Author Topic: New Rigol 16-bit function generators DG800/900 series  (Read 20273 times)

0 Members and 2 Guests are viewing this topic.

Offline Ashdash

  • Contributor
  • Posts: 22
  • Country: nz
Re: New Rigol 16-bit function generators DG800/900 series
« Reply #275 on: August 15, 2019, 09:27:27 pm »
Attachment is the result of your command on usb drive prepared with linux that I have been using to try to upgrade.

As you can see, the block is correctly written. If it's not your VISA stuff, it's the FW that has changed.

Yes I agree.

I am trying to locate a usb to lan adapter so I can provide the information you requested by PM. The ones that are readily available are based on Axis AX88772 chipset. Looking at your post of kernel modules earlier in the thread, there is only a Realtek rtl8152 driver so I guess the adapter must be based on that chipset.
 

Online tv84

  • Frequent Contributor
  • **
  • Posts: 796
  • Country: pt
Re: New Rigol 16-bit function generators DG800/900 series
« Reply #276 on: August 15, 2019, 09:41:15 pm »
I am trying to locate a usb to lan adapter so I can provide the information you requested by PM. The ones that are readily available are based on Axis AX88772 chipset. Looking at your post of kernel modules earlier in the thread, there is only a Realtek rtl8152 driver so I guess the adapter must be based on that chipset.

This one works:

https://www.eevblog.com/forum/testgear/new-rigol-16-bit-function-generators-dg800900-series/msg2429370/#msg2429370
 

Offline TurboTom

  • Frequent Contributor
  • **
  • Posts: 592
  • Country: de
Re: New Rigol 16-bit function generators DG800/900 series
« Reply #277 on: August 15, 2019, 10:12:24 pm »
There are several adapters, also the "el-cheapo"-ones that work. Some of the cheapest ones aren't equipped with isolating transformers.

The funny thing is, some only get recognized by the DG800/900 after an active LAN cable is plugged in. After that, no problem (...only found this out after having bought three different ones -- altogether still a lot cheaper than the one Rigol offers...).

Cheers,
Thomas
 
The following users thanked this post: Ashdash

Offline timber23

  • Contributor
  • Posts: 42
  • Country: de
Re: New Rigol 16-bit function generators DG800/900 series
« Reply #278 on: August 15, 2019, 10:20:54 pm »
If it's not your VISA stuff, it's the FW that has changed.
You could use my Python script to send the SCPI command to switch mode.

Necessary files are attached.
 
The following users thanked this post: egonotto, thm_w, 2N3055, frozenfrogz

Offline timber23

  • Contributor
  • Posts: 42
  • Country: de
Re: New Rigol 16-bit function generators DG800/900 series
« Reply #279 on: August 15, 2019, 10:43:47 pm »
I can confirm that this GoojoDoq adapter works: https://www.aliexpress.com/item/32945323919.html It is only $3.57 and was delivered within 4 weeks. It was sugested by someone here in the forum.

The el-cheapo ones I tryed so far did not work. I mean white LAN adapters with realtek chipset. Even with active LAN connected to it, it didn't work.
 

Offline Ashdash

  • Contributor
  • Posts: 22
  • Country: nz
Re: New Rigol 16-bit function generators DG800/900 series
« Reply #280 on: August 16, 2019, 06:11:01 am »
There are several adapters, also the "el-cheapo"-ones that work. Some of the cheapest ones aren't equipped with isolating transformers.

The funny thing is, some only get recognized by the DG800/900 after an active LAN cable is plugged in. After that, no problem (...only found this out after having bought three different ones -- altogether still a lot cheaper than the one Rigol offers...).

Cheers,
Thomas

I'm glad I read your post before going to the local computer shop.  I took the DG811 with me and would probably have rejected the adapter I bought if I hadn't known to plug onto an active cable.

And you also can't "Apply" the network settings if the cable is not connected.

This usb to lan adapter works fine. https://en.j5create.com/products/jue125
 

Offline Ashdash

  • Contributor
  • Posts: 22
  • Country: nz
Re: New Rigol 16-bit function generators DG800/900 series
« Reply #281 on: August 18, 2019, 07:19:46 pm »
Bump.
Has anyone with a recently purchased unit with firmware 00.01.09.00.00 been able to upgrade?  Care to share your experience?

Has anyone stumbled upon the root password?  I've tried the obvious ones.

It's not possible to downgrade to 00.01.08.00.01 which is available from rigolna.
 

Online tv84

  • Frequent Contributor
  • **
  • Posts: 796
  • Country: pt
Re: New Rigol 16-bit function generators DG800/900 series
« Reply #282 on: August 18, 2019, 08:29:49 pm »
Try user "sshd" or "root".

All files in the filesystem are owned by root or sshd.

Maybe something like this:

https://medium.com/@jakewies/accessing-remote-machines-using-ssh-55a0fdf5e9d8
« Last Edit: August 18, 2019, 09:33:02 pm by tv84 »
 

Offline Ashdash

  • Contributor
  • Posts: 22
  • Country: nz
Re: New Rigol 16-bit function generators DG800/900 series
« Reply #283 on: August 19, 2019, 09:00:39 pm »
No luck logging in with "root" or "sshd".

I presume the passwd and shadow files are from a DGxxx firmware 00.01.08 or lower.  The shadow file shows that all accounts except root are disabled. (* in second field) Root has no password ("root::") but that has obviously changed.

I don't understand the significance of the ssh directory.  How does that help?  How do those keys help?

All and any help appreciated.
 

Offline thm_w

  • Super Contributor
  • ***
  • Posts: 1294
  • Country: ca
Re: New Rigol 16-bit function generators DG800/900 series
« Reply #284 on: August 19, 2019, 10:53:04 pm »
All and any help appreciated.

Try performing the downgrade by powering on and hitting the 'Help/Local' button to get to the low level tool.
Does it still block it?

edit: got an interesting screen with two options in Chinese, during boot, not sure what it said. Need to try to get that to show up again.
edit2: port 22 SSH, port 111 rpcbind, port 5555 freeciv.
« Last Edit: August 20, 2019, 12:57:14 am by thm_w »
 

Offline timber23

  • Contributor
  • Posts: 42
  • Country: de
Re: New Rigol 16-bit function generators DG800/900 series
« Reply #285 on: August 19, 2019, 11:53:22 pm »
I presume the passwd and shadow files are from a DGxxx firmware 00.01.08 or lower.
I don't understand the significance of the ssh directory.  How does that help?  How do those keys help?
I have version 00.01.08.00.01 and I have no luck trying to log in with root and no password using SSH.

The ssh directory includes the authorized_keys. It is the public key of a PC which is allowed to log in, using its private key without password. Because the private key is unknown, the public key doesn't help.
 

Offline Ashdash

  • Contributor
  • Posts: 22
  • Country: nz
Re: New Rigol 16-bit function generators DG800/900 series
« Reply #286 on: August 19, 2019, 11:58:21 pm »
Did your instrument ship with 00.01.08.00.01?  Were you able to upgrade using the procedure earlier in the thread?
 

Offline timber23

  • Contributor
  • Posts: 42
  • Country: de
Re: New Rigol 16-bit function generators DG800/900 series
« Reply #287 on: August 20, 2019, 12:05:11 am »
Did your instrument ship with 00.01.08.00.01?  Were you able to upgrade using the procedure earlier in the thread?
Yes. I did no update, since I received the device. Yes, I created an USB drive with the magic bytes and upgraded from DG811 to DG992.

This is how my "Info" screen looks like:

 
The following users thanked this post: Ashdash

Offline Ashdash

  • Contributor
  • Posts: 22
  • Country: nz
Re: New Rigol 16-bit function generators DG800/900 series
« Reply #288 on: August 20, 2019, 12:11:27 am »
Reading through the thread, some members seem to have trouble with the key, which they resolved, and also sending the ":PROJ:MODE DG912". which they resolved.

Can you share by what method your key was formatted and the package used to send the :PROJ command?
« Last Edit: August 20, 2019, 12:28:57 am by Ashdash »
 

Offline Ashdash

  • Contributor
  • Posts: 22
  • Country: nz
Re: New Rigol 16-bit function generators DG800/900 series
« Reply #289 on: August 20, 2019, 12:56:26 am »
All and any help appreciated.

Try performing the downgrade by powering on and hitting the 'Help/Local' button to get to the low level tool.
Does it still block it?

edit: got an interesting screen with two options in Chinese, during boot, not sure what it said. Need to try to get that to show up again.

I've tried several things with the 'Help/Local' key but I can't bring up low level screen.

If I put a usb drive with firmware 00.01.08.00.01 in the instrument with the Help screen showing, it loads and I get a dialog with 'Detects the upgrade file, upgrade? Touch 'OK' .  Waiting dialog box and then eventually returns to home screen. Upgrade dialog reappears. No downgrade.

EDIT.  Ok. Got to a low level screen in English. Keep pushing 'Help/Local' key when initial RIGOL appears onscreen, before progress bar appears.
No usb installed: 'Not found images...'    Instrument stopped, need to power off.
Usb installed:  'Upgrade from usb disk. Reading...'  wait and then  'ERROR: bad script!'   Instrument stopped.
« Last Edit: August 20, 2019, 02:31:46 am by Ashdash »
 
The following users thanked this post: thm_w

Offline Ashdash

  • Contributor
  • Posts: 22
  • Country: nz
Re: New Rigol 16-bit function generators DG800/900 series
« Reply #290 on: August 20, 2019, 08:19:34 am »
I'm going to declare that the hack is closed or changed in firmware version 00.01.09.00.00
At least until the clever people can get hold of the firmware and take a look at it.

It is not possible to downgrade to 00.01.08.00.01 which is known to work and available at rigolna.

I've tried a 2gb and 8gb usb sticks formatted FAT32 with the magic bytes at the correct location.  I've tried sending the the SCPI command by 2 different Windows packages and most recent  using Python under linux. Code snippet below.

>>> rigol = rm.open_resource('USB0::6833::1603::DG8Axxxxxxxxx::0::INSTR')  (xxxxxxxxx is serial no.)
>>> rigol.write(':DISP:BRIG 1')
(28, <StatusCode.success: 0>)
>>> rigol.write(':DISP:BRIG 100')
(28, <StatusCode.success: 0>)

Insert key, waiting dialogue appears, wait

>>> rigol.write(':PROJ:MODE DG992')
(32, <StatusCode.success: 0>)
Power off, remove key, power up.

The 2 DISP strings are just sent to confirm the DG811 is receiving commands by dimming then brightening the display. Then insert key, and after waiting for dialogue box to disappear, send PROJ command.  Then power down and up.
Unfortunately, no upgrade.

Happy to help from here on.
« Last Edit: August 20, 2019, 08:24:43 am by Ashdash »
 

Online tv84

  • Frequent Contributor
  • **
  • Posts: 796
  • Country: pt
Re: New Rigol 16-bit function generators DG800/900 series
« Reply #291 on: August 20, 2019, 08:40:45 am »
Root password is:

Code: [Select]
root:$6$KRD.PxZVpASx$V15pbKoUrwRvuPgiX8hegJD9uD3NbLllV6NDiH/A48Es4z9.pc40LGilqSEJifwwxwDKt1rn7yyW//Npp6Oi90:10933:0:99999:7:::
Anyone can break it?
« Last Edit: August 21, 2019, 01:29:51 pm by tv84 »
 
The following users thanked this post: thm_w

Offline thm_w

  • Super Contributor
  • ***
  • Posts: 1294
  • Country: ca
Re: New Rigol 16-bit function generators DG800/900 series
« Reply #292 on: August 20, 2019, 10:30:39 pm »
SSH version info:

ssh dropbear_2016.74 kippo honeypot
https://www.cvedetails.com/vulnerability-list/vendor_id-15806/product_id-33536/version_id-214300/Dropbear-Ssh-Project-Dropbear-Ssh-2016.74.html

I'm not sure how hard it is to exploit this vulnerability?

'root' is an SSH user, but 'sshd' is not showing as an accessible user. 'Rigol201' was the MSO5000 root password but thats not working here.
 

Offline thm_w

  • Super Contributor
  • ***
  • Posts: 1294
  • Country: ca
Re: New Rigol 16-bit function generators DG800/900 series
« Reply #293 on: August 20, 2019, 11:42:09 pm »
Dialogue box,"Detects the upgrade file, upgrade?" OK.
Rotating wait graphic, which stops and a relay click from the DG811, then after a further short delay waiting dialogue box disappears.  No apparent change in status.  No upgrade after power cycle.
Edit: Just tried to ssh with root. Still no access.

Did you try the GEL then SSH without a power cycle? I'm assuming here the GEL is making a temporary modification.
 

Offline Ashdash

  • Contributor
  • Posts: 22
  • Country: nz
Re: New Rigol 16-bit function generators DG800/900 series
« Reply #294 on: August 21, 2019, 01:04:41 am »
It seems we need to get down and dirty with the ssh thing. I'll try some GEL packs in the coming days.

Ashdash, try this GEL.
I'm new at this.  I'd don't see any option to attach files to a private message and how do you move files about over the 5k limit?
 

Online tv84

  • Frequent Contributor
  • **
  • Posts: 796
  • Country: pt
Re: New Rigol 16-bit function generators DG800/900 series
« Reply #295 on: August 21, 2019, 10:06:14 am »
From analysis of the v00.01.09.00.00 app, I can confirm that the new FW version changes the previous method of changing Model.

The USB signature (sardinha.bin) is now placed in the last reserved sector of the USB disk and is XXTEA encrypted.

So, for those who have v00.01.09.00.00, you can write the file DG800_sardinha_v2.bin in the last reserved sector of a USB disk and use the usual SCPI command, as explained previously. Preferably disks with size smaller than 2GB!!

Here's also a small .GEL so that everyone can backup their NAND.  (It takes some minutes to run since it is 512 MBytes long.)
« Last Edit: August 21, 2019, 02:45:45 pm by tv84 »
 
The following users thanked this post: thm_w

Offline Ashdash

  • Contributor
  • Posts: 22
  • Country: nz
Re: New Rigol 16-bit function generators DG800/900 series
« Reply #296 on: August 22, 2019, 08:31:17 am »
Thanks again for your help.  The backup GEL worked fine.
But I still can't upgrade.

I have used python to send the SCPI string, doing the display test first.

Just to clarify where the sector should be written:

fsck.fat 4.1 (2017-01-24)
Checking we can access the last sector of the filesystem
Boot sector contents:
System ID "mkfs.fat"
Media byte 0xf8 (hard disk)
       512 bytes per logical sector
      4096 bytes per cluster
        32 reserved sectors
First FAT starts at byte 16384 (sector 32)
         2 FATs, 32 bit entries
   1921024 bytes per FAT (= 3752 sectors)
Root directory start at cluster 2 (arbitrary size)
Data area starts at byte 3858432 (sector 7536)
    480082 data clusters (1966415872 bytes)
62 sectors/track, 61 heads
      2048 hidden sectors
   3848192 sectors total
Checking for unused clusters.
Checking free cluster summary.

32 reserved sectors so I did dd if=/home/xxxx/Downloads/DG800/DG800_sardinha_v2.bin of=/dev/sdb1 bs=512 seek=31
No luck.
I thought maybe it should be before the data sector so then tried dd if=/home/xxxx/Downloads/DG800/DG800_sardinha_v2.bin of=/dev/sdb1 bs=512 seek=7535
No luck
 And I have tried also with an 8GB usb drive adjusting the seek to the appropriate values.

Any suggestions?
 

Online tv84

  • Frequent Contributor
  • **
  • Posts: 796
  • Country: pt
Re: New Rigol 16-bit function generators DG800/900 series
« Reply #297 on: August 22, 2019, 11:22:07 am »
For reserved sectors access, you must use sdb not sdb1. Sdb1 is the logical volume.
 

Offline Ashdash

  • Contributor
  • Posts: 22
  • Country: nz
Re: New Rigol 16-bit function generators DG800/900 series
« Reply #298 on: August 22, 2019, 12:48:54 pm »
For reserved sectors access, you must use sdb not sdb1. Sdb1 is the logical volume.
Reformatted drive and put a fat32 file system on it again.

Snippet from fdisk.
Using default response p.
Partition number (1-4, default 1):
First sector (2048-3850239, default 2048):
Last sector, +/-sectors or +/-size{K,M,G,T,P} (2048-3850239, default 3850239):

Then dd if=/home/xxxx/Downloads/DG800/DG800_sardinha_v2.bin of=/dev/sdb bs=512 seek=2047

And I've inspected the disk and confirmed "DG800_sardinha_v2" is written immediately in front of the logical volume stuff.

I tried the upgrade procedure again but still no luck.  But is "DG800_sardinha_v2" in the correct location now?
 

Online tv84

  • Frequent Contributor
  • **
  • Posts: 796
  • Country: pt
Re: New Rigol 16-bit function generators DG800/900 series
« Reply #299 on: August 22, 2019, 12:53:57 pm »
Use fat16.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf