Just to make it clear:
* Licenses are stored pretty much as the XML files (same fields) and are loaded/checked from the "Secure NV" on startup
* There is several public keys used to check the license signature, which key is used is dependent of the serial number of the scope. The secret key for the first public key, which is used for all early scope serials, has been leaked by Agilent themselves as a mistake and so it's trivial to generate your own licenses for those scope. That's been common knowledge forever ... it's explained in the original thread somewhere pretty early. Nobody published an easy tool, probably because :
- "why risk it": since it deals with "encryption keys" it might have some legal implications that a fw diff doesn't have
- "why risk agilent fixing the problem": if the problem is not widespread, why bother dedicating resources to fix it thoroughly, their current "work around" works well enough and is safe for all previously issued licenses.
In the worst case, if license code was fixed, attacking the firmware should be possible (despite code signing), but I'm certainly not about to risk bricking a 7k$ piece of test gear ...