Author Topic: Need help hacking DP832 for multicolour option.  (Read 151938 times)

0 Members and 1 Guest are viewing this topic.

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Need help hacking DP832 for multicolour option.
« on: December 24, 2015, 09:08:58 pm »
Hello,

I'm sorry if this has been asked before and I'm not sure if this is the proper sub-forum to ask in.   If it's not, I apologize and maybe a moderator could move the post.   I have a Rigol 832 Programmable Power Supply.   It's been absolutely wonderful.   I found the keygen a long time ago to upgrade the unit.   One of the upgrade no longer works.   I can't remember which one but I remember reading that if I upgraded the firmware, the one option would be removed.   I wanted to know if that ever got fixed?   I can try and find out what option it was that disabled by the firmware upgrade if needed.   I can't seem to find the forum anymore with the keygen.  I thought it was here on EEVBlog.

Anyway, on to my main question.   The DP832A has a multi-colour option for the main screen.   You know, where you can have more than one colour displayed at the same time.   I was curious if there was any way to get this on the original DP832?   I'd like to keep the classic UI if at all possible.   Does anyone know if what I want is doable and if so, how I'd go about doing it?   Thank you.
 

Offline Macbeth

  • Super Contributor
  • ***
  • Posts: 2571
  • Country: gb
Re: Need help hacking DP832 for multicolour option.
« Reply #1 on: December 24, 2015, 10:04:57 pm »
TBH, even the DP832A "classic" version of the DP832 screen Rigol was forced to include with its 3 colours isn't as nice as the cheaper DP832, at least to most of us. The 'A' does have colour coded buttons and front panel stuff but really all anyone is interested in are the features not the fluff.

One thing the classic DP832 has is when the output is switched off the V and A all go to 0.000 while the DP832A classic just blanks.

I would personally like Rigol to keep the voltmeter switched on much like my HP6632B does it rather than display blank or hard coded 0.000
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #2 on: December 25, 2015, 12:09:50 am »
I thought the screens were the same.   That the screen in my DP832 is the same screen that's in the DP832A.   I thought it was just firmware or something along that route that makes it so I can only display one colour, more less, on the screen at one time.   Am I wrong in this assumption?
 

Offline nidlaX

  • Frequent Contributor
  • **
  • Posts: 663
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #3 on: December 25, 2015, 02:00:06 am »
Dump the firmware, disassemble it, add color coding.
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #4 on: December 25, 2015, 03:01:08 am »
It doesn't have any security bits set or anything?   I guess I could always just download the firmware from their website and go from there.   Thanks.   Has this been done before?   It'd be nice if there was some sort of how-to to follow.   Perhaps I could download the firmware for the DP832A and use that as a reference.   Thanks for the information.
 

Offline analogNewbie

  • Regular Contributor
  • *
  • Posts: 54
  • Country: cn
Re: Need help hacking DP832 for multicolour option.
« Reply #5 on: December 25, 2015, 11:36:09 am »
of cause you van download the firmware from rigol site. However, you dont know the file format of the firmware file.
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #6 on: December 25, 2015, 06:03:22 pm »
Right.   I don't know the file format of the firmware.   If they're using something like a PIC though, I should be able to load the bin file I'd think in MPLAB X to get the disassembled version.   I'm still really knew to all of this hardware stuff.   I'm trying to learn but there's a lot to learn!   I really appreciate all the help that people provide when I have questions though.   Merry Christmas!
 

Offline Macbeth

  • Super Contributor
  • ***
  • Posts: 2571
  • Country: gb
Re: Need help hacking DP832 for multicolour option.
« Reply #7 on: December 25, 2015, 07:33:55 pm »
Most Rigol stuff I've encountered is Blackfin DSP, certainly not PIC  :-DD. The Blackfin will usually have a LDR format firmware.

Here's something on Rigol .GEL files https://www.eevblog.com/forum/testgear/dg4000-a-firmware-investigation/120/
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #8 on: December 26, 2015, 12:15:53 am »
Thank you so much!   Unfortunately, because I'm so new at the hardware stuff, I only have limited experience with PICs.   I really appreciate this information though.   It's pointing me in the right direction, thank you!!
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #9 on: December 28, 2015, 12:26:31 am »
Just got a quick question.   My understanding is that the hardware in the DP832 and the hardware in the DP832A are identical.   Does anyone know if this is true?   If it is, I'm guessing the DP832A firmware must check something like the serial number to see if the unit is a DP832 or a DP832A.   If the serial number isn't within a certain range, maybe the DP832A firmware would refuse to install on the DP832.   Am I right in these assumptions or are there physical differences between the two units?
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #10 on: December 30, 2015, 02:38:46 am »
I've watched the teardown video for the Rigol DP832.   It does appear to be the same hardware as the DP832A.   When looking for a firmware, I could only find one file for the DP832 and the DP832A.   Therefore, I'm left to assume the DP832 and the DP832A use the exact same firmware.   So chances are good the firmware just checks something like serial number to see if it should enable the multicoloured screen and all the available options or if it should turn the options off and show the one coloured screen.

I've been looking at the firmware in a hex editor and looking at the various Blackfin datasheets.   I don't think these files are for a Blackfin.   I noticed with the link that was posted for the Rigol scopes, they show the model number of the scope right at the beginning of the .GEL files.   We don't get that with these firmware files.

When I run the Linux file command on the files though, the bootloader .GEL file shows: hp200 (68010) BSD.     I wonder if that's a Motorola 68010 processor in there or if maybe file is mistaken.  I know when I look at the application firmware, not the bootloader, I see a pattern every so often (more near the endish).   00h through whatever xxh in a row.   First one is at offset 8c and goes to offset 011c.   It goes 00h - 90h.   Second one starts at 06608c and goes to offset 0660cb.    It's 00h - 3Fh but it goes 00 01 02 03 04 05 06 07 08 09 0A 0B 1A FD AE F0 10 11 12 13...    There's a whole bunch of them like that.    I figure maybe the .GEL file is kind of like an archive or something and these mark the start or end of a file or something?   In the middles, there's a whole bunch that don't count very high and they have a little bit of data (maybe 40h bytes or so) before the next set starts.
 

Offline Stupid Beard

  • Regular Contributor
  • *
  • Posts: 221
  • Country: gb
Re: Need help hacking DP832 for multicolour option.
« Reply #11 on: December 30, 2015, 03:29:51 am »
When I run the Linux file command on the files though, the bootloader .GEL file shows: hp200 (68010) BSD.     I wonder if that's a Motorola 68010 processor in there or if maybe file is mistaken.

Have you tried binwalk?

Edit: The GEL file will be an archive of some sort. There is firmware for at least the main CPU, the analog boards, and probably assorted other things like FPGAs.
« Last Edit: December 30, 2015, 03:33:41 am by Stupid Beard »
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #12 on: December 30, 2015, 03:58:16 am »
Thanks!   I have not tried binwalk but I will give that a shot tomorrow.   I figured one of the two .GEL files was an archive.   The bootloader one though I figured wasn't an archive but just code for whatever CPU was in there.   I might be wrong on that though.   I was hoping to find away to extract the files from at least one of the .GEL files.   Figured that'd be good progress.
 

Offline Macbeth

  • Super Contributor
  • ***
  • Posts: 2571
  • Country: gb
Re: Need help hacking DP832 for multicolour option.
« Reply #13 on: December 30, 2015, 07:23:21 pm »
Looking at one of Dave's early teardown photos it's using a Freescale (now known as NXP) i.MX283 ARM9 core Applications Processor

ETA: The 10 pin header is most likely it's JTAG port ;)
« Last Edit: December 30, 2015, 07:29:37 pm by Macbeth »
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #14 on: December 30, 2015, 10:35:46 pm »
Looking at one of Dave's early teardown photos it's using a Freescale (now known as NXP) i.MX283 ARM9 core Applications Processor

ETA: The 10 pin header is most likely it's JTAG port ;)

Thank you for this information!   Are you 100% sure on the processor there?   The teardown video I saw that I believe Dave posted had the CPU but it was etched off with a laser or something.  Some of the font was still visible.   A user commented saying the CPU was made by Silicon Image and that he recognized the font.   Just curious as to whether you're certain it's the Freescale MX283 ARM9 or if it's just an educated guess.   Either way, it'll get me pointed in the right direction.

I don't really have much experience with JTAG stuff.   I JTAGGED a video game console once.   I wonder if there's a way for me to tell for certain if it's a JTAG port or not and what the pinouts are.   Thanks for all the help!
 

Offline Macbeth

  • Super Contributor
  • ***
  • Posts: 2571
  • Country: gb
Re: Need help hacking DP832 for multicolour option.
« Reply #15 on: December 31, 2015, 11:50:38 am »
I posted Daves photo and it's clear as day. You have the supporting RAM and flash chips next to it, crystal and JTAG header. The LCD flatflex cable is there and the PCB is labelled DP800_DigitalBoard...  :-//

The IC that had it's ID removed was something else entirely.

The JTAG pinout will most likely be the standard 10 pin ARM layout. Buzz out the VCC and GNDs to make sure.
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #16 on: December 31, 2015, 07:00:35 pm »
I posted Daves photo and it's clear as day. You have the supporting RAM and flash chips next to it, crystal and JTAG header. The LCD flatflex cable is there and the PCB is labelled DP800_DigitalBoard...  :-//

The IC that had it's ID removed was something else entirely.

The JTAG pinout will most likely be the standard 10 pin ARM layout. Buzz out the VCC and GNDs to make sure.

You're awesome!   Thank you!   For some reason, I missed the link of the photo you posted!     What does buzz out mean?   I really appreciate all the help on this!
 

Offline Macbeth

  • Super Contributor
  • ***
  • Posts: 2571
  • Country: gb
Re: Need help hacking DP832 for multicolour option.
« Reply #17 on: December 31, 2015, 08:24:08 pm »
Buzz out = continuity test on your DMM. Are you sure you are up to this? It is not an easy job. All the dumping the firmware using JTAG and stuff is the easy bit. Reverse engineering the code is another matter!
 

Offline Macbeth

  • Super Contributor
  • ***
  • Posts: 2571
  • Country: gb
Re: Need help hacking DP832 for multicolour option.
« Reply #18 on: December 31, 2015, 08:35:19 pm »
Oh, you want to use something like OpenOCD and also UrJTAG.

You might find your linux distro has them available by apt-get for easy installation.

Of course you need a supported hardware adapter as well. I have an Olimex USB-OCD that I got for £20 on ebay. I also have a dirt cheap USB Blaster which I think is good enough for dumping code, but not so much for ARM debugging.

Well, happy new year and good luck  :-+
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #19 on: December 31, 2015, 10:45:48 pm »
Buzz out = continuity test on your DMM. Are you sure you are up to this? It is not an easy job. All the dumping the firmware using JTAG and stuff is the easy bit. Reverse engineering the code is another matter!

I want to try Macbeth.   I know I don't understand everything and will probably fail miserably but I love learning and I really want to try very hard.   I look at it like this, worst case, I fail but I will still learn something in the process.   I used to be pretty good at writing code, back in the day.   I was a system programmer and worked for a corporation called Deposit Computer Services, Inc until 2005 or so.   My ability to write code is a bit rusty.   I got a few good books on C now though.   C Programming - A Modern Approach - 2nd Edition by K.N. King and then I have the Red Dragon Book (AKA, Compilers - Principles, Techniques and Tools).  Thanks for all the help though.   I greatly appreciate how everyone's been so helpful and understanding.
 

Offline Stupid Beard

  • Regular Contributor
  • *
  • Posts: 221
  • Country: gb
Re: Need help hacking DP832 for multicolour option.
« Reply #20 on: December 31, 2015, 11:32:58 pm »
Buzz out = continuity test on your DMM. Are you sure you are up to this? It is not an easy job. All the dumping the firmware using JTAG and stuff is the easy bit. Reverse engineering the code is another matter!

I want to try Macbeth.   I know I don't understand everything and will probably fail miserably but I love learning and I really want to try very hard.   I look at it like this, worst case, I fail but I will still learn something in the process.   I used to be pretty good at writing code, back in the day.   I was a system programmer and worked for a corporation called Deposit Computer Services, Inc until 2005 or so.   My ability to write code is a bit rusty.   I got a few good books on C now though.   C Programming - A Modern Approach - 2nd Edition by K.N. King and then I have the Red Dragon Book (AKA, Compilers - Principles, Techniques and Tools).  Thanks for all the help though.   I greatly appreciate how everyone's been so helpful and understanding.

For reverse engineering programming knowledge helps (a lot), but it's only a small part of the skillset required. You don't need to be able to write code so much as to read assembly language and relate what you're reading to what the C/C++/whatever compiler spits out. You also need a good disassembler and at least some knowledge of the CPU.

If you have no experience in it, you should be able to find a lot of information and tutorials online. It doesn't really matter what processor or languages they're for. I'd suggest starting by disassembling test programs for your desktop computer. Processors and compilers all work in more or less the same way so skills gained on one are usually easily related to others, and it will be a lot easier to try things out and see what's going on with your computer than an embedded thing.

Good luck, it's a pretty large can of worms that you are opening ;)
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #21 on: December 31, 2015, 11:40:15 pm »
Oh, you want to use something like OpenOCD and also UrJTAG.

You might find your linux distro has them available by apt-get for easy installation.

Of course you need a supported hardware adapter as well. I have an Olimex USB-OCD that I got for £20 on ebay. I also have a dirt cheap USB Blaster which I think is good enough for dumping code, but not so much for ARM debugging.

Well, happy new year and good luck  :-+

I was thinking of going for something like this:

https://www.olimex.com/Products/ARM/JTAG/ARM-USB-OCD-H/

I'm sure these questions are pretty basic for you but what's the USB Blaster for?   From what I've read, they're for Altera devices.  For programming, debugging and emulation.   Anyway, for the USB Blaster, do you think this would be a nice one?

https://www.buyaltera.com/PartDetail?partId=5638362

It's the Altera USB Blaster II
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #22 on: December 31, 2015, 11:52:01 pm »
Buzz out = continuity test on your DMM. Are you sure you are up to this? It is not an easy job. All the dumping the firmware using JTAG and stuff is the easy bit. Reverse engineering the code is another matter!

I want to try Macbeth.   I know I don't understand everything and will probably fail miserably but I love learning and I really want to try very hard.   I look at it like this, worst case, I fail but I will still learn something in the process.   I used to be pretty good at writing code, back in the day.   I was a system programmer and worked for a corporation called Deposit Computer Services, Inc until 2005 or so.   My ability to write code is a bit rusty.   I got a few good books on C now though.   C Programming - A Modern Approach - 2nd Edition by K.N. King and then I have the Red Dragon Book (AKA, Compilers - Principles, Techniques and Tools).  Thanks for all the help though.   I greatly appreciate how everyone's been so helpful and understanding.

For reverse engineering programming knowledge helps (a lot), but it's only a small part of the skillset required. You don't need to be able to write code so much as to read assembly language and relate what you're reading to what the C/C++/whatever compiler spits out. You also need a good disassembler and at least some knowledge of the CPU.

If you have no experience in it, you should be able to find a lot of information and tutorials online. It doesn't really matter what processor or languages they're for. I'd suggest starting by disassembling test programs for your desktop computer. Processors and compilers all work in more or less the same way so skills gained on one are usually easily related to others, and it will be a lot easier to try things out and see what's going on with your computer than an embedded thing.

Good luck, it's a pretty large can of worms that you are opening ;)

Thank you for the information.   I know a little bit.   I know I need a way to disassemble the firmware once I dump it using the JTAG stuff.   I need a disassembler that can understand the i.MX283 ARM927EJ-S instruction set.  I know I need to learn this instruction set but I figure it probably wouldn't be a crazy hard thing to learn.  I used to have this little MP3 type player called an Archos and that had an ARM processor of one sort or another inside it.   I didn't think it was that hard learning the assembly for it but it was an older ARM processor.  I know with the PICs I've been playing with, the instruction sets are small.   The PIC I'm playing with now (PIC16F628A) only has something like 54 instructions.    I figured everything would be done in assembly.   Once my wife is done fixing this tablet in the work room, I'll fire up my Linux box and install OpenOCD.   Hopefully there's some sort of emulator out there where I can play with the ARM9 code on my machine and compile some test programs and fire up GDB (or whatever equivalent the ARM9 toolchain comes with) to play around with them.

The hardware, for me, is the hardest part.   I just started learning how to make circuit boards and don't have much experience in that area at all!   I made a device that counts in binary (up and down) when you press a button!   It lights up LEDs to show the binary number.   I've written code most of my life and I've played with assembly on and off.   After the Marine Corps, something happened to my brain and things got a bit messed up.   Had to take a break for a bit but I'm ready to learn everything I can now.

I think it's going to be fun once I get the hardware to dump the firmware directly.   I shouldn't have to worry about the GEL files then.
 

Offline Stupid Beard

  • Regular Contributor
  • *
  • Posts: 221
  • Country: gb
Re: Need help hacking DP832 for multicolour option.
« Reply #23 on: December 31, 2015, 11:55:42 pm »
qemu is the usual emulator. There should be packages in whatever linux distro you use.
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #24 on: January 01, 2016, 08:15:27 pm »
So I ordered the ARM-USB-OCD-H made by Olimex.   I also ordered a 20-pin to 10-pin adapter from them.   I reread what I wrote the other night and wanted to clarify right now.  I didn't mean to down play how hard the software part of this was going to be.   I know once I get the firmware, it's going to take a very long time for me to analyze it and figure out what exactly everything does.   What I was trying to convey is I believe I understand the software part of this project and know what exactly needs to be done, whereas with the hardware, I'm a bit confused.   I don't really understand what the USB Blaster's for if I have the JTAG device from Olimex.   Does it just allow me to do in-circuit debugging or something?  Once I get my ARM-USB-OCD-H device, I'll rip apart the power supply and buzz those pins in the picture.   They're the ten pins above the CPU and to the right a little, near the edge of the board, right?   Thanks!
 

Offline Macbeth

  • Super Contributor
  • ***
  • Posts: 2571
  • Country: gb
Re: Need help hacking DP832 for multicolour option.
« Reply #25 on: January 01, 2016, 08:26:26 pm »
You don't need the USB Blaster. I only mentioned it as it costs next to nothing and you mentioned you had used JTAG before and it's a popular (for Altera) dongle and could (possibly) at least be used with urJTAG to dump the flash.

If you get the Olimex that should be all you need.

Also something called Hex-Rays IDA is apparently very useful and appears to support reverse engineering this processor. It can be very expensive though ;) Which reminds me I have a demo version I need to learn how to use. I've got a PDF manual for it somewhere.
« Last Edit: January 01, 2016, 08:36:11 pm by Macbeth »
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #26 on: January 01, 2016, 10:15:39 pm »
You don't need the USB Blaster. I only mentioned it as it costs next to nothing and you mentioned you had used JTAG before and it's a popular (for Altera) dongle and could (possibly) at least be used with urJTAG to dump the flash.

If you get the Olimex that should be all you need.

Also something called Hex-Rays IDA is apparently very useful and appears to support reverse engineering this processor. It can be very expensive though ;) Which reminds me I have a demo version I need to learn how to use. I've got a PDF manual for it somewhere.

Thank you Macbeth!   I ordered the Olimex ARM-USB-OCD-H adapter with the ARM-JTAG-20-10 adapter (which allows me to plug the ARM-USB-OCD-H adapter into an ARM 10-pin mini-JTAG connector.   All I did before was solder some wires to a Xbox 360 to JTAG it.  I was following some how-to.

So, I've been studying the datasheet for this ARM processor a bit.   I had some questions.   I see in the datasheet, there's a DEBUG signal (B9 on the BGA chip for this processor).   The datasheet says:
Code: [Select]
This pin is used for JTAG interface.
DEBUG=0: JTAG interface works for boundary scan.
DEBUG=1: JTAG interface works for ARM debugging.

Would I need to set this pin HIGH, LOW or just leave it as it is?   I don't really know what boundary scans are.   I also see there's some security for this chip, which I didn't find surprising.   But I see in the datasheet:
Code: [Select]
Security features:
— Read-only unique ID for Digital Rights Management (DRM) algorithms
— Secure boot using 128-bit AES hardware decryption
— SHA-1 and SHA256 hashing hardware
— High assurance boot (HAB4)

Does this mean that when I hook up the JTAG unit and try dumping the firmware using OpenOCD, the firmware might be encrypted?   I've also been reading up how to dump firmware using OpenOCD.   I know some smart people found a way to dump the firmware on a device that uses an ARM processor.   Some security bits were set that prevented read access to protected memory.   Only instructions in protected memory could read the data from protected memory.   However, it was fairly easy for the people to bypass this by loading an address in one of the registers, stepping through the code in protected memory and then checking the values of the registers until one changed.   They were able to find a LOAD instruction and that's all the needed in order to dump the firmware.   They even provided a nice Ruby script that would connect to OpenOCD and dump the firmware for you.

I mean, it'd have to be modified for different processors but I was thinking maybe I'd have to do something like that.   I've been studying the datasheet but I don't really see how I'm supposed to tell how big the firmware is and where it'd be located in memory.   It's definitely a learning experience, I'll say that much!    I also have an old router that might have a JTAG port.   Perhaps I could play with that to get a little experience.   If I ruin the router, no big deal.
 

Offline Macbeth

  • Super Contributor
  • ***
  • Posts: 2571
  • Country: gb
Re: Need help hacking DP832 for multicolour option.
« Reply #27 on: January 01, 2016, 11:39:50 pm »
Dave has a great vid on JTAG boundary scan. You will probably want BSDL files for your processor and flash etc.

I have to admit I have only got as far as dumping and programming firmware on my Rigol DM3058, which happens to be in unencrypted Blackfin LDR format (most Rigol stuff seems to be Analog Devices Blackfin DSP). I had to learn all this just to recover my DMM which had bricked itself after I used some obscure Rigol software not compatible with my firmware version, the alternative would have been sending it back under warranty but that would have cost me shipping and took weeks and is very, very boring. I learned how to extract LDR+data from the firmware and reflash in the weekend.

My own goal is to reverse engineer this firmware just for the hell of it and fix the bugs Rigol are too lazy to bother with and perhaps make the meter do what I want. But that's on the backburner now.

For all the ARM stuff - I don't have a clue, sorry!
 

Offline Macbeth

  • Super Contributor
  • ***
  • Posts: 2571
  • Country: gb
Re: Need help hacking DP832 for multicolour option.
« Reply #28 on: January 01, 2016, 11:49:43 pm »
Oh for the size of the flash - just lookup the Hynix partnumber. There must be a memory map in the datasheet. I haven't checked for your ARM, but for Blackfin it's 0x20000000 and is easy to read with urJTAG when you set it up to read the flash chip (probably via BSDL behind the scenes).

If the flash is encrypted then yes you will need to use the hack you have found. Very interesting! My ARM experience is Raspberry Pi's only I'm afraid with none of this JTAG stuff  :scared:
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #29 on: January 02, 2016, 12:16:33 am »
Thanks for all the help Macbeth!   Hopefully when my Olimex device comes, I'll find it's not very hard at all.   If it does turn out to be encrypted though, I might not be able to go any further at all.    I'll look into the various things you mentioned in the meantime.   Like the memory map and size of the Hynix firmware.   I'd be nice if I could get an unencrypted copy of the firmware.   Maybe I could even figure out the format of the .GEL files.
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #30 on: January 04, 2016, 09:12:27 pm »
I just wanted to update you guys.   I got the ARM-USB-OCD-H JTAG device coming but I don't think it's going to help.   I've been reading up on the security of the i.MX283 processor in the Rigol DP832.   From what I've read ( http://cache.nxp.com/files/32bit/doc/app_note/AN4555.pdf?fpsp=1&WT_TYPE=Application%20Notes&WT_VENDOR=FREESCALE&WT_FILE_FORMAT=pdf&WT_ASSET=Documentation&fileExt=.pdf )
it seems that the bootloader gets signed and if the code changes but the signature doesn't match, then it'll refuse to start.   It seems the packages on the FLASH might be signed as well.   They use some elftosb program to sign them or something.    If I'm not mistaken (and I very well can be, I don't really understand the whole encryption stuff very well), even if I could extract the bootloader and flash contents, I won't be able to change them at all.

I wonder how the person who wrote the keygen for the DP832 managed to figure out how to successfully write it.   Did they somehow manage to extract the firmware or information from the flash chip on there?
 

Offline apelly

  • Supporter
  • ****
  • Posts: 1061
  • Country: nz
  • Probe
Re: Need help hacking DP832 for multicolour option.
« Reply #31 on: January 04, 2016, 09:51:29 pm »
It was a while ago now, but if you read the first few hundred posts in the sniffing the rigol bus thread there is a lot of useful stuff posted by cybernet. The thread degenerates into noobs asking for help after a while, but the beginning is very cool. I think that's the one where the certificate signing stuff for the dg4000 was discovered too, but there is another thread for hacking the dg4000 which also contains interesting information.

Good luck!
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #32 on: January 04, 2016, 10:16:51 pm »
It was a while ago now, but if you read the first few hundred posts in the sniffing the rigol bus thread there is a lot of useful stuff posted by cybernet. The thread degenerates into noobs asking for help after a while, but the beginning is very cool. I think that's the one where the certificate signing stuff for the dg4000 was discovered too, but there is another thread for hacking the dg4000 which also contains interesting information.

Good luck!

Thank you!   I'll search the forums for the topic you're talking about here.   I've seen people talk about sniffing buses before.   Maybe I should invest in some equipment so I can do that too.   Sounds really cool.
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #33 on: January 04, 2016, 10:30:19 pm »
Is this the forum that you're talking about?   https://www.eevblog.com/forum/testgear/sniffing-the-rigol's-internal-i2c-bus/

Seems to be about the Rigol DS1102E.   Perhaps I can still learn a lot from it though.   I don't have a logic analyzer.   I'd love to purchase one but I'm not certain if I want a benchtop model or a portable one.   I kind of like some of the portable ones I've seen on the net (the ones that hook up to a PC via USB).   Just not sure if they're as good and if they are, which ones to get.
 

Offline apelly

  • Supporter
  • ****
  • Posts: 1061
  • Country: nz
  • Probe
Re: Need help hacking DP832 for multicolour option.
« Reply #34 on: January 05, 2016, 02:20:54 am »
That's the one. It's a long time since I read the first post. You're right, but it's about the ds2000 and other rigol products too. It's worth your time to read it. Really.

Can't find the other one right now, but it'll be referred to in the i2c thread for sure.
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #35 on: January 05, 2016, 03:42:01 am »
That's the one. It's a long time since I read the first post. You're right, but it's about the ds2000 and other rigol products too. It's worth your time to read it. Really.

Can't find the other one right now, but it'll be referred to in the i2c thread for sure.

Thank you.   I've already started reading the thread.   I've searched through it as well, looking for keywords like DP832.   I see a user claims he was able to disassemble the firmware somehow in order to modify the Riglol program to generate proper keys for the newer firmwares.    I wonder if he actually disassembled it and if so, how did he manage to get a copy?   Right now, I don't think there's any known ways to decode / decrypt / whatever the .GEL files.  It'd be nice if I could figure out how they did it.   I've also been reading up on OpenOCD and trying to figure out how to actually try to do the various things I want to do once I get my JTAG device in the mail.

From what I've seen, I'm going to need to know the flash segment address (this might be the wrong word here) in order to read the flash to a .hex / .bin file.   I'm going to need to figure out what the RAM segment is in order to do a memory dump.   I was expecting these addresses to be in the datasheet for the i.MX283 but I didn't find them there.   I continued to look in the various documents on NXP's website for the i.MX283 and found the memory map layout in the i.MX28 Applications Processor Reference Manual ( http://cache.nxp.com/files/32bit/doc/data_sheet/IMX28CEC.pdf?fpsp=1&WT_TYPE=Data%20Sheets&WT_VENDOR=FREESCALE&WT_FILE_FORMAT=pdf&WT_ASSET=Documentation&fileExt=.pdf ) on page 135 of 2733!   However, I'm not sure which ones I need.   I see stuff like On-Chip RAM, On-Chip RAM alias, External Memory, On-Chip ROM, etc.   Don't see anything for flash like I do with some of the other datasheets out there.

I also wanted to say though that I'm extremely thankful for all the help everyone here on EEVBlog has provided to me.   I know most of the users here are experts in the electronic world and I know I don't know very much at all.   But everyone's been extremely supportive in trying to help me accomplish what I want to do and answer all the dumb questions I have!   Thank you guys.
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #36 on: January 07, 2016, 09:40:43 pm »
So I'm waiting for my ARM-USB-OCD-H JTAGGING device to come.   I learn that OpenOCD doesn't support the NAND flash controller on the i.MX28 processors.   This is disappointing.   I also want to say I remember reading something in the programming reference guide that the NAND works in parallel mode.   From reading stuff on the internet, from what I can tell, I will not be able to use one of those clips that you just put over the NAND chip and read and write to it directly, in circuit, while the device is on (like the E3 Flasher for the PS3 for example).   I think getting this NAND dump is going to be a bit harder than I originally was hoping for.

Anyway, I went back to looking at the GEL files.   I see patterns but can't really make sense out of them.   I've tried bit shifting them, doing bitwise manipulation on them (AND, OR, XOR) but I can't seem to get anything useful out of.   Maybe you guys can make some sense out of it and see something that I just don't?   For example, the first 32 bytes of code, I see a pattern...

Code: [Select]
28 23 10 00 78 B9 FB BB 7C 7D D0 7F 20 BE 82 83     /* Notice here, starting at offset 5, we have 78. If we count up in hex though, we get:
                    78 79 7A 7B 7C 7D 7E 7F...                           See how 78, 7C, 7D, and 7F line up? */

83 84 86 87 27 89 8A 8B 28 CA 8E 8F A8 81 31 78      /* We see this again...
          86 87 88 89 8A 8B 8C 8D 8E 8F...                           86, 87, 89, 8A, 8B, 8E and 8F line up. */


Now, if I create a table, the pattern becomes a bit more clear.
Code: [Select]
     x4 x5 x6 x7 x8 x9 xA xB xC xD xE xF x0 x1 x2 x3
   ---------------------------------------------------
7x | 28 23 10 00 78 B9 FB BB 7C 7D D0 7F 20 BE 82 83 | 83
8x | 83 84 86 87 27 89 8A 8B 28 CA 8E 8F A8 81 31 78 | 93
9x | AC 85 35 7C B0 89 39 80 B4 8D 3D 84 B8 91 41 88 | A3
Ax | A4 A5 A6 A7 BC 99 49 90 C0 9D 4D 94 A8 EB BA B3 | B3
Bx | 30 F1 BE B7 34 F5 C2 BB 38 F9 C6 BF 3C FD CA C3 | C3
Cx | 40 01 CE C7 20 EB D2                            | D3
Cx |                      CB CC CD CE CF D0 D1 D2 D3 | D3 (continued)
Dx | D4 D5 D6 D7 D8 D9 DA DB DC DD DE DF E0 E1 E2 E3 | E3
Ex | E4 E5 E6 E7 E8 E9 EA EB EC ED EE EF F0 F1 F2 F3 | F3
Fx | F4 F5 F6 F7 F8 F9 FA FB FC FD FE FF 00 01 02 03 | 03
0x | 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 | 13
1x | 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 | 23
2x | 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 | 33
3x | 34 35 36 37 38 39 3A 3B 3C 3D 3E 3F 40 41 42 43 | 43
4x | 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F 50 51 52 53 | 53
5x | 54 55 56 57 58 59 5A 5B 5C 5D 5E 5F 60 61 62 63 | 63
6x | 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70 71 72 73 | 73
7x | 74 75 76 77 78 79 7A 7B 7C 7D 7E 7F 80 81 82 83 | 83
8x | 84 85 86 87 88 89 8A 8B 8C 8D 8E 8F 90          | 93

That's the first 285 bytes.   Starting at offset 57h, it starts counting up, in a row, from CBh to FFh then 00h to 90h.   I use that to create the numbers before and after the |'s.    Maybe we're supposed to remove the numbers that match up?   I'll give an example.   First row,
we see the 7x that I added, so the numbers to remove will start with a 7.   Then, the little grid above us tells us what the last number in the row has to be in order for us to remove it.   So, we look at:
Code: [Select]
     x4 x5 x6 x7 x8 x9 xA xB xC xD xE xF x0 x1 x2 x3
   ---------------------------------------------------
7x | 28 23 10 00 78 B9 FB BB 7C 7D D0 7F 20 BE 82 83 | 83

The first number, 28, does it start with a 7?   Nope, move on.   Does 23 start with a 7?  Nope, move on....we keep going to get to 78 at offset 05h.   Does that start with a 7?  Yup.  We look up to see what number it has to end in.   In this case, an 8.  Does it end in an 8?  Yup.  Remove it.   On to the next ones.   We remove 7C, 7D, 7F, 82 and 83.    So maybe the first lines in the .GEL file are really
Code: [Select]
28 23 10 00 B9 FB BB D0 20 BE

You see, I thought I was onto something there for a second, but I can't make sense out of 0x28 0x23 0x10 0x00 0xB9 0xFB 0xBB 0xD0 0x20 0XBE.    Maybe someone smarter than me could see something that I'm missing here?   Thanks!
 

Offline dadler

  • Supporter
  • ****
  • Posts: 851
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #37 on: January 07, 2016, 09:46:27 pm »
Maybe you will find this useful:

http://www.gotroot.ca/rigol/degel-0.1.tar.gz
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #38 on: January 08, 2016, 01:06:36 am »
Maybe you will find this useful:

http://www.gotroot.ca/rigol/degel-0.1.tar.gz

Thank you for the link but that doesn't really work with the DP832's for one reason or another.   For example, that degel program looks for a header which doesn't seem to be here, at least not like in the other .GEL files.   The ones I've seen (like DG10x2Update.gel) starts with RIGOL:DG1:UPDATE FILE ALL

I've tried to figure out how to get RIGOL from the hex values in the DP832's software update.gel file.   It starts with 0x28 0x23 0x10.   If you XOR 0x7A to 0x28, you get 0x52 (R).   If you XOR 0x6A to 0x23 you get 0x49 (I).   I thought I had a pattern there.   XOR the first offset by 0x7A to get R, XOR the second offset by 0x6A to get I, but to get G for the third offset, you need to XOR it (0x10) by 0x57.   No pattern there :(
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #39 on: January 08, 2016, 01:16:14 am »
I mean I seen a little pattern there.   These are the bytes in hex in the Update file...and the values I have to XOR them with to get RIGOL

Code: [Select]
Bytes   XOR Value     Output (in ASCII)
0x28    0x7A              R
0x23    0x6A              I
0x10    0x57              G
0x00    0x4F              O
0x78    0x34              L

See a bit of a pattern there?    The XOR's most significant value starts at 7 and counts down by a whole number each time.   7, 6, 5, 4, 3.    Just can't figure out the last numbers there.   I can't see the pattern, A, A, 7, F, 4...
 

Offline Macbeth

  • Super Contributor
  • ***
  • Posts: 2571
  • Country: gb
Re: Need help hacking DP832 for multicolour option.
« Reply #40 on: January 08, 2016, 01:26:33 am »
LOL. Before all this crypto key stuff I used to encrypt files with XOR.Just because I may use a plaintext password as the cipher didn't mean I wouldn't keep re-xor encrypting that password byte by byte as I went...

and this was on the BBC Micro back in the '80s!

However the old ones are the best. Good to see XOR is still used  ;)
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #41 on: January 08, 2016, 01:51:32 am »
LOL. Before all this crypto key stuff I used to encrypt files with XOR.Just because I may use a plaintext password as the cipher didn't mean I wouldn't keep re-xor encrypting that password byte by byte as I went...

and this was on the BBC Micro back in the '80s!

However the old ones are the best. Good to see XOR is still used  ;)
Well, I don't know if my XOR results are just coincidence or not.   Doesn't seem to work so well after RIGOL.  Or maybe the header's changed a bit.  If I could find a pattern for the least significant digits (7A, 6A, 57, 4F, 34) I'd be certain there was something to this.
 
The following users thanked this post: Dwaine

Offline Macbeth

  • Super Contributor
  • ***
  • Posts: 2571
  • Country: gb
Re: Need help hacking DP832 for multicolour option.
« Reply #42 on: January 08, 2016, 02:14:38 am »
Perhaps there is no "Rigol" header, and the firmware is exactly in the format the MX28 expects?

I know when I had to recover my bricked Rigol DM3058 only the start of the flash firmware was a RIGOL string, everything after that was in Blackfin LDR format as I found by reading the datasheet (or tome!). So I stripped that out and JTAG uploaded the rest verbatim to flash and all was well.

Perhaps there is no "Rigol" header and this firmware is purely in the MX28 format? You may be chasing a red herring.
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #43 on: January 08, 2016, 02:28:20 am »
Perhaps there is no "Rigol" header, and the firmware is exactly in the format the MX28 expects?

I know when I had to recover my bricked Rigol DM3058 only the start of the flash firmware was a RIGOL string, everything after that was in Blackfin LDR format as I found by reading the datasheet (or tome!). So I stripped that out and JTAG uploaded the rest verbatim to flash and all was well.

Perhaps there is no "Rigol" header and this firmware is purely in the MX28 format? You may be chasing a red herring.

I thought that myself but I don't think that's the case.   That was my original assumption Macbeth.   But I dunno, I was looking at the datasheet and trying to analyze the Bootloader .GEL file and the bits just don't seem to match up.   Some of the unused bits are set, some aren't.   Some conflict.  There's also the whole tablet thing.   At the very start of the .GEL file, if you compare x offset to 73 + x, a lot of them will match.    There's giant sections where the Software .GEL file will show stuff like 0xCBh to 0xFFh and then go to 0x00h to 0x90h.   The 73 + x rule always matches with those weird sections.    Like if you start at the first sector (sector 0), there's a 0x28 there.   The table thing I discovered would be 0x74 at that place.   The next value in the firmware is 0x23.   The table would be 0x75...if you go all the way up to where 0xCB is in the .GEL file, when the run starts, the tablet thing holds true.  It'll equal 0xCB.   This holds true for the whole .GEL file.   It'd be weird for some sort of processor I'd think to have instructions like that.  Like the whole file is filled with 0x74 through 0xFF then it just repeats, 0x00 through 0xFF.   There's some real data some places, other places it's just the pattern showing through.

I assumed (and might be wrong here) that the Software.GEL file actually holds NAND data.   Someone dumped their NAND by removing the physical chip from the system and hooking it up to some NAND reader.   He showed a screenshot of the first few bytes in there.   They don't look anything like the .GEL file.   You can see stuff like DP830   DP831    DP832, etc.   When I look for strings in the GEL file, I find none.   Absolutely none.   I'd think I'd see at least something there.

Thanks for the help though!   Much appreciated.
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #44 on: January 08, 2016, 03:21:16 am »
The statistics are real weird as well, which makes me think it's some sort of archive.   It's wavey.   I used HxD and clicked the Statistics button and it shows a bar graph of each value in the file, from 00h to FFh.   It shows how frequent the value is found.   And there's definitely a pattern there!   For example, there's about equal numbers of 1A's as there are 2A's as there are 3A's.   But the #A's aren't as frequent as something like 9h, 19h, 29h, which are all just about equally as prevalent.
 

Offline volkimel

  • Contributor
  • Posts: 10
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #45 on: September 18, 2016, 05:23:05 am »
Hi DP832 users,

my first post here on the forum.
It's been a while since the last post on this topic, but I'll give it a go.

I had a look at the GEL file from DP800(Software)Update(Normal)_00.01.13.00.01 and found some interesting stuff:

Start at the first byte of the file and subtract 0x74, at the second byte subtract 0x75, at the third byte 0x76, and so on...
When you reach 0xFF the next byte gets 0x00 (nothing, really) subtracted, and again and again...

If the entire file is processed like this, it reveals some interesting stuff further into the file. Don't know what the exact meaning of those is, however.

Here is a short C-program I used to do this:
Code: [Select]
// rewrite Rigol DP800 GEL file
#include "stdafx.h"
#include <stdlib.h>

#define OFFS 116 // Offset at start of File (0x74)

// Main
int main ( int argc, char *argv[] )
{
FILE *infile;
FILE *outfile;

if(argc < 2)
{
printf("Usage : %s [input]\n", *argv);
return EXIT_FAILURE;
}

// Open input file
infile = fopen(argv[1], "rb");
if(infile != NULL)
printf("File found\n");
else
{
printf("Error while opening!\n");
return EXIT_FAILURE;
}

// Open output file
outfile = fopen("DP800Update_descrambled_GEL.txt", "wb");

int ch; // current read char
int i = 0; // counter

while ((ch = fgetc(infile)) != EOF) // read until EOL
{
ch = ((ch + 256 - i - OFFS) % 256); // subtract offset
fprintf(outfile, "%c", ch); // write new char
i = ((i + 1) % 256); // increment counter
}
fclose(infile);
fclose(outfile);
printf("done!");

return EXIT_SUCCESS;
}

Hopefully this helps somewhere.

Cheers,

Volki
 
The following users thanked this post: WhichEnt2, tossu

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #46 on: September 18, 2016, 06:07:53 pm »
Hello Volki,

We're in the process of having a baby in the near future and I'm trying to redo the baby's room (put down hardwood floor).  I don't have a lot of free time right now, but after you run the encrypted firmware through your program, what do the first couple bytes of the file look like?   A lot of the Rigol stuff seem to start with the model of the device, like DP800, for instance.   Thanks.
 

Offline volkimel

  • Contributor
  • Posts: 10
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #47 on: September 18, 2016, 10:33:38 pm »
Hi,

just confirmed that this same thing works with DP800(Software)Update(Normal)_00.01.14.00.03 firmware as well.

The first bytes of the files don't make much sense. No DP800 or anything (at least I didn't see it).

Here are the first 512 bytes of 00.01.13.00.01:
Code: [Select]
B4 AE 9A 89 00 40 A0 A1 00 00 52 00 58 3D 00 00
FF FF 00 00 9F 00 00 00 54 3D 00 00 18 F0 9F E5
18 F0 9F E5 18 F0 9F E5 18 F0 9F E5 18 F0 9F E5
00 00 00 00 14 F0 9F E5 14 F0 9F E5 B0 3A 08 00
34 3C 08 00 34 3C 08 00 34 3C 08 00 34 3C 08 00
34 3C 08 00 40 01 08 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 C0 9F E5
1C FF 2F E1 35 11 08 00 00 C0 9F E5 1C FF 2F E1
F1 03 08 00 00 C0 9F E5 1C FF 2F E1 71 11 08 00
00 C0 9F E5 1C FF 2F E1 E5 02 08 00 08 B4 02 4B
9C 46 08 BC 60 47 C0 46 38 2A 08 00 04 E0 4E E2
0F 40 2D E9 04 D0 4D E2 00 80 A0 E3 FF 90 E0 E3
FE 9C C9 E3 00 A0 99 E5 0A 80 B0 E1 93 B0 E0 E3
FC BC CB E3 55 00 A0 E3 00 00 8B E5 08 00 18 E3
30 00 00 0A 24 E9 9F E5 00 C0 DE E5 C8 34 9F E5
04 20 D3 E5 02 00 5C E1 02 00 00 3A 0C 19 9F E5
00 90 A0 E3 00 90 C1 E5 CB A0 E0 E3 F2 AC CA E3
40 BA A0 E3 00 B0 8A E5 01 00 A0 E3 D2 FF FF EB
E8 08 9F E5 00 E0 D0 E5 8E C0 B0 E1 88 34 9F E5
03 20 9C E0 BC 13 D2 E1 01 96 B0 E1 FB A0 E0 E3
F9 AC CA E3 00 90 8A E5 01 00 A0 E3 C6 FF FF EB

And here for 00.01.14.00.03:
Code: [Select]
B4 AE 9A 89 00 40 81 40 00 00 52 00 A0 3D 00 00
FF FF 00 00 9F 00 00 00 9C 3D 00 00 18 F0 9F E5
18 F0 9F E5 18 F0 9F E5 18 F0 9F E5 18 F0 9F E5
00 00 00 00 14 F0 9F E5 14 F0 9F E5 F8 3A 08 00
7C 3C 08 00 7C 3C 08 00 7C 3C 08 00 7C 3C 08 00
7C 3C 08 00 58 22 08 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 B5 06 48
00 68 40 07 40 0F 00 06 00 0E 07 28 00 D3 00 20
00 06 00 0E 08 BC 18 47 20 0D FF FF 10 B5 04 00
20 78 A1 78 00 06 00 0E 01 28 00 D1 2A E1 0F D3
03 28 00 D1 66 E3 00 D2 64 E2 05 28 01 D1 00 F0
E1 FC 01 D2 00 F0 4C FC 06 28 01 D1 00 F0 5A FD
02 20 60 70 09 06 09 0E 01 29 6A D1 01 20 E0 70
02 20 20 71 02 20 60 71 02 20 A0 71 80 20 20 81
40 20 60 81 B0 20 C0 00 20 82 90 20 C0 00 60 82
A0 20 C0 00 E0 82 06 20 20 76 04 20 60 76 BA 48
A0 87 BA 48 E0 87 44 20 B7 49 21 52 46 20 B7 49
21 52 62 79 04 20 42 43 00 21 B4 20 40 00 20 18
00 F0 9E FF 62 79 04 20 42 43 FF 21 C2 20 40 00
20 18 00 F0 95 FF A2 79 04 20 42 43 00 21 BC 20
40 00 20 18 00 F0 8C FF A2 79 04 20 42 43 FF 21

Cheers,

Volki
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #48 on: September 19, 2016, 05:19:58 am »
You mention some interesting stuff further in the file.   What type of interesting stuff is further in the file?   Is it plain text ASCII?
 

Offline dav

  • Regular Contributor
  • *
  • Posts: 133
  • Country: it
Re: Need help hacking DP832 for multicolour option.
« Reply #49 on: September 19, 2016, 10:51:07 am »
@Spork Schivago:
There is some text; take a look yourself with an hex editor.
 

Offline volkimel

  • Contributor
  • Posts: 10
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #50 on: September 19, 2016, 11:49:31 am »
There are a lot of bitmaps in RGB565, one after the other, in different sizes. Some parts that look like code in between.
Some html/xml and javascript (with some "~" every 128 bytes),
Some filenames with a hint to "E:\MQX\Freescale MQX 3.7 ARM9 imx287evk_rev2\Freescale MQX 3.7 ARM9 imx287evk",
Some strings seem to be model numbers (namely DP831A, DP832A, DP821A, DP811A, DP812A, DP813A, DP841A, DP831, DP832, DP821, DP811, DP812, DP813, DP841)

So far I could not identify a structure of it all.
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #51 on: September 19, 2016, 05:55:11 pm »
Thank you guys so much!

So, from the sounds of it, Volki successfully decrypted the firmware update.   Do you guys think that's safe to assume?   There was some program I ran across a while back...a program made for Rigol .GEL files.   It could extract the files or something.   I wonder if that program would work now with the decrypted DP832 firmware...
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #52 on: September 19, 2016, 06:38:53 pm »
I don't know a lot about flash or anything, but looking through the descrambled GEL file, at offset: 3091B5, I see:
Code: [Select]
<link hEref
I know with HTML, that should be
Code: [Select]
<link href.   Maybe that E in there has something to do with the flash, like where that bit of code gets written to...or maybe there's a little more to descrambling this file, or maybe it's compressed some how.   What do you guys think?

Further down the file, the www's aren't right.   Like at offset: 3092A6 and 309304
 

Offline volkimel

  • Contributor
  • Posts: 10
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #53 on: September 19, 2016, 09:35:00 pm »
These inconsistencies in plain xml '<hEref' appear in regular intervals, i.e. like every 128 bytes (find '~' mostly) inside a logical block, that's why I think it's part of a bigger package. I'm not really experienced in this.

Other things I observed are a lot of bitmaps in RGB565. If you see the descrambled file as a bitstream, run it through a raw pixel viewer and adjust the width correctly, you see a lot of bitmaps. The first one looks like a clock face, then comes more unidentified data and then a whole collection of more bitmaps. For ecample, I also found the 'middle balls' of the normal view in DP8xxA models.
Other bitmaps are the LXI logo, RIGOL logo, all in diverse colours. Haven't got any at hand to attach atm.
But these bitmaps do not have a header of some sort. They are just next to each other.
However, I didn't find a section with indexes and size information of the single bitmaps, yet. So, these might be part of a bigger package again.
So I keep on searching for some kind of index table.
I couldn't make any sense of the first 256 or so bytes in the file, yet.
 

Offline Macbeth

  • Super Contributor
  • ***
  • Posts: 2571
  • Country: gb
Re: Need help hacking DP832 for multicolour option.
« Reply #54 on: September 19, 2016, 09:50:28 pm »
Excellent hacking! It seems a lot of work to get multicolour but the journey is far more interesting than the goal!
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #55 on: September 19, 2016, 10:03:12 pm »
These inconsistencies in plain xml '<hEref' appear in regular intervals, i.e. like every 128 bytes (find '~' mostly) inside a logical block, that's why I think it's part of a bigger package. I'm not really experienced in this.
I noticed the same pattern.   Also, with the www's, the ones that have the messed up text, almost all of them start with a y with a ' over it.   And then there's a w and a lot have the ~.   Like http://y(with the ' over it)w~.   I saw one that had a capital Z instead of the ~ (or maybe instead of the funky y).

Other things I observed are a lot of bitmaps in RGB565. If you see the descrambled file as a bitstream, run it through a raw pixel viewer and adjust the width correctly, you see a lot of bitmaps. The first one looks like a clock face, then comes more unidentified data and then a whole collection of more bitmaps. For example, I also found the 'middle balls' of the normal view in DP8xxA models.
Other bitmaps are the LXI logo, RIGOL logo, all in diverse colours. Haven't got any at hand to attach atm.
But these bitmaps do not have a header of some sort. They are just next to each other.
However, I didn't find a section with indexes and size information of the single bitmaps, yet. So, these might be part of a bigger package again.
So I keep on searching for some kind of index table.
I couldn't make any sense of the first 256 or so bytes in the file, yet.

You know more about bitmaps than I do.   I too couldn't find an index but I think there has to be one somewheres.   Perhaps in the first 256 bytes or so.   I'm wondering if the first few bytes of the file get decrypted / descrambled differently.

If I were to take a guess, I'd bet the file header for this firmware update might not be too much different than some of the other Rigol firmwares.   Perhaps that could help?   I was reading for the DSxxxx's that Rigol makes, if I understand them correctly, the index for the files is in the beginning of the update file.   I know when I worked as a programmer for Deposit Computer Services, Inc, whenever we got a new customer, I'd find the source code from another customer that wanted something similar and I'd just modify the code a little bit to make it fit, rather than writing the whole thing from scratch.   I bet Rigol's programmers do the same.   The header might not be too much different from the headers in their other files.   Just properly decrypting it, there might be more to it than the 75, 76, 77, etc thing.

I cannot seem to find any termination strings that might separate one file from another.   I think an index has to be used.   Something with offset, filelength and filename and probably some sort of checksum.   Also, somewheres, I almost remember finding the ends of the various Rigol DP832 firmwares had something special about them, like it was all the same values, the last 500 and some bytes or something.   I thought I posted about that somewhere here, in this thread.   Maybe there's a footer.

You did great work though and got much further than I did.   I had given up on this.   Thank you!!!!
 

Offline volkimel

  • Contributor
  • Posts: 10
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #56 on: September 30, 2016, 11:27:00 am »
I've compared the current (00.01.14.00.01) GEL file that was de-scrambled as before, with an older version (00.01.09.00.01). Here is what they look like:

DP800Update.GEL (00.01.09.00.01)                    DP800Update_descrambled.GEL (00.01.14.00.01)   
----------------------------------------------------------------------------------------------------
                                                 |                                      B4 AE 9A 89
00 40 CE 08 00 00 52 00 20 35 00 00 FF FF 00 00  |  00 40 81 40 00 00 52 00 A0 3D 00 00 FF FF 00 00
9F 00 00 00 20 35 00 00 18 F0 9F E5 18 F0 9F E5  |  9F 00 00 00 9C 3D 00 00 18 F0 9F E5 18 F0 9F E5
18 F0 9F E5 18 F0 9F E5 18 F0 9F E5 00 00 00 00  |  18 F0 9F E5 18 F0 9F E5 18 F0 9F E5 00 00 00 00
14 F0 9F E5 14 F0 9F E5 78 33 08 00 FC 34 08 00  |  14 F0 9F E5 14 F0 9F E5 F8 3A 08 00 7C 3C 08 00
FC 34 08 00 FC 34 08 00 FC 34 08 00 FC 34 08 00  |  7C 3C 08 00 7C 3C 08 00 7C 3C 08 00 7C 3C 08 00
40 01 08 00 00 00 00 00 00 00 00 00 00 00 00 00  |  58 22 08 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 C0 9F E5 1C FF 2F E1  |  00 00 00 00 00 00 00 00 00 B5 06 48 00 68 40 07
E1 0E 08 00 00 C0 9F E5 1C FF 2F E1 C1 03 08 00  |  40 0F 00 06 00 0E 07 28 00 D3 00 20 00 06 00 0E
00 C0 9F E5 1C FF 2F E1 1D 0F 08 00 00 C0 9F E5  |  08 BC 18 47 20 0D FF FF 10 B5 04 00 20 78 A1 78


The (00.01.09.00.01) version is not scrambled and misses the first 4 Bytes: B4 AE 9A 89. From there on, the structure aligns pretty good. Only a few bytes are different, either addresses or length information...

I looked through the bitmaps I could find in (00.01.14.00.03) and made a collection of them here.
Furthermore I could find a lot of 1 bit per pixel character sets with all sorts of special characters. Amongst them are also the 7-segment numbers in different sizes for the main display. Haven't indexed those, though.

Still looking at it and not getting an idea what the overall structure could be. Any more ideas? Any disassemblers?
 
The following users thanked this post: Spork Schivago

Offline volkimel

  • Contributor
  • Posts: 10
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #57 on: September 30, 2016, 11:43:23 am »
I cannot seem to find any termination strings that might separate one file from another.   I think an index has to be used.   Something with offset, filelength and filename and probably some sort of checksum.   Also, somewheres, I almost remember finding the ends of the various Rigol DP832 firmwares had something special about them, like it was all the same values, the last 500 and some bytes or something.   I thought I posted about that somewhere here, in this thread.   Maybe there's a footer.

Some bitmaps in the file can be found in different colors (for the different DP800 variants). They are directly adjacent to each other in the code. But sometimes they are also separated by 2 bytes: 00 00. Didn't find a reason for that and why it is only sometimes...

The different variants can be found in location 0x2F172C:
Code: [Select]
44 50 38 33 31 41 00 00 44 50 38 33 32 41 00 00  |  DP831A..DP832A..
44 50 38 32 31 41 00 00 44 50 38 31 31 41 00 00  |  DP821A..DP811A..
44 50 38 31 32 41 00 00 44 50 38 31 33 41 00 00  |  DP812A..DP813A..
44 50 38 34 31 41 00 00 44 50 38 33 31 00 00 00  |  DP841A..DP831...
44 50 38 33 32 00 00 00 44 50 38 32 31 00 00 00  |  DP832...DP821...
44 50 38 31 31 00 00 00 44 50 38 31 32 00 00 00  |  DP811...DP812...
44 50 38 31 33 00 00 00 44 50 38 34 31 00 00 00  |  DP813...DP841...
 

Offline Macbeth

  • Super Contributor
  • ***
  • Posts: 2571
  • Country: gb
Re: Need help hacking DP832 for multicolour option.
« Reply #58 on: September 30, 2016, 05:44:29 pm »
Could this be a lookup table for model numbers that are pre-programmed in the devices flash area along with serial number and calibration, etc?

Would it by as simple as changing byte 0x2F1771 from 00 to 41 'A' and perhaps byte 0x2F1739 from 41 to 00 for consistency but also just in case a simple checksum is used?

Nah, that seems to easy  :-DD
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #59 on: September 30, 2016, 06:46:43 pm »
Could this be a lookup table for model numbers that are pre-programmed in the devices flash area along with serial number and calibration, etc?

Would it by as simple as changing byte 0x2F1771 from 00 to 41 'A' and perhaps byte 0x2F1739 from 41 to 00 for consistency but also just in case a simple checksum is used?

Nah, that seems to easy  :-DD
I too found the variants at 0x2F172C but I think there has to be a checksum that would prevent the firmware from being loaded.   Someone with more time than me right now could try a simple test.   Turn on their power supply, find a text string in some menu.   Search the descrambled file for this string and make sure it's only found once in the file.   Then just change a letter.   Flash the firmware and see if it's changed in the menu.

If there's some sort of checksum, I'd imagine the power supply would refuse to accept the firmware.   Another thing would be to make sure you can flash the same version firmware that's already installed on the machine.

For example, if your DP832 has firmware 00.01.14.00.01, make sure you can flash a normal version of firmware 00.01.14.00.01.    Otherwise, we could have issues.   Let's say someone's running firmware 00.01.09.00.01 and they flash a modified version of 00.01.14.00.01.   Then they go to undo their changes and try flashing 00.01.14.00.01 again.   The machine might refuse the firmware saying it's already up-to-date.   That could greatly reduce someone's chances to finding a multi-coloured option for the DP832's.   They might only have a couple chances at it.

Can someone upload the source code to re-scramble the files?   I wonder what would happen if someone removed those first 4 bytes in the descrambled file and try flashing it, descrambled like....maybe those first four say the file's encrypted or something?
 

Offline Macbeth

  • Super Contributor
  • ***
  • Posts: 2571
  • Country: gb
Re: Need help hacking DP832 for multicolour option.
« Reply #60 on: September 30, 2016, 07:02:50 pm »
Ok, I didn't rescramble the file but modified my original 1.14 using the same '74 offset' formula.

So I changed

2F1379 from EE to AD
2F1771 from E5 to 5C

Reflashed using USB and the help button at the '...' elipses, it didn't spit back any errors and appeared to accept the file, flashed ok and asked me to power off and on.

Unfortunately it hasn't made the blindest difference  (at least that I have found so far. Perhaps a SCPI command or the webserver will report back the wrong model?) :-DD
 
The following users thanked this post: Spork Schivago

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #61 on: September 30, 2016, 07:16:15 pm »
I've compared the current (00.01.14.00.01) GEL file that was de-scrambled as before, with an older version (00.01.09.00.01). Here is what they look like:

DP800Update.GEL (00.01.09.00.01)                    DP800Update_descrambled.GEL (00.01.14.00.01)   
----------------------------------------------------------------------------------------------------
                                                 |                                      B4 AE 9A 89
00 40 CE 08 00 00 52 00 20 35 00 00 FF FF 00 00  |  00 40 81 40 00 00 52 00 A0 3D 00 00 FF FF 00 00
9F 00 00 00 20 35 00 00 18 F0 9F E5 18 F0 9F E5  |  9F 00 00 00 9C 3D 00 00 18 F0 9F E5 18 F0 9F E5
18 F0 9F E5 18 F0 9F E5 18 F0 9F E5 00 00 00 00  |  18 F0 9F E5 18 F0 9F E5 18 F0 9F E5 00 00 00 00
14 F0 9F E5 14 F0 9F E5 78 33 08 00 FC 34 08 00  |  14 F0 9F E5 14 F0 9F E5 F8 3A 08 00 7C 3C 08 00
FC 34 08 00 FC 34 08 00 FC 34 08 00 FC 34 08 00  |  7C 3C 08 00 7C 3C 08 00 7C 3C 08 00 7C 3C 08 00
40 01 08 00 00 00 00 00 00 00 00 00 00 00 00 00  |  58 22 08 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 C0 9F E5 1C FF 2F E1  |  00 00 00 00 00 00 00 00 00 B5 06 48 00 68 40 07
E1 0E 08 00 00 C0 9F E5 1C FF 2F E1 C1 03 08 00  |  40 0F 00 06 00 0E 07 28 00 D3 00 20 00 06 00 0E
00 C0 9F E5 1C FF 2F E1 1D 0F 08 00 00 C0 9F E5  |  08 BC 18 47 20 0D FF FF 10 B5 04 00 20 78 A1 78


The (00.01.09.00.01) version is not scrambled and misses the first 4 Bytes: B4 AE 9A 89. From there on, the structure aligns pretty good. Only a few bytes are different, either addresses or length information...

I looked through the bitmaps I could find in (00.01.14.00.03) and made a collection of them here.
Furthermore I could find a lot of 1 bit per pixel character sets with all sorts of special characters. Amongst them are also the 7-segment numbers in different sizes for the main display. Haven't indexed those, though.

Still looking at it and not getting an idea what the overall structure could be. Any more ideas? Any disassemblers?

The bottom of 00.01.09.00.01 seems to repeat itself a bit, but the bottom of the newer version doesn't.

DP800Update.GEL (00.01.09.00.01)                    DP800Update_descrambled.GEL (00.01.14.00.01)   
----------------------------------------------------------------------------------------------------
                                                 |                                      B4 AE 9A 89
00 40 CE 08 00 00 52 00 20 35 00 00 FF FF 00 00  |  00 40 81 40 00 00 52 00 A0 3D 00 00 FF FF 00 00
9F 00 00 00 20 35 00 00 18 F0 9F E5 18 F0 9F E5  |  9F 00 00 00 9C 3D 00 00 18 F0 9F E5 18 F0 9F E5
18 F0 9F E5 18 F0 9F E5 18 F0 9F E5 00 00 00 00  |  18 F0 9F E5 18 F0 9F E5 18 F0 9F E5 00 00 00 00
14 F0 9F E5 14 F0 9F E5 78 33 08 00 FC 34 08 00  |  14 F0 9F E5 14 F0 9F E5 F8 3A 08 00 7C 3C 08 00
FC 34 08 00 FC 34 08 00 FC 34 08 00 FC 34 08 00  |  7C 3C 08 00 7C 3C 08 00 7C 3C 08 00 7C 3C 08 00
40 01 08 00 00 00 00 00 00 00 00 00 00 00 00 00  |  58 22 08 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 C0 9F E5 1C FF 2F E1  |  00 00 00 00 00 00 00 00 00 B5 06 48 00 68 40 07
E1 0E 08 00 00 C0 9F E5 1C FF 2F E1 C1 03 08 00  |  40 0F 00 06 00 0E 07 28 00 D3 00 20 00 06 00 0E
00 C0 9F E5 1C FF 2F E1 1D 0F 08 00 00 C0 9F E5  |  08 BC 18 47 20 0D FF FF 10 B5 04 00 20 78 A1 78



Maybe the 9F E5's are some sort of terminator though?

DP800Update.GEL (00.01.09.00.01)                    DP800Update_descrambled.GEL (00.01.14.00.01)   
----------------------------------------------------------------------------------------------------
                                                 |                                      B4 AE 9A 89
00 40 CE 08 00 00 52 00 20 35 00 00 FF FF 00 00  |  00 40 81 40 00 00 52 00 A0 3D 00 00 FF FF 00 00
9F 00 00 00 20 35 00 00 18 F0 9F E5 18 F0 9F E5  |  9F 00 00 00 9C 3D 00 00 18 F0 9F E5 18 F0 9F E5
18 F0 9F E5 18 F0 9F E5 18 F0 9F E5 00 00 00 00  |  18 F0 9F E5 18 F0 9F E5 18 F0 9F E5 00 00 00 00
14 F0 9F E5 14 F0 9F E5 78 33 08 00 FC 34 08 00  |  14 F0 9F E5 14 F0 9F E5 F8 3A 08 00 7C 3C 08 00
FC 34 08 00 FC 34 08 00 FC 34 08 00 FC 34 08 00  |  7C 3C 08 00 7C 3C 08 00 7C 3C 08 00 7C 3C 08 00
40 01 08 00 00 00 00 00 00 00 00 00 00 00 00 00  |  58 22 08 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 C0 9F E5 1C FF 2F E1  |  00 00 00 00 00 00 00 00 00 B5 06 48 00 68 40 07
E1 0E 08 00 00 C0 9F E5 1C FF 2F E1 C1 03 08 00  |  40 0F 00 06 00 0E 07 28 00 D3 00 20 00 06 00 0E
00 C0 9F E5 1C FF 2F E1 1D 0F 08 00 00 C0 9F E5  |  08 BC 18 47 20 0D FF FF 10 B5 04 00 20 78 A1 78

Or maybe the four bytes there, like 18 F0 9F E5 are offsets?

There's gotta be some version string somewheres here.   I'd really think this is some sort of header.   I'd think it'd contain the version string, size of the file, etc.
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #62 on: September 30, 2016, 07:18:38 pm »
Ok, I didn't rescramble the file but modified my original 1.14 using the same '74 offset' formula.

So I changed

2F1379 from EE to AD
2F1771 from E5 to 5C

Reflashed using USB and the help button at the '...' elipses, it didn't spit back any errors and appeared to accept the file, flashed ok and asked me to power off and on.

Unfortunately it hasn't made the blindest difference  (at least that I have found so far. Perhaps a SCPI command or the webserver will report back the wrong model?) :-DD

You can flash the same version firmware over and over again?   Perhaps you'd like to go into the menu, find some text string, and do what I suggested earlier?   Just change the text a little and see if it makes any difference.   I wouldn't try modifying the webpage stuff at all, but the actual text string in one of the menus....if that's successful, then we can assume perhaps there's no checksum's at all?   That'd be great news....
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #63 on: September 30, 2016, 08:17:50 pm »
I keep on trying to upload 00.01.14.00.03 in a zip file and it looks like it goes, but my posts don't get posted here for some reason.   Not sure where they're going.   But after I post, it takes me this Start new message page, as if I'm trying to PM someone.   I don't see why I cannot upload the zip file.   It's 9,244KB in size.   Any ideas?    I thought with closer firmware numbers, there wouldn't be so many changes and maybe it'd be easier to figure out the stuff, like the header of the file, etc.
 

Offline Macbeth

  • Super Contributor
  • ***
  • Posts: 2571
  • Country: gb
Re: Need help hacking DP832 for multicolour option.
« Reply #64 on: September 30, 2016, 08:25:32 pm »
Ok, I chose to change the installed options text at 277BC0 from ":Official" to ":Hacked!" so the encoded bytes are

5E 6D 87 8A 93 8E B8 4C 2C

Reflashed and unfortunately the options still showed as ":Official" so perhaps it is ignoring the upgrade? I then tried the "Update analog board 1 & 2" step just in case but no luck.

So I downgraded using official 1.13 - that installed and reported version correctly.

I then re-installed my hacked 1.14 which gave all indication of installing ok, but the Sys Info still showed 1.13 and of course my hack did not work.

I then installed proper 1.14 which installed ok, and now Sys Info does show 1.14.

So I give up. That's it for tonight!  ;)
 
The following users thanked this post: Spork Schivago

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #65 on: September 30, 2016, 08:55:48 pm »
Ok, I chose to change the installed options text at 277BC0 from ":Official" to ":Hacked!" so the encoded bytes are

5E 6D 87 8A 93 8E B8 4C 2C

Reflashed and unfortunately the options still showed as ":Official" so perhaps it is ignoring the upgrade? I then tried the "Update analog board 1 & 2" step just in case but no luck.

So I downgraded using official 1.13 - that installed and reported version correctly.

I then re-installed my hacked 1.14 which gave all indication of installing ok, but the Sys Info still showed 1.13 and of course my hack did not work.

I then installed proper 1.14 which installed ok, and now Sys Info does show 1.14.

So I give up. That's it for tonight!  ;)

Just so I'm understanding you correctly, you had a hacked 1.14, you installed it, it seemed to install correctly.   But the hack didn't go through, so you installed an unhacked 1.13, checked the version, it showed 1.13.   Then you went and installed your hacked 1.14 again, checked the version, and it still showed 1.13, is that correct?

It seems there is in fact a checksum somewheres...Are there any logs that get stored anywhere on the device when a firmware update is performed?   Also, when you install the hacked firmware, are you re-encoding them or does the power supply seem to accept the decrypted / unscrambled versions?  Thanks for trying!
 

Offline Macbeth

  • Super Contributor
  • ***
  • Posts: 2571
  • Country: gb
Re: Need help hacking DP832 for multicolour option.
« Reply #66 on: September 30, 2016, 09:34:11 pm »
Just so I'm understanding you correctly, you had a hacked 1.14, you installed it, it seemed to install correctly.   But the hack didn't go through, so you installed an unhacked 1.13, checked the version, it showed 1.13.   Then you went and installed your hacked 1.14 again, checked the version, and it still showed 1.13, is that correct?

Yep!

Quote
It seems there is in fact a checksum somewheres...Are there any logs that get stored anywhere on the device when a firmware update is performed?   Also, when you install the hacked firmware, are you re-encoding them or does the power supply seem to accept the decrypted / unscrambled versions?  Thanks for trying!

Spork, the first attempt I simply swapped the bytes for 'DP832\0' and 'DP832A' (but re-encoded using the offset 0x74 algorithm, purely using http://www.hexedit.com/ and manually with its calculator. This is on the original 1.14 file, not the decoded one.

Though the PSU appeared to accept it and reported "Upgrade successful!" it made no difference. I did choose to swap the bytes instead of just changing 1 byte because I guessed there may be a checksum and simple checksum algo's will still work if bytes are just swapped.

So I then chose to do something more blatant as in change some obvious text but without any attempt at covering for a simple checksum. I did not unscramble/decrypt the whole file, just changed the bytes using the 74 offset algo and HexEdit. No joy with that but no error messages stating anything wrong with the update. Indeed it appeared to go just fine!

Regarding limited chances at upgrading firmwares, it looks like downgrades and upgrades work just fine. I think it is only the bootloader that you can't downgrade but that is for firmwares with a bootloader <1.09 IIRC and the firmware we are playing with (so far) is not the bootloader.
« Last Edit: September 30, 2016, 09:37:26 pm by Macbeth »
 

Offline volkimel

  • Contributor
  • Posts: 10
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #67 on: September 30, 2016, 10:56:50 pm »
So I then chose to do something more blatant as in change some obvious text but without any attempt at covering for a simple checksum. I did not unscramble/decrypt the whole file, just changed the bytes using the 74 offset algo and HexEdit. No joy with that but no error messages stating anything wrong with the update. Indeed it appeared to go just fine!

Regarding limited chances at upgrading firmwares, it looks like downgrades and upgrades work just fine. I think it is only the bootloader that you can't downgrade but that is for firmwares with a bootloader <1.09 IIRC and the firmware we are playing with (so far) is not the bootloader.
At least that's good news that you can flash over and over again, as it seems.
Might be worth trying changes in all the different parts of the software now: changing bitmaps, changing HTML code, etc. See which changes are accepted until it breaks.
 

Offline volkimel

  • Contributor
  • Posts: 10
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #68 on: October 01, 2016, 01:02:46 am »
Maybe an interesting find and a pointer into the right direction (pun intended  ^-^):

In the header of (00.01.14.00.03) we find:
000000: B4 AE 9A 89 00 40 81 40 00 00 52 00 A0 3D 00 00
000010: FF FF 00 00 9F 00 00 00 9C 3D 00 00 18 F0 9F E5
000020: 18 F0 9F E5 18 F0 9F E5 18 F0 9F E5 18 F0 9F E5
000030: 00 00 00 00 14 F0 9F E5 14 F0 9F E5 F8 3A 08 00
000040: 7C 3C 08 00 7C 3C 08 00 7C 3C 08 00 7C 3C 08 00
000050: 7C 3C 08 00 58 22 08 00 00 00 00 00 00 00 00 00
000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

The addresses 0x00A03D and 0x009C3D and surrounding looks like this:
003D80: 52 55 D5 00 00 00 00 00 00 00 00 00 00 00 00 00
003D90: 77 77 F7 00 FA FA FA 00 FA FA FA 00 00 00 00 00  <-- This is address 0x3D9C from the header
003DA0: A5 00 00 00 00 00 55 55 55 55 00 00 64 00 00 00  <-- This address is 0x3DA0 from the header
003DB0: 01 00 01 00 01 00 00 00 00 40 AB 61 00 00 00 00
003DC0: A1 6D 33 00 FF FF 00 00 9F 00 00 00 52 49 47 4F  <-- RIGO
003DD0: 4C 4C 00 00 00 00 00 00 00 00 00 00 18 F0 9F E5  <-- L
003DE0: 18 F0 9F E5 18 F0 9F E5 18 F0 9F E5 18 F0 9F E5
003DF0: FF FF FF FF 18 F0 9F E5 18 F0 9F E5 DC E8 26 40
003E00: 38 1D 06 40 70 1D 06 40 A8 1D 06 40 E0 1D 06 40
003E10: FF FF FF FF 50 1E 06 40 90 1E 06 40 01 01 00 00
003E20: 40 00 00 00 00 33 6D 40 00 00 00 00 F0 41 2D E9
003E30: 00 60 B0 E1 00 70 A0 E3 9C 0E 9F E5 D7 80 D0 E1
003E40: 08 00 B0 E1 00 0C A0 E1 40 0C B0 E1 80 12 80 E0
003E50: 88 0E 9F E5 01 02 90 E0 00 10 A0 E3 0C 12 C0 E5
003E60: 06 00 B0 E1 00 08 A0 E1 20 08 B0 E1 02 10 A0 E3
003E70: 4C 1D 81 E3 01 00 50 E1 10 00 00 0A 12 10 A0 E3


Notice the "RIGOL" string at 0x003DCC and the recurring 18F09FE5 pattern from the header.

A similar thing seems to happen in 1.09 GEL file and 1.13 GEL files.
Maybe worth looking into this one, as this might be an address reference.

Bytes 55 55 55 55 are some sort of a marker. It does not look like a valid armv5 instruction. However the uint32 that end with some sort of Ex (E0, E1, E3, E5, E9) might be some code bits.

I guess I have to figure out how http://www.hexedit.com/ can be used effectively now.  ;)
 
The following users thanked this post: Spork Schivago

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #69 on: October 01, 2016, 01:14:36 am »
Just so I'm understanding you correctly, you had a hacked 1.14, you installed it, it seemed to install correctly.   But the hack didn't go through, so you installed an unhacked 1.13, checked the version, it showed 1.13.   Then you went and installed your hacked 1.14 again, checked the version, and it still showed 1.13, is that correct?

Yep!

Quote
It seems there is in fact a checksum somewheres...Are there any logs that get stored anywhere on the device when a firmware update is performed?   Also, when you install the hacked firmware, are you re-encoding them or does the power supply seem to accept the decrypted / unscrambled versions?  Thanks for trying!
...I did choose to swap the bytes instead of just changing 1 byte because I guessed there may be a checksum and simple checksum algo's will still work if bytes are just swapped....

What do you consider to be a simple checksum algorithm?   I figured they were probably using something like SHA1 or SHA256.   With those types of algorithms, byte swapping will change the checksum.   MD5 has a lot more collisions than originally thought and I don't think any good coder would use MD5 checksums, but I guess they could.   There's open source programs that implement SHA type checksums so it wouldn't be hard for a programmer to implement the more secure types.

I don't mean to argue with you or anything.   I'm just a bit confused.   If I understand everything correctly, byte swapping would change the checksum if an SHA type algorithm was used, right?   Is SHA not considered simple?   Thanks for sharing what you did and your thinking behind it.   I really appreciate all the help people have provided on trying to get this working.   It seems I'm not the only one interested in making this multi-coloured option work.

I really want to get a collection of the different versions of firmware for the DP832 / DP832A.   Anything under 1.09 isn't encrypted?   If anyone can send me links to the rest of the versions, after our baby is born, I might have some down time and might be able to play more with this.
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #70 on: October 01, 2016, 01:18:51 am »
So I then chose to do something more blatant as in change some obvious text but without any attempt at covering for a simple checksum. I did not unscramble/decrypt the whole file, just changed the bytes using the 74 offset algo and HexEdit. No joy with that but no error messages stating anything wrong with the update. Indeed it appeared to go just fine!

Regarding limited chances at upgrading firmwares, it looks like downgrades and upgrades work just fine. I think it is only the bootloader that you can't downgrade but that is for firmwares with a bootloader <1.09 IIRC and the firmware we are playing with (so far) is not the bootloader.
At least that's good news that you can flash over and over again, as it seems.
Might be worth trying changes in all the different parts of the software now: changing bitmaps, changing HTML code, etc. See which changes are accepted until it breaks.

So far, if I understand Macbeth correctly, all changes are ignored.   It would be worth trying changes though.   We should start working on trying to figure out the checksum routine.   I'll open a hex editor on the decrypted firmware.   If I remember correctly though, different versions of the firmware had some similarities at the end of them.   Maybe that was some sort of checksum?    I know some of the firmware I played with, the header had a checksum, the different parts had checksums, etc.

For example, the header might have a checksum (perhaps that end bit after all those 00's?)   Then maybe the flash section, after all the websites or something, there might be some checksum there.   Then at the end, there might be one for the entire size of the file, etc.
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #71 on: October 01, 2016, 01:23:51 am »
Maybe an interesting find and a pointer into the right direction (pun intended  ^-^):

In the header of (00.01.14.00.03) we find:
000000: B4 AE 9A 89 00 40 81 40 00 00 52 00 A0 3D 00 00
000010: FF FF 00 00 9F 00 00 00 9C 3D 00 00 18 F0 9F E5
000020: 18 F0 9F E5 18 F0 9F E5 18 F0 9F E5 18 F0 9F E5
000030: 00 00 00 00 14 F0 9F E5 14 F0 9F E5 F8 3A 08 00
000040: 7C 3C 08 00 7C 3C 08 00 7C 3C 08 00 7C 3C 08 00
000050: 7C 3C 08 00 58 22 08 00 00 00 00 00 00 00 00 00
000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

The addresses 0x00A03D and 0x009C3D and surrounding looks like this:
003D80: 52 55 D5 00 00 00 00 00 00 00 00 00 00 00 00 00
003D90: 77 77 F7 00 FA FA FA 00 FA FA FA 00 00 00 00 00  <-- This is address 0x3D9C from the header
003DA0: A5 00 00 00 00 00 55 55 55 55 00 00 64 00 00 00  <-- This address is 0x3DA0 from the header
003DB0: 01 00 01 00 01 00 00 00 00 40 AB 61 00 00 00 00
003DC0: A1 6D 33 00 FF FF 00 00 9F 00 00 00 52 49 47 4F  <-- RIGO
003DD0: 4C 4C 00 00 00 00 00 00 00 00 00 00 18 F0 9F E5  <-- L
003DE0: 18 F0 9F E5 18 F0 9F E5 18 F0 9F E5 18 F0 9F E5
003DF0: FF FF FF FF 18 F0 9F E5 18 F0 9F E5 DC E8 26 40
003E00: 38 1D 06 40 70 1D 06 40 A8 1D 06 40 E0 1D 06 40
003E10: FF FF FF FF 50 1E 06 40 90 1E 06 40 01 01 00 00
003E20: 40 00 00 00 00 33 6D 40 00 00 00 00 F0 41 2D E9
003E30: 00 60 B0 E1 00 70 A0 E3 9C 0E 9F E5 D7 80 D0 E1
003E40: 08 00 B0 E1 00 0C A0 E1 40 0C B0 E1 80 12 80 E0
003E50: 88 0E 9F E5 01 02 90 E0 00 10 A0 E3 0C 12 C0 E5
003E60: 06 00 B0 E1 00 08 A0 E1 20 08 B0 E1 02 10 A0 E3
003E70: 4C 1D 81 E3 01 00 50 E1 10 00 00 0A 12 10 A0 E3


Notice the "RIGOL" string at 0x003DCC and the recurring 18F09FE5 pattern from the header.

A similar thing seems to happen in 1.09 GEL file and 1.13 GEL files.
Maybe worth looking into this one, as this might be an address reference.

Bytes 55 55 55 55 are some sort of a marker. It does not look like a valid armv5 instruction. However the uint32 that end with some sort of Ex (E0, E1, E3, E5, E9) might be some code bits.

I guess I have to figure out how http://www.hexedit.com/ can be used effectively now.  ;)

When you say This is address 0x3D9C from the header, you mean from offset 0, right?   You haven't found where the header actually ends yet, have you?   That'd be nice.   Regardless, I too thought maybe there where some addresses in the beginning there but just didn't have time to explore it yet.   In the 1.09 firmware, I thought maybe the 18 F0 9F E5 was an address somewhere.   You guys are making great progress!   
 

Offline stj

  • Super Contributor
  • ***
  • Posts: 2153
  • Country: gb
Re: Need help hacking DP832 for multicolour option.
« Reply #72 on: October 01, 2016, 01:41:18 am »
a slight change of subject - only slight.

maybe you should try to find out how the code determines the model.
does it identify the model when you change the firmware, and flash the apropriate files,
or does it install everything and then determine which files to use every time it's powered up?

does it have an eeprom?
 
The following users thanked this post: Spork Schivago

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #73 on: October 01, 2016, 02:09:03 am »
a slight change of subject - only slight.

maybe you should try to find out how the code determines the model.
does it identify the model when you change the firmware, and flash the apropriate files,
or does it install everything and then determine which files to use every time it's powered up?

does it have an eeprom?

This could be hard to find out.   Last time I tried dumping the flash, OpenOCD didn't fully support this processor.   At the time, the flash wasn't supported, so there was no way to dump it.   I figured (just a straight up guess) that the firmware is the same on the DP832 and the DP832A.   Just at startup, there's some sort of serial number check.   I figured it's kinda like the unlock codes.   You got the right code, it unlocks the features.   You got the right serial number, it'll enable the multi-coloured screen.   That was just my guess though.


At offset 310, you can see what appears to be more addresses.   Memory pointers or something?   Perhaps file sizes or parts of the index?   I don't know, but there's definitely some sort of pattern, in the 1.14.00.03 descrambled file at least.

I don't know where they start so the beginning of these bytes might actually be the end of one address and the beginning of the second, but I see stuff like:
Code: [Select]
00 00 21 21 54 D0 20 40      <-- starts at offset 315h
00 01 21 21 54 FF 20 A2
30 01 21 21 54 D1 20 40
00 01 21 21 54 FF 20 A4
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #74 on: October 01, 2016, 02:35:18 am »
What do you guys make of offset 0x30A69B?   We're still missing something on the decryption or this file is somehow compressed, but I don't think it's compressed.   There's to much text.   Text compresses real easy like.

I see a comment:
Code: [Select]
//window.alert("oh yeah!\nö ~SOng is a pig!");

oh yeah!   then a new line.    But the funky o with two dots over it, the squigly ~, stuff like that I don't think's right.   There's a lot of ý's where there shouldn't be.   Maybe if we could work on getting a bit cleaner descrambling program, we'd see things a bit differently?
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #75 on: October 01, 2016, 04:49:24 am »
What's the bootloader code look like unscrambled?   I have searched through the file looking for some sort of table.   I've found html files, css files, etc.   But there's very few file names.   I found a couple, here's their offsets:
Code: [Select]
Offset 002E8FF8: /images/nav_1_0.jpg
Offset 00285CEC: /DP800A_NetworkSettings.html
Offset 00285D0C: /DP800A_setting_pswrong.html
Offset 002BA170: /RG1000NetworkSettings.css
Offset 002BA18C: /DP800A_NetworkStatus.html
Offset 002BA1C4: /DP800A_WelcomePage.html
Offset 002BAAC4: /RG1000WelcomePage.css
Offset 002BAADC: /DP800A_Security.html
Offset 002BAAF4: /DP800A_successful.html
Offset 002BAB0C: /images/logo_DP800.jpg
Offset 002E8FA8: /RG1000Security.css
Offset 002E8FBC: /DP800A_Help.html
Offset 002E8FD0: /images/logo.jpg
Offset 002E8FE4: /images/nav_1.jpg
Offset 002E8FF8: /images/nav_1_0.jpg
Offset 002E900C: /images/nav_2.jpg
Offset 002E9020: /images/nav_2_0.jpg
Offset 002E9034: /images/nav_3.jpg
Offset 002E9048:/images/nav_3_0.jpg

There were more, but I got tired.   I tried finding how those names were related the data and I couldn't find anything.    For example, I thought there'd be a good chance the /images/logo.jpg file would exist.    So, I searched for hex values like 2E8FD0   and D08F2E.  I found D08F2E at offset: 21A7D4

I found a bunch of other addresses in that area and tried going to what they said, and they took me places, some of them seem to line up and I thought I found the table, but then some of them didn't.   I give up for the night and I'm going to bed.   Maybe someone else can figure it out though.
 

Offline stj

  • Super Contributor
  • ***
  • Posts: 2153
  • Country: gb
Re: Need help hacking DP832 for multicolour option.
« Reply #76 on: October 01, 2016, 05:03:44 am »
What do you guys make of offset 0x30A69B?   We're still missing something on the decryption or this file is somehow compressed, but I don't think it's compressed.   There's to much text.   Text compresses real easy like.

I see a comment:
Code: [Select]
//window.alert("oh yeah!\nö ~SOng is a pig!");

oh yeah!   then a new line.    But the funky o with two dots over it, the squigly ~, stuff like that I don't think's right.   There's a lot of ý's where there shouldn't be.   Maybe if we could work on getting a bit cleaner descrambling program, we'd see things a bit differently?

"nö ~SOng" - is a font issue - use something else to view it such as UTF-8
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #77 on: October 01, 2016, 04:01:55 pm »
What do you guys make of offset 0x30A69B?   We're still missing something on the decryption or this file is somehow compressed, but I don't think it's compressed.   There's to much text.   Text compresses real easy like.

I see a comment:
Code: [Select]
//window.alert("oh yeah!\nö ~SOng is a pig!");

oh yeah!   then a new line.    But the funky o with two dots over it, the squigly ~, stuff like that I don't think's right.   There's a lot of ý's where there shouldn't be.   Maybe if we could work on getting a bit cleaner descrambling program, we'd see things a bit differently?

"nö ~SOng" - is a font issue - use something else to view it such as UTF-8

I have tried UTF-8 but it doesn't seem to make a difference.   Are you sure that's an issue?   There's some strings like:
Code: [Select]
http://ýw~.w3.org/TR/html4/loose.dtd

That's at offset 0x00309133

I'm using HxD and right now have the character set set to ANSI.  I change it to the various different options and none show www.   So, with it set to ANSI, I copy the text, then I open notepad.   I paste the text.   I go to File -> Save As and I set it to UTF-8.   I reopen the text, it's the same.   I paste the text again, now that Notepad is in UTF-8 mode, still the same.   Is there a better hex editor?   I like how HxD can do the various checksums (even custom ones), I like how I can set how many bytes to group together and how many bytes to display per row....It's still lacking though and I don't think it's going to be updated any time soon.

It'd be nice to be able to see the bytes in something besides hex, for instance...Being able to set the encoding to UTF-8 would be nice.   Being able to do a side-by-side comparison of different windows would be nice.   Kinda like how Volkimel displayed the differences between the firmwares, with the underlines and stuff like that.   Any suggestions on a better hex editor for Windows?

I got a little bit of time today.   I want to download the source to Volkimel's program, setup a compiler, make an executable.   I'd like to add some simple command line switches or write a second program that reencrypts the firmware.   If anyone has already done this and just wants to share the source code, I'd greatly appreciate it.   I haven't written a C program for the PC in a long time and it'll take me a bit to walk through the code.   I was looking at the C program Volkimel wrote and I don't fully understand it yet.   That's an issue.   I used to be a C programmer and got paid for writing code.   I shouldn't have trouble understanding this!   It's just been so long.
 

Offline 2N3055

  • Super Contributor
  • ***
  • Posts: 6407
  • Country: hr
Re: Need help hacking DP832 for multicolour option.
« Reply #78 on: October 01, 2016, 05:45:30 pm »
In Windows, Notepad++ is the choice..
 

Offline Macbeth

  • Super Contributor
  • ***
  • Posts: 2571
  • Country: gb
Re: Need help hacking DP832 for multicolour option.
« Reply #79 on: October 01, 2016, 07:18:41 pm »
Spork,

I just wrote a simpler version in Python and added a -r command line option for re-scrambling. :-+

No need for C compilers and .exe files ;) Install Python 2.7 if you don't have it already, and yes Notepad++ is what I use in Windows.

Code: [Select]
# DP800 file descrambler

import argparse

parser = argparse.ArgumentParser(description='Descramble a Rigol DP800 .GEL file')
parser.add_argument('-r', '--rescramble', action='store_true',help='convert back to original format')
parser.add_argument('infile', help='input filename')
parser.add_argument('outfile', help='output filename')
args = parser.parse_args()

with open(args.infile, 'rb') as infile:
    buf = bytearray(infile.read())
    infile.close()

offset = 116

for i in range(len(buf)):
    if args.rescramble:
        b = buf[i] + offset
        if b>255: b-=256
    else:
        b = buf[i] - offset
        if b<0: b += 256

    buf[i] = b
    offset += 1
    if offset > 255: offset=0

with open(args.outfile, 'wb') as outfile:
    outfile.write(buf)
    outfile.close()
« Last Edit: October 01, 2016, 07:47:02 pm by Macbeth »
 
The following users thanked this post: tv84, Spork Schivago, WhichEnt2

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #80 on: October 01, 2016, 08:17:37 pm »
Spork,

I just wrote a simpler version in Python and added a -r command line option for re-scrambling. :-+

No need for C compilers and .exe files ;) Install Python 2.7 if you don't have it already, and yes Notepad++ is what I use in Windows.

Code: [Select]
# DP800 file descrambler

import argparse

parser = argparse.ArgumentParser(description='Descramble a Rigol DP800 .GEL file')
parser.add_argument('-r', '--rescramble', action='store_true',help='convert back to original format')
parser.add_argument('infile', help='input filename')
parser.add_argument('outfile', help='output filename')
args = parser.parse_args()

with open(args.infile, 'rb') as infile:
    buf = bytearray(infile.read())
    infile.close()

offset = 116

for i in range(len(buf)):
    if args.rescramble:
        b = buf[i] + offset
        if b>255: b-=256
    else:
        b = buf[i] - offset
        if b<0: b += 256

    buf[i] = b
    offset += 1
    if offset > 255: offset=0

with open(args.outfile, 'wb') as outfile:
    outfile.write(buf)
    outfile.close()

Macbeth, thanks for the Python script.   I'm a bit of a C fan personally and I might just use your Python script to rewrite the C code to process it.   Not that there's anything wrong with Python.   It's a very nice language and everything.

So, Notepad++, I've heard of this, but it's an actual hex editor that can do everything that I'm looking for?   If it's the program I'm thinking of, it's been around for a very long time, when I was in high school.   Back then, I remember it just being a fancy text editor...I'll check it out.
 

Offline Macbeth

  • Super Contributor
  • ***
  • Posts: 2571
  • Country: gb
Re: Need help hacking DP832 for multicolour option.
« Reply #81 on: October 01, 2016, 09:36:37 pm »
Python... nice!... this is my first attempt at a Python script from scratch and I'll have you know it was a serious PITA! Tabs vs spaces fighting each other ! :-DD

Yeah, good old 'C' is my ultimate fallback and what I use for microcontrollers, short of pure assembler, but all the fashionable kids are doing it in Python, and to be fair interpreted stuff is nicer/easier to play with.

Notepad++ is a text editor with programmers in mind. My Windows Hex editor is free from www.hexedit.com, I've not tried HxD. I will give it a shot...
« Last Edit: October 01, 2016, 09:39:58 pm by Macbeth »
 
The following users thanked this post: Spork Schivago

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #82 on: October 01, 2016, 10:51:45 pm »
Python... nice!... this is my first attempt at a Python script from scratch and I'll have you know it was a serious PITA! Tabs vs spaces fighting each other ! :-DD

Yeah, good old 'C' is my ultimate fallback and what I use for microcontrollers, short of pure assembler, but all the fashionable kids are doing it in Python, and to be fair interpreted stuff is nicer/easier to play with.

Notepad++ is a text editor with programmers in mind. My Windows Hex editor is free from www.hexedit.com, I've not tried HxD. I will give it a shot...

Yeah, I have to agree about the Python.   I've seen a lot about it recently and started learning it from the free MIT courses.   For an interpreted language, it's not too shabby.    I'm slowly getting into PICs.   I just don't have enough free time and too many projects.    C is my favourite, even for the PICs although assembly might be a little more efficient (for microcontrollers I mean).   For being a high level language, the C compilers I generally use seem to pretty optimized.   My all time favourite is the GNU C compiler.

So Notepad++ isn't what I'm looking for.   I'm looking for a better hex editor for Windows.  I'll check out hex edit.   HxD is free as well.   It was promising but I think it's dead now.   The checksum features are nice though.   It can calculate all the way up to SHA-512.  You can pick just one, or certain ones, or all of them, you can have it use custom checksums, you can have it run a checksum on the whole file or just the selection.
 

Offline volkimel

  • Contributor
  • Posts: 10
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #83 on: October 02, 2016, 12:51:30 am »
Spork,

I just wrote a simpler version in Python and added a -r command line option for re-scrambling. :-+

No need for C compilers and .exe files ;) Install Python 2.7 if you don't have it already, and yes Notepad++ is what I use in Windows.

Very nice, Macbeth. Thanks.
Being a microcontroller programmer by trade, it was easier for me to just get a quick C console .exe together. Just because, I knew what I was doing and I was excited to see this pattern.
But Python is of course a nice language for this kind of work. I didn't have Python installed on the machine I'm doing this with.

I was looking more into the structure of the GEL file, again. Haven't tried any reflashing my DP832, yet. It's still happily running on 00.01.13.00.01 with all options.

Now, simply put "18 F0 9F E5" into Google and see what comes out: A few websites suggest it is the vector table of an ARMv5 architecture, leaving the correct space at 0x00000014 and doing the correct stuff at the few vectors.
So, when disassembling this, we could figure out where the reset vector branches, make it our main() and disassemble from there. That's a task for someone who knows what he's doing. :)

So far, I only took it as indication that we have to concentrate on the few bytes before the first "18 F0 9F E5". I would guess that's the header then.

For 1.14 it looks like this:
0x000000: B4 AE 9A 89 00 40 81 40 00 00 52 00 A0 3D 00 00
0x000010: FF FF 00 00 9F 00 00 00 9C 3D 00 00


In this bit of hex code there are "A0 3D 00 00", followed by "FF FF 00 00", and "9C 3D 00 00". If you read these backwards (different endianess, I'm always getting confused, which is which) these are addresses or offsets that point close to another structure like the header:

Again, in 1.14 it is here:
0x003D9C: 00 00 00 00 A5 00 00 00 00 00 55 55 55 55 00 00
0x003DAC: 64 00 00 00 01 00 01 00 01 00 00 00 00 40 AB 61
0x003DBC: 00 00 00 00 A1 6D 33 00 FF FF 00 00 9F 00 00 00
0x003DCC: 52 49 47 4F 4C 4C 00 00 00 00 00 00 00 00 00 00

The GEL file continues with "18 F0 9F E5" again, so I guess the structure is done after these 64 bytes.

Like in the first 28 Bytes at 0x000000 there seems to be another address or offset before the "FF FF 00 00", again here. It is "A1 6D 33 00".
If you take this as another offset to 0x003DDC (where the ARM Vector table starts) and jump to location (0x003DDC + 0x336DA1 = 0x33AB7D), you are exactly 64 Bytes from the end of the GEL file.

The last 64 Bytes in 1.14 look like this:
33AB7D: 9F 00 00 00 68 FC 5A AA 5F 2A A7 CF CF BC 40 37 <-- maybe checksums here?
33AB8D: 1C 20 81 2A 66 8F D4 A9 90 24 05 00 90 24 05 00  <-- repeating pattern starts here...
33AB9D: 90 24 05 00 90 24 05 00 90 24 05 00 90 24 05 00
33ABAD: 90 24 05 00 90 24 05 00 90 24 05 00 91 24 05 00  <-- ...except for one more bit in the last "91"

There is also the "9F 00 00 00" again.

Softwares 1.13 and 1.14 have the same structure.

The same thing is happening in the 1.09 software that did not have the scrambling and did not have the mystical "B4 AE 9A 89" in the beginning.
The last 64 Bytes of 1.09 look like this:
3233C5: 9F 00 00 00 46 4E 7D 13 0B 73 66 35 70 07 E4 93 <-- maybe checksums here?
3233D5: 84 BC F8 1B E9 F5 3C 2F D7 FF 04 00 D7 FF 04 00  <-- repeating pattern starts here...
3233E5: D7 FF 04 00 D7 FF 04 00 D7 FF 04 00 D7 FF 04 00
3233F5: D7 FF 04 00 D7 FF 04 00 D7 FF 04 00 DE FF 04 00  <-- ...except for two bits in the last "DE" (one on, one off)


Maybe the few bytes after "9F 00 00 00" and before the repeating pattern are finally checksums of different blocks. I didn't check on them.

I'm just thinking out loud here, to what I find.

So Notepad++ isn't what I'm looking for.   I'm looking for a better hex editor for Windows.  I'll check out hex edit.   HxD is free as well.   It was promising but I think it's dead now.   The checksum features are nice though.   It can calculate all the way up to SHA-512.  You can pick just one, or certain ones, or all of them, you can have it use custom checksums, you can have it run a checksum on the whole file or just the selection.

I also use all of those tools. They are really helpful. The HEX plugin for my version of NP++ has some issues when copy and pasting HEX code, though, so I don't rely on it.
I couldn't figure out how to copy a block of HEX bytes including their addresses. So far I do a lot of manual editing and trying not to get confused after that. :)
 
The following users thanked this post: Spork Schivago

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #84 on: October 02, 2016, 02:24:56 am »
I noticed the repeating pattern at the end there as well.   I was trying to figure out the checksum and was trying to figure out what to run the checksum algorithms against (I couldn't figure out exactly where to stop).   I tried a few beginnings.   I tried without the first 4 bytes and without the first 128 bytes and without the first 256 bytes and 512 bytes, etc.

I'm either going to install Python or write the C program to rescramble the firmware and I'll try flashing on my machine.   I want to try a few things.   Because we can downgrade, I wanted to try removing those first four bytes and flashing an unscrambled, unedited file.   I wonder if the bits say something, like this is a compressed file, etc.   It could also maybe be the size of the file?

I really want to start flashing my unit but every time I sit down on the PC to start writing the program to rescramble the firmware, I get distracted.   Now my wife wants to watch a movie.   You and Macbeth know a lot more about microcontrollers than I do.   I don't know what a vector table is, for example.

Macbeth, you're certain the modified firmware didn't take?   For example, not trying to change a version number or anything, just maybe some HTML or something, going from a lower firmware to a modified higher firmware, checking the version number, and it's still the lower version, right?
 

Offline whatchitfoool

  • Contributor
  • Posts: 33
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #85 on: October 17, 2016, 08:27:31 am »
Anyone have an update on the state of the project?
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #86 on: October 17, 2016, 06:50:03 pm »
I believe the firmware files might have been successfully decoded.   We know at least some of them have been.   I think we might still be missing some of the decryption scheme but maybe not.   We haven't been able to actually update the device using a modified firmware image though.   We're thinking maybe there's some sort of checksum routine in the firmware file.

At this point, I think it's best to try and figure out the format of the firmware file, but that can take a bit of work.   Someone with experience with the processor used in these power supplies might be beneficial.

Our baby came Saturday, October 15th, at 7:40AM.   Chloe Lee Swarthout, weighing 8 lbs, 12.7 ounces, being 20 3/4" long.   She's healthy.   My wife had some complications during the pregnancy and was delivering from 11:45PM Friday until 7:40AM Saturday.   The midwife had to leave early on and came back around 5:30am and yelled at the nurse and kicked her out.   The baby was in the wrong position and she said she shouldn't had let Jess go that long pushing.   She should have known that baby wasn't coming out.   So, she had Jess lay down on her side and sleep for an hour and a half or so.   At 7:20AM, she brought a new nurse in and tried again.   20 minutes later, the baby was here!

Jess was coming in and out of during the delivery.  Her blood pressure was really low and I don't think she remembers most of it, so that's good.   But we just got home today from the hospital and are slowly adjusting to be new parents!   I probably won't be on for a bit to answer questions though.
 

Offline Macbeth

  • Super Contributor
  • ***
  • Posts: 2571
  • Country: gb
Re: Need help hacking DP832 for multicolour option.
« Reply #87 on: October 17, 2016, 09:08:50 pm »
I wish mother and baby well! You need a bracing glass of something or other too  :-+

Don't be too hard on the nurses, everything is amplified in these situations, and lets not forget that only a few decades ago it was normal for a 1 in 10 chance complete loss of life of mother, baby, or both during childbirth.  :scared:

This is one reason I am glad for the NHS in the UK and utterly bewildered at the "green" Guardianistas who decide to "give birth naturally" with feckin' "doolahs" or whatever these mystics are called  :palm: Yeah that birthing pool of natural yoghurt is great until the complications happen!  :-D
 
The following users thanked this post: Spork Schivago

Offline 2N3055

  • Super Contributor
  • ***
  • Posts: 6407
  • Country: hr
Re: Need help hacking DP832 for multicolour option.
« Reply #88 on: October 17, 2016, 11:31:23 pm »
....   But we just got home today from the hospital and are slowly adjusting to be new parents!   I probably won't be on for a bit to answer questions though...

Wish your wife speedy recovery and for baby to be healthy and to bring joy to the family.. All the best and congrats!!
 
The following users thanked this post: Spork Schivago

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #89 on: October 18, 2016, 01:12:59 am »
I wish mother and baby well! You need a bracing glass of something or other too  :-+

Don't be too hard on the nurses, everything is amplified in these situations, and lets not forget that only a few decades ago it was normal for a 1 in 10 chance complete loss of life of mother, baby, or both during childbirth....

I've been looking at it as at least my wife and baby are okay and that it could have been much worse, you know?   Although Jess is hurting, she'll recover with time.   It could take up to a month but at least she's still here, you know?  And the baby is healthy as well.   That's great.

Also, the midwife left because of an emergency.   So if she had stayed, maybe someone wouldn't have made it?   I guess in the end, we're just thankful everything worked itself out.
 

Offline Dwaine

  • Frequent Contributor
  • **
  • Posts: 299
  • Country: ca
Re: Need help hacking DP832 for multicolour option.
« Reply #90 on: December 31, 2016, 12:02:36 pm »
Did anyone get any further ahead decoding the file structure?
 

Offline Pinkus

  • Frequent Contributor
  • **
  • Posts: 768
Re: Need help hacking DP832 for multicolour option.
« Reply #91 on: December 31, 2016, 01:36:16 pm »
Did anyone get any further ahead decoding the file structure?
Not as I know. As there is no license code for this, I assume this can only be done by either hacking and installing an existing firmware update package or by changing the files on the internal flash.
It does not look like this will happen in a near future.

 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #92 on: December 31, 2016, 05:51:25 pm »
Did anyone get any further ahead decoding the file structure?

There were people who claimed to have dump the firmware directly from the flash on this unit.   I've contacted all the people I could find who said they were able to dump it, to see if they'd provide me with a copy, but I never got a response.   I went out and bought a JTAG device, just to find out OpenOCD didn't support the flash with this CPU, so I wasn't able to dump it myself.   That was a while back.   Maybe now they do support the flash with this CPU?   The CPU, if I remember correctly, has some fancy security features.   I want to say there was something about making it really hard to read the flash, something with encryption, I dunno.

Anyway, if we could get a copy of the flash on the drive, maybe we'd have better luck decrypting the firmware .GEL files?   It almost seems like the decryption program that the one person wrote isn't quote right.   If you look through a "decrypted" .GEL file, you'll see stuff like ht~1p:// instead of http:// (that's just an example, I don't think it's ht~1p://, I just don't remember what they look like).   I was thinking maybe there's a little bit more to decrypting the files, but I could be wrong.   I just thought that was wrong.   That we should be seeing those strings as http.

I think there's some sort of checksum in the firmware that tells if the firmware's been modified or not.   I think that would be the next step, finding where the checksum is and figuring out how it's calculated.   It might be impossible, I dunno.   There could be multiple checksums.   There might be one for each section and then one for the entire file.   At the very end of the files for the different firmware versions, I found similar bytes.   I thought maybe that was some sort of checksum.

There's probably some table of contents, something that says where the files are located and how many bytes are in each file.  I couldn't really find anything in the .GEL file.   Perhaps this information is in another file?   I dunno.   There's gotta be a way to say this is the start of one file, this is the end of this file, either a special character or some sort of table.   That's something that'd need to be done.   Usually files on flash have filenames, right?   Or isn't that always the case?   I have limited experience with flash.   I've been looking at it more like a hard drive with some sort of filesystem.   Maybe it's not like that at all though?   If it is, there should be filenames somewheres as well.
 

Offline toxuin

  • Newbie
  • Posts: 8
  • Country: ca
Re: Need help hacking DP832 for multicolour option.
« Reply #93 on: January 09, 2017, 08:36:10 pm »
Looking at the unscrambled file with binwalk shows there are many LZMA-compressed chunks – could this be packaged firmwares for various chips on board? But sadly, extraction is not possible because of damaged archive.
I suspect it has something to do with the infamous ht~p:/ bug – as it damages strings it damages the compressed structures. Unscrambling has to have more to it.

I've took a look at gotroot's keygen and it has a dp832 private key – not sure if we need it or not, but might be useful. Apart from that there is a lot of wicked crypto stuff that must come (at least an idea how to do it) from a disassembled binary, no doubt.
 
The following users thanked this post: Spork Schivago

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #94 on: January 10, 2017, 01:47:42 am »
My wife had a baby and I don't have a lot of free time anymore.   But this is great news.   We should look at how often that ~ appears.   If I remember correctly, it was x number of bytes into the file.   For example, everything 74th byte, there'd be a ~, which made me start thinking maybe the code to decrypt was 100% right, but maybe it wouldn't need much to fix at all.    ~ is ASCII 126 decimal or 7E hex.    t is 116 decimal or 74 hex.   It's only 10 digits off.

I wanted to write the decryption / encryption program in C but lost the free time.   I'll try to find it again and maybe we can try stepping through this one more time.
 

Offline smithnerd

  • Regular Contributor
  • *
  • Posts: 120
  • Country: gb
Re: Need help hacking DP832 for multicolour option.
« Reply #95 on: January 27, 2017, 06:40:54 am »
Looking at the unscrambled file with binwalk shows there are many LZMA-compressed chunks – could this be packaged firmwares for various chips on board? But sadly, extraction is not possible because of damaged archive.
I suspect it has something to do with the infamous ht~p:/ bug – as it damages strings it damages the compressed structures. Unscrambling has to have more to it.

I believe those extra bytes ('~' etc) are an artefact of the html files being encoded in a TFS filesystem, within the firmware executable. I've seen it before in the DS1054Z firmware.

Binwalk is a handy tool, but you often get false positives for LZMA because the header is so simple. You need to examine each one to check how plausible it is as LZMA stream data, and bear in mind that in the DS1054Z GEL files, they are using a non-standard LZMA implementation - what should be a 64-bit uncompressed size field is a pair of 32-bit values representing compressed/uncompressed sizes.

I had a quick scroll through a hexdump of the DP800 firmware, and I see some good long chunks of properly aligned ARM code. It looks correctly decoded to me.
 
The following users thanked this post: Spork Schivago

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #96 on: January 28, 2017, 01:46:28 am »
Than that means we're back to trying to figure out what type of checksum routine / signature they're using.   I thought I remember seeing the same bytes at the end of two different versions of the encrypted firmware that I thought might have been some sort of signature or checksum routine.   That was long time ago though.
 

Offline ollihd

  • Regular Contributor
  • *
  • Posts: 137
  • Country: fi
    • HeyDay Pro
Re: Need help hacking DP832 for multicolour option.
« Reply #97 on: March 30, 2017, 07:46:21 pm »
Any updates on this?
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #98 on: April 02, 2017, 10:08:30 pm »
I've compared the current (00.01.14.00.01) GEL file that was de-scrambled as before, with an older version (00.01.09.00.01). Here is what they look like:

DP800Update.GEL (00.01.09.00.01)                    DP800Update_descrambled.GEL (00.01.14.00.01)   
----------------------------------------------------------------------------------------------------
                                                 |                                      B4 AE 9A 89
00 40 CE 08 00 00 52 00 20 35 00 00 FF FF 00 00  |  00 40 81 40 00 00 52 00 A0 3D 00 00 FF FF 00 00
9F 00 00 00 20 35 00 00 18 F0 9F E5 18 F0 9F E5  |  9F 00 00 00 9C 3D 00 00 18 F0 9F E5 18 F0 9F E5
18 F0 9F E5 18 F0 9F E5 18 F0 9F E5 00 00 00 00  |  18 F0 9F E5 18 F0 9F E5 18 F0 9F E5 00 00 00 00
14 F0 9F E5 14 F0 9F E5 78 33 08 00 FC 34 08 00  |  14 F0 9F E5 14 F0 9F E5 F8 3A 08 00 7C 3C 08 00
FC 34 08 00 FC 34 08 00 FC 34 08 00 FC 34 08 00  |  7C 3C 08 00 7C 3C 08 00 7C 3C 08 00 7C 3C 08 00
40 01 08 00 00 00 00 00 00 00 00 00 00 00 00 00  |  58 22 08 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 C0 9F E5 1C FF 2F E1  |  00 00 00 00 00 00 00 00 00 B5 06 48 00 68 40 07
E1 0E 08 00 00 C0 9F E5 1C FF 2F E1 C1 03 08 00  |  40 0F 00 06 00 0E 07 28 00 D3 00 20 00 06 00 0E
00 C0 9F E5 1C FF 2F E1 1D 0F 08 00 00 C0 9F E5  |  08 BC 18 47 20 0D FF FF 10 B5 04 00 20 78 A1 78


The (00.01.09.00.01) version is not scrambled and misses the first 4 Bytes: B4 AE 9A 89. From there on, the structure aligns pretty good. Only a few bytes are different, either addresses or length information...

I looked through the bitmaps I could find in (00.01.14.00.03) and made a collection of them here.
Furthermore I could find a lot of 1 bit per pixel character sets with all sorts of special characters. Amongst them are also the 7-segment numbers in different sizes for the main display. Haven't indexed those, though.

Still looking at it and not getting an idea what the overall structure could be. Any more ideas? Any disassemblers?

I wonder what would happen if you removed the B4 AE 9A 89 in the 00.01.14.00.03 file and did a byte-swap somewheres.   Maybe those 4 bytes are some sort of flags....
 

Offline Macbeth

  • Super Contributor
  • ***
  • Posts: 2571
  • Country: gb
Re: Need help hacking DP832 for multicolour option.
« Reply #99 on: January 19, 2018, 11:15:49 pm »
Does anyone have the previous DP800 firmware versions available? I would like to give a try at decoding something...

1.11, 1.13, 1.14 here (all seem to use bootloader 1.09) https://mega.nz/#F!6dll0ZCS!KwD7sHGZLU3D7Kr8u03ifA
 
The following users thanked this post: tv84

Offline tv84

  • Super Contributor
  • ***
  • Posts: 3211
  • Country: pt
Re: Need help hacking DP832 for multicolour option.
« Reply #100 on: January 19, 2018, 11:59:25 pm »
Here is my quick parsing of the DP800 v00.01.14.00.03 GELs:

Code: [Select]
DP800(Software)Update(Normal)_00.01.14.00.03:
Offset     Checksum???                 Block Size    Type
00000004 - 00 40 81 40 | 00 00 52 00 | A0 3D 00 00 | FF FF 00 00 | 9F 00 00 00  (block header)
  00000018 - 9C 3D 00 00 (size of the block that follows)
  [0000001C - 00003DB7] ARM code (little-endian) Loading address = 0x00080000

00003DB8 - 00 40 AB 61 | 00 00 00 00 | A1 6D 33 00 | FF FF 00 00 | 9F 00 00 00  (block header)
  00003DCC - ("RIGOLL" string)
  [00003DDC - 0033AB6C] ARM code (little-endian) Loading address = 0x3FFFFFB4

0033AB6D - 00 90 00 00 | 14 02 00 00 | 3C 00 00 00 | 14 FF 00 00 | 9F 00 00 00  (block header)
  [0033AB81 - 0033ABBC] Looks like it contains a 20-byte hash (or something encrypted...)

------------------------------------------------------------------------------------------------

DP800(Software)Update(Bootloader)_01.09:
Offset     Checksum???                 Block Size    Type
00000000 - 00 C8 33 27 | 00 00 00 00 | 20 0E 04 00 | 31 00 00 00 | 9F 00 00 00  (block header)

         ***  Header  ***
00000014          Header SHA-1: 31D47AF0F62F94737E737D3D9F4184DBACC44DAD  [00000028-00000073]  HASH OK
00000028           Signature 1: STMP  MAGIC OK
0000002C        Format Version: 1.1
0000002E                 Flags: 0x0000
00000030            Image Size: 00040E20
00000034   1st Boot Tag Offset: 000000A4
00000038   1st Boot Section ID:
0000003C     # Encryption Keys: 1
0000003E  Key Dictionary Start: 00000084
00000040           Header Size: 00000060
00000042     # Section Headers: 1
00000044   Section Header Size: 16 bytes
00000046        Random Padding: 0xC0B2
00000048           Signature 2: sgtl  (Sigmatel?)
0000004C         Creation Time: 26-03-2014 15:19:10
00000054       Product Version: 999.999.999
00000060     Component Version: 999.999.999
0000006C             Drive Tag: 0x0000
0000006E        Random Padding: 0xEFD4BC0FAC83
         ***  Sections Table  ***
00000074   ID:      | Ofs: 000000B4 | Len: 00040D60 | Flg: 00000001 - ROM_SECTION_BOOTABLE
         ***  Key Dictionary  ***
00000084  OTP Key0 Hash: 9A78EED8ABA28234DA5C39E00B28942E  CBC-MAC_AES OK
         ***  Session Key (decrypted)  ***
00000094  Key: 7B686FA69EF90D53A53CDCDE074B6E44  (using OTP Key0)
         ***  Sections (decrypted)  ***
000000A4  TAG  | 0001 | Sect ID:      | Len: 00040D60 | Flg: 00000001 - ROM_SECTION_BOOTABLE
000000B4  LOAD | 0000 | Adr: 00000000 | Len: 00000040 | CRC: BAF6AF35  CRC OK
00000104  LOAD | 0000 | Adr: 00000400 | Len: 00004D14 | CRC: 8A1A8B63  CRC OK
00004E34  FILL | 0000 | Adr: 00018000 | Len: 00001960 | Ptn: 00000000
00004E44  LOAD | 0000 | Adr: 00008000 | Len: 00000020 | CRC: 1809D243  CRC OK
00004E74  CALL | 0001 | Adr: 00008000 | Len: 00000000 | Arg: 00000000
00004E84  LOAD | 0000 | Adr: 00000000 | Len: 00000040 | CRC: E853D834  CRC OK
00004ED4  LOAD | 0000 | Adr: 41000000 | Len: 0003BEB4 | CRC: FE3E32E7  CRC OK
00040DA4  FILL | 0000 | Adr: 41300000 | Len: 00001900 | Ptn: 00000000
00040DB4  FILL | 0000 | Adr: 41301900 | Len: 00002404 | Ptn: 00000000
00040DC4  FILL | 0000 | Adr: 41700000 | Len: 004C4B40 | Ptn: 00000000
00040DD4  LOAD | 0000 | Adr: 00008000 | Len: 00000020 | CRC: 7846C59D  CRC OK
00040E04  JUMP | 0001 | Adr: 00008000 | Len: 00000000 | Arg: 00000000
         ***  File SHA-1 Hash (decrypted)  ***
00040E14  File SHA-1: 8A2D9884D7A265264E43E719A1BE297DFB784EF9  [00000014-00040E13]  HASH OK

I think that the 1st 4 bytes of a encoded .GEL indicate the filetype/encoding (28 23 10 00) and shouldn't be decoded.

So I use only (C#):
Code: [Select]
            for (int i1 = 0x04, mask = 0x78; i1 < buffer.Length; i1++, mask++)
                buffer[i1] += (byte)(256 - mask);
« Last Edit: January 20, 2018, 10:07:16 am by tv84 »
 
The following users thanked this post: Spork Schivago, tossu

Offline tv84

  • Super Contributor
  • ***
  • Posts: 3211
  • Country: pt
Re: Need help hacking DP832 for multicolour option.
« Reply #101 on: January 20, 2018, 09:05:46 pm »
Parsing of versions:  (thank you to dav and ted572 for sending them)

00.01.03.00.02
00.01.05.00.00
00.01.06.00.00
00.01.08.00.02
00.01.09.00.01
00.01.10.00.03
00.01.11.00.00
00.01.13.00.01
00.01.14.00.03

Conclusions so far:
- 1st byte in the 1st block header is used to decode the file.
- 2nd byte is a flag byte with these meanings:
   X------- last block
   -X------ block has CRC
   ---X---- FRAM block (1 = saves to FRAM; 0 = saves to FLASH)
   ----X--- bootloader block
   -----X-- no block contents ?

- 2nd word in block headers is a CRC16 of the block.
- Special focus on the contents of the block with size=0x3C bytes (that is directly saved in the FRAM).
- if you look the final words in the 0x3C block, it seems to increment with each version. Maybe it's directly related to the firmware version/release date.

Code: [Select]
DP800(Software)Update(Normal)_00.01.03.00.02

00000000  Header - Mask: 00 | Flags: 00 | 0000 | 00000000 | Size: 002EEF09 | 00000000 | 00000000
00000014  Block #1: [00000014-002EEF1C]

002EEF1D  Header - Mask: 00 | Flags: 10 | 0000 | 00000214 | Size: 0000003C | 00000000 | 00000000
002EEF31  Hash/Encrypt ??:  3FF75ED5D6F06206F304DBD9BAA1A75E7459FC21
002EEF45  UInt32    (???):  0004B180 0004B180 0004B180 0004B180 0004B180
002EEF59  UInt32    (???):  0004B180 0004B180 0004B180 0004B180 0004B189
002EEF31  Block #2: [002EEF31-002EEF6C]

002EEF6D  Header - Mask: 00 | Flags: 00 | 0000 | 00520000 | Size: 00002384 | 00000000 | 00000000
002EEF81  Block Size: 00002384
002EEF91  Block #3: [002EEF91-002F1304]

002F1305  Header - Mask: 00 | Flags: 94 | 0000 | 00000000 | Size: 00000010 | 0000FFFF | 00000000
002F1319  EOF - No Block contents!
*****************************************************************************************
DP800(Software)Update(Normal)_00.01.05.00.00

00000000  Header - Mask: 00 | Flags: 00 | 0000 | 00000000 | Size: 002F6391 | 0000FFFF | 00000000
00000014  Block #1: [00000014-002F63A4]

002F63A5  Header - Mask: 00 | Flags: 10 | 0000 | 00000214 | Size: 0000003C | 0000FFFF | 00000000
002F63B9  Hash/Encrypt ??:  D5B2A1A71C6EBB7944B17F03AB122FF162031E59
002F63CD  UInt32    (???):  0004BD28 0004BD28 0004BD28 0004BD28 0004BD28
002F63E1  UInt32    (???):  0004BD28 0004BD28 0004BD28 0004BD28 0004BD29
002F63B9  Block #2: [002F63B9-002F63F4]

002F63F5  Header - Mask: 00 | Flags: 00 | 0000 | 00520000 | Size: 000024E4 | 0000FFFF | 00000000
002F6409  Block Size: 000024E4
002F6419  Block #3: [002F6419-002F88EC]

002F88ED  Header - Mask: 00 | Flags: 94 | 0000 | 00000000 | Size: 00000010 | 0000FFFF | 00000000
002F8901  EOF - No Block contents!
*****************************************************************************************
DP800(Software)Update(Normal)_00.01.06.00.00

00000000  Header - Mask: 00 | Flags: 00 | 0000 | 00000000 | Size: 002F7661 | 0000FFFF | 00000000
00000014  Block #1: [00000014-002F7674]

002F7675  Header - Mask: 00 | Flags: 10 | 0000 | 00000214 | Size: 0000003C | 0000FFFF | 00000000
002F7689  Hash/Encrypt ??:  42A86549B434F4D06827669679D7F06A6CBC505B
002F769D  UInt32    (???):  0004BF09 0004BF09 0004BF09 0004BF09 0004BF09
002F76B1  UInt32    (???):  0004BF09 0004BF09 0004BF09 0004BF09 0004BF10
002F7689  Block #2: [002F7689-002F76C4]

002F76C5  Header - Mask: 00 | Flags: 80 | 0000 | 00520000 | Size: 00002698 | 0000FFFF | 00000000
002F76D9  Block Size: 00002698
002F76E9  Block #3: [002F76E9-002F9D70]
*****************************************************************************************
DP800(Software)Update(Normal)_00.01.08.00.02

00000000  Header - Mask: 00 | Flags: 00 | 0000 | 00000000 | Size: 00308A9D | 0000FFFF | 00000000
00000014  Block #1: [00000014-00308AB0]

00308AB1  Header - Mask: 00 | Flags: 10 | 0000 | 00000214 | Size: 0000003C | 0000FFFF | 00000000
00308AC5  Hash/Encrypt ??:  CB1F0C46AC83A6E18455705ED7EFD0C07C83E23E
00308AD9  UInt32    (???):  0004DAA9 0004DAA9 0004DAA9 0004DAA9 0004DAA9
00308AED  UInt32    (???):  0004DAA9 0004DAA9 0004DAA9 0004DAA9 0004DAAC
00308AC5  Block #2: [00308AC5-00308B00]

00308B01  Header - Mask: 00 | Flags: 80 | 0000 | 00520000 | Size: 00003520 | 0000FFFF | 00000000
00308B15  Block Size: 00003520
00308B25  Block #3: [00308B25-0030C034]
*****************************************************************************************
DP800(Software)Update(Normal)_00.01.09.00.01

00000000  Header - Mask: 00 | Flags: 40 | 08CE | 00520000 | Size: 00003520 | 0000FFFF | 0000009F
00000014  Block Size: 00003520
00000024  Block #1: [00000024-00003533]

00003534  Header - Mask: 00 | Flags: 40 | 301D | 00000000 | Size: 0031FE6D | 0000FFFF | 0000009F
00003548  String1: RIGOLL
00003558  Block #2: [00003558-003233B4]

003233B5  Header - Mask: 00 | Flags: 90 | 0000 | 00000214 | Size: 0000003C | 0000FFFF | 0000009F
003233C9  Hash/Encrypt ??:  464E7D130B7366357007E49384BCF81BE9F53C2F
003233DD  UInt32    (???):  0004FFD7 0004FFD7 0004FFD7 0004FFD7 0004FFD7
003233F1  UInt32    (???):  0004FFD7 0004FFD7 0004FFD7 0004FFD7 0004FFDE
003233C9  Block #3: [003233C9-00323404]
*****************************************************************************************
DP800(Software)Update(Normal)_00.01.10.00.03

00000004  Header - Mask: 00 | Flags: 40 | E89F | 00520000 | Size: 00003694 | 0000FFFF | 0000009F
00000018  Block Size: 00003690
0000001C  Block #1: [0000001C-000036AB]

000036AC  Header - Mask: 00 | Flags: 40 | 5732 | 00000000 | Size: 0031DA25 | 0000FFFF | 0000009F
000036C0  String1: RIGOLL
000036D0  Block #2: [000036D0-003210E4]

003210E5  Header - Mask: 00 | Flags: 90 | 0000 | 00000214 | Size: 0000003C | 0000FFFF | 0000009F
003210F9  Hash/Encrypt ??:  FC3999DF41FAC462946CE1BDC6E069E74D523C9C
0032110D  UInt32    (???):  0004FC36 0004FC36 0004FC36 0004FC36 0004FC36
00321121  UInt32    (???):  0004FC36 0004FC36 0004FC36 0004FC36 0004FC3F
003210F9  Block #3: [003210F9-00321134]
*****************************************************************************************
DP800(Software)Update(Normal)_00.01.11.00.00

00000004  Header - Mask: 00 | Flags: 40 | E89F | 00520000 | Size: 00003694 | 0000FFFF | 0000009F
00000018  Block Size: 00003690
0000001C  Block #1: [0000001C-000036AB]

000036AC  Header - Mask: 00 | Flags: 40 | DC62 | 00000000 | Size: 00322285 | 0000FFFF | 0000009F
000036C0  String1: RIGOLL
000036D0  Block #2: [000036D0-00325944]

00325945  Header - Mask: 00 | Flags: 90 | 0000 | 00000214 | Size: 0000003C | 0000FFFF | 0000009F
00325959  Hash/Encrypt ??:  A92B0C1660C0424D48D19499AE7BF4C70F647AA4
0032596D  UInt32    (???):  00050373 00050373 00050373 00050373 00050373
00325981  UInt32    (???):  00050373 00050373 00050373 00050373 0005037A
00325959  Block #3: [00325959-00325994]
*****************************************************************************************
DP800(Software)Update(Normal)_00.01.13.00.01

00000004  Header - Mask: 00 | Flags: 40 | A1A0 | 00520000 | Size: 00003D58 | 0000FFFF | 0000009F
00000018  Block Size: 00003D54
0000001C  Block #1: [0000001C-00003D6F]

00003D70  Header - Mask: 00 | Flags: 40 | 2D14 | 00000000 | Size: 00335605 | 0000FFFF | 0000009F
00003D84  String1: RIGOLL
00003D94  Block #2: [00003D94-00339388]

00339389  Header - Mask: 00 | Flags: 90 | 0000 | 00000214 | Size: 0000003C | 0000FFFF | 0000009F
0033939D  Hash/Encrypt ??:  8A968039CF72794BA2BB2762B0708CBD822456D1
003393B1  UInt32    (???):  00052233 00052233 00052233 00052233 00052233
003393C5  UInt32    (???):  00052233 00052233 00052233 00052233 0005223A
0033939D  Block #3: [0033939D-003393D8]
*****************************************************************************************
DP800(Software)Update(Normal)_00.01.14.00.03

00000004  Header - Mask: 00 | Flags: 40 | 4081 | 00520000 | Size: 00003DA0 | 0000FFFF | 0000009F
00000018  Block Size: 00003D9C
0000001C  Block #1: [0000001C-00003DB7]

00003DB8  Header - Mask: 00 | Flags: 40 | 61AB | 00000000 | Size: 00336DA1 | 0000FFFF | 0000009F
00003DCC  String1: RIGOLL
00003DDC  Block #2: [00003DDC-0033AB6C]

0033AB6D  Header - Mask: 00 | Flags: 90 | 0000 | 00000214 | Size: 0000003C | 0000FFFF | 0000009F
0033AB81  Hash/Encrypt ??:  68FC5AAA5F2AA7CFCFBC40371C20812A668FD4A9
0033AB95  UInt32    (???):  00052490 00052490 00052490 00052490 00052490
0033ABA9  UInt32    (???):  00052490 00052490 00052490 00052490 00052491
0033AB81  Block #3: [0033AB81-0033ABBC]
*****************************************************************************************
DP800(Software)Update(Bootloader)_01.06

00000000  Header - Mask: 00 | Flags: C8 | 8E34 | 00000000 | Size: 00040C70 | 000000B3 | 0000009F
00000014  Block #1: [00000014-00040C83]
*****************************************************************************************
DP800(Software)Update(Bootloader)_01.09

00000000  Header - Mask: 00 | Flags: C8 | 2733 | 00000000 | Size: 00040E20 | 00000031 | 0000009F
00000014  Block #1: [00000014-00040E33]


If anyone has the FW versions that are not listed here please repost or send me a pm:
00.01.01.02.04
00.01.02.00.03
00.01.04.00.02

Edit: 2/1/2020 Fill some "flag" explanations
« Last Edit: January 02, 2020, 03:36:05 pm by tv84 »
 
The following users thanked this post: Spork Schivago, toxuin

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #102 on: February 13, 2018, 01:23:20 am »
Parsing of versions:  (thank you to dav and ted572 for sending them)

00.01.03.00.02
00.01.05.00.00
00.01.06.00.00
00.01.08.00.02
00.01.09.00.01
00.01.10.00.03
00.01.11.00.00
00.01.13.00.01
00.01.14.00.03

Conclusions so far:
- 1st byte in the 1st block header is used to decode the file.
- 2nd byte is a flag byte with these meanings:
   X------- last block
   -X------ normal block ?
   ---X---- special block 0x3C
   ----X--- bootloader block
   -----X-- no block contents ?

- 2nd word in block headers seems to be a CRC/checksum.
- Special focus on the contents of the block with size=0x3C bytes.
- if you look the final words in the 0x3C block, it seems to increment with each version. Maybe it's directly related to the firmware version/release date.

Code: [Select]
DP800(Software)Update(Normal)_00.01.03.00.02

00000000  Header - Mask: 00 | Flags: 00 | 0000 | 00000000 | Size: 002EEF09 | 00000000 | 00000000
00000014  Block #1: [00000014-002EEF1C]

002EEF1D  Header - Mask: 00 | Flags: 10 | 0000 | 00000214 | Size: 0000003C | 00000000 | 00000000
002EEF31  Hash/Encrypt ??:  3FF75ED5D6F06206F304DBD9BAA1A75E7459FC21
002EEF45  UInt32    (???):  0004B180 0004B180 0004B180 0004B180 0004B180
002EEF59  UInt32    (???):  0004B180 0004B180 0004B180 0004B180 0004B189
002EEF31  Block #2: [002EEF31-002EEF6C]

002EEF6D  Header - Mask: 00 | Flags: 00 | 0000 | 00520000 | Size: 00002384 | 00000000 | 00000000
002EEF81  Block Size: 00002384
002EEF91  Block #3: [002EEF91-002F1304]

002F1305  Header - Mask: 00 | Flags: 94 | 0000 | 00000000 | Size: 00000010 | 0000FFFF | 00000000
002F1319  EOF - No Block contents!
*****************************************************************************************
DP800(Software)Update(Normal)_00.01.05.00.00

00000000  Header - Mask: 00 | Flags: 00 | 0000 | 00000000 | Size: 002F6391 | 0000FFFF | 00000000
00000014  Block #1: [00000014-002F63A4]

002F63A5  Header - Mask: 00 | Flags: 10 | 0000 | 00000214 | Size: 0000003C | 0000FFFF | 00000000
002F63B9  Hash/Encrypt ??:  D5B2A1A71C6EBB7944B17F03AB122FF162031E59
002F63CD  UInt32    (???):  0004BD28 0004BD28 0004BD28 0004BD28 0004BD28
002F63E1  UInt32    (???):  0004BD28 0004BD28 0004BD28 0004BD28 0004BD29
002F63B9  Block #2: [002F63B9-002F63F4]

002F63F5  Header - Mask: 00 | Flags: 00 | 0000 | 00520000 | Size: 000024E4 | 0000FFFF | 00000000
002F6409  Block Size: 000024E4
002F6419  Block #3: [002F6419-002F88EC]

002F88ED  Header - Mask: 00 | Flags: 94 | 0000 | 00000000 | Size: 00000010 | 0000FFFF | 00000000
002F8901  EOF - No Block contents!
*****************************************************************************************
DP800(Software)Update(Normal)_00.01.06.00.00

00000000  Header - Mask: 00 | Flags: 00 | 0000 | 00000000 | Size: 002F7661 | 0000FFFF | 00000000
00000014  Block #1: [00000014-002F7674]

002F7675  Header - Mask: 00 | Flags: 10 | 0000 | 00000214 | Size: 0000003C | 0000FFFF | 00000000
002F7689  Hash/Encrypt ??:  42A86549B434F4D06827669679D7F06A6CBC505B
002F769D  UInt32    (???):  0004BF09 0004BF09 0004BF09 0004BF09 0004BF09
002F76B1  UInt32    (???):  0004BF09 0004BF09 0004BF09 0004BF09 0004BF10
002F7689  Block #2: [002F7689-002F76C4]

002F76C5  Header - Mask: 00 | Flags: 80 | 0000 | 00520000 | Size: 00002698 | 0000FFFF | 00000000
002F76D9  Block Size: 00002698
002F76E9  Block #3: [002F76E9-002F9D70]
*****************************************************************************************
DP800(Software)Update(Normal)_00.01.08.00.02

00000000  Header - Mask: 00 | Flags: 00 | 0000 | 00000000 | Size: 00308A9D | 0000FFFF | 00000000
00000014  Block #1: [00000014-00308AB0]

00308AB1  Header - Mask: 00 | Flags: 10 | 0000 | 00000214 | Size: 0000003C | 0000FFFF | 00000000
00308AC5  Hash/Encrypt ??:  CB1F0C46AC83A6E18455705ED7EFD0C07C83E23E
00308AD9  UInt32    (???):  0004DAA9 0004DAA9 0004DAA9 0004DAA9 0004DAA9
00308AED  UInt32    (???):  0004DAA9 0004DAA9 0004DAA9 0004DAA9 0004DAAC
00308AC5  Block #2: [00308AC5-00308B00]

00308B01  Header - Mask: 00 | Flags: 80 | 0000 | 00520000 | Size: 00003520 | 0000FFFF | 00000000
00308B15  Block Size: 00003520
00308B25  Block #3: [00308B25-0030C034]
*****************************************************************************************
DP800(Software)Update(Normal)_00.01.09.00.01

00000000  Header - Mask: 00 | Flags: 40 | 08CE | 00520000 | Size: 00003520 | 0000FFFF | 0000009F
00000014  Block Size: 00003520
00000024  Block #1: [00000024-00003533]

00003534  Header - Mask: 00 | Flags: 40 | 301D | 00000000 | Size: 0031FE6D | 0000FFFF | 0000009F
00003548  String1: RIGOLL
00003558  Block #2: [00003558-003233B4]

003233B5  Header - Mask: 00 | Flags: 90 | 0000 | 00000214 | Size: 0000003C | 0000FFFF | 0000009F
003233C9  Hash/Encrypt ??:  464E7D130B7366357007E49384BCF81BE9F53C2F
003233DD  UInt32    (???):  0004FFD7 0004FFD7 0004FFD7 0004FFD7 0004FFD7
003233F1  UInt32    (???):  0004FFD7 0004FFD7 0004FFD7 0004FFD7 0004FFDE
003233C9  Block #3: [003233C9-00323404]
*****************************************************************************************
DP800(Software)Update(Normal)_00.01.10.00.03

00000004  Header - Mask: 00 | Flags: 40 | E89F | 00520000 | Size: 00003694 | 0000FFFF | 0000009F
00000018  Block Size: 00003690
0000001C  Block #1: [0000001C-000036AB]

000036AC  Header - Mask: 00 | Flags: 40 | 5732 | 00000000 | Size: 0031DA25 | 0000FFFF | 0000009F
000036C0  String1: RIGOLL
000036D0  Block #2: [000036D0-003210E4]

003210E5  Header - Mask: 00 | Flags: 90 | 0000 | 00000214 | Size: 0000003C | 0000FFFF | 0000009F
003210F9  Hash/Encrypt ??:  FC3999DF41FAC462946CE1BDC6E069E74D523C9C
0032110D  UInt32    (???):  0004FC36 0004FC36 0004FC36 0004FC36 0004FC36
00321121  UInt32    (???):  0004FC36 0004FC36 0004FC36 0004FC36 0004FC3F
003210F9  Block #3: [003210F9-00321134]
*****************************************************************************************
DP800(Software)Update(Normal)_00.01.11.00.00

00000004  Header - Mask: 00 | Flags: 40 | E89F | 00520000 | Size: 00003694 | 0000FFFF | 0000009F
00000018  Block Size: 00003690
0000001C  Block #1: [0000001C-000036AB]

000036AC  Header - Mask: 00 | Flags: 40 | DC62 | 00000000 | Size: 00322285 | 0000FFFF | 0000009F
000036C0  String1: RIGOLL
000036D0  Block #2: [000036D0-00325944]

00325945  Header - Mask: 00 | Flags: 90 | 0000 | 00000214 | Size: 0000003C | 0000FFFF | 0000009F
00325959  Hash/Encrypt ??:  A92B0C1660C0424D48D19499AE7BF4C70F647AA4
0032596D  UInt32    (???):  00050373 00050373 00050373 00050373 00050373
00325981  UInt32    (???):  00050373 00050373 00050373 00050373 0005037A
00325959  Block #3: [00325959-00325994]
*****************************************************************************************
DP800(Software)Update(Normal)_00.01.13.00.01

00000004  Header - Mask: 00 | Flags: 40 | A1A0 | 00520000 | Size: 00003D58 | 0000FFFF | 0000009F
00000018  Block Size: 00003D54
0000001C  Block #1: [0000001C-00003D6F]

00003D70  Header - Mask: 00 | Flags: 40 | 2D14 | 00000000 | Size: 00335605 | 0000FFFF | 0000009F
00003D84  String1: RIGOLL
00003D94  Block #2: [00003D94-00339388]

00339389  Header - Mask: 00 | Flags: 90 | 0000 | 00000214 | Size: 0000003C | 0000FFFF | 0000009F
0033939D  Hash/Encrypt ??:  8A968039CF72794BA2BB2762B0708CBD822456D1
003393B1  UInt32    (???):  00052233 00052233 00052233 00052233 00052233
003393C5  UInt32    (???):  00052233 00052233 00052233 00052233 0005223A
0033939D  Block #3: [0033939D-003393D8]
*****************************************************************************************
DP800(Software)Update(Normal)_00.01.14.00.03

00000004  Header - Mask: 00 | Flags: 40 | 4081 | 00520000 | Size: 00003DA0 | 0000FFFF | 0000009F
00000018  Block Size: 00003D9C
0000001C  Block #1: [0000001C-00003DB7]

00003DB8  Header - Mask: 00 | Flags: 40 | 61AB | 00000000 | Size: 00336DA1 | 0000FFFF | 0000009F
00003DCC  String1: RIGOLL
00003DDC  Block #2: [00003DDC-0033AB6C]

0033AB6D  Header - Mask: 00 | Flags: 90 | 0000 | 00000214 | Size: 0000003C | 0000FFFF | 0000009F
0033AB81  Hash/Encrypt ??:  68FC5AAA5F2AA7CFCFBC40371C20812A668FD4A9
0033AB95  UInt32    (???):  00052490 00052490 00052490 00052490 00052490
0033ABA9  UInt32    (???):  00052490 00052490 00052490 00052490 00052491
0033AB81  Block #3: [0033AB81-0033ABBC]
*****************************************************************************************
DP800(Software)Update(Bootloader)_01.06

00000000  Header - Mask: 00 | Flags: C8 | 8E34 | 00000000 | Size: 00040C70 | 000000B3 | 0000009F
00000014  Block #1: [00000014-00040C83]
*****************************************************************************************
DP800(Software)Update(Bootloader)_01.09

00000000  Header - Mask: 00 | Flags: C8 | 2733 | 00000000 | Size: 00040E20 | 00000031 | 0000009F
00000014  Block #1: [00000014-00040E33]

If anyone has the FW versions that are not listed here please repost or send me a pm:
00.01.01.02.04
00.01.02.00.03
00.01.04.00.02

Wow, you've made some real progress here!   Can you please share the source code you're using to parse the files?   The one that shows stuff like:

Code: [Select]
DP800(Software)Update(Bootloader)_01.06

00000000  Header - Mask: 00 | Flags: C8 | 8E34 | 00000000 | Size: 00040C70 | 000000B3 | 0000009F
00000014  Block #1: [00000014-00040C83]

Unfortunately, I think C# is mainly for Windows, although I guess there's a Mono C# compiler.   But you're okay with sharing the code, maybe I could convert it to normal C real quick like and repost for Linux users?

I had made a collection of the various firmwares that I found for the unit.   I will check on my Linux box and see if the ones you requested are there or not.

I had given up on this project because we had a daughter and that kind of changed priorities a lot.   I am very impressed with the work that the community has done, including your work.   You guys are amazing and discovered stuff I would have never have discovered.

That's what I love about forums.   It's a place for society to come together and work on stuff together.   I might not think of something, but you may.   Or vice-versa.   And together, we might be able to solve some pretty interesting problems.

Now I don't know a lot about cryptology, but for the bootloader code....the SHA-1 for the header, that's just a SHA-1 checksum of the contents, right?   It's not anything to deal with signing, is it?    Because my understanding is that brute-forcing an SHA-1 private key is not going to happen anytime soon, and I'm really hoping they're not signed with a private key.

But I did notice, as I mentioned on previous pages somewheres, that the last x amount of bytes in the firmware files match, and I thought perhaps that was some sort of signature, but I probably was wrong.
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #103 on: April 01, 2018, 04:42:12 am »
Who needed the memory dump again and could they please provide me with the directions?   I got so caught up with my life (daughter, wife, trying to start a new legal business, earning money to pay for all the software / hardware we need to stay legal, etc) that I totally forgot all about it!

But I do have a Rigol DP832 that I'll be more than happy to provide the memory dump, if they just provide the directions on how to do so.

Thanks!
 

Offline tossu

  • Contributor
  • Posts: 21
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #104 on: April 04, 2019, 09:56:12 pm »
I managed to reverse engineer the firmware and found a hidden command which can be used to change the model. Huge thanks to volkimel and tv84 for descrambling and parsing the firmware!

First, create a USB drive with magic value "80 DF 20 10 90 20 62 80" in sector 0x58E0. You can format a drive as FAT and copy keyfile.bin from the attached zip to it. The keyfile is filled with the magic pattern, and the chances are that it gets placed over the right sector.

After that, insert the drive to your DP832 and send the following SCPI command to it.
Code: [Select]
:PROJ:SET MODEL,DP832A

Reboot, and you should be greeted with a colorful display.

Offline toxuin

  • Newbie
  • Posts: 8
  • Country: ca
Re: Need help hacking DP832 for multicolour option.
« Reply #105 on: April 04, 2019, 09:58:19 pm »
Whoa, that's a breakthrough!

I would appreciate a write-up on how you came up with this, if that's not too much work. This sounds awesome!

PS. Is this trick reversible?
 
The following users thanked this post: Synthtech, ppsilva, CloverGit

Offline tv84

  • Super Contributor
  • ***
  • Posts: 3211
  • Country: pt
Re: Need help hacking DP832 for multicolour option.
« Reply #106 on: April 04, 2019, 10:07:59 pm »
I managed to reverse engineer the firmware and found a hidden command which can be used to change the model. Huge thanks to volkimel and tv84 for descrambling and parsing the firmware!

First, create a USB drive with magic value "80 DF 20 10 90 20 62 80" in sector 0x58E0. You can format a drive as FAT and copy keyfile.bin from the attached zip to it. The keyfile is filled with the magic pattern, and the chances are that it gets placed over the right sector.

After that, insert the drive to your DP832 and send the following SCPI command to it.
Code: [Select]
:PROJ:SET MODEL,DP832A

Reboot, and you should be greeted with a colorful display.

tossu,  :clap: :clap: :clap:

I don't know what you did but that sounds interesting!!!

 

Offline tossu

  • Contributor
  • Posts: 21
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #107 on: April 04, 2019, 10:24:03 pm »
I'd be happy to do a write-up! I expected hardly anyone to be interested in this hack anymore. Just give me some time.

I just tested that the hack can be reversed by setting the model back to DP832.
 

Offline 2N3055

  • Super Contributor
  • ***
  • Posts: 6407
  • Country: hr
Re: Need help hacking DP832 for multicolour option.
« Reply #108 on: April 04, 2019, 10:27:33 pm »
How about DP831 ?
 

Offline tossu

  • Contributor
  • Posts: 21
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #109 on: April 04, 2019, 10:47:05 pm »
How about DP831 ?

I'd try setting the model to DP831A. I don't have a DP831 to test with, but DP831A is a recognized string constant. I don't see why it shouldn't work.

Edit: Pictures of my hacked DP832
« Last Edit: April 04, 2019, 11:12:08 pm by tossu »
 
The following users thanked this post: 2N3055

Offline 2N3055

  • Super Contributor
  • ***
  • Posts: 6407
  • Country: hr
Re: Need help hacking DP832 for multicolour option.
« Reply #110 on: April 04, 2019, 10:58:28 pm »
How about DP831 ?

I'd try setting the model to DP831A. I don't have a DP831 to test with, but DP831A is a recognized string constant. I don't see why it shouldn't work.
Thanks!
I'll give it a go and report back..
 

Offline PTR_1275

  • Frequent Contributor
  • **
  • Posts: 561
  • Country: au
Re: Need help hacking DP832 for multicolour option.
« Reply #111 on: April 04, 2019, 11:18:04 pm »
So changing it to the coloured display doesn’t give you that horrible triangular split display?? (The one with the circle in the middle and the settings top left, top rightand bottom middle) Personally that screen layout is the reason I avoided the 832a...
 

Offline tossu

  • Contributor
  • Posts: 21
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #112 on: April 04, 2019, 11:21:53 pm »
So changing it to the coloured display doesn’t give you that horrible triangular split display?? (The one with the circle in the middle and the settings top left, top rightand bottom middle) Personally that screen layout is the reason I avoided the 832a...

It does, but DP832A has a DP832-like colorful display mode as an alternative.
 

Offline Macbeth

  • Super Contributor
  • ***
  • Posts: 2571
  • Country: gb
Re: Need help hacking DP832 for multicolour option.
« Reply #113 on: April 04, 2019, 11:52:15 pm »
Fantastic hacking work!

Even though I prefer the plain '7 segment font' DP832 display over the DP832A anyway, I wonder if the random reboots that DP832 owners suffer from for absolutely no rhyme or reason will vanish when software converting to a DP832A, like there was some sick fuck that deliberately sabotaged these PSU's by software methods only? Much like the scum involved in HP inkjet printers and cartridges malarky?  :wtf:
 

Offline CustomEngineerer

  • Frequent Contributor
  • **
  • Posts: 463
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #114 on: April 05, 2019, 03:22:22 am »
Worked for me, thanks!
 

Offline jasonbrent

  • Regular Contributor
  • *
  • Posts: 176
Re: Need help hacking DP832 for multicolour option.
« Reply #115 on: April 05, 2019, 05:14:15 am »
Well, this just moved the 832 back up on my list of potential adds. Good work!

-j
 

Offline RoGeorge

  • Super Contributor
  • ***
  • Posts: 6136
  • Country: ro
Re: Need help hacking DP832 for multicolour option.
« Reply #116 on: April 05, 2019, 06:36:25 am »
I managed to reverse engineer the firmware and found a hidden command which can be used to change the model. Huge thanks to volkimel and tv84 for descrambling and parsing the firmware!

First, create a USB drive with magic value "80 DF 20 10 90 20 62 80" in sector 0x58E0. You can format a drive as FAT and copy keyfile.bin from the attached zip to it. The keyfile is filled with the magic pattern, and the chances are that it gets placed over the right sector.

After that, insert the drive to your DP832 and send the following SCPI command to it.
Code: [Select]
:PROJ:SET MODEL,DP832A

Reboot, and you should be greeted with a colorful display.

Very nice finding, thank you!  :-+

In the beginning, the difference between DP832 and DP832A use to be that the "A" variant came with all the features unlocked from the factory, and a new weird and multicolour display scheme.

With the latest firmware, are the differences between DP832 and DP832A still the same?  Was there any new functionality added in the meantime to the DP832A only?

Offline TurboTom

  • Super Contributor
  • ***
  • Posts: 1380
  • Country: de
Re: Need help hacking DP832 for multicolour option.
« Reply #117 on: April 05, 2019, 09:17:58 am »
 :-+ DP811 -> DP811A works a treat!

I like the "proper" fonts so much more than the simulated 7-Segment digits that even are shown dimmed when "off" (what a stupid idea).
Kudos to you @tossu and thank you very much for sharing!

Cheers,
Thomas
 
The following users thanked this post: PeDre

Offline Pinkus

  • Frequent Contributor
  • **
  • Posts: 768
Re: Need help hacking DP832 for multicolour option.
« Reply #118 on: April 05, 2019, 09:27:44 am »
Thank you Tossu!

@all: do I really still need Ultrasigma to send SCPI commands or is there a smaller tool around? I remember Ultrasigma being huge and if possible I would like to avoid installing it just for this hack. Though if there is now way around, i would do a backup->install->hack->restore to get rid of it  quickly. Thanks.
 

Offline TurboTom

  • Super Contributor
  • ***
  • Posts: 1380
  • Country: de
Re: Need help hacking DP832 for multicolour option.
« Reply #119 on: April 05, 2019, 09:39:22 am »
Under Windows, you can just telnet to the Power Supply (provided you're using an ethernet connection):

Figure out its IP address

Start a console (cmd)

telnet [IP_Address] 5555

Now just enter (or copy&paste) the SCPI command -- voila.
 

Offline Pinkus

  • Frequent Contributor
  • **
  • Posts: 768
Re: Need help hacking DP832 for multicolour option.
« Reply #120 on: April 05, 2019, 09:43:48 am »
Thanks. I will try it right away!
 

Offline Pinkus

  • Frequent Contributor
  • **
  • Posts: 768
Re: Need help hacking DP832 for multicolour option.
« Reply #121 on: April 05, 2019, 10:17:11 am »
Mmmmh - not working.  Should I get a feedback from the DP832? I am able to open telnet. Any entered character is shown as a space on the screen; after entering the string manually (or copy/paste) nothing happens (I am pressing ENTER after entering the string. There is no visible feedback from the power supply. Is this correct?
Rebooting then changes nothing - shows still DP832 in system info screen.
I tried an old 1GB USB stick and formatted with 16Kbyte blocks. I will now try another USB stick (4 GByte and 64KByte blocks) and I as I do not have the latest firmware installed, I will try this too.
 

Offline TurboTom

  • Super Contributor
  • ***
  • Posts: 1380
  • Country: de
Re: Need help hacking DP832 for multicolour option.
« Reply #122 on: April 05, 2019, 10:40:59 am »
I also didn't get a response from the power supply via telnet when I did so. It may be worth to try another command that will return a value like for example:

:SYSTem:VERSion?

This should return "1999.0" (SCPI version on the device). If this works and you're sending the correct command, you should really check the USB drive you're using. I was successful with a quite old 8GB thumb drive labeled "Verbatim" that I also use for firmware updates. But I followed @tossu's instructions to format it and then only copy the provided file on it. Worked for both my DP832 and DP811.

Good luck,
Thomas
« Last Edit: April 05, 2019, 11:07:59 am by TurboTom »
 

Offline Pinkus

  • Frequent Contributor
  • **
  • Posts: 768
Re: Need help hacking DP832 for multicolour option.
« Reply #123 on: April 05, 2019, 10:55:31 am »
Thanks Tom,
I was running firmware 1.04 :wtf:. Yeah pretty old but as everything was working fine, there was no need. As a firmware update to 1.11. did solve the problem above, anybody should check his/her version first and then do an update if needed. I will now update to 1.14. (1.11. was -according to Rigol- a needed step inbetween).
 
The following users thanked this post: Sully

Offline rfspezi

  • Regular Contributor
  • *
  • Posts: 173
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #124 on: April 05, 2019, 11:34:01 am »
Are you using the Ultra Sigma Software from Rigol to send the SCPI command?
I tried to download that software several times from the Rigol homepage, however it takes ages and finally is corrupt.  :-\
 

Offline Pinkus

  • Frequent Contributor
  • **
  • Posts: 768
Re: Need help hacking DP832 for multicolour option.
« Reply #125 on: April 05, 2019, 11:56:29 am »
No I used telnet as Tom mentioned above.
 

Offline rfspezi

  • Regular Contributor
  • *
  • Posts: 173
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #126 on: April 05, 2019, 12:10:56 pm »
No I used telnet as Tom mentioned above.

Thank you!
Hack works :)
 

Offline jancumps

  • Supporter
  • ****
  • Posts: 1272
  • Country: be
  • New Low
Re: Need help hacking DP832 for multicolour option.
« Reply #127 on: April 05, 2019, 12:11:40 pm »
you need to run ultra sigma to load the drivers. I haven’t tried pure tcp/ip to send scpi, I can give that a try ...

ah, already confirmed.
 

Offline rfspezi

  • Regular Contributor
  • *
  • Posts: 173
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #128 on: April 05, 2019, 12:26:19 pm »
PS. Is this trick reversible?

Good question :)
 



Offline _Wim_

  • Super Contributor
  • ***
  • Posts: 1514
  • Country: be
Re: Need help hacking DP832 for multicolour option.
« Reply #131 on: April 05, 2019, 12:37:16 pm »
I would appreciate a write-up on how you came up with this, if that's not too much work.

@Tossu, first of all great work!  :-+

I also would appreciate some write-up on how you came to this, because this method is maybe applicable to other rigol gear as wel. I tried to use this on my DG1032Z (upgrade to DG1062Z) but after I send the SCPI-command the communication locked up (does not respond to *IDN? any longer) and had to reboot.

On my DP832 it worked flawlessly.
 

Offline 2N3055

  • Super Contributor
  • ***
  • Posts: 6407
  • Country: hr
Re: Need help hacking DP832 for multicolour option.
« Reply #132 on: April 05, 2019, 12:39:51 pm »
Copied file to FAT formatted empty USB stick, telnet to 5555 port and pasted:

:PROJ:SET MODEL,DP831A

Enter and reboot. Worked perfectly.
Thanks!
 

Offline CustomEngineerer

  • Frequent Contributor
  • **
  • Posts: 463
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #133 on: April 05, 2019, 12:45:18 pm »
I also didn't get a response from the power supply via telnet when I did so. It may be worth to try another command that will return a value like for example:

:SYSTem:VERSion?

This should return "1999.0" (SCPI version on the device). If this works and you're sending the correct command, you should really check the USB drive you're using. I was successful with a quite old 8GB thumb drive labeled "Verbatim" that I also use for firmware updates. But I followed @tossu's instructions to format it and then only copy the provided file on it. Worked for both my DP832 and DP811.

Good luck,
Thomas

I also had issues with the first USB drive I tried. Formatted and copied the file onto it, stuck in back of DP832, connected with telnet, but when I would send the SCPI command, the screen on the DP832 would show something like "Incorrect command". I switched to an older 512MB verbatim USB drive, formatted, and this time when I sent the SCPI command I'm pretty sure the DP832 didn't show any indication it had worked (no message on the screen or beep), until I rebooted it. Once it was rebooted though I was able to change the display mode to the DP832A ones.
 

Online PA0PBZ

  • Super Contributor
  • ***
  • Posts: 5114
  • Country: nl
Re: Need help hacking DP832 for multicolour option.
« Reply #134 on: April 05, 2019, 06:12:58 pm »
Thanks @tossu, that was brilliant!  :-+
Keyboard error: Press F1 to continue.
 

Offline tossu

  • Contributor
  • Posts: 21
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #135 on: April 05, 2019, 08:28:47 pm »
A DP800 should reply OK if the :PROJ:SET MODEL,DP832A command was successful. It does that, if the command is sent from the USB interface. If it is sent from the LAN interface, it won't reply anything or accept new commands until the connection is closed.

:PROJ:SET is probably not meant to be used from LAN, and it might be crashing the server process.

I tried to use this on my DG1032Z (upgrade to DG1062Z) but after I send the SCPI-command the communication locked up (does not respond to *IDN? any longer) and had to reboot.

On my DP832 it worked flawlessly.

It might be working on DP800 by coincidence. Did you try to use the USB interface?
« Last Edit: April 05, 2019, 08:39:01 pm by tossu »
 

Offline RoGeorge

  • Super Contributor
  • ***
  • Posts: 6136
  • Country: ro
Re: Need help hacking DP832 for multicolour option.
« Reply #136 on: April 05, 2019, 10:56:29 pm »
WOW, way nicer display, easier to read (DP832A/Classic).  :-+
https://www.albinoblacksheep.com/flash/thankyou

Tried the upgrade with a 4GB AData USB.  Worked flawless.

The upgrade from DP832 to DP832A is reversible, can be set as you like at any time as long as the USB drive is plugged in.  Did it by LAN.  No OK response to the change model SCPI command, but it worked. 

DP832


DP832A


To be honest, I didn't expect the color display to make such a big difference, yet it does.  And the digits are not 7 segments any more, much easier to read now.  Very nice surprise.
 :D

After changing the model and powering it off/on again, pressed the 'Display' button then clicked 'Disp Mode' button until is selected 'Dips Mode: Classic', then pressed the 'Display' button again, and that's it.

DP832A


DP832A


Now, to upgrade to the latest firmware, too, what is the latest available for DP800, and how do I interrogate for the installed firmware version, please?
« Last Edit: April 05, 2019, 11:47:16 pm by RoGeorge »
 

Offline maginnovision

  • Super Contributor
  • ***
  • Posts: 1963
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #137 on: April 05, 2019, 11:51:04 pm »
Now you all need to change the channel on LEDs to match the screens.
 

Offline RoGeorge

  • Super Contributor
  • ***
  • Posts: 6136
  • Country: ro
Re: Need help hacking DP832 for multicolour option.
« Reply #138 on: April 06, 2019, 01:08:45 am »
No need to change the LEDs.  A simple highlight with marker will be enough.

It happened to me in the past to power up other channel than the intended one, so coloring the buttons and the banana plugs might not be a bad idea.

About the firmware update, the latest versions are:
- bootloader 01.09
- software 00.01.14.00.03
downloaded today from https://www.rigolna.com/products/dc-power-loads/dp800/

When asked for credentials, enter whatever.

To see the installed firmware details press 'Utility' -> 'Sys Info' -> 'M1' -> 'M3' -> 'M2'
Where M1...M5 are the buttons under the screen.


Offline hansibull

  • Regular Contributor
  • *
  • Posts: 104
  • Country: no
Re: Need help hacking DP832 for multicolour option.
« Reply #139 on: April 06, 2019, 08:43:33 am »
There is a newer firmware v00.01.16.00.02:
http://www.rigol.com/Support/SoftDownload/3
http://www.rigol.com/File/ModelSoftWare/20190328/DP800(ARM)update.rar

Peter

Does anybody know what's been changed in the latest firmware version? And can anybody verify that work with the hack tossu released?
 

Offline TurboTom

  • Super Contributor
  • ***
  • Posts: 1380
  • Country: de
Re: Need help hacking DP832 for multicolour option.
« Reply #140 on: April 06, 2019, 08:59:11 am »
On both of my PSUs (DP832 and DP811), F/W 01.16.00.02 was installed prior to applying @tossu's patch via LAN. Worked without any problem.

Obviously, installing the new firmware after applying the patch will have to work because it's supposed to work on "official" DP800A devices as well. And it pretty much seems the patch turns a non-A instrument into an "A"-version without any (technical) difference to an official one (...maybe someone may start a business by offering the "Hello Kitty" bezels for upgrade... )  :-DD .
 

Offline RoGeorge

  • Super Contributor
  • ***
  • Posts: 6136
  • Country: ro
Re: Need help hacking DP832 for multicolour option.
« Reply #141 on: April 06, 2019, 10:17:37 am »
I just upgraded the firmware to DP800 00.01.16.00.02 2019-03-28 (for a DP832 transformed yesterday into DP832A using tossu hack - thanks again, great finding).

The new firmware seems to be working fine, except the DNS address in the LAN settings (mine are set to manual LAN settings.  After a power off/on cycle, the DNS will always point to 88.218.37.64  :-//

Code: [Select]
!!!!! For Firmware DP800 00.01.16.00.02 2019-03-28 the DNS address seems hardcoded to 88.218.37.64 !!!!!
========================================================================================================
IP address 88.218.37.64 location
Country:Spain
Region:Madrid
City:Madrid
Longitude:-3.7026
Latitude:40.4165
Time Zone:Europe/Madrid
Postal Code:28050


IP Whois Information For 88.218.37.64
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.

% Information related to '88.218.36.0 - 88.218.39.255'

% Abuse contact for '88.218.36.0 - 88.218.39.255' is '@airbnb.com'

inetnum: 88.218.36.0 - 88.218.39.255
netname: IE-AIRBNB-20181214
country: IE
org: ORG-AU44-RIPE
admin-c: ARA114-RIPE
tech-c: MA19860-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-by: ie-airbnb-1-mnt
created: 2018-12-14T12:50:04Z
last-modified: 2018-12-14T12:50:04Z
source: RIPE

organisation: ORG-AU44-RIPE
org-name: AIRBNB IRELAND ULC
org-type: LIR
address: The Watermarque Building South Lotts Road, Ringsend
address: 4
address: Dublin
address: IRELAND
admin-c: ARA114-RIPE
tech-c: MA19860-RIPE
abuse-c: AR38143-RIPE
mnt-ref: ie-airbnb-1-mnt
mnt-by: RIPE-NCC-HM-MNT
mnt-by: ie-airbnb-1-mnt
created: 2016-10-31T08:25:02Z
last-modified: 2017-05-08T12:17:29Z
source: RIPE # Filtered
phone: +14157280000

person: Eoin Hession
address: The Watermarque Building South Lotts Road, Ringsend
address: 4
address: Dublin
address: IRELAND
phone: +14157280000
nic-hdl: ARA114-RIPE
mnt-by: ie-airbnb-1-mnt
created: 2016-10-31T08:25:01Z
last-modified: 2016-11-22T21:48:25Z
source: RIPE

person: Eric Lee
address: 888 Brannan Street, San Francisco, CA 94114
phone: +14087506453
nic-hdl: MA19860-RIPE
mnt-by: ie-airbnb-1-mnt
created: 2016-11-22T21:54:00Z
last-modified: 2018-12-14T09:08:49Z
source: RIPE

% This query was served by the RIPE Database Query Service version 1.93.2 (BLAARKOP)

Anybody else having problems setting the DNS address in the DP800 LAN settings, please?

Online tautech

  • Super Contributor
  • ***
  • Posts: 28058
  • Country: nz
  • Taupaki Technologies Ltd. Siglent Distributor NZ.
    • Taupaki Technologies Ltd.
Re: Need help hacking DP832 for multicolour option.
« Reply #142 on: April 06, 2019, 10:21:19 am »
Oh dear, seems you're also in Spain, Ireland and San Fran.   :clap:
Avid Rabid Hobbyist
Siglent Youtube channel: https://www.youtube.com/@SiglentVideo/videos
 

Offline hansibull

  • Regular Contributor
  • *
  • Posts: 104
  • Country: no
Re: Need help hacking DP832 for multicolour option.
« Reply #143 on: April 06, 2019, 10:47:56 am »
Oh dear, seems you're also in Spain, Ireland and San Fran.   :clap:

I've never heard of this before. Care to explain?  :)

I successfully hacked my DP832 and turned it into a DP832A. I didn't bother updating the firmware, so I'm still at 01.14. However, one quirk I found was that the USB stick has to be connected after the PSU have booted. It's not visible if the USB stick is plugged in when the PSU is turned off.

The PSU never gave me a response on the screen, even though the hack was applied. However, when I returned to the main screen (without rebooting I noticed the negative value of CH3. Somehow a minus sign has snuck in there. When I rebooted I was greeted with a colorful DP832A screen. The minus sign was gone.
« Last Edit: April 06, 2019, 10:53:35 am by hansibull »
 

Online tautech

  • Super Contributor
  • ***
  • Posts: 28058
  • Country: nz
  • Taupaki Technologies Ltd. Siglent Distributor NZ.
    • Taupaki Technologies Ltd.
Re: Need help hacking DP832 for multicolour option.
« Reply #144 on: April 06, 2019, 10:57:38 am »
Oh dear, seems you're also in Spain, Ireland and San Fran.   :clap:

I've never heard of this before. Care to explain?  :)
Study the code in RoGeorge's post.  ;)
Avid Rabid Hobbyist
Siglent Youtube channel: https://www.youtube.com/@SiglentVideo/videos
 

Offline RoGeorge

  • Super Contributor
  • ***
  • Posts: 6136
  • Country: ro
Re: Need help hacking DP832 for multicolour option.
« Reply #145 on: April 06, 2019, 12:54:03 pm »
Oh dear, seems you're also in Spain, Ireland and San Fran.   :clap:

I've never heard of this before. Care to explain?  :)
Study the code in RoGeorge's post.  ;)

That's no code, it's the result of a 'whois 88.218.37.64' search.  Each routable IPv4 is stored in IANA (Internet Assigned Numbers Authority) database, together with some public information about the owner of the routable IP.

For whatever reason, my DP800 disregards my manual setting for the DNS address, and instead it always shows the 88.218.37.64 as a DNS, which seems to be some computer from Madrid.  The company that has that computer with the IP 88.218.37.64 is 'Airbnb Ireland' from Doublin, and so on.

A DNS is used when a computer (in this case my DP832) wants to contact some other internet address by name.  Changing the DNS or enforcing a DNS other than the desired one can be the sign of a security breach.  I hope this is just a bug, and not a security threat.

Anybody with the latest FW and manual IP care to check the DP832 settings please? (to check press 'Utility' -> 'IO Config' -> 'LAN')
Do you have the DNS set to 88.218.37.64 after a power cycle, like this?

« Last Edit: April 06, 2019, 12:57:01 pm by RoGeorge »
 

Offline tossu

  • Contributor
  • Posts: 21
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #146 on: April 06, 2019, 02:50:31 pm »
Anybody with the latest FW and manual IP care to check the DP832 settings please? (to check press 'Utility' -> 'IO Config' -> 'LAN')
Do you have the DNS set to 88.218.37.64 after a power cycle, like this?

I upgraded my DP832 to 1.16, and it is doing the same thing. The DNS is set to 88.218.37.64 when a "LAN connected" notification is shown. However, the value I've set is restored if I go back to the DNS settings. I noticed FW 1.14 changes the DNS as well, but it sets it to 0.0.0.0.

I took a quick look at a DG1032Z firmware I found somewhere. I think it's version 1.06. It has a very similar check for the same magic value at sector 0x78EC.

Could someone eager to hack (or brick) their DG1032Z send these commands to it, preferably via USB, and post the results here? The keyfile.bin I made for DP832 should work.
Code: [Select]
:PROJ:STAT MCALTIMES,QUERY
*IDN?
:PROJ:STAT MODEL,DG1062Z
*IDN?

The first command is just a sanity check. It should print CH1 = <some number>, CH2 = <some number>.
 
The following users thanked this post: WhichEnt2

Offline RoGeorge

  • Super Contributor
  • ***
  • Posts: 6136
  • Country: ro
Re: Need help hacking DP832 for multicolour option.
« Reply #147 on: April 06, 2019, 03:40:14 pm »
No DG1032Z here.

Tried it on a DG4102 instead, over LAN, and ':PROJ:STAT MCALTIMES,QUERY' doesn't seem to be recognized.  There is no reply over LAN, and the generator's screen shortly displays the message "Error generated by remote interface command!", which is the same message as the one displayed for any unrecognized SCPI command.  After that, *IDN? is working just fine.

Also tried ':PROJ:STAT MODEL,DG4162' with the same result.

Offline RoGeorge

  • Super Contributor
  • ***
  • Posts: 6136
  • Country: ro
Re: Need help hacking DP832 for multicolour option.
« Reply #148 on: April 06, 2019, 04:24:01 pm »
Tried it on DG4102 again, this time over USB, and the results are the same:  no SCPI response, only an error message displayed on the DG4102 screen as it would be an unrecognized command, "Error generated by remote interface command!".

Code: [Select]
~$ echo "*IDN?" > /dev/usbtmc1; cat /dev/usbtmc1
Rigol Technologies,DG4102,DG4E17xxxxxx3,00.01.12
cat: /dev/usbtmc1: Connection timed out
~$ echo ":PROJ:STAT MCALTIMES,QUERY" > /dev/usbtmc1; cat /dev/usbtmc1
cat: /dev/usbtmc1: Connection timed out
~$ echo "*IDN?" > /dev/usbtmc1; cat /dev/usbtmc1
Rigol Technologies,DG4102,DG4E17xxxxxx3,00.01.12
cat: /dev/usbtmc1: Connection timed out
~$ echo ":PROJ:STAT MODEL,DG4162" > /dev/usbtmc1; cat /dev/usbtmc1
cat: /dev/usbtmc1: Connection timed out
~$ echo "*IDN?" > /dev/usbtmc1; cat /dev/usbtmc1
Rigol Technologies,DG4102,DG4E17xxxxxx3,00.01.12
cat: /dev/usbtmc1: Connection timed out

~$ #power cycled the DG4102 here

~$ echo "*IDN?" > /dev/usbtmc1; cat /dev/usbtmc1
Rigol Technologies,DG4102,DG4E17xxxxxx3,00.01.12
cat: /dev/usbtmc1: Connection timed out
~$

USB drive formatted FAT32, then copied only the 'keyfile.bin', plugged in the DG4102 at all times.  When it was plugged in the first time, the USB drive was recognized just fine by the generator.
« Last Edit: April 16, 2019, 07:53:42 pm by RoGeorge »
 

Offline tossu

  • Contributor
  • Posts: 21
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #149 on: April 06, 2019, 05:57:42 pm »
Tried it on DG4102 again, this time over USB, and the results are the same:  no SCPI response, only an error message displayed on the DG4102 screen as it would be an unrecognized command, "Error generated by remote interface command!".

That is to be expected if hidden commands are not enabled by whatever switch DG4102 is using.

I'm afraid my hack can't easily be modified for the DG4000 series. Doesn't it have a Blackfin CPU like most of the older Rigol products? If it does, it has to use a different RTOS also. I'm using Ghidra which can't disassemble Blackfin code, and reverse engineering parts of the OS would take significant amount of time anyway. Although, if they are using the same kind of manufacturing process for the DG4000 series, it would probably be enough to get the magic value and sector from the application code.

I was able to decode the command table of DG4000 firmware. It has a :PROJ:STAT command and some promising strings like MODEL and SN.

 

Offline rfspezi

  • Regular Contributor
  • *
  • Posts: 173
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #150 on: April 06, 2019, 07:03:33 pm »
In my oppinion, the colours are not very well chosen concerning the combination of RGB pixel appearance to the human eye.
They appear too uneven in brightness when deactivated.

The combination i'd love to see is the font of the DP832A mode but other colours - even monochrome as in the DP832 mode would be ok.
Maybe the RGB values can be found and replaces in the binary.  ^-^
« Last Edit: April 06, 2019, 07:06:00 pm by rfspezi »
 

Offline tossu

  • Contributor
  • Posts: 21
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #151 on: April 06, 2019, 07:48:36 pm »
The combination i'd love to see is the font of the DP832A mode but other colours - even monochrome as in the DP832 mode would be ok.
Maybe the RGB values can be found and replaces in the binary.  ^-^

I'm quite sure the color values can be found. The problem is that the firmware seems to be checksummed or signed. Earlier in this thread a simple string replacement of model names was tried, and the modified firmware would not be flashed. Even the checksum for flashing could probably be figured out, but if the bootloaded has an another check, your PSU might become bricked. Does anyone know if the firmware is flashed by the bootloader or the main firmware itself? It might be done by the bootloader based on the upgrade instructions.
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 3211
  • Country: pt
Re: Need help hacking DP832 for multicolour option.
« Reply #152 on: April 06, 2019, 07:58:08 pm »
tossu, I think it's the bootloader since the .GEL reference only appears in BL.

From my code analysis you discovered the USB_vendor_disk string that must be present in order for the commands to  change MODEL and/or SN to work, right?
 
The following users thanked this post: tossu

Offline tossu

  • Contributor
  • Posts: 21
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #153 on: April 06, 2019, 08:43:05 pm »
From my code analysis you discovered the USB_vendor_disk string that must be present in order for the commands to  change MODEL and/or SN to work, right?

What's a USB_vendor_disk? It don't recognize that indentifier. The only usb vendor disk thing I could find with Google was a reference in the MSO5000 hacking thread. I'm not at all familiar with that.

But yes, I discovered the value that must be present on a USB drive. Finding the value was easy. I spend more time than I'd like to admit decompiling the firmware before I took a look at MQX RTOS sources and found out that the value had to be on a USB drive.
« Last Edit: April 06, 2019, 08:49:53 pm by tossu »
 
The following users thanked this post: klamath

Offline tv84

  • Super Contributor
  • ***
  • Posts: 3211
  • Country: pt
Re: Need help hacking DP832 for multicolour option.
« Reply #154 on: April 06, 2019, 08:50:51 pm »
There is another specimen of USB_vendor_disk that is recognized by other Rigol equipments. It possesses a specific XXTEA encrypted sector.

You've discovered a simpler one used on other equipment models. That was a big reversing job since the code is not obvious at all (I've just looked into it)!

Now, let's try and see which other models recognize this USB_disk.

Again, great job!


Edit: Just by looking at the .GEL file types, I would say that this method works, at least, for all

DP800 , DL3000 and DG1000(Z)
« Last Edit: April 15, 2019, 10:39:47 pm by tv84 »
 
The following users thanked this post: thm_w, tossu

Offline WhichEnt2

  • Regular Contributor
  • *
  • Posts: 98
  • Country: ru
Re: Need help hacking DP832 for multicolour option.
« Reply #155 on: April 06, 2019, 09:16:16 pm »
Could someone eager to hack (or brick) their DG1032Z send these commands to it, preferably via USB, and post the results here? The keyfile.bin I made for DP832 should work.
Would like to check it on DG1022Z as soon as it arrives.
Short pieces, high value, small period, huge amount, long delay.
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #156 on: April 06, 2019, 09:20:01 pm »
I managed to reverse engineer the firmware and found a hidden command which can be used to change the model. Huge thanks to volkimel and tv84 for descrambling and parsing the firmware!

First, create a USB drive with magic value "80 DF 20 10 90 20 62 80" in sector 0x58E0. You can format a drive as FAT and copy keyfile.bin from the attached zip to it. The keyfile is filled with the magic pattern, and the chances are that it gets placed over the right sector.

After that, insert the drive to your DP832 and send the following SCPI command to it.
Code: [Select]
:PROJ:SET MODEL,DP832A

Reboot, and you should be greeted with a colorful display.

Tossu and TV84, I cannot thank you guys enough for your help with this project, along with everyone else who provided insight and tried helping in hacking this!    This was something I wanted for a very long time and just found out today that it was finally hacked!   THANK YOU GUYS SOOOOOO MUCH!!!!!!!!
 

Offline hansibull

  • Regular Contributor
  • *
  • Posts: 104
  • Country: no
Re: Need help hacking DP832 for multicolour option.
« Reply #157 on: April 06, 2019, 09:29:09 pm »
In my opinion, the colors are not very well chosen concerning the combination of RGB pixel appearance to the human eye.
They appear too uneven in brightness when deactivated.

The combination I'd love to see is the font of the DP832A mode but other colors - even monochrome as in the DP832 mode would be ok.
Maybe the RGB values can be found and replace in the binary.  ^-^

THIS! As much as I like the DP832A font it would probably take some time to get used to the new yellow, purple and blue colors. A firmware hack with a different palette would be fantastic. What colors would you guys prefer to have instead? IMO plain white for all three channels would be nice  8)

 

Offline TurboTom

  • Super Contributor
  • ***
  • Posts: 1380
  • Country: de
Re: Need help hacking DP832 for multicolour option.
« Reply #158 on: April 06, 2019, 09:58:45 pm »
Actually, the choice of the color palette like it's been on the "non-A-configuration" but with the fonts / layout of the "A-classic" would be my favorite. Anyway, I'm happy the way it is right now.  :)


P.S. I've also been playing around with my DG4102 and the prepared USB disk. Same result as @RoGeorge. Also somewhat strange behavior of the LXI interface via telnet but that's probably the result of the completely different underlying hardware (BlackFin) compared to the DP800 series (i.MX28 processor).
« Last Edit: April 06, 2019, 10:13:49 pm by TurboTom »
 

Offline rfspezi

  • Regular Contributor
  • *
  • Posts: 173
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #159 on: April 06, 2019, 10:07:55 pm »
What colors would you guys prefer to have instead? IMO plain white for all three channels would be nice  8)

White would be my favourite too.
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 3211
  • Country: pt
Re: Need help hacking DP832 for multicolour option.
« Reply #160 on: April 06, 2019, 11:02:04 pm »
P.S. I've also been playing around with my DG4102 and the prepared USB disk. Same result as @RoGeorge. Also somewhat strange behavior of the LXI interface via telnet but that's probably the result of the completely different underlying hardware (BlackFin) compared to the DP800 series (i.MX28 processor).

Tom, I've got no indication that this might work on that BF machine. But, maybe there is a similar one...  ;)
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 3211
  • Country: pt
Re: Need help hacking DP832 for multicolour option.
« Reply #161 on: April 06, 2019, 11:08:05 pm »
Just confirmed that the DL3000 is exactly as the DP800  (the disk sector is also 0x58E0). And same byte sequence.

Can anyone try a DL3000 to DL3000A conversion?

 

Offline hansibull

  • Regular Contributor
  • *
  • Posts: 104
  • Country: no
Re: Need help hacking DP832 for multicolour option.
« Reply #162 on: April 06, 2019, 11:15:29 pm »
Just confirmed that the DL3000 is exactly as the DP800  (the disk sector is also 0x58E0). And same byte sequence.

Can anyone try a DL3000 to DL3000A conversion?

There is a DL3000 at work which is rarely used. I may try applying the hack on Monday. Same procedure and SCPI command as on the DP832?
Should I update to the latest firmware version before applying the hack? And is there a real chance of bricking it?

EDIT:
It seems like a stock DL3021 can't use the LAN port without buying an upgrade. Is it possible to apply the SCPI command using RS-232?
« Last Edit: April 06, 2019, 11:30:15 pm by hansibull »
 

Offline tossu

  • Contributor
  • Posts: 21
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #163 on: April 07, 2019, 01:40:18 am »
OK, I promised a write-up of my hacking process earlier. I've left out some things I did if they didn't end up anywhere, but feel free to skip the first part still. It's night already and I'm tired and writing in English. Not much can be expected. I finally got to it so here it comes!

Premilinary work

I started with a firmware version 1.14 descrambled with the method previously discovered in this thread. The first thing to do was of course to run binwalk and strings on it. Binwalk found a lot of ARM instructions and the entropy plot seemed sensible. I read the list of strings carefully and found some interesting: MODEL, FACTORYON, FACTORYOFF, MANUFACTUREON, MANUFACTUREOFF. They looked a lot like SCPI commands.

I tried a lot of plausible combinations like :SYSTEM:FACTORYON programmatically. I got just a bunch of false results because the SCPI server crashes easily and starts to do weird things.

I wanted to disassemble the firmware, and luckily the loading address had already been figured out. Search for references to those interesting string constants found something. One function, insted of it's normal thing, sets a variable to 1 if parameter FACTORYON is passed to it while some condition is true. The function usually takes ON, 1, OFF or 0 as a parameter. The DP800 programming manual list only a few of those. I tried all of them them but those returned errors. That was very much expected. Following functions calls for the condition would just find more and more complex code with indirect references.

At this point, I figured out I had been living under a rock, and there's a new decompiler called Ghidra. I wanted to try it so I redid all of my previous work with it. It didn't take much time at all, but neither did it help me any further. I started to look for other commands. I found a one which can set a MODEL or SN, but it checks for the same condition before it does anything.

A dump of RAM would've helped me a lot, and there was a command for it. To use it, I had to get it's name. The names were stored in a tree-like structure which had to be parsed. By chance I came across a simple Perl script for printing DS1054Z command structure. I quickly rewrote it in Python and had a list of commands on the first try. I modified it to print command IDs and conditional parts properly. The command list is attached if you want to have a look.

Now I could start dumping the memory with command :PROJect:MEMOry:READ?. Figuring out it's parameters was easy with a help of a decompiler. The first kilobyte of the flash could be read with :PROJ:MEMO:READ? FLASH,0,1024 and it was sensible. To test it I dumped the flash. There was just the firmware I already had. Luckily the command could also read RAM by changing the first parameter. I tried to read the RAM but the output made no sense. I read the decompiled source again and was sure I was using the command right. Instead, the command either had a placeholder implementation or was missing a call to atoi. It read from the address of the second parameter instead of the numeric value and would just echo back the parameters. I had to do more static analysis without a memory dump.

Decompilation and a hack

The offset and the loading address of the firmware are known thanks to previous efforts in this thread. The array of pointers to command handlers is easy to find. Just find one handler with a known string and follow the cross references. Names of the commands are stored in an another large structure which can be parsed with a script made for DS1054Z. It has pointers to all the command names and is easily found with xrefs.

The command handler which can change the model references strings MODEL an SN. The former is long enough to be found with any string search. The handler calls a function which does the USB drive check. Unless it returs zero, the handler does nothing and returns an error. A pointer to the command can be found by following xrefs back to the command handler array. Based on it's index, name :PROJect:SET can be found from the command name structure.

The USB drive check function has many arbitary values. By calling a second function, it does a memcpy-like operation of 8 bytes from 0x58E0 to an array in the stack and compares those against hard coded constants. The second function has a pattern which looks very much like "allocate, read something, memcpy, free". At least the vectorized memcpy is easy to recognize.

The function which does the reading is unfortunately the most difficult to understand. I uses a lot of pointers and arbitary values. It also has a slightly different style to it. This hints that it might be a part of an OS driver. Strings reveal that the firmware contains version 3.7 of MQX RTOS. It's sources are available, and they contain symbolic values for some of the immediate values used in the fuction. One, MFS_READ_FAULT, is used only in three places. One of those is function MFS_Read_device_sector. It's source matches the decompiler output perfectly. The last thing to do with the code is go back and get the 8 byte value from the disassembly. Some mental math has to be done to get endianness right.

When the value is written to the start of sector 0x58E0 of a USB drive, the command :PROJect:SET will work. I took the easy route and did the file copy trick. Mainly because I didn't bother to check if a valid file system is required or if it's sector 0x58E0 of the drive or a partition or something.

Afterthoughts

I think it took me three or four evenings of messing around with my DP832 in total. Most of it was spend trying to dump the memory and trying some things I've left out. I didn't help that I had never read ARM assembly or used Ghidra before. I think Ghidra is an excelent tool and in some ways better than a, um, free version of another interactive disassembler.

I've decompiled some of the other commands. The unit can be set to some factory mode with command :SYST:BEEP FACTORYON if the magic USB drive is inserted. In that mode the model can be set with :SYST:LOCK DP832A$, but I don't think it enables anything else. :DIGItal:IO commands seemed somewhat interesting by their name, but they don't seem to be doing anything.

The :PROJ:SET command should return OK but crashes the command line if it's send via LAN. I think it safer to test it via USB on other Rigol models. However, on DP832 it seems to be working quite well.

Offline tossu

  • Contributor
  • Posts: 21
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #164 on: April 07, 2019, 02:15:07 am »
There is another specimen of USB_vendor_disk that is recognized by other Rigol equipments. It possesses a specific XXTEA encrypted sector.

You've discovered a simpler one used on other equipment models. That was a big reversing job since the code is not obvious at all (I've just looked into it)!

It seems you got a hang of my hack pretty quickly before any explanation. I assume you got figured it out completely as you were able to check it for other models. Did the magic values help? What's the another specimen? Could you tell how did you thought I did it? I haven't really read other Rigol hacking threads so I might be asking some stupid questions. If that's the case, please point me to the right direction.
 
The following users thanked this post: ppsilva

Offline WhichEnt2

  • Regular Contributor
  • *
  • Posts: 98
  • Country: ru
Re: Need help hacking DP832 for multicolour option.
« Reply #165 on: April 07, 2019, 07:29:16 am »
tossu, how do you look into DG1000Z firmware? I tried the python version of descrambler, but output is a complete mess, not anyting readable in strings output at all.
Short pieces, high value, small period, huge amount, long delay.
 

Offline ealex

  • Frequent Contributor
  • **
  • Posts: 312
  • Country: ro
Re: Need help hacking DP832 for multicolour option.
« Reply #166 on: April 07, 2019, 07:37:46 am »
thanks for the hack.

quick hint for linux users: if you connect it via USB it will be detected as an usbtmcX device:
Code: [Select]
[38355.860413] usb 5-1.2: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 80, changing to 10
[38355.860415] usb 5-1.2: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[38355.860417] usb 5-1.2: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 64
[38355.861908] usb 5-1.2: New USB device found, idVendor=1ab1, idProduct=0e11, bcdDevice= 0.02
[38355.861909] usb 5-1.2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[38355.861910] usb 5-1.2: Product: DP800 Serials
[38355.861912] usb 5-1.2: Manufacturer: Rigol Technologies.
[38355.861913] usb 5-1.2: SerialNumber: DP8C163953058
[38355.939460] usbcore: registered new interface driver usbtmc

it's a simple char device -> you can use echo and cat to access it:
Code: [Select]
# echo ":SYSTem:VERSion?" > /dev/usbtmc3
# cat /dev/usbtmc3
1999.0
^C^C^C^C
# echo ":PROJ:SET MODEL,DP832A" > /dev/usbtmc3

it works with a FAT16 partition on a newer USB stick - just make it the first partition on the stick
 
The following users thanked this post: Spork Schivago, WhichEnt2

Offline tv84

  • Super Contributor
  • ***
  • Posts: 3211
  • Country: pt
Re: Need help hacking DP832 for multicolour option.
« Reply #167 on: April 07, 2019, 10:13:33 am »
It seems you got a hang of my hack pretty quickly before any explanation. I assume you got figured it out completely as you were able to check it for other models. Did the magic values help? What's the another specimen? Could you tell how did you thought I did it? I haven't really read other Rigol hacking threads so I might be asking some stupid questions. If that's the case, please point me to the right direction.

You took advantage of my parsings but you deserve full credit for this discovery!  :clap:  (the main reason of my parsings is to allow the kind of work you did)

In the meantime, the method has been confirmed to work on DG1000Z (as expected, even with a different sector). Of course, I was only able to somewhat understand what you did based on the magic values that you published. Even after your explanation is not something very easy to recreate without diving into the MQX toolchain.

The other specimen can be used, for example, in the DS1054Z and also in the MSO5000/7000 (it's for ARM only)

You can have a taste of it, here:
https://www.eevblog.com/forum/testgear/rigol-ds1000z-firmware-patch-plugins/msg1473517/#msg1473517

Based on known Rigol's way of doing things, it was not hard to figure out what you had accomplished (even if you were not fully aware at the time). Without previous knoweledge of Rigol hacks it's even more amazing!

Even the "brute-force" method of the file in the disk is poetry.  BTW , it wouldn't work in the other specimen because the sector is one of the disk reserved sectors.
 
The following users thanked this post: volkimel, tossu

Offline 2N3055

  • Super Contributor
  • ***
  • Posts: 6407
  • Country: hr
Re: Need help hacking DP832 for multicolour option.
« Reply #168 on: April 07, 2019, 10:37:03 am »

In the meantime, the method has been confirmed to work on DG1000Z (as expected, even with a different sector).


Does DG1000Z work with same magic sector as DP800 or it is another one.. Syntax for a model command is the same I presume?
Thks!
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 3211
  • Country: pt
Re: Need help hacking DP832 for multicolour option.
« Reply #169 on: April 07, 2019, 10:40:19 am »

In the meantime, the method has been confirmed to work on DG1000Z (as expected, even with a different sector).


Does DG1000Z work with same magic sector as DP800 or it is another one.. Syntax for a model command is the same I presume?
Thks!

It's a different sector but tossu file works also with that sector. Syntax should be the same.
 

Offline hansibull

  • Regular Contributor
  • *
  • Posts: 104
  • Country: no
Re: Need help hacking DP832 for multicolour option.
« Reply #170 on: April 07, 2019, 10:53:48 am »
Would this sort of hack work on the Rigol DG1022 (non Z) as well? I have a DG1022 on my bench and would love to turn it into a DG1022A.
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 3211
  • Country: pt
Re: Need help hacking DP832 for multicolour option.
« Reply #171 on: April 07, 2019, 11:17:13 am »
Would this sort of hack work on the Rigol DG1022 (non Z) as well? I have a DG1022 on my bench and would love to turn it into a DG1022A.

The FW is the same, right?  If so, I think it would but you are all on your own. I've done no tests since I don't have the equipment.

The test done was DG1022Z -> DG1062Z.
 

Offline 2N3055

  • Super Contributor
  • ***
  • Posts: 6407
  • Country: hr
Re: Need help hacking DP832 for multicolour option.
« Reply #172 on: April 07, 2019, 11:18:18 am »
DG1000Z doesn't work over telnet.. It hangs the AWG completely (not responsive to buttons)..
Will try over USB, installing UltraSigma..
 

Offline 2N3055

  • Super Contributor
  • ***
  • Posts: 6407
  • Country: hr
Re: Need help hacking DP832 for multicolour option.
« Reply #173 on: April 07, 2019, 11:25:55 am »
Over USB on the first try all went well.. Even got OK\n response..
Reboot and it works..

And now only Arb16M   ::)

@tossu  premium work kudos.. thanks a bunch
and as always thanks to tv84..
 

Offline tossu

  • Contributor
  • Posts: 21
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #174 on: April 07, 2019, 12:19:41 pm »
tossu, how do you look into DG1000Z firmware? I tried the python version of descrambler, but output is a complete mess, not anyting readable in strings output at all.

It uses the same scrambling algorithm but a different starting value. I took advantage of the fact that firmwares usually have long strings of zeroes and those make distinctive patterns of increasing numbers. If the right value of just one byte is known, the offset can be calculated.

The FW is the same, right?  If so, I think it would but you are all on your own. I've done no tests since I don't have the equipment.

DG1022 is the old, DS1052E era function generator. I don't think it's going to work.
 
The following users thanked this post: Spork Schivago, WhichEnt2

Offline mleyden

  • Contributor
  • Posts: 20
  • Country: ie
Re: Need help hacking DP832 for multicolour option.
« Reply #175 on: April 07, 2019, 12:37:20 pm »
DG1022Z -> DG1062Z successful over LAN (using same USB stick that did my DP832 -> DP832A upgrade):

>telnet 192.168.1.XXX 5555
*IDN?
Rigol Technologies,DG1022Z,DG1ZA183______,03.01.12
:PROJ:STAT MODEL,DG1062Z
*IDN?
Rigol Technologies,DG1062Z,DG1ZA183______,03.01.12


Thanks!
 

Offline CustomEngineerer

  • Frequent Contributor
  • **
  • Posts: 463
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #176 on: April 07, 2019, 12:44:07 pm »
DG1000Z doesn't work over telnet.. It hangs the AWG completely (not responsive to buttons)..
Will try over USB, installing UltraSigma..

Maybe stupid question, but going to ask anyways. At least on the DP832, once you connect (or maybe once you send the first command) over telnet, the power supply locks out the buttons on the front panel. If you want to resume controlling the power supply from the front panel, you have to hit the back button first, which takes it out of remote command mode. Is it possible the DG1000Z is the same?
 

Offline WhichEnt2

  • Regular Contributor
  • *
  • Posts: 98
  • Country: ru
Re: Need help hacking DP832 for multicolour option.
« Reply #177 on: April 07, 2019, 12:47:10 pm »
DG1022Z -> DG1062Z successful over LAN (using same USB stick that did my DP832 -> DP832A upgrade):
Did you perform full range sweep to check whether it is somewhat flat on the extended range?
Short pieces, high value, small period, huge amount, long delay.
 

Offline 2N3055

  • Super Contributor
  • ***
  • Posts: 6407
  • Country: hr
Re: Need help hacking DP832 for multicolour option.
« Reply #178 on: April 07, 2019, 12:59:42 pm »
DG1000Z doesn't work over telnet.. It hangs the AWG completely (not responsive to buttons)..
Will try over USB, installing UltraSigma..

Maybe stupid question, but going to ask anyways. At least on the DP832, once you connect (or maybe once you send the first command) over telnet, the power supply locks out the buttons on the front panel. If you want to resume controlling the power supply from the front panel, you have to hit the back button first, which takes it out of remote command mode. Is it possible the DG1000Z is the same?
No it is not in remote mode. It blocks both on telnet connection (no response after command) and instrument non responsive... Can't press local to get it back. Reboot needed.

It is 2016 instrument , maybe something is downlevel.. DG1022Zs are new ones, maybe have new boot/OS portion...
 

Offline 2N3055

  • Super Contributor
  • ***
  • Posts: 6407
  • Country: hr
Re: Need help hacking DP832 for multicolour option.
« Reply #179 on: April 07, 2019, 01:17:46 pm »
DG1022Z -> DG1062Z successful over LAN (using same USB stick that did my DP832 -> DP832A upgrade):
Did you perform full range sweep to check whether it is somewhat flat on the extended range?
My DG1032Z is pretty much dead flat to 60 MHz
 
The following users thanked this post: WhichEnt2

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #180 on: April 07, 2019, 08:44:15 pm »
In my opinion, the colors are not very well chosen concerning the combination of RGB pixel appearance to the human eye.
They appear too uneven in brightness when deactivated.

The combination I'd love to see is the font of the DP832A mode but other colors - even monochrome as in the DP832 mode would be ok.
Maybe the RGB values can be found and replace in the binary.  ^-^

THIS! As much as I like the DP832A font it would probably take some time to get used to the new yellow, purple and blue colors. A firmware hack with a different palette would be fantastic. What colors would you guys prefer to have instead? IMO plain white for all three channels would be nice  8)

A hack might not be needed.   It might be a good idea for someone to contact Rigol, someone who owns an official DP832A, to ask if they could implement the change?   Perhaps if enough people ask quick like, they might implement it for current DP832A users, and with this hack, it'd allow the palette change.
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #181 on: April 07, 2019, 09:21:46 pm »
Over USB on the first try all went well.. Even got OK\n response..
Reboot and it works..

And now only Arb16M   ::)

@tossu  premium work kudos.. thanks a bunch
and as always thanks to tv84..

I don't understand.   How do you preform the hack over USB?   Isn't the USB port needed for the magic thumb drive?   Thanks!
 
The following users thanked this post: klamath

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #182 on: April 07, 2019, 09:23:11 pm »
tossu, how do you look into DG1000Z firmware? I tried the python version of descrambler, but output is a complete mess, not anyting readable in strings output at all.

It uses the same scrambling algorithm but a different starting value. I took advantage of the fact that firmwares usually have long strings of zeroes and those make distinctive patterns of increasing numbers. If the right value of just one byte is known, the offset can be calculated.

The FW is the same, right?  If so, I think it would but you are all on your own. I've done no tests since I don't have the equipment.

DG1022 is the old, DS1052E era function generator. I don't think it's going to work.

I always wondered how you figured out that starting value!!!!   That is smart, and good to know!   I wouldn't have thought of that.
 

Offline tossu

  • Contributor
  • Posts: 21
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #183 on: April 07, 2019, 10:01:56 pm »
I don't understand.   How do you preform the hack over USB?   Isn't the USB port needed for the magic thumb drive?   Thanks!

Devices this hack applies to have two USB ports.

While comparing DP800 and DG1000Z firmwares, I found a string 586E719859AF6C obfuscated in the DG1000Z firmware. I think the corresponding string for DP800 is 5EC2D25AE85124. Those look very much like some encryption keys. Google finds one result for the DP800 string in the Rigol's I2C bus thread, but the DG1000Z one might be a new one. Maybe it can be used for something.

 
The following users thanked this post: Spork Schivago

Offline msquared

  • Regular Contributor
  • *
  • Posts: 60
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #184 on: April 08, 2019, 12:31:33 am »
First I just want to give a HUGE THANK YOU to tossu. What an awesome way to "upgrade" a device.

So far I'm 3 for 3.
DP832 to DP832A all options enabled
DL3021 to DL3021A all options enabled
DG1032Z to DG1062Z still missing memory upgrade but output is flat out to 60MHz

All three were done over telnet using the same USB stick. It took me all of about 15 minutes to "upgrade" all 3 devices.

Thanks again.
 

Offline tossu

  • Contributor
  • Posts: 21
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #185 on: April 08, 2019, 12:37:04 am »
This is far-fetched but there is code in the DG1000 firmware that sets a 16M memory related flag if the serial of the unit is "DG1ZA000000000". Command :PROJ:STAT SN,DG1ZA000000000 should be able to change the serial. I have no idea when that function is run but maybe it's worth a try.
 
The following users thanked this post: WhichEnt2

Offline msquared

  • Regular Contributor
  • *
  • Posts: 60
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #186 on: April 08, 2019, 03:46:54 am »
That worked. The option is listed as "Trial" but I don't see a timer so maybe it'll last forever.

Thanks again!

Btw. If anyone is wondering it does require the "Special Key" to work.
 
The following users thanked this post: WhichEnt2

Offline hansibull

  • Regular Contributor
  • *
  • Posts: 104
  • Country: no
Re: Need help hacking DP832 for multicolour option.
« Reply #187 on: April 08, 2019, 10:20:19 am »
I can confirm that this hack works with a bone stock Rigol DL3021 as well.
I used the exact same USB stick as I did on my DP832
By default the LAN interface is an additional option you'll have to purchase. I ended up applying the hack using the RS232 interface.

I didn't bother installing Ultra Sigma, so I just used an ASCII based serial monitor instead.
Default baud rate: 9600, 8 data bits, 1 stop bit, no parity, no hardware handshake
Just remember that you need to add CR LF as line ending

Code: [Select]
:PROJ:SET MODEL,DL3021A
After the hack was applied all options where now available.

Are there any devices left that this hack would possibly work on?
« Last Edit: April 08, 2019, 10:37:54 am by hansibull »
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 3211
  • Country: pt
Re: Need help hacking DP832 for multicolour option.
« Reply #188 on: April 08, 2019, 03:03:26 pm »
I think the corresponding string for DP800 is 5EC2D25AE85124.

That's the ECC public key of the DP832. Did you find any relation of that with the USB disk string?

With the public key 586E719859AF6C  you might upgrade riglol and generate the official license for Arb16M.

Then, it's just:

:LICense:INSTall 1234567890123456789012345678
« Last Edit: April 08, 2019, 04:58:23 pm by tv84 »
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #189 on: April 08, 2019, 07:16:09 pm »
I can confirm that this hack works with a bone stock Rigol DL3021 as well.
I used the exact same USB stick as I did on my DP832
By default the LAN interface is an additional option you'll have to purchase. I ended up applying the hack using the RS232 interface.

I didn't bother installing Ultra Sigma, so I just used an ASCII based serial monitor instead.
Default baud rate: 9600, 8 data bits, 1 stop bit, no parity, no hardware handshake
Just remember that you need to add CR LF as line ending

Code: [Select]
:PROJ:SET MODEL,DL3021A
After the hack was applied all options where now available.

Are there any devices left that this hack would possibly work on?
Are there any known hacks for the DL3000 series that allow LAN interface, or some other way to apply the hack without having to purchase any of the keys?   Just curious.   I couldn't find any, if they do exist.
 

Offline hansibull

  • Regular Contributor
  • *
  • Posts: 104
  • Country: no
Re: Need help hacking DP832 for multicolour option.
« Reply #190 on: April 08, 2019, 08:07:30 pm »
I can confirm that this hack works with a bone stock Rigol DL3021 as well.
I used the exact same USB stick as I did on my DP832
By default, the LAN interface is an additional option you'll have to purchase. I ended up applying the hack using the RS232 interface.

I didn't bother installing Ultra Sigma, so I just used an ASCII based serial monitor instead.
Default baud rate: 9600, 8 data bits, 1 stop bit, no parity, no hardware handshake
Just remember that you need to add CR LF as line ending

Code: [Select]
:PROJ:SET MODEL,DL3021A
After the hack was applied all options were now available.

Are there any devices left that this hack would possibly work on?
Are there any known hacks for the DL3000 series that allow LAN interface, or some other way to apply the hack without having to purchase any of the keys?   Just curious.   I couldn't find any if they do exist.

Not that I'm aware of. But applying this hack does turn it into a DL3021A. And the A model has all option enabled, LAN too.
 
The following users thanked this post: Spork Schivago

Offline TurboTom

  • Super Contributor
  • ***
  • Posts: 1380
  • Country: de
Re: Need help hacking DP832 for multicolour option.
« Reply #191 on: April 08, 2019, 08:46:29 pm »
...still doesn't make the load any better...  :P

https://www.eevblog.com/forum/testgear/new-rigol-dc-load-d3000-series/msg1327086/#msg1327086

P.S. Interesting anyway that the hack is possible. Probably with a little hardware upgrade (some opamps and a few IRFP250's) a conversion to a DL3031A should also be within reach. So if you're sure you need a load only for high, slowly changing currents, this may be a good opportunity...
 
The following users thanked this post: Spork Schivago

Offline hansibull

  • Regular Contributor
  • *
  • Posts: 104
  • Country: no
Re: Need help hacking DP832 for multicolour option.
« Reply #192 on: April 08, 2019, 09:08:22 pm »
...still doesn't make the load any better...  :P

https://www.eevblog.com/forum/testgear/new-rigol-dc-load-d3000-series/msg1327086/#msg1327086

P.S. Interesting anyway that the hack is possible. Probably with a little hardware upgrade (some opamps and a few IRFP250's) a conversion to a DL3031A should also be within reach. So if you're sure you need a load only for high, slowly changing currents, this may be a good opportunity...

Whoa, I didn't know it was THAT terrible! I know the GUI is rather annoying (I'm still scratching my head every time I want to the main screen since there is no obvious back button) but this basically makes it useless for small loads. At work, we use it to stress test DC/DC converters and switchmode power supplies. So for this application, it's not really an issue. However, if I'd buy myself a DC load I would definitely get something more versatile than this.
 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #193 on: April 08, 2019, 09:19:54 pm »
I can confirm that this hack works with a bone stock Rigol DL3021 as well.
I used the exact same USB stick as I did on my DP832
By default, the LAN interface is an additional option you'll have to purchase. I ended up applying the hack using the RS232 interface.

I didn't bother installing Ultra Sigma, so I just used an ASCII based serial monitor instead.
Default baud rate: 9600, 8 data bits, 1 stop bit, no parity, no hardware handshake
Just remember that you need to add CR LF as line ending

Code: [Select]
:PROJ:SET MODEL,DL3021A
After the hack was applied all options were now available.

Are there any devices left that this hack would possibly work on?
Are there any known hacks for the DL3000 series that allow LAN interface, or some other way to apply the hack without having to purchase any of the keys?   Just curious.   I couldn't find any if they do exist.

Not that I'm aware of. But applying this hack does turn it into a DL3021A. And the A model has all option enabled, LAN too.
Yeah, but to apply the hack, don't you at least need the LAN option active?   Or is the RS232 active without the need for a paid Option?   Thanks!
 

Offline hansibull

  • Regular Contributor
  • *
  • Posts: 104
  • Country: no
Re: Need help hacking DP832 for multicolour option.
« Reply #194 on: April 08, 2019, 09:24:09 pm »
I can confirm that this hack works with a bone stock Rigol DL3021 as well.
I used the exact same USB stick as I did on my DP832
By default, the LAN interface is an additional option you'll have to purchase. I ended up applying the hack using the RS232 interface.

I didn't bother installing Ultra Sigma, so I just used an ASCII based serial monitor instead.
Default baud rate: 9600, 8 data bits, 1 stop bit, no parity, no hardware handshake
Just remember that you need to add CR LF as line ending

Code: [Select]
:PROJ:SET MODEL,DL3021A
After the hack was applied all options were now available.

Are there any devices left that this hack would possibly work on?
Are there any known hacks for the DL3000 series that allow LAN interface, or some other way to apply the hack without having to purchase any of the keys?   Just curious.   I couldn't find any if they do exist.

Not that I'm aware of. But applying this hack does turn it into a DL3021A. And the A model has all option enabled, LAN too.
Yeah, but to apply the hack, don't you at least need the LAN option active?   Or is the RS232 active without the need for a paid Option?   Thanks!

The RS232 interface is can be used on a stock DL3021. However, I did have to make myself a crossed gender changer because I didn't have a female-female DB9 cable.
 
The following users thanked this post: Spork Schivago

Offline 2N3055

  • Super Contributor
  • ***
  • Posts: 6407
  • Country: hr
Re: Need help hacking DP832 for multicolour option.
« Reply #195 on: April 09, 2019, 04:43:59 pm »
Did anybody ever buy MEM-DG1000Z Memory Option (16Meg AWG upgrade)  for DG1000Z?
 

Offline Pinkus

  • Frequent Contributor
  • **
  • Posts: 768
Re: Need help hacking DP832 for multicolour option.
« Reply #196 on: April 09, 2019, 05:13:12 pm »
just a short note for those who are "upgrading" to a DP832A. I had a very old firmware revision (1.04) on my DP832. With this old firmware, the hack was not working. I then updated to 1.16 (first 1.11. then 1.16) and then the hack worked.
However, somewhere during this process my DP832 lost all the calibration, thus a complete re-calibration (Edit: can be done by yourself, see here: https://www.eevblog.com/forum/testgear/rigol-dp832-firmware-updates-and-bug-list/) was needed. Though this calibration procedure takes a while, so make sure you have enough time in case this happens to you too.
« Last Edit: April 09, 2019, 09:08:33 pm by Pinkus »
 
The following users thanked this post: Spork Schivago, RoGeorge

Offline 2N3055

  • Super Contributor
  • ***
  • Posts: 6407
  • Country: hr
Re: Need help hacking DP832 for multicolour option.
« Reply #197 on: April 09, 2019, 05:45:20 pm »
My DP831 was 1.14 and kept calibration going to 1.16
 

Offline RoGeorge

  • Super Contributor
  • ***
  • Posts: 6136
  • Country: ro
Re: Need help hacking DP832 for multicolour option.
« Reply #198 on: April 09, 2019, 08:48:31 pm »
just a short note for those who are "upgrading" to a DP832A. I had a very old firmware revision (1.04) on my DP832. With this old firmware, the hack was not working. I then updated to 1.16 (first 1.11. then 1.16) and then the hack worked.
However, somewhere during this process my DP832 lost all the calibration, thus a complete re-calibration was needed. This takes a while, so make sure you have enough time in case this happens to you too.

Mine didn't lost the calibration when upgraded from DP832 to DP832A, but the firmware was already at 1.14.

Couldn't find the info in the DP800 User Manual, it say to contact Rigol.
What is the password and the procedure for DP800 manual calibration, please?
« Last Edit: April 16, 2019, 07:52:45 pm by RoGeorge »
 

Offline 2N3055

  • Super Contributor
  • ***
  • Posts: 6407
  • Country: hr
Re: Need help hacking DP832 for multicolour option.
« Reply #199 on: April 09, 2019, 09:06:10 pm »
just a short note for those who are "upgrading" to a DP832A. I had a very old firmware revision (1.04) on my DP832. With this old firmware, the hack was not working. I then updated to 1.16 (first 1.11. then 1.16) and then the hack worked.
However, somewhere during this process my DP832 lost all the calibration, thus a complete re-calibration was needed. This takes a while, so make sure you have enough time in case this happens to you too.

Mine didn't lost the calibration when upgraded from DP832 to DP832, but the firmware was already at 1.14.

Couldn't find the info in the DP800 User Manual, it say to contact Rigol.
What is the password and the procedure for DP800 manual calibration, please?


2012
 
The following users thanked this post: Spork Schivago, RoGeorge

Offline Pinkus

  • Frequent Contributor
  • **
  • Posts: 768
Re: Need help hacking DP832 for multicolour option.
« Reply #200 on: April 09, 2019, 09:16:31 pm »
Quote
Couldn't find the info in the DP800 User Manual, it say to contact Rigol.
What is the password and the procedure for DP800 manual calibration, please?
I added a link in my post above. See at the first page of the link, there are links to the calibration procedure.  The automatic calibration by a python script (if you have a SCPI/LXI ready-DMM available) is using the password "11111"; for the manual calibration "2012" will be the correct one.
Though I tried the manual calibration first and was annoyed quickly about the long and pesky procedure. I then used the python script posted several times here in the forum (e.g. see link above). Instead of manually reading and entering the numbers for two hours I decided to dig into the python stuff (which took longer than 2 hours ... but I learned something new by this, so it was worth it).
« Last Edit: April 09, 2019, 09:18:02 pm by Pinkus »
 
The following users thanked this post: Spork Schivago, RoGeorge

Offline _Wim_

  • Super Contributor
  • ***
  • Posts: 1514
  • Country: be
Re: Need help hacking DP832 for multicolour option.
« Reply #201 on: April 10, 2019, 03:54:50 pm »
I took a quick look at a DG1032Z firmware I found somewhere. I think it's version 1.06. It has a very similar check for the same magic value at sector 0x78EC.

Could someone eager to hack (or brick) their DG1032Z send these commands to it, preferably via USB, and post the results here? The keyfile.bin I made for DP832 should work.

:PROJ:STAT MCALTIMES,QUERY
*IDN?
:PROJ:STAT MODEL,DG1062Z
*IDN?

I can do this, but only next week.
« Last Edit: April 10, 2019, 03:58:58 pm by _Wim_ »
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 3211
  • Country: pt
Re: Need help hacking DP832 for multicolour option.
« Reply #202 on: April 10, 2019, 05:10:46 pm »
I think it's better to not mess with:

:PROJ:STAT MCALTIMES,QUERY

Just do the:

:PROJ:STAT MODEL,DG1062Z

And you'll have a new model!
 

Offline _Wim_

  • Super Contributor
  • ***
  • Posts: 1514
  • Country: be
Re: Need help hacking DP832 for multicolour option.
« Reply #203 on: April 10, 2019, 07:18:55 pm »
I think it's better to not mess with:

:PROJ:STAT MCALTIMES,QUERY

Just do the:

:PROJ:STAT MODEL,DG1062Z

And you'll have a new model!

Thanks. I will give this a try when I am back at home.
 

Offline stj

  • Super Contributor
  • ***
  • Posts: 2153
  • Country: gb
Re: Need help hacking DP832 for multicolour option.
« Reply #204 on: April 10, 2019, 08:27:58 pm »
has anybody tried this on the scopes?

on the ds1000z series, it may be usefull in the future to switch it to the MSO variant.
also, although i'm not sure, it was the case that Riglol didnt work on the 2000 and 4000 series.
 
The following users thanked this post: Spork Schivago

Offline TurboTom

  • Super Contributor
  • ***
  • Posts: 1380
  • Country: de
Re: Need help hacking DP832 for multicolour option.
« Reply #205 on: April 10, 2019, 08:38:51 pm »
I doubt that the hack will work on DS/MSO 2000 and 4000 platforms since these are based on Blackfin DSPs (just like the DG4000) and not the iMX SOCs that are used in the machines that are apparantly/proven to be hackable with the described approach. Yet, turning the DS1000Z into an MSO may appear attractive to some, especially since there is this parallel thread approaching a "DIY" probe adapter for the MSO1000Z and MSO5000 platforms.

Cheers,
Thomas
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 3211
  • Country: pt
Re: Need help hacking DP832 for multicolour option.
« Reply #206 on: April 10, 2019, 10:09:51 pm »
has anybody tried this on the scopes?

on the ds1000z series, it may be usefull in the future to switch it to the MSO variant.
also, although i'm not sure, it was the case that Riglol didnt work on the 2000 and 4000 series.

It's almost guaranteed that you can convert a DS1000Z into a MSO but, in the end, you need the additional HW.

They use the same FW, although each one uses a licensing scheme/functions different. But both methods are present in the FW.

Of course you would have to flash a key_block into the DS in order for it to behave as a MSO. Remember all the "rigup machines" take their private keys from a block that's in their flash.

As the DS doesnt have that block, you would have to create it besides "changing model".

It could be that the simple insertion of the key_block (in the flash) is the trigger to a model change!

 

Offline Spork SchivagoTopic starter

  • Frequent Contributor
  • **
  • Posts: 387
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #207 on: April 12, 2019, 01:36:44 pm »
Out of curiosity, what does the :PROJ:STAT MCALTIMES,QUERY command do?   I searched the net and all I could find was something from this thread on page 7 that has been edited or is missing from some other reason.   Google Cache was no help.

Does it query calibration times?   What's the M for I wonder?  Also, why would that command be a bad idea to run?
 

Offline WhichEnt2

  • Regular Contributor
  • *
  • Posts: 98
  • Country: ru
Re: Need help hacking DP832 for multicolour option.
« Reply #208 on: April 12, 2019, 01:52:30 pm »
I searched the net and all I could find was something from this thread on page 7 that has been edited or is missing from some other reason.   Google Cache was no help.
I bet it's the last post on page 6 has been moved from page 7 by someone deleting post somwhere in the thread.
Compare it's contents: cat: /dev/usbtmc1: Connection timed out ~$ echo ":PROJ:STAT MCALTIMES,QUERY" vs https://www.eevblog.com/forum/testgear/need-help-hacking-dp832-for-multicolour-option/msg2324442/#msg2324442
Short pieces, high value, small period, huge amount, long delay.
 

Offline tossu

  • Contributor
  • Posts: 21
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #209 on: April 12, 2019, 02:39:46 pm »
Out of curiosity, what does the :PROJ:STAT MCALTIMES,QUERY command do?   I searched the net and all I could find was something from this thread on page 7 that has been edited or is missing from some other reason.   Google Cache was no help.

Does it query calibration times?   What's the M for I wonder?  Also, why would that command be a bad idea to run?

It just prints the values of two variables. I'd guess it's counting how many times a manual calibration is done. I don't see why running the command would break anything but it would be completely unnecessary. People had problems upgrading their DG1000Z's, so I wanted to see if the :PROJ:STAT command would work at all. That post was by no means intented to be a guide.
 

Offline WhichEnt2

  • Regular Contributor
  • *
  • Posts: 98
  • Country: ru
Re: Need help hacking DP832 for multicolour option.
« Reply #210 on: April 15, 2019, 04:29:21 pm »
With the public key 586E719859AF6C  you might upgrade riglol and generate the official license for Arb16M.
Doesn't it requrie additional research for obtaining option code(s) from firmware?
Short pieces, high value, small period, huge amount, long delay.
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 3211
  • Country: pt
Re: Need help hacking DP832 for multicolour option.
« Reply #211 on: April 15, 2019, 05:07:57 pm »
Doesn't it requrie additional research for obtaining option code(s) from firmware?

Arb16M option code is JBNE.
 
The following users thanked this post: WhichEnt2

Offline WhichEnt2

  • Regular Contributor
  • *
  • Posts: 98
  • Country: ru
Re: Need help hacking DP832 for multicolour option.
« Reply #212 on: May 01, 2019, 01:45:21 pm »
With the public key 586E719859AF6C  you might upgrade riglol and generate the official license for Arb16M.
Looks like this task is not just too straight and involves recovering private key from a public key.
Short pieces, high value, small period, huge amount, long delay.
 

Offline BLF Lexel

  • Newbie
  • Posts: 9
  • Country: de
Re: Need help hacking DP832 for multicolour option.
« Reply #213 on: May 02, 2019, 07:11:02 am »
I got the problem getting a connection with my DP811

I can ping it at 192.168.178.22 but when I use Telnet on port 5555 I get no connection

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. Alle Rechte vorbehalten.

C:\Windows\system32>ping 192.168.178.22

Ping wird ausgeführt für 192.168.178.22 mit 32 Bytes Daten:
Antwort von 192.168.178.22: Bytes=32 Zeit<1ms TTL=64
Antwort von 192.168.178.22: Bytes=32 Zeit<1ms TTL=64
Antwort von 192.168.178.22: Bytes=32 Zeit<1ms TTL=64
Antwort von 192.168.178.22: Bytes=32 Zeit<1ms TTL=64

Ping-Statistik für 192.168.178.22:
    Pakete: Gesendet = 4, Empfangen = 4, Verloren = 0
    (0% Verlust),
Ca. Zeitangaben in Millisek.:
    Minimum = 0ms, Maximum = 0ms, Mittelwert = 0ms

C:\Windows\system32>telnet 192.168.178.22 5555
Verbindungsaufbau zu 192.168.178.22...Es konnte keine Verbindung mit dem Host he
rgestellt werden, auf Port 5555: Verbindungsfehler
« Last Edit: May 02, 2019, 07:43:31 am by BLF Lexel »
 

Offline BLF Lexel

  • Newbie
  • Posts: 9
  • Country: de
Re: Need help hacking DP832 for multicolour option.
« Reply #214 on: May 02, 2019, 08:30:54 am »
I get no connection
I also installed IVI and tried USB
 

Online PA0PBZ

  • Super Contributor
  • ***
  • Posts: 5114
  • Country: nl
Re: Need help hacking DP832 for multicolour option.
« Reply #215 on: May 02, 2019, 08:38:29 am »
I think the interfaces are optional for the DP811, same as DP832?
Keyboard error: Press F1 to continue.
 

Offline Pinkus

  • Frequent Contributor
  • **
  • Posts: 768
Re: Need help hacking DP832 for multicolour option.
« Reply #216 on: May 02, 2019, 08:51:34 am »
Quote
I think the interfaces are optional for the DP811, same as DP832?
Exactly what I thought: did you enable the options before (especially Rigol DP8-INTERFACE)?
 

Offline BLF Lexel

  • Newbie
  • Posts: 9
  • Country: de
Re: Need help hacking DP832 for multicolour option.
« Reply #217 on: May 02, 2019, 11:17:19 am »
just RS232 is unofficial with Riglol rest is enabled
 

Offline BLF Lexel

  • Newbie
  • Posts: 9
  • Country: de
Re: Need help hacking DP832 for multicolour option.
« Reply #218 on: May 09, 2019, 12:58:31 pm »
I revived a very old PC in basement and now got my
DP811
DP832
and new DG1022Z
fully upgraded

seemy my network did not like Telnet at all
 

Offline volkimel

  • Contributor
  • Posts: 10
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #219 on: May 15, 2019, 12:05:20 pm »
That's wonderful news! :-+
Thanks a lot for putting in the effort and sharing it, tossu!
I had almost given up on this, because the last bit of disassembly skills are missing!
And now, after a while not looking at it, huge progress was made!

Of course I had to try it out and it worked a treat. Got a DP832A with all options now!  :)

Used a rather old SanDisk Cruzer mini 512MB USB stick and connected with PuTTY via LAN. Really, really simple!

The software on my DP832 was and is still 00.01.13.00.01. This will change now as well.
Thanks to everyone who spend time and effort on this topic!

Cheers!
 

Offline Smokey

  • Super Contributor
  • ***
  • Posts: 2512
  • Country: us
  • Not An Expert
Re: Need help hacking DP832 for multicolour option.
« Reply #220 on: May 21, 2019, 02:05:38 am »
...I wonder if the random reboots that DP832 owners suffer from for absolutely no rhyme or reason will vanish when software converting to a DP832A...

I had the random reboot problem and sent the thing in for repair.  They replaced boards, so I'd doubt it's purely a software issue that you can fix like this.  Bummer.
 

Offline starec

  • Newbie
  • Posts: 5
  • Country: sk
Re: Need help hacking DP832 for multicolour option.
« Reply #221 on: May 24, 2019, 11:40:24 am »
With the public key 586E719859AF6C  you might upgrade riglol and generate the official license for Arb16M.
Doesn't it requrie additional research for obtaining option code(s) from firmware?

i've calculated the private key for you: 7412E98108CAB0
but it isn't so straight to generate license using riglol because of slight modified algorithms used in DG1000Z

 
The following users thanked this post: thm_w

Offline tv84

  • Super Contributor
  • ***
  • Posts: 3211
  • Country: pt
Re: Need help hacking DP832 for multicolour option.
« Reply #222 on: May 24, 2019, 03:49:44 pm »
slight modified algorithms used in DG1000Z

= riglol 1.03d
 

Offline starec

  • Newbie
  • Posts: 5
  • Country: sk
Re: Need help hacking DP832 for multicolour option.
« Reply #223 on: May 24, 2019, 04:33:22 pm »
= riglol 1.03d
Ok, this one is almost working. You need however change some things:
B32 alphabet - ascii_map[] = "MNBVCXZASDFGHJKLPUYTREWQ23456789"
and arrays in fn format_license_dp832_109 as follows
    const int map1[] = {3, 0xE, 0x13, 9, 0x1A, 5, 7, 0x11, 0xC, 0x18, 6, 0x16};
    const int map2[] = {4, 0xB, 0x10, 0x17, 0, 8, 0x14, 0x1B, 2, 0xD, 0xF, 0x15};
    const int map3[] = {1, 0xA, 0x12, 0x19};
 

Offline Trident900fi

  • Contributor
  • Posts: 15
  • Country: fr
Re: Need help hacking DP832 for multicolour option.
« Reply #224 on: May 26, 2019, 09:41:00 am »
To update your Rigol DL3021 to DL3021A, here is the complete procedure, without the need of buying the LAN option...
You need:
-Computer with RS232 port
-USB stick formatted in FAT32 with the file keyfile.bin from Tossu (many thanks for the hack !)
-Cross cabel RS232 female-female (2->3; 3->2; 5->5)
-Free software Termite from Compuphase (https://www.compuphase.com/software_termite.htm)

Connect everything together. Start the computer first and launch Termite.
Termite Serial port settings:
-Port COM1 (depend on your computer)
-Baud rate 9600
-Data bits 8
-Stop bits 1
-Parity none
-Flow control none
-Forward none
-Transmitted text Append CR-LF

Turn on the DL3021
To check the connection, you can try to type *IDN? in the Termite command line.
He will return the model of your device.
Type in Termite :PROJ:SET MODEL,DL3021A
That all  :D

 
The following users thanked this post: ben_r_, joeyjoejoe, core

Offline Wintel

  • Regular Contributor
  • *
  • Posts: 52
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #225 on: May 26, 2019, 07:29:44 pm »
To update your Rigol DL3021 to DL3021A, here is the complete procedure, without the need of buying the LAN option...
You need:
-Computer with RS232 port
-USB stick formatted in FAT32 with the file keyfile.bin from Tossu (many thanks for the hack !)
-Cross cabel RS232 female-female (2->3; 3->2; 5->5)
-Free software Termite from Compuphase (https://www.compuphase.com/software_termite.htm)

Connect everything together. Start the computer first and launch Termite.
Termite Serial port settings:
-Port COM1 (depend on your computer)
-Baud rate 9600
-Data bits 8
-Stop bits 1
-Parity none
-Flow control none
-Forward none
-Transmitted text Append CR-LF

Turn on the DL3021
To check the connection, you can try to type *IDN? in the Termite command line.
He will return the model of your device.
Type in Termite :PROJ:SET MODEL,DL3021A
That all  :D

Can hack the DC Load DL3021 to DL3031A?  Like the DG811 to DG992?

 

Offline Trident900fi

  • Contributor
  • Posts: 15
  • Country: fr
Re: Need help hacking DP832 for multicolour option.
« Reply #226 on: May 26, 2019, 10:11:25 pm »
To update your Rigol DL3021 to DL3021A, here is the complete procedure, without the need of buying the LAN option...
You need:
-Computer with RS232 port
-USB stick formatted in FAT32 with the file keyfile.bin from Tossu (many thanks for the hack !)
-Cross cabel RS232 female-female (2->3; 3->2; 5->5)
-Free software Termite from Compuphase (https://www.compuphase.com/software_termite.htm)

Connect everything together. Start the computer first and launch Termite.
Termite Serial port settings:
-Port COM1 (depend on your computer)
-Baud rate 9600
-Data bits 8
-Stop bits 1
-Parity none
-Flow control none
-Forward none
-Transmitted text Append CR-LF

Turn on the DL3021
To check the connection, you can try to type *IDN? in the Termite command line.
He will return the model of your device.
Type in Termite :PROJ:SET MODEL,DL3021A
That all  :D

Can hack the DC Load DL3021 to DL3031A?  Like the DG811 to DG992?
No, it's not possible, it's not the same hardware inside...
Maybe, if you add the missing components  ;)
 

Offline joad

  • Newbie
  • Posts: 5
  • Country: se
Re: Need help hacking DP832 for multicolour option.
« Reply #227 on: June 01, 2019, 06:13:59 pm »
Where do I find the script för extracting all scpi commands like on the DP 800 "dp800_all_commands.txt"

Im looking for scpi commands for calibrating the DL3000.
 

Offline tossu

  • Contributor
  • Posts: 21
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #228 on: June 06, 2019, 07:52:53 pm »
Where do I find the script för extracting all scpi commands like on the DP 800 "dp800_all_commands.txt"

Im looking for scpi commands for calibrating the DL3000.

There is no fully automated script unless someone else has made one.

Here is a list of commands I have extracted from some version of the DL3000 firmware. There seems to be a bunch of calibration related commands. I hope you will find those usefull.
 

Offline Gandalf_Sr

  • Super Contributor
  • ***
  • Posts: 1729
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #229 on: June 07, 2019, 03:11:26 pm »
This isn't working for me, I tried 2 different USB drives, formatted FAT32 with just the xxx.bin file on them and my gear says it sees a USB drive.

I am directly connected by LAN and can see my DP832 and DG1022Z in RigolBildschirmkopie after search, I can select them then connect to with the SCPI Commant terminal, issue the *IDN? command to them and see the expected response when I hit [Send & Receive] but when I try to send :PROJ:SET MODEL,DP832A/DG1062Z, in both cases I get a response of...

"There was an error when sending the SCPI command" and after that, the device I just tried to send the :PROJ:SET MODEL,XXXX command to is not seen in RigolBildschirmkopie after search until I cycle power.

I tried using telnet via an admin-level windows powershell (Win 10) but that hangs after I type "telnet 10.0.0.xxx 5555".

Any ideas?
If at first you don't succeed, get a bigger hammer
 

Offline Gandalf_Sr

  • Super Contributor
  • ***
  • Posts: 1729
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #230 on: June 07, 2019, 03:41:21 pm »
"There was an error when sending the SCPI command" and after that, the device I just tried to send the :PROJ:SET MODEL,XXXX command to is not seen in RigolBildschirmkopie after search until I cycle power.

This error is displayed if the device does not confirm that it has received the command. Unfortunately the Rigol devices do not comply with the VXI (LAN) and USBTMC standard.
In this case the command was sent correctly.

Peter
Thanks for the reply but the device is not changed to the new model?
If at first you don't succeed, get a bigger hammer
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 3211
  • Country: pt
Re: Need help hacking DP832 for multicolour option.
« Reply #231 on: June 07, 2019, 03:49:36 pm »
Any ideas?

Try linux to send the command.
 

Offline _Wim_

  • Super Contributor
  • ***
  • Posts: 1514
  • Country: be
Re: Need help hacking DP832 for multicolour option.
« Reply #232 on: June 07, 2019, 03:56:58 pm »
Thanks for the reply but the device is not changed to the new model?

For the DG1062, the command is :PROJ:STAT MODEL,DG1062Z  (not SET, but maybe both work). I seem to remember I had to put a space between model and the modelnumber :PROJ:STAT MODEL, DG1062Z
 

Offline _Wim_

  • Super Contributor
  • ***
  • Posts: 1514
  • Country: be
Re: Need help hacking DP832 for multicolour option.
« Reply #233 on: June 07, 2019, 04:00:32 pm »
Any ideas?

Are you sure you can see the contents of the USB key from the Rigol device? You can try to save a file to the key first to ensure you can correctly read the usb key (the Rigol deveices are very picky about the USB keys)
 

Offline Gandalf_Sr

  • Super Contributor
  • ***
  • Posts: 1729
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #234 on: June 07, 2019, 04:45:20 pm »
Any ideas?

Are you sure you can see the contents of the USB key from the Rigol device? You can try to save a file to the key first to ensure you can correctly read the usb key (the Rigol deveices are very picky about the USB keys)
I tried to save a file to the USB drive on the DP832 and it worked just fine.
I tried the :PROJ:STAT MODEL, DG1062Z command via RigolBildschirmkopie and it gave the same error.

I might have suspected firmware upgrade differences but it seems unlikely I'd get the same issue on both if device itself were the problem and the DG1022Z and the DP832 are pretty recently updated (not quite the latest).

Maybe it's the USB drive.  Is there some way I can check that the keyfile.bin file is in the correct location?
If at first you don't succeed, get a bigger hammer
 

Offline Gandalf_Sr

  • Super Contributor
  • ***
  • Posts: 1729
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #235 on: June 07, 2019, 05:00:42 pm »
When I send :PROJ:STAT MODEL, DG1062Z to the DG1022Z it (briefly) says on the DG1022Z screen
"error generated by remote interface command"
If at first you don't succeed, get a bigger hammer
 

Offline Gandalf_Sr

  • Super Contributor
  • ***
  • Posts: 1729
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #236 on: June 07, 2019, 05:04:18 pm »
Any ideas?

Try linux to send the command.
I'm running up my (old) Ubuntu 16.04 laptop up, what do I need to run to get to the place where I can send a SCPI command to the Rigols?  I'm not a Linux person.
If at first you don't succeed, get a bigger hammer
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 3211
  • Country: pt
Re: Need help hacking DP832 for multicolour option.
« Reply #237 on: June 07, 2019, 05:06:00 pm »
Any ideas?

Try linux to send the command.
I'm running up my (old) Ubuntu 16.04 laptop up, what do I need to run to get to the place where I can send a SCPI command to the Rigols?  I'm not a Linux person.

You telnet to 10.0.0.xxx 5555 and write the command directly.
« Last Edit: June 08, 2019, 08:53:52 am by tv84 »
 

Offline Gandalf_Sr

  • Super Contributor
  • ***
  • Posts: 1729
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #238 on: June 07, 2019, 05:22:34 pm »
I get into Ubuntu terminal with Ctl-Alt-T and get to a command prompt, it didn't recognize telnet

So I tried sudo apt-get install xinetd telnetd and it prompted me for password then it says...

"Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?

As I said, I'm not a Linux person

[EDIT] I got past that, I was able to run sudo apt-get install -y xinetd telnetd

and it seemed to work but now I can't get telnet to run when I try to...

telnet 10.0.0.128:5555 I get

"could not resolve 10.0.0.128:5555: name or service not known"

I tried rebooting
« Last Edit: June 07, 2019, 07:14:37 pm by Gandalf_Sr »
If at first you don't succeed, get a bigger hammer
 

Offline smithnerd

  • Regular Contributor
  • *
  • Posts: 120
  • Country: gb
Re: Need help hacking DP832 for multicolour option.
« Reply #239 on: June 08, 2019, 04:24:10 am »
Replace the colon with a space:

Code: [Select]
telnet 10.0.0.128 5555
host:port is a common convention for many UNIX tools, but not telnet (it is ancient).
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 3211
  • Country: pt
Re: Need help hacking DP832 for multicolour option.
« Reply #240 on: June 08, 2019, 08:48:41 am »
host:port is a common convention for many UNIX tools, but not telnet (it is ancient).

My bad!  |O   (addicted to automatic logins...)


Assuming that the IP of your DG is 10.0.0.128, do:

"nmap -p- 10.0.0.128" in the linux prompt
« Last Edit: June 08, 2019, 08:56:03 am by tv84 »
 

Offline Gandalf_Sr

  • Super Contributor
  • ***
  • Posts: 1729
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #241 on: June 08, 2019, 02:16:49 pm »
OK, so I can telnet to the DP832 from Linux.

nmap -p- 10.0.0.128 gives the following open ports... 80,111,617,618,619,555 all /tcp and the line for 5555 is...

5555/tcp open  freeciv

I can "telnet 10.0.0.128 5555" and get a message saying "connected to 10.0.0.128"

I can issue *IDN? and get the expected response but when I issue the command ":PROJ:SET MODEL,DP832A the screen of the DP832 flashes up a box saying "remote command incorrect" and there's no response on the telnet terminal.

Tried 2 different USB drives (still may be the issue) and I tried putting the USB drive(s) in before and after boot up.
If at first you don't succeed, get a bigger hammer
 

Offline Gandalf_Sr

  • Super Contributor
  • ***
  • Posts: 1729
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #242 on: June 08, 2019, 02:21:39 pm »
Trying the DG1022Z I can telnet to it and issue the ":PROJ:STAT MODEL,DG1062Z" command but again, the screen pops up with an "error generated by remote interface command" pop up message
If at first you don't succeed, get a bigger hammer
 

Offline Gandalf_Sr

  • Super Contributor
  • ***
  • Posts: 1729
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #243 on: June 08, 2019, 02:40:14 pm »
OK, all issues solved!

The problem was the USB drive; I tried a 3rd drive, an old Verbatim 2GByte drive - I don't know if this was a cause of my problems but when I formatted the other 2 drives from Windows 10 Explorer, the allocation unit size was set to 4096 and when I formatted the Verbatim, I changed it to "Default Allocation Size" and gave the drive a volume label of "Rigol"; then I copied the single keyfile.bin file to it.

I plugged it in while the equipment was still running and went through all the previous steps in Ubuntu terminal and this time I got no error messages on the PSU or AWG and no response on the telnet terminal after issuing the :PROJ:SET/STAT commands but the *IDN? command revealed that the changes had been successfully applied, in the case of the DP832(A), it needed a reboot before it would respond.

I used the :PROJ:STAT to do the DG1022Z and :PROJ:SET to do the DP832, no space was needed after the comma e.g.
:PROJ:STAT MODEL,DG1062Z works fine

Thanks for all the help guys :D
« Last Edit: June 08, 2019, 06:43:45 pm by Gandalf_Sr »
If at first you don't succeed, get a bigger hammer
 
The following users thanked this post: jsheradin

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23017
  • Country: gb
Re: Need help hacking DP832 for multicolour option.
« Reply #244 on: June 08, 2019, 11:00:50 pm »
Confirmed another DG1022Z upgraded to DG1062Z





Hardware is definitely ok. Flat response to 60MHz. Couldn't get USB stick to work properly to start with. Used diskpart to create a 2Gb partition at the start of the USB disk and formatted it FAT32 quick, then added keyfile.bin. Telnet did SFA other than throw errors. Assumed it was windows' telnet client being crap so I knocked up a small C# program to send the command:

Code: [Select]
using System;
using System.IO;
using System.Net.Sockets;

class Program
{
    static void Main(string[] args)
    {
        using (var client = new TcpClient("192.168.178.31", 5555))
        using (var networkStream = client.GetStream())
        using (var writer = new StreamWriter(networkStream))
        using (var reader = new StreamReader(networkStream))
        {
            writer.AutoFlush = true;
            writer.Write(":PROJ:STAT MODEL,DG1062Z\n");
            Console.WriteLine(reader.ReadLine());
        }
    }
}

Bingo! Big thanks to the reverse engineers  :-+
 
The following users thanked this post: jsheradin

Offline 1anX

  • Regular Contributor
  • *
  • Posts: 195
  • Country: au
Re: Need help hacking DP832 for multicolour option.
« Reply #245 on: June 09, 2019, 12:13:39 am »
Can you please detail how to use the C program to hack the DG1022Z.
I have a DG1022Z unit that I would love to run at 60MHz.
Just need a sequence of (simple) steps I can follow to get there. Any help much appreciated!
 

Offline FuzzyOtter

  • Contributor
  • Posts: 14
  • Country: ca
Re: Need help hacking DP832 for multicolour option.
« Reply #246 on: June 09, 2019, 04:13:12 am »
Long time listener, first time caller. Massive thanks to tossu for sharing his efforts here and helping the rest of us. I bought myself a DP832 some time ago and while it's been a fantastic bench supply, I was annoyed that it lacked the multi-colour display abilities of it's big brother. Your discovery is exactly what I was hoping for! I was able to apply the change quickly and easily. It's a relatively minor quality of life improvement, but it has made the power supply feel complete!

I wanted to share a few notes for others just in case anyone gets snagged up:

  • The USB drive must be formatted as FAT, not FAT32 or exFAT. On Windows, USB sticks with a partition size over 4GB in size will not show "FAT" in the possible format options. To get around this, you can use Window's Disk Management utility (Run "diskmgmt.msc" from a Run dialog or type it in the Start menu) to delete the single large partition, and then create a new one 3.5GB or smaller. This will let you format it as FAT. I have no small USB sticks kicking around and was forced to do this, and I can confirm it works just fine.
  • I could not get the Windows telnet client to work... it would sit on the "Connecting to..." stage forever. The DP832 was pingable on the network, and the IP address + port was correct, so I am not sure what the issue was. I ended up using PuTTy to connect via telnet and issue the SCPI command, which worked perfectly.
  • All of the licenses that I applied before this modification were still there afterwards.

Thank you again!
 
The following users thanked this post: staze

Offline Gandalf_Sr

  • Super Contributor
  • ***
  • Posts: 1729
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #247 on: June 09, 2019, 12:01:25 pm »
Can you please detail how to use the C program to hack the DG1022Z.
I have a DG1022Z unit that I would love to run at 60MHz.
Just need a sequence of (simple) steps I can follow to get there. Any help much appreciated!
What forms of computer do you own?  There are only 2 'challenges':

1. Get an (old) USB stick formatted correctly
2. Get some form of telnet communicating with your DG1022Z via LAN (or maybe USB).

You can Google telnet and find all sorts of options - windows 10 command prompt worked for me after adding telnet to windows but it's sort of clunky as there are no success messages after typing telnet <IP_address> 5555 (e.g. 10.0.0.123 5555) you just see a blank screen but, once you have telneted to your DG1022Z, try the *IDN? command and you should see a line of information returned like...

Rigol Technologies,DG1022Z,DG1ZAxxxxxxxxx,03.01.12

If you get this far, all you have to do is create and plug in the correctly formatted USB stick to the front of your DG1022Z and issue the command...

:PROJ:STAT MODEL,DG1062Z

If you're successful, you will get no response over telnet and there will be no messages on the screen of the DG1022Z.
If you see an "error generated by remote interface command" briefly popping up on the DG1022Z screen, then you probably have an issue with your USB drive.

How to create the USB stick and how to telnet are covered in multiple places in this thread.

One thing I've noticed is that saved configurations through the store>browser menu won't load after upgrade with an 'incorrect format' message.  You have to recreate and resave over the old stored info and then it works so some may want to take pictures of your saved configs.
« Last Edit: June 09, 2019, 12:05:28 pm by Gandalf_Sr »
If at first you don't succeed, get a bigger hammer
 
The following users thanked this post: fivefish

Offline 1anX

  • Regular Contributor
  • *
  • Posts: 195
  • Country: au
Re: Need help hacking DP832 for multicolour option.
« Reply #248 on: June 10, 2019, 06:53:11 am »
I have win 10 PCs but could run Linux of a USB mem stick if needed.
Thanks for the info, I will give it a try!
 

Offline Gandalf_Sr

  • Super Contributor
  • ***
  • Posts: 1729
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #249 on: June 10, 2019, 09:43:56 am »
I have win 10 PCs but could run Linux of a USB mem stick if needed.
Thanks for the info, I will give it a try!
I tried Windows and Ubuntu but, in the end, the issue was the thumb drive and I eventually made it all work using telnet from a command prompt in Win 10 with telnet service added.  As I already said; if you can telnet and get a response to *IDN? but then see "error generated by remote interface command" popping up briefly when you try to send the :PROJ:STAT MODEL,DG1062Z command, then the issue is with the USB drive - a recent comment says the drive has to be formatted in FAT but mine was FAT32.

Good luck
If at first you don't succeed, get a bigger hammer
 

Offline tossu

  • Contributor
  • Posts: 21
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #250 on: June 10, 2019, 05:56:44 pm »
Preparing the USB drive is, indeed, quite a persnickety process. The file won't end up in the right sector if the partition is too large.

To make that easier, I made a disk image that can be written directly to any USB drive with a dd-like utility. On Windows I like to use Win32 Disk Imager.
 
The following users thanked this post: thm_w, electr_peter, natman69, RoGeorge, Chris56000, bd139, joeyjoejoe, nicolasg

Offline bson

  • Supporter
  • ****
  • Posts: 2259
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #251 on: June 11, 2019, 03:57:03 am »
Neat hack, and the fonts are a huge improvement over the faux 7-segment ones!  :-+
 

Offline 1anX

  • Regular Contributor
  • *
  • Posts: 195
  • Country: au
Re: Need help hacking DP832 for multicolour option.
« Reply #252 on: June 11, 2019, 05:50:13 am »
Thank you all so much!
My DG1022Z now running full speed as a DG1062Z.
Simply sent the command :PROJ:STAT MODEL,DG1062Z through Rigol's, Ultra Sigma software, connected thru USB.
Used USB and Ultra Sigma to hack my DP832 to DP832A without a hitch! Dont really know if the colour display is a step forward or backward  :)
Its certainly made the display more customisable and thats gotta be a good thing.

Probably pushing my luck but has anyone had success unlocking the 16Mb ARB memory?
« Last Edit: June 11, 2019, 06:48:31 am by 1anX »
 

Offline Gandalf_Sr

  • Super Contributor
  • ***
  • Posts: 1729
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #253 on: June 12, 2019, 12:28:27 am »
I didn't think I'd like it but the 'Pie chart' screen is my favorite now.
If at first you don't succeed, get a bigger hammer
 

Offline tossu

  • Contributor
  • Posts: 21
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #254 on: June 14, 2019, 12:10:35 am »
Probably pushing my luck but has anyone had success unlocking the 16Mb ARB memory?

Yes. There are two ways to do it, both of which are described in this thread. I think changing the serial is the easier one.
 
The following users thanked this post: blubillcanada

Offline 1anX

  • Regular Contributor
  • *
  • Posts: 195
  • Country: au
Re: Need help hacking DP832 for multicolour option.
« Reply #255 on: June 14, 2019, 03:24:10 am »
Probably pushing my luck but has anyone had success unlocking the 16Mb ARB memory?

Yes. There are two ways to do it, both of which are described in this thread. I think changing the serial is the easier one.
I had help from an advanced forum member and now have the 16Mb arb enabled.
Its amazing what is possible when a group of EEV members put their collective minds together!
There is no way I could have ever hacked my Rigol instruments without the hard work being done by this community, thank you!
 
The following users thanked this post: blubillcanada

Offline HDR

  • Newbie
  • Posts: 4
  • Country: de
Re: Need help hacking DP832 for multicolour option.
« Reply #256 on: June 25, 2019, 01:55:44 pm »
Does anyone know if you can upgrade a DSA815-TG to a DSA832-TG?
 

Offline TurboTom

  • Super Contributor
  • ***
  • Posts: 1380
  • Country: de
Re: Need help hacking DP832 for multicolour option.
« Reply #257 on: June 25, 2019, 10:42:13 pm »
Does anyone know if you can upgrade a DSA815-TG to a DSA832-TG?

No way, different hardware! Compare the weights of the instruments in the specs, this already tells everything. The higher-spec'd DSA8XX units feature a much more modular design, like the Siglent SSA3000 series.

Cheers,
Thomas
 

Offline HDR

  • Newbie
  • Posts: 4
  • Country: de
Re: Need help hacking DP832 for multicolour option.
« Reply #258 on: June 26, 2019, 10:37:55 am »
Thank you!
 

Offline aristarchus

  • Regular Contributor
  • *
  • Posts: 107
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #259 on: June 27, 2019, 05:46:03 pm »
Probably pushing my luck but has anyone had success unlocking the 16Mb ARB memory?

Yes. There are two ways to do it, both of which are described in this thread. I think changing the serial is the easier one.
I had help from an advanced forum member and now have the 16Mb arb enabled.
Its amazing what is possible when a group of EEV members put their collective minds together!
There is no way I could have ever hacked my Rigol instruments without the hard work being done by this community, thank you!


Any chance to have this? It would be awsome!

A
 

Offline 1anX

  • Regular Contributor
  • *
  • Posts: 195
  • Country: au
Re: Need help hacking DP832 for multicolour option.
« Reply #260 on: June 28, 2019, 06:49:28 am »
To unlock/enable the 16Mb arb memory you need to use a license key along with this text file file as shown on the Rigol website https://rigol.desk.com/customer/en/portal/articles/2283691-how-do-i-activate-the-dg1000z-memory-upgrade-
Perhaps someone can offer a method of creating a license key from your serial number?
 

Offline Gandalf_Sr

  • Super Contributor
  • ***
  • Posts: 1729
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #261 on: June 28, 2019, 08:43:47 am »
To unlock/enable the 16Mb arb memory you need to use a license key along with this text file file as shown on the Rigol website https://rigol.desk.com/customer/en/portal/articles/2283691-how-do-i-activate-the-dg1000z-memory-upgrade-
Perhaps someone can offer a method of creating a license key from your serial number?
Page 151 of the Rigol User Guide also offers this method of applying option license strings to the DG1000Z series...

2) Install the option by sending SCPI commands
Open the remote control window and send the following option installation commands by referring to “Remote Control”. :LICense:SET <license> or :LICense:INSTall <license> Wherein, <license> is the option license (note that the hyphens should be omitted).
For example,

:LICense:INSTall SM9KD3YPMWNP2AQMST8J5H592EQT (that license string is shown in the manual, you will need the right one for your AWG)

If the option is successfully installed, the prompt message informing you that the option installation succeeds will be displayed; otherwise, the corresponding error message will be displayed.
If at first you don't succeed, get a bigger hammer
 

Offline aristarchus

  • Regular Contributor
  • *
  • Posts: 107
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #262 on: June 28, 2019, 11:13:36 am »
Thanks for any help.

What I actually did is tried to modify according to starec's findings and hints.
Now I need the 4 digit option code that should be used.
Anyone knows?


A
 

Offline 1anX

  • Regular Contributor
  • *
  • Posts: 195
  • Country: au
Re: Need help hacking DP832 for multicolour option.
« Reply #263 on: June 28, 2019, 11:59:14 pm »
Thanks for any help.

What I actually did is tried to modify according to starec's findings and hints.
Now I need the 4 digit option code that should be used.
Anyone knows?

A

If you read thru the thread you will find it listed!
options:          JBNE  (0x6D422)
 

Offline starec

  • Newbie
  • Posts: 5
  • Country: sk
Re: Need help hacking DP832 for multicolour option.
« Reply #264 on: June 29, 2019, 07:34:32 am »
I've sent the PM for you - anyway
there are two options:
JBNE - for permanent license
JNNE - for temporary(timed) license
 
The following users thanked this post: aristarchus

Offline ted572

  • Frequent Contributor
  • **
  • Posts: 399
  • Country: us
  • Radio Communications Equipment/System Design Engr.
Re: Need help hacking DP832 for multicolour option.
« Reply #265 on: July 07, 2019, 06:45:06 pm »
When I first got a Rigol DM3058E (Bench-Top DMM) several years ago I would get 6 1/2 digit voltage measurement data when I queried it via USB from my PC using MS Excel.  The PC's 6 1/2 dgits went away later with a firmware change and hasn't been seen since.

I Understand that the DM3058 and DM3058E both have a LCD Display capable of displaying the 6 1/2 digits. And if this is valid, could a DM3058E/DM3058 possibly be hacked into a DM3068 'close enough' to also display 6 1/2 digits?

I asking on this thread because this seems to be where you real sharp software/firmware guys are hanging out.

PS  Thank you so very much for putting color into my DP832.
By the way I sent the SCPI command via USB using EEVbloger 'PeDre' Messinstrumente (Measuring instruments - program for data transfer and control) which is very easy and fast.  Here is a English link to 'Messinstrumente' (Measuring instruments - program for data transfer and control) ->  https://translate.google.com/translate?hl=en&sl=de&u=http://peter.dreisiebner.at/messinstrumente/index.htm

Edit: Added that I used 'Messinstrumente' to send SCPI command for DP832/A
« Last Edit: July 16, 2019, 12:09:22 am by ted572 »
 

Offline Macbeth

  • Super Contributor
  • ***
  • Posts: 2571
  • Country: gb
Re: Need help hacking DP832 for multicolour option.
« Reply #266 on: July 09, 2019, 12:15:24 am »
When I first got a Rigol DM3058E (Bench-Top DMM) several years ago I would get 6 1/2 digit voltage measurement data when I queried it via USB from my PC using MS Excel.  The PC's 6 1/2 dgits went away later with a firmware change and hasn't been seen since.

In your Excel VBA code you can change the reading mode to CMDSET AGILENT instead of CMDSET RIGOL. This will even give you 8 1/2 digits for free!  :-+ With two caveats... The first of which is you will have to filter out some garbage from the SCPI READ? results, a bug I reported nearly half a decade ago to RIGOL, and still not fixed. The second is most of those extra digits are just noise anyway.

Quote
I Understand that the DM3058 and DM3058E both have a LCD Display capable of displaying the 6 1/2 digits. And if this is valid, could a DM3058E/DM3058 possibly be hacked into a DM3068 'close enough' to also display 6 1/2 digits?

The DM3068 is an entirely different beast to the DM3058 despite the outward appearances. The least of which it uses an LM399 for 7V ref instead of the MAX6325 2.5V ref used in the DM3058.

There is no software hack to switch a 3058 to a 3068, they are completely different hardware and firmware.

(However the firmware for the 3058 is unencrypted and quite hackable for those so inclined.)
 
The following users thanked this post: ted572

Offline ted572

  • Frequent Contributor
  • **
  • Posts: 399
  • Country: us
  • Radio Communications Equipment/System Design Engr.
Re: Need help hacking DP832 for multicolour option.
« Reply #267 on: July 09, 2019, 06:09:06 pm »
When I first got a Rigol DM3058E (Bench-Top DMM) several years ago I would get 6 1/2 digit voltage measurement data when I queried it via USB from my PC using MS Excel.  The PC's 6 1/2 dgits went away later with a firmware change and hasn't been seen since.

I Understand that the DM3058 and DM3058E both have a LCD Display capable of displaying the 6 1/2 digits. And if this is valid, could a DM3058E/DM3058 possibly be hacked into a DM3068 'close enough' to also display 6 1/2 digits?

The DM3068 is an entirely different beast to the DM3058 despite the outward appearances. The least of which it uses an LM399 for 7V ref instead of the MAX6325 2.5V ref used in the DM3058.

There is no software hack to switch a 3058 to a 3068, they are completely different hardware and firmware.

(However the firmware for the 3058 is unencrypted and quite hackable for those so inclined.)

When Rigol NA was located in Ohio one of the Support Specialist there told me that the DM3058 and DM3058E DMMs were calibrated on the same Test Fixture as the DM3068, and the he understood that the sixth digit I saw on  the MS Excel work sheet was indeed valid.  Although of course that I couldn't expect the same accuracy as the DM3068. No problem with this, although if the DM3058/E firmware isn't encrypted, that gives me hope that we may be possibly able to get a another digit to be displayed (for 6 1/2 digits).  That indeed would in it-self be very nice.

Do you have any thoughts on the possibility of at least being able to get a 6 1/2 Display capability on the DM3058/3058E?  I'm only asking for your opinion.  And thank you for your initial reply to me, as I certainly understand the difference between  the DM5058/E and DM3068 much better now.    Cheers, Ted
« Last Edit: July 09, 2019, 07:11:52 pm by ted572 »
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 3211
  • Country: pt
Re: Need help hacking DP832 for multicolour option.
« Reply #268 on: July 09, 2019, 07:11:18 pm »
I included here the list of DM3058 / DM3068 SCPI commands based on the latest .LDR.  The FW has 3 separate SCPI command blocks.

https://www.eevblog.com/forum/testgear/lists-of-rigol-scpi-commands/msg2460030/#msg2460030

I think there are commands that allow a model change.

What's the output of?

:SYSTem:TYPE?
« Last Edit: July 09, 2019, 07:28:33 pm by tv84 »
 
The following users thanked this post: thm_w, ted572

Offline ted572

  • Frequent Contributor
  • **
  • Posts: 399
  • Country: us
  • Radio Communications Equipment/System Design Engr.
Re: Need help hacking DP832 for multicolour option.
« Reply #269 on: July 09, 2019, 07:30:42 pm »
I included here the list of DM3058 / DM3068 SCPI commands based on the latest .LDR.  The FW has 3 separate SCPI command blocks.

https://www.eevblog.com/forum/testgear/lists-of-rigol-scpi-commands/msg2460030/#msg2460030

I think there are commands that allow a model change.

What's the output of?

:SYSTem:TYPE?
Hello TV84:  The output is -> DM3058E        Thanks, Ted
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 3211
  • Country: pt
Re: Need help hacking DP832 for multicolour option.
« Reply #270 on: July 09, 2019, 07:34:25 pm »
Hello TV84:  The output is -> DM3058E        Thanks, Ted

Hi Ted, what's the difference between the E and non-E versions?
 

Offline ted572

  • Frequent Contributor
  • **
  • Posts: 399
  • Country: us
  • Radio Communications Equipment/System Design Engr.
Re: Need help hacking DP832 for multicolour option.
« Reply #271 on: July 09, 2019, 07:52:25 pm »
TV84:

RE: Hi Ted, what's the difference between the E and non-E versions?
DM3058 and DM3058E are both 5 1/5 digit Bench-Top DMMs, but he DM308E does not have GPIB or Ethernet (10/100Mbit LAN) that the DM3058 does have.  That is the only difference that I know of.

I was hoping that the DM3058 and DM3068 were similar other than the 5 1/2 vs. 6 1/2 digits, but    Macbeth pointed out that they are not similar.    Thanks for your help, Ted
 

Offline ted572

  • Frequent Contributor
  • **
  • Posts: 399
  • Country: us
  • Radio Communications Equipment/System Design Engr.
Re: Need help hacking DP832 for multicolour option.
« Reply #272 on: July 10, 2019, 01:25:04 am »
I included here the list of DM3058 / DM3068 SCPI commands based on the latest .LDR.  The FW has 3 separate SCPI command blocks.

https://www.eevblog.com/forum/testgear/lists-of-rigol-scpi-commands/msg2460030/#msg2460030

I think there are commands that allow a model change.
Hello TV84:  I couldn't find anything for changing the model type/name.  Although thank you for the suggestion to look in your SCPI command list.  I scanned the files manually, and performed automatic file searches.   Ted

Edit: Of course I could try using :SYSTem:TYPE DM3068    As this would be the natural command, and we know :SYSTem:TYPE? works to find the Model Type.  It seems like it may be low risk? ?   But I don't want to brick my unit.

Edit 2: I used  :SYSTem:TYPE DM3068 plus various combinations of the command structure and nothing worked to do anything.  The plus side is that all is still OK with my DM3058E. So no 6 1/2 digits for it, but its not bricked either.
« Last Edit: July 10, 2019, 04:51:42 pm by ted572 »
 

Offline mike47203

  • Newbie
  • Posts: 7
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #273 on: July 10, 2019, 01:56:48 am »
So, I am trying to enable the 16m option on my newly upgraded DG1022Z using what starec and tv84 mentioned here, but I am not having any luck. It seems I haven't successfully modified riglol1.03d to make it work. I changed the private key and the character maps, but generated key is still incorrect. I am sure I am missing something. Any help would be appreciated.

I attached a diff file of how I changed riglol.
« Last Edit: July 10, 2019, 02:47:48 am by mike47203 »
 

Offline starec

  • Newbie
  • Posts: 5
  • Country: sk
Re: Need help hacking DP832 for multicolour option.
« Reply #274 on: July 10, 2019, 11:09:14 am »
Ok, 1-2 weeks ago i've modified riglol 1.03d for DG1000Z generation/calculation

here is a full source code:
Code: [Select]
char version[]             = "Riglol 1.03d";
char DP832_private_key[]   = "5C393C30FACCF4"; //publ: 0x5EC2D25AE85124
char DS2000_private_key[]  = "8EEBD4D04C3771"; //publ: 0x8445B2BE29E5C7
char DSA815_private_key[]  = "80444DFECE903E"; //publ: 0x691213692D18FA
char DS1000Z_private_key[] = "6F1106DDA994DA"; //publ: 0x58E9F183B924BB
char DG1000Z_private_key[] = "7412E98108CAB0"; //publ: 0x586E719859AF6C

static char* ascii_map;
static const char ascii_map_dg[] = "MNBVCXZASDFGHJKLPUYTREWQ23456789";
static const char ascii_map_[] = "23456789ASDFGHJKLPUYTREWQMNBVCXZ";

char no_private_key[]      = "";

/*
** sign the secret message (serial + opts) with the private key
*/
void ecssign(char *serial, char *options, char *privk, char *lic1, char *lic2) {
    char prime1[]  = "AEBF94CEE3E707";
    char prime2[]  = "AEBF94D5C6AA71";
    char curve_a[] = "2982";
    char curve_b[] = "3408";
    char point1[]  = "7A3E808599A525";
    char point2[]  = "28BE7FAFD2A052";
    int k_offset = 0; // optionally change ecssign starting offset (changes lic1; makes different licenses)
    mirsys(800, 16)->IOBASE = 16;

    sha sha1;
    shs_init(&sha1);

    char *ptr = serial;
    while(*ptr) shs_process(&sha1, *ptr++);
    ptr = options;
    while(*ptr) shs_process(&sha1, *ptr++);

    char h[20];
    shs_hash(&sha1, h);
    big hash = mirvar(0);
    bytes_to_big(20, h, hash);

    big a = mirvar(0);
    instr(a, curve_a);
    big b = mirvar(0);
    instr(b, curve_b);
    big p = mirvar(0);
    instr(p, prime1);
    big q = mirvar(0);
    instr(q, prime2);
    big Gx = mirvar(0);
    instr(Gx, point1);
    big Gy = mirvar(0);
    instr(Gy, point2);
    big d = mirvar(0);
    instr(d, privk);
    big k = mirvar(0);
    big r = mirvar(0);
    big s = mirvar(0);
    big k1 = mirvar(0);
    big zero = mirvar(0);

    big f1 = mirvar(17);
    big f2 = mirvar(53);
    big f3 = mirvar(905461);
    big f4 = mirvar(60291817);

    incr(k, k_offset, k);
    epoint *G = epoint_init();
    epoint *kG = epoint_init();
    ecurve_init(a, b, p, MR_PROJECTIVE);
    epoint_set(Gx, Gy, 0, G);

    for(;;) {
        incr(k, 1, k);

        if(divisible(k, f1) || divisible(k, f2) || divisible(k, f3) || divisible(k, f4))
            continue;

        ecurve_mult(k, G, kG);
        epoint_get(kG, r, r);
        divide(r, q, q);

        if(mr_compare(r, zero) == 0)
            continue;

        xgcd(k, q, k1, k1, k1);
        mad(d, r, hash, q, q, s);
        mad(s, k1, k1, q, q, s);

        if(!divisible(s, f1) && !divisible(s, f2) && !divisible(s, f3) && !divisible(s, f4))
            break;
    }

    cotstr(r, lic1);
    cotstr(s, lic2);
}

/*
** convert string to uppercase chars
*/
char *strtoupper(char *str) {
    char *p;
    for (p=str; *p; p++)
        *p = toupper(*p);
    return str;
}

/*
** prepend a char to a string
*/
char *prepend(char *c, char *str) {
    int i;

    for (i = strlen(str); i >= 0; i--) {
        str[i + 1] = str[i];
    }

    str[0] = *c;
    return c;
}

/*
** convert hex-ascii-string to rigol license format
*/
void map_hex_to_rigol(char *io) {
    unsigned long long b = 0;
    int i = 0;
    char map[] = {
        'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H',
        'J', 'K', 'L', 'M', 'N', 'P', 'Q', 'R',
        'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z',
        '2', '3', '4', '5', '6', '7', '8', '9'
    };

    /* hex2dez */
    while (io[i] != '\0') {
        if (io[i] >= '0' && io[i] <= '9') {
            b = b * 16 + io[i] - '0';
        } else if (io[i] >= 'A' && io[i] <= 'F') {
            b = b * 16 + io[i] - 'A' + 10;
        } else if (io[i] >= 'a' && io[i] <= 'f') {
            b = b * 16 + io[i] - 'a' + 10;
        }
        i++;
    }

    for (i = 3; ; i--) {
        io[i] = map[b & 0x1F];
        if (i == 0) break;
        b >>= 5;
    }

    io[4] = '\0';
}

char *get_version() {
  char *v;

  v=version;
  return v;
}

void show_help(char *cmd) {
    printf("%s\n", get_version());
    printf("\n");
    printf("Usage: %s <sn> <opts> <privkey>\n", cmd);
    printf("  <sn>       serial number of device (D............)\n");
    printf("  <opts>     device options, 4 characters, see below\n");
    printf("  <privkey>  private key (optional)\n");
    printf("\n");
    printf("DP832 starting from v1.09 device options:\n");
    printf("  first character:  F = official, B = trial\n");
    printf("  F3PT - Accuracy\n");
    printf("  F6PT - Analyzer and Monitor\n");
    printf("  F6LT - LAN\n");
    printf("  FALT - RS232\n");
    printf("  FLLT - Trigger\n");
    printf("\n");
    printf("DP832 up to v1.06 device options:\n");
    printf("  first character:  M = official, 5 = trial\n");
    printf("  MWSS - Trigger\n");
    printf("  MWTB - Accuracy\n");
    printf("  MWTC - LAN and RS232\n");
    printf("  MWTE - Analyzer and Monitor\n");
    printf("\n");
    printf("DS1000z device options:\n");
    printf("  DSAB - Advanced Triggers\n");
    printf("  DSAC - Decoders\n");
    printf("  DSAE - 24M Memory\n");
    printf("  DSAJ - Recorder\n");
    printf("  DSBA - 500uV Vertical\n");
    printf("\n");
    printf("DG1000z device options:\n");
    printf("  JBNE - 16M Memory\n");
    printf("\n");
    printf("DS2000 device options:\n");
    printf("  first character:  D = official, V = trial\n");
    printf("  DSAB - Advanced Triggers\n");
    printf("  DSAC - Decoders\n");
    printf("  DSAE - 56M Memory\n");
    printf("  DSAJ - 100MHz\n");
    printf("  DSAS - 200MHz\n");
    printf("  DSAZ - all options\n");
    printf("\n");
    printf("DS4000 device options:\n");
    printf("  first character:  D = official, V = trial\n");
    printf("  DSHB - RS232 Decoder\n");
    printf("  DSHC - SPI Decoder\n");
    printf("  DSHE - I2C Decoder\n");
    printf("  DSHJ - CAN Decode\n");
    printf("  DSHS - FlexRay Decoder\n");
    printf("  DSH9 - all options\n");
    printf("\n");
    printf("DSA815 device options:\n");
    printf("  first character:  A = official, S = trial\n");
    printf("  AAAB - Tracking Generator\n");
    printf("  AAAC - Advnced Measurement Kit\n");
    printf("  AAAD - 10Hz RBW\n");
    printf("  AAAE - EMI/Quasi Peak\n");
    printf("  AAAF - VSWR\n");
    printf("\n");
    printf("MAKE SURE YOUR FIRMWARE IS UP TO DATE BEFORE APPLYING ANY KEYS\n");
}

static int ascii_to_bin(char c)
{
    int i;

    for (i = 0; i < 0x20; i++)
        if (ascii_map[i] == c)
            break;
    return i;
}

static char *options_4to5(const char *opt4, char *opt5)
{
    int map[] = { 0, 3, 2, 1 };
    int i, opt = 0;

    for (i = 0; i < 4; i++)
        opt = (opt << 5) | ascii_to_bin(opt4[map[i]]);
    for (i = 0; i < 5; i++) {
        opt5[i] = ascii_map[opt & 0x0F];
        opt >>= 4;
    }
    opt5[i] = 0;
    return opt5;
}

static void format_license_dp832_109(char *lic1_code, char *lic2_code,
                                     char *options, char *licence, int isDG)
{
    const int map1dp[] = { 4, 11, 16, 23, 0, 24, 6, 22, 8, 20, 18, 25 };
    const int map2dp[] = { 3, 14, 19, 9, 26, 5, 1, 10, 12, 13, 15, 21 };
    const int map3dp[] = { 2, 7, 17, 27 };

    const int map1dg[] = {3, 0xE, 0x13, 9, 0x1A, 5, 7, 0x11, 0xC, 0x18, 6, 0x16};
    const int map2dg[] = {4, 0xB, 0x10, 0x17, 0, 8, 0x14, 0x1B, 2, 0xD, 0xF, 0x15};
    const int map3dg[] = {1, 0xA, 0x12, 0x19};

    const int *map1 = isDG?map1dg:map1dp;
    const int *map2 = isDG?map2dg:map2dp;
    const int *map3 = isDG?map3dg:map3dp;
    unsigned long long k;
    int i;

    k = strtoll(lic1_code, NULL, 16);
    for (i = 0; k < (1ULL << 51); i++)
        k = (k << 4) | 0;
    k = (k << 4) | i;
    for (i = 0; i < 12; i++) {
        licence[map1[i]] = ascii_map[k & 0x1F];
        k >>= 5;
    }

    k = strtoll(lic2_code, NULL, 16);
    for (i = 0; k < (1ULL << 51); i++)
        k = (k << 4) | 5;
    k = (k << 4) | i;
    for (i = 0; i < 12; i++) {
        licence[map2[i]] = ascii_map[k & 0x1F];
        k >>= 5;
    }

    if (isDG) {
        int map[] = { 0, 3, 2, 1 };
char *opt = strdup(options);
for (i = 0; i < 4; i++)
    opt[i] = options[map[i]];
for (i = 0; i < 4; i++)
    licence[map3[i]] = opt[3 - i];
        free(opt);
    }
    else
for (i = 0; i < 4; i++)
    licence[map3[i]] = options[i];

    licence[28] = 0;
}

static void format_license_classic(char *lic1_code, char *lic2_code,
                                   char *options, char *licence)
{
    char *lic_all, *chunk, *temp;
    int i, j;

    /* fix missing zeroes */
    while (strlen(lic1_code) < 14) {
        prepend("0", lic1_code);
    }
    while (strlen(lic2_code) < 14) {
        prepend("0", lic2_code);
    }

    /* combine lic1 and lic2 */
    lic_all = (char*)calloc(128, 1);
    temp = (char*)calloc(128, 1);
    chunk = (char*)calloc(6, 1);
    strcpy(lic_all, lic1_code);
    strcat(lic_all, "0");
    strcat(lic_all, lic2_code);
    strcat(lic_all, "0");

    /* generate serial */
    i=0;
    while (i < strlen(lic_all)) {
        memcpy(chunk, lic_all + i, 5);
        map_hex_to_rigol(chunk);
        strcat(temp, chunk);
        i = i + 5;
    }

    /* add options and "-" */
    j = 0;
    for(i = 0; i <= strlen(temp); ) {
       switch(j) {
         case 1:  licence[j] = options[0];  break;
         case 7:  licence[j] = '-';         break;
         case 10: licence[j] = options[1];  break;
         case 15: licence[j] = '-';         break;
         case 19: licence[j] = options[2];  break;
         case 23: licence[j] = '-';         break;
         case 28: licence[j] = options[3];  break;
         default: licence[j] = temp[i];
                  i++;
       }
       j++;
    }
    licence[j] = '\0';

    /* cleen up */
    free(lic_all);
    free(chunk);
    free(temp);
}

char *make_licence(char *serial, char *options, char* priv_key)
{
    char options_buffer[8], *opts = options;
    char *lic1_code, *lic2_code, *lic_all;
    char *chunk, *temp, *licence;
    int i, j;

    /* convert string to uppercase chars */
    strtoupper(serial);
    strtoupper(options);
    strtoupper(priv_key);

    int isDG = strncmp(serial, "DG1", 3)?0:1;
    /* convert options string format for DP832 with firmware >= 1.09 or for DG1000Z*/
    if ((!strncmp(serial, "DP8", 3) && options[0] != 'M' && options[0] != '5') || isDG)
        opts = options_4to5(options, options_buffer);

    /* sign the message */
    lic1_code = (char*)calloc(64, 1);
    lic2_code = (char*)calloc(64, 1);
    ecssign(serial, opts, priv_key, lic1_code, lic2_code);

    /* format licence string */
    licence = (char*)calloc(128, 1);
if ((!strncmp(serial, "DP8", 3) && *options != 'M' && *options != '5') || isDG)
        format_license_dp832_109(lic1_code, lic2_code, options, licence, isDG);
    else
        format_license_classic(lic1_code, lic2_code, options, licence);

    /* cleen up */
    free(lic1_code);
    free(lic2_code);

    return licence;
}

char *select_priv_key(char *serial) {
    char *priv_key;

    strtoupper(serial);
    if      (!strncmp(serial, "DS1", 3)) priv_key = DS1000Z_private_key;
    else if (!strncmp(serial, "DS2", 3)) priv_key = DS2000_private_key;
    else if (!strncmp(serial, "DS4", 3)) priv_key = DS2000_private_key;
    else if (!strncmp(serial, "DSA", 3)) priv_key = DSA815_private_key;
    else if (!strncmp(serial, "DP8", 3)) priv_key = DP832_private_key;
    else if (!strncmp(serial, "DG1", 3)) priv_key = DG1000Z_private_key;
    else                                 priv_key = no_private_key;

    return priv_key;
}

int main(int argc, char *argv[0]) {
    char *serial, *options, *priv_key, *licence;

    /* parse input */
    if (!((argc == 3 || argc == 4))) {
        show_help(argv[0]);
        exit(1);
    }
    serial = argv[1];
    options = argv[2];

    ascii_map = strncmp(serial, "DG1", 3)?(char*)ascii_map_:(char*)ascii_map_dg;

    if (argc == 4) priv_key = argv[3];
    else {
        priv_key = select_priv_key(serial);
        if (strlen(priv_key) == 0) {
            show_help(argv[0]);
            printf("\nERROR: UNKNOW DEVICE WITHOUT PRIVATKEY\n");
            exit(1);
        }
    }

    if (strlen(priv_key) != 14) {
        show_help(argv[0]);
        printf("\nERROR: INVALID PRIVATE KEY LENGTH\n");
        exit(1);
    }
    if (strlen(serial) < 13) {
        show_help(argv[0]);
        printf("\nERROR: INVALID SERIAL LENGTH\n");
        exit(1);
    }
    if (strlen(options) != 4) {
        show_help(argv[0]);
        printf("\nERROR: INVALID OPTIONS LENGTH\n");
        exit(1);
    }

    licence = make_licence(serial, options, priv_key);
    printf("%s\n", licence);
    free(licence);
}

Edit: I've added missing line to the function ecssign
« Last Edit: July 13, 2019, 08:16:16 am by starec »
 
The following users thanked this post: thm_w, RoGeorge, Houseman, 1anX, thierer, WhichEnt2, bd139, mike47203, ppsilva, blubillcanada

Offline firstcolle

  • Regular Contributor
  • *
  • Posts: 130
  • Country: it
Re: Need help hacking DP832 for multicolour option.
« Reply #275 on: July 10, 2019, 07:30:20 pm »
Many many thanks!!!
DP832 hacked to DP832A
DG1022z hacked to DG1062z

i only miss the 16M option, i can't find the procedure in the thread.
 
The following users thanked this post: Yura123

Offline tv84

  • Super Contributor
  • ***
  • Posts: 3211
  • Country: pt
Re: Need help hacking DP832 for multicolour option.
« Reply #276 on: July 10, 2019, 08:44:28 pm »
Edit: Of course I could try using :SYSTem:TYPE DM3068    As this would be the natural command, and we know :SYSTem:TYPE? works to find the Model Type.  It seems like it may be low risk? ?   But I don't want to brick my unit.

Edit 2: I used  :SYSTem:TYPE DM3068 plus various combinations of the command structure and nothing worked to do anything.  The plus side is that all is still OK with my DM3058E. So no 6 1/2 digits for it, but its not bricked either.

:) "I won't brick it..." 5 sec later "Let's do it.."

Well, I think any of those special "set" commands (as always) only work with a vendor USB disk inserted.
 
The following users thanked this post: ted572

Offline tv84

  • Super Contributor
  • ***
  • Posts: 3211
  • Country: pt
Re: Need help hacking DP832 for multicolour option.
« Reply #277 on: July 10, 2019, 08:45:44 pm »
i only miss the 16M option, i can't find the procedure in the thread.

The procedure is in the previous msg (to yours)!
 

Offline ted572

  • Frequent Contributor
  • **
  • Posts: 399
  • Country: us
  • Radio Communications Equipment/System Design Engr.
Re: Need help hacking DP832 for multicolour option.
« Reply #278 on: July 10, 2019, 10:59:55 pm »
Edit: Of course I could try using :SYSTem:TYPE DM3068    As this would be the natural command, and we know :SYSTem:TYPE? works to find the Model Type.  It seems like it may be low risk? ?   But I don't want to brick my unit.

Edit 2: I used  :SYSTem:TYPE DM3068 plus various combinations of the command structure and nothing worked to do anything.  The plus side is that all is still OK with my DM3058E. So no 6 1/2 digits for it, but its not bricked either.

:) "I won't brick it..." 5 sec later "Let's do it.."

Well, I think any of those special "set" commands (as always) only work with a vendor USB disk inserted.
Hello TV84:  Ok, I'm ready to do it, but what should I use for a 'Vendor USB Disk'?  Can I get one at Walmart, or Amazon?  Hi Hi, Ted
PS  : BTW Hi Hi is similar to Ha Ha.

Edit:  I'm not worried about bricking it as the DM3058 and E version firmware are the same package.  Whereas the DM3068 is apparently different(?).  Although I just noticed and the DM3058/E and DM3068 LDR firmware files are same size.  So that is interesting, maybe at one time the DM3058 was going to be also be used for the DM3068 hardware platform.  Anyway I'm looking forward to going ahead on changing the Model Name, although I don't necessarily have high expectations.
« Last Edit: July 10, 2019, 11:33:04 pm by ted572 »
 

Offline ted572

  • Frequent Contributor
  • **
  • Posts: 399
  • Country: us
  • Radio Communications Equipment/System Design Engr.
Re: Need help hacking DP832 for multicolour option.
« Reply #279 on: July 11, 2019, 12:30:48 am »
I added color coded labels to my DM832 as part of its conversion to a DM832A.  Unfortunately I used the camera's Flash that ended up washing out the colors, although the actual label colors are quite well matched to those of the LCD's Classic Display.

Edit:  New replacement photo.  I added Color to the three Channel selection buttons.  Had to use Flash again because the ambient lighting wasn't sufficient.

Last Edit: Added information about Using Sharpie Permanent Color Markers for adding LCD matching colors.

The colors are from Sharpie Permanent Color Markers (fine tip). You will have go to where they have a huge selection of different color markers, or otherwise get a large (qty 24) assortment package that you can select your particular colors from (confirm that your colors are included). The DC Output labels can be numbered using Dry-Transfer Decals. I had some old miscellaneous VHF Tape labels that simplified things for me.

My channel Button colors, and DC Output number label colors match the LCD display colors very well. You do have to coat the Buttons several times over a couple of days to get the markers to stain the buttons sufficiently, and the results look great. They will basically be permanent, although you can use a solvent on them to lighten the color if required as you go along. You can use gasoline as a solvent (Suggestion! Stay away from open flames). Gasoline will not affect the number label on the buttons, and it is also safe to use on the front panel's surface.  You may prefer using a less volatile solvent, but this works well for me. 
« Last Edit: July 26, 2019, 10:32:04 pm by ted572 »
 

Offline Gandalf_Sr

  • Super Contributor
  • ***
  • Posts: 1729
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #280 on: July 11, 2019, 12:47:42 am »
Hello TV84:  Ok, I'm ready to do it, but what should I use for a 'Vendor USB Disk'?  Can I get one at Walmart, or Amazon?  Hi Hi, Ted
You make it yourself, it's just a USB drive formatted in a particular way with a specific file on it.  Use any old or new USB drive and follow the instructions in this post which is all of 1 page back.
If at first you don't succeed, get a bigger hammer
 
The following users thanked this post: ted572

Offline Gandalf_Sr

  • Super Contributor
  • ***
  • Posts: 1729
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #281 on: July 11, 2019, 12:51:18 am »
I added color coded labels to my DM832 as part of its conversion to a DM832A.  Unfortunately I used the camera's Flash that ended up washing out the colors, although the actual label colors are quite well matched to those of the LCD's Classic Display.
Sweet! Where did you get those labels from?
If at first you don't succeed, get a bigger hammer
 

Offline ted572

  • Frequent Contributor
  • **
  • Posts: 399
  • Country: us
  • Radio Communications Equipment/System Design Engr.
Re: Need help hacking DP832 for multicolour option.
« Reply #282 on: July 11, 2019, 02:21:10 am »
I added color coded labels to my DM832 as part of its conversion to a DM832A.  Unfortunately I used the camera's Flash that ended up washing out the colors, although the actual label colors are quite well matched to those of the LCD's Classic Display.
Sweet! Where did you get those labels from?https://www.eevblog.com/forum/Smileys/default/facepalm.gif
Hello Gandalf:  For information on how I added Labels and Color to my PD832 to DP832A conversion Front Panel please see ->    https://www.eevblog.com/forum/testgear/need-help-hacking-dp832-for-multicolour-option/msg2540175/#msg2540175

Thanks for the info on the USB Image file that you provided a path to for me.  It hasn't helped, but I don't know if the USB Disk Image is the problem.  Or if it is just that the hack for the DM3058E doesn't do anything, which I kind of expected before (that it wouldn't work).  I have to play with this some more, and also see if I can reformat (low level of course) the USB drive back to its original 256 GB.  Right now its total capacity is at about 31 MB.  So the image must have been 31 MB, although the size of the image file itself was around 16.4 MB.  I know that this is what happens when you transfer a disk image file to a USB drive, so I'm not concerned.  But as I said I don't know if the image process worked properly yet.

Thanks for your assistance, Ted

Edit: Added Link for information about using Sharpie Permanent Color Markers for adding LCD matching colors, etc, and nothing requires disassembly.
« Last Edit: July 26, 2019, 10:30:12 pm by ted572 »
 

Offline Gandalf_Sr

  • Super Contributor
  • ***
  • Posts: 1729
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #283 on: July 11, 2019, 09:30:50 am »
@ted572
You're welcome.  If the USB drive reads and has a single file on it then it's almost certainly good and not the reason things aren't working for you.  Mine worked in a DG1022Z and DP832.  If you issue the model command via tenet and get a message like "unrecognized command" on the screen on the screen of device you're trying to upgrade but do get responses to *IDN? then it's probably a bad USB drive - maybe one that the device doesn't like for some reason.  However, a drive you created from the disk image is more likely to work than one you created yourself by formatting and copying the file to the drive.

I don't know if it's possible to upgrade a DM3058E using the USB method, has anyone else done that?
If at first you don't succeed, get a bigger hammer
 

Offline TurboTom

  • Super Contributor
  • ***
  • Posts: 1380
  • Country: de
Re: Need help hacking DP832 for multicolour option.
« Reply #284 on: July 11, 2019, 10:41:20 am »
The DM3068 DMM's digital circuitry is built around an Analog Devices Blackfin DSP, I assume it's a similar situation with the DM3058(E). It appears that only Rigol's more recent gear that's based on the Freescale/NXP i.MX or Texas Instrument Sitara ARM Core SOCs can be accessed via the "Magic Stick" method. So your attempts to "talk to" your DM3058E may be futile...  :(
 
The following users thanked this post: ted572

Offline ted572

  • Frequent Contributor
  • **
  • Posts: 399
  • Country: us
  • Radio Communications Equipment/System Design Engr.
Re: Need help hacking DP832 for multicolour option.
« Reply #285 on: July 11, 2019, 12:29:36 pm »
Thank you Gandalf and Tom for your comments.  Yes I believe that the USB SCPI commands aren't going change this to a DM3068.  I never had high expectations for it, but I wanted to give it a shot.  The DM3058 firmware wold need to modified to do the job of getting 6 1/2 digit display, and that is beyond my capability.

Side note: I send the Rigol SCPI commands via USB using 'Messinstrumente' (Measuring instruments - program for data transfer and control) which is very easy and always works for me.  You enter the SCPI command in the command window and then press Send/Receive.  The command goes out and a second later you see the results as received data.  A good test to see that all is working OK is to send *IDN?, and you should see a reply (Receive Data) with your Model Number and S/N.  Other commands may reply with something like 'Command Executed OK'.  If the command is invalid the program will simply time out 'without a reply', or 'Invalid Command', etc. in 3 - 6 seconds.

I just wondered why I didn't read about anyone else using this for the DP832 to DP832A Mod?  There is a USB type B connector on the back of the unit for this, in addition to the USB type A connector for the USB drive.  It seemed to me that everyone was using LAN or RS232 when the USB is so easy.

Rigol Ultra Sigma would also work for sending USB SCPI commands, but at the expense of adding about 500 GB to your computer, and not being able to uninstall it ALL without manually searching for left over Files and Registry entries.  Even using the more complete Uninstallers such as 'Revo Uninstaller', they won't catch everything, as there will still be well over ten items that won't be automatically cleaned out.

PS:  'Messinstrumente' is a portable program that doesn't get installed on your computer.  You can simply run it from a USB drive, the Desk Top, etc.

Edit: By request, here is a English link to 'Messinstrumente' (Measuring instruments - program for data transfer and control) ->  https://translate.google.com/translate?hl=en&sl=de&u=http://peter.dreisiebner.at/messinstrumente/index.htm
« Last Edit: July 16, 2019, 12:02:40 am by ted572 »
 

Offline das_strobel

  • Contributor
  • Posts: 10
  • Country: de
Re: Need help hacking DP832 for multicolour option.
« Reply #286 on: July 11, 2019, 12:51:25 pm »
Ok, 1-2 weeks ago i've modified riglol 1.03d for DG1000Z generation/calculation

here is a full source code:
...

I tried to make use of this code. I downloaded the sources from http://gotroot.ca/rigol/riglol/ and replaced the original riglol.c with your code. It didn't compile first, because all the #includes where missing. I added them and it compiled. But still no cigar. The compiled executable runs in general (putting out the help text etc.) but if I try to generate the 16MB option key it just hangs without any message. I can kill the program with Ctrl-C, though.

I did all that using Ubuntu 18.04 running in the native Linux environment on Win10.

Any idea?
 

Offline firstcolle

  • Regular Contributor
  • *
  • Posts: 130
  • Country: it
Re: Need help hacking DP832 for multicolour option.
« Reply #287 on: July 11, 2019, 02:24:23 pm »
i tried to compile with c compiler but it give me some errors..
wich compiler should i use?

i only miss the 16M option, i can't find the procedure in the thread.

The procedure is in the previous msg (to yours)!
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 3211
  • Country: pt
Re: Need help hacking DP832 for multicolour option.
« Reply #288 on: July 11, 2019, 05:56:06 pm »
i tried to compile with c compiler but it give me some errors..
wich compiler should i use?

That's a tricky question because the riglol / rigup source codes have some bugs (in terms buffer overruns, unallocated pointers, 32 bits vs 64 bits compilation, etc...). Most guys that are able to compile them do some corrections in order to accomplish it.

If all was good, any compiler should work.

For riglol try compilation in 32 bits or 64 bits, to start.
 

Offline mike47203

  • Newbie
  • Posts: 7
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #289 on: July 12, 2019, 12:34:36 am »
Starec;

Thanks so much for the code you posted for the modified riglol. I was able to make that work. I did find that one line was missing that caused the program to hang. In the ecssign function at line 41 in your post "instr(a, curve_a)" is missing. Once I added that, it work perfectly. Much appreciated.

It seems that may be the problem other people were having. If you diff the posted code against the original riglol.c it is apparent what needs to be changed. I had no trouble compiling and running in Linux. Can't say if it works for any other platform.
« Last Edit: July 12, 2019, 12:41:07 am by mike47203 »
 

Offline das_strobel

  • Contributor
  • Posts: 10
  • Country: de
Re: Need help hacking DP832 for multicolour option.
« Reply #290 on: July 12, 2019, 09:45:04 am »
It seems that may be the problem other people were having. If you diff the posted code against the original riglol.c it is apparent what needs to be changed. I had no trouble compiling and running in Linux. Can't say if it works for any other platform.

Thanks, mike47203! This did the trick also for me. I changed the line, compiled again on my Ubuntu on WSL on Win10, and voila the program runs and the generated key works. 8) :-+ :-+ :-+
 

Offline starec

  • Newbie
  • Posts: 5
  • Country: sk
Re: Need help hacking DP832 for multicolour option.
« Reply #291 on: July 13, 2019, 07:30:31 am »
In the ecssign function at line 41 in your post "instr(a, curve_a)" is missing. Once I added that, it work perfectly. Much appreciated.
Yes indeed,
i wrote my own application in Windows and was all in there. This copied code was from riglol source itself. I only added my changes and no checked the remaining code so i didn't notice the missing line - my fault. However as tv84 been noted the riglol source codes have some bugs. I'd added (at least) releasing of acquired memory in the fn ecssign as follows
Code: [Select]
mirkill(a);
mirkill(b);
mirkill(p);
mirkill(q);
mirkill(Gx);
mirkill(Gy);
mirkill(d);
mirkill(k);
mirkill(r);
mirkill(s);
mirkill(k1);
mirkill(zero);
mirkill(f1);
mirkill(f2);
mirkill(f3);
mirkill(f4);
mirkill(hash);
epoint_free(G);
epoint_free(kG);
mirexit();
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 3211
  • Country: pt
Re: Need help hacking DP832 for multicolour option.
« Reply #292 on: July 13, 2019, 08:28:30 am »
I'd added (at least) releasing of acquired memory in the fn ecssign as follows

Yep, even this simple thing is missing...  When one runs a single time, less important but if we start reusing, etc, etc all type of weird things start to happen.

Of course the way mem is allocated and the var types/casts are the biggest problem.

riglol is more polished, rigup is much worse. Nonetheless the authors deserve all the credits for creating those tools.
 

Offline Marc M.

  • Regular Contributor
  • *
  • Posts: 132
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #293 on: July 13, 2019, 10:38:07 pm »
... The USB drive must be formatted as FAT, not FAT32 or exFAT. On...

For some reason this isn't always the case.  I just grabbed a brand new 8Gb pre-formatted FAT32 card (older SanDisk HC1), stuck the file on it and powered the supply up with the USB adapter plugged in.  I connected to a Windows laptop with UltraSigma installed and sent IDN to confirm the connection, then issued the :PROJ.... command.  I think it spit out an error but I saw an OK at the bottom so I went ahead and power cycled the supply.  It came up in not-so glorious color.  Arrggh, the pale color pallet of grey, white, and light blues is terrible, but I do like the 3 color classic main display. 

Aesthetics aside, I had to jump thru some hoops before I got the above result.  I bought an early supply with the original hardware and firmware (1.04 maybe?) on it.  When I tried it on that firmware it flipped me off with an error.  I remembered there was an issue with newer firmware and hacked options which was no reversible so I never bothered to update it.  Since this hack changes it to an A model, all options are  turned on automatically so any risk to previously hacked options won't matter.  I updated the boot loader, then the firmware, and finally the analogs with the latest revision I found somewhere on Rigol's site.  After that was complete, I reconnected, issued the PROJ command and it worked without a problem.  So SD cards are just hit/miss as I violated both the 2 to 4 gig limit and the no FAT32 rules. YMWV but I'd try whatever card you have at hand.

On my already way too long, I'll be dead long before half of it gets done To Do list, I plan on pulling the front panel off and changing out the green LEDs behind the channel enable buttons to reflect the channel color to help differentiate them (at least while they're turned on). Anyone happen to know what size they are?  I voided my warranty long ago dealing with the overheating regulator issue, and I've probably had it longer than 3 years anyway.  Rigol could make a killing selling replacement 832A buttons!
Don't replace the cap, just empty the filter!
 

Offline Gandalf_Sr

  • Super Contributor
  • ***
  • Posts: 1729
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #294 on: July 13, 2019, 11:41:31 pm »
Changing the LEDs to match the channel colors is a great idea.  I found that my drive was formatted to FAT worked so I think that FAT32 is not absolutely essential.
If at first you don't succeed, get a bigger hammer
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 3211
  • Country: pt
Re: Need help hacking DP832 for multicolour option.
« Reply #295 on: July 14, 2019, 09:03:56 am »
These equipments use Linux filesystems so all 3 FAT types should work when we are reading/writing files.

The only limitation is that some Rigol equipments do some USB vendor disk verification (when one wants to do the "upgrades") with direct disk access functions and those should match a specific FAT type or may end up in unpredictable results.
 

Offline Marc M.

  • Regular Contributor
  • *
  • Posts: 132
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #296 on: July 14, 2019, 04:18:57 pm »
A special thanks again to everybody in the EEVBlog Community who contributed to all the reverse engineering efforts within the Rigol product range which allowed me to maximize the potential of my DSA815, DS2072, and now DP832.  My only regret was buying a DG4162 instead of a 4062  :palm:.  You guys rock!

I said screw it, stayed up late and swapped out the LED's which were 0806's.  I didn't have any in purple, so I stuck a red one in for now.  Got some purple and some hopefully yellower yellow LEDs heading this way from China.  All I can say is Wow! what a difference.  I was worried the replacements wouldn't be bright enough but I was wrong, they are quite a bit brighter than the stock green ones.  I'm so happy with the results, one of these days I'm going to pull my Rigol DS2072 apart and replace the front panel LEDs on that because the green ones on that are barely visible.

I was also surprised to see provisions for a set of 4th channel buttons both on the PCB and the molding in the front case.  I had sniffed around looking for a photo of the front keyboard to determine the LED size ahead of time but couldn't find one.  Dave didn't pull the front board when he did his teardown either so here's a shot of mine for the curious.
Don't replace the cap, just empty the filter!
 
The following users thanked this post: thm_w, 1anX

Offline 1anX

  • Regular Contributor
  • *
  • Posts: 195
  • Country: au
Re: Need help hacking DP832 for multicolour option.
« Reply #297 on: July 16, 2019, 10:41:22 am »
Marc M where are you getting your smd 0806 leds from?
Looks great with the coloured leds and if cheap from China I think I will do the same to mine just for fun!
 

Offline ted572

  • Frequent Contributor
  • **
  • Posts: 399
  • Country: us
  • Radio Communications Equipment/System Design Engr.
Re: Need help hacking DP832 for multicolour option.
« Reply #298 on: July 16, 2019, 11:06:28 am »
DP800 Firmware 16 (re. DP832/A, etc.) initial 00.01.16.00.00 was a Beta version, although the current version 00.01.16.00.02 (2019-1-31) is a official released version.

Edit: Added applicable improvements.
     
    Support for USB-GPIB
    Fixed *OPT? command
    Fixed cursor settings
    Fixed LAN Library (network stability)
    Other. . . .
« Last Edit: July 16, 2019, 11:44:06 am by ted572 »
 

Offline Marc M.

  • Regular Contributor
  • *
  • Posts: 132
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #299 on: July 16, 2019, 01:48:53 pm »
... where are you getting your smd 0806 leds from?...
I can't say for sure, had them for several years.  My guess is either Fleabay or AliExpress, I think I just bought an assortment of 5 colors for stock.  The purpler red and hopefully yellower yellow LEDs I ordered for this are coming from Fleabay.
Don't replace the cap, just empty the filter!
 

Offline JDubU

  • Frequent Contributor
  • **
  • Posts: 436
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #300 on: July 16, 2019, 04:56:24 pm »
Is the LED source voltage high enough to put a red and blue led in series for channel 3?
 

Offline HDR

  • Newbie
  • Posts: 4
  • Country: de
Re: Need help hacking DP832 for multicolour option.
« Reply #301 on: July 17, 2019, 08:02:42 am »
Does anyone know if you can upgrade a DSA815-TG to a DSA832-TG?

No way, different hardware! Compare the weights of the instruments in the specs, this already tells everything. The higher-spec'd DSA8XX units feature a much more modular design, like the Siglent SSA3000 series.

Cheers,
Thomas

Ok, i just orderd the Rigol DSA832E-TG. Do you think I can upgrade it to DSA832-TG or even DSA875-TG? The weight of them seems to be equal.
 

Offline 2N3055

  • Super Contributor
  • ***
  • Posts: 6407
  • Country: hr
Re: Need help hacking DP832 for multicolour option.
« Reply #302 on: July 17, 2019, 09:24:28 am »
Does anyone know if you can upgrade a DSA815-TG to a DSA832-TG?

No way, different hardware! Compare the weights of the instruments in the specs, this already tells everything. The higher-spec'd DSA8XX units feature a much more modular design, like the Siglent SSA3000 series.

Cheers,
Thomas

Ok, i just orderd the Rigol DSA832E-TG. Do you think I can upgrade it to DSA832-TG or even DSA875-TG? The weight of them seems to be equal.

No and no.
Different hardware. Sorry.

Best regards,
 

Offline ted572

  • Frequent Contributor
  • **
  • Posts: 399
  • Country: us
  • Radio Communications Equipment/System Design Engr.
Re: Need help hacking DP832 for multicolour option.
« Reply #303 on: July 17, 2019, 10:38:15 am »
i just ordered the Rigol DSA832E-TG. Do you think I can upgrade it to DSA832-TG or even DSA875-TG?
No, you will NOT be able to upgrade it to either other model, although you have made an excellent economical choice.  You won't regret your choice in the future!  As the DSA832E is a excellent product, and the differences between it and the DSA832 (non E) are insignificant for normal/most Spectrum Analyzer applications, especially as a hobbyist.  Congratulations, and enjoy your new instrument! 
 
The following users thanked this post: Wall-E

Offline HDR

  • Newbie
  • Posts: 4
  • Country: de
Re: Need help hacking DP832 for multicolour option.
« Reply #304 on: July 17, 2019, 10:57:24 am »
Thank you!
I also think that it is absolutly sufficent for my projects. But in germany we say "Haben ist besser als brauchen." (To have is better than to need)  ;D
 

Offline ted572

  • Frequent Contributor
  • **
  • Posts: 399
  • Country: us
  • Radio Communications Equipment/System Design Engr.
Re: Need help hacking DP832 for multicolour option.
« Reply #305 on: July 17, 2019, 11:34:42 am »
Thank you!
I also think that it is absolutly sufficent for my projects. But in germany we say "Haben ist besser als brauchen." (To have is better than to need)  ;D
Dann schäme dich, denn anscheinend hast du eine der goldenen Regeln deiner Nation gebrochen. Vielleicht sollten Sie umkehren, Ihre Bestellung stornieren und einen RSA3000 / 5000 kaufen. Hi Hi

 

Offline 1anX

  • Regular Contributor
  • *
  • Posts: 195
  • Country: au
Re: Need help hacking DP832 for multicolour option.
« Reply #306 on: July 20, 2019, 01:14:07 am »
Thank you!
I also think that it is absolutly sufficent for my projects. But in germany we say "Haben ist besser als brauchen." (To have is better than to need)  ;D
Dann schäme dich, denn anscheinend hast du eine der goldenen Regeln deiner Nation gebrochen. Vielleicht sollten Sie umkehren, Ihre Bestellung stornieren und einen RSA3000 / 5000 kaufen. Hi Hi

I wondered what was said so did the translate to english thing.

"Then be ashamed, because apparently you have broken one of the golden rules of your nation. Maybe you should reverse, cancel your order and buy a RSA3000 / 5000. Hi Hi"
 

Offline Vaiti

  • Contributor
  • Posts: 18
  • Country: fi
Re: Need help hacking DP832 for multicolour option.
« Reply #307 on: July 31, 2019, 06:09:54 am »
Quick Guide
Flash the rigol-key.img from the attached zipfile to a USB drive using your prefered disk imaging software. (dd/Win32 Disk Imager)

Power on the device, and insert the thumbdrive

Send the SCPI command to change the model number:

--For the DP800 series--
Code: [Select]
:PROJ:SET MODEL,DP832A
--For the DG1000Z series--
Code: [Select]
:PROJ:STAT MODEL,DG1062ZYou can then unlock the Arb16Mb option with this command as well, it will show as trail, but will never expire. (This sets your serial number to DG1ZA000000000, you can revert this by replacing the string with the serial found on the back of your unit, if you have need)
Code: [Select]
:PROJ:STAT SN,DG1ZA000000000
--For the DL3000 series--
Code: [Select]
:PROJ:SET MODEL,DL3021A
Reboot the device and you should be done.

Rigol's Ultra Sigma and the IVI drivers it provides have always been very flaky for me, so I used Messinstrumente with Zadig USB drivers

http://peter.dreisiebner.at/messinstrumente/Messinstrumente_2019-06-14.zip
https://zadig.akeo.ie/downloads/

I wanted to make a quick recap as this thread has gotten pretty long and it actually took me awhile to sort out some of the details and find the original posts that had the relevant information.
I also had trouble with Rigol's Ultra Sigma when trying to issue the SCPI commands, and ted572 (Thank you!) had made a suggestion to use Messinstrumente, and that worked immediately with no issue after installing the Zadig USB driver for the device.

I'm including the rigol-key.zip with this post for ease of download, but credit must go to tossu
https://www.eevblog.com/forum/testgear/need-help-hacking-dp832-for-multicolour-option/msg2475702/#msg2475702

A huge thank you to volkimel, tv84, tossu for making this hack happen.
« Last Edit: August 03, 2019, 03:05:30 pm by Vaiti »
 
The following users thanked this post: thm_w, natman69, cnkz, CCB, serg_77, blubillcanada, Magalex, NE666

Offline maxpayne

  • Regular Contributor
  • *
  • Posts: 139
Re: Need help hacking DP832 for multicolour option.
« Reply #308 on: August 01, 2019, 05:59:23 pm »
This didnt work for me !

I am getting message "Remote command is incorrect"

Am I doing anything wrong ?
 

Offline tossu

  • Contributor
  • Posts: 21
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #309 on: August 01, 2019, 06:43:23 pm »
I am getting message "Remote command is incorrect"

Am I doing anything wrong ?

Most probably, your USB drive is not set up properly. Make sure you insert the drive after the PSU has booted. If you prepared the drive using the old method Vaiti described, try using the disk image I made later: https://www.eevblog.com/forum/testgear/need-help-hacking-dp832-for-multicolour-option/msg2475702/#msg2475702
 
The following users thanked this post: maxpayne, jemotrain, NE666

Offline maxpayne

  • Regular Contributor
  • *
  • Posts: 139
Re: Need help hacking DP832 for multicolour option.
« Reply #310 on: August 01, 2019, 06:44:31 pm »
I partitioned a 16GB drive to 4096MB, full formatted it with FAT32 and then copied the keyfile.bin
 

Offline maxpayne

  • Regular Contributor
  • *
  • Posts: 139
Re: Need help hacking DP832 for multicolour option.
« Reply #311 on: August 01, 2019, 06:55:08 pm »
I am getting message "Remote command is incorrect"

Am I doing anything wrong ?

Most probably, your USB drive is not set up properly. Make sure you insert the drive after the PSU has booted. If you prepared the drive using the old method Vaiti described, try using the disk image I made later: https://www.eevblog.com/forum/testgear/need-help-hacking-dp832-for-multicolour-option/msg2475702/#msg2475702

Thanks Tossu. the disk image method worked and I am greeted with a color display !!

Needs to be FAT I believe, not FAT32, I'll edit my post to make that more clear. I actually thought I should have put more emphasis on that when I wrote it

FAT32 worked as well in my case :)
 

Offline maxpayne

  • Regular Contributor
  • *
  • Posts: 139
Re: Need help hacking DP832 for multicolour option.
« Reply #312 on: August 01, 2019, 07:14:01 pm »
To update your Rigol DL3021 to DL3021A, here is the complete procedure, without the need of buying the LAN option...
You need:
-Computer with RS232 port
-USB stick formatted in FAT32 with the file keyfile.bin from Tossu (many thanks for the hack !)
-Cross cabel RS232 female-female (2->3; 3->2; 5->5)
-Free software Termite from Compuphase (https://www.compuphase.com/software_termite.htm)

Connect everything together. Start the computer first and launch Termite.
Termite Serial port settings:
-Port COM1 (depend on your computer)
-Baud rate 9600
-Data bits 8
-Stop bits 1
-Parity none
-Flow control none
-Forward none
-Transmitted text Append CR-LF

Turn on the DL3021
To check the connection, you can try to type *IDN? in the Termite command line.
He will return the model of your device.
Type in Termite :PROJ:SET MODEL,DL3021A
That all  :D

Can hack the DC Load DL3021 to DL3031A?  Like the DG811 to DG992?

Does not the DL3021 hack can be done when connected via USB ? like the same way DP832 ?
 

Offline aristarchus

  • Regular Contributor
  • *
  • Posts: 107
  • Country: 00
Re: Need help hacking DP832 for multicolour option.
« Reply #313 on: August 01, 2019, 07:34:34 pm »
I partitioned a 16GB drive to 4096MB, full formatted it with FAT32 and then copied the keyfile.bin

Read again tossu's message, "You can format a drive as FAT "..

Anyway, the trick is to have the 'magic' sector written with the proper value, give it a try with some other usb sticks.

/PS
LoL for the time it took me to write this, it was already answered and done.. :-))
« Last Edit: August 01, 2019, 07:36:28 pm by aristarchus »
 

Offline TurboTom

  • Super Contributor
  • ***
  • Posts: 1380
  • Country: de
Re: Need help hacking DP832 for multicolour option.
« Reply #314 on: August 01, 2019, 08:39:21 pm »
Yes, and for the DG800 / DG900 with a slightly different "Magic Stick"  ;)

Cheers,
Thomas
 

Offline maxpayne

  • Regular Contributor
  • *
  • Posts: 139
Re: Need help hacking DP832 for multicolour option.
« Reply #315 on: August 02, 2019, 03:42:38 am »
To update your Rigol DL3021 to DL3021A, here is the complete procedure, without the need of buying the LAN option...
You need:
-Computer with RS232 port
-USB stick formatted in FAT32 with the file keyfile.bin from Tossu (many thanks for the hack !)
-Cross cabel RS232 female-female (2->3; 3->2; 5->5)
-Free software Termite from Compuphase (https://www.compuphase.com/software_termite.htm)

Connect everything together. Start the computer first and launch Termite.
Termite Serial port settings:
-Port COM1 (depend on your computer)
-Baud rate 9600
-Data bits 8
-Stop bits 1
-Parity none
-Flow control none
-Forward none
-Transmitted text Append CR-LF

Turn on the DL3021
To check the connection, you can try to type *IDN? in the Termite command line.
He will return the model of your device.
Type in Termite :PROJ:SET MODEL,DL3021A
That all  :D

Can hack the DC Load DL3021 to DL3031A?  Like the DG811 to DG992?

Does not the DL3021 hack can be done when connected via USB ? like the same way DP832 ?

I just tested with USB. Though the command was successful, I saw OK message, it does not work and my load model remains the same i.e. DL3021.

Perhaps I have to use the serial /RS232 interface.
 

Offline LdkE

  • Newbie
  • Posts: 1
  • Country: de
Re: Need help hacking DP832 for multicolour option.
« Reply #316 on: August 02, 2019, 06:42:02 am »
Quick Guide
Flash the rigol-key.img from the attached zipfile to a USB drive using your prefered disk imaging software. (dd/Win32 Disk Imager)

Power on the device, and insert the thumbdrive

Send the SCPI command to change the model number:

For the DP800 series
Code: [Select]
:PROJ:SET MODEL,DP832A
For the DG1000Z series
Code: [Select]
:PROJ:STAT MODEL,DG1062Z
For the DL3000 series
Code: [Select]
:PROJ:SET MODEL,DL3021A
Reboot the device and you should be done.

Rigol's Ultra Sigma and the IVI drivers it provides have always been very flaky for me, so I used Messinstrumente with Zadig USB drivers

http://peter.dreisiebner.at/messinstrumente/Messinstrumente_2019-06-14.zip
https://zadig.akeo.ie/downloads/

I wanted to make a quick recap as this thread has gotten pretty long and it actually took me awhile to sort out some of the details and find the original posts that had the relevant information.
I also had trouble with Rigol's Ultra Sigma when trying to issue the SCPI commands, and ted572 (Thank you!) had made a suggestion to use Messinstrumente, and that worked immediately with no issue after installing the Zadig USB driver for the device.

I'm including the rigol-key.zip with this post for ease of download, but credit must go to tossu
https://www.eevblog.com/forum/testgear/need-help-hacking-dp832-for-multicolour-option/msg2475702/#msg2475702

A huge thank you to volkimel, tv84, tossu for making this hack happen.

Followed Vaiti's quick guide, after connecting my DP832 with the PC via USB cable I installed the zadic driver on my PC, started Messinstrumente and shot the command over - BAM - it worked like a charm for me  :clap: :clap: :clap:

 :-+ :-+ :-+ Biggest thanks to volkimel, tv84, tossu and Vaiti for the hack and posting a quick guide that not everybody has to dig through the whole thread  :-+ :-+ :-+
 

Offline Vaiti

  • Contributor
  • Posts: 18
  • Country: fi
Re: Need help hacking DP832 for multicolour option.
« Reply #317 on: August 03, 2019, 06:00:54 pm »
I said screw it, stayed up late and swapped out the LED's which were 0806's.

0806 denotes 0.8x0.6 millimeters correct? If so, are you sure they aren't 0805's? Those are more readily available on eBay and Aliexpress, the 0806's seem to be non-existent.
 

Online tautech

  • Super Contributor
  • ***
  • Posts: 28058
  • Country: nz
  • Taupaki Technologies Ltd. Siglent Distributor NZ.
    • Taupaki Technologies Ltd.
Re: Need help hacking DP832 for multicolour option.
« Reply #318 on: August 03, 2019, 08:53:04 pm »
I said screw it, stayed up late and swapped out the LED's which were 0806's.

0806 denotes 0.8x0.6 millimeters correct? If so, are you sure they aren't 0805's? Those are more readily available on eBay and Aliexpress, the 0806's seem to be non-existent.
I'd guess from below it's a typo of an imperial size:

Avid Rabid Hobbyist
Siglent Youtube channel: https://www.youtube.com/@SiglentVideo/videos
 

Offline JDubU

  • Frequent Contributor
  • **
  • Posts: 436
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #319 on: August 04, 2019, 01:20:41 pm »
I said screw it, stayed up late and swapped out the LED's which were 0806's.

0806 denotes 0.8x0.6 millimeters correct? If so, are you sure they aren't 0805's? Those are more readily available on eBay and Aliexpress, the 0806's seem to be non-existent.

Here is a Digikey search of 0806 LED's:
https://www.digikey.com/products/en/optoelectronics/led-lighting-white/124?k=led+0806&k=&pkeyword=led+0806&sv=0&pv16=3364&pv16=3790&sf=1&FV=ffe0007c&quantity=&ColumnSort=0&page=1&pageSize=25

They are 0806 imperial sized SMD packages -- 0.080" L x 0.065" W (2.04mm x 1.64mm)



« Last Edit: August 04, 2019, 01:24:20 pm by JDubU »
 
The following users thanked this post: Vaiti

Offline Gandalf_Sr

  • Super Contributor
  • ***
  • Posts: 1729
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #320 on: August 30, 2019, 01:28:20 pm »
I ordered and received 0805 LEDs of suitable colors, I will report back on how well they fit but I am expecting them to work just fine.
If at first you don't succeed, get a bigger hammer
 

Offline CCB

  • Supporter
  • ****
  • Posts: 17
  • Country: nz
Re: Need help hacking DP832 for multicolour option.
« Reply #321 on: September 05, 2019, 09:23:16 am »
Just wanted to add that I've upgraded to latest firmware v00.01.16.00.02  2019-1-31 and it kept the options enabled. I had to check the manual to change the language back to english.

Also changed to DP832A and it's fantastic the new font and colours are great. Thank you sooo much!  :) :) :-+



 

Offline Gandalf_Sr

  • Super Contributor
  • ***
  • Posts: 1729
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #322 on: September 05, 2019, 09:57:32 am »
Just wanted to add that I've upgraded to latest firmware v00.01.16.00.02  2019-1-31 and it kept the options enabled. I had to check the manual to change the language back to english.

Also changed to DP832A and it's fantastic the new font and colours are great. Thank you sooo much!  :) :) :-+
Does anyone have any info on what's different between the latest version and mine which is v00.01.14.00.03 ?  Is there any affect on calibration when making the upgrade?
If at first you don't succeed, get a bigger hammer
 

Offline Vaiti

  • Contributor
  • Posts: 18
  • Country: fi
Re: Need help hacking DP832 for multicolour option.
« Reply #323 on: September 05, 2019, 10:40:34 am »
Calibration should remain the same.

Rigol DP800 Changelog:
-Update of this version-

v00.01.16.00.02   2019-1-31
     
     - Add the support for USB-GPIB
     - Fixed the bug of command "*OPT?"
     - Fixed the bug of cursor settings(Before:set the current firstly, then change the voltage , the cursor is always on the highest digit.)
     - Replacement of LAN Interface Library to solve the problem of network instability.


-Historical Versions and Updates-

v00.01.15.00.02   2017-05-25
     
     - Private version,not public

v00.01.14.00.03   2015-03-10

     - Modify the bug of OVP&OCP
     - Add new models
     - Update help Information

v00.01.13.00.01   2014-11-18

     - Modify the bug of UI display
     - Replacement of USB Device Library to solve the problem of unstable USB Device communication
 
The following users thanked this post: Gandalf_Sr

Offline Gandalf_Sr

  • Super Contributor
  • ***
  • Posts: 1729
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #324 on: September 05, 2019, 02:17:49 pm »
I downloaded the new firmware but the instructions are garbled...

1. Copy .gel file to the root of USB flash
2. Insert USB flash into DP800 (make sure the USB flash can be recognized by DP800). Power on DP800, press and hold HELP button until the update started.
3. Move USB flash after update is finished, then press these button in turn: HELP¡úHELP£¬¡úM4¡úM2¡úM1 (update analog board 1), ¡úM4¡úM2¡úM2 (update analog board 2)
4. Reboot DP800 after all the update finished and check the new version (Utility->system info->M1-M3-M2)

Can anyone help to decipher what line 3 means?

[EDIT] Never mind, I figured it out - ignore all the crap above, here's what worked for me...
1. Copy .gel file to the root of USB flash (I had to have a FAT32 formatted drive and the .gel file was the only file on the drive, you may do better than me)
2. Switch on the DP832(A) and immediately press [Help] button while first 3 ... is displayed, it now says "please insert drive with new firmware"
3. Plug in USB drive and (if it's a good drive) progress bar moves with download and update messages (only took about 30 seconds in total)
4. PSU reboots automatically but now all the menus are in Chinese
5. Press [Utility] > Language (M4) and then select 'English'
6 Check firmware revision by [Utility] > SysInfo and then, while the 3 lines of info are displayed, M1, M3, M2 (the buttons under the display numbered L to R)

The only problem I've found is that the stored settings don't work, it says they are the wrong format. You have to redo all the saved settings files.

That's it
« Last Edit: September 05, 2019, 02:40:51 pm by Gandalf_Sr »
If at first you don't succeed, get a bigger hammer
 

Offline marshalljmp

  • Newbie
  • Posts: 2
  • Country: be
Re: Need help hacking DP832 for multicolour option.
« Reply #325 on: September 13, 2019, 03:41:22 pm »
To update your Rigol DL3021 to DL3021A, here is the complete procedure, without the need of buying the LAN option...
You need:
-Computer with RS232 port
-USB stick formatted in FAT32 with the file keyfile.bin from Tossu (many thanks for the hack !)
-Cross cabel RS232 female-female (2->3; 3->2; 5->5)
-Free software Termite from Compuphase (https://www.compuphase.com/software_termite.htm)

Connect everything together. Start the computer first and launch Termite.
Termite Serial port settings:
-Port COM1 (depend on your computer)
-Baud rate 9600
-Data bits 8
-Stop bits 1
-Parity none
-Flow control none
-Forward none
-Transmitted text Append CR-LF

Turn on the DL3021
To check the connection, you can try to type *IDN? in the Termite command line.
He will return the model of your device.
Type in Termite :PROJ:SET MODEL,DL3021A
That all  :D

Can hack the DC Load DL3021 to DL3031A?  Like the DG811 to DG992?

Does not the DL3021 hack can be done when connected via USB ? like the same way DP832 ?

I just tested with USB. Though the command was successful, I saw OK message, it does not work and my load model remains the same i.e. DL3021.

Perhaps I have to use the serial /RS232 interface.

Just converted my DL3021 to a DL3021A with USB, no problems at all. Send the command and I got a color screen immediately .
 

Offline Trident900fi

  • Contributor
  • Posts: 15
  • Country: fr
Re: Need help hacking DP832 for multicolour option.
« Reply #326 on: November 10, 2019, 07:01:47 pm »
Usually the USB port is not activated on the DL3021, that's why I gave the procedure to follow in RS232...
Once converted to DL3021A, the USB port is automatically enabled.
 

Offline dekagon

  • Contributor
  • Posts: 22
  • Country: de
Re: Need help hacking DP832 for multicolour option.
« Reply #327 on: November 13, 2019, 09:35:27 am »
I want to try to unlock the Arb16M option of my DG1022Z (the option fix to convert it ti a DG1062Z was already successful).

The online version of Riglol (1.03d) does not have the capability to create such key :(

Is there another possibility to generate a ARB16M option key for my DG1062Z (aka DG1022Z)?
After intensive search I found no working solution in this thread or forum...

Thanks in advance

Chris
« Last Edit: November 14, 2019, 07:57:07 am by dekagon »
---
 

Offline dekagon

  • Contributor
  • Posts: 22
  • Country: de
Re: Need help hacking DP832 for multicolour option.
« Reply #328 on: November 14, 2019, 01:07:07 pm »
F.Y.I.:

I installed the MinGWgcc compiler package and compiled the windows version from the modified riglol.c code from user @starec (earlier post on page 12).

After inserting some missed #include statements at the beginning of the codefile and trying to compile the sources all is going without failures.  :D
I was able after that to generate an option key for the ARB16M option for DG1022Z.
The installation could be done either with copying the serial number and the option key into a license.txt file as described under
https://rigol.desk.com/customer/en/portal/articles/2283691-how-do-i-activate-the-dg1000z-memory-upgrade-

or alternatively via SCPI/Telnet session to IP-address port 5555 and the command  :LICense:INSTall <Riglol license key output>

After all everything is quite perfect now  8)

Many thanks to all the users who made this work possible!

Chris
---
 

Offline Volchenok82

  • Newbie
  • Posts: 7
  • Country: ru
  • Cats are everywhere ...
Re: Need help hacking DP832 for multicolour option.
« Reply #329 on: November 14, 2019, 02:32:34 pm »
Hello everyone!  :)

 I was interested in this topic, since I, too, am a “happy” owner of Rigol devices without additional options installed ... Undoubtedly, there are knowledgeable people who have been able to activate the options they need ... Tell me, please, was someone adding the three options through Riglol, or in another simple way, in the DP700 series power supplies - or is this basically impossible?

  If the number of hacked devices via Riglol has expanded (DG1000Z is a prime example!), then what prevents from adding the missing models to the online version of Riglol at http://gotroot.ca/rigol/riglol/

I think that many novice users, such as myself (who have not yet mastered writing programs) will be very grateful to you for this!   ;)

Sorry for the clumsy English ...


Pavel
 

Offline Trident900fi

  • Contributor
  • Posts: 15
  • Country: fr
Re: Need help hacking DP832 for multicolour option.
« Reply #330 on: November 17, 2019, 11:49:22 am »
Hello guys!  :)

Had someone of you try to upgrade a DMM Rigol DM3058E to DM3058 or better, DM3068 ?

Looks like it's the same principle as other Rigol devices  :D
 

Offline WhichEnt2

  • Regular Contributor
  • *
  • Posts: 98
  • Country: ru
Re: Need help hacking DP832 for multicolour option.
« Reply #331 on: November 17, 2019, 01:29:54 pm »
You'd have to change the hardware to do that. They have different refs at least.
Short pieces, high value, small period, huge amount, long delay.
 

Offline Trident900fi

  • Contributor
  • Posts: 15
  • Country: fr
Re: Need help hacking DP832 for multicolour option.
« Reply #332 on: November 17, 2019, 02:41:19 pm »
You'd have to change the hardware to do that. They have different refs at least.

Yes it's right. The goal was only to get the better resolution and the higher sampling rate...
 

Offline azemati

  • Contributor
  • Posts: 25
  • Country: ae
Re: Need help hacking DP832 for multicolour option.
« Reply #333 on: February 16, 2020, 07:11:29 pm »
Hi dear friend
Can you please guide me in hacking Spectrum Analyzer Model DSA832E-TG?
I need EMI-DSA800
EMI Filter & Quasi-Peak Detector Kit

AMK-DSA800
Advanced Measurement Kit

PA-DSA832
Preamplifier option, 100kHz to 3.2GHz (only for DSA832, DSA832E, DSA832E-TG, or DSA832-TG)

Please advice me
 

Offline Houseman

  • Regular Contributor
  • *
  • Posts: 175
  • Country: it
Re: Need help hacking DP832 for multicolour option.
« Reply #334 on: February 21, 2020, 02:40:39 pm »
Ok, 1-2 weeks ago i've modified riglol 1.03d for DG1000Z generation/calculation

here is a full source code:
Code: [Select]
char version[]             = "Riglol 1.03d";
char DP832_private_key[]   = "5C393C30FACCF4"; //publ: 0x5EC2D25AE85124
char DS2000_private_key[]  = "8EEBD4D04C3771"; //publ: 0x8445B2BE29E5C7
char DSA815_private_key[]  = "80444DFECE903E"; //publ: 0x691213692D18FA
char DS1000Z_private_key[] = "6F1106DDA994DA"; //publ: 0x58E9F183B924BB
char DG1000Z_private_key[] = "7412E98108CAB0"; //publ: 0x586E719859AF6C

static char* ascii_map;
static const char ascii_map_dg[] = "MNBVCXZASDFGHJKLPUYTREWQ23456789";
static const char ascii_map_[] = "23456789ASDFGHJKLPUYTREWQMNBVCXZ";

char no_private_key[]      = "";

/*
** sign the secret message (serial + opts) with the private key
*/
void ecssign(char *serial, char *options, char *privk, char *lic1, char *lic2) {
    char prime1[]  = "AEBF94CEE3E707";
    char prime2[]  = "AEBF94D5C6AA71";
    char curve_a[] = "2982";
    char curve_b[] = "3408";
    char point1[]  = "7A3E808599A525";
    char point2[]  = "28BE7FAFD2A052";
    int k_offset = 0; // optionally change ecssign starting offset (changes lic1; makes different licenses)
    mirsys(800, 16)->IOBASE = 16;

    sha sha1;
    shs_init(&sha1);

    char *ptr = serial;
    while(*ptr) shs_process(&sha1, *ptr++);
    ptr = options;
    while(*ptr) shs_process(&sha1, *ptr++);

    char h[20];
    shs_hash(&sha1, h);
    big hash = mirvar(0);
    bytes_to_big(20, h, hash);

    big a = mirvar(0);
    instr(a, curve_a);
    big b = mirvar(0);
    instr(b, curve_b);
    big p = mirvar(0);
    instr(p, prime1);
    big q = mirvar(0);
    instr(q, prime2);
    big Gx = mirvar(0);
    instr(Gx, point1);
    big Gy = mirvar(0);
    instr(Gy, point2);
    big d = mirvar(0);
    instr(d, privk);
    big k = mirvar(0);
    big r = mirvar(0);
    big s = mirvar(0);
    big k1 = mirvar(0);
    big zero = mirvar(0);

    big f1 = mirvar(17);
    big f2 = mirvar(53);
    big f3 = mirvar(905461);
    big f4 = mirvar(60291817);

    incr(k, k_offset, k);
    epoint *G = epoint_init();
    epoint *kG = epoint_init();
    ecurve_init(a, b, p, MR_PROJECTIVE);
    epoint_set(Gx, Gy, 0, G);

    for(;;) {
        incr(k, 1, k);

        if(divisible(k, f1) || divisible(k, f2) || divisible(k, f3) || divisible(k, f4))
            continue;

        ecurve_mult(k, G, kG);
        epoint_get(kG, r, r);
        divide(r, q, q);

        if(mr_compare(r, zero) == 0)
            continue;

        xgcd(k, q, k1, k1, k1);
        mad(d, r, hash, q, q, s);
        mad(s, k1, k1, q, q, s);

        if(!divisible(s, f1) && !divisible(s, f2) && !divisible(s, f3) && !divisible(s, f4))
            break;
    }

    cotstr(r, lic1);
    cotstr(s, lic2);
}

/*
** convert string to uppercase chars
*/
char *strtoupper(char *str) {
    char *p;
    for (p=str; *p; p++)
        *p = toupper(*p);
    return str;
}

/*
** prepend a char to a string
*/
char *prepend(char *c, char *str) {
    int i;

    for (i = strlen(str); i >= 0; i--) {
        str[i + 1] = str[i];
    }

    str[0] = *c;
    return c;
}

/*
** convert hex-ascii-string to rigol license format
*/
void map_hex_to_rigol(char *io) {
    unsigned long long b = 0;
    int i = 0;
    char map[] = {
        'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H',
        'J', 'K', 'L', 'M', 'N', 'P', 'Q', 'R',
        'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z',
        '2', '3', '4', '5', '6', '7', '8', '9'
    };

    /* hex2dez */
    while (io[i] != '\0') {
        if (io[i] >= '0' && io[i] <= '9') {
            b = b * 16 + io[i] - '0';
        } else if (io[i] >= 'A' && io[i] <= 'F') {
            b = b * 16 + io[i] - 'A' + 10;
        } else if (io[i] >= 'a' && io[i] <= 'f') {
            b = b * 16 + io[i] - 'a' + 10;
        }
        i++;
    }

    for (i = 3; ; i--) {
        io[i] = map[b & 0x1F];
        if (i == 0) break;
        b >>= 5;
    }

    io[4] = '\0';
}

char *get_version() {
  char *v;

  v=version;
  return v;
}

void show_help(char *cmd) {
    printf("%s\n", get_version());
    printf("\n");
    printf("Usage: %s <sn> <opts> <privkey>\n", cmd);
    printf("  <sn>       serial number of device (D............)\n");
    printf("  <opts>     device options, 4 characters, see below\n");
    printf("  <privkey>  private key (optional)\n");
    printf("\n");
    printf("DP832 starting from v1.09 device options:\n");
    printf("  first character:  F = official, B = trial\n");
    printf("  F3PT - Accuracy\n");
    printf("  F6PT - Analyzer and Monitor\n");
    printf("  F6LT - LAN\n");
    printf("  FALT - RS232\n");
    printf("  FLLT - Trigger\n");
    printf("\n");
    printf("DP832 up to v1.06 device options:\n");
    printf("  first character:  M = official, 5 = trial\n");
    printf("  MWSS - Trigger\n");
    printf("  MWTB - Accuracy\n");
    printf("  MWTC - LAN and RS232\n");
    printf("  MWTE - Analyzer and Monitor\n");
    printf("\n");
    printf("DS1000z device options:\n");
    printf("  DSAB - Advanced Triggers\n");
    printf("  DSAC - Decoders\n");
    printf("  DSAE - 24M Memory\n");
    printf("  DSAJ - Recorder\n");
    printf("  DSBA - 500uV Vertical\n");
    printf("\n");
    printf("DG1000z device options:\n");
    printf("  JBNE - 16M Memory\n");
    printf("\n");
    printf("DS2000 device options:\n");
    printf("  first character:  D = official, V = trial\n");
    printf("  DSAB - Advanced Triggers\n");
    printf("  DSAC - Decoders\n");
    printf("  DSAE - 56M Memory\n");
    printf("  DSAJ - 100MHz\n");
    printf("  DSAS - 200MHz\n");
    printf("  DSAZ - all options\n");
    printf("\n");
    printf("DS4000 device options:\n");
    printf("  first character:  D = official, V = trial\n");
    printf("  DSHB - RS232 Decoder\n");
    printf("  DSHC - SPI Decoder\n");
    printf("  DSHE - I2C Decoder\n");
    printf("  DSHJ - CAN Decode\n");
    printf("  DSHS - FlexRay Decoder\n");
    printf("  DSH9 - all options\n");
    printf("\n");
    printf("DSA815 device options:\n");
    printf("  first character:  A = official, S = trial\n");
    printf("  AAAB - Tracking Generator\n");
    printf("  AAAC - Advnced Measurement Kit\n");
    printf("  AAAD - 10Hz RBW\n");
    printf("  AAAE - EMI/Quasi Peak\n");
    printf("  AAAF - VSWR\n");
    printf("\n");
    printf("MAKE SURE YOUR FIRMWARE IS UP TO DATE BEFORE APPLYING ANY KEYS\n");
}

static int ascii_to_bin(char c)
{
    int i;

    for (i = 0; i < 0x20; i++)
        if (ascii_map[i] == c)
            break;
    return i;
}

static char *options_4to5(const char *opt4, char *opt5)
{
    int map[] = { 0, 3, 2, 1 };
    int i, opt = 0;

    for (i = 0; i < 4; i++)
        opt = (opt << 5) | ascii_to_bin(opt4[map[i]]);
    for (i = 0; i < 5; i++) {
        opt5[i] = ascii_map[opt & 0x0F];
        opt >>= 4;
    }
    opt5[i] = 0;
    return opt5;
}

static void format_license_dp832_109(char *lic1_code, char *lic2_code,
                                     char *options, char *licence, int isDG)
{
    const int map1dp[] = { 4, 11, 16, 23, 0, 24, 6, 22, 8, 20, 18, 25 };
    const int map2dp[] = { 3, 14, 19, 9, 26, 5, 1, 10, 12, 13, 15, 21 };
    const int map3dp[] = { 2, 7, 17, 27 };

    const int map1dg[] = {3, 0xE, 0x13, 9, 0x1A, 5, 7, 0x11, 0xC, 0x18, 6, 0x16};
    const int map2dg[] = {4, 0xB, 0x10, 0x17, 0, 8, 0x14, 0x1B, 2, 0xD, 0xF, 0x15};
    const int map3dg[] = {1, 0xA, 0x12, 0x19};

    const int *map1 = isDG?map1dg:map1dp;
    const int *map2 = isDG?map2dg:map2dp;
    const int *map3 = isDG?map3dg:map3dp;
    unsigned long long k;
    int i;

    k = strtoll(lic1_code, NULL, 16);
    for (i = 0; k < (1ULL << 51); i++)
        k = (k << 4) | 0;
    k = (k << 4) | i;
    for (i = 0; i < 12; i++) {
        licence[map1[i]] = ascii_map[k & 0x1F];
        k >>= 5;
    }

    k = strtoll(lic2_code, NULL, 16);
    for (i = 0; k < (1ULL << 51); i++)
        k = (k << 4) | 5;
    k = (k << 4) | i;
    for (i = 0; i < 12; i++) {
        licence[map2[i]] = ascii_map[k & 0x1F];
        k >>= 5;
    }

    if (isDG) {
        int map[] = { 0, 3, 2, 1 };
char *opt = strdup(options);
for (i = 0; i < 4; i++)
    opt[i] = options[map[i]];
for (i = 0; i < 4; i++)
    licence[map3[i]] = opt[3 - i];
        free(opt);
    }
    else
for (i = 0; i < 4; i++)
    licence[map3[i]] = options[i];

    licence[28] = 0;
}

static void format_license_classic(char *lic1_code, char *lic2_code,
                                   char *options, char *licence)
{
    char *lic_all, *chunk, *temp;
    int i, j;

    /* fix missing zeroes */
    while (strlen(lic1_code) < 14) {
        prepend("0", lic1_code);
    }
    while (strlen(lic2_code) < 14) {
        prepend("0", lic2_code);
    }

    /* combine lic1 and lic2 */
    lic_all = (char*)calloc(128, 1);
    temp = (char*)calloc(128, 1);
    chunk = (char*)calloc(6, 1);
    strcpy(lic_all, lic1_code);
    strcat(lic_all, "0");
    strcat(lic_all, lic2_code);
    strcat(lic_all, "0");

    /* generate serial */
    i=0;
    while (i < strlen(lic_all)) {
        memcpy(chunk, lic_all + i, 5);
        map_hex_to_rigol(chunk);
        strcat(temp, chunk);
        i = i + 5;
    }

    /* add options and "-" */
    j = 0;
    for(i = 0; i <= strlen(temp); ) {
       switch(j) {
         case 1:  licence[j] = options[0];  break;
         case 7:  licence[j] = '-';         break;
         case 10: licence[j] = options[1];  break;
         case 15: licence[j] = '-';         break;
         case 19: licence[j] = options[2];  break;
         case 23: licence[j] = '-';         break;
         case 28: licence[j] = options[3];  break;
         default: licence[j] = temp[i];
                  i++;
       }
       j++;
    }
    licence[j] = '\0';

    /* cleen up */
    free(lic_all);
    free(chunk);
    free(temp);
}

char *make_licence(char *serial, char *options, char* priv_key)
{
    char options_buffer[8], *opts = options;
    char *lic1_code, *lic2_code, *lic_all;
    char *chunk, *temp, *licence;
    int i, j;

    /* convert string to uppercase chars */
    strtoupper(serial);
    strtoupper(options);
    strtoupper(priv_key);

    int isDG = strncmp(serial, "DG1", 3)?0:1;
    /* convert options string format for DP832 with firmware >= 1.09 or for DG1000Z*/
    if ((!strncmp(serial, "DP8", 3) && options[0] != 'M' && options[0] != '5') || isDG)
        opts = options_4to5(options, options_buffer);

    /* sign the message */
    lic1_code = (char*)calloc(64, 1);
    lic2_code = (char*)calloc(64, 1);
    ecssign(serial, opts, priv_key, lic1_code, lic2_code);

    /* format licence string */
    licence = (char*)calloc(128, 1);
if ((!strncmp(serial, "DP8", 3) && *options != 'M' && *options != '5') || isDG)
        format_license_dp832_109(lic1_code, lic2_code, options, licence, isDG);
    else
        format_license_classic(lic1_code, lic2_code, options, licence);

    /* cleen up */
    free(lic1_code);
    free(lic2_code);

    return licence;
}

char *select_priv_key(char *serial) {
    char *priv_key;

    strtoupper(serial);
    if      (!strncmp(serial, "DS1", 3)) priv_key = DS1000Z_private_key;
    else if (!strncmp(serial, "DS2", 3)) priv_key = DS2000_private_key;
    else if (!strncmp(serial, "DS4", 3)) priv_key = DS2000_private_key;
    else if (!strncmp(serial, "DSA", 3)) priv_key = DSA815_private_key;
    else if (!strncmp(serial, "DP8", 3)) priv_key = DP832_private_key;
    else if (!strncmp(serial, "DG1", 3)) priv_key = DG1000Z_private_key;
    else                                 priv_key = no_private_key;

    return priv_key;
}

int main(int argc, char *argv[0]) {
    char *serial, *options, *priv_key, *licence;

    /* parse input */
    if (!((argc == 3 || argc == 4))) {
        show_help(argv[0]);
        exit(1);
    }
    serial = argv[1];
    options = argv[2];

    ascii_map = strncmp(serial, "DG1", 3)?(char*)ascii_map_:(char*)ascii_map_dg;

    if (argc == 4) priv_key = argv[3];
    else {
        priv_key = select_priv_key(serial);
        if (strlen(priv_key) == 0) {
            show_help(argv[0]);
            printf("\nERROR: UNKNOW DEVICE WITHOUT PRIVATKEY\n");
            exit(1);
        }
    }

    if (strlen(priv_key) != 14) {
        show_help(argv[0]);
        printf("\nERROR: INVALID PRIVATE KEY LENGTH\n");
        exit(1);
    }
    if (strlen(serial) < 13) {
        show_help(argv[0]);
        printf("\nERROR: INVALID SERIAL LENGTH\n");
        exit(1);
    }
    if (strlen(options) != 4) {
        show_help(argv[0]);
        printf("\nERROR: INVALID OPTIONS LENGTH\n");
        exit(1);
    }

    licence = make_licence(serial, options, priv_key);
    printf("%s\n", licence);
    free(licence);
}

Edit: I've added missing line to the function ecssign


Hi. Thank You for the code.
I have successfully compiled the code with you .c provided and it runs showing the help guide but once I use it with my serial number and the JBNE option (with or without the privatekey) the exe crashes with a segmentation fault 11.
Any hints?
Regards
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 3211
  • Country: pt
Re: Need help hacking DP832 for multicolour option.
« Reply #335 on: February 21, 2020, 03:11:19 pm »
Any hints?

riglol code has plenty of var definition problems, memory leaks and non-deallocated structures. If you don't do an overall verification of the whole code, you must have some luck in choosing the compiler and 32/64 bit architecture.

Overcoming those problems is the skill that one needs in order to earn a generated lic. :)
 

Offline Houseman

  • Regular Contributor
  • *
  • Posts: 175
  • Country: it
Re: Need help hacking DP832 for multicolour option.
« Reply #336 on: February 21, 2020, 10:10:19 pm »
Got it! I understand. Thank You. Managing to compile the whole code and get the bin was already a long way...
Will walk anyway forward. Regards
 

Offline Houseman

  • Regular Contributor
  • *
  • Posts: 175
  • Country: it
Re: Need help hacking DP832 for multicolour option.
« Reply #337 on: February 22, 2020, 02:43:38 pm »
THANKS MAN.
I have now an OFFICAL license... (CHINGLISH)
Does it still show to your device?

Regards

Any hints?

riglol code has plenty of var definition problems, memory leaks and non-deallocated structures. If you don't do an overall verification of the whole code, you must have some luck in choosing the compiler and 32/64 bit architecture.

Overcoming those problems is the skill that one needs in order to earn a generated lic. :)
 

Offline Houseman

  • Regular Contributor
  • *
  • Posts: 175
  • Country: it
Re: Need help hacking DP832 for multicolour option.
« Reply #338 on: February 22, 2020, 10:56:47 pm »
First of all, thanks for the great-huge work.
Have a DG1022Z riglol.upgraded to a 1062Z
Works like a charme
HOWEVER.
The Ultrastation Software recognize the unit as 1062Z but you can only draw waveforms less than 20MHz..
Attached the screenshot.
Any hints??

Thank You.
 

Anybody with the latest FW and manual IP care to check the DP832 settings please? (to check press 'Utility' -> 'IO Config' -> 'LAN')
Do you have the DNS set to 88.218.37.64 after a power cycle, like this?

I upgraded my DP832 to 1.16, and it is doing the same thing. The DNS is set to 88.218.37.64 when a "LAN connected" notification is shown. However, the value I've set is restored if I go back to the DNS settings. I noticed FW 1.14 changes the DNS as well, but it sets it to 0.0.0.0.

I took a quick look at a DG1032Z firmware I found somewhere. I think it's version 1.06. It has a very similar check for the same magic value at sector 0x78EC.

Could someone eager to hack (or brick) their DG1032Z send these commands to it, preferably via USB, and post the results here? The keyfile.bin I made for DP832 should work.
Code: [Select]
:PROJ:STAT MCALTIMES,QUERY
*IDN?
:PROJ:STAT MODEL,DG1062Z
*IDN?

The first command is just a sanity check. It should print CH1 = <some number>, CH2 = <some number>.
 

Offline _Wim_

  • Super Contributor
  • ***
  • Posts: 1514
  • Country: be
Re: Need help hacking DP832 for multicolour option.
« Reply #339 on: February 23, 2020, 06:20:07 am »
The Ultrastation Software recognize the unit as 1062Z but you can only draw waveforms less than 20MHz..

This is normal, see extact of datasheet below.
 
The following users thanked this post: Gandalf_Sr, Houseman

Offline belzrebuth

  • Frequent Contributor
  • **
  • Posts: 482
  • Country: gr
Re: Need help hacking DP832 for multicolour option.
« Reply #340 on: May 26, 2020, 08:58:53 am »
I'm trying to get this to run on Win10 64 with mingw64 and LinuxMint64 (on VM).
I get a "segmentation fault (core dump)" error message when executing on Linux.
On Windows the riglol.exe just hangs and I get the typical MS warning when something's not responding.

I've tried both the 1.03d (unchanged) from the gotroot archive as well as the code attached by starec on July 10/ 2019 (including the definitions of the gootroot 1.03d .c file)

The miracl library compiles fine on both configurations (on windows I've used the mingw.bat and on linux the bash linux64 script).
The executable also compiles ok and runs normally when executed giving me the command options and usage.

It's when I put a serial number and a licence 4 digit code that the program fails.(so when it actually needs to do something)

I've troubleshoot enough to find out that the problem probably lies in the ecurve function call but I'm not sure.
I've put the program to print something from various parts of the code and that's where it loses it.

Many people have succesfully compiled and run this so I don't know if there's any needed "skill" at play here as tv84 implied; it's maybe something trivial that's system specific or just an omission of sorts on my part.

Any tips would be greatly appreciated as I'm really curious what I might be doing wrong.
Thanks:)


EDIT: I was able to run the program after I've compiled the miracl library and the riglol.c in 32bit.
I should've tried it a lot sooner I guess; still curious what's wrong with 64bit though..
« Last Edit: May 26, 2020, 08:46:03 pm by belzrebuth »
 

Offline belzrebuth

  • Frequent Contributor
  • **
  • Posts: 482
  • Country: gr
Re: Need help hacking DP832 for multicolour option.
« Reply #341 on: May 30, 2020, 03:14:43 pm »
Is there any way to set the DP832 to be DP832A while keeping the 7-segment display as is?
I only need to try the hi-res option to be honest and kind of like the 7-segment display better than the smooth fonts..
So would it be better just to enter the riglol code for "accuracy" instead instead of performing the model change?
Only reason I considered the model change is that it's reversible.
« Last Edit: May 30, 2020, 03:17:52 pm by belzrebuth »
 

Offline RoGeorge

  • Super Contributor
  • ***
  • Posts: 6136
  • Country: ro
Re: Need help hacking DP832 for multicolour option.
« Reply #342 on: May 30, 2020, 04:55:08 pm »
You can not have DP832A with 7 segments font, but you can unlock the high resolution option (or any other, or all options) for the DP832, without turning the instrument into a DP832A.  Unlocking the options is different from the method used here.  Search for "Riglol" to find the key generator.

As a side note, the 7 segments font is very hard to read when compared with the fonts of DP832A.  I used to think those 7 segments digits were cool, but the DP832A normal font is so much easier to read that I wouldn't want to go back to seven segments font, ever!

Offline belzrebuth

  • Frequent Contributor
  • **
  • Posts: 482
  • Country: gr
Re: Need help hacking DP832 for multicolour option.
« Reply #343 on: May 30, 2020, 06:03:44 pm »
I'll check both options when my replacement DP832 arrives (I've had a bit of adventure getting a defective unit so I'm in the process of getting a replacement).

I could first try changing the model to DP832A to check the smooth font color screen,if I decide to keep the "A" version I would effectively have a "new" screen and only the high-res option enabled but not the LAN and RS232, correct?

I would then need to unlock the other options within the riglol generator right?

BTW what is the accuracy option "MWTB" for the DP832A?
Isn't this default to all "A" units?
 

Offline RoGeorge

  • Super Contributor
  • ***
  • Posts: 6136
  • Country: ro
Re: Need help hacking DP832 for multicolour option.
« Reply #344 on: May 30, 2020, 06:38:32 pm »
AFAIK DP832A have all the options enabled by default, including LAN and RS232, so no matter what options were installed before on a DP832, when you turn it into DP832A it will also unlock all the options.

Offline Gandalf_Sr

  • Super Contributor
  • ***
  • Posts: 1729
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #345 on: May 30, 2020, 07:01:43 pm »
I know the fonts are nicer on the DP832A but it does have a display mode that looks like the single-color display on the DP832 (you can choose the single color on the DP832) but, on the DP832A, the 3 sections are color-coded to each supply plus the fonts are cleaner.
If at first you don't succeed, get a bigger hammer
 

Online PA0PBZ

  • Super Contributor
  • ***
  • Posts: 5114
  • Country: nl
Re: Need help hacking DP832 for multicolour option.
« Reply #346 on: May 30, 2020, 07:19:10 pm »
I use this setting:

Keyboard error: Press F1 to continue.
 

Offline belzrebuth

  • Frequent Contributor
  • **
  • Posts: 482
  • Country: gr
Re: Need help hacking DP832 for multicolour option.
« Reply #347 on: May 30, 2020, 07:59:01 pm »
Okay you've convinced me. ^-^
So no Riglol at all with this unit..
Just a model change and we're done. (all the options plus the clearer screen)
I know it's been said before but since the DP832 doesn't come with the LAN I guess the SCPI command is to be executed via the UltraSigma software, yes?

If so I need to be on a Windows PC to do it.
 

Offline RoGeorge

  • Super Contributor
  • ***
  • Posts: 6136
  • Country: ro
Re: Need help hacking DP832 for multicolour option.
« Reply #348 on: May 30, 2020, 08:24:04 pm »
No.  All the hardware is present in all units.  DP832 or DP832A are identical in hardware no matter what options they had at the buying moment.  You will have both LAN and RS232, and LXI and everything, and in either case you won't need ultra sigma anyway.  Nobody uses that.   ;D

The only difference between a DP832 and DP832A is the front panel that is painted in many colors for the DP832A version.

You'll have everything possible like it would be with the most expensive DP832A.

Stop warring and in the meantime read the user manual and the programming manual, or even better before the manuals (if you plan to control the power source remotely) search online for introductory info about the SCPI standard.
« Last Edit: May 30, 2020, 08:32:11 pm by RoGeorge »
 

Offline belzrebuth

  • Frequent Contributor
  • **
  • Posts: 482
  • Country: gr
Re: Need help hacking DP832 for multicolour option.
« Reply #349 on: May 30, 2020, 08:30:00 pm »
No, I mean in order to initially get my DP832 to change to the "A" model wouldn't I need to connect it w/USB in order to send the command?

Since it won't come with the LAN option enabled I can't just insert the USB drive, connect it to my LAN and nc or telnet the command into it..

 

Offline Gandalf_Sr

  • Super Contributor
  • ***
  • Posts: 1729
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #350 on: May 30, 2020, 08:35:40 pm »
You can use Riglol to add LAN to a DP832 and then Telnet to it via LAN to do the model change.
If at first you don't succeed, get a bigger hammer
 

Offline belzrebuth

  • Frequent Contributor
  • **
  • Posts: 482
  • Country: gr
Re: Need help hacking DP832 for multicolour option.
« Reply #351 on: May 30, 2020, 08:39:38 pm »
True , but I was thinking in terms of keeping all changes reversible just in case.
It's very nice that you can essentially enjoy all the extra features of the "A" variant without losing your warranty.
But I could always try the USB method and the UltraSigma software for just once.
 

Offline Gandalf_Sr

  • Super Contributor
  • ***
  • Posts: 1729
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #352 on: May 30, 2020, 10:11:25 pm »
You can change it back to a DP832 and then issue a SCPI command to remove all options.
If at first you don't succeed, get a bigger hammer
 

Offline belzrebuth

  • Frequent Contributor
  • **
  • Posts: 482
  • Country: gr
Re: Need help hacking DP832 for multicolour option.
« Reply #353 on: May 30, 2020, 10:12:24 pm »
Oh, I didn't know that.
Great!Thanks:)
 

Offline jcfoto

  • Contributor
  • Posts: 25
  • Country: fr
Re: Need help hacking DP832 for multicolour option.
« Reply #354 on: June 02, 2020, 09:25:50 am »
Hello.
Thanks for guy' that made an fantastic work. My news devices, bought in spring 2020, are betters whith yours reserches :      :clap:
DP832 -> DP832A - news colors but, also (must !) better définited ( mV and mA)
*IDN? -> RIGOL TECHNOLOGIES,DP832,DP8Cxxxxxxxxxxxx,00.01.16

DG1022Z -> DG1062Z - Sinus fréquency max = 60MHz ( saw with scope) and memory up to 16 MB in no limit trial mode.
*IDN? -> Rigol Technologies,DG1022Z,DG1ZAxxxxxxxxxxxxx,03.01.12

One note for DG : square waveforms aren't particulary correct at frequency upper than 1MHz ( transitions are curve !!!). Sinus at 60MHz very correct.
 

Offline Gandalf_Sr

  • Super Contributor
  • ***
  • Posts: 1729
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #355 on: June 02, 2020, 10:03:43 am »
Zut alors jcfoto, c'est fantastique! Bonne chance.

translation...
Damn jcfoto, that's fantastic! Good luck.
If at first you don't succeed, get a bigger hammer
 

Offline belzrebuth

  • Frequent Contributor
  • **
  • Posts: 482
  • Country: gr
Re: Need help hacking DP832 for multicolour option.
« Reply #356 on: June 02, 2020, 11:21:24 am »

One note for DG : square waveforms aren't particulary correct at frequency upper than 1MHz ( transitions are curve !!!). Sinus at 60MHz very correct.

Ι've noticed that as well on my DG1022z; one would think that "upgrading" it to dg1062z would also scale upwards how the square responds for frequencies > 1MHz but it hasn't changed much.
The relationship should be linear since the square is a sum anyways so essentially doubling the BW would also double the limit of a nice square output.
If it was 1meg before, now it should be at least double that.

I've not tested a "before" and "after" to be sure but I too think that square is the same.

With the 25MHz limit an acceptable square output of around 1MHz maybe be expected since a square inherently consists of infinite harmonics to start with and technically *any* BW is not enough to represent it but it's weird that changing the upper BW limit didn't improve the square output much (enough to be noticeable at least)..

EDIT:
I've had a problem (user error probably) after upgrading so for anyone experiencing the same it might be of help.
The peak to peak value was not consistent all the way up to 60MHz.
I had to revert to factory settings in order to have a proper voltage output all the way up to the limit.
But that did not improve the square I think.
Τhen again, the scope also has a BW limit so..
I'd need to change the model back to 1022 and take a diff measurement of some sort to at least have a reference point.
« Last Edit: June 02, 2020, 11:40:16 am by belzrebuth »
 

Online PA0PBZ

  • Super Contributor
  • ***
  • Posts: 5114
  • Country: nl
Re: Need help hacking DP832 for multicolour option.
« Reply #357 on: June 02, 2020, 11:40:14 am »
The specification for all the DG10* models say "Square: 1 μHz to 25 MHz" so I would not expect anything to change.
Keyboard error: Press F1 to continue.
 
The following users thanked this post: belzrebuth, Elasia

Offline belzrebuth

  • Frequent Contributor
  • **
  • Posts: 482
  • Country: gr
Re: Need help hacking DP832 for multicolour option.
« Reply #358 on: June 02, 2020, 11:41:46 am »
Yes..
So it's only a higher freq sin the only difference between these models..
 

Offline Gandalf_Sr

  • Super Contributor
  • ***
  • Posts: 1729
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #359 on: June 02, 2020, 01:30:00 pm »
On my DG1062Z, the square wave output is only a square wave at 10 MHz and then the rise fall times are pretty long (11 nS), by the time it gets to 25MHz, it's pretty much a sine wave.
If at first you don't succeed, get a bigger hammer
 

Offline jcfoto

  • Contributor
  • Posts: 25
  • Country: fr
Re: Need help hacking DP832 for multicolour option.
« Reply #360 on: June 09, 2020, 03:57:53 pm »
I'd made two recents "print screen" of my DS2202E scope ( full options !) from DG upgraded :
Sinus 59MHz -> Very little Frequency and voltage modulation. It's correct. 5vcc
Square 15MHz -> Very ... funny square signal, is'nt it ? Correct up to 5MHz. 5vcc
For hight frequency square signals, i use µ controlers ( more efficient).

On join "print screen", scales and samples of scope may be readable.
 

Online PA0PBZ

  • Super Contributor
  • ***
  • Posts: 5114
  • Country: nl
Re: Need help hacking DP832 for multicolour option.
« Reply #361 on: June 09, 2020, 05:11:56 pm »
15, 25 and 50MHz square from an upgraded DG4062 on a MSOX3054:

1001522-0

1001524-1

1001526-2
Keyboard error: Press F1 to continue.
 

Offline edgelog

  • Regular Contributor
  • *
  • Posts: 70
  • Country: se
Re: Need help hacking DP832 for multicolour option.
« Reply #362 on: June 10, 2020, 11:49:38 am »
Just an observation which slightly worries me.

After updating the DP832 from firmware 00.01.16.00.00 to 00.01.16.00.02 I also configured the analog boards by doing the HELP-HELP-M4-M2-M1 and HELP-HELP-M4-M2-M2. Interestingly, the analog version went down a tick after that.

Before upgrading, the analog version was 03.02.05.03.02.05, but after the upgrade it was 03.02.04.03.02.04. It irks me a little bit.
 

Offline belzrebuth

  • Frequent Contributor
  • **
  • Posts: 482
  • Country: gr
Re: Need help hacking DP832 for multicolour option.
« Reply #363 on: June 10, 2020, 01:10:58 pm »
I also configured the analog boards by doing the HELP-HELP-M4-M2-M1 and HELP-HELP-M4-M2-M2.

Sorry but what's this?
This configuring of the analog boards I mean..Wheere did you find this key-pattern?
Is it mentioned in the manual?
I have a problem with my DP832 so it couldn't hurt to try it.

About your problem:
Could you try to downgrade the firmware and then redo the above?

 

Offline edgelog

  • Regular Contributor
  • *
  • Posts: 70
  • Country: se
Re: Need help hacking DP832 for multicolour option.
« Reply #364 on: June 10, 2020, 01:15:40 pm »
I also configured the analog boards by doing the HELP-HELP-M4-M2-M1 and HELP-HELP-M4-M2-M2.

Sorry but what's this?
This configuring of the analog boards I mean..Wheere did you find this key-pattern?
Is it mentioned in the manual?
I have a problem with my DP832 so it couldn't hurt to try it.

About your problem:
Could you try to downgrade the firmware and then redo the above?

You’ll find this key sequence in earlier messages, but I think I’ve seen it in older release notes as well.

I’m not really having a problem, just a little bit confounded by the version numbers, so I’m not going to downgrade again. Not unless I run into some problem down the road.
 

Offline Fabse

  • Newbie
  • Posts: 3
  • Country: de
Re: Need help hacking DP832 for multicolour option.
« Reply #365 on: June 20, 2020, 07:34:23 am »
Hey guys,
can someone pls post the whole compilable source code for the 16M option? I am no coder and I tried my best, but i can not get this thing to compile. I would really appreciate any help :)
 

Offline belzrebuth

  • Frequent Contributor
  • **
  • Posts: 482
  • Country: gr
Re: Need help hacking DP832 for multicolour option.
« Reply #366 on: June 20, 2020, 09:12:21 am »
What operating system are you using?
I could sent you an Linux compiled executable.
 
The following users thanked this post: Fabse

Offline Fabse

  • Newbie
  • Posts: 3
  • Country: de
Re: Need help hacking DP832 for multicolour option.
« Reply #367 on: June 20, 2020, 09:32:13 am »
Hello belzrebuth,
a linux executable would be perfect. I guess that's all I need :)
Thank you very much!
 

Offline belzrebuth

  • Frequent Contributor
  • **
  • Posts: 482
  • Country: gr
Re: Need help hacking DP832 for multicolour option.
« Reply #368 on: June 20, 2020, 10:22:14 am »
Hello belzrebuth,
a linux executable would be perfect. I guess that's all I need :)
Thank you very much!

Here you are!
 
The following users thanked this post: Fabse

Offline czecht

  • Newbie
  • Posts: 9
  • Country: us
Re: Need help hacking DP831
« Reply #369 on: June 22, 2020, 02:43:05 am »
I have DP831 and I like to hack it to all updates. Where can I find the information?
Can I just use the DP832 - are they hardware wise the same or not?
Thank you guys!
Tony
 

Offline Gandalf_Sr

  • Super Contributor
  • ***
  • Posts: 1729
  • Country: us
Re: Need help hacking DP831
« Reply #370 on: June 22, 2020, 10:16:15 am »
I have DP831 and I like to hack it to all updates. Where can I find the information?
Can I just use the DP832 - are they hardware wise the same or not?
Thank you guys!
Tony
DP831 and DP832 are different hardware but clearly the DP832 is based on the DP831.  I don't know for sure but I bet that the 'magic' USB stick will allow you to turn a DP831 into a DP831A but not a DP832(A).
If at first you don't succeed, get a bigger hammer
 

Offline TurboTom

  • Super Contributor
  • ***
  • Posts: 1380
  • Country: de
Re: Need help hacking DP832 for multicolour option.
« Reply #371 on: June 22, 2020, 04:18:55 pm »
It works for the DP811 so there's no reason why it shouldn't work with the DP831 which is much closer design-wise to the DP832 than the DP811...
 

Offline Gandalf_Sr

  • Super Contributor
  • ***
  • Posts: 1729
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #372 on: June 22, 2020, 08:03:44 pm »
It works for the DP811 so there's no reason why it shouldn't work with the DP831 which is much closer design-wise to the DP832 than the DP811...
What works?
If at first you don't succeed, get a bigger hammer
 

Offline belzrebuth

  • Frequent Contributor
  • **
  • Posts: 482
  • Country: gr
Re: Need help hacking DP832 for multicolour option.
« Reply #373 on: June 22, 2020, 09:53:39 pm »
I think he means the model change command..
 

Offline TurboTom

  • Super Contributor
  • ***
  • Posts: 1380
  • Country: de
Re: Need help hacking DP832 for multicolour option.
« Reply #374 on: June 22, 2020, 09:55:12 pm »
I used the "Magic Stick" to modify both my DP811 and my DP832 to the "A" version, so I haven't any doubt that it will as well work on the DP831 (to turn it into a DP831A that is). Maybe my previous post was a little confusing...  ;)
« Last Edit: June 22, 2020, 09:57:07 pm by TurboTom »
 

Offline techymechy

  • Newbie
  • Posts: 4
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #375 on: August 23, 2020, 04:49:41 am »
Howdy,

I'm a complete novice in unlocking devices and pretty much a novice to this EE world.  I pretty much suck at software so C++, Linux, etc. is a mystery.

I am trying to start a new hobby of antique radio and TV repair.  My first *new* instrument was the Rigol DG1022Z.    I have successfully unlocked it so it is now a DC1062Z but I cannot figure out how to get the ARB16M installed.

I read through the threads and I saw that others were having the same issue, but I could not figure out how to enable this option.

Can someone please reply to my post, in great detail, on how to get ARB16M installed?   I don't need the granularity of  *breathe in, breath out* but I don't do well when big chunks of the instructions are left out.

I really appreciate your help. 

thanks,

Dave
 

Offline apelly

  • Supporter
  • ****
  • Posts: 1061
  • Country: nz
  • Probe
Re: Need help hacking DP832 for multicolour option.
« Reply #376 on: August 23, 2020, 05:57:03 am »
Can someone please reply to my post
Dave, you should start a new thread with an appropriate topic, or find a thread specific to your problem. It's considered bad form to hijaak a thread with off topic posts.

Granted, this thread is related, but it is (well, ought to be...) specifically about the DP832

Welcome to the forum.
 

Offline techymechy

  • Newbie
  • Posts: 4
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #377 on: August 23, 2020, 06:35:40 pm »
Hi Apelly, PeDre, et.al.,

Thanks for your responses.   Apelly, the reason why I posted on this thread is that this topic is covered in depth in this thread for the DG1022Z unlock (pages 11-15 and others).  I don't really consider my post as a hijacking of this thread - but I do agree that hijacking is poor form and should be avoided.

I've tried the method suggested by Vaiti for the unlocking of the DG1022Z:

https://www.eevblog.com/forum/testgear/need-help-hacking-dp832-for-multicolour-option/msg2582898/#msg2582898

and this indeed will unlock the higher DG1062 configuration and provides a Trial for the ARB16M.   The nice part of this is that I can change my serial number back and it the ARB16M becomes uninstalled and then I can revert to the neat DG1022Z configuration using TELNET commands.   This may be important if I have a warantee issue.   Luckily, the Rigol repair center is about 30 min from my house.   I highly expect I won't have a warantee issue so this is more of a peace of mind approach to get this functionality.

This really isn't that hard to unlock and thanks to Vaiti for summarizing the method.  I also appreciate the EEVblog contributors who contributed to this thread and who've answered my PM's for getting this done.   This is one of the reasons I am taking up this hobby - so I can learn.

Thanks again!
 
The following users thanked this post: Vaiti

Offline belzrebuth

  • Frequent Contributor
  • **
  • Posts: 482
  • Country: gr
Re: Need help hacking DP832 for multicolour option.
« Reply #378 on: August 23, 2020, 11:43:25 pm »
Here's a short guide on how to compile the modified riglol.c to generate the ARB16 licence.

1)Get a linux distribution working. (virtualbox is fine, 64 or 32 bits doesn't matter)

2)Download the attached riglol.c file.

3)Download miracl library from here :
   https://github.com/miracl/MIRACL

4)Make a new folder somewhere.

5) Open the terminal and navigate to the folder you've just created (or just type cd and then drop it in terminal and press enter).

Type:

unzip -j -aa -L (here drop the MIRACL-master.zip you've just downloaded to get its full path), press enter.
Answer "A" when asked.

This should extract the miracl .zip file to that folder.

6) Place the riglol.c file inside the folder containing all the miracl files you've just extracted.

7) Assuming you are using a debian based distro and while still in terminal type:

sudo apt-get install gcc-multilib (answer yes when asked) if you're not asked for anything you may have this already installed..

when done type:

sudo apt-get install g++ (also answer yes when asked)

and finally :

sudo apt-get install g++-multilib (answer yes when asked, again disregard this if it's already installed)

(I've tested this in a newly installed distro and this is all I needed in terms of dependencies, this may vary among various configurations. )

8 ) (we're in still in terminal)

Navigate to the directory you have unzipped the miracl.zip and type 'bash linux' or 'bash linux64' <- for 64bit (without the quotes) and wait for it to finish.
It seems like it's not doing much but it is.
It should finish without errors.

7)Type:
gcc -m32 riglol.c -I./ miracl.a -o riglol to build the riglol executable.
You can also type : gcc riglol.c -I./ miracl.a -o riglol if you're using a 64bit distro.

8)type ./riglol then type your serial number <space> 'JBNE' ,then press enter to run the program and generate the licence.

If you don't want to go through this just download Ubuntu for Windows from here:
https://ubuntu.com/wsl
Unzip the attached riglol_64 .zip file somewhere and using the Ubuntu terminal cd to that folder, then type: ./riglol <here you should enter your SN and options>

« Last Edit: August 24, 2020, 07:58:28 am by belzrebuth »
 

Offline techymechy

  • Newbie
  • Posts: 4
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #379 on: August 26, 2020, 07:01:28 am »
Very clear explanation belzrebuth!   Thank you for teaching!

 
The following users thanked this post: belzrebuth

Offline czecht

  • Newbie
  • Posts: 9
  • Country: us
I need to hack my DP831 to unlock it all, if possible. I never done anything like this before, but if someone gives me exact info how to, I'll get it done, I think.
Thanks guys!
 

Offline Gandalf_Sr

  • Super Contributor
  • ***
  • Posts: 1729
  • Country: us
I need to hack my DP831 to unlock it all, if possible. I never done anything like this before, but if someone gives me exact info how to, I'll get it done, I think.
Thanks guys!
My preference would be to use the 'magic' USB drive method.  You can then use Windows or Linux (whichever you prefer) to Telnet to the DP831 and convince it that it's a different model.

Read back into the thread - it's only 16 pages long.  I say read back as it's better to find a recent example of success than a much older one.
If at first you don't succeed, get a bigger hammer
 

Offline kentarhos

  • Newbie
  • Posts: 1
  • Country: gr
Re: Need help hacking DP832 for multicolour option.
« Reply #382 on: September 11, 2020, 04:09:07 pm »
Hi all  and sorry for my English.
I want to upgrade my dp832  to  dp832A.
I have to enable lan option to send commands via telnet.
When i insert any option  key from riglol i get  'Invalid serial number'  message

System info
Digital ver . 00.01.16.00.02
boot version 1.09
analog version 04.02.04.03.02.04  .

Am i doing something wrong?



EDIT ...   
OK , I  did it  using tossu method .
Thank you
« Last Edit: September 11, 2020, 05:30:40 pm by kentarhos »
 

Offline ligteltelecom

  • Newbie
  • Posts: 2
  • Country: br
Re: Need help hacking DP832 for multicolour option.
« Reply #383 on: November 22, 2020, 02:43:46 pm »
Hi bro

This procedure will work with this version below?
My is DP832 (without A) need put Hight Resolution it.

System info
Digital ver . 00.01.16.00.02
boot version 1.09
analog version 04.02.04.03.02.04  .

Did you solve your problem?  i have same model with same boot and firmware version.

 

Offline ligteltelecom

  • Newbie
  • Posts: 2
  • Country: br
Re: Need help hacking DP832 for multicolour option.
« Reply #384 on: November 22, 2020, 02:44:55 pm »
Very clear explanation belzrebuth!   Thank you for teaching!

Hi bro

This procedure will work with this version below?
My is DP832 (without A) need put Hight Resolution it.

System info
Digital ver . 00.01.16.00.02
boot version 1.09
analog version 04.02.04.03.02.04

Problem solved with Tossu keyfile.bin and ultra sigma sending Scpi command by usb cable.
« Last Edit: November 23, 2020, 06:44:22 pm by ligteltelecom »
 

Offline joeyjoejoe

  • Frequent Contributor
  • **
  • Posts: 267
  • Country: ca
Re: Need help hacking DP832 for multicolour option.
« Reply #385 on: December 09, 2020, 03:56:03 pm »
To update your Rigol DL3021 to DL3021A, here is the complete procedure, without the need of buying the LAN option...
You need:
-Computer with RS232 port
-USB stick formatted in FAT32 with the file keyfile.bin from Tossu (many thanks for the hack !)
-Cross cabel RS232 female-female (2->3; 3->2; 5->5)
-Free software Termite from Compuphase (https://www.compuphase.com/software_termite.htm)

Connect everything together. Start the computer first and launch Termite.
Termite Serial port settings:
-Port COM1 (depend on your computer)
-Baud rate 9600
-Data bits 8
-Stop bits 1
-Parity none
-Flow control none
-Forward none
-Transmitted text Append CR-LF

Turn on the DL3021
To check the connection, you can try to type *IDN? in the Termite command line.
He will return the model of your device.
Type in Termite :PROJ:SET MODEL,DL3021A
That all  :D

Regarding 3021 to 3031 hack, if we add the missing MOSFET's will it work? Can anyone who's confident in their RIGOL hacking try setting the model to DL3031A to see if it even boots up? (No need to test load yet, but just see if that is enough to make it think it's DL3031A)

I'm willing to try it if there's a way to un-brick things... not confident in my skills :)
 

Offline ZVI

  • Newbie
  • Posts: 4
  • Country: ru
Re: Need help hacking DP832 for multicolour option.
« Reply #386 on: February 10, 2021, 06:57:37 am »
Good day! Help! Help! A week ago I received my device. Can't change the model type of my DP832. Installed the program ULTRA SIGMSA connected via USB. I send the command: PROJ: SET MODEL, DP832A. the device displays the message "command entered incorrectly" tried in different versions the answer is always the same. if the device does not give such a message, then the ultra sigma program generates an error. unfortunately my knowledge of programming is too small to win on my own. I will be grateful for any hint and help in solving this problem.
 

Offline belzrebuth

  • Frequent Contributor
  • **
  • Posts: 482
  • Country: gr
Re: Need help hacking DP832 for multicolour option.
« Reply #387 on: February 10, 2021, 07:01:34 am »
Is the USB stick correct?
Which way did you use to make it?
This is most likely the problem since Ultra Sigma seems to recognise the instrument.
 
The following users thanked this post: ZVI

Offline ZVI

  • Newbie
  • Posts: 4
  • Country: ru
Re: Need help hacking DP832 for multicolour option.
« Reply #388 on: February 10, 2021, 07:12:06 am »
I formatted 10 different USB drives and uploaded key file.bin to them. the device sees the USB carrier. ultra sigma sees device on command * IDN? gives back his number.
 

Offline ZVI

  • Newbie
  • Posts: 4
  • Country: ru
Re: Need help hacking DP832 for multicolour option.
« Reply #389 on: February 10, 2021, 07:44:45 am »
anyone have any ideas for my problem?
 

Offline belzrebuth

  • Frequent Contributor
  • **
  • Posts: 482
  • Country: gr
Re: Need help hacking DP832 for multicolour option.
« Reply #390 on: February 10, 2021, 11:20:12 am »
I still think that your USB stick might not be correct.
Did you try flashing the file on page 11 (post #3) of this thread with an imager program?
Or you just formatted the stick and put the .bin file in?
Since the instrument does not recognise the command and it is actually communicating with the software I don't see what else might be wrong except from your USB drive formatting method.
Can you upload a screenshot of your USB "properties" window?


« Last Edit: February 10, 2021, 11:22:54 am by belzrebuth »
 
The following users thanked this post: ZVI

Offline Gandalf_Sr

  • Super Contributor
  • ***
  • Posts: 1729
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #391 on: February 10, 2021, 12:39:11 pm »
I formatted 10 different USB drives and uploaded key file.bin to them. the device sees the USB carrier. ultra sigma sees device on command * IDN? gives back his number.

The syntax is :PROJ:SET MODEL, DP832A it looks like you may have that wrong.

If that doesn't work then, when I had the same issue, it was the USB drive.  Go back and look at my post #245. 

Don't ask me why some drives work and others don't but I had the same issue, if you see a message pop up on the screen of the PSU when you issue the :PROJ:SET command but can get a normal response to *IDN then it's the USB drive.  I have a post further back in this thread that gives more details.
If at first you don't succeed, get a bigger hammer
 
The following users thanked this post: ZVI

Offline joeyjoejoe

  • Frequent Contributor
  • **
  • Posts: 267
  • Country: ca
Re: Need help hacking DP832 for multicolour option.
« Reply #392 on: February 10, 2021, 01:21:21 pm »
 
The following users thanked this post: ZVI

Offline ZVI

  • Newbie
  • Posts: 4
  • Country: ru
Re: Need help hacking DP832 for multicolour option.
« Reply #393 on: February 11, 2021, 06:46:38 am »
Thank you very much to everyone who came to my aid and helped me solve this problem. I probably did not read this topic carefully, so I missed the need to use Win32 Disk Imager. Now everything is fine, now I have DP 832A and many thanks to everyone. I have a birthday soon and I made myself a small gift bought DP832, DG4062, MSO5074, DL3021 I want to do this operation with the rest of the devices, I hope everything will be fine. Once again, I would like to thank everyone for their help.
 

Offline joeyjoejoe

  • Frequent Contributor
  • **
  • Posts: 267
  • Country: ca
Re: Need help hacking DP832 for multicolour option.
« Reply #394 on: February 11, 2021, 01:41:42 pm »
The image and comment about Win32 disk imager REALLY needs to get stickied/added to the first page. It makes things bulletproof.
 

Offline MoriDove

  • Newbie
  • Posts: 7
  • Country: ru
Re: Need help hacking DP832 for multicolour option.
« Reply #395 on: February 12, 2021, 11:45:35 pm »
Hello, I apologize for writing off topic
Tell me is there a way to hack the DG4000 series?
 

Offline RoGeorge

  • Super Contributor
  • ***
  • Posts: 6136
  • Country: ro
Re: Need help hacking DP832 for multicolour option.
« Reply #396 on: February 13, 2021, 12:09:59 am »
Hello, I apologize for writing off topic
Tell me is there a way to hack the DG4000 series?

Yes, there is!  Mine is a DG4202 now, very grateful for that, thank you again tv84.   :D
https://www.eevblog.com/forum/testgear/dg4000-a-firmware-investigation/msg2829452/#msg2829452

Offline MoriDove

  • Newbie
  • Posts: 7
  • Country: ru
Re: Need help hacking DP832 for multicolour option.
« Reply #397 on: February 13, 2021, 01:27:40 am »
Hello, I apologize for writing off topic
Tell me is there a way to hack the DG4000 series?

Yes, there is!  Mine is a DG4202 now, very grateful for that, thank you again tv84.   :D
https://www.eevblog.com/forum/testgear/dg4000-a-firmware-investigation/msg2829452/#msg2829452
thank!
 

Offline mike_drz

  • Newbie
  • Posts: 4
  • Country: ca
Re: Need help hacking DP832 for multicolour option.
« Reply #398 on: March 08, 2021, 02:41:14 am »
Thanks everybody!  Was able to unlock my DG1022 to DG1062, special thanks to tossu and Gandalf_Sr, your posts were very help in the process.  I had a hell of a time establishing a telnet connection, I had to directly connect my sig gen to my gateway for it to work.  Now I'm viewing my beautiful 60 MHz sin wave on my unlocked Rigol scope.  lol
 

Offline thushku

  • Newbie
  • Posts: 1
  • Country: de
Re: Need help hacking DP832 for multicolour option.
« Reply #399 on: April 03, 2021, 09:18:21 am »
To update your Rigol DL3021 to DL3021A, here is the complete procedure, without the need of buying the LAN option...
You need:
-Computer with RS232 port
-USB stick formatted in FAT32 with the file keyfile.bin from Tossu (many thanks for the hack !)
-Cross cabel RS232 female-female (2->3; 3->2; 5->5)
-Free software Termite from Compuphase (https://www.compuphase.com/software_termite.htm)

Connect everything together. Start the computer first and launch Termite.
Termite Serial port settings:
-Port COM1 (depend on your computer)
-Baud rate 9600
-Data bits 8
-Stop bits 1
-Parity none
-Flow control none
-Forward none
-Transmitted text Append CR-LF

Turn on the DL3021
To check the connection, you can try to type *IDN? in the Termite command line.
He will return the model of your device.
Type in Termite :PROJ:SET MODEL,DL3021A
That all  :D

Important : For RS232 Communication with PC and DL3021 you can use RS232 Cross cable (2->3; 3->2; 5->5) as mentioned above .
But in case of DP832 you have to use Straight Connection (2->2;3->3;5->5) .

Not sure why Rigol decided to use two types of RS232 Cables ...
 

Offline Trident900fi

  • Contributor
  • Posts: 15
  • Country: fr
Re: Need help hacking DP832 for multicolour option.
« Reply #400 on: April 09, 2021, 01:03:04 pm »
hi folks,

I've just calibrate the channel 1 without problem.
Than I try to calibrate channel 2, but there is no more voltage going out from channel 2 and 3 now !
You can ask whatever you wont, you always get 0V...
Any idea !?

Thierry
 

Offline maxspb69

  • Regular Contributor
  • *
  • Posts: 156
  • Country: ru
Re: Need help hacking DP832 for multicolour option.
« Reply #401 on: April 11, 2021, 05:33:56 am »
If we are talking about DP832, simply select the desired channel with the select button ("1", "2" or "3"), turn it on and enter the calibration mode.
 

Offline Trident900fi

  • Contributor
  • Posts: 15
  • Country: fr
Re: Need help hacking DP832 for multicolour option.
« Reply #402 on: April 11, 2021, 10:36:09 am »
If we are talking about DP832, simply select the desired channel with the select button ("1", "2" or "3"), turn it on and enter the calibration mode.

Since I've calibrate the channel 1, there is no more any voltage going out of channel 2 and 3...
So when you run the calibration, it always mesure near 0V.
That's my problem.
 

Offline shico

  • Newbie
  • Posts: 2
  • Country: ua
Rigol DP832 RS232 problem
« Reply #403 on: April 30, 2021, 05:45:06 pm »
Good day, Experts.
Please help me with the following questions
I have an Power Supply Rigol DP832 converted to an Power SupplyRigol DP832A using the method mentioned in this topic
After the modification, I got the available options LAN, RS232, color display
Communication with the device on the network through the LAN interface is successful using software ULTRA SIGMA from the manufacturer

Communication of the device with the computer through PC232 is not established (Reaction is absent)
The scheme of connection is used: Computer with RS232 port-Cable RS232 (9 pins) - Power Supply Rigol DP832(A)

The RS232 cable has the following scheme of contact pins 1-1, 2-2, 3-3, ..., 9-9

Communication of computer <-> other measuring device (not Rigol) using this RS232 cable is normal

Questions:
1) What type of RS232 cable should I have (1- ?, 2- ?, 3 -?, ... 9-?)
2) What RS232 cable lines are really needed to control the Rigol DP832A) and receive/transmit data from/to it ?
3) Do I need to make any settings directly on the device?
4) Does the device have any specific parameters of communication with the computer on RS232 ?

P.S. Sorry for typo: Oscilloscope - Power Supply. Post corrected
« Last Edit: April 30, 2021, 06:19:16 pm by shico »
 

Offline RoGeorge

  • Super Contributor
  • ***
  • Posts: 6136
  • Country: ro
Re: Need help hacking DP832 for multicolour option.
« Reply #404 on: April 30, 2021, 05:59:29 pm »
DP832 is not an oscilloscope, and whoever orders one most probably will know the difference.  It can be hardly be mistaken that way.

Are you a bot?  Yes or no?
Prove it.


Offline 2N3055

  • Super Contributor
  • ***
  • Posts: 6407
  • Country: hr
Re: Rigol DP832 RS232 problem
« Reply #405 on: April 30, 2021, 06:07:54 pm »
Good day, Experts.
Please help me with the following questions
I have an oscilloscope Rigol DP832 converted to an oscilloscope Rigol DP832A using the method mentioned in this topic
After the modification, I got the available options LAN, RS232, color display
Communication with the device on the network through the LAN interface is successful using software ULTRA SIGMA from the manufacturer

Communication of the device with the computer through PC232 is not established (Reaction is absent)
The scheme of connection is used: Computer with RS232 port-Cable RS232 (9 pins) - Oscilloscope Rigol DP832(A)

The RS232 cable has the following scheme of contact pins 1-1, 2-2, 3-3, ..., 9-9

Communication of computer - other measuring device (not Rigol) using this RS232 cable is normal

Questions:
1) What type of RS232 cable should I have (1- ?, 2- ?, 3 -?, ... 9-?)
2) What RS232 cable lines are really needed to control the Rigol DP832A) and receive/transmit data from/to it ?
3) Do I need to make any settings directly on the device?
4) Does the device have any specific parameters of communication with the computer on RS232 ?

User manual page2-56 explains pinout and settings including flow cotroll.
 

Offline shico

  • Newbie
  • Posts: 2
  • Country: ua
Re: Need help hacking DP832 for multicolour option.
« Reply #406 on: April 30, 2021, 06:19:47 pm »
Sorry for typo: Oscilloscope - Power Supply. Post corrected. I am now very focused on oscilloscope programming and therefore all thoughts about oscilloscope
« Last Edit: April 30, 2021, 06:34:31 pm by shico »
 

Offline RoGeorge

  • Super Contributor
  • ***
  • Posts: 6136
  • Country: ro
Re: Need help hacking DP832 for multicolour option.
« Reply #407 on: April 30, 2021, 06:34:37 pm »
Without opening the manual, I will first try pin 2 to 3 and 3 to 2, aka Tx to Rx and Rx to Tx (and GND, of course).  So only 3 wires.

Usually the settings would be 9600, 8, N, 1, the most common default RS232 setting (but I don't have the manual right now, so better look up the DP832 user guide/manual).
« Last Edit: April 30, 2021, 06:39:33 pm by RoGeorge »
 

Offline Ed_

  • Newbie
  • Posts: 4
  • Country: sk
Re: Need help hacking DP832 for multicolour option.
« Reply #408 on: May 29, 2021, 07:27:13 pm »
To update your Rigol DL3021 to DL3021A, here is the complete procedure, without the need of buying the LAN option...
You need:
-Computer with RS232 port
-USB stick formatted in FAT32 with the file keyfile.bin from Tossu (many thanks for the hack !)
-Cross cabel RS232 female-female (2->3; 3->2; 5->5)
-Free software Termite from Compuphase (https://www.compuphase.com/software_termite.htm)

Connect everything together. Start the computer first and launch Termite.
Termite Serial port settings:
-Port COM1 (depend on your computer)
-Baud rate 9600
-Data bits 8
-Stop bits 1
-Parity none
-Flow control none
-Forward none
-Transmitted text Append CR-LF

Turn on the DL3021
To check the connection, you can try to type *IDN? in the Termite command line.
He will return the model of your device.
Type in Termite :PROJ:SET MODEL,DL3021A
That all  :D

Hello friends

In 2021 I tried this on my new DL3021, with no success.  SW version is 00.01.05.00.01. RS232 works well. Command "*IDN?" returns product name, serial number and SW version. Command ":PROJ:SET MODEL,DL3021A" does nothing.
Any idea is welcome.
Thanks

Ed
 

Offline _Wim_

  • Super Contributor
  • ***
  • Posts: 1514
  • Country: be
Re: Need help hacking DP832 for multicolour option.
« Reply #409 on: May 30, 2021, 05:31:16 am »
Hello friends

In 2021 I tried this on my new DL3021, with no success.  SW version is 00.01.05.00.01. RS232 works well. Command "*IDN?" returns product name, serial number and SW version. Command ":PROJ:SET MODEL,DL3021A" does nothing.
Any idea is welcome.
Thanks

Ed

I think you need a space after the comma: ":PROJ:SET MODEL, DL3021A"
 

Offline natman69

  • Regular Contributor
  • *
  • Posts: 61
  • Country: it
Re: Need help hacking DP832 for multicolour option.
« Reply #410 on: May 30, 2021, 06:55:42 am »
Hi,

the command is correct! And it is normal you don't get any reply after you send it. Only after a reboot you can see the model has changed.

Are you sure you build correctly the usb thumb drive? I used win32diskimager and all was smooth...

BTW: I used USB connection to instrument not RS232 and key sight connection expert to send SCPI commands.

Hope this can help!

NM
 

Offline Ed_

  • Newbie
  • Posts: 4
  • Country: sk
Re: Need help hacking DP832 for multicolour option.
« Reply #411 on: May 30, 2021, 09:09:37 am »
Hi,

the command is correct! And it is normal you don't get any reply after you send it. Only after a reboot you can see the model has changed.

Are you sure you build correctly the usb thumb drive? I used win32diskimager and all was smooth...

BTW: I used USB connection to instrument not RS232 and key sight connection expert to send SCPI commands.

Hope this can help!

NM

Hello natman69

Thank you for your response. I installed a keysight connection expert and connected to DL3021 via USB, but the result is the same:

-> *IDN?
<- RIGOL TECHNOLOGIES,DL3021,DL3AXXXXXXXXX,00.01.05.00.01

-> :PROJ:SET MODEL,DL3021A
 ! VI_ERROR_TMO: A timeout occurred
Visa ErrorCode: 0xBFFF0015 (-1073807339)
<-

The same result is for command":PROJ:SET MODEL, DL3021A"
When command had been used, I tried "turn off and on" DL3021 and also tried make intial Reset DL3021, but no change version model to A.

Ed
 

Offline _Wim_

  • Super Contributor
  • ***
  • Posts: 1514
  • Country: be
Re: Need help hacking DP832 for multicolour option.
« Reply #412 on: May 30, 2021, 10:18:25 am »
Hello natman69

Thank you for your response. I installed a keysight connection expert and connected to DL3021 via USB, but the result is the same:

-> *IDN?
<- RIGOL TECHNOLOGIES,DL3021,DL3AXXXXXXXXX,00.01.05.00.01

-> :PROJ:SET MODEL,DL3021A
 ! VI_ERROR_TMO: A timeout occurred
Visa ErrorCode: 0xBFFF0015 (-1073807339)
<-

The same result is for command":PROJ:SET MODEL, DL3021A"
When command had been used, I tried "turn off and on" DL3021 and also tried make intial Reset DL3021, but no change version model to A.

Ed

Are you sure the USB stick is recognized by the DL3021? Can you store a file on it using the DL3021?

I remember having an issue with a "space" in the command when I upgraded my signal generator, but natman69 could be correct, that maybe I added the space as per some posts in this forum, and it should be removed, so your initial command was indeed correct.
 

Offline Ed_

  • Newbie
  • Posts: 4
  • Country: sk
Re: Need help hacking DP832 for multicolour option.
« Reply #413 on: May 30, 2021, 11:15:04 am »
Hi,

the command is correct! And it is normal you don't get any reply after you send it. Only after a reboot you can see the model has changed.

Are you sure you build correctly the usb thumb drive? I used win32diskimager and all was smooth...

BTW: I used USB connection to instrument not RS232 and key sight connection expert to send SCPI commands.

Hope this can help!

NM

Hello natman69

Thank you for your response. I installed a keysight connection expert and connected to DL3021 via USB, but the result is the same:

-> *IDN?
<- RIGOL TECHNOLOGIES,DL3021,DL3AXXXXXXXXX,00.01.05.00.01

-> :PROJ:SET MODEL,DL3021A
 ! VI_ERROR_TMO: A timeout occurred
Visa ErrorCode: 0xBFFF0015 (-1073807339)
<-

The same result is for command":PROJ:SET MODEL, DL3021A"
When command had been used, I tried "turn off and on" DL3021 and also tried make intial Reset DL3021, but no change version model to A.

Ed


Mr _Wim_, natman69 and aloso tossu

Thank you very much for your help. It really was my fault - a badly prepared USB key. Now I can confirm the hack is also possible with this latest firmware.
Everything is OK. The Keysight connection expert immediately set new product name to A and switched ON colour displey.

Status from The Keysight connection expert:

-> :PROJ:SET MODEL,DL3021A
<- OK

Now it's a really great device  :-+
 
Thanks again for big support, I wish you all good health in this post covid time and have a nice day.

Ed
 
The following users thanked this post: _Wim_

Offline 52516

  • Newbie
  • Posts: 2
  • Country: cn
Re: Need help hacking DP832 for multicolour option.
« Reply #414 on: July 15, 2021, 02:21:33 am »
Hi,

the command is correct! And it is normal you don't get any reply after you send it. Only after a reboot you can see the model has changed.

Are you sure you build correctly the usb thumb drive? I used win32diskimager and all was smooth...

BTW: I used USB connection to instrument not RS232 and key sight connection expert to send SCPI commands.

Hope this can help!

NM

Hello natman69

Thank you for your response. I installed a keysight connection expert and connected to DL3021 via USB, but the result is the same:

-> *IDN?
<- RIGOL TECHNOLOGIES,DL3021,DL3AXXXXXXXXX,00.01.05.00.01

-> :PROJ:SET MODEL,DL3021A
 ! VI_ERROR_TMO: A timeout occurred
Visa ErrorCode: 0xBFFF0015 (-1073807339)
<-

The same result is for command":PROJ:SET MODEL, DL3021A"
When command had been used, I tried "turn off and on" DL3021 and also tried make intial Reset DL3021, but no change version model to A.

Ed


Mr _Wim_, natman69 and aloso tossu

Thank you very much for your help. It really was my fault - a badly prepared USB key. Now I can confirm the hack is also possible with this latest firmware.
Everything is OK. The Keysight connection expert immediately set new product name to A and switched ON colour displey.

Status from The Keysight connection expert:

-> :PROJ:SET MODEL,DL3021A
<- OK

Now it's a really great device  :-+
 
Thanks again for big support, I wish you all good health in this post covid time and have a nice day.

Ed

Hello friends , need help…

Using this method, success.  (FW:00.01.05.00.01)

However, about one minute after power on, the high-resolution disappears automatically.

The option function also disappears   (color UI is still there)
" alt="" class="bbc_img" />
" alt="" class="bbc_img" />
« Last Edit: July 16, 2021, 01:29:28 pm by 52516 »
 

Offline _Wim_

  • Super Contributor
  • ***
  • Posts: 1514
  • Country: be
Re: Need help hacking DP832 for multicolour option.
« Reply #415 on: July 31, 2021, 06:03:10 am »
Hello friends , need help…

Using this method, success.  (FW:00.01.05.00.01)

However, about one minute after power on, the high-resolution disappears automatically.

The option function also disappears   (color UI is still there)
(Attachment Link) " alt="" class="bbc_img" />
(Attachment Link) " alt="" class="bbc_img" />

What model number does your unit return when you send -> *IDN?

I do not have a Rigol load, but if I am not mistaken, the color display is always enabled and there is no change when upgrading from a DL3021 to an DL3021A. Did you see the increased readback resolution on the display briefly? Can you make a picture of that? My best guess currently is the patch was not applied correctly and nothing was changed and it did not disappear automatically...
 

Offline 52516

  • Newbie
  • Posts: 2
  • Country: cn
Re: Need help hacking DP832 for multicolour option.
« Reply #416 on: August 01, 2021, 04:18:12 pm »
Hello friends , need help…

Using this method, success.  (FW:00.01.05.00.01)

However, about one minute after power on, the high-resolution disappears automatically.

The option function also disappears   (color UI is still there)
(Attachment Link) " alt="" class="bbc_img" />
(Attachment Link) " alt="" class="bbc_img" />

What model number does your unit return when you send -> *IDN?

I do not have a Rigol load, but if I am not mistaken, the color display is always enabled and there is no change when upgrading from a DL3021 to an DL3021A. Did you see the increased readback resolution on the display briefly? Can you make a picture of that? My best guess currently is the patch was not applied correctly and nothing was changed and it did not disappear automatically...


Thanks!

FYI:

1241073-0" alt="" class="bbc_img" />
1241075-1" alt="" class="bbc_img" />
1241077-2" alt="" class="bbc_img" />
1241079-3" alt="" class="bbc_img" />
1241081-4" alt="" class="bbc_img" />
 

Offline _Wim_

  • Super Contributor
  • ***
  • Posts: 1514
  • Country: be
Re: Need help hacking DP832 for multicolour option.
« Reply #417 on: August 01, 2021, 05:38:04 pm »
Thanks!

FYI:

(Attachment Link) " alt="" class="bbc_img" />
(Attachment Link) " alt="" class="bbc_img" />
(Attachment Link) " alt="" class="bbc_img" />
(Attachment Link) " alt="" class="bbc_img" />
(Attachment Link) " alt="" class="bbc_img" />

Wow, that is indeed strange! Maybe try to manually set the model number to the original first (:PROJ:SET MODEL,DL3021), power the unit completely down an up again and start over from the beginning? Probably will not make a difference, but I cannot think of anything else (maybe downgrade the firmware, but that could maybe be risky on its own).

Does your unit maintain other settings like for example its IP address, or is everything reset to default values when it happens?
 

Offline ee2000

  • Newbie
  • Posts: 8
  • Country: dk
Re: Need help hacking DP832 for multicolour option.
« Reply #418 on: August 05, 2021, 02:21:00 pm »
Hi

I just wanted to ask if there are any update on the matter, did you succeed in turning the DL3021 into and DL3021A,
with a permanent solution longer than 1 minute ?

Thanks in advance.
 
 

Offline mbedwani

  • Newbie
  • Posts: 2
  • Country: au
Re: Need help hacking DP832 for multicolour option.
« Reply #419 on: August 26, 2021, 12:14:20 pm »
I can confirm this worked on a DL-3021 FW:00.01.05.00.01 with a unit just purchased. :-+
« Last Edit: August 26, 2021, 12:18:32 pm by mbedwani »
 
The following users thanked this post: ee2000

Offline spiff72

  • Regular Contributor
  • *
  • Posts: 71
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #420 on: October 16, 2021, 10:25:38 pm »
Hello all,

Hoping this isn't the wrong place to ask, as this seems to be discussion around the model change hack, but I just bought and received a secondhand DP832, and immediately updated to the latest firmware.  I then tried to apply the riglol hack (entered my serial number on the page, left the AAAA default options, and it generated a licence key.

However, when i try to install the key at the "licence" prompt, after entering all the characters, I press OK, and it says "Invalid Serial" number.  I have tried twice without success, and even tried regenerating the key on the site several times - it creates the same key every time.  Double checked that my serial number was accurate too...

Am I doing this wrong?  Or is the latest firmware different and no longer allows the licence hack to work?
 

Offline spiff72

  • Regular Contributor
  • *
  • Posts: 71
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #421 on: October 16, 2021, 10:46:21 pm »
Hello all,

Hoping this isn't the wrong place to ask, as this seems to be discussion around the model change hack, but I just bought and received a secondhand DP832, and immediately updated to the latest firmware.  I then tried to apply the riglol hack (entered my serial number on the page, left the AAAA default options, and it generated a licence key.

However, when i try to install the key at the "licence" prompt, after entering all the characters, I press OK, and it says "Invalid Serial" number.  I have tried twice without success, and even tried regenerating the key on the site several times - it creates the same key every time.  Double checked that my serial number was accurate too...

Am I doing this wrong?  Or is the latest firmware different and no longer allows the licence hack to work?

UPDATE:  I got it to work.  Had to do each option separately - skipped the RS232 since I had read that one doesn't work anymore (which is fine by me, and I didn't plan to use it)...

Now on the the model upgrade! :-)
 

Offline DTHCoCo

  • Newbie
  • Posts: 1
  • Country: au
Re: Need help hacking DP832 for multicolour option.
« Reply #422 on: November 13, 2021, 05:00:12 am »
Hi Mate.
Can you please point me in the right direction for the download link of keyfile.bin from Tossu for the Rigol DL3021A Mod

regards
DTHCoCo
 

Offline _Wim_

  • Super Contributor
  • ***
  • Posts: 1514
  • Country: be
Re: Need help hacking DP832 for multicolour option.
« Reply #423 on: November 13, 2021, 06:47:02 am »
Hi Mate.
Can you please point me in the right direction for the download link of keyfile.bin from Tossu for the Rigol DL3021A Mod

regards
DTHCoCo

https://www.eevblog.com/forum/testgear/need-help-hacking-dp832-for-multicolour-option/msg2320485/#msg2320485
 

Offline Haru

  • Newbie
  • Posts: 1
  • Country: kr
Re: Need help hacking DP832 for multicolour option.
« Reply #424 on: December 02, 2021, 06:46:37 pm »
For those of you using Windows for Magic USB creation, I wrote a simple step-by-step guide for it.
I personally don't own a DP832 yet, but planning on it.

Windows Magic Drive creation

1. Open up your diskpart.exe in Administrative mode
2. Select the disk number of your USB drive.
3. Type clean all and wait.
    - This should take some time, since it is writing zeroes to the blocks.
4. Make partition by typing create partition primary size=1024.
    - The smaller the size, faster the image dump and writing.
    - But keep in mind that the sector 0x58E0 should be included.
5. Finally format the partition by format fs=FAT32 QUICK
6. Dump the USB using any kind of tools, output is binary file.
7. Using HxD or other editor, change the data.
    - If you are not sure which offset should have the *Magic* numbers, the offset should be 0xB1C000 for FAT32.
    - The sector is 0x58E0, which in decimals 22,752th sector.
8. Save the image file to a certain location.
9. Now write the image to the disk using Rufus or BalenaEtcher, etc.
10. Done!
11. https://www.eevblog.com/forum/testgear/need-help-hacking-dp832-for-multicolour-option/msg2320485/#msg2320485

Side note - I added a 100MB Partitioned Dump binary. This should make things easier by skipping the format and partition creation process.
« Last Edit: December 02, 2021, 07:39:52 pm by Haru »
 

Offline RoGeorge

  • Super Contributor
  • ***
  • Posts: 6136
  • Country: ro
Re: Need help hacking DP832 for multicolour option.
« Reply #425 on: December 02, 2021, 08:16:27 pm »
I guess this disk image, Rigol_sign_disk.zip (62.31 kB, attached at the end of this post https://www.eevblog.com/forum/testgear/new-rigol-ds1054z-oscilloscope/msg3613778/#msg3613778 ) should be good for DP832, but I only tested it for DS1054z.

- download the "Rigol_sign_disk.zip" and unzip "card_FAT32_w_SIGN_manually_added_103E00"

- if you have a Windows PC, write the file "card_FAT32_w_SIGN_manually_added_103E00" on any USB drive you have using Win32DiskImager (do not copy/paste on the USB drive, write it using Win32DiskImager program)

- if you have a Linux PC, then dd the extracted file to any USB drive (no preformat required), for example
Code: [Select]
sudo dd if=card_FAT32_w_SIGN_manually_added_103E00 of=/dev/sdx && sync


The format type of the USB drive doesn't matter for this method, because either dd or Win32DiskImager will overwrite sector by sector the USB drive, and the "card_FAT32_w_SIGN_manually_added_103E00" file also contains the partition table (so the proper format).

Once the Rigol upgrade work is finished, format the USB drive again using the PC, to regain the normal functionality of the USB drive.

Offline -Tip-

  • Newbie
  • Posts: 3
  • Country: ru
Re: Need help hacking DP832 for multicolour option.
« Reply #426 on: January 29, 2022, 11:29:51 pm »
Hello all,

Hoping this isn't the wrong place to ask, as this seems to be discussion around the model change hack, but I just bought and received a secondhand DP832, and immediately updated to the latest firmware.  I then tried to apply the riglol hack (entered my serial number on the page, left the AAAA default options, and it generated a licence key.

However, when i try to install the key at the "licence" prompt, after entering all the characters, I press OK, and it says "Invalid Serial" number.  I have tried twice without success, and even tried regenerating the key on the site several times - it creates the same key every time.  Double checked that my serial number was accurate too...

Am I doing this wrong?  Or is the latest firmware different and no longer allows the licence hack to work?

UPDATE:  I got it to work.  Had to do each option separately - skipped the RS232 since I had read that one doesn't work anymore (which is fine by me, and I didn't plan to use it)...

Now on the the model upgrade! :-)

Dear spiff72, I faced the same problem as you, please tell me, when you selected each option separately, did the private key change? It doesn’t change for me, even though I choose the AAAA option, at least some kind of separate one. Firmware version 1.06.
 

Offline RoGeorge

  • Super Contributor
  • ***
  • Posts: 6136
  • Country: ro
Re: Need help hacking DP832 for multicolour option.
« Reply #427 on: January 30, 2022, 02:26:55 am »
If you do the model upgrade from DP832 to DP832A, then all the possible options will be included, so no need to add any option to the DP832 before turning it into a DP832A.

Offline -Tip-

  • Newbie
  • Posts: 3
  • Country: ru
Re: Need help hacking DP832 for multicolour option.
« Reply #428 on: January 30, 2022, 12:42:56 pm »
If you do the model upgrade from DP832 to DP832A, then all the possible options will be included, so no need to add any option to the DP832 before turning it into a DP832A.
Dear RoGeorge, thank you for your comment, I have upgraded the power supply to model 832A using the described instructions. Please tell me if it is possible to roll back the firmware and return the old interface, maybe my views are old fashioned, but I really like the green font on a black background, it is bright and easy to read.
 

Offline RoGeorge

  • Super Contributor
  • ***
  • Posts: 6136
  • Country: ro
Re: Need help hacking DP832 for multicolour option.
« Reply #429 on: January 30, 2022, 06:41:19 pm »
I have never tried to downgrade, but my guess is the exact same procedure you used to turn 832 into 832A should also work to change back the model from 832A to 832.  Consider doing that 7 days from now, if by then you'll still wish to downgrade.

The funny thing is that at first I wanted to revert, too, but postponed it for a few days from various unrelated reasons.  ;D

From my own memories, at first it looked like the 7 segments display was better, but in the next few days I've noticed the new font is in fact much easier to read, and having different colors for each channel made a better distinction of which is which than when they were all green.

The good news is it should be possible to go back and forth as many time as you want.
 
The following users thanked this post: -Tip-

Offline -Tip-

  • Newbie
  • Posts: 3
  • Country: ru
Re: Need help hacking DP832 for multicolour option.
« Reply #430 on: January 31, 2022, 07:10:46 am »
Dear RoGeorge, you know how to convince, thanks, I will follow your advice, maybe not everything is "so bad"  :) with this color scheme of the display. The ability to roll back the firmware reassures me. Thanks for the help and the work you've done.
 

Offline Wintel

  • Regular Contributor
  • *
  • Posts: 52
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #431 on: February 08, 2022, 11:47:11 pm »
Hi,

Has anyone try to hack the DL3021 to DL3031A and get 350W & 60A ?
 
 

Offline joeyjoejoe

  • Frequent Contributor
  • **
  • Posts: 267
  • Country: ca
 

Offline STMartin

  • Contributor
  • Posts: 36
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #433 on: February 24, 2022, 05:53:40 am »
Updated Quick and Easy Upgrade Guide

I thought I'd summarize everything in one updated post, much like Vaiti did a few years ago. This will be a step-by-step, just-follow-the-directions guide.

I tested this on a DP832 and a DG1022Z. I don't have the DL series, but people in the thread have confirmed the upgrade works.

There is an FAQ at the end of the post. If you have problems or questions, check there.

Throughout the guide, you'll have to type in some commands, like this for example: "PROJ:SET MODEL, DP832A". Don't type the quotes, just the command.


1. Possible upgrades
  • DP800 series (Only to A version)
  • DL3000 series
  • DG1000Z series
For the DP series you can only upgrade to the A version of your model. For example these are OK:
  • DP832 → DP832A
  • DP811 → DP811A
  • And so on
You can't upgrade from a DP811 to a DP821A, for example. The hardware is different.

For the DG Z and DL series, you can upgrade anything to the top model.


2. What you need
  • Windows
  • Empty USB drive. Size shouldn't matter.
  • Ethernet cable (for LAN path only, see below)
  • USB type B cable (for USB path only, see below)
  • Fully updated firmware on all the instruments you plan on upgrading

3. Make the magic drive
  • Plug in the USB drive.
  • Right click the USB drive in File Explorer, click Format.
  • File system should be FAT or FAT32. Allocation unit size should be Default. Everything else is fine as it is. Click Start.
  • Download the rigol-key.img file, attached below.
  • Go to: https://win32diskimager.org/. Download and install Win32DiskImager. Run Win32DiskImager.
  • Select rigol-key.img for Image File. Make sure Device is set to the USB drive. Click Write. When it's done, click Exit.
  • Right click the USB drive in File Explorer, click Eject, and remove the USB drive from your computer.

4. Choose your path
If you are upgrading DP or DG series instruments, use the LAN path.
If you are upgrading a DL series instrument, use the USB path.

Either path will allow you to upgrade multiple instruments. However, if any of those instruments is a DL series, use the USB path.

Also, follow only one path.


5A. LAN path
  • Go to: http://gotroot.ca/rigol/riglol/. Enter your power supply's serial number in the Serial box. Enter "F6LT" in the Options box. Click Generate. DP series without LAN option only. Skip otherwise.
  • On your power supply, go to: Utility → Option → Install. Enter the code generated in the previous step, and press OK. The LAN option should say Official. Turn off the power supply. DP series without LAN option only. Skip otherwise.
  • On your computer, go to: Settings → Apps → Optional features → More Windows features. Check the box for Telnet Client, and click OK.
  • Turn on your instrument, plug in your USB drive, and the Ethernet cable.
  • On your instrument, go to: Utility → I/O Config → LAN. Record the IP Address.
    • Note: The IP Address should start with 192.168. If it doesn't, wait a minute or two, or unplug the Ethernet cable and plug it back in. Make sure to plug in the Ethernet after you turn on your instrument.
  • On your computer, click the start button, type "cmd", and run Command Prompt.
  • Type the command: "telnet 192.168.x.xxx 5555", where 192.168.x.xxx is the IP address you recorded previously. For example: "telnet 192.168.1.148 5555". If successful, the text in the window should clear.
  • You are now ready to send commands to your instrument. For the next step, xxxxx is the model number you want. For example DP832A, or DG1062Z.
  • Type in one of the following commands, and press enter. You will not see any text appear in the window. This is OK and normal.
    • For the DP series: ":PROJ:SET MODEL,xxxxx". For example: ":PROJ:SET MODEL,DP832A".
    • For the DG series: ":PROJ:STAT MODEL,xxxxx". For example: ":PROJ:STAT MODEL,DG1062Z".
  • If nothing happens on your instrument, congratulations! Your upgrade is complete. If the instrument says something like "Remote command is incorrect!", see the FAQ below. Otherwise, turn off the instrument power, remove the USB drive and Ethernet cable, and you are done. :clap:
  • If you have other instruments to upgrade, start the LAN path again at step 4.

5B. USB path
  • Go to: https://www.rigolna.com/download/, and download "UltraSigma Instrument Connectivity Driver". It's a big download (500MB), and Rigol's servers are slow.
  • Install UltraSigma. It'll ask to install several supporting files. Accept those and the license agreement.
  • Turn on your instrument, plug in the USB drive and your USB cable. Run UltraSigma.
  • Right click your instrument in the list, and click on "SCPI Panel Control".
  • You are now ready to send commands to your instrument. For the next step, "xxxxx" is the model number you want. For example "DL3031A", or "DG1062Z".
  • Type in one of the following commands, and click "Send & Read".
    • For the DP and DL series: ":PROJ:SET MODEL,xxxxx". For example: ":PROJ:SET MODEL,DL3031A".
    • For the DG series: ":PROJ:STAT MODEL,xxxxx". For example: ":PROJ:STAT MODEL,DG1062Z".
  • If nothing happens on your instrument, congratulations! Your upgrade is complete. If the instrument says something like "Remote command is incorrect!", see the FAQ below. Otherwise, turn off the instrument power, remove the USB drive and USB cable, and you are done. :clap:
  • If you have other instruments to upgrade, start the USB path again at step 3.

6. Install Arb16M option (DG series only)
There are two ways to do this. Option A will change your waveform generator's serial number, but is the much easier route. Option B will generate the actual upgrade key, but is much more involved.

6A. Serial number
  • Follow either the LAN or USB path above until you are ready to send commands to your instrument.
  • Send the command: "PROJ:STAT SN,DG1ZA000000000".
  • Congratulations! You now have the memory upgrade. :clap:
6B. Upgrade key
  • Right click the start button, and click on Windows PowerShell (Admin).
  • Enter the command "wsl --install". Once complete, restart your computer.
  • When the restart is complete, Ubuntu will finish installing. This will take several minutes.
  • When Ubuntu is finished, it will ask for a new username and password. These can be whatever you want.
  • Download rigol_64.zip file below. Unzip the file. Copy the entire contents of the miracl_64 folder to someplace convenient (you'll have to type out this path later). For example, I made a new folder directly on the C drive: C:\Riglol. This is the Riglol program we will use to generate the upgrade key.
  • In Ubuntu, type: "cd /mnt/c/whatever/your/path/is". For example, I typed: "cd /mnt/c/Riglol".
  • Then type: "./riglol YourSerialNumber JBNE". Obviously, replace YourSerialNumber with your serial number. Riglol should print out the upgrade key.
  • Create a new text file with Notepad. On the first line, enter your serial number. On the second line, copy the upgrade key from Riglol. Press enter one more time to make a blank third line.
  • Save the file to a USB drive. Name the file whatever you want, but make sure it ends with ".lic". Also make sure All Files is selected in the Save as type field.
  • Plug the USB drive into the waveform generator.
  • On the waveform generator, go to Store. Select File Type → All File. Select the D: drive. Press the Browser button to select File. Highlight the file you just made, and press Read.
  • Congratulations! You now have the memory upgrade. :clap:

FAQ
I got a "Remote command is incorrect!" error
This is usually related to the magic USB drive. Make sure you followed the magic drive directions, and the drive is plugged in to your instrument. Perhaps try a different USB drive. Also make sure you typed out the commands exactly as they are in the instructions.

I can't connect with Telnet
For the DP series, make sure you enabled the LAN option first, as described in the LAN path. Otherwise, it is probably an issue with your home network. Try connecting it directly to your router.

The Arb16M upgrade didn't work
Make sure you typed in the right serial number for Riglol, and included the JBNE option. Make sure you create the text file exactly as described. Include that third blank line, make sure the file name ends with .lic, and make sure you save as type All Files. Also, programs like Word or OpenOffice Writer may not work. Use Notepad.

Can I still update the firmware in the future?
Yes.

Do the upgrades enable all the options?
Yes, except for the Arb16M option on the DG series. You have to do that separately.

Is the performance going to be as good as the real instrument?
Yes. The hardware between versions is the same. Only the software limits it.

I don't like the triangular display of the upgraded DP series. Can I change it?
Yes. Go to: Display → Disp Mode → Classic.

Can I undo the upgrades?
Yes. Follow either the LAN or USB path above until you are ready to send commands to your instrument. If you want to undo multiple upgrades in a row, you will have to restart your instrument after each one.
  • Change back model: Send the same command you did before, except change it back to the old model. For example, type ":PROJ:SET MODEL,DP832" to change back to a DP832. You will still need the magic USB drive.
  • Remove options: Send the command: ":LIC:CLEAR".
  • Change back serial number: Send the command: "PROJ:STAT SN,YourSerialNumber". Obviously, replace YourSerialNumber with your serial number. You will still need the magic USB drive.
Do I still need all that software I downloaded?
No. You can safely uninstall everything.
  • Win32DiskImager: Uninstall like any other program.
  • Telnet: Go to: Settings → Apps → Optional features → More Windows features, and uncheck Telnet Client. Click OK.
  • UltraSigma: Uninstall like any other program. You can remove the following: IVI Shared Components, National Instruments Software, RIGOL Ultra Sigma, and VISA Shared Components.
  • Ubuntu and Riglol: Uninstall like any other program. You can remove the following: Ubuntu, and Windows Subsystem for Linux Update. Also, go to: Settings → Apps → Optional features → More Windows features. Uncheck the boxes for Virtual Machine Platform, and Windows Subsystem for Linux. You can just delete the Riglol folder.
Do I still need the magic drive?
No. It is only needed for the upgrade process.

I already have Linux. Do I need Ubuntu on Windows?
No. The version of Riglol we need for the Arb16M upgrade was compiled for Linux, and Ubuntu on Windows was the easiest way to get that to run for most people. I'm sure it won't run on ANY distro, but I'm not a Linux guy so you're on your own there.

Is this guide the only way to do the upgrades?
No. There are other ways to send the commands, or get Riglol to run. This was the way I used, and seemed the least technical route with the fewest problems.

How does all this work?
These instruments have hidden SCPI commands that we used to upgrade. SCPI is a standard way for PCs to communicate with test equipment; usually to automate testing for mass production. However, these hidden commands won't work unless there is a USB drive present that contains a "magic number" at a particular place in memory. Our magic USB drive contains that magic number in all the places the instrument might look. Once that's plugged in, all we need to do is send the SCPI command, via LAN or USB. Voila!

Riglol, as far as I can tell, was written by someone who managed to reverse engineer the way Rigol generates their official keys. The gotroot website has an online version, and the Ubuntu version you may have used is the same thing, but also supports the DG series.

Who can we thank for all this?
Spork Schivago for kicking off the DP hack
tossu for actually figuring it out
volkimel, tv84, and Macbeth for early work helping to decrypt the firmware
« Last Edit: February 24, 2022, 06:37:47 am by STMartin »
 
The following users thanked this post: lmamakos, thm_w, hansibull, NF6X, twdotnet, sulami, suicid, jio, Andrey_Ak, ton4eff, Jean Michel

Offline _Wim_

  • Super Contributor
  • ***
  • Posts: 1514
  • Country: be
Re: Need help hacking DP832 for multicolour option.
« Reply #434 on: February 25, 2022, 12:46:09 pm »
Updated Quick and Easy Upgrade Guide

I thought I'd summarize everything in one updated post, much like Vaiti did a few years ago. This will be a step-by-step, just-follow-the-directions guide.

I tested this on a DP832 and a DG1022Z. I don't have the DL series, but people in the thread have confirmed the upgrade works.

There is an FAQ at the end of the post. If you have problems or questions, check there.

Throughout the guide, you'll have to type in some commands, like this for example: "PROJ:SET MODEL, DP832A". Don't type the quotes, just the command.


1. Possible upgrades
  • DP800 series (Only to A version)
  • DL3000 series
  • DG1000Z series
For the DP series you can only upgrade to the A version of your model. For example these are OK:
  • DP832 → DP832A
  • DP811 → DP811A
  • And so on
You can't upgrade from a DP811 to a DP821A, for example. The hardware is different.

For the DG Z and DL series, you can upgrade anything to the top model.


2. What you need
  • Windows
  • Empty USB drive. Size shouldn't matter.
  • Ethernet cable (for LAN path only, see below)
  • USB type B cable (for USB path only, see below)
  • Fully updated firmware on all the instruments you plan on upgrading

3. Make the magic drive
  • Plug in the USB drive.
  • Right click the USB drive in File Explorer, click Format.
  • File system should be FAT or FAT32. Allocation unit size should be Default. Everything else is fine as it is. Click Start.
  • Download the rigol-key.img file, attached below.
  • Go to: https://win32diskimager.org/. Download and install Win32DiskImager. Run Win32DiskImager.
  • Select rigol-key.img for Image File. Make sure Device is set to the USB drive. Click Write. When it's done, click Exit.
  • Right click the USB drive in File Explorer, click Eject, and remove the USB drive from your computer.

4. Choose your path
If you are upgrading DP or DG series instruments, use the LAN path.
If you are upgrading a DL series instrument, use the USB path.

Either path will allow you to upgrade multiple instruments. However, if any of those instruments is a DL series, use the USB path.

Also, follow only one path.


5A. LAN path
  • Go to: http://gotroot.ca/rigol/riglol/. Enter your power supply's serial number in the Serial box. Enter "F6LT" in the Options box. Click Generate. DP series without LAN option only. Skip otherwise.
  • On your power supply, go to: Utility → Option → Install. Enter the code generated in the previous step, and press OK. The LAN option should say Official. Turn off the power supply. DP series without LAN option only. Skip otherwise.
  • On your computer, go to: Settings → Apps → Optional features → More Windows features. Check the box for Telnet Client, and click OK.
  • Turn on your instrument, plug in your USB drive, and the Ethernet cable.
  • On your instrument, go to: Utility → I/O Config → LAN. Record the IP Address.
    • Note: The IP Address should start with 192.168. If it doesn't, wait a minute or two, or unplug the Ethernet cable and plug it back in. Make sure to plug in the Ethernet after you turn on your instrument.
  • On your computer, click the start button, type "cmd", and run Command Prompt.
  • Type the command: "telnet 192.168.x.xxx 5555", where 192.168.x.xxx is the IP address you recorded previously. For example: "telnet 192.168.1.148 5555". If successful, the text in the window should clear.
  • You are now ready to send commands to your instrument. For the next step, xxxxx is the model number you want. For example DP832A, or DG1062Z.
  • Type in one of the following commands, and press enter. You will not see any text appear in the window. This is OK and normal.
    • For the DP series: ":PROJ:SET MODEL,xxxxx". For example: ":PROJ:SET MODEL,DP832A".
    • For the DG series: ":PROJ:STAT MODEL,xxxxx". For example: ":PROJ:STAT MODEL,DG1062Z".
  • If nothing happens on your instrument, congratulations! Your upgrade is complete. If the instrument says something like "Remote command is incorrect!", see the FAQ below. Otherwise, turn off the instrument power, remove the USB drive and Ethernet cable, and you are done. :clap:
  • If you have other instruments to upgrade, start the LAN path again at step 4.

5B. USB path
  • Go to: https://www.rigolna.com/download/, and download "UltraSigma Instrument Connectivity Driver". It's a big download (500MB), and Rigol's servers are slow.
  • Install UltraSigma. It'll ask to install several supporting files. Accept those and the license agreement.
  • Turn on your instrument, plug in the USB drive and your USB cable. Run UltraSigma.
  • Right click your instrument in the list, and click on "SCPI Panel Control".
  • You are now ready to send commands to your instrument. For the next step, "xxxxx" is the model number you want. For example "DL3031A", or "DG1062Z".
  • Type in one of the following commands, and click "Send & Read".
    • For the DP and DL series: ":PROJ:SET MODEL,xxxxx". For example: ":PROJ:SET MODEL,DL3031A".
    • For the DG series: ":PROJ:STAT MODEL,xxxxx". For example: ":PROJ:STAT MODEL,DG1062Z".
  • If nothing happens on your instrument, congratulations! Your upgrade is complete. If the instrument says something like "Remote command is incorrect!", see the FAQ below. Otherwise, turn off the instrument power, remove the USB drive and USB cable, and you are done. :clap:
  • If you have other instruments to upgrade, start the USB path again at step 3.

6. Install Arb16M option (DG series only)
There are two ways to do this. Option A will change your waveform generator's serial number, but is the much easier route. Option B will generate the actual upgrade key, but is much more involved.

6A. Serial number
  • Follow either the LAN or USB path above until you are ready to send commands to your instrument.
  • Send the command: "PROJ:STAT SN,DG1ZA000000000".
  • Congratulations! You now have the memory upgrade. :clap:
6B. Upgrade key
  • Right click the start button, and click on Windows PowerShell (Admin).
  • Enter the command "wsl --install". Once complete, restart your computer.
  • When the restart is complete, Ubuntu will finish installing. This will take several minutes.
  • When Ubuntu is finished, it will ask for a new username and password. These can be whatever you want.
  • Download rigol_64.zip file below. Unzip the file. Copy the entire contents of the miracl_64 folder to someplace convenient (you'll have to type out this path later). For example, I made a new folder directly on the C drive: C:\Riglol. This is the Riglol program we will use to generate the upgrade key.
  • In Ubuntu, type: "cd /mnt/c/whatever/your/path/is". For example, I typed: "cd /mnt/c/Riglol".
  • Then type: "./riglol YourSerialNumber JBNE". Obviously, replace YourSerialNumber with your serial number. Riglol should print out the upgrade key.
  • Create a new text file with Notepad. On the first line, enter your serial number. On the second line, copy the upgrade key from Riglol. Press enter one more time to make a blank third line.
  • Save the file to a USB drive. Name the file whatever you want, but make sure it ends with ".lic". Also make sure All Files is selected in the Save as type field.
  • Plug the USB drive into the waveform generator.
  • On the waveform generator, go to Store. Select File Type → All File. Select the D: drive. Press the Browser button to select File. Highlight the file you just made, and press Read.
  • Congratulations! You now have the memory upgrade. :clap:

FAQ
I got a "Remote command is incorrect!" error
This is usually related to the magic USB drive. Make sure you followed the magic drive directions, and the drive is plugged in to your instrument. Perhaps try a different USB drive. Also make sure you typed out the commands exactly as they are in the instructions.

I can't connect with Telnet
For the DP series, make sure you enabled the LAN option first, as described in the LAN path. Otherwise, it is probably an issue with your home network. Try connecting it directly to your router.

The Arb16M upgrade didn't work
Make sure you typed in the right serial number for Riglol, and included the JBNE option. Make sure you create the text file exactly as described. Include that third blank line, make sure the file name ends with .lic, and make sure you save as type All Files. Also, programs like Word or OpenOffice Writer may not work. Use Notepad.

Can I still update the firmware in the future?
Yes.

Do the upgrades enable all the options?
Yes, except for the Arb16M option on the DG series. You have to do that separately.

Is the performance going to be as good as the real instrument?
Yes. The hardware between versions is the same. Only the software limits it.

I don't like the triangular display of the upgraded DP series. Can I change it?
Yes. Go to: Display → Disp Mode → Classic.

Can I undo the upgrades?
Yes. Follow either the LAN or USB path above until you are ready to send commands to your instrument. If you want to undo multiple upgrades in a row, you will have to restart your instrument after each one.
  • Change back model: Send the same command you did before, except change it back to the old model. For example, type ":PROJ:SET MODEL,DP832" to change back to a DP832. You will still need the magic USB drive.
  • Remove options: Send the command: ":LIC:CLEAR".
  • Change back serial number: Send the command: "PROJ:STAT SN,YourSerialNumber". Obviously, replace YourSerialNumber with your serial number. You will still need the magic USB drive.
Do I still need all that software I downloaded?
No. You can safely uninstall everything.
  • Win32DiskImager: Uninstall like any other program.
  • Telnet: Go to: Settings → Apps → Optional features → More Windows features, and uncheck Telnet Client. Click OK.
  • UltraSigma: Uninstall like any other program. You can remove the following: IVI Shared Components, National Instruments Software, RIGOL Ultra Sigma, and VISA Shared Components.
  • Ubuntu and Riglol: Uninstall like any other program. You can remove the following: Ubuntu, and Windows Subsystem for Linux Update. Also, go to: Settings → Apps → Optional features → More Windows features. Uncheck the boxes for Virtual Machine Platform, and Windows Subsystem for Linux. You can just delete the Riglol folder.
Do I still need the magic drive?
No. It is only needed for the upgrade process.

I already have Linux. Do I need Ubuntu on Windows?
No. The version of Riglol we need for the Arb16M upgrade was compiled for Linux, and Ubuntu on Windows was the easiest way to get that to run for most people. I'm sure it won't run on ANY distro, but I'm not a Linux guy so you're on your own there.

Is this guide the only way to do the upgrades?
No. There are other ways to send the commands, or get Riglol to run. This was the way I used, and seemed the least technical route with the fewest problems.

How does all this work?
These instruments have hidden SCPI commands that we used to upgrade. SCPI is a standard way for PCs to communicate with test equipment; usually to automate testing for mass production. However, these hidden commands won't work unless there is a USB drive present that contains a "magic number" at a particular place in memory. Our magic USB drive contains that magic number in all the places the instrument might look. Once that's plugged in, all we need to do is send the SCPI command, via LAN or USB. Voila!

Riglol, as far as I can tell, was written by someone who managed to reverse engineer the way Rigol generates their official keys. The gotroot website has an online version, and the Ubuntu version you may have used is the same thing, but also supports the DG series.

Who can we thank for all this?
Spork Schivago for kicking off the DP hack
tossu for actually figuring it out
volkimel, tv84, and Macbeth for early work helping to decrypt the firmware


Excellent write-up! This should be ideal for all new to this. I am only wondering if this is the ideal thread for other to find this useful information.
 

Offline joeyjoejoe

  • Frequent Contributor
  • **
  • Posts: 267
  • Country: ca
Re: Need help hacking DP832 for multicolour option.
« Reply #435 on: March 09, 2022, 01:11:14 am »
Perhaps to add to the writeup

You can do this with linux without any tools. I'm running Ubuntu 20 on my laptop. A simple echo will suffice.

Code: [Select]
root@grexps:/home/greg/python-usbtmc#  echo "*IDN?" > /dev/usbtmc0; cat /dev/usbtmc0
RIGOL TECHNOLOGIES,DL3021A,DL3A19xxxx,00.01.04.00root@grexps:/home/greg/python-usbtmc#
root@grexps:/home/greg/python-usbtmc#
root@grexps:/home/greg/python-usbtmc# echo ":PROJ:SET MODEL,DL3031A" > /dev/usbtmc0; cat /dev/usbtmc0
OK
cat: /dev/usbtmc0: Connection timed out
root@grexps:/home/greg/python-usbtmc#
 
The following users thanked this post: lmamakos

Offline trampas

  • Contributor
  • Posts: 44
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #436 on: October 25, 2022, 05:18:44 pm »
I have the DP832 hacked to DP832A.  I went to the IP address expecting to see a way to see/change the power supply settings.  That is some type of UI that replaces front panel much like the Rigol O-scope has. 

I was wondering if anyone else was missing this feature?  Is it worth doing a node.js project to add this? If we did come up with a UI how much trouble would it be to have the power supply host the web page?
 

Offline Remek

  • Newbie
  • Posts: 2
  • Country: pl
Re: Need help hacking DP832 for multicolour option.
« Reply #437 on: November 03, 2022, 12:19:54 am »
Do you know if it is possible to hack the new dp900 series?
 

Offline lmamakos

  • Contributor
  • Posts: 12
Re: Need help hacking DP832 for multicolour option.
« Reply #438 on: November 11, 2022, 10:24:13 pm »
I did this on a Raspberry Pi, where the USB serial device also showed up as /dev/usbtmc0 on Raspian 11, with a kernel reporting itself as

Linux pigps 5.15.32-v7l+ #1538 SMP Thu Mar 31 19:39:41 BST 2022 armv7l

This approach worked really great, thanks!   

Perhaps to add to the writeup

You can do this with linux without any tools. I'm running Ubuntu 20 on my laptop. A simple echo will suffice.

Code: [Select]
root@grexps:/home/greg/python-usbtmc#  echo "*IDN?" > /dev/usbtmc0; cat /dev/usbtmc0
RIGOL TECHNOLOGIES,DL3021A,DL3A19xxxx,00.01.04.00root@grexps:/home/greg/python-usbtmc#
root@grexps:/home/greg/python-usbtmc#
root@grexps:/home/greg/python-usbtmc# echo ":PROJ:SET MODEL,DL3031A" > /dev/usbtmc0; cat /dev/usbtmc0
OK
cat: /dev/usbtmc0: Connection timed out
root@grexps:/home/greg/python-usbtmc#

 

Offline ozkarah

  • Regular Contributor
  • *
  • Posts: 87
  • Country: tr
Re: Need help hacking DP832 for multicolour option.
« Reply #439 on: November 21, 2022, 02:36:34 pm »
Is there any possibility that this method works on the new DP932E/DP932U models?
 

Offline radensb

  • Contributor
  • Posts: 28
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #440 on: November 25, 2022, 08:43:26 pm »
Is there any possibility that this method works on the new DP932E/DP932U models?
I am also interested in this! The DP900 series looks to have fully independent supplies for all three channels, which is pretty nice! Its still unclear if there are any HW limitations between the A/U, and E models. The E model is only $50 more than the DP832.
 
The following users thanked this post: ozkarah

Offline Xoff

  • Contributor
  • Posts: 17
  • Country: pl
Re: Need help hacking DP832 for multicolour option.
« Reply #441 on: December 28, 2022, 09:38:55 am »
Unfortunately I was unable to change model of DP932E using this method.

There was no error message posted after ":PROJ:SET MODEL,DP932A" command, however no model change after the restart.
FAT32 is supported with MBR (important when using Disk Utility on Mac).
 

Offline Coliban

  • Regular Contributor
  • *
  • Posts: 62
  • Country: de
Re: Need help hacking DP832 for multicolour option.
« Reply #442 on: April 06, 2023, 11:33:17 am »
I upgrade my DP832 to newest FW Version 00.01.16.00.02

I wanted to activate that color mode DP832A but the commands presented here are not working over lan. (I can't upgrade license over USB because my Apple MAC OS does not recognized the USB connection)

if I say (with telnet)
> :PROJ:SET MODEL,DP832A

the device answers "Remote command is incorrect"

How could I update the license?


"If Lyfe were a Thing that Monie could buy -- the Poor could not live & the Rich would not die." Quote on a gravestone from a glove maker, Scotland, 17th century
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 3211
  • Country: pt
Re: Need help hacking DP832 for multicolour option.
« Reply #443 on: April 06, 2023, 01:31:02 pm »
(I can't upgrade license over USB because my Apple MAC OS does not recognized the USB connection)

Then use another PC!

The method described in this thread requires you to have a specific file/sector inside the USB disk. You can't go without it!
 

Offline uesak

  • Newbie
  • Posts: 2
  • Country: th
Re: Need help hacking DP832 for multicolour option.
« Reply #444 on: July 16, 2023, 01:16:18 pm »
USD Flash Drive with a capacity of 4GB must be used, and the file type must be FAT. Otherwise, DP832 will not detect the USB drive.
On July 8, 2023, I made a mistake by using both 32 and 64 GB USB flash drives, even though I adjusted the allocation table to 512, 1024, 2048, it didn't work. The device responded with "Remote command is incorrect."
I accidentally tried using the command in Ultra Sigma by pressing the Clear button, which cleared all the options and licenses for LAN/RS232 and others.
I took time to think and tested step by step. Currently, I'm using a 4GB USB drive, but I need to fix the LAN issue first as mentioned below:

1. Check if the LAN option has a license. Don't worry about other options because if it's done correctly, they will all come back.

2. If the LAN option for DP832 is still not available, go to https://gotroot.ca/rigol/riglol/ and enter the DP832 machine's serial number. In the Option field, enter F6LT (emphasis on using only F6LT) to generate the LAN code. Take the license generated and enter it in the DP832 machine to enable LAN. Your LAN should now be turned on, and you may need to restart the machine.

3. Follow the steps recommended by STMartin. The best USB Flash Drive should be 4GB or 8GB or maybe more. To check if the USB Flash Drive works, connect it to the DP832 device, and it should be detected and displayed on the DP832 screen. If it's not detected, you need to format it or try a different USB Flash Drive.

4. I use the Rigol Ultra Sigma program because it's installed on Windows 11. If you haven't installed it on Windows 11, download "Ultra Sigma(PC) Installer.rar" from RIGOL, unzip/unrar it into a temporary folder. Then, copy all the files and folders to the root of the USB Flash Drive and run "Setup.exe" on the USB Flash Drive to install the program. Open the Ultra Sigma program.

5. Next, make sure the IP address is in the same group. I found that if I connect the DP832 to a computer notebook, they would have different IP addresses, which doesn't work. So, I connected the LAN cable to the Wi-Fi Router, which resulted in the DP832 having the same IP address. You can use the ping command in the Windows console to verify the response.

6. Once the LAN cable, IP address, and USB Flash Drive are set up correctly, when you connect the USB Flash Drive to the back of the DP832 device, you should hear a sound and the DP832 should recognize it. Follow STMartin's instructions to proceed.

7. After completing all the steps, restart the device, and you will have the color version along with all the options enabled.

I sincerely thank STMartin, Spork Schivago, tossu, volkimel, tv84, and Macbeth for their invaluable assistance
« Last Edit: July 16, 2023, 01:20:11 pm by uesak »
 

Offline 0x00

  • Newbie
  • Posts: 8
  • Country: us
Re: Need help hacking DP832 for multicolour option.
« Reply #445 on: September 04, 2023, 07:28:09 pm »
Is it safe to upgrade to 00.01.16.00.02 after applying the color hack?


USD Flash Drive with a capacity of 4GB must be used, and the file type must be FAT. Otherwise, DP832 will not detect the USB drive.

I just converted my Rigol DP832 to a DP832A using a 128GB SSD, worked fine. (Didn't have any small flash drives left in my office.)

Code: [Select]
s u d o dd of=/dev/rdisk5 if=rigol-key.img
# Remove the spaces for sudo when running for real

Where /dev/rdisk5 was my external USB SSD.
 

Offline uesak

  • Newbie
  • Posts: 2
  • Country: th
Re: Need help hacking DP832 for multicolour option.
« Reply #446 on: September 24, 2023, 12:20:22 pm »
I'm doing well, and I've had no issues with your mentioned version; it appears to be safe and problem-free. I've been using it just as you said.
Regarding the USB Flash Drive, if you require a capacity larger than 4GB, 8GB, or 16GB, I suggest the following steps:
1. Plug the Flash Drive into your DP832.
2. Check if the DP832 detects the Flash Drive.
3. Use the DP832's menu commands to secure your data.
4. Attempt to access the secured data on your computer.
If everything goes smoothly during these steps, your Flash Drive should work perfectly. I wish you the best of luck and every success!
 ;D ;D ;D
 

Offline Nrkb

  • Contributor
  • Posts: 26
  • Country: ca
Re: Need help hacking DP832 for multicolour option.
« Reply #447 on: November 10, 2023, 12:38:54 am »
Hello,
just wondering if this upgrade hack is still working fine and easy theses days with new revisions DP832 to DP832A.
I'm planning to buy one and it's about 300$ CAD difference...
I'm reading the whole thread right now but it's 18 pages and it might take a little while so i thought of asking.  :scared:

Oh and about that loud fan, do they come with quieter fans now?

Thanks
 

Offline maxpayne

  • Regular Contributor
  • *
  • Posts: 139
Re: Need help hacking DP832 for multicolour option.
« Reply #448 on: November 10, 2023, 12:48:59 am »
Yap,,,the upgrade hack is still working fine ! :)
 

Offline Nrkb

  • Contributor
  • Posts: 26
  • Country: ca
Re: Need help hacking DP832 for multicolour option.
« Reply #449 on: November 10, 2023, 12:52:04 am »
Great, thanks!!
 

Offline dandvan

  • Newbie
  • Posts: 1
  • Country: us
    • My Photography (other hobby)
Re: Need help hacking DP832 for multicolour option.
« Reply #450 on: December 23, 2023, 06:34:27 am »
Hack still works and was even able to do it after a couple of beers!
 

Offline GraXXoR

  • Contributor
  • Posts: 18
  • Country: jp
Re: Need help hacking DP832 for multicolour option.
« Reply #451 on: January 25, 2024, 04:39:13 pm »
JAN 2024... 1.16 FW DP832:  GOTROOT STILL WORKS!!!

It worked perfectly and smoothly  on a 1.16 Firmware DP832 dated May 2020 which I picked up for just over US$200 on Yahoo Auction this morning.

I used a Mac with Ventura.... you don't especially need Windows and you don't need Linux to do this.

I downloaded only ONE FILE to complete this EPIC UPGRADE... (OK, so I'm CAPS stoked... lol... apologies for the overenthusiasm).

Upgrade DP832 to DP832A (Firmware 1.16) on a Mac in MacOS...

1) download the supplied USB-Key unlocker .IMG file in the detailed post just before this one. (it's about 35MB)...
2) use BALENA ETCHER to burn the .IMG file it onto a generic 8GB USB2 stick.
3)  Go to gotroot.ca/rigol/riglol  : Note that for DP832 FW above 1.06 you may need to use the link at the top of the page and make sure you choose GOTROOT 1.1.0, **NOT 1.1.2** <--- this lists SP832B and doesn't have FW > 1.06 so I don't know if it works...
4) Type in your DP832 serial number....  (In a Mac you can just copy and paste it from right in the SYSTEM REPORT USB Section... LOL) and enter F6LT to get the LAN install licence code.   Click Generate
5) Switch on your DP832 , select Utility -> Second Page -> Option -> Install and type in the Loooong code to unlock LAN. Switch off the DP832. (not sure if necessary, but I did and it worked, so....)
6) Plug in the USB stick and LAN cable... And switch back on the DP832... Wait for the DP832 to pick up DHCP. Check IP address in Utility->IO Config->LAN
7)  On your Mac, open Terminal and type
      telnet 192.168.xxx.xxx  5555
8)  type exactly (no spaces) and press ENTER... There will be no reply.
   :PROJ:SET MODEL,DP832A
9) If no error shows on the screen of your DP832, you can shut it down.
10) Switch on your DP832 again and bask in all the multicolour glory and 1mV precision. Also, ALL OPTIONS are Enabled now, not just LAN!


Hope any fellow Mac users find this interesting.
« Last Edit: January 25, 2024, 04:42:16 pm by GraXXoR »
 
The following users thanked this post: NF6X, Jean Michel


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf