Products > Test Equipment

Sniffing the Rigol's internal I2C bus

<< < (356/899) > >>

Rigby:

--- Quote from: zombie28 on December 09, 2013, 04:20:21 pm ---
--- Quote from: marmad on December 09, 2013, 03:55:18 pm ---People with A-models were reporting that keygen doesn't work with the new firmware, but g***! (with a non-A model) reported that it worked for him.

--- End quote ---

And now I know why - Rigol didn't bother to change the public key either. I found the old public key in the new firmware (encoded by the same bit shuffling algorithm I described earlier). The sequence of encoded bytes is as follows: 97 58 B9 DE 24 C5 11 10, which obviously translates to "8445B2BE29E5C7". I believe Rigol didn't change the keys to maintain backward compatibility with previously sold license codes.

--- End quote ---

So why isn't the keygen working, then?

Thank you for jumping in and working on this, by the way.  I love it when a community comes together.

marmad:

--- Quote from: zombie28 on December 09, 2013, 04:20:21 pm ---And now I know why - Rigol didn't bother to change the public key either. I found the old public key in the new firmware (encoded by the same bit shuffling algorithm I described earlier). The sequence of encoded bytes is as follows: 97 58 B9 DE 24 C5 11 10, which obviously translates to "8445B2BE29E5C7". I believe Rigol didn't change the keys to maintain backward compatibility with previously sold license codes.

--- End quote ---

So the keygen only has to be modified to work with the changed A-model "DS2Dxxxxxxxxx" serial numbers?

Edit: Ahh... I just noticed you edited your post to reflect the possibility of two public keys.

It seems to me that it's likely the presence of a "D" serial number (or jumpers/pull-ups on the PCB) involves using a different public key/technique - and also the availability of the CAN option and 50 Ohm input (which non-A model Hardware v.2 owners are unable to access).

alank2:
There has to be some other cause.  Could they have limited the seed (which has been a wide open int32) to a specific value?

zombie28:

--- Quote from: Rigby on December 09, 2013, 04:54:06 pm ---So why isn't the keygen working, then?

--- End quote ---

They may use two separate keys or different hashing/encoding algorithms for 'non-A' and 'A' license codes.

cybernet:

--- Quote from: zombie28 on December 09, 2013, 04:59:40 pm ---They may use two separate keys or different hashing/encoding algorithms for 'non-A' and 'A' license codes.

--- End quote ---

that explains why the verification routines look a bit different ... i wish the stupid ida signatures would work better, kinda sick of going over the miracl lib again ;)
given the possibility to patch firmware, it probably easier to override it now, then to update the keygen (if the private key can be found this time)



--- Code: ---SDRAM:EE7440 ECC_8445B2BE29E5C7:   dd 0xDEB95897           # DATA XREF: sub_71C7E+24?
SDRAM:EE7444                 dd 0x1011C524

--- End code ---

Navigation

[0] Message Index

[#] Next page

[*] Previous page

There was an error while thanking
Thanking...
Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod