Products > Test Equipment
DG4000 - a firmware investigation
Mahoo:
Rigol has released the official dg4202 model 200hz function generator.
http://www.rigol.com/prodserv/127/
Now hopefully there will be some more action on this thread now we know that there is potential to hack the dg4000 for 200hz again and someone will work out how to bypass bootloader.
Gunb:
Hi,
short question: how to identify the bootloader version? Which of the listed numbers identifies the bootloader version installed?
Thanks!
rramirez:
I'm just trying to update my DG4062 from 1.07 to 1.12 (no hacks) - no luck, but no harm either.
I unzipped the file from Rigol US and first copied the .06 Bootloader onto a FAT32 formatted 2GB USB stick. I had no trouble getting the Utility button light to blink and go solid, followed by the Store button light. The instructions say that the Waveform menu lights should blink then go solid and when they are all lit, power-off the DG4000; but that never happens. After the Store button lights solid, the unit just sits there.
Is a 2GB USB stick too large? The DG4062 fully powered on does recognize the stick after it's plugged-in. Any ideas?
Russ
devpeeps:
just ordered one of these bad boys so looking forward to playing around with these settings you're talking about
m1ke:
--- Quote from: bandgap on November 20, 2013, 07:40:38 am ---
--- Quote from: ted572 on November 18, 2013, 10:39:54 pm ---Re. DG4000 cengen: There are several of us non Unix/Linux users here on the forum that would very much appreciate a Windows or Web application to generate the required CEN file. If someone could put one together it would be very much appreciated
--- End quote ---
---
original post removed
---
I'm editing this post to remove the link to my windows binary. Apparently it is putting extra bytes in the license file. I tried several different compilers and even tried cross-compiling for windows from my linux box. Every windows binary I make puts extra bytes into the license file. I don't have enough time to see exactly why, so I offer here an alternative solution if you only have access to windows.
1) Go to http://www.compileonline.com/compile_c_online.php
2) Replace the code in the left box with the code below.
3) Put your command line arguments in the text box at the bottom (in the form <current model> <new model> <current serial>)
4) Press "Compile and Execute" in the top left
5) Press "Download Files" in the top right (assuming everything executed properly)
6) The result tar.gz file will have the proper license.CEN file contained within it.
-Clayton
--- Code: ---/*
** rigol DG4000 cengen / cybernet
**
** BUILD WITH:
** gcc cengen.c -m32 -o cengen
**
** RUN WITH:
**
** ./cengen <CURRENT_MODEL> <NEW_MODEL> <CURRENT_SERIAL> [<NEW_SERIAL>]
**
** <?_MODEL> = DG4062, DG4102, DG4162, DG4202(*)
** <?_SERIAL> = DG4D1XXXXXXXX
**
** if <NEW_SERIAL> is omitted the serial will not be modified
** (*) DG4202 is not an official model, but 200Mhz seems to work fine
**
**
** =================================================================================
** more info: https://www.eevblog.com/forum/testgear/dg4000-a-firmware-investigation/
** =================================================================================
**
** ____ ______________ ___ __
** / __ \/_ __/ ____/ |/ / / /
** / /_/ / / / / /_ / /|_/ / / /
** / _, _/ / / / __/ / / / / /_/
** /_/ |_| /_/ /_/ /_/ /_/ (_)
**
** this tool generates a new model type (DG4XXX) & serial (DG4D1XXXXXXXX) string,
** calculates a MAC and creates a .CEN file.
**
** what to do with the file ?
**
** put it on an USB stick, plug stick into DG4000, goto "Store", browse USB Stick,
** change "File Type" to "All File", navigate to your .CEN file, press "Read".
**
** You should get a Popup telling you that you successfully changed your model type and serial
**
** if *not* you:
** used a wrong current model type
** used a wrong current serial
** used an invalid new model type
** used an invalid new serial
**
**
** firmware tested:
** 00.01.06
** 00.01.03
**
**
** no warranties, if it explodes, your problem ;-)
**
*/
#include<stdio.h>
#include<stdlib.h>
#include<stdint.h>
#include<string.h>
#include<ctype.h>
#define VERSION "0.1"
char header[]="RIGOL:DG4:FIRM LICENSE FILE";
char iv[]="1000000110000001";
char static_cccc[4];
char static_zero[8];
// endianess shit
union helper {
unsigned char c[8];
unsigned int l[2];
uint64_t u;
};
// shifty
void do_cbc(char a, char b, char c, char d, char e, char f, uint16_t word1, char *buffer)
{
uint16_t bit1,bit2,bit3,bit4,u,x,y,z;
char out;
int la;
if (buffer==0) return;
u=(1<<a)-1;
z=0;
x=0;
while (a > z)
{
x=x|(1<<z);
z++;
}
y=word1&x;
if (e==0)
{
la=0;
while (u > la)
{
*(int*)(buffer+la*2)=(int)y;
if (b==0) bit1=0;
else
{
bit1=(y>>(b-1))&1;
}
if (c==0) bit2=0;
else
{
bit2=(y>>(c-1))&1;
}
if (d==0) bit3=0;
else
{
bit3=(y>>(d-1))&1;
}
if (f==0) bit4=0;
else
{
bit4=(y>>(f-1))&1;
}
out=bit1^bit2;
out=out^bit3;
out=out^bit4;
y=y*2;
y=y&x;
y=y|out;
la++;
}
}
else
{
printf("not implemented - deemed useless code ...\n");
exit(-1);
}
}
/*
** convert string to uppercase chars
*/
char * strtoupper(char *str)
{
int i = 0;
for(i = 0; str[i]; i++)
{
str[i] = toupper(str[i]);
}
return str;
}
void ascii(void)
{
printf("\n");
printf(" ________ ____ ____ ____ ____\n");
printf(" / ___/ _ \\/ __ \\/ __ `/ _ \\/ __ \\\n");
printf("/ /__/ __/ / / / /_/ / __/ / / /\n");
printf("\\___/\\___/_/ /_/\\__, /\\___/_/ /_/\n");
printf(" V%s /____/ cybernet 2013\n\n", VERSION);
}
void help(void)
{
printf("\n ./cengen <CURRENT_MODEL> <NEW_MODEL> <CURRENT_SERIAL> [<NEW_SERIAL>]\n\n");
printf(" <?_MODEL> = DG4062, DG4102, DG4162, DG4202(*)\n");
printf(" <?_SERIAL> = DG4D1XXXXXXXX\n\n");
printf(" example: ./cengen DG4062 DG4202 DG4D150400123\n");
printf(" (upgrades DG4062 to DG4202, keeps serial number)\n\n");
printf(" if <NEW_SERIAL> is omitted the serial will not be modified\n");
printf(" (*) DG4202 is not an official model, but 200Mhz seems to work fine\n\n");
exit(-1);
}
char buffer_shift(int la, uint16_t *word1, char *buf)
{
int w;
int y;
int li=0;
char x=0;
while (li > la)
{
w=*word1;
y=*(buf+li);
if (y!=li)
{
*word1=w+1;
li=0;
x=1;
}
li++;
}
return(x);
}
// dump license file
void write_file(char *nms, char *buf, uint16_t buf_len)
{
char len[8];
FILE *fd=NULL;
fd=fopen("license.CEN", "w");
if (fd==NULL)
{
printf("unable to open file 'license.CEN' for writing\n");
exit(-1);
}
memset(static_cccc, 0xcc, 4);
memset(static_zero, 0x0, 8);
memset(len,0,8);
//bzero(len,8);
len[0]=(buf_len)&0xFF;
len[1]=((buf_len)>>8)&0xFF;
fwrite(header,1,strlen(header),fd);
fwrite(len,1,4,fd);
fwrite(static_zero,1,4,fd);
fwrite(static_cccc,1,2,fd);
fwrite(iv,1,strlen(iv)+1,fd);
fwrite(nms,1,strlen(nms),fd);
fwrite(buf,1,buf_len*2,fd);
fclose(fd);
}
int main(int argc, char *argv[])
{
char secret[]="YZDHZSGCX";
char new_model[8];
char new_serial[14];
char *new_model_serial;
char cur_model[8];
char cur_serial[14];
char *cur_model_serial;
char *buffer20;
char *buffer_a2;
char *buffer_a4;
int la;
char hbuf[3];
char chr;
int duplets,bits;
int r1,d1,r2,d2;
unsigned int data1,data2;
uint16_t word1;
unsigned char lasthex;
union helper uni1;
int key_len;
int prime=13;
int len_mts;
int lc,lb,ld;
int y;
uint16_t w;
ascii();
if (argc>=4)
{
strcpy(cur_serial, strtoupper(argv[3]));
strcpy(new_model, strtoupper(argv[2]));
strcpy(cur_model, strtoupper(argv[1]));
if (strlen(cur_model)!=6) { printf("invalid <CURRENT_MODEL> len\n"); help(); }
if (strlen(new_model)!=6) { printf("invalid <NEW_MODEL> len\n"); help(); }
if (strlen(cur_serial)!=13) { printf("invalid <CURRENT_SERIAL> len\n"); help(); }
if (strncmp(cur_model,"DG4", strlen("DG4"))) { printf("invalid <CURRENT_MODEL> type\n"); help(); }
if (strncmp(new_model,"DG4", strlen("DG4"))) { printf("invalid <NEW_MODEL> type\n"); help(); }
if (strncmp(cur_serial,"DG4", strlen("DG4"))) { printf("invalid <CURRENT_SERIAL> type\n"); help(); }
if (argc==5)
{
strcpy(new_serial, strtoupper(argv[4]));
if (strlen(new_serial)!=13) { printf("invalid <NEW_SERIAL> len\n"); help(); }
if (strncmp(new_serial,"DG4", strlen("DG4"))) { printf("invalid <NEW_SERIAL> type\n"); help(); }
strcpy(new_serial, strtoupper(argv[4]));
}
else strcpy(new_serial, strtoupper(argv[3]));
}
else help();
cur_model_serial=(char*)calloc(1, strlen(cur_model)+strlen(cur_serial)+1);
new_model_serial=(char*)calloc(1, strlen(new_model)+strlen(new_serial)+1);
strcpy(new_model_serial, new_model);
strcat(new_model_serial, new_serial);
strcpy(cur_model_serial, cur_model);
strcat(cur_model_serial, cur_serial);
printf("\nCurrent settings:\n");
printf("\tModel:\t\t%s\n",cur_model);
printf("\tSerial#:\t%s\n",cur_serial);
printf("\nNew settings:\n");
printf("\tModel:\t\t%s\n",new_model);
printf("\tSerial#:\t%s\n\n",new_serial);
buffer20=(char*)calloc(1,20);
buffer_a2=(char*)calloc(4,8192);
buffer_a4=(char*)calloc(4,8192);
memset(buffer_a4,0xAA,8192);
key_len=strlen(secret);
la=0;
duplets=0;
y=0;
hbuf[2]=0;
while(la < strlen(iv))
{
hbuf[0]=iv[la];
hbuf[1]=iv[la+1];
uni1.c[duplets]=strtol(hbuf,NULL,0x10);
duplets++;
la=la+2;
}
data1=uni1.l[0];
data2=uni1.l[1];
bits=duplets<<3;
r1=bits%prime;
d1=bits/prime;
if (r1 != 0) d1++;
lasthex=uni1.c[duplets-1];
d2=64/prime;
r2=64%prime;
la=0;
while (d1>la)
{
if (d2>0)
{
word1=data1&0x1fff;
uni1.u=uni1.u>>prime;
data1=uni1.l[0];
data2=uni1.l[1];
d2--;
}
else
{
word1=(int)(((int)data1)|(lasthex<<r2))&0xffff;
}
buffer_shift(la,&word1,buffer20);
*(int*)(buffer20+la*2)=(int)word1;
do_cbc(0xd, 0x1, 0x3, 0x4, 0x0, 0xd, word1, buffer_a2);
len_mts=strlen(new_model_serial);
ld=lb=lc=0;
while (len_mts > lc)
{
chr=cur_model_serial[lc];
w=*(uint16_t*)(buffer_a2+chr*2)&0xffff;
*(uint16_t*)(buffer_a4+y*2)=(uint16_t)w;
y++;
if (lb > (key_len-1)) lb=0;
chr=secret[lb];
w=*(uint16_t*)(buffer_a2+chr*2)&0xffff;
*(uint16_t*)(buffer_a4+y*2)=(uint16_t)w;
y++;
chr=secret[lb]^cur_model_serial[lc];
w=*(uint16_t*)(buffer_a2+chr*2)&0xffff;
*(uint16_t*)(buffer_a4+y*2)=(uint16_t)w;
y++;
if (ld > (len_mts-1)) ld=0;
chr=new_model_serial[ld];
w=*(uint16_t*)(buffer_a2+chr*2)&0xffff;
*(uint16_t*)(buffer_a4+y*2)=(uint16_t)w;
y++;
lc++;
lb++;
ld++;
}
la++;
}
w=*(uint16_t*)(buffer_a4)&0xffff;
w=w&0xfffc;
*(uint16_t*)(buffer_a4)=(uint16_t)w;
*(uint16_t*)(buffer_a4)=2|(uint16_t)w;
w=*(uint16_t*)(buffer_a4+0x14)&0xffff;
*(uint16_t*)(buffer_a4+0x14)=2|(uint16_t)w&0xfff8;
write_file(new_model_serial, buffer_a4, y);
printf("license file dumped into: 'license.CEN' - have fun !\n\n");
exit(0);
}
--- End code ---
--- End quote ---
Hi I can't get this to compile.....keeps giving errors..... can someone please help
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version