Products > Test Equipment
Sniffing the Rigol's internal I2C bus
Daruosha:
What I'm concerned about is the possibility of a successful memory dump and keys extraction with the lastes published firmware. It seems i have to try it myself rather than relying on other experiences. Having all options worths loosing the warranty (i don't have the patience to peel off the warranty label properly), but loosing warranty and gaining nothing is not the best option i guess.
However, i think I'm going to take the risk and let it go as an experience.
In the men time I'd appreciate any suggestions and recommendations :-)
TurboTom:
Peeling off the sticker really isn't troublesome at all if you gently heat it with a hair dryer or a reflow hot air blower at low low temperature setting (<100°C). This softens the glue of the sticker so much that wax paper (or whatever that stuff is called that nothing sticks to) more or less just slides underneath it. A job of a minute or so.
Cheers,
Tom
Daruosha:
Guess what?!?!
I took apart the scope and found the JTAG pin headers on the main board were gone. Just 10 unpopulated solder pads :( DAMN :(
qwertymodo:
It's not hard to solder on a standard 2x5x0.1" pin strip, or just get a press-fit header from Samtec.
Sent from my m8wl using Tapatalk
Spinwing:
--- Quote from: Daruosha on November 01, 2016, 07:10:49 pm ---Guess what?!?!
I took apart the scope and found the JTAG pin headers on the main board were gone. Just 10 unpopulated solder pads :( DAMN :(
--- End quote ---
I just went through the process of unlocking everything on my MSO1104Z-S here, and I found the same thing when I opened it up. I ended up soldering in a header, but it does take a little bit of work since you have to fully disassemble the scope. And no point bothering to keep the warranty sticker after that :)
However the process worked fine. I used an Altera USB Blaster clone I got from eBay, wired it up according the JTAG pinouts specified here:
https://www.altera.com/content/dam/altera-www/global/en_US/pdfs/literature/ug/ug_usb_blstr.pdf
For reference, here are the USB blaster pin assignments for JTAG mode:
USB Blaster PinSignal1TCK2GND3TDO4VCC5TMS6N/C7N/C8N/C9TDI10GND
When I was hooking it up I just ignored any signals that aren't on that list.
I used OpenOCD 0.9.0 on Windows. My scope had firmware 4.03.SP2 installed, and I still had some time left on the feature trial licenses so I just halted the processor while the trial time remaining screen was showing and dumped the image.
I got bored after about an hour and wanted to see if I was getting anything, so I stopped the process with about 16MB dumped and used rigup 0.4.1 (the mso1000z version, no patches or anything applied). It found the keys and the generated license worked fine.
As a side note, I briefly tried building and running rigup using the bash shell support in Windows 10, but it faulted with a failed assertion that I didn't look into. Instead I built it in Visual Studio and it ran fine with just a couple of very minor tweaks to change a couple of POSIX specific calls.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version