Author Topic: MDO3000 hacking  (Read 66411 times)

imett and 1 Guest are viewing this topic.

Offline lavadisco

  • Contributor
  • Posts: 7
  • Country: us
Re: MDO3000 hacking
« Reply #150 on: August 25, 2018, 04:51:34 pm »
Just as another data point: I was able to enable all the upgrades on my MDO3012 today, including AFG without losing calibrations, and then update the firmware from 1.12 (I think?) to 1.26. The upgrades remained and all is well.
 

Offline reynomj

  • Newbie
  • Posts: 1
  • Country: us
Re: MDO3000 hacking
« Reply #151 on: September 29, 2018, 05:02:05 pm »
Recently was given a MDO3104  :) with firmware 1.26, "key.py" could only enable "Instrument Options" received invalid code whenever tried to enable "Application Modules" :(

Downgrade to firmware to 1.24, "key.py" could then enable all "Instrument Options" and "Application Modules" :)

Upgrade firmware to 1.30 all options & modules retained. :)
« Last Edit: October 04, 2018, 07:11:18 am by reynomj »
 

Offline darkfrog

  • Newbie
  • Posts: 1
  • Country: us
Re: MDO3000 hacking
« Reply #152 on: February 07, 2019, 07:49:12 am »
Has anyone gotten this to work with the MSO3000 series? I started taking a look at the software disassembly and it seems like it has the same AES encryption functions as the MDO3000.

Perhaps the two are simply one AES key apart then?
 

Offline r0d3z1

  • Regular Contributor
  • *
  • Posts: 98
  • Country: it
Re: MDO3000 hacking
« Reply #153 on: February 08, 2019, 12:55:45 pm »
as far as I rembember, MSO is supported....you have to use MSO3014 in the scope model....
 

Offline volvo_nut_v70

  • Regular Contributor
  • *
  • Posts: 55
  • Country: ca
Re: MDO3000 hacking
« Reply #154 on: July 12, 2019, 05:28:18 pm »
Found this on the web, instruction was to change the extension to 7Z
 
The following users thanked this post: hhappy1

Offline hhappy1

  • Contributor
  • Posts: 16
  • Country: kr
Re: MDO3000 hacking
« Reply #155 on: July 15, 2019, 11:34:39 am »
Found this on the web, instruction was to change the extension to 7Z


Wow~ Thank you sir. Please.

You will be blessed. 

New mdo3 series is available?  I hope it's possible.
« Last Edit: July 15, 2019, 11:37:57 am by hhappy1 »
 

Offline BH3XON

  • Contributor
  • Posts: 12
  • Country: cn
Re: MDO3000 hacking
« Reply #156 on: July 22, 2019, 04:14:53 am »
I have seen the post several times,But I still don't understand how to hack it.

I think the problem is that I don't know how these gen commands are sent to the oscilloscope.

USB? LAN? mod firmware?

told me, anyone, thank you!
 

Offline BH3XON

  • Contributor
  • Posts: 12
  • Country: cn
Re: MDO3000 hacking
« Reply #157 on: July 22, 2019, 07:55:56 am »
as far as I rembember, MSO is supported....you have to use MSO3014 in the scope model....

Hi!

Have you successfully hack it?

I have seen the post several times,But I still don't understand how to hack it.

I think the problem is that I don't know how these gen commands are sent to the oscilloscope.

USB? LAN? mod firmware?

Can you help me ?thank you!
 

Offline RomDump

  • Regular Contributor
  • *
  • Posts: 67
  • Country: ca
Re: MDO3000 hacking
« Reply #158 on: July 23, 2019, 07:33:59 pm »

I have seen the post several times,But I still don't understand how to hack it.

I think the problem is that I don't know how these gen commands are sent to the oscilloscope.

USB? LAN? mod firmware?

Can you help me ?thank you!

I don't own this product but a brief overview of what the tools does. By entering the Serial Number of your Tektronix MDO3000 into the application attached previously in the message thread, it will generate option keys which you must manually enter into the Oscilloscope. See this link on entering option keys into the oscilloscope.
--
RomDump
 

Offline BH3XON

  • Contributor
  • Posts: 12
  • Country: cn
Re: MDO3000 hacking
« Reply #159 on: July 25, 2019, 12:56:42 am »


I don't own this product but a brief overview of what the tools does. By entering the Serial Number of your Tektronix MDO3000 into the application attached previously in the message thread, it will generate option keys which you must manually enter into the Oscilloscope. See this link on entering option keys into the oscilloscope.

Oh, I see!thank very much!

Unfortunately, My model is DPO3014, and its interface is somewhat different.

Push Install Option on the side menu:

“All upgrades for this oscilloscope must be performed by an authorized Tektronix Service Center . Push Menu Off to remove this message . ”

Maybe related to the firmware version? The current version is V2.40.

Thank you for your reply!





 

Offline RomDump

  • Regular Contributor
  • *
  • Posts: 67
  • Country: ca
Re: MDO3000 hacking
« Reply #160 on: July 25, 2019, 02:54:40 am »

Unfortunately, My model is DPO3014, and its interface is somewhat different.


There is another thread in unlocking the MSO/DPO3000 however depending on your serial number you can only unlock the bandwidth with an option key. See link

For features to be unlock, you have to enter some GPIB commands to enable them for 30 days or put in a hacked Module.
« Last Edit: July 25, 2019, 02:58:51 am by RomDump »
--
RomDump
 

Offline BH3XON

  • Contributor
  • Posts: 12
  • Country: cn
Re: MDO3000 hacking
« Reply #161 on: July 26, 2019, 03:59:18 am »

Unfortunately, My model is DPO3014, and its interface is somewhat different.


There is another thread in unlocking the MSO/DPO3000 however depending on your serial number you can only unlock the bandwidth with an option key. See link

For features to be unlock, you have to enter some GPIB commands to enable them for 30 days or put in a hacked Module.

Thank you for your reply!

My oscilloscope serial number is C01XXXX, But can also use GPIB command to hack.

At present, I found a bug, and the Signal Path Compensation will fail after the hack.

All in all, a success by the method you provided, thanks again!




 

Offline analogRF

  • Frequent Contributor
  • **
  • Posts: 442
  • Country: ca
Re: MDO3000 hacking
« Reply #162 on: October 03, 2019, 07:16:18 pm »
I've just, ehm, found this link http://rghost.ru/download/57060583/0486bdb3f37075a5e1bb5ef3017f9218eb7c0e67/mdo3kgen.zip in a pastebin entry that had self-destructed on Ctrl-C  :-X

Hi abyrvalg

could you please let me know how this tool can be downloaded? or if possible pm it to me?

thanks
 

Offline volvo_nut_v70

  • Regular Contributor
  • *
  • Posts: 55
  • Country: ca
Re: MDO3000 hacking
« Reply #163 on: October 03, 2019, 08:44:36 pm »
See reply 154.
 
The following users thanked this post: analogRF

Offline analogRF

  • Frequent Contributor
  • **
  • Posts: 442
  • Country: ca
Re: MDO3000 hacking
« Reply #164 on: October 03, 2019, 09:28:25 pm »
See reply 154.

thanks  :-+

damn it, how could I miss that  |O :palm:
 

Offline transio

  • Newbie
  • Posts: 2
  • Country: fr
Re: MDO3000 hacking
« Reply #165 on: November 22, 2019, 02:27:03 pm »
Hello everyone ,

I am new to the EEVblog forum.

I'm doing a bit in analog electronics or digital but I'm a donkey in computer software installation. :horse:

can i be explained how to install: pycrypto-2.6 on python-2.7.17.amd64.

I downloaded the following files:
pycrypto-2.6.1-CP35-none-win_amd64.whl
pycrypto-2.6.win32-py2.6.exe.asc

but the installation stops right from the start and asks me: "python version 2.6, which was not found in the registry."

it must be python 2.6 version and not 2.7?

regards,
Pierre





 

Offline transio

  • Newbie
  • Posts: 2
  • Country: fr
Re: MDO3000 hacking
« Reply #166 on: November 22, 2019, 05:20:42 pm »

problem solved .
I did not download the good pakage, it must be:  pycrypto-2.6.win-amd64-py2.7.
 

Offline supperman

  • Regular Contributor
  • *
  • Posts: 84
  • Country: us
Re: MDO3000 hacking
« Reply #167 on: December 05, 2019, 03:42:30 am »
Has anyone compared the hardware between the 500mhz MDO3k and the 1Ghz version? Is it just the analog board? Or just the 2.5gs vs 5.0gs? I can't imagine that they would replace the main board in an upgrade. I bet it is simpler than that... Would love pictures if anyone has them.
 

Offline r0d3z1

  • Regular Contributor
  • *
  • Posts: 98
  • Country: it
Re: MDO3000 hacking
« Reply #168 on: December 05, 2019, 02:14:10 pm »
Has anyone compared the hardware between the 500mhz MDO3k and the 1Ghz version? Is it just the analog board? Or just the 2.5gs vs 5.0gs? I can't imagine that they would replace the main board in an upgrade. I bet it is simpler than that... Would love pictures if anyone has them.
Interesting question, here is the picture of dave teardown https://www.flickr.com/photos/eevblog/with/12979022035/
 

Offline supperman

  • Regular Contributor
  • *
  • Posts: 84
  • Country: us
Re: MDO3000 hacking
« Reply #169 on: December 05, 2019, 04:36:27 pm »
Nice.. and I happen to have a "500mhz" one.. do I open it? Did someone do this already?
 

Offline supperman

  • Regular Contributor
  • *
  • Posts: 84
  • Country: us
Re: MDO3000 hacking
« Reply #170 on: December 05, 2019, 04:41:46 pm »
Right off the bat I see lots of missing capacitors on the front end board.. interesting...

I know people tried to upgrade to 1ghz.. and did not succeed.. what precisely happened in that case? Probably an ID thing on aboard? Sample rate AND analog issues?
 

Offline supperman

  • Regular Contributor
  • *
  • Posts: 84
  • Country: us
Re: MDO3000 hacking
« Reply #171 on: January 15, 2020, 11:32:17 pm »
Just a note of caution... I was looking at firmware updates and noticed that ALL firmware files have been "touched" according to the date stamp on the Tek website. (They all list "Last Update: Tuesday, November 12, 2019") which I'm not sure I had seen before.. Probably nothing to worry about..

Anyone have a way to see if anything changed in the older ones.. and if so what?

 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 1080
  • Country: pt
Re: MDO3000 hacking
« Reply #172 on: January 19, 2020, 01:50:47 pm »
Recently was given a MDO3104  :) with firmware 1.26, "key.py" could only enable "Instrument Options" received invalid code whenever tried to enable "Application Modules" :(

Downgrade to firmware to 1.24, "key.py" could then enable all "Instrument Options" and "Application Modules" :)

In v1.26, I think AES_key changed to:

D6 1D E5 28 67 72 17 03 6F 99 10 45 5D 01 79 A4 (obfuscated)
« Last Edit: January 19, 2020, 07:53:13 pm by tv84 »
 

Offline supperman

  • Regular Contributor
  • *
  • Posts: 84
  • Country: us
Re: MDO3000 hacking
« Reply #173 on: January 25, 2020, 05:20:40 pm »
Has anyone compared the hardware between the 500mhz MDO3k and the 1Ghz version? Is it just the analog board? Or just the 2.5gs vs 5.0gs? I can't imagine that they would replace the main board in an upgrade. I bet it is simpler than that... Would love pictures if anyone has them.

I finally opened my MDO3014. Bad news.. the analog front end board is completely different. There is of course a chance that it is just a new revision.. but there are no resistor networks or any obvious ways to change the ID of the board. There seem to be a Jtag header (not soldered) but someone braver than me would need to check that out. Given how different the board is I think that there are diminishing returns here.. It would probably just get you 5GS/s at some compromised bandwidth.. probably around 700mhz.. at best. (on 2 channels)

All other boards seem identical to the 1Ghz model including the main board.. (including all chip stickers / IDs)

 

Offline VDD

  • Newbie
  • Posts: 1
  • Country: ru
Re: MDO3000 hacking
« Reply #174 on: February 06, 2020, 12:11:00 pm »
Hi all. Do somebody tryed to do same on 5000 series (DPO5034) Tek?
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf