Products > Test Equipment
Sniffing the Rigol's internal I2C bus
<< < (858/899) > >>
psysc0rpi0n:
Looks line I'm not lucky! I tried twice the memory dump right after the Rigol logo disappears and the Options screen show up but the generated keys are the same as before!
loaderr:
Yes, I found the same. FYI trial license is stored in memory starting at 0x43ee0058, you can dump if JTAG is still connected (small dump of 64Kb). Then run for some time and dump again - somewhere there should be counter that expires trial license. If we can roll it back trial will never expire :)

What I found so far is that option string is not decoded properly for some reason and on top of that public key is not decoded properly as well - trying to figure out why. Rigup does number of strange things that looks suspicious. If someone with knowledge why things were done in such way can contact me it would be really helpful.

In the mean time you can do a simple test - run rigup info with you trial license and see if it passes of fails - also check if options string is correct.
loaderr:
Good news guys - I was finally able to unlock my 1074.  :)
I can confirm that there are no good or bad images - all are good but there is a subtle bug in rigup (actually it's a bug in FW :) ) that leads to incorrect hash calculation - if you are unlucky. If your XXTEAKEY ends in couple or more zeros you will hit this bug for sure. Tested on 04.03.SP2.
I fixed rigup, who needs sources - please email me.

Big thanks to original developers of rigup - they probably spent many days creating it. It took me the whole weekend together with IDA and debugger to figure out why it doesn't work - Rigol FW is bloody convoluted.
psysc0rpi0n:

--- Quote from: loaderr on November 27, 2016, 10:21:38 am ---Good news guys - I was finally able to unlock my 1074.  :)
I can confirm that there are no good or bad images - all are good but there is a subtle bug in rigup (actually it's a bug in FW :) ) that leads to incorrect hash calculation - if you are unlucky. If your XXTEAKEY ends in couple or more zeros you will hit this bug for sure. Tested on 04.03.SP2.
I fixed rigup, who needs sources - please email me.

Big thanks to original developers of rigup - they probably spent many days creating it. It took me the whole weekend together with IDA and debugger to figure out why it doesn't work - Rigol FW is bloody convoluted.

--- End quote ---

My XXTEAKEY ends up in 000... So I'm affected by it, no? Is that rigup fix going to work to MSO1000 series?
janekivi:
I have made some memory dumps from DS1045Z when updating firmware and entering keys.
In my case most of stuff is driving randomly in memory. At the end are licenses and keys and
serial which are always at there. Somewhere I found 5 licenses, last was my DSER. They can
be trial licenses from factory. All said "License is already used" when I was trying to enter them.
So, they can't be entered again without deleting them from eeprom...
Navigation
Message Index
Next page
Previous page
There was an error while thanking
Thanking...

Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod