Author Topic: DSOX2000 and 3000 series - licence , have anyone tried to hack that scope ?  (Read 656084 times)

0 Members and 1 Guest are viewing this topic.

Offline jrgandara

  • Contributor
  • Posts: 25
  • Country: br
  • Good soldering!
Successfully updated and the firmware error message gone.

Thank you again!!!
[]s

JR
 

Online Mr. Scram

  • Super Contributor
  • ***
  • Posts: 8726
  • Country: 00
  • Display aficionado
Successfully updated and the firmware error message gone.

Thank you again!!!
I'm glad things worked out!
 

Offline sbvr4

  • Contributor
  • Posts: 17
  • Country: us
Re: DSOX2000 and 3000 series - licence , have anyone tried to hack that scope ?
« Reply #2427 on: February 07, 2020, 02:49:20 pm »
Hi all,
I have a DSOX3024T fw 7.20 that I am currently trying to access via Telnet. I am using a 3rd party LAN card. The screen displays System Concern: Faulty Network Card at start up. When I check the network settings, it displays a Network Failed status. Occasionally it will work right and display the IP address. Has anyone experienced this issue? May be my cheap RJ45 to usb converter.

Also, Does fw 7.20 end telnet access after booting, like 7.30? If so, what is the timing for accessing prior to the port being turned off at boot up? Has everyone changed the IP to a static address, so to enter it in Telnet prior to the unit booting? I only get the login failed notification after entering
login: infiniivision
pw: _________   

Any help would be greatly appreciated.

Thank you
« Last Edit: February 07, 2020, 07:33:04 pm by sbvr4 »
 

Offline EE-digger

  • Regular Contributor
  • *
  • Posts: 155
  • Country: us
Re: DSOX2000 and 3000 series - licence , have anyone tried to hack that scope ?
« Reply #2428 on: February 08, 2020, 03:24:06 am »
The 3000T with 7.20 does not timeout on access via Telnet.  Only for the T series, you do need to generate an appropriate PW.  Search the thread as it's easy to find.  I've always run a static IP.

Sorry can't help with debugging of the card.
 

Offline Pinkus

  • Frequent Contributor
  • **
  • Posts: 634
Re: DSOX2000 and 3000 series - licence , have anyone tried to hack that scope ?
« Reply #2429 on: February 09, 2020, 11:09:37 am »
......I have an original Keysight VGA+LAN card for the DSOX2000/3000 (a or T) series for sale......
Edit: Sold within minutes to a nice eevblog member from Hamburg.
« Last Edit: February 09, 2020, 02:44:17 pm by Pinkus »
 

Offline sbvr4

  • Contributor
  • Posts: 17
  • Country: us
Re: DSOX2000 and 3000 series - licence , have anyone tried to hack that scope ?
« Reply #2430 on: February 10, 2020, 11:02:52 pm »
Does the 4k patched file also work for MSOX3000T series  :-// (because it has the same firmware revision number and date)?

Thanks in advance, Josef

Hey All,

the 3000T series is NOT quite the same, at least for the DLL, so here is the patched image for the 3kT series...7.20.2017102614

*** please notice:  3000T firmware is:  7.20.2017102614  *** (notice the 614 ending! ***
(*** 4000A firmware is:  7.20.2017102615  *** (notice the 615 ending! ***)


(same as before, patches and checksum already done)
Code: [Select]
1) options patch:  0x486f3c  --> "04 00 A0 E1" --> "00 00 A0 E3"
2) nag patch:      0x4f22c8  --> "A8 F1 93 E5" --> "01 00 A0 E3"

just unzip this file, and flash it to your scope (*MUST* already have the above firmware installed!)


http://www.mediafire.com/file/y18w4c6hxw85jt8/3kT_7.20_nk.bin.zip


MD5 of the extracted .comp file:  <1B 76 32 CE FF 69 62 85 38 20 D3 E6 D2 5F E4 BC>


Thank you all for making this possible.
How should I go about flashing my 3000T with the patched firmware? I currently have the the unpatched  7.20.2017102615 loaded. I unzipped the .comp file and loaded it on a USB, but my scope doesn't recognize the file type. Any help would greatly appreciated. I need to do some more research. Sorry. 

Thank you
sdvr4
« Last Edit: February 11, 2020, 04:09:15 pm by sbvr4 »
 

Offline jake111

  • Regular Contributor
  • *
  • Posts: 58
  • Country: us
Re: DSOX2000 and 3000 series - licence , have anyone tried to hack that scope ?
« Reply #2431 on: February 12, 2020, 06:31:22 am »
Hi All,

I've recovered my DSO-X 3034A that suffered the crappy NAND problem.  However now my serial number and model number are gone.  Haven't had luck in getting the SCPI commands to set these from Keysight contact, does anyone know these commands?  I have found them for many other products but not these.  I assume they don't publish them to prevent duplication of serial numbers and corresponding multi-machine use of the same license key, however with these scopes being hacked six ways from sunday, I'm hoping someone here knows them and can help me out.

Otherwise, should I assume it's time to start digging through the firmware?

Or maybe someone knows the memory address where they are stored (must be in NAND?) and I can reconstruct this area from a dump that someone could kindly provide in exchange for my eternal gratitude :)
 

Offline SrS

  • Contributor
  • Posts: 24
  • Country: nl
Re: DSOX2000 and 3000 series - licence , have anyone tried to hack that scope ?
« Reply #2432 on: February 16, 2020, 10:31:28 pm »
If you have access to the console you should have a hidden directory "\secure\cal" containing:
sernum.dat
framecal.dat
callog.txt
factorycal.dat

However the file doesn't contain the serial number in the usual format but might be worth experimenting, replace the '#' in attached file with numbers (ASCII)
Or try to get the first public firmware update and read from here
Both methods are untested AFAIK

Hope your cal data is still intact :-BROKE
 

Offline kawal

  • Regular Contributor
  • *
  • Posts: 86
  • Country: us
Re: DSOX2000 and 3000 series - licence , have anyone tried to hack that scope ?
« Reply #2433 on: February 23, 2020, 01:08:26 am »
Thank you all for the knowledge.
Another successful hacked DSO-x-2012A  using USB only . 
The trick is to have files in the main directory not in any sub folders. It fails every time when files are not in the main directory.

 
I followed these instructions from page 89  written by scribble - thank you man - much easier to have it all in one place.


Download Phillyflier's patched firmware from post #2167 on page 87
Download Luminax's license patch from post #1529 on page 62
Extract license patch, open cmd window (if using MS Windows), navigate to license patch folder and rename infiniivision.lnk to .txt
Edit infiniivision.txt and replace text in the file with Odessa's modification from post#2197 on page 88
80#infiniivisionLauncher.exe -l DIS -l MSO --perf -l BW20 -l SCPIPS -l CABLE -l VID
Save and rename file back to .lnk
Copy firmware file (rename from .ksx to .cab if current scope fireware is older than v2.41) to FAT32 formatted USB drive
Copy licence files (2x .cab files and .lnk file) to same USB drive

Now go to your scope, turn on and plug in USB drive to front USB port
Press [Utility] > File Explorer, select the firmware file (3000XSeries.02.50.2019022736_patched.cab); then, press Load File, wait for scope to load and reboot.
Check firmware has updated to v2.5, if successful continue
Press [Utility] > File Explorer, select v241_link_install.cab file; then, press Load File, wait for scope to load and reboot.
« Last Edit: February 23, 2020, 01:20:09 am by kawal »
 

Offline PhillyFlyers

  • Contributor
  • Posts: 49
  • Country: us
Re: DSOX2000 and 3000 series - licence , have anyone tried to hack that scope ?
« Reply #2434 on: February 29, 2020, 09:19:57 pm »
removing this, need to fix these files, and I'll repost when fixed.... :(
« Last Edit: March 02, 2020, 01:25:24 am by PhillyFlyers »
 
The following users thanked this post: Pinkus, lowimpedance, Sparky, mlloyd1, EE-digger, analogRF

Online TK

  • Super Contributor
  • ***
  • Posts: 1327
  • Country: us
  • I am a Systems Analyst who plays with Electronics
DSOX 1000X Series:  FW:  01.20.2019061038_patched  https://mega.nz/#!DuIxzA7Q!8wYfTlHPuc4hF3UFPLoq0FOgylfsSVur4B5YSdCTn2I
md5: <5A48A3492AD5BB23336236FDC6A12738>
AFAIK DSOX 1000X Series cannot be hacked using the infiniivision.lnk method.  The only known software hack is the modded firmware by FARCSA.
 
The following users thanked this post: mlloyd1, analogRF

Offline Pinkus

  • Frequent Contributor
  • **
  • Posts: 634
Please let me know if there are any issues with any of these!
Unfortunately on a DSOX4000a: yes, there are issues
I had a (working) patched 7.20 before and installed your 7.30 with the result that the scope showed an error message (corrupted firmware) during the boot process. Next try will be a manual installation of your patched xxx.comp file ... but due to lack of time it will have to wait.
EDIT: I took the time and installed the original 7.30 (scope was working then) and then to write only the patched nk.bin.comp file (extracted from your patched KSX file) to the system like I did with the 7.20 firmware. Same result: after booting up -immediately after the Keysight logo is shown- the error message appears.
« Last Edit: March 01, 2020, 01:54:51 pm by Pinkus »
 

Offline PhillyFlyers

  • Contributor
  • Posts: 49
  • Country: us
Please let me know if there are any issues with any of these!
Unfortunately on a DSOX4000a: yes, there are issues
I had a (working) patched 7.20 before and installed your 7.30 with the result that the scope showed an error message (corrupted firmware) during the boot process. Next try will be a manual installation of your patched xxx.comp file ... but due to lack of time it will have to wait.
EDIT: I took the time and installed the original 7.30 (scope was working then) and then to write only the patched nk.bin.comp file (extracted from your patched KSX file) to the system like I did with the 7.20 firmware. Same result: after booting up -immediately after the Keysight logo is shown- the error message appears.

Oops!!!   Thanks for catching that!

I fubar'd the checksum of the infiniivision 'block' in the nk.bin.comp file, so it was throwing that error when actually booting the OS, and checking the checksums as it boots and unpacks the nk.bin contents.... I messed up one byte, must've been tired :)

anyhow, it's fixed, it should be fine now :)

My original post is fixed, I updated the 4k link for the correct/fixed file...

 
The following users thanked this post: Sparky, analogRF

Offline Pinkus

  • Frequent Contributor
  • **
  • Posts: 634
It works now. Thanks a lot! :-+
Photo shows Firmware V7.30 with the new digitizer option where memory depth and sample rate can be selected manually (though time will show if this is really useful, as the scope did/does a good job by selecting it automatically so far and I seldom missed the manual option).

« Last Edit: March 01, 2020, 10:40:09 pm by Pinkus »
 

Offline EE-digger

  • Regular Contributor
  • *
  • Posts: 155
  • Country: us
Thank you PhillyFlyers ! ! !

Keysight posted 7.31 just 4 days ago and the 7.30 cab is gone.

Just a reminder to always archive every new version  :)
« Last Edit: March 01, 2020, 09:14:58 pm by EE-digger »
 

Offline PhillyFlyers

  • Contributor
  • Posts: 49
  • Country: us
Thank you PhillyFlyers ! ! !

Keysight posted 7.31 just 4 days ago and the 7.30 cab is gone.

Just a reminder to always archive every new version  :)

Wow, they released that fast, strange, as the changelog for 7.31 was kinda small.. oh well.. 7.31 was released for both 4000x and 3000x, so I put those two up in my post as well..

 
The following users thanked this post: analogRF

Offline EE-digger

  • Regular Contributor
  • *
  • Posts: 155
  • Country: us
I'm getting the firmware error message for 7.30 on a 3000T.  Does that also have a checksum problem?

Thanks for the 7.31 update.  This is awesome  :-+

« Last Edit: March 01, 2020, 11:25:10 pm by EE-digger »
 

Offline EE-digger

  • Regular Contributor
  • *
  • Posts: 155
  • Country: us
There seems to be an issue with 7.31 for the 3000T.  The flash loader throws a parsing error on the image file.
 

Offline PhillyFlyers

  • Contributor
  • Posts: 49
  • Country: us
There seems to be an issue with 7.31 for the 3000T.  The flash loader throws a parsing error on the image file.

Hi Guys,

I have no idea, I don't have a 3000T nor a 4000x at all, so I cannot test, I'm flying blind.

I'll take a second look at the 3000T file, but at first glance I don't see anything screwed up, but I'll check again, how about the 7.31 for the 3000T, does that also throw an error?

 

Offline EE-digger

  • Regular Contributor
  • *
  • Posts: 155
  • Country: us
I sent you a PM but will repeat here.

For 7.31 on the 3000T, the flash program throws a parsing error and constraint issues.  My PM lists the constraints (not met??).

Scope works ok after power cycling, but without any mods made.
 

Offline PhillyFlyers

  • Contributor
  • Posts: 49
  • Country: us
Ok,

the old version of HexWorkshop I used for patching and stuff, seems to really suck and fail to write sometimes with big buffer items, I'll re-do with a new version, I noticed some of the checksums I was fixing up in the large nk.bin file decompressed did not actually take, arggh!!

I took down all my links, I'll fix them this week and then re-post a fixed up one with them all correct... what a freakin' pain in the ass..
 
The following users thanked this post: analogRF

Offline EE-digger

  • Regular Contributor
  • *
  • Posts: 155
  • Country: us
Sorry about the tools problem but glad you found a possible cause !

Have you tried the "010 Editor" ?  It seems quite capable but I don't know if it has all the tools you need.  Comparisons, searches and checksums in any form are straightforward.


« Last Edit: March 02, 2020, 01:39:22 am by EE-digger »
 

Offline PhillyFlyers

  • Contributor
  • Posts: 49
  • Country: us
Sorry about the tools problem but glad you found a possible cause !

Have you tried the "010 Editor" ?  It seems quite capable but I don't know if it has all the tools you need.  Comparisons, searches and checksums in any form are straightforward.

Yeah, I use the 010 editor for doing checksums and things, but I like a nice simple/raw hex editor for doing other tasks, I found HxD was fine, pretty much same as HexWorkshop but without mem bugs :)
 

Offline PhillyFlyers

  • Contributor
  • Posts: 49
  • Country: us
Ok,

So let's try this again... please try them and let me know....

I did NOT put any of the 7.30 patches up, as I assume just going with the latest 7.31 is fine?  (I can put up 7.30 if anyone still wants it)



These firmwares have the usual patches for the license check and the 'unreleased/unfinalized software' things


*** Note:  ***

Upgrading the firmware ALWAYS replaces the .lnk file with the stock one, I didn't look into putting our custom .ink files into the .CAB/.KSX file (even though I'm sure we can), so REMEMBER to SAVE OFF your .lnk file somewhere before doing the upgrade.  This way after the upgrade is done, telnet in and copy/move your .lnk file back over..



DSOX 1000X Series:  FW:  01.20.2019061038_patched  https://mega.nz/#!mjB0FAQa!8wYfTlHPuc4hF3UFPLoq0FOgylfsSVur4B5YSdCTn2I
md5: <5A48A3492AD5BB23336236FDC6A12738>

DSOX 2000X Series:  FW:  02.50.2019022736_patched  https://mega.nz/#!HiBAEIrZ!gydBKQMpH93kKwPUog3e2dGR1eWTIglZbL2kwd6dRxk
md5: <22E2508172382996B9ACF2852DB011F8>

DSOX 3000A Series:  FW:  02.50.2019022736_patched https://mega.nz/#!zmBkHCba!TK5Vf0N0LCeR3vYwx1fa41OekFXqg1psCYN-eagnvdY
md5: <CB931D537544D51D4EFFF44633506780>

DSOX 3000T Series:  FW:  7.31.2020012842_patched https://mega.nz/#!37BkWaCQ!JFJtIdT1p4m1BtULjw503jLpQDMjIV_cyzHRglBET-0
md5: <63DDE0129A9516C81DCF380F228BB08A>

DSOX 4000X Series:  FW:  7.31.2020012900_patched  https://mega.nz/#!7nQC0YYA!LN8kMBfHrh_OHCrrLKaHmJl6zxRhSQanycLwwnTLidA
md5: <6F94C7500AF7D129B28F75DD0E35AE9D>

Please let me know if there are any issues with any of these!

« Last Edit: March 03, 2020, 09:00:52 pm by PhillyFlyers »
 
The following users thanked this post: lowimpedance, Sparky, mlloyd1, Mr. Scram, HardDrive, analogRF, NoisyBoy

Offline EE-digger

  • Regular Contributor
  • *
  • Posts: 155
  • Country: us
3000T and 4000A MD5s are not matching for me.  They did on the first set.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf