If we where to work on DS4k ... what would we do next?
We have the GEL files, are they enough or do we need JTAG dumps?
We have indications from GEL file (text strings for printing active options) that there are options for 200Mhz, 350Mhz, 500MHz, and "power analysis" that can be opened.
the DS4K keygen is also there if you read the thread then you will see (someware at page 30 +- 20). it is the same Pub-key as the 3k but the Option code is different but all dockumented somware in this thread)Yes but you can't change the bandwidth and add "power analysis" with the keygen for DS4k, just like cosmos mentioned.
I have read all the posts and threads about it, if I understand it, since the modification for the DS2072 seems to work also on the DS2072A,
I've seen no confirmation of that anywhere. Precisely the opposite, in fact.QuoteI want an oscilloscope for small home projects, and I would also buy a simple function generator (if possible also arbitrary), the DS2072A-S has them both.. But the thing that interests me most of all is the possibility to decode serial signals.
In that case, get the DS1074Z-S... it's a no-brainer. Cheaper than the DS2072A-S will be, available immediately, and known to work with the keygens. Way more than enough capability for "small home projects". The only constraint I'd mention there would be that if CAN protocol decoding is important to you, the 1074Z-S won't have it, and the 2072A-S will.
What is this "power analysis" I keep reading about in oscilloscopes? Does this just mean measuring the power through a 50-ohm load (input) or do you program in a resistance/impedance and it tells you what power 'would' be dissipated?
cybernet, do you think something similar is in DSxxxx series?
Anyone dump DSxxxx yet? If something like this exists on DSxxxx I can write a downgrader...
something is, probably in the internal filesystem - but not via CEN files unfortunatly.
A B C D
54321 54321 54321 54321
10000 000BB BBBBB x0000 FlexRay Decode or alternate option
10000 000BB BBBBB 0x000 CAN Decode or alternate option
10000 000BB BBBBB 00x00 I2C Decode or alternate option
10000 000BB BBBBB 000x0 SPI Decode or alternate option
10000 000BB BBBBB 0000x RS232 Decode or alternate option
i guess you could do it with python via LXI easily within a resonable timeframeYay... DS2302 (Randomly got it, I guess?) This is a DS2202 unit.
here is a little IDC script, that will try to convert anything that starts with "LINK" statement to a sub in IDA.
saves hours of stupid sub creation ...
Function at 4f276
Function at 4f298
Function at 4f2ba
Function at 4f34a
Function at 4f752
Function at 5007e
Function at 5048a
Function at 50bba
Function at 50c6c
Function at 50c96
Function at 50cbe
Function at 5134e
Function at 5d2f0
Function at ec5ea
Function at ec684
Function at ec694
Function at ec6e2
Function at ec732
Function at ec780
Function at ec8ca
Function at ec8fa
Function at ec92a
Function at ec968
Function at ec97a
Function at ec9b0
Function at ec9ca
Function at ec9dc
Function at ec9ee
Function at eca00
Function at eca12
Function at eca24
Function at eca34
Function at eca6c
Function at ecabc
Function at ecace
Function at ecae2
Function at ecb08
Function at ecb4e
Function at ecbee
Function at ecf02
Function at ecf26
Function at ecfb6
Function at ecfec
Function at ed002
Function at ed058
Function at ed070
Function at ed080
Function at ed090
Function at ed0ae
Function at ed0c2
Function at ed0d8
Function at ed10c
Function at ed280
Function at edf1e
Function at edf30
Function at edf42
Function at edf5e
Function at edf76
Function at edf8a
Function at edf9e
Function at edfb2
Function at edfc6
Function at edfd8
Function at edfea
Function at ee598
Function at ee5aa
Function at ee5be
Function at ee5ce
Function at ee5e0
Function at ee5f2
Function at ee604
Function at ee7e4
Function at ee7fa
Function at ee81a
Function at ee83c
Function at ee84c
Function at ee872
Function at ee88e
Function at f045e
Function at f04e8
Function at f0cb4
Function at f131c
Function at f26ba
Function at f26e6
Function at f2712
Function at f30d2
Function at f33be
Function at f3422
Function at f343a
Function at f3450
Function at 10c562
Function at 10c7b4
Function at 10cb0c
Function at 10d2ec
Function at 10d974
Function at 10d98e
Function at 10dede
Function at 10dfce
Function at 10dfea
Function at 10dffa
Function at 10e0d2
Function at 10e166
Function at 10e2dc
Function at 10e316
Function at 10e3d2
Function at 10ebd4
Function at 10ebea
Function at 22db4e
Function at 22df00
Function at 22f6f6
Function at 22f75c
Function at 22f7fc
Function at 22f81e
Function at 22f88e
Function at 22fc4e
Function at 23006a
Function at 230144
Function at 230476
Function at 2304f4
Function at 230564
Function at 230cde
Function at 230f94
Function at 2362ca
Function at 23919e
Function at 2391f8
Function at 2392e0
Function at 23aeb0
Function at 23aee6
Function at 23b0b6
Function at 23b16e
Function at 23b358
Function at 23b36e
Function at 23b75c
Function at 23d78a
Function at 23d882
Function at 24b8de
Function at 24bd8c
Function at 24beec
Function at 24c6ee
Function at 24c91a
Function at 24ca4e
Function at 24cc0a
Function at 24ccc6
Function at 251852
Function at 251890
Function at 2518be
Function at fd1bf0
Yay... DS2302 (Randomly got it, I guess?) This is a DS2202 unit.Did it say DS2302 when you received it, or what did you do to change it from DS2202 to DS2302?
Yay... DS2302 (Randomly got it, I guess?) This is a DS2202 unit.Did it say DS2302 when you received it, or what did you do to change it from DS2202 to DS2302?
http://riglol.3owl.com is online again. Not sure why it was down.
DDOS attack (IP Nullrouted)http://riglol.3owl.com is down again.
I have set up some storage on my server for files related to this "investigation", including SPI traffic captures and an I2C dump.
http://gotroot.ca/rigol/
I can host too if a mirror is needed
Questions
1. Should I first update to FW 00.01.01.00.02 and then hack the options or the other way around?
2. What is the best option hack tool to use (RiGen 1v/v2, RigLol, dstool, other)?
I use Windows but we have a MAC too. I do not want the serial# set too ....00000001
3. In case I ever need to return the DSO for repair, how to set all options to 'Expired'?
I read somewhere that some tools cause a serial# ....00000001. Is the tool at that site safe to use?
I'm not familiar with the SCPI-tool. Where can I find it?
I have a feeling that the >200MHz BW is a hardware version limited upgrade.
Ie. I am unable to replicate the results with the following variables:
Base (real) model: DS2202
SW: 00.01.01.00.02
HW: 1.0.1.0.0
FPGA:
SPU: 03.01.05
WPU: 00.06.05
CCU: 12.29.00
MCU: 00.05
Private key used: 8EEBD4D04C3771
Option code: DSAZ
Good point
I am not sure where I am going wrong then .. I am following the "instructions" to the T and I have yet to achieve the same results.
Perhaps it is just a lucky key?
Has anyone else had any promising results?
I've set a mirror up for both sites above.
Mirrors are updated twice a day but only adding/updating new files so no worry about server impact.
http://rigol.avotronics.co.uk
If site owners have issue with this I'll gladly take them down. Just pm me your woes.
Cheers
Danny
We at 3owl.com offer 100% Free Php Web Hosting. Unlimited Disk and Bandwidth.
Click Signup Now to Get Started!
I've set a mirror up for both sites above.
Mirrors are updated twice a day but only adding/updating new files so no worry about server impact.
http://rigol.avotronics.co.uk
If site owners have issue with this I'll gladly take them down. Just pm me your woes.
Cheers
Danny
Just added your RigLOL mirror site to my step-by-step guide here: https://www.eevblog.com/forum/testgear/sniffing-the-rigol's-internal-i2c-bus/msg324768/#msg324768
Btw. what happens if it mirrors http://riglol.3owl.com while it's down at redirects to this 3owl landing page:Quote
We at 3owl.com offer 100% Free Php Web Hosting. Unlimited Disk and Bandwidth.
Click Signup Now to Get Started!Will it mirror the landing page or keep the original while it's down?
I've set a mirror up for both sites above.
Mirrors are updated twice a day but only adding/updating new files so no worry about server impact.
http://rigol.avotronics.co.uk
If site owners have issue with this I'll gladly take them down. Just pm me your woes.
Cheers
Danny
Just added your RigLOL mirror site to my step-by-step guide here: https://www.eevblog.com/forum/testgear/sniffing-the-rigol's-internal-i2c-bus/msg324768/#msg324768
Btw. what happens if it mirrors http://riglol.3owl.com while it's down at redirects to this 3owl landing page:Quote
We at 3owl.com offer 100% Free Php Web Hosting. Unlimited Disk and Bandwidth.
Click Signup Now to Get Started!Will it mirror the landing page or keep the original while it's down?
I've just shortened the riglol mirror slightly, you'd better update it on the other page, its: http://rigol.avotronics.co.uk/riglol