Products > Test Equipment
Sniffing the Rigol's internal I2C bus
<< < (477/899) > >>
sled:
I have implemented your interface in ANSI C, with a Makefile and some basic tests (copy the 0x00000000-0x01ffffff_dram.bin into the same folder to extract the keys).

The only thing that is missing is the descrambling of the public key, but I've added an empty method for it `void DescramblePublicKey(uint8_t bytes[8]);`

The only thing that I'm confused about is whether the public key is 7 or 8 bytes long because we read an 8 byte sequence from the dump file but in your examples the hex string has only 7 bytes.

Have fun and keep us updated  :-DD


Output when running the compiled test binary should look like:


--- Code: ------ FormatHex RC5Key1:
4155BFD82D429EA69B3EE7D7D59C8906
--- FormatHex RC5Key2:
B9BC53D8B8CE6CE3594555AA89556543
--- FormatHex XXTEAKey:
86F4A0930BC7ED276B2D6C2CE293535F
--- Compare reconstructed byte arrays from string to original:
RC5Key1: PASS
RC5Key2: PASS
XXTEAKey: PASS
---- PrintKeyData from memory:
RC5KEY1=4155BFD82D429EA69B3EE7D7D59C8906
RC5KEY2=B9BC53D8B8CE6CE3594555AA89556543
XXTEAKEY=86F4A0930BC7ED276B2D6C2CE293535F
PUBKEY=A0581020E5C012
SECKEY=ABCEDFGHIJKLMN
SERIAL=DS2E123456789012
---- SaveKeyData as key.dat ...
---- LoadKeyData from key.dat ...
---- PrintKeyData from file:
RC5KEY1=4155BFD82D429EA69B3EE7D7D59C8906
RC5KEY2=B9BC53D8B8CE6CE3594555AA89556543
XXTEAKEY=86F4A0930BC7ED276B2D6C2CE293535F
PUBKEY=A0581020E5C012
SECKEY=ABCEDFGHIJKLMN
SERIAL=DS2E123456789012
---- Compare KeyData from file with KeyData in memory:
RC5Key1: PASS
RC5Key2: PASS
XXTEAKey: PASS
publicKey: PASS
secretKey: PASS
serialNumber: PASS
---- Scanning Memory Dump
!!! DESCRAMBLE PUBLICK KEY: NOT IMPLEMENTED!
RC5KEY1=3F578E1C441834DDA54621363281FBCF
RC5KEY2=14DC15AFA1483D7D6AC1DCA1798DAA3E
XXTEAKEY=3969A204559C35529044ED8552161332
PUBKEY=
SECKEY=
SERIAL=

--- End code ---

tokugawa:
Hello guys, i've just bought new Rigol DS1074z and i tried to put key into it. While i was trying different keys i got a message
Installation avoid for 12 hours!
However at the end i've used the web : http://riglol.3owl.com/
and it worked beautifully.

I bought it in Czech Republic (Central Europe) and my sw version is 00.02.01.SP1

Thanks for your great work, wish you all good luck :)
zombie28:

--- Quote from: sled on January 09, 2014, 06:48:56 am ---The only thing that I'm confused about is whether the public key is 7 or 8 bytes long because we read an 8 byte sequence from the dump file but in your examples the hex string has only 7 bytes.

--- End quote ---

Rigol uses 56-bit ECC keys, but in scrambled (i.e. bit-shuffled) form they take up 64 bits.
neamyalo:
This is what tirulerbach has done to my scope with the info in my JTAG dump...   :-DMM

More DS****A memory dumps are needed...
neslekkim:
This is awesome!, did the serial change or do you still have one that starts with DS2D?, I didnt find out yet why mine starts with DS2E..
Navigation
Message Index
Next page
Previous page
There was an error while thanking
Thanking...

Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod