Products > Test Equipment
Sniffing the Rigol's internal I2C bus
Rigby:
--- Quote from: zombie28 on December 09, 2013, 04:20:21 pm ---
--- Quote from: marmad on December 09, 2013, 03:55:18 pm ---People with A-models were reporting that keygen doesn't work with the new firmware, but g***! (with a non-A model) reported that it worked for him.
--- End quote ---
And now I know why - Rigol didn't bother to change the public key either. I found the old public key in the new firmware (encoded by the same bit shuffling algorithm I described earlier). The sequence of encoded bytes is as follows: 97 58 B9 DE 24 C5 11 10, which obviously translates to "8445B2BE29E5C7". I believe Rigol didn't change the keys to maintain backward compatibility with previously sold license codes.
--- End quote ---
So why isn't the keygen working, then?
Thank you for jumping in and working on this, by the way. I love it when a community comes together.
marmad:
--- Quote from: zombie28 on December 09, 2013, 04:20:21 pm ---And now I know why - Rigol didn't bother to change the public key either. I found the old public key in the new firmware (encoded by the same bit shuffling algorithm I described earlier). The sequence of encoded bytes is as follows: 97 58 B9 DE 24 C5 11 10, which obviously translates to "8445B2BE29E5C7". I believe Rigol didn't change the keys to maintain backward compatibility with previously sold license codes.
--- End quote ---
So the keygen only has to be modified to work with the changed A-model "DS2Dxxxxxxxxx" serial numbers?
Edit: Ahh... I just noticed you edited your post to reflect the possibility of two public keys.
It seems to me that it's likely the presence of a "D" serial number (or jumpers/pull-ups on the PCB) involves using a different public key/technique - and also the availability of the CAN option and 50 Ohm input (which non-A model Hardware v.2 owners are unable to access).
alank2:
There has to be some other cause. Could they have limited the seed (which has been a wide open int32) to a specific value?
zombie28:
--- Quote from: Rigby on December 09, 2013, 04:54:06 pm ---So why isn't the keygen working, then?
--- End quote ---
They may use two separate keys or different hashing/encoding algorithms for 'non-A' and 'A' license codes.
cybernet:
--- Quote from: zombie28 on December 09, 2013, 04:59:40 pm ---They may use two separate keys or different hashing/encoding algorithms for 'non-A' and 'A' license codes.
--- End quote ---
that explains why the verification routines look a bit different ... i wish the stupid ida signatures would work better, kinda sick of going over the miracl lib again ;)
given the possibility to patch firmware, it probably easier to override it now, then to update the keygen (if the private key can be found this time)
--- Code: ---SDRAM:EE7440 ECC_8445B2BE29E5C7: dd 0xDEB95897 # DATA XREF: sub_71C7E+24?
SDRAM:EE7444 dd 0x1011C524
--- End code ---
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version