| Products > Test Equipment |
| Siglent .ads firmware file format |
| << < (43/85) > >> |
| tv84:
How to open a telnet session in a Siglent when the root password is unknown? Use the following scripts, according to each equipment. They provide a root session via port 10101. |
| vt100:
https://github.com/Siglent/TryKeys.git TryKeys - a .NET Core 2.1 utility - Companion application to FindKeys The purpose of this utility is to recover the valid keys you licensed with your scope but you lost the paperwork for and you do not remember the codes for. First you generate a list of possible keys using the FindKeys utility. Edit the output of FindKeys to remove any keys which are not likely candidates (e.g. real life words). Then, execute this utility using that file as an input source. Upon startup, the program reads the contents of "TryKeys.json" to configure various parameters needed for it to work. The options in this file and their purpose are as follows: keyfile: The fully-qualified path to the list of keys you wish to try, e.g. "g:trykeys.txt" scopeip: the IP address of the scope, needed for web and telnet access port: the telnet port the program should connect to. Default '23'. username: The telnet username. Default is "root". password: The telnet password. Default is "eevblog" bandwidth: Tells the program to not only attempt to find any missing option licenses, but also the maximum bandwidth license. Theory of operation: The program cycles through a list of keys contained in the key file. For option licenses, it issues the "license install" SCPI command through the web interface. It uses the telnet connection to determine if the option license file was created in /usr/bin/siglent/firmdata0 after issuing the command. If the file exists, then the key used for the license install command was the 'correct' one. For bandwidth licenses, the program determines the current bandwidth license key from the firmdata0 directory, and what that key is good for, by using the PRBD SCPI command. Then, it cycles through the keys, issuing the MCBD with they test key, and then re-examines the output of PRBD to determine if the bandwidth has changed. If so, it determines if the bandwidth increased -- in which case, it will check to see if the maximum bandwidth has been reached with the key. If the bandwidth decreased, then it re-issues the MCBD command to 're-install' the 'current' bandwidth license key so scope bandwidth will not decrease. A log is dumped to the console. Upon program completion, the scope will be restarted if the bandwidth was changed. This is necessary for the new bandwidth to take effect. Finally, a summary of license keys located will be printed. To execute from the command line: dotnet TryKeys.dll Sample log file: Execution starts @ 10/4/2018 8:58 PM Scope Option 'AWG' not licensed, will seek key Scope Option 'MSO' not licensed, will seek key Scope Option 'WIFI' not licensed, will seek key Scope bandwidth license key: VVVVVVVVVVVVVVV We have 584 keys to try for 4 options Scope bandwidth currently licensed: 50M of 200M 100M Bandwidth license key found: 1111111111111111 Maximum bandwidth (200M) license key found: 2222222222222222 Scope Option 'AWG' license key found: AAAAAAAAAAAAAAAA Scope Option 'MSO' license key found: MMMMMMMMMMMMMMMM Scope Option 'WIFI' license key found: WWWWWWWWWWWWWWWW Summary of License keys located: 200M bandwidth license key: 2222222222222222 AWG license key: AAAAAAAAAAAAAAAA MSO license key: MMMMMMMMMMMMMMMM WIFI license key: WWWWWWWWWWWWWWWW Rebooting scope to activate higher bandwidth license. Execution ends @ 10/4/2018 9:03 PM You can verify the presence of your recovered license keys on the scope's 'options' screen. You should print a copy of your recovered license keys and keep them in a safe place for future reference. To revert the scope back to the previous bandwidth license, and to remove the optional licenses, you execute the following script after logging in via a telnet session as root: mount -o remount,rw /usr/bin/siglent/firmdata0 rm /usr/bin/siglent/firmdata0/options* cat VVVVVVVVVVVVVVVV > /usr/bin/siglent/firmdata0/bandwidth.txt (control-d)(control-d) sync reboot This program has several dependencies you must install through the NuGet Package Manager. They are: Microsoft.Extensions.Configuration, Microsoft.Extensions.Configuration.Json, Newtonsoft.Json, and Telnet (from 9swampy). Note: at the moment this utility only supports the SDS1###X-E series of scopes, however, additional functionality will be added as details become available. Special thanks to eevblog user tv84 who gave me tons of assistance during the development of this utility. |
| vt100:
This process will obtain your license keys from a core dump of the scope application itself, in case you lost the paperwork after you purchased them (of course). No "guessing games" like the other software posted (although it was a fun intellectual exercise!) Skill level: Easy/Moderate Risk: Slim to none. Assumptions: You know the root password to your scope. Steps: 1. download full armv7l version of busybox which has core dump enabled. see: https://busybox.net/downloads/binaries/1.28.1-defconfig-multiarch/busybox-armv7l 2. put version on thumb disk 3. reboot scope to known state 4. telnet to scope and log in as root 5. insert usb stick 6. copy busybox binary from usb to /tmp: cp /usr/bin/siglent/usr/mass_storage0/U-disk/busybox-armv7l /tmp 7. unmount and remove usb umount /usr/bin/siglent/usr/mass_storage/U-disk0 (and then remove usb stick) 8. identify and kill existing sds1000b.app ps -ef | grep sds | awk '{printf "kill -9 %s\n", $1}' | ash 9. change to /tmp directory: cd /tmp 10. launch new busybox ash shell /tmp/busybox_armv7l ash (when you press enter it looks like nothing happens, but something does) 11. re-launch scope app in new busybox environment in background /usr/bin/siglent/sds1000b.app & 12. increase core dump ulimit to unlimited: ulimit -c unlimited you can verify new limit by typing ulimit -c and you should get a response "unlimited" 12. kill scope app again, telling OS to create a core dump of the app: ps -ef | grep sds | awk '{printf "kill -ABRT %s\n", $1}' | ash 13. wait a few seconds, and press enter once or twice. you should see: [1]+ Aborted (core dumped) /usr/bin/siglent/sds1000b.app if you do not, you did something wrong, go to step #3 14. verify core dump is in /tmp: ls /tmp/core* you should see something like this: -rw------- 1 root root 377511936 Jan 1 00:14 /tmp/core if not, you did something wrong, go to step #3 15. exit out of usb version of busybox shell exit (it will look like nothing happens when you press enter, but, something does) 16. re-launch Siglent scope application. See Step #11 17. insert usb drive 18. copy core dump to thumb drive cp core /usr/bin/siglent/usr/mass_storage/U-disk0/coredump.bin (this will take a minute or two, its a big file) 19. unmount usb stick and remove (see step #7) 20. Insert USB stick on Windows/Mac/Linux and open the coredump.bin file in your favorite hex editor. 21. Search for string "SDS1000X-E". Keep searching until you find the string next to either your scopeid (if you do not know your scope id, you can get it using the SCPI SCOPEID? command thru the web interface) or your serial number. 22. When you locate the entry with your scope ID, you will see a series of 5 16-character strings below it (one will look like a 32 character string, split it into half so you have two 16-character strings. These are your 100, 200, 50 and 70 mhz license keys, respectively. The one that appears twice is the license key your scope is currently licensed under. 23. You can license a different bandwidth by typing MCBD (license key) at the scope's SCPI web interface. It is necessary to reboot after you do this for everything to reset and take effect. You can verify the bandwidth by typing PRBD? through the SCPI web interface. 24. When you locate the entry with your serial number, you will see a series of (at least) 3 16-character strings. If you have any options already licensed, those keys will appear twice. if you have no options licensed, they only appear once. The keys are, respectively, AWG, WIFI and MSO. 25. You can license any options through the scope's SCPI interface using LCISL (option),(key) where (option) is AWG, WIFI or MSO and (key) is the 16-character key. 26. after doing so, even though the options are immediately licensed and active, I recommend a reboot for the new options to take effect. 27. Write keys down in a safe place so you do not lose them again. |
| janekivi:
--- Quote from: kerouanton on October 04, 2018, 08:27:08 am ---Nice. But I'm wondering how Siglent will react considering you created a "Siglent" account on Github to host this code! --- End quote --- They keep always eye on us but have nothing to say... |
| joeyjoejoe:
I think it's relatively smart. I think the number of entities who would touch these unlocks (Rigol, Siglent, etc) are almost non-existent. Any university, lab, company or facility wouldn't go for the risks. Even outside of those requiring certifications.. I can't imagine the discussion. Employee : "Hey boss, we need specs X on our scope... we can save 300$ on by buying the cheaper model, and then just unlocking those features to meet our needs... but it won't be supported and there's a small risk that I brick the device.. or we can't get future updates..." Manager/Exec : "So if that happens, we now have a scope that's either literally useless (bricked) or doesn't meet our minimum specs? ... why are you still here." Hobbyists will accept the risk since they can personally accept any risk they want. And generally speaking, I think the companies are aware of the reach of these unlocks. A hobbyist who buys a 50MHz scope that can unlock to 100MHz probably wouldn't buy the 100 if he couldn't, so the actual impact on revenue would be small. However, at the same time, they are probably making sure that a 50MHz scope can't be unlocked to a 500MHz scope (ignoring hardware) as then it starts stepping on the toes of a product line. |
| Navigation |
| Message Index |
| Next page |
| Previous page |