Products > Test Equipment
Sniffing the Rigol's internal I2C bus
<< < (549/899) > >>
AndersAnd:
Is there any reason why one pull-up resistor is 3k9 and the other 10k, why two different values? Or is this just what cybernet had at hand when he hooked it up?
Co6aka:

--- Quote from: zombie28 on January 28, 2014, 08:27:42 pm ---The keys in these dumps are different, so it seems highly probable that every unit has its own keys.
--- End quote ---

Generated from the serial number perhaps? Anyway... How does it look patching the firmware to dump the key on the screen? Or out via some other path? Also, wondering how and at what point they load the key (and sernum) because maybe there's some hidden factory function just for that purpose. (Also, as a service issue, how might they deal with a corrupted sernum and/or key?)
granz:

--- Quote from: AndersAnd on January 28, 2014, 09:39:40 pm ---Is there any reason why one pull-up resistor is 3k9 and the other 10k, why two different values? Or is this just what cybernet had at hand when he hooked it up?

--- End quote ---

I don't remember what I used for pull-ups, might have been two 10k.  It would only matter if that line had a pull-down on it already of something like 10k (think voltage divider etc.) because it is meant to be driven high by the jtag cable.
zombie28:

--- Quote from: Co6aka on January 28, 2014, 09:49:32 pm ---
--- Quote from: zombie28 on January 28, 2014, 08:27:42 pm ---The keys in these dumps are different, so it seems highly probable that every unit has its own keys.
--- End quote ---

Generated from the serial number perhaps?

--- End quote ---

I think so, but only Rigol knows the algorithm.


--- Quote --- Anyway... How does it look patching the firmware to dump the key on the screen? Or out via some other path?

--- End quote ---

Yes, I'm thinking about it and cybernet was coughing recently about something like that too...


--- Quote --- Also, wondering how and at what point they load the key (and sernum) because maybe there's some hidden factory function just for that purpose. (Also, as a service issue, how might they deal with a corrupted sernum and/or key?)

--- End quote ---

IIRC the keys are stored in two flash locations - if one fails, then the second copy is used. The keys are stored in encrypted form (using RC5 algorithm) and protected by ECDSA with quite a long key (256 bits or so).
Co6aka:

--- Quote from: zombie28 on January 28, 2014, 10:36:27 pm ---
--- Quote from: Co6aka on January 28, 2014, 09:49:32 pm ---Also, wondering how and at what point they load the key (and sernum) because maybe there's some hidden factory function just for that purpose. (Also, as a service issue, how might they deal with a corrupted sernum and/or key?)
--- End quote ---

IIRC the keys are stored in two flash locations - if one fails, then the second copy is used. The keys are stored in encrypted form (using RC5 algorithm) and protected by ECDSA with quite a long key (256 bits or so).

--- End quote ---

I meant, when are they first programmed to the scope during the manufacturing process, and how might they be restored/replaced during servicing... Let's think about this as if we're a manufacturer building them and servicing them. Would we pre-program the SN and KEY into the chips before they're soldered, or after the scope comes out of assembly? If after, how would we program them? Also, if servicing a scope, if we had to do a board swap how would we program the instrument's SN and KEY to the new board? Seems logical that we'd want some straightforward time-efficient way to enter SN and KEY into an instrument, so... :-//
Navigation
Message Index
Next page
Previous page
There was an error while thanking
Thanking...

Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod