Products > Test Equipment

DG4000 - a firmware investigation

<< < (57/96) > >>

ytsejam:
https://www.eevblog.com/forum/testgear/sniffing-the-rigol's-internal-i2c-bus/msg623998/#msg623998

The above link shows how to use TopJTAG Flash Programmer to dump the flash on DSA815. (at least a portion)

I used the same method to dump DG4062's flash (with bootloader 00.06), and compared the dumped binary with DG4000 bootloader 00.06 update file.
Found that the content of dump result does contain the bootloader 00.06.

If any owner of DG4062 with previous bootloader (00.05) can give a hand, help to use the same method to dump the flash (1MB file) and share it with me privately.
I can restore that back to my DG4062 to see if bootloader can be downgrade to 00.05 by this method. Then the new DG4000 (with 00.06) owner might get a chance to downgrade the FW to previous version.

Can anyone give a hand? Much appreciated!

fact:
Instead of J-Tagging the bootloader and/or firmware, would it be possible to just put the parameters for extending the frequency range in the correct spot in memory?

ytsejam:

--- Quote from: fact on March 09, 2015, 04:01:08 pm ---Instead of J-Tagging the bootloader and/or firmware, would it be possible to just put the parameters for extending the frequency range in the correct spot in memory?

--- End quote ---

Sounds like chickens and eggs.

For new firmware (1.09 and 1.12), though not 100% sure, but I think RIGOL has removed the function for reading the CEN file or at least change the format.
And new bootloader (ver 06) won't accept firmware prior to 1.09.

So we got two choices:

1. Hack the new firmware to find out if there's any new way. This will require JTAG dump the flash and reverse engineering.

2. Overwrite the new bootloader (ver 06) with old one  (ver 05), and that needs JTAG as well.

3. Wait for someone to compile a firmware (home brew) can be loaded by new bootloader, which provides the capability to rewrite the bootloader back to old one or provides a way to update the flash with new model key.


MiataMuc:
maybe anoter option:

dump the flash, do manually what the cen-file used to do, and then uplaod the changed flash?

ytsejam:

--- Quote from: MiataMuc on March 09, 2015, 07:26:04 pm ---maybe anoter option:

dump the flash, do manually what the cen-file used to do, and then uplaod the changed flash?

--- End quote ---

That should work, but:

1. As I learned from the forum, the CEN file is a key file, if valid, DG4000 will store the key somewhere in the flash, however, I don't know in which form or format, nor the address.

2. JTAG is needed for dumping/uploading the flash. (which means we need to open the back cover)

Navigation

[0] Message Index

[#] Next page

[*] Previous page

There was an error while thanking
Thanking...
Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod