So, let's continue.
Model change
A bit of theory
If you unpack the firmware update file, you will find, among other things, a file named ota_misc.json with the following content:
JSON
{
"int_models": [
{ "int_model": "ADS802A", "version":"V1.0.1.0.17" },
{ "int_model": "ADS804A", "version":"V1.0.1.0.17" },
{ "int_model": "ADS812A", "version":"V1.0.1.0.17" },
{ "int_model": "ADS814A", "version":"V1.0.1.0.17" },
{ "int_model": "ADS822A", "version":"V1.0.1.0.17" },
{ "int_model": "ADS824A", "version":"V1.0.1.0.17" },
{ "int_model": "CEI914", "version":"V1.0.1.0.17" },
{ "int_model": "CEI924", "version":"V1.0.1.0.17" },
{ "int_model": "ADS912A", "version":"V1.0.1.0.17" },
{ "int_model": "ADS914A", "version":"V1.0.1.0.17" },
{ "int_model": "ADS922A", "version":"V1.0.1.0.17" },
{ "int_model": "ADS924A", "version":"V1.0.1.0.17" }
]
}
These are the models that this firmware can be installed on.
But wait, don't we have a Voltcraft?
Yes and no.
In the oscilloscope's web interface, under the SCPI query section, the default command is *IDN?It outputs: "VOLTCRAFT,voltcraft-model,serial_number,firmware_version"
However, there is another command: *ODN?This one outputs something else: "VOLTCRAFT,owon-model,serial_number,firmware_version",
and this model must match one of the int_models in ota_misc.json.
*IDN? outputs the ext_models variable - this is the OEM model and can essentially be anything.
*ODN? outputs the int_models variable - these is the actual Owon models (I honestly don't know what the CEI914 and CEI924 models are, perhaps some future versions).
The device configuration itself is determined by an encoded file located inside the oscilloscope at - /oem/BootTxt.bin
This file contains the model, manufacturer, serial number, MAC address, and a few other parameters.
⚠️ CRITICAL: > First and foremost, make a backup of this file just in case!
DS01:/ # cp /oem/BootTxt.bin /oem/BootTxt.bin.backup.origIt also makes sense to save a backup of the entire /oem folder to some external storage device.
How to Change the Model
What you will need - python3 installed on your computer.
Download the /oem/BootTxt.bin file from the oscilloscope to your computer.
Place it in the same folder as the following script:
#!/usr/bin/env python3
#
# Change of Voltcraft DOV oscilloscope model.
#
key = b"llpowon"
def decode(enc):
return bytearray((b + key[i % len(key)]) & 0xff for i, b in enumerate(enc))
def encode(plain):
return bytes((b - key[i % len(key)]) & 0xff for i, b in enumerate(plain))
def put_field(buf, off, s, n=20):
buf[off:off+n] = s.encode("utf-8")[:n].ljust(n, b"\x00")
enc = open("BootTxt.bin", "rb").read()
plain = decode(enc)
# Changing model
put_field(plain, 0x3C, "ADS824A") # int_model
put_field(plain, 0x50, "ADS824A") # ext_model
put_field(plain, 0x64, "OWON")
# put_field(plain, 0x64, "VOLTCRAFT")
func_base = 0x78
# Enabling flags
# uncomment/comment required items
plain[func_base + 0] = 1 # Support14Bit
plain[func_base + 4] = 1 # InstallAPK
plain[func_base + 5] = 1 # Adb
# plain[func_base + 6] = 1 # GenOn
# plain[func_base + 7] = 1 # WaveformClone
# plain[func_base + 8] = 1 # FRA
# plain[func_base + 9] = 1 # SweepAndBurst
# plain[func_base + 10] = 1 # LA
open("BootTxt.modified.dec.bin", "wb").write(plain)
open("BootTxt.modified.bin", "wb").write(encode(plain))
Run the script:
$ python3 DOV_change.py
As a result, you will get a file named BootTxt.modified.bin in the same directory.
Upload this file back to the oscilloscope under the name BootTxt.bin.
I copied it from a USB flash drive, but you can also use ADB.
Let's check the mount name of the flash drive:
DS01:/ # ls /mnt/media_rw/
1BFA-0317
Copy the file:
DS01:/ # cp /mnt/media_rw/1BFA-0317/BootTxt.modified.bin /oem/BootTxt.bin
Set the correct owner for the file:
DS01:/ # chown system:system /oem/BootTxt.bin
After doing this, you can restart the Oscilloscope application to see the changes.
If everything looks good, reboot the device.
Script Description (What Can Be Changed):
put_field(plain, 0x3C, "ADS824A") - int_model: The Owon model. It must correspond to one of the models listed in ota_misc.json.
put_field(plain, 0x50, "ADS824A") - ext_model: Theoretically, any model name can be specified here; it only affects how the model is displayed.
plain[func_base + 0] = 1 - Support14Bit: I'm not entirely sure about the 14-bit part, but with this flag enabled, the signal display layout changed when I selected Acquire -> Mode -> High Res.
plain[func_base + 4] = 1 - InstallAPK: Activates the visibility of the "Security" section in the Android Settings. This is where you can explicitly enable the installation of third-party apps.
plain[func_base + 5] = 1 - Adb: Permanently activates ADB and the visibility of the "Developer options" section in the Android settings.
plain[func_base + 6] = 1 - GenOn: Activates the built-in waveform generator (not soldered on the board in my case).
plain[func_base + 7] = 1 - WaveformClone: Activates additional generator features and signal cloning from the oscilloscope input to the generator output. This feature requires the built-in generator hardware (GenOn).
plain[func_base + 8] = 1 - FRA: Activates the FRA (Frequency, Gain, and Phase) analyzer - an option that becomes available in the oscilloscope's menu. Theoretically, it requires the built-in generator, but I suspect it might work with an external one as well.
plain[func_base + 9] = 1 - SweepAndBurst: This feature requires the built-in generator hardware (GenOn).
plain[func_base + 10] = 1 - LA: Activates the Logic Analyzer (not soldered on the board in my case).
I tried changing the int_models on my device (DOV704) to ADS804A, ADS814A, ADS824A, ADS914A, and ADS924A.
They all boot up, but ADS914A and ADS924A do not function properly - the channels glitch out and the counters display incorrect information.
Currently, I have the options enabled exactly as shown in the script above.
Home
Help
Search
Login
Register
