Products > Test Equipment
Sniffing the Rigol's internal I2C bus
cidcorp:
--- Quote from: m-joy on January 03, 2014, 06:57:20 pm ---i thought 300 Mhz is "buggy" on all devices...
--- End quote ---
I thought the issues were only with the version 1 HW, which is what I have...
Chris
Co6aka:
--- Quote from: marmad on January 03, 2014, 08:08:03 pm ---:-DD
--- End quote ---
Exactly... :-DD (Makes way-way too much sense, so...)
Got a shiny new Amontec JTAGkey2P sitting on my bench right in front of my DSA1030A... >:D
Gallymimus:
--- Quote from: Co6aka on January 03, 2014, 06:24:25 pm ---
Actually, if code can be "debugged" it can be hacked, so it doesn't really matter what algos are used; at some point (in the code) there's a "BNE" on an invalid key that can be "NOP'ed" out. (Also, the encryption routines can be copied out and reversed, and somewhere has got to be the private key.) They could make life difficult by employing obfuscation, self-decrypting code, anti-debugging, and etc. They could disable/remove debugging support from the hardware, encrypt the firmware and embed decryption in the CPU, pot the whole thing, and require units to be sent in for firmware upgrades... :-DD
Bottom line: It's hackable. Period. Get over it. Let the popularity boost sales and capture market share, bump up prices accordingly, and sell lotsa hardware. Heck, open source the thing, and let the hacker community develop advanced features and bug fixes. Let the staff coders focus on new products, and assign one to "manage" the open source project.
--- End quote ---
:-DD |O NAIVE! |O :-DD
Mark_O:
--- Quote from: marmad on January 03, 2014, 08:08:03 pm ---
--- Quote from: Co6aka on January 03, 2014, 06:24:25 pm ---Heck, open source the thing, and let the hacker community develop advanced features and bug fixes. Let the staff coders focus on new products, and assign one to "manage" the open source project.
--- End quote ---
Yeah, that's gonna happen :-DD
--- End quote ---
Well, I'm sure other scope companies would appreciate that. :o Heck, then even Hantek might have at a chance at halfway decent firmware. And their scopes would finally support SCPI.
The downside would be that the competition would then lay off their teams of development programmers. Do you really want that one guy at Hantek to be out of a job? :'(
zombie28:
So here it is, the new license code decoder:
--- Code: ---//
// Copyright (c) 2013 RIGLOL Technologies, Inc. All Rights Reversed.
// This product includes software developed by the OpenSSL Project
// for use in the OpenSSL Toolkit. (http://www.openssl.org/)
//
#include <string.h>
#include "rc5.h"
typedef unsigned char uint8;
typedef unsigned int uint32;
typedef unsigned long long uint64;
#define LICENSE_CODE_LENGTH 28
static const uint8 RC5Key1[16] = { 0x3F, 0x57, 0x8E, 0x1C, 0x44, 0x18, 0x34, 0xDD, 0xA5, 0x46, 0x21, 0x36, 0x32, 0x81, 0xFB, 0xCF };
static const uint8 RC5Key2[16] = { 0x14, 0xDC, 0x15, 0xAF, 0xA1, 0x48, 0x3D, 0x7D, 0x6A, 0xC1, 0xDC, 0xA1, 0x79, 0x8D, 0xAA, 0x3E };
uint32 DecodeChar(char value)
{
char *charMap = "LRE8YFGHJK9SNBQ36MPVWXAZ2U45TC7D";
char *charPos = strchr(charMap, value);
return charPos == NULL ? 0 : charPos - charMap;
}
uint64 DecodeSignature(uint64 value)
{
uint32 shiftCount = value & 0x0f;
do value >>= 4; while(shiftCount-- > 0);
return value;
}
uint32 DecodeLicenseCode(char *licenseCode, uint64& sig1, uint64& sig2)
{
if(strlen(licenseCode) != LICENSE_CODE_LENGTH)
return 0;
uint8 licenseBits[35];
for(int i = 0, j = 0; i < LICENSE_CODE_LENGTH; i += 4, j += 5)
{
uint32 bitBuffer =
(DecodeChar(licenseCode[i]) << 15) +
(DecodeChar(licenseCode[i+1]) << 10) +
(DecodeChar(licenseCode[i+2]) << 5) +
DecodeChar(licenseCode[i+3]);
licenseBits[j] = bitBuffer >> 16;
licenseBits[j+1] = (bitBuffer >> 12) & 0xf;
licenseBits[j+2] = (bitBuffer >> 8) & 0xf;
licenseBits[j+3] = (bitBuffer >> 4) & 0xf;
licenseBits[j+4] = bitBuffer & 0xf;
}
uint64 RC5Block1 = 0;
uint64 RC5Block2 = 0;
for(int i = 0; i < 16; i++)
{
RC5Block1 |= uint64(licenseBits[i]) << i*4;
RC5Block2 |= uint64(licenseBits[i + 16]) << i*4;
}
RC5_32_KEY RC5Key;
RC5_32_set_key(&RC5Key, 16, RC5Key1, 16);
RC5_32_ecb_encrypt((uint8*)&RC5Block1, (uint8*)&RC5Block1, &RC5Key, 1);
RC5_32_set_key(&RC5Key, 16, RC5Key2, 16);
RC5_32_ecb_encrypt((uint8*)&RC5Block2, (uint8*)&RC5Block2, &RC5Key, 0);
// ECDSA signature
sig1 = DecodeSignature((RC5Block2 >> 8) | (uint64(licenseBits[33]) << 56));
sig2 = DecodeSignature(((RC5Block1 & 0xffffffffffff) << 8) | (RC5Block2 & 0xff) | (uint64(licenseBits[32]) << 56));
// option bits
return uint32(RC5Block1 >> 48) | (uint32(licenseBits[34]) << 16);
}
--- End code ---
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version