Author Topic: Siglent SDS2000X Plus Hack  (Read 24035 times)

maxspb69 and 4 Guests are viewing this topic.

Online maxspb69

  • Regular Contributor
  • *
  • Posts: 74
  • Country: ru
Re: Siglent SDS2000X Plus Hack
« Reply #150 on: January 21, 2021, 09:49:26 pm »
Thanks, now please attach your firmdata0\sys_cfg.cfg.

How can I get this data?
 

Online maxspb69

  • Regular Contributor
  • *
  • Posts: 74
  • Country: ru
Re: Siglent SDS2000X Plus Hack
« Reply #151 on: January 22, 2021, 05:53:58 pm »
My sys_cfg.cfg attached
 

Online tv84

  • Super Contributor
  • ***
  • Posts: 1968
  • Country: pt
Re: Siglent SDS2000X Plus Hack
« Reply #152 on: January 22, 2021, 06:22:23 pm »
This is the parsing:

Code: [Select]
Reversing 1st part of the file [00000000-00000CF7]...
XORing with 0xFF (incrementing pattern)...
XORing with 0xFF from 0x0000067C until 0x00000CF7

00000000 - Main Checksum: FFFFB5F9 [00000004-00000CF7]  CKSM OK
00000008 - Product_Type: AKIP
00000028 - CFG Type: SDS2000X Plus
0000003C - Manufacturer_Name: ????????
00000047 - CFG Flag_LongMemory: 00
00000048 - Product_ID: 15100
0000004C - Logo Image Size: 00000000 (0 pixels)
00000050 - USB_Prod_ID_PTP: EE39
00000052 - USB_Prod_ID_RAW: EE38
00000054 - USB_Prod_ID_TMC: EE3A
00000056 - USB_Vendor_ID: F4EC
00000058 - Prefix: AKIP
0000005C - Logo_Manufacturer: Siglent
0000009C - CFG Flag_pic_machine: 01
0000009D - CFG Flag_sys_machine: 01
0000009E - CFG Flag_____USB_TMC: 01
0000009F - CFG Flag___SCPI/ERES: 01
000000A0 - CFG Fl_invert/neuter: 00
000000A1 - CFG Flag___skew/gate: 00
000000A2 - CFG Flag____vxi/roll: 01
000000A3 - CFG Flag___________A: 00    not_used(?)
000000A4 - CFG Flag___lang_mask: 1800
000000A6 - CFG Flag__lang_total: 11
000000A7 - CFG Flag_mach_series: 00
000000A8 - Machine Name  20 MHz:
000000B7 - Machine Name  40 MHz:
000000C6 - Machine Name  60 MHz:
000000D5 - Machine Name 100 MHz: ????????-4129
000000E4 - Machine Name 150 MHz:
000000F3 - Machine Name 200 MHz: ????????-4129
00000102 - Machine Name 250 MHz:
00000111 - Machine Name 300 MHz: ????????-4129
00000120 - Machine Name  50 MHz:
0000012F - Machine Name  70 MHz: ????????-4129
0000013E - CFG Flag___BW_change: 00
0000013F - CFG Flag_hide_set_BW: 01
00000140 - Machine Name 350 MHz: ????????-4129
0000014F - Machine Name 500 MHz: ????????-4129
0000015E - Machine Name 750 MHz: ????????-4129
0000016D - Machine Name1000 MHz: ????????-4129

This is from a "normal" Siglent:
Code: [Select]
Reversing 1st part of the file [00000000-00000CF7]...
XORing with 0xFF (incrementing pattern)...
XORing with 0xFF from 0x0000067C until 0x00000CF7

00000000 - Main Checksum: FFFFD397 [00000004-00000CF7]  CKSM OK
00000008 - Product_Type: SIGLENT
00000028 - CFG Type: SDS2000X Plus
0000003C - Manufacturer_Name: SIGLENT
00000047 - CFG Flag_LongMemory: 00
00000048 - Product_ID: 15100
0000004C - Logo Image Size: 00000000 (0 pixels)
00000050 - USB_Prod_ID_PTP: EE39
00000052 - USB_Prod_ID_RAW: EE38
00000054 - USB_Prod_ID_TMC: EE3A
00000056 - USB_Vendor_ID: F4EC
00000058 - Prefix: SDS
0000005C - Logo_Manufacturer: Siglent
0000009C - CFG Flag_pic_machine: 01
0000009D - CFG Flag_sys_machine: 01
0000009E - CFG Flag_____USB_TMC: 01
0000009F - CFG Flag___SCPI/ERES: 01
000000A0 - CFG Fl_invert/neuter: 00
000000A1 - CFG Flag___skew/gate: 00
000000A2 - CFG Flag____vxi/roll: 01
000000A3 - CFG Flag___________A: 00    not_used(?)
000000A4 - CFG Flag___lang_mask: 1800
000000A6 - CFG Flag__lang_total: 11
000000A7 - CFG Flag_mach_series: 00
000000A8 - Machine Name  20 MHz:
000000B7 - Machine Name  40 MHz:
000000C6 - Machine Name  60 MHz:
000000D5 - Machine Name 100 MHz: SDS2104X Plus
000000E4 - Machine Name 150 MHz:
000000F3 - Machine Name 200 MHz: SDS2204X Plus
00000102 - Machine Name 250 MHz:
00000111 - Machine Name 300 MHz: SDS2304X Plus
00000120 - Machine Name  50 MHz:
0000012F - Machine Name  70 MHz: SDS2074X Plus
0000013E - CFG Flag___BW_change: 00
0000013F - CFG Flag_hide_set_BW: 01
00000140 - Machine Name 350 MHz: SDS2354X Plus
0000014F - Machine Name 500 MHz: SDS2504X Plus
0000015E - Machine Name 750 MHz:
0000016D - Machine Name1000 MHz:

So, I suggest your replace your file with the one attached.

Sync and reboot.

Let's see what happens.
 
The following users thanked this post: maxspb69

Online maxspb69

  • Regular Contributor
  • *
  • Posts: 74
  • Country: ru
Re: Siglent SDS2000X Plus Hack
« Reply #153 on: January 22, 2021, 06:41:38 pm »
Somehow I'm afraid. Will it make a brick? There's a possibility?
 

Online tv84

  • Super Contributor
  • ***
  • Posts: 1968
  • Country: pt
Re: Siglent SDS2000X Plus Hack
« Reply #154 on: January 22, 2021, 06:57:49 pm »
I don't see how that could happen. But it's your call.
 

Online maxspb69

  • Regular Contributor
  • *
  • Posts: 74
  • Country: ru
Re: Siglent SDS2000X Plus Hack
« Reply #155 on: January 22, 2021, 07:05:56 pm »
Ok, thank You! I try replace...
And please, send me /usr/bin/siglent/firmdata0/splash.gif file from "original siglent". This file is the boot splash logo. There is also a 'splash' file (without extension). What is it? Maybe they should be replaced together?
 

Online tv84

  • Super Contributor
  • ***
  • Posts: 1968
  • Country: pt
Re: Siglent SDS2000X Plus Hack
« Reply #156 on: January 22, 2021, 07:13:34 pm »
First change the cfg. After that we'll deal with the splash.
 
The following users thanked this post: maxspb69

Online maxspb69

  • Regular Contributor
  • *
  • Posts: 74
  • Country: ru
Re: Siglent SDS2000X Plus Hack
« Reply #157 on: January 22, 2021, 07:26:10 pm »
Done!
The 'đťodel' and saved file name template have changed!
It remains to change the splash (it's clear how to do it) and the little banner "AKIP" at the top right of the screen (if it possible).

 

Online tv84

  • Super Contributor
  • ***
  • Posts: 1968
  • Country: pt
Re: Siglent SDS2000X Plus Hack
« Reply #158 on: January 22, 2021, 07:52:35 pm »
 :-+

Now it's time for another member to share their splash image file. I think I don't have one here.
 
The following users thanked this post: maxspb69

Online maxspb69

  • Regular Contributor
  • *
  • Posts: 74
  • Country: ru
Re: Siglent SDS2000X Plus Hack
« Reply #159 on: January 22, 2021, 07:54:34 pm »
tv84, many thanks for the help! :-+
 

Online maxspb69

  • Regular Contributor
  • *
  • Posts: 74
  • Country: ru
Re: Siglent SDS2000X Plus Hack
« Reply #160 on: January 22, 2021, 08:58:50 pm »
By the way, replacing the splash.gif file doesn't change anything. The boot splash screen remains the same. What could be the problem?
 

Online tv84

  • Super Contributor
  • ***
  • Posts: 1968
  • Country: pt
Re: Siglent SDS2000X Plus Hack
« Reply #161 on: January 22, 2021, 09:19:51 pm »
NAND map:
Code: [Select]
0x000000000000-0x000000780000 : "fsbl"
0x000000780000-0x000000b80000 : "kerneldata"
0x000000b80000-0x000000c00000 : "device-tree"
0x000000c00000-0x000001100000 : "Manufacturedata"
0x000001100000-0x000001600000 : "reserved1"
0x000001600000-0x000002a00000 : "rootfs"
0x000002a00000-0x000003400000 : "firmdata0"
0x000003400000-0x00000a200000 : "siglent"
0x00000a200000-0x00000fc00000 : "datafs"
0x00000fc00000-0x000010000000 : "reserved2"

Can you make a NAND dump?

Maybe it is in the "Manufacturedata" MTD.

Or are rendered strings...
« Last Edit: January 22, 2021, 09:25:36 pm by tv84 »
 

Online maxspb69

  • Regular Contributor
  • *
  • Posts: 74
  • Country: ru
Re: Siglent SDS2000X Plus Hack
« Reply #162 on: January 22, 2021, 09:56:54 pm »
I don't want to completely lose the warranty by opening the device. Therefore, I cannot make a nand dump. However, if only a splash remains of the localization, it's also not bad, the main thing is that the names of the saved files are now more adequate!
It is strange that the most obvious thing caused difficulties (replacement of a splash)

And I corrected the caption in the upper right corner of the screen.  :D
« Last Edit: January 22, 2021, 10:00:47 pm by maxspb69 »
 

Online maxspb69

  • Regular Contributor
  • *
  • Posts: 74
  • Country: ru
Re: Siglent SDS2000X Plus Hack
« Reply #163 on: January 23, 2021, 08:38:36 am »
tv84, can I dump mtd3 'Manufacturedata'  or full NAND dump via telnet without opening the device?
 

Offline Martin72

  • Super Contributor
  • ***
  • Posts: 1695
  • Country: de
  • Testfield Technician
Re: Siglent SDS2000X Plus Hack
« Reply #164 on: January 23, 2021, 10:47:26 am »
Quote
I don't want to completely lose the warranty by opening the device.

There are several methods to remove the warranty sticker without damage..

Offline sdouble

  • Frequent Contributor
  • **
  • Posts: 267
  • Country: fr
Re: Siglent SDS2000X Plus Hack
« Reply #165 on: January 23, 2021, 02:37:48 pm »
A feedback about my unit which was (almost) DOA. I sent it back to the seller mid of December. They waited until Jan 6th to send it back to Siglent Germany. I got a phone call yesterday. The unit is repaired which is good news. The person in charge did not know what the problem was. However, he told me that Siglent noticed that the scope had been hacked  :rant: but they concluded that my problem was unrelated to the hack. Thus they repaired the scope under warranty and will get it back to me next week.
 :-+ 
I recently bought 2 units for the lab.I could find some time last Friday to hack them.
it worked well for the 1st unit. I also unlock the second one. Things happened to work flawlessly too but right after the process, the scope simply turned off and never turned on again.
Did anybody face such an issue ?

might be just a doa unit.. if you didnt do anything internally with the OS and was just keys through the UI that wouldnt have caused that

hard call to say if you should even open it up and try the uart port.. if it seems completely dead you are probly better off getting an exchange
 
The following users thanked this post: jemangedeslolos, 2N3055

Offline jemangedeslolos

  • Frequent Contributor
  • **
  • Posts: 355
  • Country: fr
Re: Siglent SDS2000X Plus Hack
« Reply #166 on: January 23, 2021, 03:10:47 pm »
It is nice from Siglent  :-+
 
The following users thanked this post: 2N3055

Offline jemangedeslolos

  • Frequent Contributor
  • **
  • Posts: 355
  • Country: fr
Re: Siglent SDS2000X Plus Hack
« Reply #167 on: January 23, 2021, 03:11:22 pm »
:-+

Now it's time for another member to share their splash image file. I think I don't have one here.

It is time for a tv84 splash screen  8)
 
The following users thanked this post: 2N3055

Offline Martin72

  • Super Contributor
  • ***
  • Posts: 1695
  • Country: de
  • Testfield Technician
Re: Siglent SDS2000X Plus Hack
« Reply #168 on: January 23, 2021, 03:12:18 pm »
Quote
However, he told me that Siglent noticed that the scope had been hacked  :rant: but they concluded that my problem was unrelated to the hack. Thus they repaired the scope under warranty and will get it back to me next week.

This is a very important thing to know and should be marked on top - Thankyou for sharing !!!!  :-+
 
The following users thanked this post: 2N3055

Online tv84

  • Super Contributor
  • ***
  • Posts: 1968
  • Country: pt
Re: Siglent SDS2000X Plus Hack
« Reply #169 on: Today at 04:46:54 pm »
tv84, can I dump mtd3 'Manufacturedata'  or full NAND dump via telnet without opening the device?

I'll try to get you a script. Ping me if I forget.
 
The following users thanked this post: maxspb69


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf