Author Topic: Rigol DS1000Z - firmware patch & plugins  (Read 46544 times)

0 Members and 1 Guest are viewing this topic.

Offline konnorTopic starter

  • Contributor
  • Posts: 49
  • Country: ru
Rigol DS1000Z - firmware patch & plugins
« on: March 31, 2018, 07:28:10 pm »
Change List
30.03.2018 - first pub version.
 1) Ext port 6000 funcs - read/write/call (see rigolif programm)
 2) pluses -> pulses
 3) rnage -> range (decoder:conf:range)
 4) Changed USB Buffer Size (40->200) - test, please. I don't use USB IF
 5) Disabled set bandwidth to license maximum on start (BW20 fix)   

31.03.2018
 fixed bug on pic<->bmp conversion

Links to additional resources:
-Current version of the library and utilities for plug-ins
Plugins & tools work only with patched firmware.
You can write a small application that you can load into the oscilloscope's memory and perform any action there.
If the oscilloscope hangs or the result does not work, simply reboot the oscilloscope. This allows you to test patches and add-ons with a significantly lower risk to turn the oscilloscope into a brick.
Additionally, you can write an application that constantly works inside the oscilloscope (telnet, ftp, fast load/reload wave, tetris  ;), etc).
Content of archive:
add_info - firmware patch bin, diff-file, function address list and lst-file with initial initialization procedure of DS1000Z
lib - library and headers
lib_src - libray for plugin (with sources and tool for create sources)
patch - patch project for IAR (for gel)
plugin_simple - an example of a simple application that blink out all the LEDs and exit (memory is freed).
plugin_thread - an example of an application that launches an endless stream with all LEDs flashing (memory is NOT
freed). To stop it, just reboot the oscilloscope.
plugin_sw - Start War melody plugin.
plugin_backup - save nvram and hidden (/sys) files to USB flash
rigolif - Very primitive program for working with an oscilloscope. It is given in the source texts. Allows you to read and write memory of the oscilloscope, call internal functions, load plug-ins. In the directory there are bat-files with examples.

-Hardware info

-LED and key codes
-How to kill your oscilloscope(secret usb-flash)
-Decompiled content of guiResData.hex


Current firmware update: 31.03.2018 (NOT 01.04.2018!)

I can not attach one archive (1MB limit) and multi-volume zip has problems with unpacking. Therefore, the rar archives, renamed to zip, are attached. If anyone knows how to solve this problem by the more correct method - let me know, please.
« Last Edit: April 28, 2018, 04:05:31 am by konnor »
 
The following users thanked this post: BravoV, edavid, dpavlin, olewales, bitseeker, mv, Marcos, simas1017, Dwaine, DaveM

Offline konnorTopic starter

  • Contributor
  • Posts: 49
  • Country: ru
Re: Rigol DS1000Z - firmware patch & plugins
« Reply #1 on: March 31, 2018, 07:35:35 pm »
Plugin samples for patched firmware.

Plugins & tools work only with patched firmware.
You can write a small application that you can load into the oscilloscope's memory and perform any action there.
If the oscilloscope hangs or the result does not work, simply reboot the oscilloscope. This allows you to test patches and add-ons with a significantly lower risk to turn the oscilloscope into a brick.

Additionally, you can write an application that constantly works inside the oscilloscope (telnet, ftp, fast load/reload wave, tetris  ;), etc).

Content of archive:
add_info - firmware patch bin, diff-file, function address list and lst-file with initial initialization procedure of DS1000Z
libb - libray for plugin (with sources)
patch - patch project for IAR
plugin_simple - an example of a simple application that blink out all the LEDs and exit (memory is freed).
plugin_thread - an example of an application that launches an endless stream with all LEDs flashing (memory is NOT freed). To stop it, just reboot the oscilloscope.
rigolif - Very primitive program for working with an oscilloscope. It is given in the source texts. Allows you to read and write memory of the oscilloscope, call internal functions, load plug-ins. In the directory there are bat-files with examples (do not forget to change the IP-address to your own).

« Last Edit: April 01, 2018, 07:06:51 am by konnor »
 

Online nctnico

  • Super Contributor
  • ***
  • Posts: 26682
  • Country: nl
    • NCT Developments
Re: Rigol DS1000Z - firmware patch & plugins
« Reply #2 on: March 31, 2018, 07:40:29 pm »
Can you explain a bit on how hard it is to setup the development environment and what is needed to create a plugin?
There are small lies, big lies and then there is what is on the screen of your oscilloscope.
 

Offline konnorTopic starter

  • Contributor
  • Posts: 49
  • Country: ru
Re: Rigol DS1000Z - firmware patch & plugins
« Reply #3 on: March 31, 2018, 07:50:26 pm »
I use IAR (7.x) standart install. You may just compile plugin from samples directory, all in source codes.
 

Offline Adrian_Arg.

  • Frequent Contributor
  • **
  • Posts: 420
  • Country: ar
Re: Rigol DS1000Z - firmware patch & plugins
« Reply #4 on: March 31, 2018, 07:59:28 pm »
Did you use the latest firmware version of rigol ds1000z? What is this modification, I do not understand it?
 5) Disabled set bandwidth to license maximum on start (BW20 fix)   

 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 3211
  • Country: pt
Re: Rigol DS1000Z - firmware patch & plugins
« Reply #5 on: March 31, 2018, 08:32:46 pm »
janekivi,

A patched CRC.

Code: [Select]
00000000 - File Type: DS1000Z
00000010 - Version: 00.04.04.03.02
00000020 - Bitmask: 00000700
00000024 - # Sections: 10
Offset    Section Name                SectiSz   StartAdr  CRC32     Type
00000028  /sys/SparrowAPP.out         001045C6  00000280  6E08406C  00000001  [00000280-00104845]  CRC OK
00000064  /sys/SparrowFPGA.hex        000C4372  00104846  679334B7  00000005  [00104846-001C8BB7]  CRC OK
000000A0  /sys/SparrowDGFPGA.hex      00046F04  001C8BB8  E4FDFCA9  00000006  [001C8BB8-0020FABB]  CRC OK
000000DC  /sys/logo.hex               000BB818  0020FABC  AC2CE5C4  0000000A  [0020FABC-002CB2D3]  CRC OK
00000118  /sys/guiResData.hex         000B6A2C  002CB2D4  EFF83A4B  0000000C  [002CB2D4-00381CFF]  CRC OK
00000154  /sys/guiPicData.hex         0001E995  00381D00  C1DBFD83  00000011  [00381D00-003A0694]  CRC OK
00000190  /sys/SparrowConfig.hex      000BB818  003A0695  BAD12B30  00000010  [003A0695-0045BEAC]  CRC OK
000001CC  /sys/SparrowWaveTable.hex   000020E8  0045BEAD  B0445B96  0000000B  [0045BEAD-0045DF94]  CRC OK
00000208  /sys/SparrowCalFile.hex     0002329C  0045DF95  FBE2BA34  0000000F  [0045DF95-00481230]  CRC OK
00000244                              00000118  00481231  6AD11BAE  00000032  [00481231-00481348]  CRC OK
Offset    CRC32     Flags     Filesize  Endianes  Version     Rsvd
00000280  A7E7BDB2  00000003  001045AE  AA5555AA  4040302     00000000  [00000298-00104845]  CRC OK SparrowAPP.out CRC-PATCH OK
00104846  C9AF5D56  00000000  000C435A  AA5555AA  4040302     00000000  [0010485E-001C8BB7]  CRC OK
001C8BB8  138E13B9  00000000  00046EEC  AA5555AA  4040302     00000000  [001C8BD0-0020FABB]  CRC OK
0020FABC  9B4EA177  00000000  000BB800  AA5555AA  4040302     00000000  [0020FAD4-002CB2D3]  CRC OK
002CB2D4  D7825E44  00000000  000B6A14  AA5555AA  4040302     00000000  [002CB2EC-00381CFF]  CRC OK
00381D00  D34B79C8  00000001  0001E97D  AA5555AA  4040302     00000000  [00381D18-003A0694]  CRC OK
003A0695  5DEF7058  00000000  000BB800  AA5555AA  4040302     00000000  [003A06AD-0045BEAC]  CRC OK
0045BEAD  558BD392  00000000  000020D0  AA5555AA  4040302     00000000  [0045BEC5-0045DF94]  CRC OK
0045DF95  7717C897  00000000  00023284  AA5555AA  4040302     00000000  [0045DFAD-00481230]  CRC OK
  File Processed OK
 

Offline janekivi

  • Frequent Contributor
  • **
  • Posts: 368
  • Country: ee
Re: Rigol DS1000Z - firmware patch & plugins
« Reply #6 on: March 31, 2018, 08:51:58 pm »
Now you can see from what this is made an what inside. RigolPacker in our thread don't read it,
I have somewhere patched RigolPacker for this...

It's nice to show what you made, from what and what inside - it's very easy to brick scope and
sometimes very hard to get it working again. Thread is starting with... change list, and no word
what it actually is...

Patched CRC - he told about this...
https://www.eevblog.com/forum/testgear/rigol-ds1000z-series-buglist-continued-(from-fw-00-04-04-03-02)/msg1467148/#msg1467148
 
The following users thanked this post: CustomEngineerer

Offline konnorTopic starter

  • Contributor
  • Posts: 49
  • Country: ru
Re: Rigol DS1000Z - firmware patch & plugins
« Reply #7 on: April 01, 2018, 06:45:13 am »
Did you use the latest firmware version of rigol ds1000z? What is this modification, I do not understand it?
 5) Disabled set bandwidth to license maximum on start (BW20 fix)   
Error N5 in buglist:
The 20M Bandwidth Limit setting for each channel is not saved, it resets of OFF each power cycle.

Actually, Rigol save and restore this parameter to non-volatile ram. But (after restore) starts some procedure, what setup bandwith to max license value (50, 70 or 100 MHz).
 
The following users thanked this post: ebastler

Offline cs.dk

  • Supporter
  • ****
  • Posts: 642
  • Country: dk
Re: Rigol DS1000Z - firmware patch & plugins
« Reply #8 on: April 01, 2018, 06:46:45 am »
I can not attach one archive (1MB limit) and multi-volume zip has problems with unpacking. Therefore, the rar archives, renamed to zip, are attached. If anyone knows how to solve this problem by the more correct method - let me know, please.

Just use an external filehost like ie. mega

https://mega.nz/#!FChXURiQ!u3c1yOyWV23bScS1ArV-3CwG-oY7ktjv6HUZ3LdJ8Nw
(Send a message, if i should delete the link)
 

Online RoGeorge

  • Super Contributor
  • ***
  • Posts: 6136
  • Country: ro
Re: Rigol DS1000Z - firmware patch & plugins
« Reply #9 on: April 01, 2018, 07:36:36 am »
The two files attached in the first post can be unpacked just fine, all it is needed is to rename them:
rename DS1000ZUpdate.part1.zip as DS1000ZUpdate.part1.rar
rename DS1000ZUpdate.part2.zip as DS1000ZUpdate.part2.rar
then extract the gel file.

It is OK to store them as attachments on EEVblog, files stored on cloud will be deleted after a while.
« Last Edit: April 01, 2018, 07:41:08 am by RoGeorge »
 

Offline konnorTopic starter

  • Contributor
  • Posts: 49
  • Country: ru
Re: Rigol DS1000Z - firmware patch & plugins
« Reply #10 on: April 01, 2018, 09:14:12 am »
A little joke at Fool’s Day.

After loading plugin, oscilloscope work and play SW-melody.
 
The following users thanked this post: Synthtech

Offline Dwaine

  • Frequent Contributor
  • **
  • Posts: 299
  • Country: ca
Re: Rigol DS1000Z - firmware patch & plugins
« Reply #11 on: April 01, 2018, 09:21:30 am »
Renamed the zipfiles to rar's and unpacked the GEL file.    Firmware updated took perfectly fine, no issues.   Also, confirming that the BMP problem was fixed.  Did a self-cal and everything looks good.  I'll test the USB later.   Nice job!

I already miss the pluses....    :'(
 

Offline janekivi

  • Frequent Contributor
  • **
  • Posts: 368
  • Country: ee
Re: Rigol DS1000Z - firmware patch & plugins
« Reply #12 on: April 01, 2018, 09:38:34 am »
Images are stock now, original logo and guiPicData which is repacked, why?
What was changed there in last release?

In windows there is no need to rename any files if you use any 3rd party packer...
 

Offline konnorTopic starter

  • Contributor
  • Posts: 49
  • Country: ru
Re: Rigol DS1000Z - firmware patch & plugins
« Reply #13 on: April 01, 2018, 10:04:13 am »
Images are stock now, original logo and guiPicData which is repacked, why?
My program completely parses the firmware on the components (with the creation of BMP-files) and then collects it back. If the package algorithm parameters used by me work for the elf firmware file, then they will be correct for the rest of the files. If not - the original version of the images does not help the oscilloscope to start.

What was changed there in last release?
Fixed a conversion from 16-bit images used in firmware to a 24-bit BMP used for disassembled firmware. There was a mistake in the mask of the color channel. The module was written for a long time, and for half a year I was already accustomed to the non-standard color scheme and believed that it should be so. Approximately, as with the "pluses"  :D

In windows there is no need to rename any files if you use any 3rd party packer...

Yes, Winarar will unpack these files and without renaming. But I prefer to warn about a different format. It is better to make an unnecessary warning than not to do the necessary warning.
 

Offline Fungus

  • Super Contributor
  • ***
  • Posts: 16531
  • Country: 00
Re: Rigol DS1000Z - firmware patch & plugins
« Reply #14 on: April 01, 2018, 10:51:31 am »
zip files can be muliti-part, too.

Or... maybe we could admit that 7zip is now available everywhere, that zip and rar are legacy (almost).
 

Online khach

  • Contributor
  • Posts: 32
Re: Rigol DS1000Z - firmware patch & plugins
« Reply #15 on: April 01, 2018, 10:59:58 am »
konnor Is it possible to share the disassembly database of original firmware?
 

Offline janekivi

  • Frequent Contributor
  • **
  • Posts: 368
  • Country: ee
Re: Rigol DS1000Z - firmware patch & plugins
« Reply #16 on: April 01, 2018, 11:39:27 am »
Very good, vsjo ponjatno!
Disassembly should be interesting to see as we "inventing the same wheel" but going bit deeper...
 

Offline zbyr

  • Contributor
  • Posts: 23
  • Country: pl
Re: Rigol DS1000Z - firmware patch & plugins
« Reply #17 on: April 04, 2018, 01:05:31 pm »
Is it possible to modify firmware that it will allow use protocol decoders in segmented memory mode (option is greyed out) or maybe even better to decod from whole memory and not just from screen?
 

Offline Lightages

  • Supporter
  • ****
  • Posts: 4309
  • Country: ca
  • Canadian po
Re: Rigol DS1000Z - firmware patch & plugins
« Reply #18 on: April 04, 2018, 01:59:33 pm »
Thanks for your work on this konnor. I will get to try this in a couple of months when I and my equipment meet in Canada
 

Offline Daruosha

  • Regular Contributor
  • *
  • Posts: 181
  • Country: ir
Re: Rigol DS1000Z - firmware patch & plugins
« Reply #19 on: April 04, 2018, 03:09:17 pm »
Is it possible to modify firmware that it will allow use protocol decoders in segmented memory mode (option is greyed out) or maybe even better to decod from whole memory and not just from screen?

I never understood why Rigol took such an idiotic decision to disable the ability of combining segmented memory and protocol decoding. That's just way too disappointing.
 

Offline konnorTopic starter

  • Contributor
  • Posts: 49
  • Country: ru
Re: Rigol DS1000Z - firmware patch & plugins
« Reply #20 on: April 04, 2018, 03:22:24 pm »
Is it possible to modify firmware that it will allow use protocol decoders in segmented memory mode (option is greyed out) or maybe even better to decod from whole memory and not just from screen?
I still studied the decoding protocol modules to a minimum, only in some of the names of functions, associated with LXI. A list of the names of functions of the latest Rigol firmware  (with binding to addresses) is available in the plugin archive.

If the decoding is done in the central processor, then there should not be any fundamental problems. As a first step, you need to find the module, write an alternative module, and load it into memory with the utility. When/if it is debugged, you can inject it into the firmware. The work is certainly very large, but really feasible.

If FPGA resources are used for decoding, this will significantly complicate the process. I do not really know the working programs that allow you to "disassemble" the firmware of large FPGAs.  To understand all the details of FPGA functioning only on the basis of calls from the firmware is very difficult, if at all possible. This is a typical "blackbox" study.
 

Offline CustomEngineerer

  • Frequent Contributor
  • **
  • Posts: 463
  • Country: us
Re: Rigol DS1000Z - firmware patch & plugins
« Reply #21 on: April 04, 2018, 06:06:12 pm »
I never understood why Rigol took such an idiotic decision to disable the ability of combining segmented memory and protocol decoding. That's just way too disappointing.

Product segmentation? The DS2000 models (would imagine 4000 and 6000 as well) work with segmented memory and decoding. Isn't this how most equipment manufactures do things. Limit certain things in the lower (cheaper) models, to encourage people who need that functionality to buy the more expensive models.
 

Offline zbyr

  • Contributor
  • Posts: 23
  • Country: pl
Re: Rigol DS1000Z - firmware patch & plugins
« Reply #22 on: April 06, 2018, 12:29:54 am »
Is it possible to modify firmware that it will allow use protocol decoders in segmented memory mode (option is greyed out) or maybe even better to decod from whole memory and not just from screen?
I still studied the decoding protocol modules to a minimum, only in some of the names of functions, associated with LXI. A list of the names of functions of the latest Rigol firmware  (with binding to addresses) is available in the plugin archive.

If the decoding is done in the central processor, then there should not be any fundamental problems. As a first step, you need to find the module, write an alternative module, and load it into memory with the utility. When/if it is debugged, you can inject it into the firmware. The work is certainly very large, but really feasible.

If FPGA resources are used for decoding, this will significantly complicate the process. I do not really know the working programs that allow you to "disassemble" the firmware of large FPGAs.  To understand all the details of FPGA functioning only on the basis of calls from the firmware is very difficult, if at all possible. This is a typical "blackbox" study.

I thought that there is just software lock on decoders functions while in segmented memory mode and just remove that lock will be enough, not redesigning decoders from scratch. I know that decoding from whole memory would need making new modules and would be more complicated.
« Last Edit: April 06, 2018, 12:35:49 am by zbyr »
 

Offline Fungus

  • Super Contributor
  • ***
  • Posts: 16531
  • Country: 00
Re: Rigol DS1000Z - firmware patch & plugins
« Reply #23 on: April 06, 2018, 07:04:29 am »
If the decoding is done in the central processor, then there should not be any fundamental problems.

None, apart from the fact that the central processor probably doesn't have any access to the full sample memory. It can probably only see a 1200 byte downsampled buffer. The downsampling is what the FPGA does.
 

Offline stj

  • Super Contributor
  • ***
  • Posts: 2153
  • Country: gb
Re: Rigol DS1000Z - firmware patch & plugins
« Reply #24 on: April 06, 2018, 09:46:26 am »
can you extract and insert modules from other Rigol firmware?
like other protocol decoders??
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf