Products > Test Equipment
R&S RTB2004 Snooping
ElectronMan:
--- Quote from: uski on October 31, 2020, 06:11:07 am ---Some pretty cool content in the firmware...
An error message :
--- Code: ---1GHz Bandwidth extension is not supported
with present hardware configuration.
TXT_ID_LICENCE_OKL_1GHz_BW_UPGRADE_NOT_SUPPORTED
--- End code ---
And a bunch of license numbers and descriptions, including these :
--- Code: ---B1 - MSO 16 Logic Channels
TXT_ID_LICENCE_OKL_DESIG_B1
B200 - Bandwidth ext. 500MHz
TXT_ID_LICENCE_OKL_DESIG_B200
B201 - Bandwidth ext. 350MHz
TXT_ID_LICENCE_OKL_DESIG_B201
B202 - Bandwidth ext. 500MHz
TXT_ID_LICENCE_OKL_DESIG_B202
B203 - Bandwidth ext. 1GHz
TXT_ID_LICENCE_OKL_DESIG_B203
B204 - Bandwidth ext. 1GHz
TXT_ID_LICENCE_OKL_DESIG_B204
B205 - Bandwidth ext. 1GHz
TXT_ID_LICENCE_OKL_DESIG_B205
--- End code ---
Not saying it will work or it is supported... but these strings are there in the firmware ^-^
--- End quote ---
That's just the LUT (look-up-table) for English names for those licenses. RTM and RTA licenses are included in that database.
ElectronMan:
--- Quote from: uski on October 29, 2020, 10:35:03 am ---There are these SCPI commands :
DIAGNOSTIC:PRODUCT:OPTION:STATUS
DIAGNOSTIC:PRODUCT:OPTION:LIST
DIAGNOSTIC:PRODUCT:OPTION:ENABLE OFF ON
DIAGNOSTIC:PRODUCT:OPTION:FACTORY:CLEAR
DIAGNOSTIC:PRODUCT:MNUMBER:SET
Obviously I would not try CLEAR... but STATUS/LIST and ENABLE seem interesting...
Regarding reverse engineering, if the ENABLE command asks for a key, it could be possible to statically decompile the code and look at what checks are performed. This could yield to the key algorithm.
I don't have an RTB - I am waiting to see where this thread goes before maybe getting one. Someone wants to try these commands ? ;D
PS: Oh and MNUMBER can be promising... maybe it allows changing the model number to... a higher bandwidth version ? >:D
--- End quote ---
This is an interesting SCPI command on the RTB2004:
--- Code: ---JOSHUA?
"Have Fun"
--- End code ---
I haven't been able to tell what it does, but if someone knows a SCPI command that fails due to permissions and can try it after that, it could be helpful.
uski:
--- Quote from: ElectronMan on October 31, 2020, 03:45:58 pm ---That's just the LUT (look-up-table) for English names for those licenses. RTM and RTA licenses are included in that database.
--- End quote ---
Stop breaking my dreams !
1 GHz bandwidth on a 2.5GSPS scope would not be too helpful anyway.
Have you found out how the strings from the LUT are referenced in the rest of the firmware ? Having some trouble with Xrefs.
--- Quote from: ElectronMan on October 31, 2020, 10:16:37 pm ---This is an interesting SCPI command on the RTB2004:
--- Code: ---JOSHUA?
"Have Fun"
--- End code ---
I haven't been able to tell what it does, but if someone knows a SCPI command that fails due to permissions and can try it after that, it could be helpful.
--- End quote ---
If you managed to get Xrefs between the strings and the rest of the code, you can see if any flag in memory is altered from the code handling this command.
You can then see the Xrefs to these flags (if any) and see what else it affects
tv84:
--- Quote from: PeDre on November 01, 2020, 06:57:06 am ---I do not really understand your question. Are you looking for a SCPI command so that you can execute e.g. the diagnostic commands?
--- End quote ---
He's asking if the joshua command enables something that, before issuing it, could be forbidden. He hasn't discovered none but maybe someone can show him one of those forbidden commands.
YetAnotherTechie:
There are plenty of commands that silently fail, like the ones mentioned earlier to check the file system, trough SCPI they don't work, the ones to check temperature or fan speed don't work either. It would be nice to discover how to enable them, and avoid jtaging in.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version