Products > Test Equipment

Sniffing the Rigol's internal I2C bus

<< < (477/899) > >>

sled:
I have implemented your interface in ANSI C, with a Makefile and some basic tests (copy the 0x00000000-0x01ffffff_dram.bin into the same folder to extract the keys).

The only thing that is missing is the descrambling of the public key, but I've added an empty method for it `void DescramblePublicKey(uint8_t bytes[8]);`

The only thing that I'm confused about is whether the public key is 7 or 8 bytes long because we read an 8 byte sequence from the dump file but in your examples the hex string has only 7 bytes.

Have fun and keep us updated  :-DD


Output when running the compiled test binary should look like:


--- Code: ------ FormatHex RC5Key1:
4155BFD82D429EA69B3EE7D7D59C8906
--- FormatHex RC5Key2:
B9BC53D8B8CE6CE3594555AA89556543
--- FormatHex XXTEAKey:
86F4A0930BC7ED276B2D6C2CE293535F
--- Compare reconstructed byte arrays from string to original:
RC5Key1: PASS
RC5Key2: PASS
XXTEAKey: PASS
---- PrintKeyData from memory:
RC5KEY1=4155BFD82D429EA69B3EE7D7D59C8906
RC5KEY2=B9BC53D8B8CE6CE3594555AA89556543
XXTEAKEY=86F4A0930BC7ED276B2D6C2CE293535F
PUBKEY=A0581020E5C012
SECKEY=ABCEDFGHIJKLMN
SERIAL=DS2E123456789012
---- SaveKeyData as key.dat ...
---- LoadKeyData from key.dat ...
---- PrintKeyData from file:
RC5KEY1=4155BFD82D429EA69B3EE7D7D59C8906
RC5KEY2=B9BC53D8B8CE6CE3594555AA89556543
XXTEAKEY=86F4A0930BC7ED276B2D6C2CE293535F
PUBKEY=A0581020E5C012
SECKEY=ABCEDFGHIJKLMN
SERIAL=DS2E123456789012
---- Compare KeyData from file with KeyData in memory:
RC5Key1: PASS
RC5Key2: PASS
XXTEAKey: PASS
publicKey: PASS
secretKey: PASS
serialNumber: PASS
---- Scanning Memory Dump
!!! DESCRAMBLE PUBLICK KEY: NOT IMPLEMENTED!
RC5KEY1=3F578E1C441834DDA54621363281FBCF
RC5KEY2=14DC15AFA1483D7D6AC1DCA1798DAA3E
XXTEAKEY=3969A204559C35529044ED8552161332
PUBKEY=
SECKEY=
SERIAL=

--- End code ---

tokugawa:
Hello guys, i've just bought new Rigol DS1074z and i tried to put key into it. While i was trying different keys i got a message
Installation avoid for 12 hours!
However at the end i've used the web : http://riglol.3owl.com/
and it worked beautifully.

I bought it in Czech Republic (Central Europe) and my sw version is 00.02.01.SP1

Thanks for your great work, wish you all good luck :)

zombie28:

--- Quote from: sled on January 09, 2014, 06:48:56 am ---The only thing that I'm confused about is whether the public key is 7 or 8 bytes long because we read an 8 byte sequence from the dump file but in your examples the hex string has only 7 bytes.

--- End quote ---

Rigol uses 56-bit ECC keys, but in scrambled (i.e. bit-shuffled) form they take up 64 bits.

neamyalo:
This is what tirulerbach has done to my scope with the info in my JTAG dump...   :-DMM

More DS****A memory dumps are needed...

neslekkim:
This is awesome!, did the serial change or do you still have one that starts with DS2D?, I didnt find out yet why mine starts with DS2E..

Navigation

[0] Message Index

[#] Next page

[*] Previous page

There was an error while thanking
Thanking...
Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod