Sniffing the Rigol's internal I2C bus

[true]

Those are no menus These are Subs in the Firmware the Names are added from cybernet  read that post to 100% thén you will know

Is there an IDA database for grabbing somewhere?

no, but there is cybernet's sig and the ida bfin stuff posted in this thread.

After looking at it loading from the GEL is shit (am I right?), having a dump would be nice.

[DL5TOR]

Those are no menus These are Subs in the Firmware the Names are added from cybernet  read that post to 100% thén you will know

Is there an IDA database for grabbing somewhere?

no, but there is cybernet's sig and the ida bfin stuff posted in this thread.

After looking at it loading from the GEL is shit (am I right?), having a dump would be nice.

btw did you get my pm

[true]

no. don't see it.

[Carrington]

Could someone upload JTAG Dump of a DS2072?
Thanks.

[engr_rf]

[quote author=synapsis link=topic=17002.msg276813#msg276813 date=1376517256]
I was in another city trying to find a job (no luck) and my PMs blow up about cybernet's latest offering.

I don't have a DSA815, so the only way I could test this code is to compare the output to cybernet's Linux code using Dave's demo unit serial number from his video. So, this code is considered beta.

Edit: Oh yeah, this is the Windows version of the keygen with DS2000 and DSA800 generators.
[/quote]

Thank you Synapsis, Cybernet, and other contributors for your excellent work in decoding the license key algorithms and developing the keygen programs!

(Synapsis, if you haven't found work yet, have you considered applying to the appropriate government agencies for a position in cryptology? You have certainly demonstrated your abilities and the drive necessary to complete a task.)

Would it be possible (and practical) to develop license codes for Rigol's 'UltraSpectrum' program for the DSA815 that go beyond the 15 day free trial?

Thanks again. 

[true]

(Synapsis, if you haven't found work yet, have you considered applying to the appropriate government agencies for a position in cryptology? You have certainly demonstrated your abilities and the drive necessary to complete a task.)

He used the MIRACL library and basically copied the code from rigen.c, which was also mostly copied stuff by cybernet. Both readily admit ECC is hard shit and they don't understand it much, same goes for me

[synapsis]

(Synapsis, if you haven't found work yet, have you considered applying to the appropriate government agencies for a position in cryptology? You have certainly demonstrated your abilities and the drive necessary to complete a task.)

He used the MIRACL library and basically copied the code from rigen.c, which was also mostly copied stuff by cybernet. Both readily admit ECC is hard shit and they don't understand it much, same goes for me

My crypto-fu is minimal at best, RiGen is basically a Windows wrapper around cybernet's code. It's been years since I've taken my Applied Cryptography book off the shelf. My problem is that I'm a PLC developer in a city without industry.

[Boatanchor]

So, maybe I missed it buried deep within the last 60 odd pages, but was there actually a windows keygen to activate the options in the DSA-815TG?

[engr_rf]

Boatanchor, see Reply #955 on page 64 for RiGen-2b1.

[claude3386]

Tried RiGen-2b1 on the new MSO4000, works except that one of the option is not activated: "FlexRay Decode".
And I can't go back to the trial versions, even having selected the trial button in RiGen.

[cybernet]

can u post a screenshot (installed licenses) and let us know your used option code ? guess the number of options is then higher than our current maximum but a new option could should do the trick fine.

[claude3386]

It seems that the DSO4000 and MSO4000 series share the same license system.
Here is how I have setup Rigen:
http://atobit.com/wp-content/uploads/2013/08/Rigenv2b1.jpg
As the DSO/MSO4000 series are already fully loaded of options except the decode ones, it could be nice to have a interface just for those models.
Here is what I got on the MSO4014:
http://atobit.com/wp-content/uploads/2013/08/MSO4014_Options.jpg
The FlexRay decode is not activated AND the return to the trial versions doesn't work as well.
As you have mentioned, there are maybe some parameters that need to be adjusted.
I'd like to go back to the trial mode, so I could input the code for the options I purchased with the MSO.

[Uup]

You used the wrong code. The Windows keygen isn't setup for the 4000 series. You will need to work out the code. I posted the info that I worked out on my DS4024 back in post 713 on page 48. Check that table and work out what you want, or just try code BAA9 to turn on all the decode options.

Eg. Enter BAA9 in the code box in the Windows keygen, instead of the value already there, then generate the licence key.

[leafi]

Where did you get the MSO4014 from? I do not even see that on their website. Is that new?

[claude3386]

Thanks Uup! I'll try the proposed option code and I'll looked what you have published.

leafi, I'm living in China, the MSO4000 series is available here, you can get a unit within 4~5 weeks.

[zombie28]

Would it be possible (and practical) to develop license codes for Rigol's 'UltraSpectrum' program for the DSA815 that go beyond the 15 day free trial?

I think it's possible. UltraSpectrum binaries contain RigolRunTime.dll that exports two functions: CryptRigolVerifySetPublicKey and CryptRigolVerifyOptionsVerify. There is MIRACL library inside this DLL and - guess what - the same flawed ECC parameters as in DS/DSA firmware. There is reference to this DLL and its functions in RIGOL_DSA_Tools_UltraSpectrum_en.exe, but I don't have DSA815 to check what public key is being used by UltraSpectrum (I didn't find it as plaintext in executables). Alternatively it could be possible to modify CryptRigolVerifyOptionsVerify function so that it always returns TRUE.

[cybernet]

Would it be possible (and practical) to develop license codes for Rigol's 'UltraSpectrum' program for the DSA815 that go beyond the 15 day free trial?

I think it's possible. UltraSpectrum binaries contain RigolRunTime.dll that exports two functions: CryptRigolVerifySetPublicKey and CryptRigolVerifyOptionsVerify. There is MIRACL library inside this DLL and - guess what - the same flawed ECC parameters as in DS/DSA firmware. There is reference to this DLL and its functions in RIGOL_DSA_Tools_UltraSpectrum_en.exe, but I don't have DSA815 to check what public key is being used by UltraSpectrum (I didn't find it as plaintext in executables). Alternatively it could be possible to modify CryptRigolVerifyOptionsVerify function so that it always returns TRUE.

surprise surprise ;-)

[claude3386]

I comeback with the options setup on the MSO4014.
I use first BSAT options code: all options installed, including Flexray

I then tried to uninstall all options:
VSAT: said "Fail to install"
AAA9: said "Options installed" but didn't change previous official install
BAA9: same results as AAA9

Can't figure what options code to use to uninstall all options.

[alank2]

I comeback with the options setup on the MSO4014.
I use first BSAT options code: all options installed, including Flexray

Did you try DSA9 ?

[claude3386]

Just tried with DSA9, the device said the option is installed but no change, all options still activated.

[alank2]

Just tried with DSA9, the device said the option is installed but no change, all options still activated.

Are you trying to uninstall the license?  If so, you must use scpi to do this...

[claude3386]

Oh yes, I try to uninstall the license.
The procedure using scpi has been described in the thread?
Maybe this option: ":SYSTem:OPTion:UNINSTall"

[Dave]

One thousand replies in this thread!
I haven't been following too well... Are you guys planning on cracking the DG4000 series function generators as well?

[claude3386]

I'm back again with the options install/uninstall on a MSO4014.

As suggested, the scpi command ":SYSTem:OPTion:UNINSTall" uninstall all options, as well as the command ":SYSTem:OPTion:INSTall <license>" install the options.

All options can be installed with the BSAT and BAA9 options code. Did not yet tested others.

Thanks to all contributors for the help!

[Clint]

Another Big THANKYOU for all involved