Author Topic: Sniffing the Rigol's internal I2C bus  (Read 1823096 times)

0 Members and 1 Guest are viewing this topic.

Offline mikeselectricstuff

  • Super Contributor
  • ***
  • Posts: 13677
  • Country: gb
    • Mike's Electric Stuff
Re: Sniffing the Rigol's internal I2C bus
« Reply #150 on: June 20, 2013, 09:18:04 pm »
It would be interesting to compare revenue lost through lost potential license sales versus extra equipment sales due to it being hackable.
I have little doubt that the publicity around the 1052 hack was a net benefit.
Youtube channel:Taking wierd stuff apart. Very apart.
Mike's Electric Stuff: High voltage, vintage electronics etc.
Day Job: Mostly LEDs
 

Offline marmad

  • Super Contributor
  • ***
  • Posts: 2979
  • Country: aq
    • DaysAlive
Re: Sniffing the Rigol's internal I2C bus
« Reply #151 on: June 20, 2013, 09:29:08 pm »
It would be interesting to compare revenue lost through lost potential license sales versus extra equipment sales due to it being hackable.
I have little doubt that the publicity around the 1052 hack was a net benefit.

Benefit for whom?

IF Rigol uses zero resources to try to counteract published hacks, then it's possibly a win for both current and future owners. Personally, I'd rather have new features in the FW than more security routines.
 

Offline mickpah

  • Regular Contributor
  • *
  • Posts: 148
  • Country: au
    • Yeti Hacks
Re: Sniffing the Rigol's internal I2C bus
« Reply #152 on: June 20, 2013, 09:43:47 pm »
Quote

Benefit for whom?

IF Rigol uses zero resources to try to counteract published hacks, then it's possibly a win for both current and future owners. Personally, I'd rather have new features in the FW than more security routines.

I kind of agree, but have they ever done this? resources to actually make them available to users would be a first step. If they want to play against the likes of Agilent the big differentiator is becoming support. I own a Rigol and am looking to buy one of their Arb's but having used Agilent received their updates and used their technotes paying a premium is really tempting.

If they want to go after the hobby/low end market a few how-tos for using their "advanced" features would likely generate more sales, time better spent that trying to lock the scope down again. Just my opinion away.  Throwing a keylock product in front of this market is like putting a chess game in front of  kasparov - you know we're going to play.
 
 

Offline jonese

  • Contributor
  • Posts: 26
  • Country: ca
Re: Sniffing the Rigol's internal I2C bus
« Reply #153 on: June 20, 2013, 09:51:21 pm »
I know I wouldn't have ordered a DS2102 if the possibility of hacking it didn't exist.
« Last Edit: June 21, 2013, 03:00:40 pm by jonese »
 

Offline Orange

  • Frequent Contributor
  • **
  • Posts: 346
  • Country: nl
Re: Sniffing the Rigol's internal I2C bus
« Reply #154 on: June 21, 2013, 05:09:35 am »
Lets try to avoid morel/ethical/commercial issues in this tread. keep it clean or at least on topic
 

Offline marmad

  • Super Contributor
  • ***
  • Posts: 2979
  • Country: aq
    • DaysAlive
Re: Sniffing the Rigol's internal I2C bus
« Reply #155 on: June 21, 2013, 08:49:06 am »
Lets try to avoid morel/ethical/commercial issues in this tread. keep it clean or at least on topic

Uh... sorry, but when you post something like this:

For sure Rigol does not like this, but it's all in the game  :)

...I think it's completely on-topic to discuss exactly if and what this 'game' might cost us long-time owners of the DSO.
 

Offline amyk

  • Super Contributor
  • ***
  • Posts: 8232
Re: Sniffing the Rigol's internal I2C bus
« Reply #156 on: June 21, 2013, 08:55:30 am »
Some photos of the ATtiny85 placed on the FRAM
I haven't looked closely at an AVR in some time, but is that a mil-spec part (the triangle marking)? :o
 

Offline Orange

  • Frequent Contributor
  • **
  • Posts: 346
  • Country: nl
Re: Sniffing the Rigol's internal I2C bus
« Reply #157 on: June 21, 2013, 11:40:43 am »
Some photos of the ATtiny85 placed on the FRAM
I haven't looked closely at an AVR in some time, but is that a mil-spec part (the triangle marking)? :o
Atmel only makes it in the industrial version (-40..85 deg. C), so nothing special. I think the triangle indicates pin 1 as an extra bonus :)
 

Offline KuchateK

  • Regular Contributor
  • *
  • Posts: 78
  • Country: us
Re: Sniffing the Rigol's internal I2C bus
« Reply #158 on: June 21, 2013, 12:50:06 pm »
I understand that in the old scopes some options were a huge modules full of custom expensive chips.

But in the modern scopes all is in the hardware (and you already bought it and paid for it). Maybe its the time to stop outdated model of selling you the car with three forward gears and demanding huge premium for fourth and fifth to let you go to a highway.

People are not stupid, they know they have everything already installed and they want to use it.

Looking at console hacking I bet that Rigol will have a hard time even with very complicated anti-hacking security in their products.
 

Offline marmad

  • Super Contributor
  • ***
  • Posts: 2979
  • Country: aq
    • DaysAlive
Re: Sniffing the Rigol's internal I2C bus
« Reply #159 on: June 21, 2013, 01:22:59 pm »
I understand that in the old scopes some options were a huge modules full of custom expensive chips.

But in the modern scopes all is in the hardware (and you already bought it and paid for it). Maybe its the time to stop outdated model of selling you the car with three forward gears and demanding huge premium for fourth and fifth to let you go to a highway.

People are not stupid, they know they have everything already installed and they want to use it.

Looking at console hacking I bet that Rigol will have a hard time even with very complicated anti-hacking security in their products.

This topic has been discussed ad infinitum on this forum (i.e. whether you like it or not, this is a method more and more companies are using to recoup development costs) - but wasn't the point of my original post. Nor was I trying to make a moral or ethical point about hacking: I've hacked - and I've benefited from hacking - in the past - and I expect Rigol knows people will do it. And I also wasn't trying to start a debate about whether Rigol will ultimately profit from this (probably they will) - I don't really care about any of these points.

My original comment/question was only about the possible 'cost' to DS2000 owners for PUBLIC posting of hacking information (I know it benefits people 'thinking' about buying the DSO). As I (and other owners here) have posted repeatedly over the last 7 months, the trial options have ALWAYS BEEN restartable - we just haven't posted the precise technique(s) in order to try to prevent Rigol from wasting development time.

So, leaving aside the other issues, the questions are:
1) Does Rigol have a limited amount of resources with which to develop new FW for the DS2000?
2) Will Rigol make any effort to counter publicly posted hacking techniques?

If you believe the answer to both of these questions is yes, then you have to wonder if this will, in any way, stunt FW development - that was my only point.

Pretending that there might be no ramifications just seems rather naïve. :)
« Last Edit: June 21, 2013, 01:25:28 pm by marmad »
 

Offline marmad

  • Super Contributor
  • ***
  • Posts: 2979
  • Country: aq
    • DaysAlive
Re: Sniffing the Rigol's internal I2C bus
« Reply #160 on: June 21, 2013, 01:57:08 pm »
Any delay to FW development will be more than offset by the benefit that users receive from this.

I think you forgot to add "in your opinion" - which it certainly is. I think you're not an owner yet, correct?  :)
« Last Edit: June 21, 2013, 01:59:52 pm by marmad »
 

Offline marmad

  • Super Contributor
  • ***
  • Posts: 2979
  • Country: aq
    • DaysAlive
Re: Sniffing the Rigol's internal I2C bus
« Reply #161 on: June 21, 2013, 04:15:09 pm »
All depends on Rigol market policy, if they dont make any profit anymore on the DS2000,
they leave it. Just sell out your stock and jump to the next. problem solved ( maybe the S series )

As mentioned elsewhere, the security techniques used in the DS2000 stretch across the entire line (UltraVision) and even likely to other current devices (perhaps the DG series?). So I doubt this will solve future potential problems for Rigol.

Quote
There is no need for more R&D on security, much to expensive.
So if there will be an update it will be the last...!!!

I'm not sure what logic you're basing this on. Again, R&D on security will affect MANY product lines. And from what I understand, the DS1000E series had quite a few FW releases after the hack became public - and from what I've read (although anybody who knows the full story can jump in here), they became more buggy up to a point (with more attempts by Rigol to plug the hack). So I seriously doubt that there will be just one more FW update on a product that is approximately 1 year old in Western markets.
 

Offline BravoV

  • Super Contributor
  • ***
  • Posts: 7547
  • Country: 00
  • +++ ATH1
Re: Sniffing the Rigol's internal I2C bus
« Reply #162 on: June 21, 2013, 04:51:42 pm »
Pretending that there might be no ramifications just seems rather naïve. :)

Consequences or not, once the product sucks either no updates for the nasty bugs or the updates actually break up things, then its time to move on to "other" brand, and I'm pretty sure Chinese scope manufacturers will keep evolving and improving at faster pace than now, and its not like they are the only scope maker out there.

C'mon, its just a scope, not the end of the world or like you've sold your soul to them.

Offline KuchateK

  • Regular Contributor
  • *
  • Posts: 78
  • Country: us
Re: Sniffing the Rigol's internal I2C bus
« Reply #163 on: June 21, 2013, 07:34:32 pm »
Rigol isn't microsoft or sony, they obviously aren't selling hardware at a loss to make money on options. I bet they also aren't financing development cost just from expensive models. Most markets clearly show that usually the cheapest models sold in large quantities are the best cash cow.

If they'll develop successful lock we are starting to compare unhackable ds2000 with everything else on the market. That $400 extra gets a lot harder to judge because you'll get a lot less. They'll spend money on development of security and in effect they'll have less potential sales because their product won't look as good in comparison to everything else.

They'll have to do something the same way they did on DS1052E. There are bean counters on top who like to count every hacked/pirated thing as lost sale. I have no doubt that US company would simply hunt all hacking efforts the same way RIAA is hunting everyone they can.

It is a hard decision for Rigol. On the one hand I don't think it pays off to fight it. On the other hand allowing it to continue looks bad for the management and investors.

But since Rigol isn't greedy US corporation and so far they thrived on cheap and hackable products I think it would be best to allow it some way or the other. After all its better to sell something than nothing. Greed doesn't pay off.

The answer is somewhere in their books. How many DS1102E were sold and how much sales of DS1052E jumped after the hack?
« Last Edit: June 21, 2013, 07:43:07 pm by KuchateK »
 

Offline bluesmoke

  • Contributor
  • Posts: 24
  • Country: us
Re: Sniffing the Rigol's internal I2C bus
« Reply #164 on: June 21, 2013, 08:31:31 pm »
I just got my DS2072 and now it's fully potted!  :-DD
 

Offline Stonent

  • Super Contributor
  • ***
  • Posts: 3824
  • Country: us
Re: Sniffing the Rigol's internal I2C bus
« Reply #165 on: June 21, 2013, 08:39:38 pm »
Said the Tiny85 to the FRAM chip "Hey baby, mind if I get my leg over?" :-DD
The larger the government, the smaller the citizen.
 

Offline c4757p

  • Super Contributor
  • ***
  • Posts: 7799
  • Country: us
  • adieu
Re: Sniffing the Rigol's internal I2C bus
« Reply #166 on: June 21, 2013, 09:54:06 pm »
I just got my DS2072 and now it's fully potted!  :-DD

Damn...  :-DD
No longer active here - try the IRC channel if you just can't be without me :)
 

Offline marmad

  • Super Contributor
  • ***
  • Posts: 2979
  • Country: aq
    • DaysAlive
Re: Sniffing the Rigol's internal I2C bus
« Reply #167 on: June 21, 2013, 11:14:59 pm »
I don't know why you are being so cagey about this. Aside from anything else the cat is well out of the bag now, with the method to reset the trial options being easily discoverable via Google. In fact you should prefer people using that method because it doesn't give them a free bandwidth upgrade.

Cagey?
1) Less than a week after getting the DS2000, I figured out how to restart the minutes - it's not rocket science.
2) Any owner that has joined us in the forum and posted a couple of times - and then asked any of the older members about restarting the trials (if they couldn't figure it out themselves) has gotten the info.

And why didn't we publicly post the info 7 or 6 or 5 or 4 or... months ago? Because we wanted Rigol to concentrate on fixing the bugs and issues we had with the DSO instead of focusing on plugging exploits - which is what happened (the exploit still works). Now I'd like to see the remaining bugs handled - and a few major mistakes/missing features of the UI taken care of. Last I heard, Rigol was planning to address the External Trigger complaints I raised in the upcoming release - now I'll just have to wait and see if that's a reality or not.

In fact you should prefer people using that method because it doesn't give them a free bandwidth upgrade.

I'm not sure why I would care if people get free bandwidth upgrade or not - I don't care if people get free stuff - I'm all for free stuff.  :)  My only point was about subtlety in passing around the methods to get the free stuff so that we (all owners of DS2000s) don't lose out on possible future FW enhancements as well.  ;)
« Last Edit: June 21, 2013, 11:39:27 pm by marmad »
 

Offline marmad

  • Super Contributor
  • ***
  • Posts: 2979
  • Country: aq
    • DaysAlive
Re: Sniffing the Rigol's internal I2C bus
« Reply #168 on: June 22, 2013, 10:30:57 am »
Cagey?
1) Less than a week after getting the DS2000, I figured out how to restart the minutes - it's not rocket science.
2) Any owner that has joined us in the forum and posted a couple of times - and then asked any of the older members about restarting the trials (if they couldn't figure it out themselves) has gotten the info.
You didn't answer my PM. I had to figure it out myself.
You're not an OWNER - you're just somebody who is 'planning' on buying one. And why don't we give out the info to non-owners? Because, instead of being someone invested in the future of the DSO, they may just turn out to be a petulant teenager with the desire to be cool by posting the info publicly somewhere, such as:

http://pastebin.com/qxSBkfTY

Oh wait, that wasn't you, was it?  :)

Of course, it's nonsense - if 'the poster' even did the slightest bit of research about the DSO, they'd know that license codes are keyed to individual serial numbers. The pastebin post is worthless - although interesting in the sense that it can be traced back to it's origins.

And BTW, how would you have figured it out if you don't own one of the DSOs?

Quote
Personally I think spending any time on security is a waste. They should just accept that once sold people are going to hack their equipment, but any commercial body will still just buy their options and be done with it. Licensing sounds wonderful on paper but never works properly in real life.
It's meaningless what you think about it; it matters what Rigol thinks. And the previous history (the DS1000 hack) implies that they're not going to 'just accept' it  - and a lot less potential profits were at stake then. It costs them nothing extra to attempt to plug exploits - they just divert allocated FW development costs into that particular area - so they reap the benefit of extra sales while attempting to prevent future hacking. It's a no-brainer for bean-counters.
« Last Edit: June 22, 2013, 01:12:18 pm by marmad »
 

Offline JimmyMz

  • Regular Contributor
  • *
  • Posts: 56
  • Country: us
Re: Sniffing the Rigol's internal I2C bus
« Reply #169 on: June 22, 2013, 01:13:32 pm »
Yeah, I don't really care for this moral/ethics debate, as it will amount to nothing in the end. I feel that elitism may be at work in this debate. When the information was given away publicly (Studio25 and Orange), others were stripped of their "judgements" of who gets the information and who doesn't (a.k.a. elitism). I asked Marmad too, but I asked under the assumption that it would amount to nothing. In other words, I was too sharp to think Marmad would deem me acceptable to receive any information regarding how to reset trial options. I mean honestly, what do you need, a picture of me holding the receipt? This isn't about teenagers using pastebin for "shits n' giggles." Elitism, it's a simple word, and it's surely at play. I wish it weren't true.  :phew:
« Last Edit: June 22, 2013, 01:17:04 pm by JimmyMz »
If you didn't get this message, let me know, and I'll get you another.
 

Offline jamesb

  • Regular Contributor
  • *
  • Posts: 54
  • Country: 00
Re: Sniffing the Rigol's internal I2C bus
« Reply #170 on: June 22, 2013, 01:40:54 pm »
I just got my DS2072 and now it's fully potted!  :-DD

AH, there we are - this is Rigol's effort to mitigate physical access, providing a physical tampering indicator (aside from the usual void stickers). Inspection of a more recent version of the scope would immediately show signs of tampering if one were to try to access the FRAM.

Is the potting compound clear / translucent?

This effort suggests that time / effort will be wasted on securing future firmware, delaying more important bug fixes.
 

Offline marmad

  • Super Contributor
  • ***
  • Posts: 2979
  • Country: aq
    • DaysAlive
Re: Sniffing the Rigol's internal I2C bus
« Reply #171 on: June 22, 2013, 02:50:56 pm »
As you point out the pastebin thing is worthless. I was simply referring to the fact that it is well known that once you have such a code you can use it as many times as you like by re-running the self Cal or firmware update. As I said, this information is just a Google search away, that horse bolted long ago.

I don't know where you're getting your information from, but you're completely wrong. You only have to read posts in the other thread to realize that those Trial License Keys are only usable ONCE. They set a flag in permanent memory - so unless you want to lose your calibration data, there is no way to reuse them. OTOH, the Official License Keys can be uninstalled and reinstalled.
 

Offline marmad

  • Super Contributor
  • ***
  • Posts: 2979
  • Country: aq
    • DaysAlive
Re: Sniffing the Rigol's internal I2C bus
« Reply #172 on: June 22, 2013, 02:59:12 pm »
Yeah, I don't really care for this moral/ethics debate, as it will amount to nothing in the end. I feel that elitism may be at work in this debate. When the information was given away publicly (Studio25 and Orange), others were stripped of their "judgements" of who gets the information and who doesn't (a.k.a. elitism). I asked Marmad too, but I asked under the assumption that it would amount to nothing. In other words, I was too sharp to think Marmad would deem me acceptable to receive any information regarding how to reset trial options. I mean honestly, what do you need, a picture of me holding the receipt? This isn't about teenagers using pastebin for "shits n' giggles." Elitism, it's a simple word, and it's surely at play. I wish it weren't true.  :phew:

This has nothing to do with morals/ethics/elitism - it has to do with trying to keep an exploit from being plugged by Rigol - period.  I (and other members here) have given the information to MANY other owners - no problems whatsoever (and again - it's NOT HARD to figure out the technique yourself). And what has been the result of this:

Rigol released new FW fixing almost all bugs and issues - but NOT plugging the exploit. What would have happened if the info had been publicly posted back in December?

Go read the original Agilent X-Series thread here when it became known early on that Agilent had inadvertently leaked the private key for creating license codes and see what people posted. Did someone start a new thread saying "How to create License Codes for the new Agilent X-Series" and post the key data. No - people stopped talking about it much publicly - and just wrote things like 'PM me for the data', etc. This also wasn't elitism - it was just trying to keep a good thing going.
 

Offline bxs

  • Regular Contributor
  • *
  • Posts: 89
  • Country: 00
Re: Sniffing the Rigol's internal I2C bus
« Reply #173 on: June 22, 2013, 04:32:39 pm »
Wow, this thread became huge...

I looked at the thread and have to say, this is a huge shoot at your foot  :o like it or not it's the true.

Showing all the info that way is not productive, actually is really quite counter productive.

Lets see, you make all that public, you enjoy it for a short period of time, but them what?

Instead of make your hack have a good living time, showing it all will make Rigol respond and invalidate it, so not quite a smart thing...

Rigol in the past responded so this time they will do the same.

The worse is that all the people that have been enjoying the hack will also suffer, but thats not all; the thing is that all the owners will also suffer, even those that never hacked it  :(

Rigol will respond, and for that they will use the same staff that are developing/supporting the scope, so those resources will be reallocated to prevent the hack instead of for example fixing bugs or adding new stuff to the scope...  ???

note: I'm not saying that I could not make a similar mistake, we all have done, and will do, thats life  ;)

EDIT:
In the end I have to say that if you have some info, information that is yours, it's up to you know what to do with it, that freedom have to exist.

And when I wrote:
Quote
The worse is that (...); the thing is that all the owners will also suffer, even those that never hacked it  :(

I'm not being fair, if this problem will exist, it is Rigol responsibility.

For people that had/have the hack and can also be affected by a response from Rigol; well the word "HACK" says it all...

I still think that it's a bit "naive" release all the info and don't expect response, but only the future will tell, so let's live the present and wait for what the future will bring us  ::)
« Last Edit: June 22, 2013, 06:26:16 pm by bxs »
 

Offline Orange

  • Frequent Contributor
  • **
  • Posts: 346
  • Country: nl
Re: Sniffing the Rigol's internal I2C bus
« Reply #174 on: June 22, 2013, 07:04:59 pm »
We all be burning in hell forever,


Jeesze what a lot of bullshit is on this forum.

Any good hacks available for the code generators ?
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf