| Products > Test Equipment |
| Sniffing the Rigol's internal I2C bus |
| << < (869/899) > >> |
| edgelog:
Maybe, but it did have me worried for a while. I think maybe the solution would be for rigup to accept 0x01 and 0x02 in that sequence. It's unique anyway. |
| mightyzen:
--- Quote from: cybernet on June 02, 2013, 10:42:29 pm ---doing that since about a week or so - but the discovered TWI functions so far a slave mode, not master mode - a lot of stuff is happening via DMA transfers to from the fpga (assumption). they use VDK and threads, which makes reversing a pain in the ass, 8k subs, thousands of pointers ... im slowly approaching the right subs. if anyone has ida with the blackfin cpu from rigol homebrew, im happy to share my custom GEL loader, and IDA DB. --- End quote --- Any one got that IDA DB (*.idb) from Cybernet back in 2013? |
| Blisk:
Is there a list which oscilloscope is hackable and can be upgraded?? |
| lifeclock:
Just want to confirm the hack still works on the scope below with a raspberry pi as the JTAG probe. DS1074z-Plus Software Version: 00.04.04.SP1 Board Version: 6.1.4 The jtag connector was missing on my board so I had to solder a connector in. Memory dump took 4-5 hours, but beats spend money and waiting on shipping for a proper jtag probe. Steps Followed * Setup a raspberry pi with RASPBIAN JESSIE LITE (https://www.raspberrypi.org/downloads/raspbian/). * Install OpenOCD on raspberry pi following adafruits tutorial (https://learn.adafruit.com/programming-microcontrollers-using-openocd-on-raspberry-pi/overview) * Take apart the scope and add the jtag connector. * Followed this info from user arobincaron in this post (https://www.eevblog.com/forum/testgear/sniffing-the-rigol's-internal-i2c-bus/4325/?action=post;last_msg=1193447) --- Quote from: arobincaron on June 05, 2016, 07:08:12 pm ---To figure out how to connect the Raspberry Pi GPIO pins to the scope JTAG port I used info from the article above, the scope JTAG information in https://www.eevblog.com/forum/testgear/sniffing-the-rigol's-internal-i2c-bus/msg720691/#msg720691, reviewed the sysfsgpio-raspberrypi.cfg interface file and http://pinout.xyz/pinout/uart. Here's what I came up with: JTAG signalScope Header PinPi GPIO SignalPi Header PinTCK11123TMS32522TDI51019TDO4921TRST71126Gnd8Gnd25 I used very short cables (~6 inches) and quadrupled checked my connections as I was a bit paranoid about wrecking the scope processor. You should verify yours too :) I started openocd using the following command line: openocd -d2 -f interface/sysfsgpio-raspberrypi.cfg -f target/imx28.cfg I installed telnet (sudo apt-get install telnet) and connected to openocd using: telnet localhost 4444 --- End quote --- * Followed these instrutions from user smgvbest --- Quote from: smgvbest on December 16, 2014, 03:42:17 am ---Once I had the console typed Code: halt dump_image mso1074zs.bin 0x40000000 0x3FFFFFF --- End quote --- * Get rigup on your raspberry pi from this post --- Quote from: loaderr on November 28, 2016, 11:57:55 pm ---Hi all, I uploaded fixed rigup sources to https://www.dropbox.com/sh/1yrh8s90ityn90s/AAA6PXlJk9gGQwoDOwO6TDQua?dl=0, feel free to use. There are still some bugs as psysc0rpi0n was unable to unlock so far so use cautiously :) I did some investigation how licenses are stored and it looks like they just programmed to flash and never erased. On startup FW scans all of them to decide which one to use. As longs as rigup works no need to worry about trials. --- End quote --- * Follow this youtube video starting at 9:58 to build the rigup source code and generate license codes https://youtu.be/OvcGn_ScG5w?t=598 Good luck! And thanks to everyone that made this possible! |
| kattyil:
Good day everyone, my DSA-815TG runs with the current Firmware 1.18 under Hardware 0.04 and boot loader 1.03. Generating keys with RIGLOL and activating the same under 1.18 works perfectly fine, the 10Hz RBW option was accepted but obviously has no effect as this option is available per default these days. All other options except for the last one are active as expected. The new option SSC-DSA is shown as inactive and has no trial license. Experimenting with code AAAG in Riglol has no effect. Any thoughts? Where does the code sequence (AAAE or SAAE come from?) Raj |
| Navigation |
| Message Index |
| Next page |
| Previous page |