Products > Test Equipment
New Rigol DS1054Z oscilloscope
NEDM64:
--- Quote from: frozenfrogz on October 15, 2021, 03:50:07 pm ---AFAIK EEVBlog user cybernet is the one that threw some stones at the Rigol firmware, then poked it with a stick and it soon became obvious, that the encryption must have been implemented by an unpaid intern - or something along that line.
Related: http://poke152.blogspot.com/2013/07/riglol.html
--- End quote ---
Nice, he seems to have reversed the firmware qnd it looks like it only has one public key in it.
--- Quote from: Bicurico on October 15, 2021, 05:26:41 pm ---Once a keygen is released for a test equipment, it becomes very difficult for the manufacturer to close the door.
Unless the number of sold devices is reduced, so that the new FW can contain the serials and respective options of all devices, it is basically impossible to change the license mechanism without having all legitimate customers entering new keys.
The Riglol hack produces serials that are 100% identical to the official ones. How should a new FW invalidate illegitimatly activated options?
It is perfectly safe to install new DS1054Z FW releases and meanwhile it has been made public how to revert to older FW by use of a magic USB disk.
Regarding the other questions: I am not at home and I have not tested anything.
Regards,
Vitor
--- End quote ---
Having multiple private keys and if one becomes compromised, deactivate one. Reissue activation codes to the legitimate costumers that have been issued activation codes with the compromised private key.
While it seems to not be the case, it's perfectly possible and if I were to engineer the product, that would be the way I would do, specially considering these multinational companies were they have offices overseas with just sales people and then there are the subversive employees. It's a 2-in-1: disable the hacks and find the responsible.
Also, it's not impossible. If Rigol wants to block past "illegitimate" software upgrades with a software update, they can.
They might have sold a lot of scopes, but these things don't sell in the numbers of PlayStations or iPhones, also most of them are bought for education and QA (running pass/fail tests), so the number of costumers that bought these scopes and upgraded must be really low, let's say 1 million.
If Rigol really wanted, they could include a whitelist in the new firmware, just 1MB would be good enough for 1 million 8bit hashes of the permitted machines. Then issue a second public/private key pair.
Bicurico:
If you want to do it properly, you would include a whitelist with all serial numbers and respective legitimate options. While I accept that 8 bit might be enough to code all possible options of a DS1000Z series oscilloscope, the serial numbers will require much more bits. I would say you would need 8 bytes for serial + model and then another byte for the active options. Lets go with 8 bytes (aka 64 bits). For one million devices out on the market, you would require an extra 8MB flash space. I doubt that is feasiable on these device.
Also, the upgrade process would take quite a while: check the serial number against the white list, generate new keys for legitimate options listed in whitelist, replace private key with new one.
The next question is: how long would it take for a new keygen?
I am pretty sure that Rigol has more important R&D in course than improving this low-end device hack. I would even say that this hack was tolerated as it considerably increased sales and put Rigol on the map.
Fungus:
--- Quote from: Bicurico on October 15, 2021, 07:07:51 pm ---I am pretty sure that Rigol has more important R&D in course than improving this low-end device hack. I would even say that this hack was tolerated as it considerably increased sales and put Rigol on the map.
--- End quote ---
It's over $1000 with all options. They'd have sold zero units at that price.
As it is they took almost the entire "hobby" market for a number of years and I doubt they lost money on any of them.
Right now they're doing the exact same thing with the MSO5000. There's no way they aren't allowing it as a sales tactic.
nigelwright7557:
I just work with audio so a ebay cheapie does me very well.
Why spend hundreds when sub $30 does the job well ?
NEDM64:
--- Quote from: Bicurico on October 15, 2021, 07:07:51 pm ---If you want to do it properly, you would include a whitelist with all serial numbers and respective legitimate options. While I accept that 8 bit might be enough to code all possible options of a DS1000Z series oscilloscope, the serial numbers will require much more bits. I would say you would need 8 bytes for serial + model and then another byte for the active options. Lets go with 8 bytes (aka 64 bits). For one million devices out on the market, you would require an extra 8MB flash space. I doubt that is feasiable on these device.
--- End quote ---
The S/N already includes the model info. You don't need to exactly store the S/Ns, a hash function would suffice for a high probability.
There's about 60 megs free on the flash memory.
--- Quote ---Also, the upgrade process would take quite a while: check the serial number against the white list, generate new keys for legitimate options listed in whitelist, replace private key with new one.
--- End quote ---
A couple of µsecs.
--- Quote ---The next question is: how long would it take for a new keygen?
I am pretty sure that Rigol has more important R&D in course than improving this low-end device hack. I would even say that this hack was tolerated as it considerably increased sales and put Rigol on the map.
--- End quote ---
That would be the case, also, with the current firmware, it's working properly for 99.9999% of users, so if they (we) see they will lose their riglols, they wouldn't upgrade.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version