Author Topic: DSOX2000 and 3000 series - licence , have anyone tried to hack that scope ?  (Read 1249225 times)

0 Members and 8 Guests are viewing this topic.

Online abyrvalg

  • Frequent Contributor
  • **
  • Posts: 837
  • Country: es
Sparky, let's partition the problem a bit: try booting from USB w/o any patches first (original dll, no added params in .lnk) - the scope should start normally (but slower) using files on USB.
« Last Edit: March 18, 2014, 11:10:48 am by abyrvalg »
 
The following users thanked this post: Andrew

Offline plesa

  • Frequent Contributor
  • **
  • Posts: 965
  • Country: se
My Agilent DSO-X 3034A arrived earlier in the month and it took until today to get a DSOXLAN module for it.  The scope is running v2.36 firmware as has been the case for recent folks. It's been a pleasure to use so far, and I'm looking forward to unlock a little extra potential.

For the purpose of exploring v2.36, here is some details (for the complete file listing, see attached FileList.txt):

    Directory of \Secure\infiniiVision

01/01/86  12:04a    <DIR>                    web
01/01/86  12:04a    <DIR>                    fpga
10/10/07  06:45p                       46624 System.Drawing.dll
10/10/07  06:45p                      214552 mscorlib.dll
05/05/13  09:21a                       82432 Agilent.Cdf.Api.Licensing.dll
05/05/13  09:21a                      160256 Agilent.Cdf.Api.Lxi.dll
05/05/13  09:21a                       85504 Agilent.Cdf.Api.Security.dll
05/05/13  09:21a                       28160 Agilent.Cdf.Api.SystemManagement.dll
05/05/13  09:21a                      163840 Agilent.Cdf.Api.dll
05/05/13  09:21a                        9216 Agilent.Cdf.Core.Lxi.Web.ComServer.Interop.dll
08/24/12  03:16p                      238080 OpenNETCF.dll
05/16/13  08:43p                       13312 WebPageData.dll
08/24/12  03:16p                      398336 SetupConverter.exe
01/01/86  12:04a                     1152032 splashImage.bin
08/24/12  03:17p                      251392 dnssd_CE.dll
08/24/12  03:17p                      355840 libcups2.dll
08/24/12  03:17p                       83968 libcups2backend.dll
09/13/13  11:10a                      215040 vncServer.exe
08/24/12  03:20p                       21504 websockify.exe
09/13/13  11:17a                    17312416 infiniiVisionCore.dll
09/13/13  11:10a                       12104 infiniiVisionLauncher.exe
09/13/13  11:10a                      180736 infiniiVisionWebCom.dll


The infiniiVisionCore.dll is the same size (in bytes) as the previous v2.35 release, however the two files are different

The bytes previously mentioned to patch at location 0x277e50 are not there.  My best guess (just by comparing, and noting the same sequence of bytes) is that they are now at 0x277e30.

I patched the bytes at 0x277e30, and setup the USB boot key as per the instructions here.  I tried 3 different USB keys: SanDisk Cruzer 2GB, Kingston DataTraveler 4GB, Transcend 32GB.  All were USB 2.0 drives, and formatted FAT32.  None of these drives worked.  During boot, groups of LEDs on front of the scope would flash in sequence and after a short while the scope would restart and try again.  Removing the USB drive, the scope would boot as normal.

I am not sure if I patched the infiniiVisionCore.dll correctly as it is different to v2.35.  I have uploaded the .dll here.  I hope a more knowledgeable person could look at it and provide some comments.  If more files are needed, just let me know. @plesa @abyrvalg hoping you guys might be able to take a look.


Reading back through the thread, people have had success with:
"a podunk 4G USB stick I got from Digikey"
SanDisk Extreme USB 3.0 16GB
Kingston 4GB microSD with adaptor
DaneElec 2GB SD with cheapo USB card reader
Integral 8GB

Hoping I will not have to downgrade --- I will keep trying with other USB drives...

Sparky

Read the whole thread. 2.36 is not possible to patch the same way. To hack the scope you need to downgrade the firmware to 2.35 as few members does.
 
The following users thanked this post: Andrew

Online abyrvalg

  • Frequent Contributor
  • **
  • Posts: 837
  • Country: es
plesa, do you know where is the problem exactly? USB startup override itself doesn't work anymore? Or some problems with patching?
 
The following users thanked this post: Andrew

Online kilobyte

  • Regular Contributor
  • *
  • Posts: 76
  • Country: de
    • My Website
Thanks Sparky for sharing the new dll version.

I copied the dll to my usb stick and i was able to start it but the dll hack at the right position is not working.
Also i didn't see any changes i the near of the Unfinalized Software output.
I will spend some more time today in the evening.

 
The following users thanked this post: Andrew

Offline plesa

  • Frequent Contributor
  • **
  • Posts: 965
  • Country: se
plesa, do you know where is the problem exactly? USB startup override itself doesn't work anymore? Or some problems with patching?

Currently I do not have the 2.36 but we have discussion and there is blocked USB booting capability. Thats why it can be really dangerous to try to patch it.
If someone has the dll extracted you can send it to me for investigation.

Also bellow is additional change in 2.35 which will enable enable multiple force trigerring by pressing the Force trigger (not need to press the single button).

find position 1F24B4 and change it from

013C A0E3 2700 83E3 0110 A0E3
04E0 9DE4 D160 01EA

to
08E0 8FE2 F041 2DE9 0CD0 4DE2
FEA2 FEEB F4FF FFEA

Try it only from usb, not from scope flash to prevent bricking your scope.
 
The following users thanked this post: Andrew

Offline ot1

  • Contributor
  • Posts: 18
I didn't read all 28 of the pages on this thread but it seems that no one mentioned the fact that agilent has a promo on the X series that is buy one option and all other options are free. You can also jump one bandwidth up from your current purchased bandwidth. Looks like the promo ends march 31, perhaps longer too with new s scopes.
 
The following users thanked this post: Andrew

Offline plesa

  • Frequent Contributor
  • **
  • Posts: 965
  • Country: se
I didn't read all 28 of the pages on this thread but it seems that no one mentioned the fact that agilent has a promo on the X series that is buy one option and all other options are free. You can also jump one bandwidth up from your current purchased bandwidth. Looks like the promo ends march 31, perhaps longer too with new s scopes.

It is mentioned in different Agilent thread, it has fixed price.
http://www.home.agilent.com/agilent/editorial.jspx?cc=US&lc=eng&ckey=2430287&nid=-33573.970736.00&id=2430287

For someone running Agilent WinXP instruments there is also running promo for the Win7 upgrade for spectrum analyzers.
« Last Edit: March 18, 2014, 02:59:27 pm by plesa »
 
The following users thanked this post: Andrew

Offline Sparky

  • Frequent Contributor
  • **
  • Posts: 459
  • Country: us
Sparky, let's partition the problem a bit: try booting from USB w/o any patches first (original dll, no added params in .lnk) - the scope should start normally (but slower) using files on USB.

This is a good suggestion!  I will give this a try, as I need to find a USB drive that can actually boot.

Thanks,
Sparky
 
The following users thanked this post: Andrew

Offline Sparky

  • Frequent Contributor
  • **
  • Posts: 459
  • Country: us
Read the whole thread. 2.36 is not possible to patch the same way. To hack the scope you need to downgrade the firmware to 2.35 as few members does.

@plesa: I have indeed read the whole thread, but found no discussion about patching 2.36.  I'm aware many people could not USB boot on 2.36 and simply downgraded to 2.35 as a "work around".  As far as I read here, those with 2.36 were trying to boot from a patched 2.35 DLL and system files, but with 2.36 installed on their system.  I thought that may have been causing it not to work.

I thought we could investigate the 2.36 DLL, and a few people requested to see the 2.36 DLL, so I posted it.  I thought it would be interesting to determine how the 2.36 system was different and a new way to patch it.
 
The following users thanked this post: Andrew

Offline Sparky

  • Frequent Contributor
  • **
  • Posts: 459
  • Country: us
Thanks Sparky for sharing the new dll version.

I copied the dll to my usb stick and i was able to start it but the dll hack at the right position is not working.
Also i didn't see any changes i the near of the Unfinalized Software output.
I will spend some more time today in the evening.

Thanks for testing, kilobyte.  Did you try and boot with the un-patched DLL first?  And it booted okay?

I assume you then tried booting with the patch at the new location of 0x277e30 ?  Seems there are more checks in this firmware...

 
The following users thanked this post: Andrew

Offline Sparky

  • Frequent Contributor
  • **
  • Posts: 459
  • Country: us
plesa, do you know where is the problem exactly? USB startup override itself doesn't work anymore? Or some problems with patching?
Currently I do not have the 2.36 but we have discussion and there is blocked USB booting capability. Thats why it can be really dangerous to try to patch it.
If someone has the dll extracted you can send it to me for investigation.

@plesa: I posted the 2.36 DLL in my large post above, but here is direct link.

I presume this "discussion" about 2.36 having blocked USB booting happened outside this thread...I did not read anything about that.
« Last Edit: March 18, 2014, 04:37:15 pm by Sparky »
 
The following users thanked this post: Andrew

Offline ben_r_

  • Frequent Contributor
  • **
  • Posts: 419
  • Country: us
  • A Real Nowhere Man
I didn't read all 28 of the pages on this thread but it seems that no one mentioned the fact that agilent has a promo on the X series that is buy one option and all other options are free. You can also jump one bandwidth up from your current purchased bandwidth. Looks like the promo ends march 31, perhaps longer too with new s scopes.
Yea its been mentioned a couple times in multiple threads, the only issue is many of us have already spent close to or more than the amount Agilent now gives all the options for. Unless there is going to be some plan for crediting those that have already bought hundreds in upgrades this upgrade "deal" just feels like spit in your face.
If at first you don't succeed, redefine success!
 
The following users thanked this post: Andrew

Offline Rigby

  • Super Contributor
  • ***
  • Posts: 1476
  • Country: us
  • Learning, very new at this. Righteous Asshole, too
I didn't read all 28 of the pages on this thread but it seems that no one mentioned the fact that agilent has a promo on the X series that is buy one option and all other options are free. You can also jump one bandwidth up from your current purchased bandwidth. Looks like the promo ends march 31, perhaps longer too with new s scopes.
Yea its been mentioned a couple times in multiple threads, the only issue is many of us have already spent close to or more than the amount Agilent now gives all the options for. Unless there is going to be some plan for crediting those that have already bought hundreds in upgrades this upgrade "deal" just feels like spit in your face.

I get what you're saying, but not fully.  The stuff you paid for still does what you paid for it to do, and it was enough of a deal that you willingly paid for those options.

I also get that you feel you're being treated unfairly because of the dramatic cost difference between what you paid per option vs. what someone will pay per option until this deal ends.  Technology always gets cheaper, though maybe you didn't expect it to get SO cheap so quickly, I guess.

Either they are about to announce a new scope or line of scopes, or they're doing the rare "Can I More Money Overall If I Lower The Price And Sell More" test.  This is what Steam Sales prove time & time again; that more net revenue is gained by selling at a lower price.  Maybe Agilent is giving that a go. 

I'd put my money on new hardware coming soon, though.
 
The following users thanked this post: Andrew

Offline ben_r_

  • Frequent Contributor
  • **
  • Posts: 419
  • Country: us
  • A Real Nowhere Man
I didn't read all 28 of the pages on this thread but it seems that no one mentioned the fact that agilent has a promo on the X series that is buy one option and all other options are free. You can also jump one bandwidth up from your current purchased bandwidth. Looks like the promo ends march 31, perhaps longer too with new s scopes.
Yea its been mentioned a couple times in multiple threads, the only issue is many of us have already spent close to or more than the amount Agilent now gives all the options for. Unless there is going to be some plan for crediting those that have already bought hundreds in upgrades this upgrade "deal" just feels like spit in your face.

I get what you're saying, but not fully.  The stuff you paid for still does what you paid for it to do, and it was enough of a deal that you willingly paid for those options.

I also get that you feel you're being treated unfairly because of the dramatic cost difference between what you paid per option vs. what someone will pay per option until this deal ends.  Technology always gets cheaper, though maybe you didn't expect it to get SO cheap so quickly, I guess.

Either they are about to announce a new scope or line of scopes, or they're doing the rare "Can I More Money Overall If I Lower The Price And Sell More" test.  This is what Steam Sales prove time & time again; that more net revenue is gained by selling at a lower price.  Maybe Agilent is giving that a go. 

I'd put my money on new hardware coming soon, though.
FWIW I still havent modded my MSOX2024. I havent needed any of the upgrades I hadnt already purchased. But seeing as how I have had my scope for less than a year and in two weeks for what I paid for 3 upgrades I could have gotten them ALL?! That stings a bit and angers many.

As far as new hardware goes, maybe. Doesnt help me at all though as now the resale value of these scope will be hurt badly as any upgrades wont be worth nearly as much seeing as how the entire suite can be bought for $500 or the thing can be modded for free. It would be interesting to see if they did come out with new scopes as arent 2000X and 3000X series only 3 years old? Seems fast to refresh two lines of oscilloscopes. But mayeb thats where all the competition has driven things.
If at first you don't succeed, redefine success!
 
The following users thanked this post: Andrew

Offline Zucca

  • Supporter
  • ****
  • Posts: 4603
  • Country: it
  • EE meid in Itali
WOW, all the opitions for 800$ on the 3000 X-Series?

Starting April 1, 2014 ehh... April Fools' Day? I hope it is not a joke.
Probably I will spent my money for that. I want to support Agilent when it makes such a good offer to their customer, I hope other companies will follow that good example.

BTW those options are a evil business, man I know it is about money but jeeeeee I personally hate the idea to put on the market something not at the fully potential.... just decide an honest price with everything there and let it go...
Can't know what you don't love. St. Augustine
Can't love what you don't know. Zucca
 
The following users thanked this post: Andrew

Offline Kryan9

  • Contributor
  • Posts: 13
I didn't read all 28 of the pages on this thread but it seems that no one mentioned the fact that agilent has a promo on the X series that is buy one option and all other options are free. You can also jump one bandwidth up from your current purchased bandwidth. Looks like the promo ends march 31, perhaps longer too with new s scopes.
Yea its been mentioned a couple times in multiple threads, the only issue is many of us have already spent close to or more than the amount Agilent now gives all the options for. Unless there is going to be some plan for crediting those that have already bought hundreds in upgrades this upgrade "deal" just feels like spit in your face.

I get what you're saying, but not fully.  The stuff you paid for still does what you paid for it to do, and it was enough of a deal that you willingly paid for those options.

I also get that you feel you're being treated unfairly because of the dramatic cost difference between what you paid per option vs. what someone will pay per option until this deal ends.  Technology always gets cheaper, though maybe you didn't expect it to get SO cheap so quickly, I guess.

Either they are about to announce a new scope or line of scopes, or they're doing the rare "Can I More Money Overall If I Lower The Price And Sell More" test.  This is what Steam Sales prove time & time again; that more net revenue is gained by selling at a lower price.  Maybe Agilent is giving that a go. 

I'd put my money on new hardware coming soon, though.
FWIW I still havent modded my MSOX2024. I havent needed any of the upgrades I hadnt already purchased. But seeing as how I have had my scope for less than a year and in two weeks for what I paid for 3 upgrades I could have gotten them ALL?! That stings a bit and angers many.

As far as new hardware goes, maybe. Doesnt help me at all though as now the resale value of these scope will be hurt badly as any upgrades wont be worth nearly as much seeing as how the entire suite can be bought for $500 or the thing can be modded for free. It would be interesting to see if they did come out with new scopes as arent 2000X and 3000X series only 3 years old? Seems fast to refresh two lines of oscilloscopes. But mayeb thats where all the competition has driven things.

I think they're just trying to pre-empt and kill off any sales of Tektronix's new competitor, the MDO3000. With the options so cheap now, you can get a fully unlocked Agilent for half the price of the comparable Tek, even if the Tek can now have comparable performance.
 
The following users thanked this post: Andrew

Offline Sparky

  • Frequent Contributor
  • **
  • Posts: 459
  • Country: us
Sparky, let's partition the problem a bit: try booting from USB w/o any patches first (original dll, no added params in .lnk) - the scope should start normally (but slower) using files on USB.

@abyrvalg: I tried booting from 5 different USB drives.  In each case, I used original dll, .lnk and other files from the scope.  The only addition to the USB drive not from the scope is the infiniivisionStartupOverride.txt file, in the root directory.

With or without the USB drive plugged in, the scope boots in ~42sec.  It takes ~31 sec for the "Agilent Technologies" logo to appear, and then another 11-12sec until the main screen appears.  Note: I have the DSOXLAN module installed.  Without the DSOXLAN module it boots to the main screen in about 35sec.

How long (in seconds) does it take the scope to boot on 2.35 when USB drive is plugged in?  In my case, with or without USB drive the time is the same, which makes me think it is not booting from USB drive at all!  When I had "patched" DLL on USB drive, it would not boot at all.

In my case, either none of the USB drives I have are bootable, or there is something else in 2.36 that prevents boot (maybe something in the dll, or elsewhere controlling start-up).  Perhaps this is what plesa was referring to by "blocked USB booting capability".  Perhaps startupOverride txt file does not work like previous?

 
The following users thanked this post: Andrew

Online abyrvalg

  • Frequent Contributor
  • **
  • Posts: 837
  • Country: es
Sparky, looks like your test is incorrect: if you are using 100% original .lnk then it points to internal folder (\Secure\infiniiVision), so you are starting the same process just a bit differently. You need to try .lnk with modified folder path, but no feature options (they'll cause troubles with unpatched dll):
Code: [Select]
44#\usb\infiniiVision\infiniivisionLauncher.exe
 
The following users thanked this post: Andrew

Offline Sparky

  • Frequent Contributor
  • **
  • Posts: 459
  • Country: us
Sparky, looks like your test is incorrect: if you are using 100% original .lnk then it points to internal folder (\Secure\infiniiVision), so you are starting the same process just a bit differently. You need to try .lnk with modified folder path, but no feature options (they'll cause troubles with unpatched dll):
Code: [Select]
44#\usb\infiniiVision\infiniivisionLauncher.exe

Oh, of course!  My bad!  I will repeat and report back.

Update:
This time, my USB drives give different results when trying to boot. 

 - Two newest drives (Transcend 32GB "Ultra Speed" and Kingston 4GB "DataTraveler")
   Scope attempts to boot for 62 and 72 sec, respectively, and then the system reboots and tries again.  It appears the scope is really trying to read and boot from these drives, but a new protection method prevents it from doing so.  Note, this is attempting USB boot with unpatched DLL, so there is something other than DLL blocking USB boot in this v2.36 firmware.

 - Two oldest drives (SanDisk 2GB "Cruzer" and no-name 2GB)
   These don't seem to do anything; the system boots in ~45 seconds.  As far as I can tell, the scope couldn't read from these disks during boot and so it started normally.
« Last Edit: March 19, 2014, 05:53:37 pm by Sparky »
 
The following users thanked this post: Andrew

Offline Sparky

  • Frequent Contributor
  • **
  • Posts: 459
  • Country: us
I did a further test to check if the infiniivisionStartupOverride file contents had any effect.  Using my Transcend drive which appears to be the "best bet" as far as boot capability goes, I changed the "True" to "False" in the override text file.  I expected the scope to boot as normal in about 45sec.  Surprisingly, it didn't!  The system continued to try and boot for ~70sec, and then restarted.

Has anyone tested setting "False" in the text file, and did it lead to normal internal boot?  I assume this is what should happen, but would be nice to confirm.

Seems like need to investigate what might be blocking USB boot capability...

Update: Upon further testing, the contents of override file is unimportant; only its existence is checked.  Upon deleting the file, the scope boots as normal, which was the expected behavior.  The presence of the override text file is preventing boot from USB.
« Last Edit: March 19, 2014, 11:51:54 pm by Sparky »
 
The following users thanked this post: Andrew

Offline Sparky

  • Frequent Contributor
  • **
  • Posts: 459
  • Country: us
re: USB boot override

With help from another member here, so far it is thought that file "\Windows\ProcessStartupFolder.exe" is possibly responsible for blocking USB boot capability.

In v2.35 ProcessStartupFolder.exe is 12744 bytes; in v2.36 it is a bit bigger.

Unfortunately I can't copy this file off the system; 'copy' and trying to dump the file with 'type' both result in errors.  I also tried 'processMgr.exe kill' before copying and that didn't work.  This may be why Agilent haven't posted the 2.36 update online --- it would be immediate way to obtain ProcessStartupFolder.exe and inspect it.

If anyone has further suggestions for copying this file off the scope let me know and I can try.

If there is no way forward I will likely downgrade to the v2.35 firmware this weekend.
 
The following users thanked this post: Andrew

Offline plesa

  • Frequent Contributor
  • **
  • Posts: 965
  • Country: se
Did you try to kill the InfinivisionLaucher as well?
Can you post the processes running on the 2.36?
 
The following users thanked this post: Andrew

Offline Sparky

  • Frequent Contributor
  • **
  • Posts: 459
  • Country: us
Did you try to kill the InfinivisionLaucher as well?
Can you post the processes running on the 2.36?

Thanks for the suggestion.  I just tried: killed both ProcessStartupOverride and InfiniiVisionLauncher but still got error on copy:
"Cannot copy \Windows\ProcessStartupFolder.exe to \usb"
 
The following users thanked this post: Andrew

Online abyrvalg

  • Frequent Contributor
  • **
  • Posts: 837
  • Country: es
Sparky, try attrib -s -h \Windows\ProcessStartupFolder.exe, then copy, maybe some attribute prevents copiing. If attrib fails, try without -s also.

If none will work, try pulling out \Windows\cmd.exe for study - maybe there is some restriction right in the shell itself.
 
The following users thanked this post: Andrew

Offline eurofox

  • Supporter
  • ****
  • Posts: 873
  • Country: be
    • Music
Hi,

I got finally my scope and enable the trial, this ways I have all options enabled. ;

In 10 days I will have the permanent options enabled, I suppose everybody know about this promotion from Agilent. :)

eurofox
eurofox
 
The following users thanked this post: Andrew


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf