Author Topic: DSOX2000 and 3000 series - licence , have anyone tried to hack that scope ?  (Read 732616 times)

0 Members and 2 Guests are viewing this topic.

Offline Kintekobo

  • Regular Contributor
  • *
  • Posts: 64
  • Country: gb
  • Avatar by the fabulous 'Space Coyote'
    • A Load of Old Bollox
Hi Campus. I would heartily recommend putting WireShark to work here. It would save a lot of guesswork and can usually show the problem area for further investigation.


I am keen to see if you can get this working as I would be very interested in doing the same myself. Is Georges80 the person producing the boards and if so are you planning on producing any more?
You can call me anything you like. Just don't call me late for lunch.
 
The following users thanked this post: Andrew

Offline Campus

  • Contributor
  • Posts: 21
Hi,

I got the pcb from Swonkie who made a small batch of them. I now believe the reason why it's not working is the mag jack. According to the datasheet of the Digikey 1419-1021-ND (http://www.trpconnector.com/pdfs/6605758.pdf) the RJ45 pins are re-routed inside the jack, so pin 1 on the pcb is not pin 1 on the RJ45 side. My replacement jack is a simple 1-to-1 jack where each pin goes through directly (http://www.reichelt.de/Modularkabel-stecker-etc-/MEBP-8-8S/3/index.html?&ACTION=3&LA=2&ARTICLE=11372&GROUPID=848&artnr=MEBP+8-8S&SEARCH=Modularkabel%2C+-stecker+etc).
So I guess I need to find a place where I can get a jack with the same mapping.

 
The following users thanked this post: Andrew

Offline Swonkie

  • Newbie
  • Posts: 3
  • Country: ch
I now believe the reason why it's not working is the mag jack.

That's what I would suggest too - compare the exact pinouts of your magjack to the suggested one.
As I said in the PM, I have used the board with a 1nF capacitor and it works very reliably.
By the way, telnet is on the default port 23, not on port 80.
 
The following users thanked this post: Andrew

Offline Campus

  • Contributor
  • Posts: 21
Hi again,

I finally found a distributor in Europe who ships a pin compatible mag jack.  :-+ When it has arrived I will give it a try and report back whether it works.

@Swonkie: I know that telnet runs on port 23. When saying "telnetting into port 80" I meant redirecting telnet into port 80 because it's the easiest way to check whether a port is open. I could then manually make a HTTP request to check the web server response.

@Kintekobo: I analyzed the network traffic but never saw any reply packet coming from the scope.

 
The following users thanked this post: Andrew

Offline Campus

  • Contributor
  • Posts: 21
Hi again,

today I received a compatible Mag Jack and I replaced the existing jack and also removed the no longer required LED resistors. And I couldn't believe it but it worked immediately. DHCP works and also static IP works. This is really cool. Thanks a lot to george80 and Swonkie and all the others helping me with this problem.

Has some of you any experience with the performance of the different client UIs available? Is the Java-based client more responsive than the HTML5 one? I don't have Java installed and could not test it so far.

Thanks again,
Campus
 
The following users thanked this post: Andrew

Offline Marchello

  • Contributor
  • Posts: 26
  • Country: ru
Hi folks!

Can I unlock DSOX3104A with FW 2.41?

Mark.
 
The following users thanked this post: Andrew

Offline Sparky

  • Frequent Contributor
  • **
  • Posts: 435
  • Country: us
I just downloaded the v2.41 firmware from Keysight --- a lot has changed as far as "infiniiVisionSetup.cab" is concerned: 
 - The file "infiniiVisionCore.dll" no longer exists!  :-\
 - "/Secure/Startup/infiniivision.lnk" is empty (rather than contain default link to infinivisionlauncher.exe, which itself exists)
 - "/Secure/Startup" directory is missing many files present in firmware v2.39 and earlier
 - There is a new "/Secure/help" folder containing what looks like language packs

Did anyone look into changes in the boot process or allowing options in firmware v2.41?  infiniiVisionCore.dll was large file at 16.5MB ...there's no new files anywhere near that size.

I attached the release notes for v2.41.  The enhancements/fixes over v2.40 are pretty minor, but 2.40 introduces some networking improvements:
 + negative duty cycle measurement
 + Ax+B operator now allows negative A
 + DVM handles channel invert more appropriately


Does anyone have the v2.40 firmware update from Keysight?  I would like to take a look; unfortunately no longer available on Keysight website...

Any thoughts about the changes to the firmware, potential to downgrade etc.??
 
The following users thanked this post: Andrew

Offline plesa

  • Frequent Contributor
  • **
  • Posts: 965
  • Country: se
Hi folks!

Can I unlock DSOX3104A with FW 2.41?

Mark.

Buy IDA Pro and it can be possible. Downgrade to 2.3x seems to be better option :)
The changes between latest version 2.41 and 2.35 are minor.
 
The following users thanked this post: Andrew

Offline nctnico

  • Super Contributor
  • ***
  • Posts: 20712
  • Country: nl
    • NCT Developments
A quicker way is to do a binary compare and identify if and where the to-be-patched location has been moved to.
There are small lies, big lies and then there is what is on the screen of your oscilloscope.
 
The following users thanked this post: Andrew

Offline MarkL

  • Supporter
  • ****
  • Posts: 1735
  • Country: us
...
I attached the release notes for v2.41.  The enhancements/fixes over v2.40 are pretty minor, but 2.40 introduces some networking improvements:
 + negative duty cycle measurement
 + Ax+B operator now allows negative A
 + DVM handles channel invert more appropriately
It might not matter much to others, but in 2.41 I'm happy they finally seem to have fixed the bug where the scope issues multiple netbios name queries back to a host connecting to the SCPI port.  If there wasn't a netbios listener on the host, the scope would hang for about 8 seconds each time.  Netbios has nothing to do with SCPI, or TCP connections for that matter.

That only took 2 1/2 years to fix.

It would be nice to have the REAL list of issues fixed and other changes in each release, and not some fluffy little list deemed harmless for public consumption.  Without an option to downgrade, I want to know ALL the changes when I risk a one-way upgrade.


EDIT: minor typo.
« Last Edit: December 15, 2015, 06:33:30 pm by MarkL »
 
The following users thanked this post: Andrew

Offline Mark

  • Regular Contributor
  • *
  • Posts: 221
  • Country: gb
Does anyone know if the options will expire if I set the clock forwards before starting the built-in trial?  I set mine to 2115, started the trial, then set the clock back to 2015. Someone mentioned it earlier in the thread but I didn't see an answer, maybe wishful thinking... :-//
 
The following users thanked this post: Andrew

Offline Hydrawerk

  • Super Contributor
  • ***
  • Posts: 2403
  • Country: 00
Setting the clock has no impact on built-in trials.
Amazing machines. https://www.youtube.com/user/denha (It is not me...)
 
The following users thanked this post: Andrew

Offline plesa

  • Frequent Contributor
  • **
  • Posts: 965
  • Country: se
Does anyone know if the options will expire if I set the clock forwards before starting the built-in trial?  I set mine to 2115, started the trial, then set the clock back to 2015. Someone mentioned it earlier in the thread but I didn't see an answer, maybe wishful thinking... :-//

This works on 6k series ( non X). But not on 3kX and 2kX series scopes.
 
The following users thanked this post: Andrew

Offline Sparky

  • Frequent Contributor
  • **
  • Posts: 435
  • Country: us
A quicker way is to do a binary compare and identify if and where the to-be-patched location has been moved to.

Hi nctnico, perhaps you are replyig to me?  If so regarding patch location in v2.41, the binary file infiniiVisionCore.dll is missing from the .cab file.  Perhaps a big restructure of the firmware? I didn't find any other .dll file which could have replaced it.

Does anyone have a copy of firmware v2.40?

 
The following users thanked this post: Andrew

Offline Wiljan

  • Regular Contributor
  • *
  • Posts: 136
  • Country: dk
Hi, just found this great thread.

I do have a DSO-X2014A with FW 2.41, no LAN module.
Are there any way to downgrade to 2.37?

Please advise, thx
 
The following users thanked this post: Andrew

Offline mark41

  • Contributor
  • Posts: 15
  • Country: cz
Could you please help me to hack my DSO-X 2012A with firmware 02.10. I asked plesa and he said I need 2.35 firmware version to get. Is there anybody who has this firmware and successfully hacked this series and could help with this procedure?
 
The following users thanked this post: Andrew


Offline Wiljan

  • Regular Contributor
  • *
  • Posts: 136
  • Country: dk
When I'm trying to load FW 2.35, 2.37, or 2.39 instead of current fw 2.41 on DSOX2014

I do get this "Error: The file did not load correctly" after a while
I did try the 'Secure Erase'  as sugested in another thead for the same error but lower fw, it did not help.

Would it be possible to go back from 2.41 if I had a LAN card?
 
The following users thanked this post: Andrew

Offline trevwhite

  • Frequent Contributor
  • **
  • Posts: 840
  • Country: gb
Hi all

It looks like I might have to send my scope in for repair under warranty. Bit concerned that they might upgrade the firmware whilst it is there. Has anyone been able to downgrade from the latest firmware to 2.35 successfully?

Thanks

Trev
 
The following users thanked this post: Andrew

Offline kilobyte

  • Regular Contributor
  • *
  • Posts: 66
  • Country: de
    • My Website
I did an update to 2.41 on my scope.
The good news: Still the same telnet login :), Star Trek Screensaver still working and a hacked infiniivision with all options can be started over telnet.
The bad news: The infiniivision exe & dll is now in the \windows folder. So it's not possible to change the files because this folder is "read only".

I tried also infiniiVisionInstallService.exe from an older version to load an older firmware version but the exe doesn't run.
I think the only way to downgrade is to try directly \windows\loadP500Flash -u ceImage1 %TEMP%\nk.bin.comp with the high risk to brick the scope.  :-BROKE

At the moment I won't risk to brick my scope because i have the license bundle on it and the only option that is missing is the MSO option which is rarely used.
 
The following users thanked this post: Andrew

Offline mark41

  • Contributor
  • Posts: 15
  • Country: cz
Still I cant get my oscilloscope boot from usb that has hacked 2.39. I get black background and agilent logo only only, it takes I while, longer then normal boot but it boots into 2.35. My structure on the usb looks like this:

Code: [Select]
L:\
????Agilent Flash
?   ????config
?   ????wfmMem
????Secure
?   ????infiniiVision
?   ?   ????fpga
?   ?   ????upgrade
?   ?   ????web
?   ?       ????css
?   ?       ????help
?   ?       ????image
?   ?       ????include
?   ?       ?   ????web-socket-js
?   ?       ????lib
?   ?       ????Lxi
?   ?       ?   ????Identification
?   ?       ????navbar
?   ????Startup
????Temp
Is it correct ?
« Last Edit: January 24, 2016, 07:17:45 pm by mark41 »
 
The following users thanked this post: Andrew

Offline plesa

  • Frequent Contributor
  • **
  • Posts: 965
  • Country: se
Do you have infiniivisionStartupOverride.txt file in root?
Upgrade to 2.35 firmware and try multiple USB sticks.
« Last Edit: January 24, 2016, 07:22:56 pm by plesa »
 
The following users thanked this post: Andrew

Offline mark41

  • Contributor
  • Posts: 15
  • Country: cz
Yes I do. It's different from the normal boot because it takes a bit longer time and the logo with mountains doesn't show up.
I managed to make it work with a help of my friend.  :-+  I wonder why nobody made and posted a link to a usb image to make it easier for people. Is it forbidden or what ?
« Last Edit: January 25, 2016, 05:54:33 pm by mark41 »
 
The following users thanked this post: Andrew

Offline Wiljan

  • Regular Contributor
  • *
  • Posts: 136
  • Country: dk
Did build a LAN interface and it does work  :) Still on FW2.41 I can use the scope over WEB

If I go for the "Firmware Version" and browse the the filter are Keysight X-Series files(*.ksx) or Agilent X-Series files (*.agx), so here it will not work with 2.37 cab file

I can telnet on port: 5024 no password required and I can controll the scope in respec to "Oscilloscopes Programmer's Guide"  like :SINGLe or :RUN

If I telnet on port 23 I'm required to enter user/ pass and the infiniivision / skywalker1977 are incorrect

Any hint?
 
The following users thanked this post: Andrew

Offline kilobyte

  • Regular Contributor
  • *
  • Posts: 66
  • Country: de
    • My Website
The first login on telnet will fail every time on my scope.
The second login should work.
 
The following users thanked this post: Andrew


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf