| Products > Test Equipment |
| Sniffing the Rigol's internal I2C bus |
| << < (496/899) > >> |
| Buzz239:
I guess there is nothing that can be done with the DS1102E it seems like it's already a Hacked DS1052E. |
| granz:
A couple things to check: do you see any clock activity on the TCK line when looking at it with a scope when you start up bfin-gdbproxy? Also, I just looked at the image of the connected programmer in the tutorial and it looks like he has the 3.3V from the Rigol JTAG header connected directly to the 3.3V from the other header on the Rigol board. THIS IS A BAD IDEA. These might be different 3.3V supply rails, and this connects the outputs of both regulators together. Just leave the 3.3V pin on the JTAG header unconnected. I didn't notice it originally, but this should be corrected in the tutorial. With your Olimex ARM-USB-OCD you probably need to supply VREF to set the signal levels, otherwise you'll get nothing. If you want to play it safe, set your DS2000 scope aside and first try just using a bench power supply with 3.3V connected to the VREF pin of your ARM-USB-OCD. Start up bfin-gdbproxy and look for the TCK signal. Also, nTRST should go high as soon as you start bfin-gdbproxy. I took the image of the ARM-USB-OCD connector from the website and annotated it for you. I don't have the device, so I can't verify the pinout of the connector. I hope that helps. |
| Flipp:
--- Quote from: Buzz239 on January 14, 2014, 05:28:47 pm ---I guess there is nothing that can be done with the DS1102E it seems like it's already a Hacked DS1052E. --- End quote --- Those days the topic is not really about the DS1kE series anymore. It has grown in federal directions over time. BTW. I just found out that my DS2072A is another 42nd weeks product just like tirolerbachs DS2202A is one. It would be nice to know if the private keys they used are consistent over the DS2kA series within every production week, wouldn`t it? There are 2 possibilities how they manage their licence key generation: 1. They have a list of their Keys which are random generated by rolling dice. Their license generator chooses the right key by looking at the Build date in the Serial ## 2. They generate the private key for the ECC in their license key generator by using the serial number and some sort of super-duper-hyperprivate key and a unknown Scramble or encryption algorithm. This would be very clever for them because all of the vulnerability is in their very secret own piece of software. No risk of loosing a list of private keys, they simply can keep their super-duper-hyperprivate key in a safe place without the need of weekly updates. We can look if there is any simple correlation between the different private keys. Best way for us would be to have a firmware which overrides the key verification process but this is a very hard way to go since all the reversing takes a lot of efford. Cybernet has already proven the possibility to toggle some functions like the bw. limit by firmware update. Flip |
| battlefield:
Ok as it looks like it only doesn't work using blacfin tools, it works when I'm using urjtag :D Now let's study some docs to get the right commands for memory dumping --- Code: ---jtag> cable arm-usb-ocd Connected to libftdi driver. jtag> frequency 5000000 Setting TCK frequency to 5000000 Hz jtag> detect IR length: 5 Chain length: 1 Device Id: 00100010011111100100000011001011 (0x227E40CB) Manufacturer: Analog Devices, Inc. (0x0CB) Part(0): BF526 (0x27E4) Stepping: 2 Filename: /usr/share/urjtag/analog/bf527/bf527 warning: ARM-USB-OCD: untested cable, set wait_clocks to 30 --- End code --- |
| granz:
I've been down that road actually. You can't get the memory dumps from the generic urjtag because it doesn't have the bus support which is added in the bfin toolchain version. Check "help initbus" from both versions of urjtag and you'll see the difference. I also couldn't get the bfin-jtag/bfin-gdbproxy versions to work with my adapter under 64-bit Linux. They worked for me on a 32-bit Linux box. Something to do with the ftdi driver I believe. |
| Navigation |
| Message Index |
| Next page |
| Previous page |