Products > Test Equipment

Sniffing the Rigol's internal I2C bus

<< < (812/899) > >>

omegat:
Hi guys,

I just successfully dumped and unlocked my brand new MSO1104Z-S! Thank you all for your outstanding work!!

I did some things differently, namely I did not use openOCD (simply because I couldn't be bothered to actually make it
work with Win7 and my JLink...). So I opted for Jlink Commander (which is nice because it auto-detects the target -
and I had it installed anyway...) using the following commands:
h     /* for HALT (the Target)*/
speed 4800     /* pimp the JTAG frequency to 4.8MHz, you can probably go even higher, but my cable was a bit long...*/
savebin <yourfilename.bin> 0x40000000 0x3FFFFFF    /*actually dump 64MB of Firmware; it took less than ~ 5 Minutes*/
g    /*GO?? -> resumes target*/

Next thing was a problem with rigup: I kept getting segfaults. After some rigorous searching, I found that it had to do with some statically linked (??) libraries. The there mentioned fix worked (Ubuntu 15.10): Remove all LDFLAGS except -O2: LDFLAGS  := -O2
It then compiled nicely and successfully generated the magic letters...

Thanks again, keep up the awesome work!!
Tobi

smgvbest:
zapping a memory location with a serial would to seem to be easier than getting the bootloader downgraded. 
Only way I can think is the program the bootloader directly bypassing rigols loader.   I've actually asked that as well.
if anyone knows if the bootloader gel file can be programmed directly using JTAG.   Have not hear any reply to that either.

the original people who found the private keys have not appeared to express interest in working through this again.  cybernet did post some information to help and I'm thankfull for his help.





--- Quote from: ted572 on November 03, 2015, 11:49:38 pm ---  Re: Sniffing the Rigol's internal I2C bus
« Reply #4063 on: Today at 06:54:27 PM »

I think that the easiest thing to do would be to replace BootLoader .04 with .03 (not that this will necessarily be that easy to do) although it seems like it could be done, and I would think easier than figuring out how to crack the new FW.  Then you would be able to use Riglol Keygen 1.03c or 1.03d to generate the Option codes.

I previously posted in the EEVblog 'DSA815 Spectrum Analyzer' thread on how to downgrade the FW when you have BootLoader .02 or .03.  And BTW I have .14 FW installed, and because I have BootLoader .03 I can still downgrade back to .06 FW and use the Keygen successfully.  And then of course reinstall .14 FW.

Suggestion:  You may want to check who the DSA815 FW gurus are and ask them via PMs for advice on how to/what to look for/etc.  Although, now and then some new guy shows up with actual answers to things like this, but not very often.  That is why I would go to the guys here that have done these things before with the DSA815.

Good Luck and Cheers. . .

--- End quote ---

9a4wy:
Just an update...
My dsa-815tg came with FW 01.09.

Model : DSA815Serial Number : DSA8A144xxxx


Version of Main Board : 00.04
Version of Radio Frequency Board FPGA : 00.05

Version of Digital Board FPGA : 00.04

Version of Firmware : 00.01.09
Version of Boot : 00.01.02
I tried to downgrade to FW 00.01.08.03 and then install all keys...all keys accepted.
then back to 00.01.09 and all keys dissapear!
installing official key for TG restores normal operation.
Is there any other way to upgrade and keep the keys??? It's strange because I have boot 00.01.02.
Did I do something wrong???Maybe trying to downgrade to 01.06 and repeat all???
please info..tnx
K

McBryce:
Did you cycle the power before you upgraded back up to 1.09?

McBryce.

9a4wy:
yes.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

There was an error while thanking
Thanking...
Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod