Author Topic: DSOX2000 and 3000 series - licence , have anyone tried to hack that scope ?  (Read 1103682 times)

0 Members and 4 Guests are viewing this topic.

Offline Rufus

  • Super Contributor
  • ***
  • Posts: 2095
Perhaps consider taking down your potentially illegal Rigol hack video in the process :)

"I dont know" in your own tone :)  Argument is not my thing, they are all just mind chatter between individuals trying to affirm their own belief.

Legality aside there is a moral distinction between providing a platform where discussion of hacks/cracks is not censored and providing a platform where hacks/cracks are offered for sale.
 
The following users thanked this post: Andrew

Offline shadowless

  • Regular Contributor
  • *
  • Posts: 126
  • Country: us
Perhaps consider taking down your potentially illegal Rigol hack video in the process :)

"I dont know" in your own tone :)  Argument is not my thing, they are all just mind chatter between individuals trying to affirm their own belief.

Legality aside there is a moral distinction between providing a platform where discussion of hacks/cracks is not censored and providing a platform where hacks/cracks are offered for sale.

If you own an Agilent perhaps you with think otherwise :) If Dave provide us a free hack I will very happy. Who wants to pay if we can get it free.  If you have strong moral discipline, then don't even think about hacking, it is never morally correct.
« Last Edit: June 25, 2013, 04:04:43 pm by shadowless »
 
The following users thanked this post: Andrew

Offline ben_r_

  • Frequent Contributor
  • **
  • Posts: 419
  • Country: us
  • A Real Nowhere Man
Nevermind, apparently Im not allowed to post the details. PM them for the pricing.

Not allowed by whom?
Not "not allowed" specifically. Perhaps it was a bad choice of words. I was asked not to. And no, it was not by Dave.
If at first you don't succeed, redefine success!
 
The following users thanked this post: Andrew

Offline BravoV

  • Super Contributor
  • ***
  • Posts: 7547
  • Country: 00
  • +++ ATH1
Nevermind, apparently Im not allowed to post the details. PM them for the pricing.

Not allowed by whom?
Not "not allowed" specifically. Perhaps it was a bad choice of words. I was asked not to. And no, it was not by Dave.

So is it official now that "Agilent" hack is not allowed here in this forum, while other Chinese's stuff is ok ?  ???
 
The following users thanked this post: Andrew

Offline ben_r_

  • Frequent Contributor
  • **
  • Posts: 419
  • Country: us
  • A Real Nowhere Man
Nevermind, apparently Im not allowed to post the details. PM them for the pricing.

Not allowed by whom?
Not "not allowed" specifically. Perhaps it was a bad choice of words. I was asked not to. And no, it was not by Dave.

So is it official now that "Agilent" hack is not allowed here in this forum, while other Chinese's stuff is ok ?  ???
Certainly not. Like I said I was not asked by Dave. As far as I care, he's the only one that makes anything "official" here. Rights of ownership. I just obliged the individual that asked me to edit my post. It's pretty simple to guess who might have asked that and for what reasons. I just dont want to be any further involved in the situation.
If at first you don't succeed, redefine success!
 
The following users thanked this post: Andrew

Offline Spikee

  • Frequent Contributor
  • **
  • Posts: 568
  • Country: nl
How many people use this hacked firmware?

And who is willing to release the files here (for free of course) .
Freelance electronics design service, Small batch assembly, Firmware / WEB / APP development. In Shenzhen China
 
The following users thanked this post: Andrew

Offline tinhead

  • Super Contributor
  • ***
  • Posts: 1918
  • Country: 00
    • If you like my hacks, send me a donation

Really Dave? Read the first page of Hantek / Tekway hack.  Extensive reverse engineering was done.


you forgot two things:
- in Europe not a big deal, i own it so i can do what ever i wish to do (as long i do on my own device)
- at time of publishing there was no GPL code released, making these DSO illegal in EU, you can't sue someone
  for hacking on not-existing (because illegal) gear.


Well, "contribution" should work like "If you like my work - please donate".


ehm, i give you some stats. I do have "please donate if you like" link, i mentioned it few times here and there (as well poeple who donated did it too) and honestly i did got together less than 300USD - in almost 3yrs. Not that i'm begging now for money, but simply telling the truth about donations.

I have no idea how many hours i spend total on these DSOs, but alone the fact that i reversed the PCB and drew schematics of already 3 hardware revisions was worth more than what i got as donation.

Right, i got now from someone almost brand new Hantek DSO for free (as he bought Rigol DS2202) and another guy was thinking about giving me his Voltcraft DSO for few months. But that's not result of donation but simply people who knows that i fucked up my company :\

Making this kind of hacking for living is just low...

Hardware reversing costs not only time but as well some lab resources, they need to be paid. So it's not for living.
In my case it was a bit different story, i was running my own business in last 10yrs, so for sure i had a chance to pay what was necessary. But other might not have that luck, so yes i understood why "djvinc" asked for money.
I don't want to be human! I want to see gamma rays, I want to hear X-rays, and I want to smell dark matter ...
I want to reach out with something other than these prehensile paws and feel the solar wind of a supernova flowing over me.
 
The following users thanked this post: Andrew

Offline mickpah

  • Regular Contributor
  • *
  • Posts: 148
  • Country: au
    • Yeti Hacks
Hi
I've been following a number of these threads. I own some of the test gear in question but not all.

I understand the name hacker comes from the early days of computing when it was done as a challenge or for bragging rights. Personally, that is the way I look at it.
Whether the results are used by other is a personal decision really, googling turns up so much of this stuff anyway
My only concern if that Dave gets caught in the middle some legal thing or suppliers don't send stuff for review. We have a good thing here, open helpful discussion , a bit of fun and no nazi moderators. Lets not stuff it up

my opinion only flame away
« Last Edit: June 26, 2013, 01:09:11 am by mickpah »
 
The following users thanked this post: Andrew

Offline benemorius

  • Regular Contributor
  • *
  • Posts: 173
Does anyone have the old firmware which leaked the private keys? Obviously Agilent removed it from the web site. If someone can supply me with it I think I can create a license key generator.

You can indeed, but it will only work on very old scopes because the newer ones (according to serial number) are using new keys. Now, if you've figured a way to change the serial number to use the old key or otherwise get around that, then do please elaborate.
 
The following users thanked this post: Andrew, WattsThat


Offline Rasz

  • Super Contributor
  • ***
  • Posts: 2616
  • Country: 00
    • My random blog.
The way I see it cracking something for profit = illegal.
Hacking something because you are curious and want to really own what you paid for = real spirit of hacking.

In many EU countries (including mine) there are provisions in copyright law that let users copy/share/do whatever they want _as long as its not for profit_.
Who logs in to gdm? Not I, said the duck.
My fireplace is on fire, but in all the wrong places.
 
The following users thanked this post: Andrew

Offline Rufus

  • Super Contributor
  • ***
  • Posts: 2095
I'd still like to get the first key though, if anyone has it.

The file containing it is linked two posts up.
 
The following users thanked this post: Andrew

Offline mwsoft

  • Contributor
  • Posts: 22
  • Country: pl
Quote from: tinhead
ehm, i give you some stats. I do have "please donate if you like" link, i mentioned it few times here and there (as well poeple who donated did it too) and honestly i did got together less than 300USD - in almost 3yrs. Not that i'm begging now for money, but simply telling the truth about donations.

Well, I know you are somewhat on "the other side", but... $300 isn't that bad. I think about "contribution" for hacking more like a tip, bonus, not real profit...
It was your choice to spend so many hours on this without thinking about future profits like him :)

Quote from: tinhead
Hardware reversing costs not only time but as well some lab resources, they need to be paid. So it's not for living.
[...] But other might not have that luck, so yes i understood why "djvinc" asked for money.

Well, when we are talking in general, I think there are two possible scenarios:
1) Someone already have skills, somewhat equipped lab. Then he buys a product for normal usage and start to tinker with it for pleasure / hobby.
2) Someone targets potentially hackable product, start to learn new skills, "invest" money for lab equipment or even additional people and in the end starts to sell the solution.

First scenario maybe is illigal in some countries, but usually morally acceptable.
But the second one? It's just organized crime...  O0 Just like groups in Europe which hack cars immobilizers. Today you can buy this kind of device for 2003-2010 Volkswagen cars for about €400. You just plug it in OBD port, wait 10 seconds and start car with big screwdriver  :palm: I guess they also spend many hours and many euros for that... ;)

Anyway - let's say 20 people payed him $140. Scope cost is covered (I don't think he had any other real expenses). And what after that? You think he will stop charging money for his solution?  :-DD
 
The following users thanked this post: Andrew

Offline tinhead

  • Super Contributor
  • ***
  • Posts: 1918
  • Country: 00
    • If you like my hacks, send me a donation
I'd still like to get the first key though, if anyone has it.

The file containing it is linked two posts up.

I eventually figured out how to download it from that Russian site yesterday, but it doesn't seem to be a complete archive. I'll have another look later.

i have that file still localy and remote on hotfile

https://hotfile.com/dl/131446259/df706bb/3000XSeries.01.10.2011031600.cab.html

I don't want to be human! I want to see gamma rays, I want to hear X-rays, and I want to smell dark matter ...
I want to reach out with something other than these prehensile paws and feel the solar wind of a supernova flowing over me.
 
The following users thanked this post: Andrew

Offline jirikv

  • Newbie
  • Posts: 4
  • Country: cz
I'd still like to get the first key though, if anyone has it.

The file containing it is linked two posts up.

I eventually figured out how to download it from that Russian site yesterday, but it doesn't seem to be a complete archive. I'll have another look later.

You dont need download from Russian site. I already reupload the file:
http://www.sendspace.com/file/q9gluq
 
The following users thanked this post: Andrew

Offline benemorius

  • Regular Contributor
  • *
  • Posts: 173
first you need the network module...

Indeed. It begs the question - has anyone whacked in a magjack and gotten the scope to use it yet? Early on I remember there was some effort to inspect the network module to see which pin to pull up/down to tell the scope it had a LAN port hooked up but I don't see whether anyone actually did it.

Or maybe if the scope will detect the LAN/VGA being inserted hot, one could just boot up the scope and run over the connector with a weak pullup/pulldown while watching the network menu to see if it activates. Then again, I wouldn't be surprised if rebooting is required after inserting a module.
 
The following users thanked this post: Andrew

Offline FrankBuss

  • Supporter
  • ****
  • Posts: 2365
  • Country: de
    • Frank Buss
Indeed. It begs the question - has anyone whacked in a magjack and gotten the scope to use it yet? Early on I remember there was some effort to inspect the network module to see which pin to pull up/down to tell the scope it had a LAN port hooked up but I don't see whether anyone actually did it.
There is a Xilinx XC3S100 FPGA on the board. Looks like it is for the VGA output (together with an ADV7125 triple DAC and a CY7C1325 RAM on the back), because the ethernet connection is just two wires, as Dave mentioned in one of his videos and as you can see in my photo of it:



But I wouldn't be surprised, if they implemented some kind of protection in the FPGA. It has lots of LEs to implement even a small microcontroller in it for a simple verification protocol.

Quote
Or maybe if the scope will detect the LAN/VGA being inserted hot, one could just boot up the scope and run over the connector with a weak pullup/pulldown while watching the network menu to see if it activates. Then again, I wouldn't be surprised if rebooting is required after inserting a module.

This could damage the scope, too expensive for me to try it.

In general, I think it is ok to buy the network module. Then hack it :) but of course, don't sell or buy hacks for it.
So Long, and Thanks for All the Fish
Electronics, hiking, retro-computing, electronic music etc.: https://www.youtube.com/c/FrankBussProgrammer
 
The following users thanked this post: Andrew

Offline benemorius

  • Regular Contributor
  • *
  • Posts: 173
I don't know if we're talking about the same network module, but the only one I know of is the LAN/VGA module which costs $400 USD so buying it is completely out of the question.

At one point I guess I had a brain fart and thought it was under $200, and I was half-seriously toying with the idea of trying to talk myself in to considering it. I looked up the price to get an exact figure for consideration and shat my pants so hard they probably felt the shockwave in china. I still haven't figured out how to cope with the fact that my primary high-end scope is lacking some very basic functionality that even won hung lo scopes usually have.
 
The following users thanked this post: Andrew

Offline FrankBuss

  • Supporter
  • ****
  • Posts: 2365
  • Country: de
    • Frank Buss
It's fair to buy it, if you are going to hack the rest :P
So Long, and Thanks for All the Fish
Electronics, hiking, retro-computing, electronic music etc.: https://www.youtube.com/c/FrankBussProgrammer
 
The following users thanked this post: Andrew

Offline mikeselectricstuff

  • Super Contributor
  • ***
  • Posts: 13677
  • Country: gb
    • Mike's Electric Stuff

But I wouldn't be surprised, if they implemented some kind of protection in the FPGA. It has lots of LEs to implement even a small microcontroller in it for a simple verification protocol.

I'd say that would be highly unlikely. I really don't think they are too bothered about people making their own LAN interface. It would also be sensible  to keep the LAN and VGA functions seperate in case they wanted to do different permutations in the future.
My money is it's just a mag-jack and a pin pulled. May not even be the latter if the Ethernet Phy can detect presence of the  jack.
 
 
Youtube channel:Taking wierd stuff apart. Very apart.
Mike's Electric Stuff: High voltage, vintage electronics etc.
Day Job: Mostly LEDs
 
The following users thanked this post: Andrew

Offline tnt

  • Regular Contributor
  • *
  • Posts: 241
- at time of publishing there was no GPL code released

Not quite true. I addressed a request to Agilent directly to get the source for the GPL software distributed with the scope (u-boot mostly) and I received the source package back. I also posted a link to it in the first topic about this scope, probably more than a year ago.

Cheers,

   Sylvain
 
The following users thanked this post: Andrew

Offline ben_r_

  • Frequent Contributor
  • **
  • Posts: 419
  • Country: us
  • A Real Nowhere Man
I don't know if we're talking about the same network module, but the only one I know of is the LAN/VGA module which costs $400 USD so buying it is completely out of the question.

At one point I guess I had a brain fart and thought it was under $200, and I was half-seriously toying with the idea of trying to talk myself in to considering it. I looked up the price to get an exact figure for consideration and shat my pants so hard they probably felt the shockwave in china. I still haven't figured out how to cope with the fact that my primary high-end scope is lacking some very basic functionality that even won hung lo scopes usually have.
I was able to talk AgilentUsed (their eBay selling account) down to $170 for one. Though that was with my MSOX2024A purchase, but maybe it could be done separately or if someone is planning on buying a 2000 X-series from them...
If at first you don't succeed, redefine success!
 
The following users thanked this post: Andrew

Offline djghost

  • Contributor
  • Posts: 16
Hi,

Agilent released a version of the 2000x/3000x firmware : v2.35, with minor enhancements.

For those who wonder / try to solve the puzzle, this new version 2.35 is hackable.
Have fun !
« Last Edit: July 01, 2013, 08:20:41 am by djghost »
 
The following users thanked this post: Andrew

Offline shadowless

  • Regular Contributor
  • *
  • Posts: 126
  • Country: us
Wow i saw the Rigol 2000 thread and they are hacking license like nobody's business and reverse engineering I2C info like crazy.

https://www.eevblog.com/forum/testgear/sniffing-the-rigol's-internal-i2c-bus/msg256453/#msg256453
 
The following users thanked this post: Andrew

Offline mwsoft

  • Contributor
  • Posts: 22
  • Country: pl
I don't have this scope, but just out of curiosity - I've downloaded X2000 firmaware.

Where is the catch?
It seems, that modification should be really easy:
1. Unpack update file
2. Unpack infiniiVisionSetup.cab
3. Locate infiniivision.lnk file -> INFINI~1.027
4. Open it, add our precious command line switch, count number of characters and correct value in the beginning of file
5. Pack all files back to infiniiVisionSetup.cab
6. Compute MD5 check sum of infiniiVisionSetup.cab and replace it in recipe.xml
7. Pack all files back into update file

Am I missing any additional checksums/signatures somewhere?
The only (and most important) problem for me, it that I can't figure out what this command line switch is. I'm quite new to IDA and PE executables.
infiniiVisionLauncher.exe just passes command line arguments to infiniiVisionCore.dll, and this file is 16,5MB jungle  |O
Nothing obvious popes out right away...
 
The following users thanked this post: Andrew


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf