Author Topic: DSOX2000 and 3000 series - licence , have anyone tried to hack that scope ?  (Read 599615 times)

0 Members and 1 Guest are viewing this topic.

Offline tnt

  • Regular Contributor
  • *
  • Posts: 237
Just to make it clear:

 * Licenses are stored pretty much as the XML files (same fields) and are loaded/checked from the "Secure NV" on startup
 * There is several public keys used to check the license signature, which key is used is dependent of the serial number of the scope. The secret key for the first public key, which is used for all early scope serials, has been leaked by Agilent themselves as a mistake and so it's trivial to generate your own licenses for those scope. That's been common knowledge forever ... it's explained in the original thread somewhere pretty early. Nobody published an easy tool, probably because :
  - "why risk it": since it deals with "encryption keys" it might have some legal implications that a fw diff doesn't have
  - "why risk agilent fixing the problem": if the problem is not widespread, why bother dedicating resources to fix it thoroughly, their current "work around" works well enough and is safe for all previously issued licenses.

In the worst case, if license code was fixed, attacking the firmware should be possible (despite code signing), but I'm certainly not about to risk bricking a 7k$ piece of test gear ...
 
The following users thanked this post: Andrew

Offline Rufus

  • Super Contributor
  • ***
  • Posts: 2094
Just to make it clear:
(...)
In the worst case, if license code was fixed, attacking the firmware should be possible (despite code signing), but I'm certainly not about to risk bricking a 7k$ piece of test gear ...
Your last sentence pretty much sums up all I went through. Happy ending though.

Is anything actually signed or just strong named or whatever they call it?
 
The following users thanked this post: Andrew

Offline mikeselectricstuff

  • Super Contributor
  • ***
  • Posts: 11970
  • Country: gb
    • Mike's Electric Stuff
Just to make it clear:

 * There is several public keys used to check the license signature, which key is used is dependent of the serial number of the scope. The secret key for the first public key, which is used for all early scope serials, has been leaked by Agilent themselves as a mistake and so it's trivial to generate your own licenses for those scope.
I wonder how hard it is to change the serial number.... 8)
Youtube channel:Taking wierd stuff apart. Very apart.
Mike's Electric Stuff: High voltage, vintage electronics etc.
Day Job: Mostly LEDs
 
The following users thanked this post: Andrew

Offline mikeselectricstuff

  • Super Contributor
  • ***
  • Posts: 11970
  • Country: gb
    • Mike's Electric Stuff
My warranty is fixed to the serial number. I am never gonna change it.  :(
If you can change it, you can change it back
Youtube channel:Taking wierd stuff apart. Very apart.
Mike's Electric Stuff: High voltage, vintage electronics etc.
Day Job: Mostly LEDs
 
The following users thanked this post: Andrew

Offline shadowless

  • Regular Contributor
  • *
  • Posts: 124
  • Country: us
Hey guys,

I am the first one to try the firmware on my 2000x scope and it worked for me. I took the risk of bricking my scope but well I was rewarded with a fully enabled scope.

I don't have a 3000x so I can't say that but I am sure it works on that too since he tested it himself.

So it is a good news for 2000x and 3000x owners.
 
The following users thanked this post: Andrew

Offline rkupka

  • Regular Contributor
  • *
  • Posts: 57
  • Country: sk
which FW version is this modified firmware based on ?
What is going to happen if I flash this new modded one and afterwards I flash brand new FW when Agilent releases it ?
 
The following users thanked this post: Andrew

Offline eevblogfan

  • Frequent Contributor
  • **
  • Posts: 569
  • Country: 00
Hey

can you tell me Why is the BW limit only does 20Mhz and don't ask me if I want 100Mhz , Full BW or 20Mhz ?

Ps , Is it software related ? , Ie , can you add that into new version of your file ?

and is that possible to somehow add say in the coupling menu to say put 50 Ohm impidance ? ( I suspect not right ? , becouse ther's no Hw whos support that ... )

thank you :)
 
The following users thanked this post: Andrew

Offline Hydrawerk

  • Super Contributor
  • ***
  • Posts: 2380
  • Country: 00
I think that there is no 50ohm input at DSOX2000. DSOX2000 and DSOX3000 have quite different motherboards.
Amazing machines. https://www.youtube.com/user/denha (It is not me...)
 
The following users thanked this post: Andrew

Offline con-f-use

  • Supporter
  • ****
  • Posts: 802
  • Country: at
I am the first one to try the firmware on my 2000x scope and it worked for me. I took the risk of bricking my scope but well I was rewarded with a fully enabled scope.

I might have seen it work as well. Just so you know.
 
The following users thanked this post: Andrew

Offline rkupka

  • Regular Contributor
  • *
  • Posts: 57
  • Country: sk
Confirmed. Works as expected.
 
The following users thanked this post: Andrew

Offline ben_r_

  • Frequent Contributor
  • **
  • Posts: 411
  • Country: us
  • A Real Nowhere Man
Pretty darn cool. Ill wait till someone releases such a fix for free through. I dont like the idea of having to pay for cracks/hacks.
If at first you don't succeed, redefine success!
 
The following users thanked this post: Andrew

Offline Hydrawerk

  • Super Contributor
  • ***
  • Posts: 2380
  • Country: 00
Does the hacked firmware void the warranty??
Amazing machines. https://www.youtube.com/user/denha (It is not me...)
 
The following users thanked this post: Andrew

Offline ben_r_

  • Frequent Contributor
  • **
  • Posts: 411
  • Country: us
  • A Real Nowhere Man
Does the hacked firmware void the warranty??
More than likely, however like Jailbreaking or something, if you can get the original firmware back on there before you send it in for servicing theyll probably never know you were ever running a customer firmware.
If at first you don't succeed, redefine success!
 
The following users thanked this post: Andrew

Offline mwsoft

  • Contributor
  • Posts: 22
  • Country: pl
Pretty darn cool. Ill wait till someone releases such a fix for free through. I dont like the idea of having to pay for cracks/hacks.

Uhm... how much djvinc charges for this firmware? It's really uncool...

 
The following users thanked this post: Andrew

Offline ben_r_

  • Frequent Contributor
  • **
  • Posts: 411
  • Country: us
  • A Real Nowhere Man
Pretty darn cool. Ill wait till someone releases such a fix for free through. I dont like the idea of having to pay for cracks/hacks.

Uhm... how much djvinc charges for this firmware? It's really uncool...
Nevermind, apparently Im not allowed to post the details. PM them for the pricing.
« Last Edit: June 24, 2013, 08:43:32 pm by ben_r_ »
If at first you don't succeed, redefine success!
 
The following users thanked this post: Andrew

Offline mwsoft

  • Contributor
  • Posts: 22
  • Country: pl
Uhm... how much djvinc charges for this firmware? It's really uncool...
The firmware is an initiative that requires a contribution, for many reasons I can't explain easily on this topic. Happy to tell on PM though.

Well, "contribution" should work like "If you like my work - please donate".
It should be all about pride and accomplishment... Making this kind of hacking for living is just low...

I'm surprised, that people on this forum are willing to pay for this - curious what Dave thinks about it  8)
 
The following users thanked this post: Andrew

Offline marmad

  • Super Contributor
  • ***
  • Posts: 2979
  • Country: aq
    • DaysAlive
Nevermind, apparently Im not allowed to post the details. PM them for the pricing.

Not allowed by whom?
« Last Edit: June 24, 2013, 10:20:07 pm by marmad »
 
The following users thanked this post: Andrew

Offline Bored@Work

  • Super Contributor
  • ***
  • Posts: 3932
  • Country: 00
Uhm... how much djvinc charges for this firmware? It's really uncool...
The firmware is an initiative that requires a contribution, for many reasons I can't explain easily on this topic. Happy to tell on PM though.

Oh come on, the reason is you want the money.
I delete PMs unread. If you have something to say, say it in public.
For all else: Profile->[Modify Profile]Buddies/Ignore List->Edit Ignore List
 
The following users thanked this post: Andrew

Offline EEVblog

  • Administrator
  • *****
  • Posts: 29482
  • Country: au
    • EEVblog
Well, "contribution" should work like "If you like my work - please donate".
It should be all about pride and accomplishment... Making this kind of hacking for living is just low...
I'm surprised, that people on this forum are willing to pay for this - curious what Dave thinks about it  8)

I will of course not allow this forum to be used as a basis to peddle anything potentially illegal, either content or services.
 
The following users thanked this post: Andrew

Offline mikeselectricstuff

  • Super Contributor
  • ***
  • Posts: 11970
  • Country: gb
    • Mike's Electric Stuff
Well, "contribution" should work like "If you like my work - please donate".
It should be all about pride and accomplishment... Making this kind of hacking for living is just low...
I'm surprised, that people on this forum are willing to pay for this - curious what Dave thinks about it  8)

I will of course not allow this forum to be used as a basis to peddle anything potentially illegal, either content or services.
Requiring payment (or not) doesn't affect the legality. Possibly the sentence though.
Youtube channel:Taking wierd stuff apart. Very apart.
Mike's Electric Stuff: High voltage, vintage electronics etc.
Day Job: Mostly LEDs
 
The following users thanked this post: Andrew

Offline EEVblog

  • Administrator
  • *****
  • Posts: 29482
  • Country: au
    • EEVblog
FYI: djvinc's account and posts have been deleted at his request.
 
The following users thanked this post: Andrew

Offline benemorius

  • Regular Contributor
  • *
  • Posts: 173
Well, now that that's cleaned up, who can provide us with one of the modified firmwares so we can compare it against the original to see what was changed?
 
The following users thanked this post: Andrew

Offline shadowless

  • Regular Contributor
  • *
  • Posts: 124
  • Country: us
Well, "contribution" should work like "If you like my work - please donate".
It should be all about pride and accomplishment... Making this kind of hacking for living is just low...
I'm surprised, that people on this forum are willing to pay for this - curious what Dave thinks about it  8)

I will of course not allow this forum to be used as a basis to peddle anything potentially illegal, either content or services.

Dave what about the Rigol Hack? Is that legal?
 
The following users thanked this post: Andrew

Offline EEVblog

  • Administrator
  • *****
  • Posts: 29482
  • Country: au
    • EEVblog
Dave what about the Rigol Hack? Is that legal?

How long is a piece of string?
How far do you want to open the can of worms?
IMO there is a big difference between sending a simple existing serial command down the existing provided interface, and reverse engineering and bypassing an encrypted software feature set.
Argue away...
 
The following users thanked this post: Andrew

Offline shadowless

  • Regular Contributor
  • *
  • Posts: 124
  • Country: us
Dave what about the Rigol Hack? Is that legal?

How long is a piece of string?
How far do you want to open the can of worms?
IMO there is a big difference between sending a simple existing serial command down the existing provided interface, and reverse engineering and bypassing an encrypted software feature set.
Argue away...

Really Dave? Read the first page of Hantek /tekway hack.  Extensive reverse engineering was done.  You have to by past software by renaming. 

Perhaps consider taking down your potentially illegal Rigol hack video in the process :)

"I dont know" in your own tone :)  Argument is not my thing, they are all just mind chatter between individuals trying to affirm their own belief.
 
The following users thanked this post: Andrew


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf