Author Topic: Unlocking Siglent SDS1104X-E, step by step  (Read 15418 times)

0 Members and 2 Guests are viewing this topic.

Offline Fungus

  • Super Contributor
  • ***
  • Posts: 9290
  • Country: 00
Unlocking Siglent SDS1104X-E, step by step
« on: September 01, 2018, 04:06:03 am »
This is an unofficial guide on how to unlock 200Mhz bandwidth on SDS1104X-E oscilloscopes, effectively turning them into SDS1204X-Es.

The steps are: (courtesy of user SMB74)

Here was my process

1.) Format a USB flash drive to FAT32

2.) Load the flash drive with the SDS1004X-E Firmware (4-Channel Model) - 6.1.25R2 (Release Date 06.29.18) by downloading it from the Siglent website and unzipping it onto the flashdrive.

3.) Once the file is loaded, install the firmware onto the oscilloscope by following the instructions in the PDF included in the firmware zip file.  Verify the correct firmware version is installed using the menus within the Utility button, and take note of the model number (should read SDS1104X-E)

4.) Once the firmware has been installed on the scope, reformat the flash drive to FAT32 and unzip the SDS1004X-E Operating System-V1 (Only For 4-Channel ) (Release Date 06.26.18) after downloading it from the Siglent website.

5.) Install the software update onto the oscilloscope by following the instructions in the PDF included in the firmware zip file.  Reboot the scope and verify the correct software version is installed using the menus within the Utility button.

6.) Download the custom operating system file that possesses the known telnet password.  Unzip it onto a USB drive and install it just as you installed the stock software file from the Siglent website.  NOTE: Some computers do not correctly load the software file onto the USB drive, thus preventing the scope from updating from the stock software to the custom software.  I have experienced this problem personally.  If this occurs, try loading it onto the USB from a different computer.  I had success using a Raspberry Pi to load the custom software onto the USB.

7.) After installing the custom software, plug the oscilloscope into your router with an ethernet cable, and telnet into the scope on port 23. MOst operating systems have a built-in telnet client, try opening a command shell and type "telnet". If that doesn't work then you may have to install a third party client like "PuTTY".

User: root
Password: eevblog

8.) Once in the scope via telnet, execute the following commands:

mount -o remount,rw ubi2_0 /usr/bin/siglent/firmdata0
cd /usr/bin/siglent/firmdata0
mv bandwidth.txt bandwidth.bak
sync

9.) Reboot the scope (eg. by typing "shutdown -r now") and verify that the model number displayed in the Utility button menus has been updated to show an SDS1204X-E

Now the scope should have 200MHz bandwidth.

EDIT: Thanks ian.ameline for the link to a download source for the custom software. I have updated step 6 with this information.
« Last Edit: September 02, 2018, 08:31:53 pm by Fungus »
 
The following users thanked this post: jacknife

Offline gedong

  • Contributor
  • Posts: 18
  • Country: id
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #1 on: September 01, 2018, 04:13:41 am »
 

Online BillB

  • Frequent Contributor
  • **
  • Posts: 425
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #2 on: September 01, 2018, 05:58:56 am »
Ian posted the most concise instructions for the bandwidth upgrade in that thread:

1. Update with the OS update with the known root password.

2. telnet to the scope, and log in as root.

3. Execute these commands:
   mount -o remount,rw ubi2_0 /usr/bin/siglent/firmdata0
   cd /usr/bin/siglent/firmdata0
   mv bandwidth.txt bandwidth.bak

4. Reboot

I don't think there has been a definitive consensus on unlocking the other options without option codes?
« Last Edit: September 01, 2018, 06:10:47 am by BillB »
 

Offline tautech

  • Super Contributor
  • ***
  • Posts: 14051
  • Country: nz
  • Taupaki Technologies Ltd. NZ Siglent Distributor
    • Taupaki Technologies Ltd.
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #3 on: September 01, 2018, 06:12:12 am »
plus a video will be great.


start from here from what i observe.
https://www.eevblog.com/forum/testgear/siglent-sds1204x-e-released-for-domestic-markets-in-china/msg1612639/#msg1612639
Yep like that and similar for SSA too.(mentioned in SSA hack thread)
There are other/better ways too.  :-X
« Last Edit: September 01, 2018, 06:31:06 am by tautech »
Avid Rabid Hobbyist
 

Offline Fungus

  • Super Contributor
  • ***
  • Posts: 9290
  • Country: 00
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #4 on: September 01, 2018, 06:36:53 am »
Ian posted the most concise instructions for the bandwidth upgrade in that thread:

1. Update with the OS update with the known root password.

a) Which you get.... where?
b) How do you install it?

2. telnet to the scope, and log in as root.

a) Telnet port #?

3. Execute these commands:
   mount -o remount,rw ubi2_0 /usr/bin/siglent/firmdata0
   cd /usr/bin/siglent/firmdata0
   mv bandwidth.txt bandwidth.bak

4. Reboot

Is that definitively all it takes? I've read a few places that there's some weird aliasing at high frequencies that isn't in the real 200Mhz version of the 'scope, that maybe something else needs tweaking.

To me it seems weird that you'd hide the bandwidth.txt file instead of modifying it (if I were a Siglent firmware writer I'd default to low bandwidth when the file is missing)

I don't think there has been a definitive consensus on unlocking the other options without option codes?

You mean the "software" part of the AWG, MSO and WiFi options?

 

Offline SMB784

  • Regular Contributor
  • *
  • Posts: 165
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #5 on: September 01, 2018, 06:37:10 am »
Here was my process

1.) Format a USB flash drive to FAT32

2.) Load the flash drive with the SDS1004X-E Firmware (4-Channel Model) - 6.1.25R2 (Release Date 06.29.18) by downloading it from the Siglent website and unzipping it onto the flashdrive.

3.) Once the file is loaded, install the firmware onto the oscilloscope by following the instructions in the PDF included in the firmware zip file.  Verify the correct firmware version is installed using the menus within the Utility button, and take note of the model number (should read SDS1104X-E)

4.) Once the firmware has been installed on the scope, reformat the flash drive to FAT32 and unzip the SDS1004X-E Operating System-V1 (Only For 4-Channel ) (Release Date 06.26.18) after downloading it from the Siglent website.

5.) Install the software update onto the oscilloscope by following the instructions in the PDF included in the firmware zip file.  Reboot the scope and verify the correct software version is installed using the menus within the Utility button.

6.) Download the custom operating system file that possesses the known telnet password.  Unzip it onto a USB drive and install it just as you installed the stock software file from the Siglent website.  NOTE: Some computers do not correctly load the software file onto the USB drive, thus preventing the scope from updating from the stock software to the custom software.  I have experienced this problem personally.  If this occurs, try loading it onto the USB from a different computer.  I had success using a Raspberry Pi to load the custom software onto the USB.

7.) After installing the custom software, plug the oscilloscope into your router with an ethernet cable, and telnet into the scope on port 23 using the known password.

8.) Once in the scope via telnet, execute the following commands:

mount -o remount,rw ubi2_0 /usr/bin/siglent/firmdata0
cd /usr/bin/siglent/firmdata0
mv bandwidth.txt bandwidth.bak

9.) Reboot the scope, and verify that the model number displayed in the Utility button menus has been updated to show an SDS1204X-E

Now the scope should have 200MHz bandwidth.  I have verified that mine possesses this bandwidth using a very reliable, stable signal generator (Fluke 6061A)

EDIT: Thanks ian.ameline for the link to a download source for the custom software. I have updated step 6 with this information.
« Last Edit: September 01, 2018, 07:28:36 am by SMB784 »
"Anything will lase if you hit it hard enough."

-Arthur L. Schawlow
 
The following users thanked this post: nicolasg

Offline ian.ameline

  • Regular Contributor
  • *
  • Posts: 55
  • Country: ca
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #6 on: September 01, 2018, 06:52:18 am »
The OS with the known password can be found here; https://www45.zippyshare.com/v/SEUJEWE1/file.html

The instructions above are accurate.
 

Offline ian.ameline

  • Regular Contributor
  • *
  • Posts: 55
  • Country: ca
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #7 on: September 01, 2018, 06:56:13 am »
Ian posted the most concise instructions for the bandwidth upgrade in that thread:

1. Update with the OS update with the known root password.

a) Which you get.... where?
b) How do you install it?

2. telnet to the scope, and log in as root.

a) Telnet port #?

3. Execute these commands:
   mount -o remount,rw ubi2_0 /usr/bin/siglent/firmdata0
   cd /usr/bin/siglent/firmdata0
   mv bandwidth.txt bandwidth.bak

4. Reboot

Is that definitively all it takes? I've read a few places that there's some weird aliasing at high frequencies that isn't in the real 200Mhz version of the 'scope, that maybe something else needs tweaking.

To me it seems weird that you'd hide the bandwidth.txt file instead of modifying it (if I were a Siglent firmware writer I'd default to low bandwidth when the file is missing)

I don't think there has been a definitive consensus on unlocking the other options without option codes?

You mean the "software" part of the AWG, MSO and WiFi options?

- You install the OS just like you'd install the one you got from SIGLENT -- just follow their instructions

- The telnet port is the default one telnet uses -- just telnet to the ip address of the scope.

- Yes, that is all it takes. Others have confirmed that the bandwidth is increased.

- It looks to me like the scope is deliberately designed to be hackable. It would be very easy for it to have been much harder. It is not. It is *very* easy.
 

Offline PhilipPeake

  • Contributor
  • Posts: 45
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #8 on: September 01, 2018, 08:37:16 am »
Does this work for the SDS1102X ?
Presumably it would need different hacked software?
 

Offline Fungus

  • Super Contributor
  • ***
  • Posts: 9290
  • Country: 00
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #9 on: September 01, 2018, 05:30:41 pm »
- You install the OS just like you'd install the one you got from SIGLENT -- just follow their instructions

- The telnet port is the default one telnet uses -- just telnet to the ip address of the scope.

Nice attitude.

Other 'scopes have different ports, I just want the port used by Siglent to be written down clearly (which you've failed to achieve).

- Yes, that is all it takes. Others have confirmed that the bandwidth is increased.

Nobody's doubting the bandwidth increases but some people claim to have noticed weird aliasing or that the capacitors are different.

Those problems might be just the probes. It's reasonably well known that cheap-ass probes start to go to hell around 250MHz and one of the differences between the two models is that you get much better probes with the 200MHz version.

If it is the probes then a new set of probes should probably be thrown into the upgrade mix, that puts the price of the "hacked" version up by $100.

Food for thought, yes?

- It looks to me like the scope is deliberately designed to be hackable. It would be very easy for it to have been much harder. It is not. It is *very* easy.

How do you explain the fact that the 'scope is only eight months old but you already need to download old firmwares to be able to do it, that newer firmwares don't work? What happens if Siglent decides to encrypt that file and make it default to 50Mhz when it's missing? It is *very* easy to make it much harder. :popcorn:

(and what happens when Siglent removes that old firmware from their web site?)

PS: Nowhere near as easy as a Rigol (neener neener).
« Last Edit: September 02, 2018, 08:30:45 pm by Fungus »
 

Offline rf-loop

  • Super Contributor
  • ***
  • Posts: 2885
  • Country: fi
  • Starting with DLL21
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #10 on: September 01, 2018, 05:50:51 pm »
Quote
3. Execute these commands:
   mount -o remount,rw ubi2_0 /usr/bin/siglent/firmdata0
   cd /usr/bin/siglent/firmdata0
   mv bandwidth.txt bandwidth.bak

4. Reboot

Even when this particular case do not need but with bit expensive way in history I have learned that after editing it is good practice to use sync command before shut down.
I'm, not at all linux expert (far away) so I can not my self think when it is important exactly and when not, so I use it nearly always. In some cases it is extremely important, in some cases perhaps not so important and always we can try walk with just trusting good luck.

3. Execute these commands:
   mount -o remount,rw ubi2_0 /usr/bin/siglent/firmdata0
   cd /usr/bin/siglent/firmdata0
   mv bandwidth.txt bandwidth.bak
   sync

4. Reboot

Perhaps some who really know could take position to this with reasoning.
If practice and theory is not equal it tells that used application of theory  is wrong or the theory itself is wrong.
It is much easier to think an apple fall to the ground than to think that the earth and the apple will begin to move toward each other and collide.
 

Offline Fungus

  • Super Contributor
  • ***
  • Posts: 9290
  • Country: 00
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #11 on: September 01, 2018, 05:56:33 pm »
Even when this particular case do not need but with bit expensive way in history I have learned that after editing it is good practice to use sync command before shut down.

Linux knows how to do a sync before a soft reboot but the word "reboot" is ambiguous, yes. Some people might power-cycle it instead of typing "shutdown -r" at the command line.

(take note, ian.ameline).
 

Offline rf-loop

  • Super Contributor
  • ***
  • Posts: 2885
  • Country: fi
  • Starting with DLL21
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #12 on: September 01, 2018, 06:11:55 pm »
Even when this particular case do not need but with bit expensive way in history I have learned that after editing it is good practice to use sync command before shut down.

Linux knows how to do a sync before a soft reboot but the word "reboot" is ambiguous, yes. Some people might power-cycle it instead of typing "shutdown -r" at the command line.

(take note, ian.ameline).
Just because this bolded...
If practice and theory is not equal it tells that used application of theory  is wrong or the theory itself is wrong.
It is much easier to think an apple fall to the ground than to think that the earth and the apple will begin to move toward each other and collide.
 

Offline rf-loop

  • Super Contributor
  • ***
  • Posts: 2885
  • Country: fi
  • Starting with DLL21
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #13 on: September 01, 2018, 06:33:40 pm »
- You install the OS just like you'd install the one you got from SIGLENT -- just follow their instructions

- The telnet port is the default one telnet uses -- just telnet to the ip address of the scope.

Nice attitude.

Other 'scopes have different ports, I just want the port used by Siglent to be written down clearly (which you've failed to achieve).


If some scope manufacturer do not follow RFC854 about Telnet protocol it is they own problem.
It is clearly stated in RFC854 page 15.  L=23

If practice and theory is not equal it tells that used application of theory  is wrong or the theory itself is wrong.
It is much easier to think an apple fall to the ground than to think that the earth and the apple will begin to move toward each other and collide.
 

Offline Fungus

  • Super Contributor
  • ***
  • Posts: 9290
  • Country: 00
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #14 on: September 01, 2018, 06:52:35 pm »
If some scope manufacturer do not follow RFC854 about Telnet protocol it is they own problem.
It is clearly stated in RFC854 page 15.  L=23

I don't think "RTFM!" should be used in a "step by step" guide - this is the FM.
 

Offline bugi

  • Regular Contributor
  • *
  • Posts: 182
  • Country: fi
  • Hobbyist using the ultra slow and unsure method
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #15 on: September 01, 2018, 08:35:47 pm »
If some scope manufacturer do not follow RFC854 about Telnet protocol it is they own problem.
It is clearly stated in RFC854 page 15.  L=23

I don't think "RTFM!" should be used in a "step by step" guide - this is the FM.
Yes, and if this FM would not mention port, then obviously, the less than experienced user would not write it in the command either, so the command ends up using the default port, which thus works. A more experienced user would already know that if the port is the default, it is typically left out from instructions, (and that if it is not default, it is shown). Thus, the earlier version without the port number was quite sufficient, and this nitpicking about port number is just that, useless nitpicking.

Otherwise  :-+, points for making the push to get those instructions done clearly in one place, instead of the typical spread of bits and pieces in here and there over 3 threads and 10 pages among all the other messages. Certainly makes it easier than before.
 

Offline rf-loop

  • Super Contributor
  • ***
  • Posts: 2885
  • Country: fi
  • Starting with DLL21
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #16 on: September 01, 2018, 09:14:56 pm »
Sometimes it is easy forget that not all peoples have used telnet at 80's ;)
So it is perhaps good to tell (but also most of good telnet client do it as default, as example many times recommended PuTTY or just plain  puttytel.exe (a Telnet-only client) )
If practice and theory is not equal it tells that used application of theory  is wrong or the theory itself is wrong.
It is much easier to think an apple fall to the ground than to think that the earth and the apple will begin to move toward each other and collide.
 

Offline ian.ameline

  • Regular Contributor
  • *
  • Posts: 55
  • Country: ca
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #17 on: September 01, 2018, 09:51:08 pm »
http://lmgtfy.com/?q=default+telnet+port

If you're too lazy to use google, I really don't know how to respond. You may have chosen the wrong hobby if you expect someone else to do all the work for you.

There -- now my attitude is clear.


- You install the OS just like you'd install the one you got from SIGLENT -- just follow their instructions

- The telnet port is the default one telnet uses -- just telnet to the ip address of the scope.

Nice attitude.

Other 'scopes have different ports, I just want the port used by Siglent to be written down clearly (which you've failed to achieve).

- Yes, that is all it takes. Others have confirmed that the bandwidth is increased.

Nobody's doubting the bandwidth increases but some people claim to have noticed weird aliasing or that the capacitors are different.

Those problems might be just the probes. It's reasonably well known that cheap-ass probes start to go to hell around 250MHz and one of the differences between the two models is that you get much better probes with the 200MHz version.

It it is the probes then a new set of probes should probably be thrown into the upgrade mix, that puts the price of the "hacked" version up by $100.

Food for thought, yes?

- It looks to me like the scope is deliberately designed to be hackable. It would be very easy for it to have been much harder. It is not. It is *very* easy.

How do you explain the fact that the 'scope is only eight months old but you already need to download old firmwares to be able to do it, that newer firmwares don't work? What happens if Siglent decides to encrypt that file and make it default to 50Mhz when it's missing? It is *very* easy to make it much harder. :popcorn:

(and what happens when Siglent removes that old firmware from their web site?)

PS: Nowhere near as easy as a Rigol (neener neener).

What if purple monkeys fly out of my ass? What if, what if, what if.

You asked for the hack -- we gave it to you. Now you complain. Again, you probably should take up golf instead.

Cheers...
« Last Edit: September 01, 2018, 10:33:31 pm by ian.ameline »
 
The following users thanked this post: CustomEngineerer

Offline ian.ameline

  • Regular Contributor
  • *
  • Posts: 55
  • Country: ca
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #18 on: September 01, 2018, 09:58:59 pm »
Even when this particular case do not need but with bit expensive way in history I have learned that after editing it is good practice to use sync command before shut down.

Linux knows how to do a sync before a soft reboot but the word "reboot" is ambiguous, yes. Some people might power-cycle it instead of typing "shutdown -r" at the command line.

(take note, ian.ameline).

Good point -- I tend to assume people around here who poke around with electrons aren't lazy idiots, and research perhaps even a little background knowledge before poking their meat-probes at things they may have little experience with -- clearly an unexamined assumption -- google must be too hard to use.

But in the case here, buffers are flushed pretty quickly -- you'd need to power cycle within milliseconds to have a problem, and even then, you'd have to get really unlucky (in a microsecond wide window) to get an inconsistent state in the flash. I doubt you could make it happen by trying.


 

Offline Fungus

  • Super Contributor
  • ***
  • Posts: 9290
  • Country: 00
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #19 on: September 01, 2018, 10:07:02 pm »

http://lmgtfy.com/?q=default+telnet+port

If you're too lazy to use google, I really don't know how to respond. You may have chosen the wrong hobby if you expect someone else to do all the work for you.

Um, the question was whether Siglent uses the standard port, not if I (or somebody who doesn't spend their lives using green-screen Linux) can google what the standard port is.

There -- now my attitude is clear.

Crystal.
« Last Edit: September 01, 2018, 10:08:42 pm by Fungus »
 

Offline Fungus

  • Super Contributor
  • ***
  • Posts: 9290
  • Country: 00
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #20 on: September 01, 2018, 10:13:37 pm »
Next question: When people say "the one with the known root password", what would that password be?

(I think we have to assume that not everybody will "know" it)

 
The following users thanked this post: egonotto

Offline rf-loop

  • Super Contributor
  • ***
  • Posts: 2885
  • Country: fi
  • Starting with DLL21
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #21 on: September 01, 2018, 10:32:55 pm »
Next question: When people say "the one with the known root password", what would that password be?

(I think we have to assume that not everybody will "know" it)

Why lazy people should be fed.
If practice and theory is not equal it tells that used application of theory  is wrong or the theory itself is wrong.
It is much easier to think an apple fall to the ground than to think that the earth and the apple will begin to move toward each other and collide.
 

Offline SMB784

  • Regular Contributor
  • *
  • Posts: 165
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #22 on: September 01, 2018, 11:21:58 pm »
Next question: When people say "the one with the known root password", what would that password be?

(I think we have to assume that not everybody will "know" it)

Let's just say that if you are a regular eevblog reader, you are typing the password every day.

As regards the concern that you are restricted to using the outdated firmware to perform the bandwidth upgrade, it is possible to modify any firmware revision yourself and insert your own custom password. You can follow the posts by janekivi & tv84 in the Siglent .ads file thread where the process is described in detail.
« Last Edit: September 01, 2018, 11:27:30 pm by SMB784 »
"Anything will lase if you hit it hard enough."

-Arthur L. Schawlow
 

Offline Fungus

  • Super Contributor
  • ***
  • Posts: 9290
  • Country: 00
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #23 on: September 01, 2018, 11:51:54 pm »
As regards the concern that you are restricted to using the outdated firmware to perform the bandwidth upgrade, it is possible to modify any firmware revision yourself and insert your own custom password. You can follow the posts by janekivi & tv84 in the Siglent .ads file thread where the process is described in detail.

I'm more worried that in the future the 'scope might not default to 200Mhz when the bandwidth.txt file is missing.

(eg. it could just as easily default to 50MHz...  :popcorn: )
 

Online tv84

  • Frequent Contributor
  • **
  • Posts: 468
  • Country: pt
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #24 on: September 02, 2018, 12:40:43 am »
Although I disagree with the way the OP has been conducting this process, I would like to add my 2 cents to the benefit of the whole forum:

All must realize that the method described previously (removing the bandwidth.txt) triggers the activation of the PRO_MODE in the scope (which is the "Production Mode"). This mode enables all the Options and the BW to the max possible.

This mode can, in fact, be easily disabled in future FW versions and/or Siglent can change it to trigger the activation of the lowest BW instead of the highest. Maybe they use the highest precisely to evaluate the full potential of the equipment before leaving factory...

The activation using the official licenses as described by me in the Siglent .ADS thread is more future proof (and can also be used in other equipments). Of course, if you end up just discovering the lower BW licenses, then you can reinsert the original bandwidth.txt.

I leave a small "easter egg" attached that does the following:

Code: [Select]
sync
mount -o sync,rw,remount /usr/bin/siglent/firmdata0/
sync

mv /usr/bin/siglent/firmdata0/bandwidth.txt /usr/bin/siglent/firmdata0/bandwidth.bak

sync
mount -o sync,ro,remount /usr/bin/siglent/firmdata0/
sync

which means it replaces all the steps described previously in this thread without the need to change FS root password, etc.

Execute it as a normal update. It should be run after the scope is running and you should reboot after. For security reasons it won't overwrite any existing bandwidth.bak so that you can keep the original (in case people run it multiple times).
 
The following users thanked this post: CustomEngineerer, tek2232, vtwin@cox.net, gamerpaddy

Offline tautech

  • Super Contributor
  • ***
  • Posts: 14051
  • Country: nz
  • Taupaki Technologies Ltd. NZ Siglent Distributor
    • Taupaki Technologies Ltd.
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #25 on: September 02, 2018, 07:28:13 am »
This is an unofficial guide on how to unlock 200Mhz bandwidth on SDS1104X-E oscilloscopes, effectively turning them into SDS1204X-Es....................


Warning: The PP510 probes that are supplied with the SDS1104X-E are 100MHz probes. If you intend to make use of the 200Mhz bandwidth then you need to spend an extra $100 and get a set of real 200Mhz probes, eg. the PP215 probes that are supplied with the SDS1204X-E.

If you don't do this then you won't have 200MHz bandwidth and you may get misleading readings on screen. You have been warned.
Scaremongering BS !  :bullshit:
Some ppls just don't/won't do their homework !  ::)
Or don't have a clue.  :-//

It is clearly seen PP510 and PP215 probe performance combined with scope performance is well within system specification !



From this post:
https://www.eevblog.com/forum/testgear/siglent-sds1104x-e-in-depth-review/msg1434665/#msg1434665
Avid Rabid Hobbyist
 
The following users thanked this post: MT, ian.ameline, Coldblackice

Offline janekivi

  • Frequent Contributor
  • **
  • Posts: 355
  • Country: ee
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #26 on: September 02, 2018, 06:06:02 pm »
Next question: When people say "the one with the known root password", what would that password be?

(I think we have to assume that not everybody will "know" it)
Then this not for those everybody.

"If you don't know the password, you are not qualified to hack your equipment!"
Password is our signature and made for us only. We don't speak about it loud everywhere.
You must be one of us. If you are, you have been here and you know things. If not...
you are not qualified to hack your equipment.
And even if strangers outside can use them, they can't spread them without our mark.

If this is too much asked and you just need all options and bandwidth, buy them!
 
The following users thanked this post: ian.ameline

Offline bsas

  • Regular Contributor
  • *
  • Posts: 50
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #27 on: September 24, 2018, 10:33:54 am »
By the way, those "ZippyShare" links are not working at all for me (in my region). Don't know if I need VPN for this or not. If someone can provide me the file, I can try to put on another shared folder for plp with my issue... Thanks!
 

Offline vtwin@cox.net

  • Regular Contributor
  • *
  • Posts: 125
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #28 on: September 27, 2018, 09:30:37 pm »
The activation using the official licenses as described by me in the Siglent .ADS thread is more future proof (and can also be used in other equipments). Of course, if you end up just discovering the lower BW licenses, then you can reinsert the original bandwidth.txt.

Okay, I'm attempting to follow this alternative path to unlock my brand new 1104X-E (delivered w/ 7.1.6.1.25R2) and I've encountered a problem/questions.

I loaded SS1004X-E_OSV1_EN_eevblog on a thumbdrive, and uploaded my scope.

I logged in via telnet, and executed the following:

cd /usr/bin/siglent/usr/mass_storage/U-disk0
cat /dev/mem > memdump.bin

this yields an error:

cat: read error: Bad address

the resulting file:

/usr/bin/siglent/usr/mass_storage/U-disk0 # ls -l memdump.bin
-rwxr-xr-x    1 root     root     251658240 Jan  1 00:22 memdump.bin

so I end up w/ a file 240MB in size (240*1024*1024)

yielding the question

(1) "is this expected?"  (e.g. both the error, and the resulting file size.)

If I take that file, and run it through the license code detector C# app, I get ~100 unique strings. Most of them look like regular text strings (e.g. ' 6cachingiterator'), others -- about 6 -- look like random strings (FTKW-UZFD-7PKY-D5MK and  b4fa-cf7d-5c37-c2df). I tried plugging in those 6 random strings into the license manager (Options->Install) but I get a "data is invalid" error. So

(2) does anyone know what the license codes actually look like (e.g. should they be hexadecimal only? or can they include non-hex alphanumerics?)

(3) should I be attempting to enter the codes at this point, or should I be doing something else before I attempt it (e.g. perform a different update, etc.) and THEN try the codes?

Thanks,
Vin
A hollow voice says 'PLUGH'.
 

Online tv84

  • Frequent Contributor
  • **
  • Posts: 468
  • Country: pt
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #29 on: September 28, 2018, 01:52:59 am »
1.  :-+

2. See my example.

3. Try codes.
 
The following users thanked this post: vtwin@cox.net

Offline vtwin@cox.net

  • Regular Contributor
  • *
  • Posts: 125
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #30 on: September 28, 2018, 03:48:49 am »
Of the 90+ sets of upper or lowercase characters/digits, only 6 appear to be random -- the remaining contain English words, which makes me believe they are part of the OS.

The remaining 6, I attempted to install through the scopes panel -- I attempted each code for each option (MSO, Wifi, AWG) and each time I receive "The data is invalid", which leads me to suspect the output generated from the C# code does not contain any licensing codes.

I suppose I could print out a hex dump of the bin file and look for strings by hand, to see if there are keys missed by the C# code.... the PDF created by winhex is only 91,301 pages long :)
A hollow voice says 'PLUGH'.
 

Online Taaning

  • Newbie
  • Posts: 3
  • Country: dk
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #31 on: September 28, 2018, 04:27:11 am »


If I take that file, and run it through the license code detector C# app, I get ~100 unique strings. Most of them look like regular text strings (e.g. ' 6cachingiterator'), others -- about 6 -- look like random strings (FTKW-UZFD-7PKY-D5MK and  b4fa-cf7d-5c37-c2df). I tried plugging in those 6 random strings into the license manager (Options->Install) but I get a "data is invalid" error. So



Any chance you could share how you run the memdump.bin in the C# script?

Thank you :-)
 

Online tv84

  • Frequent Contributor
  • **
  • Posts: 468
  • Country: pt
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #32 on: September 28, 2018, 06:09:02 am »
The remaining 6, I attempted to install through the scopes panel -- I attempted each code for each option (MSO, Wifi, AWG) and each time I receive "The data is invalid", which leads me to suspect the output generated from the C# code does not contain any licensing codes.

But they could be BW licenses... ;)

Quote
I suppose I could print out a hex dump of the bin file and look for strings by hand, to see if there are keys missed by the C# code.... the PDF created by winhex is only 91,301 pages long :)

You're getting there! If you carefully RTFM it suggests:  "the most probable thing happening is that the text is concatenated with some other string/license! I leave that as homework. First, inspect both halfs of 32-char size strings..."
 

Online tv84

  • Frequent Contributor
  • **
  • Posts: 468
  • Country: pt
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #33 on: September 28, 2018, 06:13:05 am »
Any chance you could share how you run the memdump.bin in the C# script?

 :wtf:  Have you even looked at the script?

byte[] buffer = System.IO.File.ReadAllBytes(@"memdump.bin");
 

Online Taaning

  • Newbie
  • Posts: 3
  • Country: dk
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #34 on: September 28, 2018, 06:20:33 am »
Any chance you could share how you run the memdump.bin in the C# script?

 :wtf:  Have you even looked at the script?

byte[] buffer = System.IO.File.ReadAllBytes(@"memdump.bin");

Of course I have looked at the the script :-) I am not a programmer apart from some arduino stuff. I am sorry.
 

Offline vtwin@cox.net

  • Regular Contributor
  • *
  • Posts: 125
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #35 on: September 28, 2018, 07:00:39 am »
download/install visual studio community edition, and then cut/paste the code into a Win32 console application:

Code: [Select]
using System;
using System.IO;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;

namespace TestApp
{
    class Program
    {
        static void Main(string[] args)
        {
            byte[] buffer = System.IO.File.ReadAllBytes(@"G:\memdump.bin");

            for (int j = 0, l = 0; j < 2; j++, l += 0x20)
                for (int i = 0, strStart = 0, strSize = 0; i < buffer.Length; i++)
                    if ( ((buffer[i] < '2') || (buffer[i] > '9')) &&
                         ((buffer[i] < 'A' + l) || (buffer[i] > 'Z' + l)) &&
                         buffer[i] != ('L' + l) &&
                         buffer[i] != ('O' + l))
                    {
                        if (strSize == 16)
                            Console.WriteLine("{0:X8} - {1}", strStart, Encoding.UTF8.GetString(buffer, strStart, strSize));
                        strSize = 0;
                        strStart = i + 1;
                    }
                    else strSize++;
            Console.ReadKey();
        }
}

change hard-coded filename if you like, or, perhaps, modify code to use args[1] compile and run.
A hollow voice says 'PLUGH'.
 
The following users thanked this post: Taaning

Offline vtwin@cox.net

  • Regular Contributor
  • *
  • Posts: 125
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #36 on: September 28, 2018, 07:53:03 am »
If you carefully RTFM it suggests:  "the most probable thing happening is that the text is concatenated with some other string/license! I leave that as homework. First, inspect both halfs of 32-char size strings..."

I did see this, but I'm having a difficult time grokking exactly what you mean.

Assuming I have the following:

0819ABBB     8ki7-axhk-yilk-bdgy
0819ABDB     8ki7-axhk-yilk-bdgy
0819ABFB     8ki7-axhk-yilk-bdgy

I interpreted the clause as meaning I should try "yilk-bggy-8ki7-axkh' in addition (which didn't work).

I also tried "axhk-yilk-bdgy-8ki7" and "bdgy-8ki7-axhk-yilk" without success.

Or, should I be trying all combinations, e.g. ki7a-..., i7ax..., 7axh..., shifting each character at a time, like a rotate w/ carry?

Is there an easier way to try license codes, other than keying them in though the intensity/adjust/select dial (e.g. through the telnet interface?)
A hollow voice says 'PLUGH'.
 
The following users thanked this post: vt100

Online Taaning

  • Newbie
  • Posts: 3
  • Country: dk
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #37 on: September 29, 2018, 11:27:50 pm »
download/install visual studio community edition, and then cut/paste the code into a Win32 console application:

Code: [Select]
using System;
using System.IO;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;

namespace TestApp
{
    class Program
    {
        static void Main(string[] args)
        {
            byte[] buffer = System.IO.File.ReadAllBytes(@"G:\memdump.bin");

            for (int j = 0, l = 0; j < 2; j++, l += 0x20)
                for (int i = 0, strStart = 0, strSize = 0; i < buffer.Length; i++)
                    if ( ((buffer[i] < '2') || (buffer[i] > '9')) &&
                         ((buffer[i] < 'A' + l) || (buffer[i] > 'Z' + l)) &&
                         buffer[i] != ('L' + l) &&
                         buffer[i] != ('O' + l))
                    {
                        if (strSize == 16)
                            Console.WriteLine("{0:X8} - {1}", strStart, Encoding.UTF8.GetString(buffer, strStart, strSize));
                        strSize = 0;
                        strStart = i + 1;
                    }
                    else strSize++;
            Console.ReadKey();
        }
}

change hard-coded filename if you like, or, perhaps, modify code to use args[1] compile and run.

Thank you very much, managed to get the memory dump processed, and found some interesting things with some (a lot of) help  8)
 

Offline vt100

  • Contributor
  • Posts: 15
  • Country: af
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #38 on: October 08, 2018, 12:41:12 pm »
Thank you very much, managed to get the memory dump processed, and found some interesting things with some (a lot of) help  8)

For some real fun, check out these GitHub repositories:

https://github.com/Siglent/FindKeys
https://github.com/Siglent/TryKeys


Purely for educational purposes only. User is expected to comply with all applicable state, county, federal and international laws :)
vt100
the world's best dumb terminal
 
The following users thanked this post: vtwin@cox.net, nicolasg

Offline vt100

  • Contributor
  • Posts: 15
  • Country: af
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #39 on: October 08, 2018, 02:11:33 pm »
This process will obtain your license keys from a core dump of the scope application itself, in case you lost the paperwork after you purchased them (of course). No "guessing games" like the other software posted (although it was a fun intellectual exercise!)

Skill level: Easy/Moderate

Risk: Slim to none.

Assumptions: You know the root password to your scope.

Steps:

1. download full armv7l version of busybox which has core dump enabled.
    see: https://busybox.net/downloads/binaries/1.28.1-defconfig-multiarch/busybox-armv7l

2. put version on thumb disk

3. reboot scope to known state

4. telnet to scope and log in as root

5. insert usb stick

6. copy busybox binary from usb to /tmp:
    cp /usr/bin/siglent/usr/mass_storage0/U-disk/busybox-armv7l /tmp

7. unmount and remove usb
    umount /usr/bin/siglent/usr/mass_storage/U-disk0   
    (and then remove usb stick)

8. identify and kill existing sds1000b.app
    ps -ef | grep sds | awk  '{printf "kill -9 %s\n", $1}' | ash

9. change to /tmp directory:
    cd /tmp

10. launch new busybox ash shell
    /tmp/busybox_armv7l ash
   (when you press enter it looks like nothing happens, but something does)

11.  re-launch scope app in new busybox environment in background
      /usr/bin/siglent/sds1000b.app &

12. increase core dump ulimit to unlimited:
      ulimit -c unlimited
you can verify new limit by typing
      ulimit -c
and you should get a response "unlimited"

12. kill scope app again, telling OS to create a core dump of the app:
      ps -ef | grep sds | awk  '{printf "kill -ABRT %s\n", $1}' | ash

13. wait a few seconds, and press enter once or twice. you should see:
[1]+  Aborted (core dumped)      /usr/bin/siglent/sds1000b.app
if you do not, you did something wrong, go to step #3

14. verify core dump is in /tmp:
      ls /tmp/core*
you should see something like this:
-rw-------    1 root     root     377511936 Jan  1 00:14 /tmp/core
if not, you did something wrong, go to step #3

15. exit out of usb version of busybox shell
     exit
(it will look like nothing happens when you press enter, but, something does)

16. re-launch Siglent scope application. See Step #11

17. insert usb drive

18. copy core dump to thumb drive
     cp core /usr/bin/siglent/usr/mass_storage/U-disk0/coredump.bin
(this will take a minute or two, its a big file)

19. unmount usb stick and remove (see step #7)

20. Insert USB stick on Windows/Mac/Linux and open the coredump.bin file in your favorite hex editor.

21. Search for string "SDS1000X-E". Keep searching until you find the string next to either your scopeid (if you do not know your scope id, you can get it using the SCPI SCOPEID? command thru the web interface) or your serial number.

22. When you locate the entry with your scope ID, you will see a series of 5 16-character strings below it (one will look like a 32 character string, split it into half so you have two 16-character strings. These are your 100, 200, 50 and 70 mhz license keys, respectively. The one that appears twice is the license key your scope is currently licensed under.

23. You can license a different bandwidth by typing MCBD (license key)  at the scope's SCPI web interface. It is necessary to reboot after you do this for everything to reset and take effect. You can verify the bandwidth by typing PRBD? through the SCPI web interface.

24. When you locate the entry with your serial number, you will see a series of (at least) 3 16-character strings. If you have any options already licensed, those keys will appear twice. if you have no options licensed, they only appear once. The keys are, respectively, AWG, WIFI and MSO.

25. You can license any options through the scope's SCPI interface using LCISL (option),(key) where (option) is AWG, WIFI or MSO and (key) is the 16-character key.

26. after doing so, even though the options are immediately licensed and active, I recommend a reboot for the new options to take effect.

27. Write keys down in a safe place so you do not lose them again.
vt100
the world's best dumb terminal
 
The following users thanked this post: chemary, bitseeker, tubularnut, plurn, booyeah, twinter145, mroek

Offline bitseeker

  • Super Contributor
  • ***
  • Posts: 6677
  • Country: us
  • Lots of engineer-tweakable parts inside!
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #40 on: October 08, 2018, 02:42:05 pm »
This process will obtain your license keys from a core dump of the scope application itself, in case you lost the paperwork after you purchased them (of course).

...

27. Write keys down in a safe place so you do not lose them again.

I promise I won't lose my keys again. ;D
Life is better under the TEA. ♪♩♫ Under the TEA. ♩♫
 

Offline nicolasg

  • Newbie
  • Posts: 3
  • Country: ca
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #41 on: November 14, 2018, 08:46:31 am »
Thanks for all the info posted here and in the firmware thread. The sample code really helped show me where in the memory dump to look for things and how they are stored. I can see patterns related to the restored keys location and surrounding data, hoping to make sense of it and then make the key backup better/easier.

Some tips...
1) A simple memdump is all you need to grab for trying to backup your keys. (In my case I didnt have to do a coredump)
2) The FindKeys/TryKeys code works very well.
3) Backup the whole "siglent" folder to your USB stick just in case.


I got sidetracked and started digging into the firmware files.
The webserver is very interesting, its lighthttpd with php 5.
They made a custom c module (.so) to handle communicating between the web front end and the hardware. AJAX scpi commands + more is possible.
Did you know, to change from english to chinese they do a file copy/move of php files around ? interesting.
The visual is via a custom/modified VNC server with websockets support. On the client its using the noVNC library, which for some reason has a quicker refresh rate and much faster updates than a real vnc client.


 

Offline bugmenot

  • Contributor
  • Posts: 7
  • Country: ru
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #42 on: November 18, 2018, 06:47:23 pm »
I posted this in the general SDS1104/1204X-E thread, but was directed here. If you have a memory dump from their SDS1000X-E and want to parse it for keys, the Python function to do it. It works with all dumps from my oscilloscope (1104X-E), but I only have the one. It'd be great to hear if it works for others.

Code: [Select]
import re
import string

def getkeys(scopeid, serialno, memdumpfile):
    """
    Parse a memory dump from a Siglent 1000X-E oscilloscope and return a dict containing
    license keys for bandwidths and options. The 'activebw' key is the one that is currently
    active in the 'scope (e.g. if the value of '100M' is the same as the value of 'activebw',
    the oscilloscope is software locked to 100 MHz bandwidth)
    """
    if len(scopeid) == 16 and set(scopeid) <= set(string.hexdigits):
        scopeid = scopeid.lower().encode('utf-8')
    else:
        raise ValueError('Scope ID must be 16 hexadecimal characters (remove dashes).')
   
    if len(serialno) == 14 and set(serialno) <= set(string.ascii_letters + string.digits):
        serialno = serialno.upper().encode('utf-8')
    else:
        raise ValueError('Serial number must be 14 alphanumeric characters.')

    f = open(memdumpfile, 'rb')
    data = f.read()
    f.close()

    regex_bw = re.compile(scopeid + b'.*?'+ scopeid + b'.*?([0-9A-Z]{16}).*?([0-9A-Z]{16}).*?([0-9A-Z]{16}).*?([0-9A-Z]{16}).*?([0-9A-Z]{16})', re.DOTALL)
    regex_opt = re.compile(serialno + b'.*?' + serialno + b'.*?([0-9A-Z]{48})', re.DOTALL)
   
    key_bw = list([n.decode('utf-8') for n in re.findall(regex_bw, data)[0]])
    key_opt = re.findall('.{16}', re.findall(regex_opt, data)[0].decode('utf-8'))
   
    keys = {}
    key_labels = ('100M', '200M', '50M', '70M', 'activebw', 'awg', 'wifi', 'mso')
    keys.update(zip(key_labels, key_bw + key_opt))

    return(keys)

As nicolasg posted, a simple cat /dev/mem worked well for me - I didn't need to trigger a core dump.
 
The following users thanked this post: rickwookie

Offline jacknife

  • Newbie
  • Posts: 1
  • Country: it
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #43 on: November 25, 2018, 03:34:32 pm »
Hello, i have a simple question last month i've updated to SDS1004X-E Firmware (4-Channel Model)- 6.1.26 (Release Date 09.26.18 ) do I have to downgrade to 6.1.25R2 before the unlock ?

thanks !  ;D
 

Offline Rerouter

  • Super Contributor
  • ***
  • Posts: 3816
  • Country: au
  • Question Everything... Except This Statement
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #44 on: November 25, 2018, 06:17:39 pm »
Thanks for this guys, VT100s guide has a few typos, but worked well.
 

Online tv84

  • Frequent Contributor
  • **
  • Posts: 468
  • Country: pt
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #45 on: November 25, 2018, 09:08:52 pm »
Hello, i have a simple question last month i've updated to SDS1004X-E Firmware (4-Channel Model)- 6.1.26 (Release Date 09.26.18 ) do I have to downgrade to 6.1.25R2 before the unlock ?

thanks !  ;D

No.
 
The following users thanked this post: jacknife

Offline vt100

  • Contributor
  • Posts: 15
  • Country: af
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #46 on: November 26, 2018, 05:03:39 am »
Thanks for this guys, VT100s guide has a few typos, but worked well.

if you email me the typos I can update so things are correct. sometimes my brain and hands work at different speeds so what I am thinking and what comes out on the screen are two different things.
vt100
the world's best dumb terminal
 

Offline SMB784

  • Regular Contributor
  • *
  • Posts: 165
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #47 on: December 06, 2018, 03:48:55 pm »
This process will obtain your license keys from a core dump of the scope application itself, in case you lost the paperwork after you purchased them (of course). No "guessing games" like the other software posted (although it was a fun intellectual exercise!)

Skill level: Easy/Moderate

Risk: Slim to none.

Assumptions: You know the root password to your scope.

Steps:

1. download full armv7l version of busybox which has core dump enabled.
    see: https://busybox.net/downloads/binaries/1.28.1-defconfig-multiarch/busybox-armv7l

2. put version on thumb disk

3. reboot scope to known state

4. telnet to scope and log in as root

5. insert usb stick

6. copy busybox binary from usb to /tmp:
    cp /usr/bin/siglent/usr/mass_storage0/U-disk/busybox-armv7l /tmp

7. unmount and remove usb
    umount /usr/bin/siglent/usr/mass_storage/U-disk0   
    (and then remove usb stick)

8. identify and kill existing sds1000b.app
    ps -ef | grep sds | awk  '{printf "kill -9 %s\n", $1}' | ash

9. change to /tmp directory:
    cd /tmp

10. launch new busybox ash shell
    /tmp/busybox_armv7l ash
   (when you press enter it looks like nothing happens, but something does)

11.  re-launch scope app in new busybox environment in background
      /usr/bin/siglent/sds1000b.app &

12. increase core dump ulimit to unlimited:
      ulimit -c unlimited
you can verify new limit by typing
      ulimit -c
and you should get a response "unlimited"

12. kill scope app again, telling OS to create a core dump of the app:
      ps -ef | grep sds | awk  '{printf "kill -ABRT %s\n", $1}' | ash

13. wait a few seconds, and press enter once or twice. you should see:
[1]+  Aborted (core dumped)      /usr/bin/siglent/sds1000b.app
if you do not, you did something wrong, go to step #3

14. verify core dump is in /tmp:
      ls /tmp/core*
you should see something like this:
-rw-------    1 root     root     377511936 Jan  1 00:14 /tmp/core
if not, you did something wrong, go to step #3

15. exit out of usb version of busybox shell
     exit
(it will look like nothing happens when you press enter, but, something does)

16. re-launch Siglent scope application. See Step #11

17. insert usb drive

18. copy core dump to thumb drive
     cp core /usr/bin/siglent/usr/mass_storage/U-disk0/coredump.bin
(this will take a minute or two, its a big file)

19. unmount usb stick and remove (see step #7)

20. Insert USB stick on Windows/Mac/Linux and open the coredump.bin file in your favorite hex editor.

21. Search for string "SDS1000X-E". Keep searching until you find the string next to either your scopeid (if you do not know your scope id, you can get it using the SCPI SCOPEID? command thru the web interface) or your serial number.

22. When you locate the entry with your scope ID, you will see a series of 5 16-character strings below it (one will look like a 32 character string, split it into half so you have two 16-character strings. These are your 100, 200, 50 and 70 mhz license keys, respectively. The one that appears twice is the license key your scope is currently licensed under.

23. You can license a different bandwidth by typing MCBD (license key)  at the scope's SCPI web interface. It is necessary to reboot after you do this for everything to reset and take effect. You can verify the bandwidth by typing PRBD? through the SCPI web interface.

24. When you locate the entry with your serial number, you will see a series of (at least) 3 16-character strings. If you have any options already licensed, those keys will appear twice. if you have no options licensed, they only appear once. The keys are, respectively, AWG, WIFI and MSO.

25. You can license any options through the scope's SCPI interface using LCISL (option),(key) where (option) is AWG, WIFI or MSO and (key) is the 16-character key.

26. after doing so, even though the options are immediately licensed and active, I recommend a reboot for the new options to take effect.

27. Write keys down in a safe place so you do not lose them again.


So it looks like the coredump utility of the ARM7L busybox file you linked us has not been enabled (at least according to the log file on that website).  Does anyone have a compiled version of busybox with coredump enabled?
"Anything will lase if you hit it hard enough."

-Arthur L. Schawlow
 

Offline Rerouter

  • Super Contributor
  • ***
  • Posts: 3816
  • Country: au
  • Question Everything... Except This Statement
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #48 on: December 06, 2018, 09:40:30 pm »
The linked version did dump for me, I just had to kill it 3 times, third time worked.
 

Offline SMB784

  • Regular Contributor
  • *
  • Posts: 165
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #49 on: December 07, 2018, 01:43:25 am »
Which kill worked the third time? The first process kill or the second one after BusyBox was running? What was the procedure that worked for you?
« Last Edit: December 07, 2018, 04:54:56 am by SMB784 »
"Anything will lase if you hit it hard enough."

-Arthur L. Schawlow
 

Offline jgreco

  • Newbie
  • Posts: 1
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #50 on: December 07, 2018, 03:03:33 am »

For some real fun, check out these GitHub repositories:

https://github.com/Siglent/FindKeys
https://github.com/Siglent/TryKeys


Purely for educational purposes only. User is expected to comply with all applicable state, county, federal and international laws :)

This is almost awesome and almost worked swimmingly well.

The Tek 475 here decided to go traceless.  I'd been sorely tempted by the low end Rigol for the last few years, but the Siglent at 200MHz with four channels felt like a more compelling addition.  Don't need the 200MHz, don't actually need any of the other features either, don't even use a scope often anymore, but it's always fun to hack, and being able to log in to your devices to poke around is fun.  Aside from not immediately figuring out that the unit came with DHCP disabled, all of that went very well and I had the eevblog-modified OS loaded and running without much ado.

However, when I got to the github projects above, my code development environment is much closer to working on a VT100 than it is a PC with an IDE.  There was a little irony that a user with a handle of VT100 posted a bunch of Microsoft-dependent stuff.  I didn't have Visual Studio loaded anywhere, and how to use it wasn't entirely clear to me, as my development environment is usually just vi, cc, make, and the rest of the UNIX stack.  I figure if someone who's written tons of C had issues figuring this out, maybe non-developers or other old UNIX farts might have trouble too.  If this turns out to be helpful to someone, here's a few notes, hard won through about eight hours of persistence and one trashed VM, hopefully a clue or two for anyone similarly clueless-ish about Visual Studio:

Visual Studio is huge.  It almost overflowed my 50GB Windows lab VM's.  I installed Visual Studio Community 2017 with the Visual Studio Installer downloaded from Microsoft.  Under "Workloads" I had it install .NET Desktop Development, Desktop development with C++, and .NET Core cross platform development.  I also selected "NuGet targets and build tasks" under "Installation details" the second time around, because something went tragically wrong with my first VM, and NuGet wasn't working correctly.  Some of these selections are needlessly sloppy, I'm sure.

Once in Visual Studio 2017, I went to "File -> Open -> Open from Source Control", plugged in the FindKeys github URL, and it picked it up, bringing up a "Solution Explorer" window.  After spending some time looking around and wondering where a "build" button or key was, I opened "Program.cs" in the editor to look at it and suddenly "Build" became available in the menu bar.  Yay for obtuseness.  It built the FindKeys.dll just fine, depositing it in C:\Users\username\source\repos\FindKeys\bin\Debug\netcoreapp2.1, so I just moved the memory dump bin file to that directory and ran it there, and it worked.

At this point, things went off the rails unrecoverably on the first VM.  I tried to do the same process for TryKeys and it went seriously sideways.  It needed a package called "LiteGuard" and I couldn't figure out how to install it.  For whatever reason, NuGet was broken and unusable in the first VM.  Being unfamiliar with the tool and thinking myself just too dumb for modern tools, I wasted several hours stuck trying to remediate that.  Install-Package simply wasn't there or was broken or something.  So I switched to a different lab VM, installed Visual Studio again, and went to do TryKeys again.

This bombed as the build still needed "LiteGuard".  Trying to install that, it refused.  It really wanted a project name.  So I knew I wasn't really doing this correctly, but I didn't really care, so I exited out of VS to dump the mess, launched VS again, did "New -> Project from Existing Code", specified "Visual C#", pointed the dir at C:\Users\username\source\repos\TryKeys, and named it "TryKeys".  Then I was finally able to successfully go to "Tools -> NuGet Package Manager -> Package Manager Console" and entered

PM> Install-Package LiteGuard -Project TryKeys

It still presented an error but it seemed to complete, so I again opened Program.cs, ran "Build", and it built, and ran great.

Y'all are welcome to explain in excruciating detail how I made this more complicated than needed or went about it entirely the wrong way.  :-)  I just felt it would be a shame if the effort put into these two fine Siglent tools was not accessible to someone without any coding experience.  Thanks for the tools.
 

Offline Rerouter

  • Super Contributor
  • ***
  • Posts: 3816
  • Country: au
  • Question Everything... Except This Statement
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #51 on: December 07, 2018, 06:23:31 am »
My process was get to the point where you kill the application, step 12, then fire up the process again, step 11, then using "PS -A" to find its new PID, and "kill -ABRT <PID>" It was my third loop of starting and killing it that got me a core dump.
 

Offline vt100

  • Contributor
  • Posts: 15
  • Country: af
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #52 on: December 07, 2018, 11:55:40 am »
There was a little irony that a user with a handle of VT100 posted a bunch of Microsoft-dependent stuff.

I wanted to learn .netcore and this was my first .net core application.

Quote
Visual Studio is huge.  It almost overflowed my 50GB Windows lab VM's.

if someone makes a pre-compiled version available then you could get away with installing the .dot core runtime, which is significantly smaller, and would run on linux.  .dotcore apps will compile and run on linux, allegedly.

Quote
It needed a package called "LiteGuard" and I couldn't figure out how to install it.

I have absolutely no idea what LiteGuard is. It wasn't a nuget package I used, but it does show up in project.assets.json now that I look. Perhaps it was a dependency of another nuget package I used in TryKeys which I didn't use in FindKeys -- e.g. the telnet library, for instance.

It was my third loop of starting and killing it that got me a core dump.

Strange thing is, I get a core dump each and every time, on the first try. I have no explanation as to why others have problems getting a core dump. Maybe I'm lucky.
vt100
the world's best dumb terminal
 

Offline plurn

  • Contributor
  • Posts: 30
  • Country: au
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #53 on: December 15, 2018, 05:15:40 pm »
I think I found an easier way to get the mem dump. I did this without needing to set a known root password.

I did this with a stock standard unhacked new SDS1104X-E software version 8.1.6.1.26. Some notes:

Insert a USB thumb drive formatted appropriately for the SDS1104X-E
Using the SCPI control of the web interface, put the following command (or similar depending on what filename you want):

SHELLCMD cat /dev/mem > /usr/bin/siglent/usr/mass_storage/U-disk0/memdump.bin

Wait a minute or more for it to complete - it needs to copy a 256 megabyte file

cleanly shutdown the SDS1104X-E (with the power button on the front)

You can now move the USB thumb drive to a pc. There should be a memdump.bin file on there. You can follow other people already mentioned processes to extract keys from this. I used vt100's instructions from step 20 onwards here: https://www.eevblog.com/forum/testgear/unlocking-siglent-sds1104x-e-step-by-step/msg1877477/#msg1877477   Thanks vt100. I used the free "Hex Fiend" on macos as the Hex editor but I expect any would do.

Thanks to Rerouter for letting me know about the "SHELLCMD" SCPI command https://www.eevblog.com/forum/testgear/siglent-sds1204x-e-released-for-domestic-markets-in-china/msg2041069/#msg2041069.

Also thanks to everyone who provided procedures for extracting keys.
« Last Edit: December 15, 2018, 07:31:13 pm by plurn »
 
The following users thanked this post: booyeah, Max2018

Offline Rerouter

  • Super Contributor
  • ***
  • Posts: 3816
  • Country: au
  • Question Everything... Except This Statement
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #54 on: December 15, 2018, 05:38:38 pm »
I should point out the memdump is slightly different to the core dump.

the core dump has the licenses loaded in somehow, (havent actually looked into it). while the memdump is just the application file.
so you cannot unlock at present with just the system file.

The other issue is if you tried to get a core dump, well the web interface is run by the system app, so once it crashes, the interface locks up.

« Last Edit: December 15, 2018, 05:41:11 pm by Rerouter »
 

Offline plurn

  • Contributor
  • Posts: 30
  • Country: au
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #55 on: December 15, 2018, 05:47:39 pm »
I should point out the memdump is slightly different to the core dump.

the core dump has the licenses loaded in somehow, (havent actually looked into it). while the memdump is just the application file.
so you cannot unlock at present with just the system file.

The other issue is if you tried to get a core dump, well the web interface is run by the system app, so once it crashes, the interface locks up.

With the file produced by the "SHELLCMD cat /dev/mem > /usr/bin/siglent/usr/mass_storage/U-disk0/memdump.bin" command, I believe I found all the keys. I think /dev/mem includes all memory - not just the memory from an application core dump. I only tested the bandwidth key as I don't have a need for the other ones. Bandwidth key worked for me.


« Last Edit: December 15, 2018, 05:49:57 pm by plurn »
 

Online tv84

  • Frequent Contributor
  • **
  • Posts: 468
  • Country: pt
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #56 on: December 15, 2018, 07:47:38 pm »
Coredump provides a continuous mem image.

/dev/mem provides a fragmented memory image (in blocks of 4kB or something), with "random" order. For me it's random, if anyone can explain the logic it would be GREAT!

They are not the same and that's why some manipulations need to be done in /dev/mem.

BUT, both ways provide the needed licenses.
 

Offline Rerouter

  • Super Contributor
  • ***
  • Posts: 3816
  • Country: au
  • Question Everything... Except This Statement
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #57 on: December 15, 2018, 07:55:34 pm »
well if you wanted to play it that way, there are very few strings that are only capitalized alphanumeric, at least 16 characters long and contain no symbols, so on that basis you may be able to filter down memory images to only relevant ASCII formatted strings,
 

Offline bugi

  • Regular Contributor
  • *
  • Posts: 182
  • Country: fi
  • Hobbyist using the ultra slow and unsure method
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #58 on: December 15, 2018, 10:11:39 pm »
/dev/mem provides a fragmented memory image (in blocks of 4kB or something), with "random" order. For me it's random, if anyone can explain the logic it would be GREAT!
I'm no kernel expert, but at least on "bigger CPUs" most kernels these days do some kind of memory space randomization (which is probably "corrected" in the page tables inside CPU) for security reasons. Malware have harder time looking for data or injecting code, since the desired locations are randomly somewhere... (That description is probably too simple, slightly misunderstood by me, etc. but... might explain the random order in the /dev/mem.  Something like this: https://en.wikipedia.org/wiki/Address_space_layout_randomization)
 
The following users thanked this post: tv84

Offline vt100

  • Contributor
  • Posts: 15
  • Country: af
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #59 on: December 15, 2018, 11:46:36 pm »
I spent quite a bit of time on this, with tv84's guidance, so let me state the following.

cat /dev/mem will give you a memory dump of the scope's entire memory. That memory is managed by the operating system kernel, and is broken up into 4k chunks, aka "pages". The kernel memory manager allots those pages to each process, using a process only someone intimately family with the kernel would be able to explain. Suffice to say, for our purposes, we can assume that any given process running on the scope will be assigned memory pages in a completely random order, even though to the process itself they may appear to be contiguous, they really are not, as the kernel is actually managing the allotment of and access to memory.

(if someone intimately family with the kernel memory management process can tell me where in a memory dump the paging table is located, and how to extract information from it in order to "reorganize" the memory pages for a given process into a single contiguous chunk, feel free to email me, I always enjoy a good intellectual exercise in programming.)

In order to retrieve your license keys from a memory dump, you need to utilize the process (either automatically or manually) captured in the "FindKeys" and "TryKeys" .net Core applications posted on GitHub. The reason being the memory keys will more than likely be "fragmented" into multiple 4k pages of memory. You may have 1/2 of a key at the end of one 4k memory page, and the remainder of the key at the start of another 4k memory page (I personally observe this w/ my own scope and was taking screen shots of a winhex display of the memory dump when I was going back and forth with tv84). And, those key fragments may be located megabytes apart in the file, with the 2nd half actually being 'first' in the file and the 1st half of the key being towards the end of the file.

So what FindKeys does is it examines the memory dump and identifies strings which may possibly be part of a license key. When it identifies a partial candidate, it will combine that partial candidate with other partial candidates to create one or more candidates to try  (e.g. given the program finds one 8-character string A and another 8 character string B, it will create two candidates, AB and BA, to try.  Trykeys takes the file of potential keys and tries to implement them.

A core dump, however, is a contiguous snapshot of a processes' memory. When the core dump is created, the memory pages assigned to the scope process are all arranged in the correct order by the kernel. The process of creating a core dump is handled at the OS level thus the OS can organize the memory pages into the correct order as they are written to a core dump file. Thus with a core dump, the keys will be contiguous as they are represented in their actual underlying class structures and are easily discoverable using the 'shortcut' of using a hex editor to search for your serial # or scope Id.

Whenever possible, I encourage people to use the core dump method, it is cleaner and faster. However, understandably some folks have a problem getting a core dump (I cannot replicate this issue on my scope, each and every time I follow the posted 'process' in the previous post, I get a core dump, so I have no idea what makes my scope different from someone else's). For those who cannot get a core dump, then the memory dump/findkeys/trykeys route is their only option to recover the license keys they previously paid for and accidentally lost the paperwork on.
« Last Edit: December 16, 2018, 12:08:02 am by vt100 »
vt100
the world's best dumb terminal
 

Online rhb

  • Super Contributor
  • ***
  • Posts: 2286
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #60 on: December 16, 2018, 10:59:58 am »
SIGABRT and SIGSEGV should produce a core dump, but Linux has the ability to prevent that via compile time options as well as other means I've not been able to sort out.  There is a core_dump_filter in /proc/<pid>, but I don't know any of the details.  I use Solaris like God intended whenever possible.

My use of Linux is like my use of Windows, it is only done under coercion.
 

Offline jazper

  • Contributor
  • Posts: 38
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #61 on: December 18, 2018, 06:23:41 pm »
My method was slightly different:

1. dump memory to fat32 formatted USB through web interface on 1104x-e - wait 1minute after performing this, then shut down the scope before doing anything else.
SHELLCMD cat /dev/mem > /usr/bin/siglent/usr/mass_storage/U-disk0/memdump.bin

2. Compile find keys using Visual studio - https://github.com/Siglent/FindKeys

3. Run find keys on PC on the the memory dump - note you need to edit the config json.

4. Flash custom firmware with known telnet/root password ( https://www45.zippyshare.com/v/SEUJEWE1/file.html) - Follow instructions in pdf in the file. (note flash drive needs to be either 8gb or 32gb) - I tried to find a way to not do this, but it's the easiest way of getting root access.

5. Set up network on SDS1104x-e

6. Compile trykeys ( https://github.com/Siglent/TryKeys )

7. Use trykeys on a PC on the same network using the key file from findkeys, wait for reboot on 1104 - save the keys that are found - Note you need to edit the config json within findkeys

8. Update firmware to latest firmware from siglent
« Last Edit: December 18, 2018, 06:44:30 pm by jazper »
 

Offline tinhead

  • Super Contributor
  • ***
  • Posts: 1846
  • Country: 00
    • If you like my hacks, send me a donation
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #62 on: December 19, 2018, 09:42:25 am »
I think I found an easier way to get the mem dump. I did this without needing to set a known root password.
...
SHELLCMD cat /dev/mem > /usr/bin/siglent/usr/mass_storage/U-disk0/memdump.bin

that worked for me as well (options and BW), tested with unhacked new SDS1204X-E software version 8.1.6.1.26
I don't want to be human! I want to see gamma rays, I want to hear X-rays, and I want to smell dark matter ...
I want to reach out with something other than these prehensile paws and feel the solar wind of a supernova flowing over me.
 

Offline photomankc

  • Contributor
  • Posts: 31
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #63 on: December 20, 2018, 02:02:33 am »
Now we are talking.  I'd much rather avoid tinkering around with modded firmware.  I'll give this method a try.
 

Offline MartyMacGyver

  • Regular Contributor
  • *
  • Posts: 70
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #64 on: December 25, 2018, 08:03:28 pm »
My SDS1104X-E arrived today with 7.1.6.1.25R2 (stock) on it.

After some fun (creating a wireless client bridge to get wired LAN handy, and using Ubuntu in a VM to format the flash drive for the Unixy flash boots) I was able to log in, run the commands, and rebooted.

At that point my model number went from SDS1104X-E to SDS1204X-E.  :-+

(Note to others: For the "OSV" updates, if you try to format the USB from Windows (certainly 10, maybe earlier ones) you'll likely have an annoying time of it. Bite the bullet and format and extract from Linux.) The only clue you'll have that it's working is it takes a bit longer to boot up, and the telnet password ends up working. If you're already on 7.1.6.1.25R2 like I was I'm almost certain the stock "SDS1004X-E_OSV1_EN-1.zip" step is not necessary, just the modified one.

I then grabbed the "SDS1004X-E_6.1.26_EN.zip" update and installed that. The model number is still 1204, and the firmware is now 7.1.6.1.26. I can still log in via telnet so all this suggests the unlock and mod worked.

One question though... I see mention of "8.1.6.1.26" in the thread here: is that some entirely different firmware, a typo, or what? Am I (at the moment) on the latest and greatest with 7.1.6.1.26?

Edit: One other bit of advice - if using a VM to format disks and such and you have problems with new DHCP addresses (as I just did with the SDG2042X I'm fiddling with now) be sure to shut down that VM to rule it out - in my case it made it impossible to route to the new device under test!
« Last Edit: December 25, 2018, 08:24:08 pm by MartyMacGyver »
 

Offline tinhead

  • Super Contributor
  • ***
  • Posts: 1846
  • Country: 00
    • If you like my hacks, send me a donation
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #65 on: December 26, 2018, 08:15:07 am »
One question though... I see mention of "8.1.6.1.26" in the thread here: is that some entirely different firmware, a typo, or what? Am I (at the moment) on the latest and greatest with 7.1.6.1.26?

i made dump of my dso (8.1.6.1.26), haven't found any binary differences to OS update file (7.1.x.xx) nor to latest available firmware.
Sure there might be still something different in mtd7 or mtd8, but due to lack of dump from 7.1 i can't compare, but probably there is no diff a well.
I don't want to be human! I want to see gamma rays, I want to hear X-rays, and I want to smell dark matter ...
I want to reach out with something other than these prehensile paws and feel the solar wind of a supernova flowing over me.
 
The following users thanked this post: MartyMacGyver

Offline Rerouter

  • Super Contributor
  • ***
  • Posts: 3816
  • Country: au
  • Question Everything... Except This Statement
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #66 on: December 26, 2018, 08:50:01 am »
8. And 7. Are the exact same. Just a rename.
 
The following users thanked this post: MartyMacGyver

Offline ewaller

  • Contributor
  • Posts: 23
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #67 on: December 27, 2018, 01:18:48 pm »
I found a much easier way to root the scope.

After mounting the cramfs  from the OS update on my Arch Linux box (on a loop device), I note that the telnet server is provided by busybox.  And, as the scope's web interface allows us to run shell commands as root, I figured I would spin up a telnet server where the login application is a humble shell rather than that pesky password program.

tl;dr:

Go to the SCPI web interface and send:

SHELLCMD telnetd -l/bin/sh -p9999

Then, use your favorite Telnet client to attach to port 9999.  You are in -- no password challenge.

Edit:  Did I note that one does this with stock firmware?
« Last Edit: December 27, 2018, 01:21:02 pm by ewaller »
 
The following users thanked this post: bitseeker, plurn, rickwookie, n3mmr, jazper, gator96100

Offline Rerouter

  • Super Contributor
  • ***
  • Posts: 3816
  • Country: au
  • Question Everything... Except This Statement
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #68 on: December 27, 2018, 01:33:29 pm »
All the fun new things that turn up from a little digging :)

Great work ewaller

On the not so stock side, Getting the hang of patching out most of the typos in the scope software,
Main pain is the HISTORY_LIST query, they pointed command and query to the same string so having to shuffle stuff around to fit a new string.
 

Offline SMB784

  • Regular Contributor
  • *
  • Posts: 165
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #69 on: December 28, 2018, 05:02:37 am »
I found a much easier way to root the scope.

After mounting the cramfs  from the OS update on my Arch Linux box (on a loop device), I note that the telnet server is provided by busybox.  And, as the scope's web interface allows us to run shell commands as root, I figured I would spin up a telnet server where the login application is a humble shell rather than that pesky password program.

tl;dr:

Go to the SCPI web interface and send:

SHELLCMD telnetd -l/bin/sh -p9999

Then, use your favorite Telnet client to attach to port 9999.  You are in -- no password challenge.

Edit:  Did I note that one does this with stock firmware?

Do you think it is then possible to change the default root password?
"Anything will lase if you hit it hard enough."

-Arthur L. Schawlow
 

Offline ewaller

  • Contributor
  • Posts: 23
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #70 on: December 28, 2018, 05:22:43 am »

Do you think it is then possible to change the default root password?
Not from that shell.  The /etc/shadow file that contains the password hash is in a cramfs (Cram File System https://en.wikipedia.org/wiki/Cramfs ) which is inherently read only.  The solution that has been used to date involves updating the system with a rebuilt cramfs with a /etc/shadow file that has the new password hash in it; then that file system -- in it entirety -- is uploaded to the scope at boot time.

Part of my motivation was was to find a way to root the system when running stock firmware; and the nice part is that it requires no password.  With this, I think it will be possible to run code from a USB drive that has been cross compiled for ARM.  There may be issues find finding dynamically linked libraries, and the USB drives may be mounted with the noexec flag (meaning the OS will refuse to run code from the device).  I forgot to check that last night in my exploration :)  I'll look tonight.
 

Offline vtwin@cox.net

  • Regular Contributor
  • *
  • Posts: 125
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #71 on: December 28, 2018, 06:05:41 am »
I'm guessing the SCPI SHELLCMD functionality will either be PDSH'd, or removed completely, in an upcoming firmware release  ;D
A hollow voice says 'PLUGH'.
 

Offline plurn

  • Contributor
  • Posts: 30
  • Country: au
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #72 on: December 28, 2018, 01:00:07 pm »
I found a much easier way to root the scope.

After mounting the cramfs  from the OS update on my Arch Linux box (on a loop device), I note that the telnet server is provided by busybox.  And, as the scope's web interface allows us to run shell commands as root, I figured I would spin up a telnet server where the login application is a humble shell rather than that pesky password program.

tl;dr:

Go to the SCPI web interface and send:

SHELLCMD telnetd -l/bin/sh -p9999

Then, use your favorite Telnet client to attach to port 9999.  You are in -- no password challenge.

Edit:  Did I note that one does this with stock firmware?

That is awesome - works perfectly. Thank you.
 

Offline Rerouter

  • Super Contributor
  • ***
  • Posts: 3816
  • Country: au
  • Question Everything... Except This Statement
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #73 on: December 28, 2018, 07:08:33 pm »
I should also point out, most of the recent methods listed here should work just fine for a number of BK precision scopes. :)
 

Offline t1d

  • Frequent Contributor
  • **
  • Posts: 560
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #74 on: December 29, 2018, 05:42:15 am »
I found a much easier way to root the scope.

After mounting the cramfs  from the OS update on my Arch Linux box (on a loop device), I note that the telnet server is provided by busybox.  And, as the scope's web interface allows us to run shell commands as root, I figured I would spin up a telnet server where the login application is a humble shell rather than that pesky password program.

tl;dr:

Go to the SCPI web interface and send:

SHELLCMD telnetd -l/bin/sh -p9999

Then, use your favorite Telnet client to attach to port 9999.  You are in -- no password challenge.

Edit:  Did I note that one does this with stock firmware?
Hi, everyone. I have this scope on order and it should be here in a few days.

I very much appreciate the graciousness, expertise and effort that it took each and every participant to develop this thread. Thank you!

I am considering this upgrade, but its means is completely outside my knowledge base. I see that the steps are summarized, in the first post, but I have questions about how this post relates to the first.
- Is Ewaller's method the complete protocol, or only a portion of it?
- If it is complete in itself, Ewaller, please write a start to finish tutorial using it, for us noobs. Post #68 is still above my pay grade.
- If it is only a portion and it being easier, has it been incorporated into Post #1? If not, please do so.

Thank you for your help and kindness. I am sure I will have lots more questions.

PS: My current OS is Windows 8.1. I expect to buy a new laptop, soon. It will, likely, have Windows 10/Home.
« Last Edit: January 11, 2019, 02:05:24 pm by t1d »
 

Offline Rerouter

  • Super Contributor
  • ***
  • Posts: 3816
  • Country: au
  • Question Everything... Except This Statement
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #75 on: December 29, 2018, 07:08:19 am »
 His method gets you root access to do just about anything you want on the scope without changing from stock,

Earlier there was the memdump SCPI command that lets you dump out the memory, then its just a case of searching with a hex editor for the strings,

If someone doesn't write it up in the next day or two, I can. but the earlier memdump method is all you need to actually find the option codes.

The telnet access is more if you want to fiddle with the scope
 

Offline t1d

  • Frequent Contributor
  • **
  • Posts: 560
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #76 on: December 29, 2018, 10:18:04 am »
His method gets you root access to do just about anything you want on the scope without changing from stock,

Earlier there was the memdump SCPI command that lets you dump out the memory, then its just a case of searching with a hex editor for the strings,

If someone doesn't write it up in the next day or two, I can. but the earlier memdump method is all you need to actually find the option codes.

The telnet access is more if you want to fiddle with the scope
Thank you, Rerouter.

I understand a little of this, but....

Is it that Post #1 gets you the 200MHz and nothing else? Or the options, too?

Is it that with the Ewaller method you could access the entire firmware and, given that you wrote code, you could modify it?

I just want the greater bandwidth and to use the pay-to-play options (with non-Siglent devices, like my own function generator, WiFi dongle, etc.)

I appreciate your help.
« Last Edit: January 11, 2019, 02:40:36 pm by t1d »
 

Offline Rerouter

  • Super Contributor
  • ***
  • Posts: 3816
  • Country: au
  • Question Everything... Except This Statement
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #77 on: December 29, 2018, 10:29:49 am »
the memdump method will get you a file that has all the option and bandwidth codes, just takes some digging with a hex editor.

Working with your own wifi dongle is harder to say. at this point it only has a driver for the MT7601 dongle, If your familiar enough with linux drivers you can probably try and make another work via patching, but doubtful out of the box.

With your own signal generator is equally a little difficult, If you want to use the bode plot mode then you need to use similar to an earlier thread where a Python application on another PC pretended to be a networked signal gen and translated the commands, There may be a way to patch in other devices, but I have not gone digging deep enough, I defiantly know where all the bode plot strings are located, but not sure if its just a straight patch or if it needs to be broken into elsewhere,

 

Offline t1d

  • Frequent Contributor
  • **
  • Posts: 560
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #78 on: December 29, 2018, 11:52:33 am »
Thanks, Rerouter. Much appreciated.
 

Offline ewaller

  • Contributor
  • Posts: 23
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #79 on: December 29, 2018, 03:08:45 pm »
If you have used up all of your trial runs for MSO, WIFI or AWG; and you have not purchased your licence keys, you may be able to reset the number of trial runs by sending the following through the web interface SCPI mechanism (here I set the number to 99)

SHELLCMD echo -n 99 > /usr/bin/siglent/usr/usr/options_awg_times.txt

Replace the awg with wifi or mso  as appropriate.  change 99 to the number of demo runs you desire.
These files have  exactly two characters in them with no n/l or l/f, hence the -n option on echo.  99 may, or may not be a maxima -- again, these files have exactly two characters in them.

Note, I cannot actually test this through the GUI any more as my options are all permanent, but I am fairly certain this will work for those of you who need a couple more demo runs to decide.  I can see that the contents of these files do change the way I expect. Please let me know.
« Last Edit: December 29, 2018, 03:11:50 pm by ewaller »
 

Offline not1xor1

  • Frequent Contributor
  • **
  • Posts: 351
  • Country: it
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #80 on: December 30, 2018, 07:50:47 pm »
Hi,

I do not know if it is OK to ask here of if I should start a new thread...

as I'm taking into account to buy a second hand SD1104X-E I'd like to know if any of you is aware of any hardware revision during the last year.

thanks
 

Offline Rerouter

  • Super Contributor
  • ***
  • Posts: 3816
  • Country: au
  • Question Everything... Except This Statement
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #81 on: December 30, 2018, 07:52:02 pm »
yep, 04 as of the last month, no significant changes to functionality has been observed.

03 I can only speak of back to mid july, when my unit was made. it appears the FPGA code was compiled for 03 on the 7th of march 2018, so 02 likely was from before this date.
« Last Edit: December 30, 2018, 07:56:35 pm by Rerouter »
 
The following users thanked this post: not1xor1

Offline gamerpaddy

  • Contributor
  • Posts: 7
  • Country: de
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #82 on: December 31, 2018, 04:46:18 am »
Hello, i applied this Unlock (ProMode) to my 1104x-e, works great (havent tested the extra features)
But i noticed a bug(?)

I did some decoding a month ago, then i turned it off, unplugged the scope and put it on a shelf.
A month later i plugged it back in, booted it up.  it was dead slow.  time between action and reaction was like a minute. totally locked up
even after reboot.

Only fix was to hit the default button.

Did anyone notice this without the hack applied?  Could it be the Production Mode im in?
 

Offline booyeah

  • Newbie
  • Posts: 4
  • Country: ie
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #83 on: December 31, 2018, 08:27:14 am »
I followed plurns and vt100's posts as regards dumping memory to a usb and then looking through the dump in a hex editor.

Worked perfectly to recover all the codes.
Thanks a million.
 
The following users thanked this post: plurn

Online essele

  • Regular Contributor
  • *
  • Posts: 50
  • Country: gb
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #84 on: January 04, 2019, 07:19:11 pm »
I received my scope last night, and managed to get everything sorted nicely, however there were a few things that weren't quite as some other people seem to have found them, it was already running the latest firmware (6.1.26), not sure if that's the reason.

1. I didn't need to use a special copy of bash to get a core dump, the stock bash worked exactly the same as the special one (however see 2.)
2. The core dump didn't contain the required information, it was only about 200meg, so quite a bit smaller than other examples shown here (and smaller than the 250meg memory dump.)
3. Restarting the sds1000b process didn't work properly, a few errors and the scope was unusable, so I suspect this is the reason it didn't contain the right data.

So I resorted to a much simpler way as described by some other posters...

1. Use "SHELLCMD telnetd -l/bin/sh -p9999" to start an unauthenticated telnet server.
2. Connect to the scope using "telnet <ipaddress> 9999"
3. Insert a USB stick
4. Dump memory to the stick using "cat /dev/mem > /usr/bin/siglent/usr/mass_storage0/U-disk/memdump"
5. Pull the stick (I ran "sync" first, but I'm a legacy unix guy, need to see if that's really necessary), otherwise cleanly unmounting would be better.
5. Use a hex editor to find the keys as per post 39, from about step 20 onwards ... which worked perfectly, no obvious issues with the page ordering making it difficult to find things.)

It took about 10 mins start to finish once I'd decided to go the /dev/mem route.

You could make it even simpler by using "SHELLCMD cat /dev/mem > /usr/bin/siglent/usr/mass_storage/U-disk0/memdump.bin" as per post 54, but then you don't really know when it's done, it seemed easier having a command line ... and it's always nice to have a look around.

What a nice scope ... this was an upgrade for me from a DS1052E, so it's fantastic! Thanks to all for providing this info!
 
The following users thanked this post: TheNewLab, jack-daniels

Offline vt100

  • Contributor
  • Posts: 15
  • Country: af
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #85 on: January 05, 2019, 01:03:04 am »
1. I didn't need to use a special copy of bash to get a core dump, the stock bash worked exactly the same as the special one (however see 2.)

a core dump is substantially smaller than an entire memory dump. With the core dump you're only going to get the memory associated with the running task, compared the memdump, where you'll get all the scope's memory.

Its curious you didn't find the keys in the core dump.... the only thing I can think of, is, perhaps, you took the core dump prior to the sds1000b process creating the keys within its memory pages (there is logic in the scope app to generate the keys using the scopeid and serial # to check against the licensed options, they are not hard-coded in the scope app) so if you took a core dump prior to that routine executing (and at what point it runs, who knows). I'd be interested in taking a look at the core dump if you'd be willing to share it.

Quote
You could make it even simpler by using "SHELLCMD cat /dev/mem > /usr/bin/siglent/usr/mass_storage/U-disk0/memdump.bin" as per post 54, but then you don't really know when it's done, it seemed easier having a command line ... and it's always nice to have a look around.

These methods will continue to work until Siglent  pdsh's the SCPI SHELLCMD, or disables telnet access completely by removing the telnet binary from cramfs, in an upcoming firmware revision.
vt100
the world's best dumb terminal
 

Online rhb

  • Super Contributor
  • ***
  • Posts: 2286
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #86 on: January 05, 2019, 01:51:49 am »

Quote
You could make it even simpler by using "SHELLCMD cat /dev/mem > /usr/bin/siglent/usr/mass_storage/U-disk0/memdump.bin" as per post 54, but then you don't really know when it's done, it seemed easier having a command line ... and it's always nice to have a look around.

These methods will continue to work until Siglent  pdsh's the SCPI SHELLCMD, or disables telnet access completely by removing the telnet binary from cramfs, in an upcoming firmware revision.

time(1) will tell you when the cat completes.
 

Offline Andreax1985

  • Regular Contributor
  • *
  • Posts: 64
  • Country: it
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #87 on: January 19, 2019, 10:48:02 am »
Hi, does the hack actually work? I mean, has anyone verifyied wether the hacked scope actually works at 200Mhz bw or all it does is changing the system info page?
 

Offline tautech

  • Super Contributor
  • ***
  • Posts: 14051
  • Country: nz
  • Taupaki Technologies Ltd. NZ Siglent Distributor
    • Taupaki Technologies Ltd.
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #88 on: January 19, 2019, 11:25:30 am »
Hi, does the hack actually work? I mean, has anyone verifyied wether the hacked scope actually works at 200Mhz bw or all it does is changing the system info page?
You can see here how the 100 MHz roll off is much improved after improving to the 200 MHz model:
https://www.eevblog.com/forum/testgear/siglent-sds1204x-e-released-for-domestic-markets-in-china/msg1613374/#msg1613374

There's some further supporting info in subsequent posts.
Also have a hunt through rf-loop's posts, he's switched his SDS1104X-E back and forth.
I've never hacked one but the info here is entirely convincing that it is a valid upgrade.  ;)
Avid Rabid Hobbyist
 

Offline Dundarave

  • Contributor
  • Posts: 41
  • Country: ca
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #89 on: January 20, 2019, 08:19:38 am »
I wanted to thank all the contributors for all the various unlocking instructions, especially VT100 whose instructions I was following per post #39 for the keys to my options upgrade.  It's nice to have a fully upgraded scope, at just the right price. ;D

However, I have a question that I hope someone can clear up:

I first updated the bandwidth via the rooted OS & bandwidth.txt -> bandwidth.bak method, as that felt the most comfortable to me at the time.  With that success, I started to feel more confident (or cocky, I suppose, lol) and thought I would then use the mem dump method to find the keys for the options, which I then also successfully updated.

So, this means that I did not use the "keys" method to update the bandwidth. Also, the bandwidth keys in my mem dump did not show a "duplicate" key indicating that the 200M license was active, but there is a "200M" reference nearby, and the PRBD? command shows "200M".

In addition, in my mem dump, there were only four 16 char bandwidth-license strings, and not five as VT100 suggested would be there, (i.e. indicating that one of them should be duplicated to represent the license key that the scope was operating under.) (Image attached)

I'm tempted to run the MCBD <license key> key command for what appears to be the 200M key (the second one, I presume, per VT100), as a belt-and-suspenders insurance that a future update won't clobber the "bandwidth.txt -> bandwidth.bak method" of bandwidth upgrade and return my scope back to 100M. 

I guess I'm asking if anyone has an understanding or feel for the difference between a 200M license key install vs simply removing/renaming the bandwidth file?  If I execute MCBD on what I've labelled the "200M key", will that duplicate the key (when I dump it again?) as VT100 suggests it should be? 

I'm a bit confused that neither the 100M or the 200M key is showing as a duplicate, as I would have thought that, if VT100 is correct, at least one of them would be authorizing at least one bandwidth option.

I've attached a shot of the relevant part of the mem dump for the bandwidth keys.

Thanks again! :-+
 

Offline Rerouter

  • Super Contributor
  • ***
  • Posts: 3816
  • Country: au
  • Question Everything... Except This Statement
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #90 on: January 20, 2019, 08:32:06 am »
Run the command. When a valid bandwith or option code is entered. The scope saves a bandwidth.txt or option.txt. so if your not seeing one yet it may change with later updates.

This would also explain why your not seeing the current code. It reads it from that txt file.
 

Offline Dundarave

  • Contributor
  • Posts: 41
  • Country: ca
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #91 on: January 20, 2019, 09:18:11 am »
Brilliant!  Thanks, Rerouter.

I ran the MCBD command with the suggested 200M key (from my dump file as attached earlier), and then went into the scope via telnet and checked for the bandwidth.txt file.  It was there, as you called it, along with the older bandwidth.bak file from my original update.

I've attached a shot of the content of each file, the .txt now containing the 200M key, and the .bak containing the original 100M key.

I've also attached an updated memory dump excerpt showing the now repeated 200M key.

All good now!  Thanks for the prompt response. :-+

Nick
 

Offline vt100

  • Contributor
  • Posts: 15
  • Country: af
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #92 on: January 20, 2019, 11:31:29 pm »
So, this means that I did not use the "keys" method to update the bandwidth. Also, the bandwidth keys in my mem dump did not show a "duplicate" key indicating that the 200M license was active, but there is a "200M" reference nearby, and the PRBD? command shows "200M".

As earlier posts have indicated modifying the bandwidth.txt file puts the scope in "PRO MODE" which basically bypasses the licensing process so you have a scope with all options and full bandwidth. The problem with this approach is the next firmware update could easily change this by placing the scope into complete lockdown with no options and minimal bandwidth. Once you have your license keys, you never need to worry about losing access to bandwidth or options.


Quote
In addition, in my mem dump, there were only four 16 char bandwidth-license strings, and not five as VT100 suggested would be there, (i.e. indicating that one of them should be duplicated to represent the license key that the scope was operating under.) (Image attached)

This is expected. One of those 5, the "duplicate", is read from your filesystem and compared against the other 4 generated keys to determine what bandwidth your scope has. By "hacking" the config file you eliminated the "5th" key and now only see the 4 that the scope program generates for comparison. This is the 'expected' behavior given you changed the bandwidth.txt file.


Quote
I'm tempted to run the MCBD <license key> key command for what appears to be the 200M key (the second one, I presume, per VT100), as a belt-and-suspenders insurance that a future update won't clobber the "bandwidth.txt -> bandwidth.bak method" of bandwidth upgrade and return my scope back to 100M.

Even if you enter the wrong one, you can always enter another one to change it again. the MCBD command is not a one-shot deal.
 
Quote
I guess I'm asking if anyone has an understanding or feel for the difference between a 200M license key install vs simply removing/renaming the bandwidth file?  If I execute MCBD on what I've labelled the "200M key", will that duplicate the key (when I dump it again?) as VT100 suggests it should be? 

See paragraph #1 above.

Quote
I'm a bit confused that neither the 100M or the 200M key is showing as a duplicate, as I would have thought that, if VT100 is correct, at least one of them would be authorizing at least one bandwidth option.

See paragraph #2 above. Your scope isn't licensed w/ any bandwidth key, it's in PRO MODE. Hence you only have 4 keys in your mem dump, not 5.
vt100
the world's best dumb terminal
 
The following users thanked this post: Dundarave

Offline Andreax1985

  • Regular Contributor
  • *
  • Posts: 64
  • Country: it
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #93 on: January 21, 2019, 01:00:43 am »
I'm a little bit confused. I thought that 200Mhz bandwidth was not an 'option' on 1104x-e. So what the 200Mhz bw key is about?

More importantly, someone mentioned a slight hardware difference in the analog front end of 1104x-e and 1204x-e. So, even if I can make my 1104 'think' he is a 1204, how can I make up for the hardware difference?
« Last Edit: January 21, 2019, 01:03:39 am by Andreax1985 »
 

Offline ewaller

  • Contributor
  • Posts: 23
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #94 on: January 21, 2019, 02:45:28 am »
I'm a little bit confused. I thought that 200Mhz bandwidth was not an 'option' on 1104x-e. So what the 200Mhz bw key is about?

It is not an option one can purchase.  The scopes use the same platform -- apparently -- and their behavior is defined by a configuration that corresponds with the model it is sold as.  It is supposed to be immutable.  What is not known is whether there are any inherent differences in the hardware platforms?  For example, would it be unreasonable to brand a scope that does not quite meet all the requirements for a 200 MHz scope as a 100 MHz scope?  I don't think so.   But, if one changes the configuration, and the scope well enough works at 200 MHz, why not?  Of course, I would assert that the calibration is not valid when the scope is in that mode, it may not be possible to get the scope calibrated in that mode, and (regardless) the cost of calibrating this scope (whether it is an 1104 or a 1204) is going to approximate the cost of a new scope anyway.   
 

Offline Andreax1985

  • Regular Contributor
  • *
  • Posts: 64
  • Country: it
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #95 on: January 21, 2019, 02:52:05 am »
I'm a little bit confused. I thought that 200Mhz bandwidth was not an 'option' on 1104x-e. So what the 200Mhz bw key is about?

It is not an option one can purchase.  The scopes use the same platform -- apparently -- and their behavior is defined by a configuration that corresponds with the model it is sold as.  It is supposed to be immutable.  What is not known is whether there are any inherent differences in the hardware platforms?  For example, would it be unreasonable to brand a scope that does not quite meet all the requirements for a 200 MHz scope as a 100 MHz scope?  I don't think so.   But, if one changes the configuration, and the scope well enough works at 200 MHz, why not?  Of course, I would assert that the calibration is not valid when the scope is in that mode, it may not be possible to get the scope calibrated in that mode, and (regardless) the cost of calibrating this scope (whether it is an 1104 or a 1204) is going to approximate the cost of a new scope anyway.   

So basically you are confirming my fears... we can hack it to 200Mhz but we can't be sure the scope is working properly in that mode and, worst of all, calibration in the hacked scope may not be valid anymore! So what's the point in hacking this scope? Too much at risk, only to spare a couple hundred bucks.
 

Offline ewaller

  • Contributor
  • Posts: 23
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #96 on: January 21, 2019, 02:58:48 am »
So basically you are confirming my fears... we can hack it to 200Mhz but we can't be sure the scope is working properly in that mode and, worst of all, calibration in the hacked scope may not be valid anymore! So what's the point in hacking this scope? Too much at risk, only to spare a couple hundred bucks.
No arguments from me there.  I did opt for the 1204x-e.  All I can say is that I cannot back my assertion that they may not be the exact same platform -- they could be.  But, I will stand behind my assertion that the calibration is not valid for a 1104x-e at 200 MHz
 

Offline vtwin@cox.net

  • Regular Contributor
  • *
  • Posts: 125
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #97 on: January 21, 2019, 06:47:48 am »
So what's the point in hacking this scope? Too much at risk, only to spare a couple hundred bucks.

How can I word this correctly... umm... well, let's just say if you *need* 200mhz (with the associated calibrated accuracy) then spend the couple extra hundred, since (perhaps) your livelihood depends on it.

On the gripping hand, if you're just messing around with the scope in your shack, and that calibrated accuracy is not that important... why not?

Assuming of course the hardware platforms are different... which I doubt. I'm willing to wager the scopes are identical, and all that changes is the sticker on the front of the case and the bandwidth license pre-installed.

Much akin to how Windows now has several versions, all of which are on the DVD, but the features available to the user depends on the product key used to activate the product.
A hollow voice says 'PLUGH'.
 

Offline Dundarave

  • Contributor
  • Posts: 41
  • Country: ca
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #98 on: January 21, 2019, 07:40:43 am »
Thanks for the clarifications, I've now got a much better understanding of how the key mechanism works.  Trying to assimilate that combined knowledge from all the various thread posts was a challenge, and perhaps my questions & your answers have helped others as confused as I.

One more question on the same topic: I am also curious as to how the "option keys" work for the Wifi, MSO and AWG modules.  In the normal course of events, if I were to buy an AWG for example, how would the key needed to activate my scope to use the AWG be communicated to me (assuming that the option key itself is unique to my scope)?  Does the AWG itself communicate/handshake with the scope to authorize its use?  Would there be a piece of paper with the AWG that contains a code that needs to be entered somehow?

And why the need for an option key at all?  Is it just a function of wanting to prevent knock-off Wifi, MSO, and AWG modules from working with the scope?  If you have to pay for the module anyway, I can't see any other reason for needing an option key mechanism in the first place.

Thanks again -
 

Offline tautech

  • Super Contributor
  • ***
  • Posts: 14051
  • Country: nz
  • Taupaki Technologies Ltd. NZ Siglent Distributor
    • Taupaki Technologies Ltd.
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #99 on: January 21, 2019, 08:49:29 am »
The SAG1021 AWG can be thought as 2 units if you like, one for Bode plot usage where NO licensing is required and as a reasonably well featured AWG controlled from within the scope UI. For that functionality you do need the licensing.

Edit to add; Only once the trial licenses have expired is any option licensing required.
« Last Edit: January 21, 2019, 10:18:40 am by tautech »
Avid Rabid Hobbyist
 

Offline Rerouter

  • Super Contributor
  • ***
  • Posts: 3816
  • Country: au
  • Question Everything... Except This Statement
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #100 on: January 21, 2019, 10:02:30 am »
I question the option vodes as anything other than a money grab. But the scope is the only thing that needs the code entered. While I have yet to get it to work. The AWG option should also respond via SCPI over usb. But i have yet to successfully test that.

You get option codes on printed off sheets of paper if you buy them with the scope. Possibly similar via email if after the purchase.

The AWG interface is limited via the scope UI. It leaves out any way to configure the SweepWave, BurstWave, ModulateWave, and ArbWave. Not to mention there is everything already in place for the scope to capture a waveform and to play it back under any of these modes. But I have not yet found an easy way to do that.
 

Offline tautech

  • Super Contributor
  • ***
  • Posts: 14051
  • Country: nz
  • Taupaki Technologies Ltd. NZ Siglent Distributor
    • Taupaki Technologies Ltd.
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #101 on: January 21, 2019, 10:50:35 am »
I question the option codes as anything other than a money grab.
Er well yes but only for 3 options whereas other 'money grabbing' brands like Tek, KS, R&S, LeCroy, Rigol etc will want to charge you for more. Decode is commonly an option for most brands while Siglent provide it for free.
Your point is ?  :-//
Quote
But the scope is the only thing that needs the code entered. While I have yet to get it to work. The AWG option should also respond via SCPI over usb. But i have yet to successfully test that.
SAG1021 arbitrary use is intended to be via the EasyWave SW where you will use SCPI commands.
This is all mentioned in the X-E datasheet.
Quote
You get option codes on printed off sheets of paper if you buy them with the scope. Possibly similar via email if after the purchase.
Maybe, maybe not.
If I have them at sale time I'll install them and pack a sheet/s of paper with them printed on too.
Otherwise it's a pdf in an later email with an option authorization code with which you go onto Siglents option generation website and enter it along with model type and SN#. The 'real' option code is then generated automatically and you have the option to get it on a pdf with installation instructions. This is what we normally add to the box prior to shipment.
Quote
The AWG interface is limited via the scope UI. It leaves out any way to configure the SweepWave, BurstWave, ModulateWave, and ArbWave. Not to mention there is everything already in place for the scope to capture a waveform and to play it back under any of these modes. But I have not yet found an easy way to do that.
Good point, maybe 'play' a captured waveform can be added into future FW.  :-+
Avid Rabid Hobbyist
 

Offline Andreax1985

  • Regular Contributor
  • *
  • Posts: 64
  • Country: it
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #102 on: January 23, 2019, 10:27:10 pm »
If I hack the scope to 200mhz bw will the self calibration procedure still work properly?
 

Offline rf-loop

  • Super Contributor
  • ***
  • Posts: 2885
  • Country: fi
  • Starting with DLL21
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #103 on: January 24, 2019, 01:11:54 am »
If I hack the scope to 200mhz bw will the self calibration procedure still work properly?

Of course.

After then it is SDS1204X-E (except front panel model sticker)  and works as SDS1204X-E including everything - (if it is properly modified).
Only difference is front panel sticker and probes included in carton. But even these probes are not bad for 200MHz. (you can find probe test in this forum)
« Last Edit: January 24, 2019, 01:13:48 am by rf-loop »
If practice and theory is not equal it tells that used application of theory  is wrong or the theory itself is wrong.
It is much easier to think an apple fall to the ground than to think that the earth and the apple will begin to move toward each other and collide.
 

Offline Andreax1985

  • Regular Contributor
  • *
  • Posts: 64
  • Country: it
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #104 on: January 24, 2019, 05:46:18 am »
If I hack the scope to 200mhz bw will the self calibration procedure still work properly?

Of course.

After then it is SDS1204X-E (except front panel model sticker)  and works as SDS1204X-E including everything - (if it is properly modified).
Only difference is front panel sticker and probes included in carton. But even these probes are not bad for 200MHz. (you can find probe test in this forum)

Someone before asserted that factory calibration after the hack was not valid anymore.
 

Online tv84

  • Frequent Contributor
  • **
  • Posts: 468
  • Country: pt
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #105 on: January 24, 2019, 06:33:55 am »
Someone before asserted that factory calibration after the hack was not valid anymore.

Then, go ask that "someone".
 
The following users thanked this post: vtwin@cox.net

Offline Andreax1985

  • Regular Contributor
  • *
  • Posts: 64
  • Country: it
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #106 on: January 24, 2019, 06:51:19 am »
Someone before asserted that factory calibration after the hack was not valid anymore.

Then, go ask that "someone".

It was an opinion page 4 of this thread. If you think it's not correct please state it. I'm just trying to build my opinion on this topic.
 

Offline tautech

  • Super Contributor
  • ***
  • Posts: 14051
  • Country: nz
  • Taupaki Technologies Ltd. NZ Siglent Distributor
    • Taupaki Technologies Ltd.
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #107 on: January 24, 2019, 07:01:21 am »
Someone before asserted that factory calibration after the hack was not valid anymore.

Then, go ask that "someone".

It was an opinion page 4 of this thread. If you think it's not correct please state it. I'm just trying to build my opinion on this topic.
Any hacked equipment ceases to have official traceable calibration, this is the price of hacking equipment.
If you must have traceable equipment then you are constrained to buying the necessary model and options.
Avid Rabid Hobbyist
 

Offline Andreax1985

  • Regular Contributor
  • *
  • Posts: 64
  • Country: it
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #108 on: January 24, 2019, 07:38:09 am »
Someone before asserted that factory calibration after the hack was not valid anymore.

Then, go ask that "someone".

It was an opinion page 4 of this thread. If you think it's not correct please state it. I'm just trying to build my opinion on this topic.
Any hacked equipment ceases to have official traceable calibration, this is the price of hacking equipment.
If you must have traceable equipment then you are constrained to buying the necessary model and options.

I must not have traceable equipment but I must have accurate equipment. So, if hacking the scope makes me lose  accuracy I'm not gonna hack it. So: am I losing accuracy with the hack?
 

Offline tautech

  • Super Contributor
  • ***
  • Posts: 14051
  • Country: nz
  • Taupaki Technologies Ltd. NZ Siglent Distributor
    • Taupaki Technologies Ltd.
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #109 on: January 24, 2019, 08:00:26 am »
Someone before asserted that factory calibration after the hack was not valid anymore.

Then, go ask that "someone".

It was an opinion page 4 of this thread. If you think it's not correct please state it. I'm just trying to build my opinion on this topic.
Any hacked equipment ceases to have official traceable calibration, this is the price of hacking equipment.
If you must have traceable equipment then you are constrained to buying the necessary model and options.

I must not have traceable equipment but I must have accurate equipment. So, if hacking the scope makes me lose  accuracy I'm not gonna hack it. So: am I losing accuracy with the hack?
'Proven' -3dB BW of hacked SDS1104X-E is ~230 MHz and and amplitude spec is +3% like all DSO's, is that good enough ?
Avid Rabid Hobbyist
 
The following users thanked this post: vtwin@cox.net

Offline Andreax1985

  • Regular Contributor
  • *
  • Posts: 64
  • Country: it
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #110 on: January 25, 2019, 09:46:05 pm »
So, in the 1104x-e the 100Mhz bandwidth is obtained by limiting the full 200Mhz bandwidth via a software low pass filter? No hardware?
 

Offline ian.ameline

  • Regular Contributor
  • *
  • Posts: 55
  • Country: ca
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #111 on: January 27, 2019, 03:33:08 am »
The 100Mhz bandwidth limit is achieved by FIR filter coefficients (https://en.wikipedia.org/wiki/Finite_impulse_response) - these coefficients are different for the different bandwidths. The FIR filter is implemented in the FPGA, and applied to the signal coming from the ADC.

Short answer - it is software, but not software running on the ARM CPU.

The 20Mhz selectable bandwith limit takes place in the analog front-end, and so is implemented in hardware.

--Ian.
 

Offline Andreax1985

  • Regular Contributor
  • *
  • Posts: 64
  • Country: it
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #112 on: January 27, 2019, 04:02:25 am »
Very interesting. I really like this scope and, with this hack, you are getting a tremendous bang for your buck (4 channels, 200Mhz, 1Gsa/s, double ADC for 500$). This is double the scope w.r.t. a Rigol 1054z for only 50% more in price. Big A Brand scopes with similar features are at least three/four times as expensive.  Besides, the hack is really a piece of cake.
« Last Edit: January 27, 2019, 04:17:50 am by Andreax1985 »
 

Offline guho

  • Newbie
  • Posts: 2
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #113 on: January 27, 2019, 10:30:19 am »
Got it to work, many thanks for the instructions. Note that if you go with the Visual Studio solutions, in the TryKeys you have to change the hardcoded 23 port to 9999 if you want to use the telnet daemon started via SCPI (SHELLCMD telnetd -l/bin/sh -p9999). Also comment out the TelnetClient.login section as it is not needed (and even fails) for this telnet access. Changing the port number from 23 to 9999 in the .json is not enough unfortunately.

This scope is one of the best deals around, got it for $125 off MSRP from Amazon Warehouse Deals and now unlocked 200MHz and the 3 other items  :)  :)

Also, Newegg has the TL-WN725N wifi USB dongle for only $7 using code EMCTUVA36 for $3 off. Just bought one for my new scope. This same module is offered by Siglent for a mere $49 at https://store.siglentamerica.com/product/sds1104x-e-100-mhz/ Is this scope compatible with many wifi adapters or just this one?
« Last Edit: January 27, 2019, 12:13:38 pm by guho »
 

Offline Rerouter

  • Super Contributor
  • ***
  • Posts: 3816
  • Country: au
  • Question Everything... Except This Statement
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #114 on: January 27, 2019, 11:33:20 am »
The scope only has the driver file for that exact wifi dongle. however the drivers are inside a directory that you can write files to, (needs to remount the directory),

Your free to try loading other drivers for other dongles, But i cannot say if it will work, as Its unclear to me exactly how the system app is hooking into it at this point.

\bin\siglent\drivers\mt7601u.ko
 

Offline rf-loop

  • Super Contributor
  • ***
  • Posts: 2885
  • Country: fi
  • Starting with DLL21
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #115 on: January 27, 2019, 08:32:53 pm »
Very interesting. I really like this scope and, with this hack, you are getting a tremendous bang for your buck (4 channels, 200Mhz, 1Gsa/s, double ADC for 500$). This is double the scope w.r.t. a Rigol 1054z for only 50% more in price. Big A Brand scopes with similar features are at least three/four times as expensive.  Besides, the hack is really a piece of cake.

If compare  Rigol 1kZ with Siglent 1104/1204X-E they give really lot of more performance and features than just more bandwidth and samplerate.
What big A brand scope have one scope with waveform history buffer, full memory measurements with full sample resolution, fast segmented memory with up to over 100M memory, true full resolution 500uV/div, up to 32000 bytes single shot I2C decode (simultaneously 2 independent separate I2C bus), or 1000bytes/channel single shot UART decode (simultaneously 2 separate independent UART RxTx bus) etc... and all this online and offline including history buffer.
1Mpoints FFT, 3 channels 501point BodePlot (need external what ever Siglent SDG) even with 500Hz span (1Hz step) for narrow filters, semi fast XY (up to 60kwfm/s) including intensity gradation, XY plot history buffer and YT measurements in XY mode. Even simplest thing, Sinc interpolation,  Rigol 1kZ box can not do right way. In siglent there is always available true samples and interpolation is fully post processed and user have full freedom to select right display mode/interpolation afterwards (example when looking stopped scope including wfm  history buffer.) This is also important in real tool when user need detect if displayed wfm include well known Sinc interpolation "problems" when signal have fast changes related to current sample interval.
So, what we compare to what... perhaps lemons and shoes.

If practice and theory is not equal it tells that used application of theory  is wrong or the theory itself is wrong.
It is much easier to think an apple fall to the ground than to think that the earth and the apple will begin to move toward each other and collide.
 

Offline Andreax1985

  • Regular Contributor
  • *
  • Posts: 64
  • Country: it
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #116 on: January 27, 2019, 08:46:06 pm »


If compare  Rigol 1kZ with Siglent 1104/1204X-E they give really lot of more performance and features than just more bandwidth and samplerate.
What big A brand scope have one scope with waveform history buffer, full memory measurements with full sample resolution, fast segmented memory with up to over 100M memory, true full resolution 500uV/div, up to 32000 bytes single shot I2C decode (simultaneously 2 independent separate I2C bus), or 1000bytes/channel single shot UART decode (simultaneously 2 separate independent UART RxTx bus) etc... and all this online and offline including history buffer.
1Mpoints FFT, 3 channels 501point BodePlot (need external what ever Siglent SDG) even with 500Hz span (1Hz step) for narrow filters, semi fast XY (up to 60kwfm/s) including intensity gradation, XY plot history buffer and YT measurements in XY mode. Even simplest thing, Sinc interpolation,  Rigol 1kZ box can not do right way. In siglent there is always available true samples and interpolation is fully post processed and user have full freedom to select right display mode/interpolation afterwards (example when looking stopped scope including wfm  history buffer.) This is also important in real tool when user need detect if displayed wfm include well known Sinc interpolation "problems" when signal have fast changes related to current sample interval.
So, what we compare to what... perhaps lemons and shoes.

No need to get upset. I'm with you. I was simply saying that these scopes are a tremendous value and that A Brand scopes with similar (similar!) features cost many times more. The other big contender which surpasses these scopes spec-wise is the new Rigol MSO5000, but for double the price. So 1000x-e scopes are still the best value on the market IMHO.
 

Offline vtwin@cox.net

  • Regular Contributor
  • *
  • Posts: 125
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #117 on: January 28, 2019, 12:01:51 am »
The scope only has the driver file for that exact wifi dongle. however the drivers are inside a directory that you can write files to, (needs to remount the directory),

Your free to try loading other drivers for other dongles, But i cannot say if it will work, as Its unclear to me exactly how the system app is hooking into it at this point.

\bin\siglent\drivers\mt7601u.ko

I used a TPLink wifi dongle on mine and it worked fine.
A hollow voice says 'PLUGH'.
 

Offline timgiles

  • Regular Contributor
  • *
  • Posts: 223
  • Country: se
  • Programmer, DB architect
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #118 on: January 28, 2019, 04:18:56 am »
I am going to try installing a few other wifi dongles and will provide any success stories in an additional thread. For me, I would like an AC dongle so I dont have to run legacy Wireless at home - just for the scope... I doubt the speed difference would help with the web server.
 

Offline guho

  • Newbie
  • Posts: 2
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #119 on: February 01, 2019, 05:17:58 am »
The $7 wifi adapter arrived from Newegg yesterday and it is the TP-Link TL-WN725N v3. It connected it to my SDS1104X-E & gets a valid IP via DHCP. I can't seem to access the scope web interface though. Via wired Ethernet it works fine. Running latest firmware with wifi feature unlocked.

Does the driver support all three TP-Link TL-WN725N versions? It seems so given that DHCP worked and the message pops up 'WLAN connected' but I cannot access the web interface or even ping the scope. Again, wired all working. I tried both USB ports, front and back.
 

Offline tautech

  • Super Contributor
  • ***
  • Posts: 14051
  • Country: nz
  • Taupaki Technologies Ltd. NZ Siglent Distributor
    • Taupaki Technologies Ltd.
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #120 on: February 01, 2019, 07:52:33 pm »
The $7 wifi adapter arrived from Newegg yesterday and it is the TP-Link TL-WN725N v3. It connected it to my SDS1104X-E & gets a valid IP via DHCP. I can't seem to access the scope web interface though. Via wired Ethernet it works fine. Running latest firmware with wifi feature unlocked.

Does the driver support all three TP-Link TL-WN725N versions? It seems so given that DHCP worked and the message pops up 'WLAN connected' but I cannot access the web interface or even ping the scope. Again, wired all working. I tried both USB ports, front and back.
Have a study here:
https://www.eevblog.com/forum/testgear/siglent-sds1204x-e-released-for-domestic-markets-in-china/msg2038612/#msg2038612
Avid Rabid Hobbyist
 

Offline radensb

  • Newbie
  • Posts: 1
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #121 on: February 09, 2019, 05:36:15 am »
I just got this scope and completed the *upgrade*. My experience was a mashup of other users, so I figured I would comment on what didn't work and what I ended up doing to achieve success.

What didn't work:
I followed the core dump procedure. I did the following:
  • Run the SCPI command SHELLCMD telnetd -l/bin/sh -p9999
  • Connect to the scope and follow the remaining core dump procedure on post #39

There are a few typos, but I was able to execute the procedures. I ran through it several times and was never able to generate a core dump on the first try. I then tried simply restarting SDS1000b.app without rebooting the scope and killing again (not what the above procedure suggested). A few times I was able to get the core dump file to generate, but that lead to another problem. As another user stated, the scope buttons remained unusable, even after restarting the app. The only way to recover was a power cycle. This would wipe out the core file that was created. In addition to the buttons not working, the scope would not detect the USB drive anymore to copy the core dump too. The Linux OS would detect the drive, but it would not mount. I had to manually create a temp directory in /usr/bin/siglent/usr/mass-storage/ and manually mount /dev/sda1 to it to copy the core dump. I did this several times with several core dumps. I got a ~207MB file each time, but most of it was empty and searching for the string "SDS1000X-E" always yeilded "no match". So, this method did not work for me. Perhaps someone can explain why?

What did work:
Using following command to get a mem dump on the USB drive worked perfectly: post#54
Code: [Select]
SHELLCMD cat /dev/mem > /usr/bin/siglent/usr/mass_storage/U-disk0/memdump.bin
The flash drive I was using had an LED indicator that flashed when preforming a read/write and slowly dimmed when idle making it easy to tell when the file was done writing, which was nice. I created several mem dumps to compare. Each one was different, which was expected, but I noticed only one contained my BW keys in a contiguous block that was human readable. None of them contained the options keys in a contiguous block, thus I needed to use some tools. I ended up trying the FindKeys and Trykeys tools mentioned in post #38. make sure you have the current version of Visual Studios (I ran VS2017 15.9) and install .NET Core 2.1 as that is what the tools run on.

Define the proper parameters in the FindKeys .json file as instructed in the repo readme and run the FindKeys tool against your mem dump file. It will generate a txt file that has all the possible combinations of possible keys through the fragmentation of the mem file.

Define the proper parameters in the TryKeys .json file as instructed in the repo readme. I noticed some things about the TryKeys program that should be addressed before running it.
  • It is setup to use authentication for the Telnet connection. This is not needed if using the below method to create an unauthenticated Telnet session. If the code is ran with the authentication step, it will hang. Simply comment out the IF statement if(!client.login() ...) to skip this.
  • I noticed that the code did not handle the response of the Telnet command properly WRT the bandwidth file. When parsing out parts of the response, it didnt seem to take into account that there was more information than expected. For example, if you selected "true" in the .json file to update the bandwidth.txt file, it reads the bandwidth file to see what the current key is. The response contained the entire cat command and PWD, but the code only grabbed the first 16 characters assuming it was the currently activated key string, but it was not. I selected "false" in the .json file so that it did not try to update the bandwidth and bypassed this whole mechanism. Perhaps it should use the .Contains() method as it does elsewhere in the code? I did the BW update in a later step below.
  • The telnet port is hard coded to check that 23 is used, but the .json file allows you to set a port number. This is odd as it will fail the comparison if anything other than 23 is used, so why make it a user definable option in the .json file??? :-// I changed the code to allow any port to be used (9999 in my case).
  • The code will try to send each key generated from the FindKeys txt file for each option. When the scope generates the corresponding options file, the program reports success for that key and moves on to the next option. The program then reports what key worked for each option. I ran this in single step because the program closes immediately after it finishes leaving no chance to write down the information (I also did this to make sure I understood what it was doing in each step). A pause should be added at the end if not running in single step if you want to document the keys. Or, you could always cat out the license file it generates. They contain the valid keys too.

The root telnet access method is needed for the TryKeys program to run:
Run the SCPI command
Code: [Select]
SHELLCMD telnetd -l/bin/sh -p9999
Then run the Trykeys based on the above config/recommendations.
If you didnt use the Trykeys to update the bandwidth (like me), run the SCPI command
Code: [Select]
MCBD (license key) where (license key) is the key for the bandwidth you want, to update it manually. Then reboot and check with the
Code: [Select]
PRBD? command to verify.

All in all, I think the method that worked for me is the simplest as it requires no software modifications (I was running 7.1.6.1.25R2 out of the box). It is also the most reliable as I was able to get the mem dump file every time I ran the command and all the files ended up producing the valid keys.

Hope my experience makes this process easier for others! I am really enjoying me new scope!
 

Offline harpster58

  • Contributor
  • Posts: 6
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #122 on: February 18, 2019, 06:13:47 am »
Hi All - Instructions are very good, thank you! After reading the entire 5 pages of posts I ended up doing the following. Also for the record my scope was bought in Jan-2019 with 6.1.25.R2 and I had upgraded to 6.1.26 before doing this. (7.1. prefix shows up the FW revision i.s. 7.1.6.1.26)

I did the mem dump technique below and did get the 250M file (thanks to post #54)

Code: [Select]
SHELLCMD cat /dev/mem > /usr/bin/siglent/usr/mass_storage/U-disk0/memdump.bin
I used the Mac OS "Hex Friend" editor to view the memdump.bin file and initially I thought I wasn't getting it but then it kinda stuck out like a sore thumb exactly as described in post #39 steps 21 - 23. What I'm NOT seeing are the Option codes #38 step 24. I see my serial number in two places but no 16 character strings nearby.

I started to try to use FindKeys but I don't use Visual Studio so not sure what I was doing there. I did a build the FindKeys prj and it did put a bin folder with a FindKeys.DLL and FindKeys.json but I don't understand how to run that... I thought there would a FindKeys.exe file? But Bandwidth was the main thing I wanted to upgrade... I will keep checking back here and maybe try the option codes again later... need a break now haha...  Many thanks!
 

Offline videobruce

  • Frequent Contributor
  • **
  • Posts: 364
  • Country: us
What happened to politeness here?
« Reply #123 on: February 18, 2019, 07:15:43 am »
This refers to the just plain nastiness here, specifically on the 1st page and throughout this thread (and others).
It's a sad state that certain individuals (that happen to be at a higher level) look down on anyone that doesn't meet their standards. Especially when they question previous post simply because the text was not clear enough.

To these 'individuals'; everyone is NOT at your esteem level of knowledge. What MAY be simple to YOU, isn't to others. We have one Dictator Trump in my country that thinks is is always right, the world doesn't need more like him. 
« Last Edit: February 18, 2019, 07:23:14 am by videobruce »
 

Offline videobruce

  • Frequent Contributor
  • **
  • Posts: 364
  • Country: us
continued.....
« Reply #124 on: February 18, 2019, 07:27:16 am »
BTW, the thread title does state "step by step" which means exactly that. NOT skipping details (other than very basic), under the assumption those details should be already known..
 

Offline not1xor1

  • Frequent Contributor
  • **
  • Posts: 351
  • Country: it
Re: What happened to politeness here?
« Reply #125 on: February 18, 2019, 06:25:29 pm »
Quote from: videobruce link=topic=136445.msg2207523#msg2207523 date=1550434543To these 'individuals'; [color=red
everyone is NOT at your esteem level of knowledge. What MAY be simple to YOU, isn't to others.[/color] We have one Dictator Trump in my country that thinks is is always right, the world doesn't need more like him.

IMHO it is a wrong comparison as people writing here do have some real competence while Trump competence is limited to his very peculiar hair style  ;D
 

Offline radiolistener

  • Regular Contributor
  • *
  • Posts: 202
  • Country: ua
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #126 on: February 18, 2019, 06:43:34 pm »
hi guys. Is there any hack for SDS1102X model (not X-E)?

I tried to execute these commands through VXI11 SCPI:
- "SHELLCMD telnetd -l/bin/sh -p9999"
- "SHELLCMD cat /dev/mem > /usr/bin/siglent/usr/mass_storage0/U-disk/memdump"

but telnet didn't started and it even doesn't try to access usb stick... :(
Unfortunately there is no response from SHELLCMD command executed on VXI11 SCPI interface, so I even don't know if it is implemented...
 

Offline Rerouter

  • Super Contributor
  • ***
  • Posts: 3816
  • Country: au
  • Question Everything... Except This Statement
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #127 on: February 18, 2019, 07:22:07 pm »
The X model is blackfin based not arm-linux,

This thread seems to be for it, but it seems it needs a hardware patch for full bandwidth from a quick glance,
https://www.eevblog.com/forum/testgear/siglent-sds2000x-hack/

To Videobruce, If you need help, ask nicely, Most of the later discoveries where made by different users than those in the first few pages,

The SCPI memdump method is the most recent, in that it requires no custom firmwares or rooting, but as a trade off the memory is dumped in an odd segment ordering, and some times the keys will be split over a memory segment boundary, so you may need to dump more than once to catch them, The searching through with a hex editor for the keyword will still work with this method, just takes a few tries to get,

To make it easier to find those keys, you can also copy the "/bin/siglent/firmdata0" folder, In there you will find .bin files relating to each option, open them in a hex editor, take the last 4 bytes and xor them 0xFF00FF00, and reverse there order, e.g. 0xC734B24D = 0x38344d4d, this is ascii, 84MM, flip it so its MM48, and there is the first 4 characters of that option to search for.
 

Offline videobruce

  • Frequent Contributor
  • **
  • Posts: 364
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #128 on: February 18, 2019, 09:44:47 pm »
IMHO it is a wrong comparison as people writing here do have some real competence while Trump competence is limited to his very peculiar hair style  ;D
To Videobruce, If you need help, ask nicely, Most of the later discoveries where made by different users than those in the first few pages,

That was referring only to the disrespectful individuals mentioned, not the entire membership, nor was it referring to any 1st hand experience. (BTW, I wouldn't even give him credit for his hair either.)
 

Offline vtwin@cox.net

  • Regular Contributor
  • *
  • Posts: 125
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #129 on: February 18, 2019, 09:59:12 pm »
I used the Mac OS "Hex Friend" editor to view the memdump.bin file and initially I thought I wasn't getting it but then it kinda stuck out like a sore thumb exactly as described in post #39 steps 21 - 23. What I'm NOT seeing are the Option codes #38 step 24. I see my serial number in two places but no 16 character strings nearby.

I started to try to use FindKeys but I don't use Visual Studio so not sure what I was doing there. I did a build the FindKeys prj and it did put a bin folder with a FindKeys.DLL and FindKeys.json but I don't understand how to run that... I thought there would a FindKeys.exe file? But Bandwidth was the main thing I wanted to upgrade... I will keep checking back here and maybe try the option codes again later... need a break now haha...  Many thanks!

I've never used visual studio on a mac, but normally when you build .net core apps on a PC you end up with a dll, which you execute from the command line via "dotnet mydllfilename.dll", e.g. dotnet.exe Findkeys.dll

I assume the same applies on a mac, from a terminal session.

A hollow voice says 'PLUGH'.
 

Offline vt100

  • Contributor
  • Posts: 15
  • Country: af
Re: What happened to politeness here?
« Reply #130 on: February 18, 2019, 10:39:50 pm »
This refers to the just plain nastiness here, specifically on the 1st page and throughout this thread (and others).

I'm new here, and I've found everyone completely helpful.

Presumably everyone is here to learn and so sometimes answers are not given to you on a silver platter, but answers contain enough information to make you think for yourself and hopefully learn something.

Understandably if you want someone to do it for you, you'll probably find their answer unhelpful.
vt100
the world's best dumb terminal
 

Offline videobruce

  • Frequent Contributor
  • **
  • Posts: 364
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #131 on: February 18, 2019, 11:05:07 pm »
This has nothing to do with a "silver platter", nor anyone asking for someone else to do it for you. Have you read thru the first the 1st couple of pages??
 

Offline Rerouter

  • Super Contributor
  • ***
  • Posts: 3816
  • Country: au
  • Question Everything... Except This Statement
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #132 on: February 18, 2019, 11:24:58 pm »
The few of us that have dug into these things and chose to share it, we are already giving you something for free just because we thought it would help others, most of us enjoy this, however its easy to forget the knowledge base of a beginner, And like some of the discussions on the first page, to fully explain the reasons behind why you made those choices, We are good at breaking into things, not always at explaining how we did it.

Personally I see stuff very similar to what a room of engineers look like, some bite and go on the attack rather than clarifying there question

If you need something clarified, I'm right here to explain it as best I can,

I will say your earlier posts read as hostile at first glance, and your latest one still does, I will offer you a suggestion, PM fungus asking to update the first post with the latest unlock information, If you feel comfortable with the info and procedure you could prepare it for him, otherwise just ask Nicely.

« Last Edit: February 18, 2019, 11:31:25 pm by Rerouter »
 

Offline vtwin@cox.net

  • Regular Contributor
  • *
  • Posts: 125
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #133 on: February 19, 2019, 02:00:03 am »
This has nothing to do with a "silver platter", nor anyone asking for someone else to do it for you. Have you read thru the first the 1st couple of pages??

As others have indicated, how you ask is sometimes more important than what you ask.

Given your attitude, I am not surprised you meet resistance.
A hollow voice says 'PLUGH'.
 

Online BillB

  • Frequent Contributor
  • **
  • Posts: 425
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #134 on: February 19, 2019, 02:58:40 am »
videobruce,

Being one of those that posted on the first page of this thread, I do remember when/why it first started and the attitudes expressed that might not be clear to a new reader.  IIRC, there was some banter in other threads regarding which scope was the best bang-for-buck/most-easily-hackable - essentially a pissing-contest between two camps of brand supporters.  I won't speak for Fungus as to why he started this thread (I respect all those who've contributed to this forum; there are a number of highly knowledgeable and helpful people here) but my first impression at the time was that he started this ironically, to continue the banter  :D.  (I could certainly be wrong about this, but again that was my feeling at the time) 

I think that is why the tone of the first page of this thread was more adversarial than usual.  Please don't take this as an example of the attitudes of many of the regulars here; this is generally an extremely helpful and informative bunch.   
 
The following users thanked this post: tv84

Online tv84

  • Frequent Contributor
  • **
  • Posts: 468
  • Country: pt
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #135 on: February 19, 2019, 03:12:51 am »
To make it easier to find those keys, you can also copy the "/bin/siglent/firmdata0" folder, In there you will find .bin files relating to each option, open them in a hex editor, take the last 4 bytes and xor them 0xFF00FF00, and reverse there order, e.g. 0xC734B24D = 0x38344d4d, this is ascii, 84MM, flip it so its MM48, and there is the first 4 characters of that option to search for.

 :-DD Amazing how you reversed their 3DES encryption!!!
 

Offline harpster58

  • Contributor
  • Posts: 6
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #136 on: February 19, 2019, 11:00:29 am »
[quote I've never used visual studio on a mac, but normally when you build .net core apps on a PC you end up with a dll, which you execute from the command line via "dotnet mydllfilename.dll", e.g. dotnet.exe Findkeys.dll [/quote]

Actually I only used the hex editor on Mac as Notepad++ on PC wasn't giving me the view I needed.  I downloaded Visual Studio and set up on PC... never worked with it before. So I guess I did everything correct but I just had no idea how to open the the file or even what file to open. I'll see if I can do it now using command line.  Tx!
 

Offline phil303

  • Contributor
  • Posts: 5
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #137 on: February 19, 2019, 05:21:03 pm »
Hey all,
I'm pretty new to electronics and new to this forum, but thought you might find a python port of the FindKeys script useful - I didn't want to mess with visual studio. Disclaimer, it's hacky as hell, barely tested, and skips over the niceties of the original script. But it did successfully pull out all the licenses. Good luck! And feel free to clean it up.

Code: [Select]
FP = 'YOUR_FILE_PATH'


def crazy_check(byte, l):
    return (
        (byte < ord('2') or byte > ord('9')) and
        ((byte < ord('A') + l) or (byte > ord('Z') + l)) and
        (byte != ord('L') + l) and (byte != ord('O') + l)
    )


parts4 = set()
parts8 = set()
parts12 = set()
keys = set()


def find_keys(fp):
    with open(fp, 'rb') as f:
        entire_buffer = f.read()

        l = 0
        for j in range(2):

            i = 0
            str_start = 0
            str_size = 0

            for i in range(len(entire_buffer)):
                byte = entire_buffer[i]

                if crazy_check(byte, l):
                    b = (str_start % 4096 == 0) or (i % 4096 == 0)

                    if str_size > 15 or (str_size > 3 and b):
                        str_end = str_start + str_size
                        if str_size % 16 == 0:
                            s = entire_buffer[str_start:str_end].decode('utf8')
                            while len(s) > 15:
                                left_string, s = peel_off_string(s, 16)
                                check_and_add(left_string)

                        if str_size % 4 == 0 and b:
                            for x in range(0, 16, 4):
                                s = entire_buffer[str_start:str_end].decode('utf8')
                                left_string, s = peel_off_string(s, x)
                                check_and_add(left_string)

                                while len(s) > 15:
                                    left_string, s = peel_off_string(s, 16)
                                    check_and_add(left_string)

                                check_and_add(s)

                    str_size = 0
                    str_start = i + 1

                else:
                    str_size += 1

            l += 32

        keys.union(consolidate_parts(parts8, parts8))
        keys.union(consolidate_parts(parts4, parts12))
        keys.union(consolidate_parts(parts12, parts4))

        for k in keys:
            print(k)


def check_and_add(string):
    is_ok = string.isupper() and len(string) % 4 == 0 and len(string) > 0
    if is_ok:
        if len(string) == 4:
            parts4.add(string)
        if len(string) == 8:
            parts8.add(string)
        if len(string) == 12:
            parts12.add(string)
        if len(string) == 16:
            keys.add(string)


def peel_off_string(string, i):
    left_string = ""
    if len(string) >= i:
        left_string = string[:i]
        string = string[i:]
    return left_string, string


def consolidate_parts(p1, p2):
    rc = set()
    for i, s1 in enumerate(p1):
        for j, s2 in enumerate(p2):
            if i != j:
                s = s1 + s2
                rc.add(s)
    return rc


if __name__ == '__main__':
    find_keys(FP)



 
The following users thanked this post: Coldblackice

Offline harpster58

  • Contributor
  • Posts: 6
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #138 on: February 21, 2019, 11:21:00 am »
Worked! When putting in File Path (FP = 'YOUR_FILE_PATH') be sure to use fwd slashes "/" not back "\" slashes. At first nothing happened... takes a little time to process then I got all the keys. Since i had already gotten the bandwidth keys I just deleted them and the 3 or 4 text strings that were returned. That left me with 4 keys and pretty easy to re-enter the keys for the options until I got them all correctly. Not sure with the extra key was for maybe an unused option.

Anyway very cool, thanks for posting this!

Hey all,
I'm pretty new to electronics and new to this forum, but thought you might find a python port of the FindKeys script useful - I didn't want to mess with visual studio. Disclaimer, it's hacky as hell, barely tested, and skips over the niceties of the original script. But it did successfully pull out all the licenses. Good luck! And feel free to clean it up.

Code: [Select]
FP = 'YOUR_FILE_PATH'


def crazy_check(byte, l):
    return (
        (byte < ord('2') or byte > ord('9')) and
        ((byte < ord('A') + l) or (byte > ord('Z') + l)) and
        (byte != ord('L') + l) and (byte != ord('O') + l)
    )


parts4 = set()
parts8 = set()
parts12 = set()
keys = set()


def find_keys(fp):
    with open(fp, 'rb') as f:
        entire_buffer = f.read()

        l = 0
        for j in range(2):

            i = 0
            str_start = 0
            str_size = 0

            for i in range(len(entire_buffer)):
                byte = entire_buffer[i]

                if crazy_check(byte, l):
                    b = (str_start % 4096 == 0) or (i % 4096 == 0)

                    if str_size > 15 or (str_size > 3 and b):
                        str_end = str_start + str_size
                        if str_size % 16 == 0:
                            s = entire_buffer[str_start:str_end].decode('utf8')
                            while len(s) > 15:
                                left_string, s = peel_off_string(s, 16)
                                check_and_add(left_string)

                        if str_size % 4 == 0 and b:
                            for x in range(0, 16, 4):
                                s = entire_buffer[str_start:str_end].decode('utf8')
                                left_string, s = peel_off_string(s, x)
                                check_and_add(left_string)

                                while len(s) > 15:
                                    left_string, s = peel_off_string(s, 16)
                                    check_and_add(left_string)

                                check_and_add(s)

                    str_size = 0
                    str_start = i + 1

                else:
                    str_size += 1

            l += 32

        keys.union(consolidate_parts(parts8, parts8))
        keys.union(consolidate_parts(parts4, parts12))
        keys.union(consolidate_parts(parts12, parts4))

        for k in keys:
            print(k)


def check_and_add(string):
    is_ok = string.isupper() and len(string) % 4 == 0 and len(string) > 0
    if is_ok:
        if len(string) == 4:
            parts4.add(string)
        if len(string) == 8:
            parts8.add(string)
        if len(string) == 12:
            parts12.add(string)
        if len(string) == 16:
            keys.add(string)


def peel_off_string(string, i):
    left_string = ""
    if len(string) >= i:
        left_string = string[:i]
        string = string[i:]
    return left_string, string


def consolidate_parts(p1, p2):
    rc = set()
    for i, s1 in enumerate(p1):
        for j, s2 in enumerate(p2):
            if i != j:
                s = s1 + s2
                rc.add(s)
    return rc


if __name__ == '__main__':
    find_keys(FP)
 

Offline mroek

  • Contributor
  • Posts: 45
  • Country: no
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #139 on: February 22, 2019, 12:19:04 am »
I'm a bit curious about the actual key generation. As far as I can understand, each individual scope has it's own unique set of keys. Are these keys stored in some kind of nonvolatile/read-only memory (perhaps in a separate memory partition), and generated during production? Or perhaps the keys are generated with the serial number as the input, so only the serial number needs to be stored during production?

 

Offline vtwin@cox.net

  • Regular Contributor
  • *
  • Posts: 125
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #140 on: February 22, 2019, 11:58:19 pm »
Keys are generated off the scopeid and serial number using an algorithm only Siglent, and those savvy enough to disassemble the scope application, know.

Someday maybe I can afford a copy of IDA Pro with the requisite disassemblers so I can fall into the latter category :)

A hollow voice says 'PLUGH'.
 

Offline mroek

  • Contributor
  • Posts: 45
  • Country: no
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #141 on: February 23, 2019, 12:10:21 am »
Keys are generated off the scopeid and serial number using an algorithm only Siglent, and those savvy enough to disassemble the scope application, know.

Someday maybe I can afford a copy of IDA Pro with the requisite disassemblers so I can fall into the latter category :)

Ok, thanks. IDA Pro is rather expensive, and it would still take quite a bit of work to reverse-engineer the algorithm, so as long as the actual generated keys (on a device you own) can be found by other methods, it really isn't worth it.
 

Offline Rerouter

  • Super Contributor
  • ***
  • Posts: 3816
  • Country: au
  • Question Everything... Except This Statement
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #142 on: February 23, 2019, 12:43:32 am »
Reverse engineering atleast from my own perspective is one of those few topics that throw you full well into the deep end from the get go, as there is no 1 true way to approach it, and the skill level of the power users, you will struggle finding answers on how to drive the bloody programs early days (not to many hits on stack overflow)

I only started digging because I was bored and had a program do a incrementing search for SCPI queries and started turning up a lot of things that where undocumented, I wanted to figure out what other functions where baked into the thing, and well now I'm down the rabbit whole patching typos, and trying to figure out how the protocol decoders work, in my own vain hopes that I may be able to format out some new ones.
 
The following users thanked this post: Coldblackice

Offline mroek

  • Contributor
  • Posts: 45
  • Country: no
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #143 on: February 23, 2019, 05:27:23 am »
I received my scope today, and the info in this thread enabled me to find all keys without breaking a sweat, so thanks to all that contributed with info. For reference, I used the full memory dump method (by sending the SCPI command from the web interface), and then searched the dump file with a hex editor. No need for any scripts or anything.
 

Offline Coldblackice

  • Contributor
  • Posts: 13
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #144 on: March 06, 2019, 10:59:37 am »
Reverse engineering atleast from my own perspective is one of those few topics that throw you full well into the deep end from the get go, as there is no 1 true way to approach it, and the skill level of the power users, you will struggle finding answers on how to drive the bloody programs early days (not to many hits on stack overflow)

I only started digging because I was bored and had a program do a incrementing search for SCPI queries and started turning up a lot of things that where undocumented, I wanted to figure out what other functions where baked into the thing, and well now I'm down the rabbit whole patching typos, and trying to figure out how the protocol decoders work, in my own vain hopes that I may be able to format out some new ones.

How did you learn how to do this? I would love to know how to go about doing this from scratch, what your process/tools were. Do you use IDA PRO at all? Would you be able to do this with IDA PRO?
 

Offline Rerouter

  • Super Contributor
  • ***
  • Posts: 3816
  • Country: au
  • Question Everything... Except This Statement
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #145 on: March 06, 2019, 12:54:38 pm »
I use IDA. Yes. Main things to start with is the strings subveiw. You dont really need to reverse anything to see some interesting strings in most programs.

Next would be setting the right architechture for what your reversing. Armv7 a/r from memory.

And finally the basics of the assembler your working with. E.g. BL branch load. And stack push and pull commands tend to give a nice indication where things start and stop.

There is some fiddly stuff to allow ida to name longer string variables. But that comes later.
 

Offline vtwin@cox.net

  • Regular Contributor
  • *
  • Posts: 125
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #146 on: March 07, 2019, 01:55:13 am »
I use IDA. Yes. Main things to start with is the strings subveiw. You dont really need to reverse anything to see some interesting strings in most programs.

Next would be setting the right architechture for what your reversing. Armv7 a/r from memory.

And finally the basics of the assembler your working with. E.g. BL branch load. And stack push and pull commands tend to give a nice indication where things start and stop.

There is some fiddly stuff to allow ida to name longer string variables. But that comes later.

Reminds me of my childhood 40 years ago, when I would take hex dump reports of Z80 and 6502 machine code and manually disassemble the program into marble black graph-ruled notebooks. I learned z80 machine code when I was 13.

It is the only real way you can begin to learn what a program is doing. (It also made me a better developer, being able to think in low-level terms rather than at a higher, abstract level. I can visualize solutions (like bitmaps) that other developers I work with cannot.)

of course, this also assumes you have an understanding of processor operations (e.g. registers, stack, etc.), addressing schemes, etc. So at a minimum you have to find the technical documentation on the processor you're looking to work with.

I would say it was probably a lot easier back then, when programs were written in assembler. I've never tried to manually disassemble a program compiled from a higher-level language.

I do miss doing it. I also miss Latin class in school during my teenage years too. I must be getting nostalgic in my old age.
« Last Edit: March 07, 2019, 02:02:21 am by vtwin@cox.net »
A hollow voice says 'PLUGH'.
 

Online tv84

  • Frequent Contributor
  • **
  • Posts: 468
  • Country: pt
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #147 on: March 07, 2019, 02:00:41 am »
I don't know if the IDA Latin language pack exists but you could try a 2-in-1 !  ;D

 

Offline vtwin@cox.net

  • Regular Contributor
  • *
  • Posts: 125
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #148 on: March 07, 2019, 02:48:04 am »
I don't know if the IDA Latin language pack exists but you could try a 2-in-1 !  ;D

About a year ago I purchased a latin vulgate and latin-to-english dictionary with the intention of reading/translating, but have yet to get around to it.

way back when, we had a local church which still held latin masses, it was good practice, once I was able to train my brain to decipher ecclesiastical latin.
A hollow voice says 'PLUGH'.
 

Online tv84

  • Frequent Contributor
  • **
  • Posts: 468
  • Country: pt
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #149 on: March 07, 2019, 02:52:04 am »
way back when, we had a local church which still held latin masses, it was good practice, once I was able to train my brain to decipher ecclesiastical latin.

WOW!  Compared with that, assembly is for kids!
 

Online BillB

  • Frequent Contributor
  • **
  • Posts: 425
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #150 on: March 07, 2019, 04:28:48 am »
 

Offline vtwin@cox.net

  • Regular Contributor
  • *
  • Posts: 125
  • Country: us
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #151 on: March 07, 2019, 04:55:51 am »
If IDA is too expensive for you, consider Ghidra

https://www.zdnet.com/article/nsa-release-ghidra-a-free-software-reverse-engineering-toolkit/

lmao yeah, I'm going to download stuff from the NSA and install it on my computer.

Nooooooo chance of it having some spyware or back-door capabilities for the federal government embedded in there. Noooo sireeeeee.
A hollow voice says 'PLUGH'.
 

Offline tinhead

  • Super Contributor
  • ***
  • Posts: 1846
  • Country: 00
    • If you like my hacks, send me a donation
Re: Unlocking Siglent SDS1104X-E, step by step
« Reply #152 on: March 10, 2019, 10:34:16 pm »
from the NSA and install it on my computer

actually CIA, later NSA. I'm using it since years, still alive, still no drones on the sky. EDIT (Ghidra is really useful, you can always use VM if you care).

I'm more complaint about useless online firmware updates for these DSOs, i don't need it, they are security holes by design, i wish Siglent could spend more time on firmware improvements/fix instead of useless online updates.
« Last Edit: March 10, 2019, 10:35:59 pm by tinhead »
I don't want to be human! I want to see gamma rays, I want to hear X-rays, and I want to smell dark matter ...
I want to reach out with something other than these prehensile paws and feel the solar wind of a supernova flowing over me.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf