Products > Test Equipment

Sniffing the Rigol's internal I2C bus

<< < (807/899) > >>

smgvbest:

--- Quote from: longview on September 27, 2015, 04:19:08 pm ---FRAM can be read out over USB/Network, at least part of it.

I use Rigol Bildschirmkopie to send commands, mostly for convenience:
:SYST:FRE? 0,1048576
:SYST:FRE? 1048576,1048576
:SYST:FRE? 2097152,1048576
:SYST:FRE? 3145728,1048576

I've got an Atmel ICE coming soon, can I use the JTAG in that to do an SDRAM dump?

--- End quote ---

FTI

Tha'ts a SDRAM dump not a fram dump.    the first 8M of memory in the Blackfin is from 0000 0000 - 007F FFFF and only 4M is used.  the 2nd 4M is a copy of the first 4.

FRAM is not memory mapped into the address space of blackfin from what I can tell.  the FRAM is a I2C device and would have to be read out directly    Howardlong can correct me if I'm wrong

If someone can get me the first 4Mb of SDRAM using this commands who has a boot 1.03 It would help allot.
:SYST:FRE? 0,1048576
:SYST:FRE? 1048576,1048576
:SYST:FRE? 2097152,1048576
:SYST:FRE? 3145728,1048576

you can save each memory block then combine them at either a dos prompt or linux commandline and let me know how to get it
right now I've dumped 1.14 with boot 1.04 and looking at it I see nothing that look like the same eye catchers
rigup used this
      0      02 00 84 00 10 00
      6      <16 bytes of XXTEAKey>
     22      20 00
     24      <16 bytes of RC5Key1>
     40      <16 bytes of RC5Key2>
     56      08 00
     58      <8 bytes of bit-shuffled ECC public key>
     66      40 00
     68      <64 bytes of some ASCII-HEX data>
    132      <END>

for the MSO1000Z the only change was offset zero for the eye catcher
      0      01 00 84 00 10 00
then a change to how things are encrypted.

I see nothing like that in the dump I have so they could have simple bit shifted things to scramble them for example.
That's why I want to see a dump of boot 1.03 SDRAM



MiataMuc:
pm

smgvbest:

--- Quote from: MiataMuc on September 28, 2015, 07:00:47 pm ---pm

--- End quote ---

Thank you.   this confirms to me that the keys for the DSA815 where found in another manner.  the eye catchers are not there in your dump or mine with V1.14 and boot 1.04 which means to me they where found in another way

Orange:

--- Quote from: smgvbest on September 29, 2015, 12:48:46 am ---
--- Quote from: MiataMuc on September 28, 2015, 07:00:47 pm ---pm

--- End quote ---

Thank you.   this confirms to me that the keys for the DSA815 where found in another manner.  the eye catchers are not there in your dump or mine with V1.14 and boot 1.04 which means to me they where found in another way

--- End quote ---
On the DS2000 the change came when a new hardware revision was introduced. With new hardware on the DS2000A RIGOL also introduced customized encryption parameters for each unit. Perhaps they did the same on the DS815. I don't think the boot code plays a role here, apart from the fact that you cannot downgrade.

Have you tried scanning the dumps for license keys with 'rigup search [KEYFILE] DUMPFILE'

BTW on a DS2000A you need at least 32Meg to get results

smgvbest:

--- Quote from: Orange on September 29, 2015, 08:42:18 am ---
--- Quote from: smgvbest on September 29, 2015, 12:48:46 am ---
--- Quote from: MiataMuc on September 28, 2015, 07:00:47 pm ---pm

--- End quote ---

Thank you.   this confirms to me that the keys for the DSA815 where found in another manner.  the eye catchers are not there in your dump or mine with V1.14 and boot 1.04 which means to me they where found in another way

--- End quote ---
On the DS2000 the change came when a new hardware revision was introduced. With new hardware on the DS2000A RIGOL also introduced customized encryption parameters for each unit. Perhaps they did the same on the DS815. I don't think the boot code plays a role here, apart from the fact that you cannot downgrade.

Have you tried scanning the dumps for license keys with 'rigup search [KEYFILE] DUMPFILE'

BTW on a DS2000A you need at least 32Meg to get results

--- End quote ---

Yes I did,  I also tried a 8MB dump on mine and neither found anything.   I also tried dumping over SCPI the first 32Meg and it could not find anything either

Navigation

[0] Message Index

[#] Next page

[*] Previous page

There was an error while thanking
Thanking...
Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod