MSO2000 Application module hack

[drsurfer]

Ah, ok. I misinterpreted his message.

[computer7geek9]

I haven't messed around with decoding passwords so i figured it would be easier to just remove it completely. I saw your post about the password earlier but it didn't click when I worked on it tonight. 

I have tried re-flashing the original firmware but it won't even go to the splash screen.

Messing with embedded linux on a device with onboard memory is new to me as most of my experience is using development boards that boot from either usb or sd card so I have never had something that's not easily revertible to an older, working version. I'm just pissed at myself because I had all the modules working with the soft hack and I wanted to mess around with upgrading it to a 2024b for the hell of it. I have no use for the extra 100mhz, I just wanted to max the device out for the hell of it.

[timb]

I haven't messed around with decoding passwords so i figured it would be easier to just remove it completely. I saw your post about the password earlier but it didn't click when I worked on it tonight. 

I have tried re-flashing the original firmware but it won't even go to the splash screen.

Messing with embedded linux on a device with onboard memory is new to me as most of my experience is using development boards that boot from either usb or sd card so I have never had something that's not easily revertible to an older, working version. I'm just pissed at myself because I had all the modules working with the soft hack and I wanted to mess around with upgrading it to a 2024b for the hell of it. I have no use for the extra 100mhz, I just wanted to max the device out for the hell of it.

Don't beat yourself up. I've bricked plenty of routers in my day. It's easy to do when upgrading embedded firmware.

I'm going to try and help you get your scope back in action. As soon as I get back to my lab in a couple of days, I can dismantle my 2024B and start looking for programming pads, what type of flash it uses, etc.

I'm taking this as a personal challenge, mainly because my original unit bricked in the same way, with a factory firmware upgrade. So I'm curious how that can be fixed. Because there *has* to be an easy way to fix it. (If it's happened to two people, you can bet it's happened to many more.)

[computer7geek9]

One would think that it wouldn't overwrite the boot loader first, but I don't know exactly how the upgraded works. It obviously copies the installer into to ram. Judging by the white screen and lack of serial data, I suspect it may wipe flash before copying the new bootloader and OS over.

If this is the case, the machine obviously wiped the flash and then encountered a silent error while copying the new data over.

If that's the case, then the only way to get the thing going may be through some sort of JTAG process.

In fwUpdate.sh it talks about uBootExtract Tool (line 326) checking the bootloader on the device and on the update. It says "If we can't extract the version from the scope, then update." But since it is clearly not getting to this step, do you know how to JTAG the bootloader partition (in bootloader.img I assume) to the partition /dev/mtd0 (line 53). I have never loaded anything through JTAG.

[computer7geek9]

Don't beat yourself up. I've bricked plenty of routers in my day. It's easy to do when upgrading embedded firmware.

I'm going to try and help you get your scope back in action. As soon as I get back to my lab in a couple of days, I can dismantle my 2024B and start looking for programming pads, what type of flash it uses, etc.

I'm taking this as a personal challenge, mainly because my original unit bricked in the same way, with a factory firmware upgrade. So I'm curious how that can be fixed. Because there *has* to be an easy way to fix it. (If it's happened to two people, you can bet it's happened to many more.)

That would be great. It would be really helpful to learn more about it since once I get in the workforce (currently a senior EE student), I will need to know more about embedded memory and how to fix this stuff, instead of just plugging in a new SD card.

[timb]

One would think that it wouldn't overwrite the boot loader first, but I don't know exactly how the upgraded works. It obviously copies the installer into to ram. Judging by the white screen and lack of serial data, I suspect it may wipe flash before copying the new bootloader and OS over.

If this is the case, the machine obviously wiped the flash and then encountered a silent error while copying the new data over.

If that's the case, then the only way to get the thing going may be through some sort of JTAG process.

In fwUpdate.sh it talks about uBootExtract Tool (line 326) checking the bootloader on the device and on the update. It says "If we can't extract the version from the scope, then update." But since it is clearly not getting to this step, do you know how to JTAG the bootloader partition (in bootloader.img I assume) to the partition /dev/mtd0 (line 53). I have never loaded anything through JTAG.

That's what I'm going to find out. I have extensive experience with uBoot. I'm hoping that the uBoot partition (mtd0) is still intact, in which case it may be a simple matter of finding an additional pair of pads on the main PCB (a debug console) that uBoot either outputs data to or takes data from.

In which case, we can either command uBoot to look at the USB port or replace it with a working copy.

I'm going to extract the firmware now and deconstruct the bootloader and figure out the partition arrangement.

More info soon.

[computer7geek9]

Perfect. When I disassembled mine I noticed quite a few headers (with pins luckily)  but didn't pay any attention to them as I just wanted to hookup uart. I will do some research on uBoot so I can hopefully understand anything you figure out haha

[DiodomanX]

If anyone want the patched firmware sendme  a PM please .

Enviado desde mi XT1563 mediante Tapatalk

[luisprata]

timb,

I look forward to more info about uboot. 

Luis.

[luisprata]

Looking at console messages side by side with scope screen:

https://www.youtube.com/watch?v=0DUYwDC8nN0&feature=youtu.be

1) Blank screen
2) Uboot messages
3) Splash screen
4) Uboot loads kernel
...

So, no splash screen may indicate a bootloader partition (uboot) failure...

Is there an easy way to reprogram firmware ?
Or only using http://www.nxp.com/products/interface-and-connectivity/wireless-connectivity/sub-1-ghz-wireless-solutions/universal-multilink-fx-high-speed-development-interface:U-MULTILINK-FX ?

Luis.

[luisprata]

Recently I bougth a DPO2CONN ...  But I couldn't get video on my monitor.  It shows  "15.734KHz / 30 Hz out of range" ...

I suspect that some unused VGA pins are used to Console because there are a MAX3221 routed to this connector.

CPLD is a MAX II EPM570T100

I dont know how the board is detected by the system. Maybe a simple board present, or maybe some CPLD info. I`ll investigate it.

Some internal pictures...

[Le_Bassiste]

and here is my DPO2CONN purchased many years ago. right from the beginning, it constantly refused to connect to my home server, so i did  some testing around the ethernet phy, only to find out that the !RESET from the FPGA to the phy wasn't properly asserted. a Q&D fix did the job...

[luisprata]

Le_Bassiste,

Does your video output work?  Could you check H-sync and V-sync frequencies? It will help me a lot.


Thank you.

[luisprata]

Do you have any other useful information about this module? 

[Le_Bassiste]

sorry, nope. module came in sealed original box w/o any description. VGA output works, but can't do any scaling, so it's basically useless anyway.

[PA0PBZ]

VGA output works, but can't do any scaling, so it's basically useless anyway.

Meh, that should be a job for the monitor.

[luisprata]

My frequencies are the half of yours.  15.734kHz / 30Hz.  Could you measure Y400 frequency oscillator? Thank you again.

Update: My Y400 frequency is 25.175MHz.

Update: I think maybe your monitor shows the frequency of the VGA mode used, not actual signals. Could you confirm that?

[aibi1590]

Hey I got one mso2012 and a white screen appears.
I watch the ubootlog and stop at DRAM:64MB
I infer that the flash is faulty.
Is it still possible to repair this?

[Krikke944]

If you still have a copy of the patched FW 1.56 I would like to try it out.

[Minsoon]

Hi.~
I purchased mso2014 used only yesterday.
There is no logic probe option, so I plan to create this using artwork.
I received good help from eevblog about the Agilent 54831 hack before.
As expected, mso2014 information is also available here.
I upgraded to the latest version 1.56 today.

The serial port on the rear Side will also need to be made using a PCB.
Can I ask for the patched firmware for App-Module Hack?
thank you!.