Sniffing the Rigol's internal I2C bus

[Carrington]

cybernet:
Congratulations for the new discovery. I only have one question, I hope you can give me a hint:
You have any idea of where is keep the S/N on the DS2000 and, if there is any way to change it?

If you prefer send me a PM, thank you very much.

[chick0n]

Soooooo....is the DSA815 Tracking-Gen a Hardware Option, or just a Software Option? 

According to this Teardown:

http://www.eevblog.com/2012/11/28/eevblog-391-rigol-dsa815-spectrum-analyser-teardown/

It's all on the same PCB.

Maybe just the N-Connector is missing?

[jamesb]

To be fair, most of the people (I imagine) who would have purchased any of these add-ons, still will even though there is an illegal crack available. I think this thread is mostly for us hobbyists who stick to the free-or-nothing model

Agreed, the number of people that find this thread, manage to get it compiled and working are not even a blip on the screen for Rigol.  In-fact, for me, it's a reason to keep buying Rigol equipment, which I'll do unless they get real cranky and mess up our fun.

Both excellent points. I do hope that Rigol decides not to scorn the hobbyist / hacker scene - rather I'd hope they would embrace the cult following that they could generate.

[tlu]

enjoy

http://pastebin.com/ghYHnCfT

would not have happend without jtag firmware dump from DL5TOR, ecc help from some guy and testing by marc - thanks guys.


PS: the windows tool makers, might want to integrate that into their tool - only the length of the serial & private key differ, rest is the same ! (RILOL !)

Great job cybernet. I was just a matter of time in this case as well.

[videobruce]

Ok, other than C&P it somewhere, where and what file name & extension?

[chris petersen]

Hi guys, has any of you any compiled version of the Keymaker running the thing under Windows, or how can I get the Keygen, unfortunately, am not a great programmer. Would be very nice if someone could post something here
Chris

[jsykes]

Son of a bitch! IT WORKS!!!! I have 10Hz RBW now. I haven't tested the others yet

Release your work cybernet... you are the man!

@olsenn
Is your tracking generator still fully functional?

[olsenn]

@olsenn
Is your tracking generator still fully functional?

Tracking generator still works! All options are now activated

[videobruce]

What exactly are you suppose to do with the script in that link?? 

[dr.diesel]

What exactly are you suppose to do with the script in that link?? 

Compile and run it!

[cybernet]

What exactly are you suppose to do with the script in that link?? 

print it, hold printout in front of DSA (letters facing to DSA), then power cycle it.

[videobruce]

I'll wait for a intelligent answer. Don't you have some texting to do?

[jamesb]

I'll wait for a intelligent answer. Don't you have some texting to do?

.... wow ... you do know who you are talking to, right? That would be the guy behind this work you .. f'n tool ...

[dr.diesel]

I'll wait for a intelligent answer. Don't you have some texting to do?

Not nice to irritate the guy that developed the hack..

[warp_foo]

Reply #572 has (one of the) Linux versions of the keygen, reply #574 has the Windows version. I think it's page 39ish with default forum settings.

Outstanding! Thank you...

m

ETA: 2072 ordered. 9/24 delivery date, oh well. 

[videobruce]

Doesn't matter who he is. His response surely didn't match his work. You expect everyone to know exactly what to do with that script?

If you didn't want to provide a decent non smart ass answer, then why did you bother in the first place?

Moderator: No need for this sort of response. Keep it civil please.

[cybernet]

not irritated, but amused ;-)

if the printout method is nothing for you maybe u should RTFM or wait for someone to come along to make little GUI for you - which u would have known if u had read the last 3 pages ... 

[tom66]

Excellent work and seriously tempting me to buy a DSA815 (and DS2000 if that gets hacked...)

[jamesb]

I just tried the code and managed to generate some "test keys" for "educational purposes"  ... they don't seem to work however ..

I've verified the unit serial number using SCIP (*IDN?) and passed it to the rikey_dsa as such:

./rikey_dsa DSA8A151###### AAAF

Should I try entering the private key manually? (ie. is 80444DFECE903E valid?)

[Rufus]

Doesn't matter who he is. His response surely didn't match his work. You expect everyone to know exactly what to do with that script?

It isn't a script it is a complete C program with more than adequate information on how to compile it.

The 59 pages of this thread might give you an idea of how much work people put into producing it.

So no I'm sure he doesn't expect everyone to know exactly what to do with it but expecting people to put some effort into trying to find out before they ask questions is reasonable. He (and others) made 'your' job 100,000 times easier than it was 59 pages ago.

[tom66]

It was mentioned a while back that this was an "illegal" key, perhaps in the same way as unlocking extra software options, as these are not hardware limits like with the DS1052E/1102E? Also, if the unit has to be returned for service, is there a way of erasing the bogus keys?

[jsykes]

I'll wait for a intelligent answer. Don't you have some texting to do?

I've been following the work of these amazing programmers for quite some time and have deepest respect for their talents. I specialize in Hardware and RF and am an old guy who's programming talents ended with the demise of DOS so I'm hoping the comment above doesn't discourage someone from developing a Windows GUI. I really need that 10Hz RBW and for me, a GUI to do it. I'm sure there are other old hams out there in the same boat they may be ashmed to admit that.

[grego]

Doesn't matter who he is. His response surely didn't match his work. You expect everyone to know exactly what to do with that script?

If you didn't want to provide a decent non smart ass answer, then why did you bother in the first place?

Seriously, you expect to get this stuff spoon fed to you?  Take a little time, read through and figure it out.  If you have a specific question about implementation someone will be happy to help I'm sure.  Not a "what do I do with this" that has been answered a dozen times in the preceding pages.

[Carrington]

bfin ida cpu module
be warned however, it has bugs - if aX registers are in use (math heavy stuff) you can not trust the ida output, take it from objdump or gdb bfin if so.
the bfin stuff is kraters work, not mine. those modules where compiled on a x86 32 bit, for ida 6.2 - might not work with other ida versions.

im currently working on enhancing the bfin flirt tools from krater or probably rewrite them because somehow they dont seem to work right.
then it should be possible to get better matchrate for VDSP libraries to the firmwares - which will ease reversing them.

Hi all!

I opened this "DS2000Update.gel" with ida 6.1 and saved as ida databases (*. id?).  I wonder if all was fine because I used the 6.1 Ver. instead of 6.2. Is there any way to know if everything was okay?
What other interesting things can be found by that?  For example, some hidden menu...

Thanks 

[jamesb]

Should I try entering the private key manually? (ie. is 80444DFECE903E valid?)

I just power-cycled the DSA815 and tried again and everything worked just fine - there was a brief delay after each key entry but the options are now listed as "official".
Now I'll uninstall the keys since the tested software appears to have worked ...