083121 - None
2589261327 - None
3754352886 - None
2349723378 - None
2713318677 - None
0242151735 - None
3807482493 - None
2651669256 - None
0586577237 - None
3525044770 - None
0034228987 - None
1143727560 - None
2616543767 - None
1636617207 - None
0959025083 - None
1318982380 - None
2600577035 - None
--------------------------------------------------------------------------
compare with the options.ini in my FSEA. the fisrt line is the "FSE-K10 GSM Test Software, Mobile".
------------------------------------------------------
Options file in my FSEA:
3780795724; GSM MTS ANALYZER
------------------------------------------------------
My question is which line of the SN is for other option?
-------------------------------------------------------------------
FSE-K4 Phase Noise Measurement Software,
FSE-K3 Noise Measurement Software ??
FSE-K10 GSM Test Software, Mobile 3780795724
FSE-K11 GSM Test Software, Base Station
FSE-K20 GSM Test Software, Edge Mobile
FSE-K21 GSM Test Software, EDGE Base Station
FSE-K30 GSM Test Software, 850 GHz band Mobile
FSE-K31 GSM Test Software, 850 GHz band Base Station
-------------------------------------------------------------------
another thing I found is that there is no API.dll in my FSEA30. I search all *.ll in hard disk, it seems that "FSEFPNL.DLL" is the suspect one.
from:
char SerString [] = {"xxxxxx/xxx"}; // Seriale dello strumento
to:
char SerString [] = {"100218/013"}; // Seriale dello strumento
I just recompiled the program and I got the following output: import binascii
import sys
from Crypto.Cipher import ARC2
import struct
import struct
serial = 103086
serial2 = 2
option = 45
record = struct.pack("<II", serial, serial2 + (option <<20))
print(record)
cipher = ARC2.new(b"Revision\0", ARC2.MODE_ECB)
encyphered = cipher.encrypt(record)
msg = binascii.hexlify(encyphered)
msglist = []
for letter in str(msg):
msglist.append(letter)
msglist.remove("b")
msglist.remove("'")
msglist.remove("'")
for letter in msglist:
print(letter, end="")
print("")
import binascii
import sys
from Crypto.Cipher import ARC2
import struct
serial = 103086
serial2 = 2
#option = 10
sample = open('SWOPT.dat', 'w')
for option in range(10,50):
record = struct.pack("<II", serial, serial2 + (option <<20))
cipher = ARC2.new(b"Revision\0", ARC2.MODE_ECB)
encyphered = cipher.encrypt(record)
msg = binascii.hexlify(encyphered)
msglist = []
for letter in str(msg):
msglist.append(letter)
msglist.remove("b")
msglist.remove("'")
msglist.remove("'")
for letter in msglist:
print(letter, end="", file=sample)
print("",file=sample)
sample.close()
KEY = b"Revision\0"
STRUCT_TWO_UNSIGNED_INTS = "<II"
for line in open("SWOPT.DAT"):
if len(line) == 17:
cipher = ARC2.new(KEY, ARC2.MODE_ECB) # a new ARC2 cipher with the right key (ARC2 is a symmetric block cipher, we need a new cipher for each ciphertext)
ciphertext = bytes.fromhex(line.strip()) # Decode our ciphertext from hex, removing whitespace from the start and end
plaintext = cipher.decrypt(ciphertext) # Decrypt the cyphertext using the key
a, b = struct.unpack(STRUCT_TWO_UNSIGNED_INTS, plaintext) # unpack two unsigned ints from the plaintext
print ("SN: %d - %08x" % (a, b))
Anyone know how to enable the option on the FSH6? I tried to buy this Key but R&S says they cant generate keys anyone because they have discontinued this product. It just sounds so lillogical I cant even believe they would say something like this. I want to send them money and all that they have to do is generate a key on their PC.
If someone knows a dealer that generates keys that i can buy one for I would be happy to buy it. Moral of the story is buy the options you need before they discontinue them. Test equipment seems to have a very short support life these days especially from R&S