Agilent E7495 linux root account

[GRFixedGear]

CF worked fine for me. Got a type 2 adapter for an sd card, partitioned a 64GB microSD card for 2GB to make the ancient firmware happy on the device. Put in the upgrade files, popped it in and found my uncle bob.

Working on the patches... GPS patch works a treat, but the published patches for the license file didnt work for me first time. I got a unit that was non-responsive to button pushes, and even lost the soft-key labels / images on the screen when I tried it. Not quite sure how that happened. MAYBE it was just a glitch in the firmware storage in that case. I'll give it another go and see what happens. Worst thing that happens is I remote login and ftp the file back up to my linux box to compare intended contents vs actual in the flash of the 7495a

I've used Ghidra to decompile the elgato binary to understand the patch being applied to the file offset of 0x337a7c appears to be correct. It shows up in a function called "l_good_lic_key". As you can imagine that's  a rather long nested function and not very much fun to read in the assembly or decompiled presentation from Ghidra. The instruction being modified is effectively the first branch in the function, but the suggested edit turns it into a mov/cpy operation from r0 to r0... effectively a nop?! Then the two instructions that follow (seems to have been unused previously so its curious that they are even there) hard codes a 1 return value and jumps to the return at the end of the function. Skips all the gory details in the middle. Genius

[GRFixedGear]

Yeah... really weird. Made the fix again, uploaded, pushed the elgato binary up via ftp and compared... no diffs from intended.

At first all the mode menu stuff worked fine, but if I tried to go to System and hit the button for the second page, it just froze with that soft button indicated as pressed, but I could get back to the mode menu stuff and click around for a bit. After a few minutes the soft buttons disappeared again and there is nothing more you can do to the unit. Really really strange

And... previously reported and fixed here

[GRFixedGear]

In other news. They aint jokin in the service manual when they warn you about the fragillity of the N connector ports for the signal generator and spectrum analyzer. Even having moved the rf connector panel away, I broke off the output side when the beast RF assembly slipped out of my hands during disassembly to go find a burned tantalum on the back of the primary power board  . Good news... with some very careful excavating of the covering copper and ceramic substrate you CAN fix one of these. Its definitely not perfect but holy crap it works.

Attachments:
- 160/400/800 grit polished end of the bit that broke off. Did the equivalent to the part still attached to the RF assembly
- Propped up the RF assembly consistently all around and then found stuff to support the backside "patch" of 0.1mm copper (pre-tinned) that was tacked in place before rigging up the broken piece for soldering
- Closeup of how I excavated down into the ceramic and tinned the signal trace for eventual soldering

Soldermask removed with 400/800 grit then polished up with a fiberglass scratcher pencil
The backside cover was soldered to the main bit with SAC alloy for some heat resistance
Junk ceramic resistor body used to support the whole assembly during work
LOTS of excess solder added around the sides and bottom to try to get connection across the "shield" at the break
Center conductor was bridged with a single strand of 36-ish AWG tinned copper
After bridging the pit was treated with drops of super corona dope. Not a good substitute for real dielectric but best I could do
Top side was again bridged with 0.1mm pre-tinned copper. Then the sides of the board around the break were liberally reinforced with more solder

Initial tests looking at the output of the generator with a TinySA showed output was working at expected level. Im sure its not up to factory performance but good enough for who its for