Siglent SDS5000X Oscilloscope Hack status - Dec 2021

[bdunham7]

@tv84 and bdunham7

1. Try MSO Option. Got the following keys

My script that worked for my SDS2000X+ gave me MSO 74YKS33SMU8W463P for your SCOPEID.  Are you entering that will the CAPS lock on? 

[djac]

@tv84

yes it seems that the script in whole will no longer work for future software versions. Yes I can telnet to the scope, if not I wouldn't have been able to read bandwith,txt. But what Do you mean with memdump. The whole /dev/mem? Can you explain this more precisely?

If I decide to go back to 9.3 I would like to know if it is possible to uninstall the 500M Upgrade savely. Do you know that?

@bdunham7
I make for both generated keys the input first with lower and then with upper case (Caps lock on) letters. All 4 tries lead to 'Data invalid'.

Regards Dieter

[djac]

@tv84
I try the memdump tomorrow, please pm me your mail address. I gues that even the zip file will be big.

And how can I remove the installed 500M?

Regards Dieter

[tv84]

Siglent's "Dynamic Key" has arrived!!!

Time to exercise some muscles...

From the release notes of FW v0.9.5R2:

Code: [Select]

5/22/2021
0.9.5R2
Fixed a bug which may cause failure on installation of option key in 0.9.5R1.
This may be the confirmation that starting with (? ? ?) v0.9.5R1 Siglent introduced "Dynamic Key" feature in its option licensing. That would be the only reason why Siglent would mess around with his old licensing app code.

So, for all scopes starting with these versions the public keygen will be worthless, for now. 

The same will happen to SDS2000X+, SDS6000, etc.

Attached is a firmdata0/NSP_system_info.xml of such a system (real info obfuscated).

[techneut]

I have V0.9.5R3 running and I entered today the last remaining option (Manch) and it was accepted. No problem

[bdunham7]

So, for all scopes starting with these versions the public keygen will be worthless, for now. 

I'm not clear on the concept.  If the dynamic key system is implemented in firmware using identical hardware, couldn't you just flash in older firmware and upgrade that way?

[tv84]

I'm not clear on the concept.  If the dynamic key system is implemented in firmware using identical hardware, couldn't you just flash in older firmware and upgrade that way?

We can do several things that I will not discuss here. But, I would suppose Siglent has prevented downgrades.

This only applies to newer machines. The oldies will continue until...

[ozel]

We can do several things that I will not discuss here. But, I would suppose Siglent has prevented downgrades.
This only applies to newer machines. The oldies will continue until...

I'm in the market for a SDS6000A. While 1GHz BW would be enough for me at the moment, I am wondering if it would be helpful to have the top-end SDS6204A 2 GHz model as a reference in the community?

[tv84]

About Siglent's new licensing scheme, see here.

Spoiler alert: it contains no details about the scheme.

[SpacedCowboy]

So, I'm not entirely clear what "We can do several things that I will not discuss here" means, and maybe I don't want to be

What I am wondering is if I could purchase the SDS6054A and update it to the SDS6204A. Still after those eye-diagrams, and although my head is saying "it's not worth it", the idea keeps sidling back into my mind when I'm not looking!

The gist of this dynamic key (and if I understand "the public keygen will be worthless, for now"), the answer is "If you get it yesterday, you have a chance of getting the old firmware, and you might be able to hack it, but if you get the new firmware, you're SOL".

Even if you have the old firmware, seems like you'd get locked out of upgrades in future. The cost difference is $2k from SDS6054A (at $8k) to SDS6204A (at $10k). Not sure if anyone is offering any discounts...

[FlexibleMammoth]

Hi,

sorry for the necromancing, but I hate starting new threads for exactly the same topic.

SDS5000X has gained a new option for ARINC429 decoding.
It appears I am unable to unlock the option with the known script - I tried ARINC, ARIN, 429 as seeds but none will work, neither CAPS nor lowercase. Tried via UI, since I dont have network connected at the moment... Has anyone succeeded?
BR Andreas

[Sighound36]

These extra features which are introduced over the lifetime of the scope are usually included in Firmware updates.
Which regard to opening that particular serial data decoding feature, one for the wizards of code on this fair bulletin board

[Martin72]

These extra features which are introduced over the lifetime of the scope are usually included in Firmware updates.

Exactly, the latest firmware (V0.9.8R1) from june must be installed before.

[FlexibleMammoth]

Hi Martin
Nice to see you again! Yes I have the latest firmware. Its just that the script works with seeds that are different from the option names (e.g. MANC instead of Manchester etc) and I did not happen to find the right one for ARINC yet.
BR Andreas

[Martin72]

Hi Andreas,

Hmm..maybe with the new firmware the old script method doesn´t function anymore..

[tv84]

Use these:

USB20 -> "U20"
ARINC -> "A429"

[Emo]

I can confirm A429 to be working!

Thank you(tried almost every other combination...)

Eric

[FlexibleMammoth]

I remeber someone tried the eye&jotter option on a sds5000x when the 6000a was new and it did not work since it lacks a coprocessor...  did anyone try the usb2.0 option?

[tautech]

I remeber someone tried the eye&jotter option on a sds5000x when the 6000a was new and it did not work since it lacks a coprocessor...  did anyone try the usb2.0 option?

Please stop and think.

No option can work if the SW that makes it do is not installed into a piece of equipment.
SDS5000X does not have some of the capabilities SDS6000A has, period !

Just because some Python script can generate a license code means nothing if functionality is not installed.....nothing to do with HW capability.

[Performa01]

I remeber someone tried the eye&jotter option on a sds5000x when the 6000a was new and it did not work since it lacks a coprocessor... 

The "coprocessor" is usually implemented in the FPGA, so we can create one whenever we need one. The FPGA resources are limited however - the SDS6000 certainly has a lot more of them compared to the SDS5000.

did anyone try the usb2.0 option?

To the best of my knowledge, USB 2.0 is actually implemented using some kind of "co-processor", i.e. a special separate chip. USB 2.0 makes only sense in high bandwidth scopes, hence this option is for the SDS6000 and higher models exclusively.

[Sidoroffff]

Hello tv84,

Sorry for restoring that topic.

I have checked license version of my SDS5034x with the SCPI command :syst:board? and got 4CH_500M_LIC-V2 

As expected, the well known Python script does not work. Are there other options to treat my Siglent? Memdump?

[tv84]

With a memdump you should be good to go.

And, yes there is a way to downgrade from Lic V2 to V1. It all goes about the Dynamic Key present in the device. But that's a poor man's solution.

[Sidoroffff]

tv84 thanks a lot for response

1. And, yes there is a way to downgrade from Lic V2 to V1.
Do you mean its possble to downgrade  FW version which doesn't support Licv2 , install SW options and upgrade to latest FW release?  Or using special ''patched' FW it that case?

2. With a memdump you should be good to go.
As I know the SHELLCMD door is closed now. Or agian - downgrade FW version? Do we have anoher way for gettinng root access with the telnet?

[tv84]

1. The FW supports both v1 and v2.

2. What version do you have?

[Sidoroffff]

2. 0.9.8R2