| Products > Test Equipment |
| Sniffing the Rigol's internal I2C bus |
| << < (477/899) > >> |
| sled:
I have implemented your interface in ANSI C, with a Makefile and some basic tests (copy the 0x00000000-0x01ffffff_dram.bin into the same folder to extract the keys). The only thing that is missing is the descrambling of the public key, but I've added an empty method for it `void DescramblePublicKey(uint8_t bytes[8]);` The only thing that I'm confused about is whether the public key is 7 or 8 bytes long because we read an 8 byte sequence from the dump file but in your examples the hex string has only 7 bytes. Have fun and keep us updated :-DD Output when running the compiled test binary should look like: --- Code: ------ FormatHex RC5Key1: 4155BFD82D429EA69B3EE7D7D59C8906 --- FormatHex RC5Key2: B9BC53D8B8CE6CE3594555AA89556543 --- FormatHex XXTEAKey: 86F4A0930BC7ED276B2D6C2CE293535F --- Compare reconstructed byte arrays from string to original: RC5Key1: PASS RC5Key2: PASS XXTEAKey: PASS ---- PrintKeyData from memory: RC5KEY1=4155BFD82D429EA69B3EE7D7D59C8906 RC5KEY2=B9BC53D8B8CE6CE3594555AA89556543 XXTEAKEY=86F4A0930BC7ED276B2D6C2CE293535F PUBKEY=A0581020E5C012 SECKEY=ABCEDFGHIJKLMN SERIAL=DS2E123456789012 ---- SaveKeyData as key.dat ... ---- LoadKeyData from key.dat ... ---- PrintKeyData from file: RC5KEY1=4155BFD82D429EA69B3EE7D7D59C8906 RC5KEY2=B9BC53D8B8CE6CE3594555AA89556543 XXTEAKEY=86F4A0930BC7ED276B2D6C2CE293535F PUBKEY=A0581020E5C012 SECKEY=ABCEDFGHIJKLMN SERIAL=DS2E123456789012 ---- Compare KeyData from file with KeyData in memory: RC5Key1: PASS RC5Key2: PASS XXTEAKey: PASS publicKey: PASS secretKey: PASS serialNumber: PASS ---- Scanning Memory Dump !!! DESCRAMBLE PUBLICK KEY: NOT IMPLEMENTED! RC5KEY1=3F578E1C441834DDA54621363281FBCF RC5KEY2=14DC15AFA1483D7D6AC1DCA1798DAA3E XXTEAKEY=3969A204559C35529044ED8552161332 PUBKEY= SECKEY= SERIAL= --- End code --- |
| tokugawa:
Hello guys, i've just bought new Rigol DS1074z and i tried to put key into it. While i was trying different keys i got a message Installation avoid for 12 hours! However at the end i've used the web : http://riglol.3owl.com/ and it worked beautifully. I bought it in Czech Republic (Central Europe) and my sw version is 00.02.01.SP1 Thanks for your great work, wish you all good luck :) |
| zombie28:
--- Quote from: sled on January 09, 2014, 06:48:56 am ---The only thing that I'm confused about is whether the public key is 7 or 8 bytes long because we read an 8 byte sequence from the dump file but in your examples the hex string has only 7 bytes. --- End quote --- Rigol uses 56-bit ECC keys, but in scrambled (i.e. bit-shuffled) form they take up 64 bits. |
| neamyalo:
This is what tirulerbach has done to my scope with the info in my JTAG dump... :-DMM More DS****A memory dumps are needed... |
| neslekkim:
This is awesome!, did the serial change or do you still have one that starts with DS2D?, I didnt find out yet why mine starts with DS2E.. |
| Navigation |
| Message Index |
| Next page |
| Previous page |