Sniffing the Rigol's internal I2C bus

[McBryce]

It's the MSO version that you can find here: http://www.gotroot.ca/rigol/ but after rereading your post, I think you are using the right one already.

McBryce.

[smgvbest]

Ah,
Maybe it's this
you're doing a rigup license mso1074z_dump.bin 0x1C001
but the input to license is the output of the scan

rigup scan mso1074zs.bin > mso1074zs.txt    // This reads your dump and writes your public/private key to the output file mso1074zs.txt in this case
rigup license mso1074zs.txt 0x1C001             // this reads the mso1074zs.txt file you created above and requests the license for 0x1C001

See if that helps

you're using the patched version of rigup  the "Hacked up for MSO1000Z(-S) rmd79, 0ff eevblog.com" says that.   rmd79, 0ff hacked it to work with the MSO line

@ Sandra,
I called the tool with this command line: "rigup license mso1074z_dump.bin 0x1C001", where the bin file is what I saved from the scope memory.

@ McBryc,
What is that "special patched version" and where can I find it?

[Neuro]

2 zsidoz:
Could you please write exactly the command string, that you have used to extract the serial number from the dump?

[zsidoz]

Sandra pointed out the missing step:
rigup scan mso1074zs.bin > mso1074zs.txt

After that I got the correct license keys and the scope is successfully hacked.

Thanks for the awesome support from all of you!

[smgvbest]

Glad to hear that was it.

[staze]

Quick question, and a search didn't seem to turn anything up. Has anyone figured out key generation for the DG1032Z? Thanks!

[whotopia]

Can someone advise if it is possible to restore the serial number of a DS2072A ?
I tried to do some of the hacks in the past and this lead me to a unit with serial number DS2A0000000001.  The MAC address on the LAN interface is also wrong.  It's 46:46:46:46:46:46.  I assume the MAC must be uniquely generated from the serial number somehow.
The device is currently at firmware DS2000(DSP)Update_00.03.04.01.00
What can I do?

[largosoft]

Hello everyone, I have a spectrum analyzer DSA815-TG and I try to update blockade, got it working again Through his advice.
the problem is that I delete the model, serial number and licenses had. Also, calibration data is erased.
lei so the only way to regain full functionality of the analyzer firmware is reinstalled complete with JTAG.
Someone could spend the entire firmware (approximately 5 Megas) and information to enter the serial number of my scanner.
from already very grateful. Excuse my English, use a translator, I'm from Argentina.

[ted572]

Hello everyone, I have a spectrum analyzer DSA815-TG and I try to update blockade, got it working again Through his advice.
the problem is that I delete the model, serial number and licenses had. Also, calibration data is erased.
lei so the only way to regain full functionality of the analyzer firmware is reinstalled complete with JTAG.
Someone could spend the entire firmware (approximately 5 Megas) and information to enter the serial number of my scanner.
from already very grateful. Excuse my English, use a translator, I'm from Argentina.

See -  https://www.eevblog.com/forum/testgear/dsa815-tg-calibration-data-of-tg-lost/msg802901/#msg802901

[geralex]

After that I got the correct license keys and the scope is successfully hacked.

Which firmware version do you have?  I have the MSO1074Z-S with the firmware 00.04.03.SP1. I think I´ve done all steps right, used the special 0.4.1-mso-version, first rigup scan, then rigup license and also get every time and both on debian and windows the same serials. But though non of the license keys work, I only get 'Invalid license'
Does someone have some ideas?

Edit:
Ok, just got it, now also here all "official" Don`t know what was wrong. Possibly it depends on what time after startup of the oscilloscope you do the dump. At first time I`ve done it half a minute after it showed the options screen. It worked when I had done it still shows the Rigol startup screen. As seen above I have the FW 4.3.SP1. I needn`t modify any files (such as the serial number as mentiones in a post above)
So thanks to Off and all the other users that have contributed to the thread

[daemonix]

hi everyone,

I need a bit of up to date help!
I haven't look around for new info for quite some time!!!

Im still on 00.02.03.SP5 on my DS1074Z. With all the hacks (NOT the 500us something). 100mhz etc.

1)Which firmware I can load without messing with the hacks etc??
2)Where should I get it from? UK telocin for example?

thanks a lot!

[Spork Schivago]

Does anyone have a copy of the flash that they dumped on the DP832 / DP832A?   I've been researching how to dump it, and it looks like my only options might be to actually remove the flash and read it out of circuit.   I seen someone did this earlier on but never got a response when I contacted them.   If anyone did actually dump anything from the Rigol DP832 / DP832A, would you mind sharing with me what you got please?   Thank you!

[technokratos]

Hi guys,

I would, quite humbly, like to ask you for a small clarification for me. I am not a pro and I wouldn't like to fry my new MSO1104Z-S. I saw Crille77's howto but this is what I do not get:
1) can I use this j-link to connect to JTAG port? http://www.ebay.com/itm/J-Link-OB-ARM-Debugger-Programmer-Downloader-replace-v8-SWD-M74-New-/221808339497
2) can I use the same cable connection schema Crille77 posted? If not, could someone offer connection details?

Thanks a bunch guys! Wonderful work. Wish I could buy you a beer

[hammy]

If not, could someone offer connection details?

Have a look at reply #3731. The picture with the header...

[technokratos]

Just a little intro for newbies like me:

I can confirm the process works flawlessly with Altera USBblaster. To speed up the dump, I modified openocd config file for usbblaster in scripts/interfaces and added the line:

Code: [Select]

adapter_khz 6000
The whole dump was then completed in approx. 3 hours.

Here I share OpenOCD 0.9.0 for Windows (use 32 bit executable, 64bit didn't work for me - probably doesn't play nice with usbblaster's 32 bit driver). The configuration change I made is included in the .rar file. Also in the folder drivers you can find a nifty UsbDriverTool.exe to install signed certificate for usbblaster (instead of Altera's original one - didn't work for me on win 8.1 64bit). It will replace the driver with signed generic libusb driver so you don't have to go through the stupid process of enabling unsigned certificates in Win

The command is:
openocd.exe -d1 -f C:\path\to\openocd-0.9.0\scripts\interface\altera-usb-blaster.cfg -f C:\path\to\openocd-0.9.0\scripts\target\imx28.cfg

http://www26.zippyshare.com/v/Z88EL5Jr/file.html

Newest OpenOCD build for Windows can be found at Freddie's website: http://www.freddiechopin.info/en/download/category/4-openocd

[Neuro]

My Web-site is moved to http://i-hobby.org
Thats why Windows-version of rigup software for unlocking options of MSO1074 is now available at http://i-hobby.org/blog/60.html
Direkt download link is here: http://i-hobby.org/file/go/60/

[Engineer1]

Hi,

I've successfully unlocked the options on my DS-4024 (for which, huge thanks for all the hard work on the decoding!), which has given the power analysis option. However, it seems that this needs their Ultra Power software, which I downloaded from their site. But, it reports that it's only a trial, that'll run for 15 days, and asks for an unlock key. So, is there a way to use the power analysis function directly on the 'scope, or does it also need the Ultra Power software? If so then I'll need to be pretty quick with testing it out.

Cheers.

[hammy]

My Web-site is moved to http://i-hobby.org
Thats why Windows-version of rigup software for unlocking options of MSO1074 is now available at http://i-hobby.org/blog/60.html
Direkt download link is here: http://i-hobby.org/file/go/60/

1.) 3 posts at all
2.) Website with russian content
3.) Windows software for direct download
( 4.) superfluous software )

 

Nice try, young whippersnapper! 

[Neuro]

My Web-site is moved to http://i-hobby.org
Thats why Windows-version of rigup software for unlocking options of MSO1074 is now available at http://i-hobby.org/blog/60.html
Direkt download link is here: http://i-hobby.org/file/go/60/

1.) 3 posts at all
2.) Website with russian content
3.) Windows software for direct download
( 4.) superfluous software )

 

Nice try, young whippersnapper! 

Well, if you don't need that software - that doesn't mean that it's useless!

[CustomEngineerer]

Are we supposed to have known what your previous website was?  I don't see any posts where you mention it. Got to agree with hammy, even if that was something I needed there is no way I would download it from that site. Sorry if you are legit and trying to help but that just sounds insanely fishy. Now if you happen to be a Nigerian Prince, that might make me feel safer.

[Orange]

My Web-site is moved to http://i-hobby.org
Thats why Windows-version of rigup software for unlocking options of MSO1074 is now available at http://i-hobby.org/blog/60.html
Direkt download link is here: http://i-hobby.org/file/go/60/

1.) 3 posts at all
2.) Website with russian content
3.) Windows software for direct download
( 4.) superfluous software )

 

Nice try, young whippersnapper! 

Well, if you don't need that software - that doesn't mean that it's useless!

Why do you post a link which contains ONLY Russian content ? Do you really think this will be useful here ?.
Why is you country flag in your profile German ?.

[Neuro]

My Web-site is moved to http://i-hobby.org
Thats why Windows-version of rigup software for unlocking options of MSO1074 is now available at http://i-hobby.org/blog/60.html
Direkt download link is here: http://i-hobby.org/file/go/60/

1.) 3 posts at all
2.) Website with russian content
3.) Windows software for direct download
( 4.) superfluous software )

 

Nice try, young whippersnapper! 

Well, if you don't need that software - that doesn't mean that it's useless!

Why do you post a link which contains ONLY Russian content ? Do you really think this will be useful here ?.
Why is you country flag in your profile German ?.

Video for unlock of features of MSO1074 is in English. Software is in English too and it could be usefull here.   
I think that it doesn't matter in what language is the rest of content on my web-site. And I don't propose
somebody here to read my posts in Russian. Not all of content on my web-site is in Russian - there are some posts and videos in
English and in German.
I live in Germany and i speak 6 languages: Russian, English, German, Spanish, Ukrainian and Arabic.
What's the problem with a flag and with a language? 

[Neuro]

Are we supposed to have known what your previous website was?  I don't see any posts where you mention it. Got to agree with hammy, even if that was something I needed there is no way I would download it from that site. Sorry if you are legit and trying to help but that just sounds insanely fishy. Now if you happen to be a Nigerian Prince, that might make me feel safer.

Test Equipment / Re: Sniffing the Rigol's internal I2C bus
« on: November 07, 2015, 10:38:39 AM »
Yesterday I succesfully hacked my Rigol MSO1074Z.
Thanks to the modification of the procedure now there is no need to use two OS (Windows and Linux).
Debugger, that was used, is Jet-Link Pro.
Details are here:


That was my post at the 7-th of November 2015.
If your have an opinion, that this software is useless, then never mind. 

[Orange]

What's the problem with a flag and with a language? 

Mind your Language a bit will you. Your posts with a funny URL look suspicious.
A lot of hackers come from Russia or from that region, so it is not so strange that people start asking questions. If then your language flag is set to German, your profile becomes even more strange.

[apelly]

What's the problem with a flag and with a language? 

Don't worry about it.

I haven't looked at your website, but here are some thoughts:

• Users here are rightly cautious of installing strange software (and likely won't take the time to install it in a VM)
• The Russians are the baddies of the hacker world (and many other worlds) but we don't hate them.
• Your post count (trust level) is low (relax and take the time to get involved here, it's a fun place to hang out and learn)
• Your available information appeared inconsistent (but that's cleared up now)
• If the source is available that can help with trust issues (but nobody will take the time to compile it, and 80% of those that do will hassle you about where to get missing libraries)
• But none of this matters if you're having a good time.