| Electronics > Repair |
| Agilent 34461A corrupted flash |
| << < (7/41) > >> |
| TheSteve:
Had a play with my 34461A. I dumped pboot. I noticed at boot it showed the serial # as SerNum:MY99999999 I then thought I'd do the "factory list" but mis-remembered the command and typed "factory info". The command didn't give an error but has now changed the "MY99999999" to "x⚌⚌⚌⚌$ ". It seems the change is permanent. So far the meter still boots and seems to work with no errors. I haven't tried a firmware update or anything. It's made me sweat a little, not going to lie. I really like my 34461A, bought it new. Normally commands don't do odd things, guess we need to be super careful. You can see that same serial # with the printenv command. |
| Monkeh:
--- Quote from: TheSteve on March 29, 2021, 01:39:25 am ---Normally commands don't do odd things, guess we need to be super careful. --- End quote --- You're working at a very low level with code chucked together for test purposes, never really expected to be seen by anyone but the original firmware engineers. Here be dragons. |
| dc101:
Not sure if this was reported in the other Agilent/Keysight multimeter threads, but you can enabled the FTP server on the 3446X by running the SCPI command DIAG:UPD:START? --- Code: ---[user.titan] ➤ telnet 192.168.30.96 5024 Trying 192.168.30.96... Connected to 192.168.30.96. Escape character is '^]'. Welcome to Keysights's 34460A Digital Multimeter 34460A> DIAG:UPD:DIR? \Agilent Flash\User\ 34460A> DIAG:UPD:START? +1 34460A> --- End code --- Here's some more SCPI commands that you can use to try and brick you meter, get crazy: DIAG:UPD:DIR? DIAG:UPD:ENAB? DIAG:UPD:REV? DIAG:UPD:BLOCK:SIZE? DIAG:UPD:START? DIAG:UPD:STOP DIAG:UPD:REBOOT DIAG:UPD:END? DIAG:UPD:ENAB? DIAG:UPD:NKBIN "\Agilent Flash\User\Nk.bin" DIAG:UPD:FIRM:ERR? DIAG:UPD:FIRM:PROG? |
| dc101:
The Steve - Ooooofff, unfortunately that makes sense with what I saw in the decompiler. <--- Side note, what am I doing wrong, that I can't put pictures inline with my post? It assumes any argument that isn't the string "list" is a pointer to a location containing the factory data. There's no checking to make sure it's a valid address. So if you typed in "info", then factory copied 0x2000 bytes starting at (RAM)0x696e666f into NAND flash. Did you by chance run printenv prior to running factory info/list? If so, you should be able to restore your factory info back to default. It's not hard, it just involves finding a clean space of RAM, writing to it in the format that factory expects and then running the factory command with the correct address. Cheers -Tim |
| TheSteve:
--- Quote from: dc101 on March 29, 2021, 01:59:39 am ---Oofff, yes that makes sense with what I saw in the decompiler. (Attachment Link) <--- Side note, what am I doing wrong, that I can't put pictures inline with my post? It assumes any input that isn't the string "list" is a pointer to a location containing the factory data. There's no checking on the input to make sure it's a valid address. Did you by chance run printenv prior to running factory info/list? If so, you should be able to restore your factory info back to default. It's not hard, it just involves finding a clean space of RAM, writing to it in the format that factory expects and then running the factory command with the correct address. --- End quote --- It doesn't appear I did. I do have the original MAC saved elsewhere though, so maybe we can restore it still. |
| Navigation |
| Message Index |
| Next page |
| Previous page |