Products > Test Equipment
Sniffing the Rigol's internal I2C bus
DocSnyder:
--- Quote from: hematose on August 26, 2014, 02:29:23 pm ---
--- Quote from: DocSnyder on August 25, 2014, 10:57:44 am ---Will I have to do the same procedure for the MSO1074Z-S? As much as I understood the private key of the Ds1k has been read out of the firmware. Now it seems that the MSO behaves not the the same. Will the JTAG method work in the same way as it does for the DS2000? or do I simply have to use other option keys? thank you for your support.
--- End quote ---
If you manage to do this and get the private key, you will have a lot of grateful people here!
--- End quote ---
I am new to that topic. But i do not have fear to go that way. But i would like to get a quote or a hint what way should be the best way to do it. I am aware of the procedure for the DS2000 but i have no clue if this is the same for the MSO1074Z-s. How did they find the key for the DS1000? And how are the option keys to be found? The same way and toolchain as on the DS2000.
Maybe they have only changed the option keys. To many questions.
It would be extremely helpful to get any hints from the pros here.
Thank you in advance
hematose:
--- Quote from: zombie28 on July 21, 2013, 12:10:45 am ---
--- Quote from: zombie28 on July 20, 2013, 11:03:48 pm ---
--- Quote from: docmandu on July 20, 2013, 09:22:04 pm ---k=40228745953163121 (0x8EEBD4D04C3771)
--- End quote ---
Wow! :clap: Thanks for sharing! How did you found it?
--- End quote ---
I will answer myself: ECDLP Solver 0.2a found valid solution in 156ms on my computer!
Rigol engineers did really bad job with license keys protection...
--- End quote ---
I'm trying to read back in the thread to find out how the private keys for the DS1000Z were first found. I'm not sure if we need hardware access or to purchase a genuine key to test it against.
If only Cybernet were still in this thread.
Slappy_g:
--- Quote from: Bukurat on August 26, 2014, 10:41:44 am ---
--- Quote from: Macman on August 26, 2014, 08:15:44 am ---You are probably using 32 bit Linux with the 64bit version of the toolchain. Try the 32bit version of the toolchain blackfin-toolchain-2013R1_45-RC1.i386.tar.
--- End quote ---
That was it, Thanks.
Now its found the USB cable and has connected to the libftdi driver
I don't have it connected to the DSO yet so it's telling me that TDO seems to be stuck at 0. That's the same message I had with the win 7 setup and the ARM-USB-OCD connected to the DSO.
I'll plug it into the DSO tomorrow and see how far I get.
--- End quote ---
By the way, the stuck pin message is typically from people misinterpreting the USB device pin-outs and flipping it left-to-right.
Sent from my SM-N900T using Tapatalk
Slappy_g:
As requested, here's the step by step instructions for people like me who are not fans of Linux.
https://www.eevblog.com/forum/testgear/rigol-mso2000-series-hacking/msg498454/#msg498454
Sent from my SM-N900T using Tapatalk
DocSnyder:
Any news on the MSO1074Z-S ? I am considering changing it into a DS2000. But there is a new firmware out there: 00.03.01. Will the known Jtag method work on this firmware.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version