Author Topic: DSOX2000 and 3000 series - licence , have anyone tried to hack that scope ?  (Read 1249316 times)

0 Members and 8 Guests are viewing this topic.

Offline Howardlong

  • Super Contributor
  • ***
  • Posts: 5411
  • Country: gb
user: "infiniivision"
pass: "skywalker1977"+hash(ModelName, SerialNumber, MACAddress)

Need to figure out how to hash that data exactly

Please don't, I don't need to buy any more scopes!
 
The following users thanked this post: Andrew

Offline memset

  • Regular Contributor
  • *
  • Posts: 137
  • Country: ru
Apart from that I don't think we know if it is possible to activate the options like that on a T model.
I think it's all the same.
 
The following users thanked this post: Andrew

Offline memset

  • Regular Contributor
  • *
  • Posts: 137
  • Country: ru
:memset  - Is strapping for 1Ghz the same as for 350/500Mhz ? I was under this impression..

:Memset  - Do you happen to have the values of your original parts in 3000A scope so I can compare it with mine's? I looked in the thread but I did see just values for upper bandwidth scopes.

Strapping description:
https://www.eevblog.com/forum/testgear/dsox2000-and-3000-series-licence-have-anyone-tried-to-hack-that-scope/msg980404/#msg980404

Some values for 100/200MHz and 350/500Mhz frontends:
https://www.eevblog.com/forum/testgear/dsox2000-and-3000-series-licence-have-anyone-tried-to-hack-that-scope/msg987126/#msg987126

For 3000-series there are 3 types for frontend:
- 100/200MHz - software upgradeable
- 350/500MHz - also software upgradeable
- 1GHz

You can jump from 100MHz to 200MHz (or from 350MHz to 500MHz) via the license, but you can't jump from 100/200 to 350 or 500 or 1GHz without board replacement or HW mod.
Note that for 3000X-series and up: 100MHz scope would be strapped to 200MHz and 350MHz scope would be strapped to 500MHz.
« Last Edit: January 17, 2017, 10:54:36 am by memset »
 
The following users thanked this post: Andrew

Offline memset

  • Regular Contributor
  • *
  • Posts: 137
  • Country: ru
Please don't, I don't need to buy any more scopes!

Why not? Buying scopes is fun!

I think I saw some code example there:
https://repl.it/FLUQ
http://pastebin.com/2NJjMTxQ

Not sure whether it works or not.
 
The following users thanked this post: Dubbie, Andrew, cgroen, raileon

Online cgroen

  • Supporter
  • ****
  • Posts: 650
  • Country: dk
    • Carstens personal web
Please don't, I don't need to buy any more scopes!

Why not? Buying scopes is fun!

I think I saw some code example there:
https://repl.it/FLUQ
http://pastebin.com/2NJjMTxQ

Not sure whether it works or not.

It does :)
Thanks !!!
 
The following users thanked this post: Andrew, ELIK

Offline Howardlong

  • Super Contributor
  • ***
  • Posts: 5411
  • Country: gb
I predict a rapid sales rise in the MSOX3014T.
 
The following users thanked this post: Andrew

Online cgroen

  • Supporter
  • ****
  • Posts: 650
  • Country: dk
    • Carstens personal web
I predict a rapid sales rise in the MSOX3014T.

Oh yes, I could have saved a good amount of money going with a 100MHz and no APP2BNDL  :-DD
Anyway, no regrets, its a wonderful scope !!

EDIT: But boy it would be wonderful to get 500 MHz, I did not in the first place as that was a major price increase, but would be very very nice....
« Last Edit: January 17, 2017, 02:02:52 pm by cgroen »
 
The following users thanked this post: Andrew

Online TheSteve

  • Supporter
  • ****
  • Posts: 3781
  • Country: ca
  • Living the Dream
I predict a rapid sales rise in the MSOX3014T.

Oh yes, I could have saved a good amount of money going with a 100MHz and no APP2BNDL  :-DD
Anyway, no regrets, its a wonderful scope !!

EDIT: But boy it would be wonderful to get 500 MHz, I did not in the first place as that was a major price increase, but would be very very nice....

It is starting to look like this might be a possible reality. Can you give us details on the internal file structure of the "T" series.
The hardware mod to 500 MHz so far looks identical to the 3000A series.
VE7FM
 
The following users thanked this post: Andrew

Offline Dubbie

  • Supporter
  • ****
  • Posts: 1115
  • Country: nz
So I have logged into my 3024T!

The python script worked great.

I used infiniivision for the username and the hash as the password

Now what?
 
The following users thanked this post: Andrew

Offline TopLoser

  • Supporter
  • ****
  • Posts: 1925
  • Country: fr
So I have logged into my 3024T!

The python script worked great.

I used infiniivision for the username and the hash as the password

Now what?

Let the game commence!
 
The following users thanked this post: Andrew

Offline Howardlong

  • Super Contributor
  • ***
  • Posts: 5411
  • Country: gb
So I have logged into my 3024T!

The python script worked great.

I used infiniivision for the username and the hash as the password

Now what?

Let the game commence!

How much for that scope you mentioned under your desk?
 
The following users thanked this post: Andrew

Offline Dubbie

  • Supporter
  • ****
  • Posts: 1115
  • Country: nz
If I understand correctly I can get 350Mhz without any hardware modifications, is that correct?

If that is the case, what is the command for that? -bw35?
 
The following users thanked this post: Andrew

Offline TopLoser

  • Supporter
  • ****
  • Posts: 1925
  • Country: fr
So I have logged into my 3024T!

The python script worked great.

I used infiniivision for the username and the hash as the password

Now what?

Let the game commence!

How much for that scope you mentioned under your desk?

A lot less than you can buy it anywhere else, but there's a sale pending so I won't be listing it for a couple of days.
 
The following users thanked this post: Andrew

Offline tautech

  • Super Contributor
  • ***
  • Posts: 29492
  • Country: nz
  • Taupaki Technologies Ltd. Siglent Distributor NZ.
    • Taupaki Technologies Ltd.
If I understand correctly I can get 350Mhz without any hardware modifications, is that correct?

If that is the case, what is the command for that? -bw35?
Can I sense which of your instruments will get improved next ?  :box:
Avid Rabid Hobbyist.
Some stuff seen @ Siglent HQ cannot be shared.
 
The following users thanked this post: Andrew

Offline TopLoser

  • Supporter
  • ****
  • Posts: 1925
  • Country: fr
If I understand correctly I can get 350Mhz without any hardware modifications, is that correct?

If that is the case, what is the command for that? -bw35?

No, you can get a maximum of 200MHz with a stock 3024 or 3014, you need a stock 3034 if you want to push it to 500MHz without hardware mods. That's my understanding anyway...
 
The following users thanked this post: Andrew

Offline Dubbie

  • Supporter
  • ****
  • Posts: 1115
  • Country: nz
Ah ok, Well in that case, onto the Hardware mods.

Need to find those Teledyne relays!
 
The following users thanked this post: Andrew

Online TheSteve

  • Supporter
  • ****
  • Posts: 3781
  • Country: ca
  • Living the Dream
I am thinking the MSO feature will not be lost if a T series 100/200/350/500 MHz scope is strapped for 1 GHz. The T series uses a single part number for the MSO upgrade. The A series used two numbers, one for the 100-500 MHz scopes and one for the 1 GHz. I expect the two versions use different licenses which could explain why the MSO feature was no longer enabled when memset tried it.
VE7FM
 
The following users thanked this post: Andrew

Online TheSteve

  • Supporter
  • ****
  • Posts: 3781
  • Country: ca
  • Living the Dream
Ah ok, Well in that case, onto the Hardware mods.

Need to find those Teledyne relays!

The relays are only needed if you want to go to 1 GHz - if 500 MHz is enough then the existing mod for the 3000A series should be fine. Of course I think we'd all like to go to 1 GHz - assuming we can determine the proper capacitor values(and get the relays).
VE7FM
 
The following users thanked this post: Andrew

Offline TopLoser

  • Supporter
  • ****
  • Posts: 1925
  • Country: fr
I am thinking the MSO feature will not be lost if a T series 100/200/350/500 MHz scope is strapped for 1 GHz. The T series uses a single part number for the MSO upgrade. The A series used two numbers, one for the 100-500 MHz scopes and one for the 1 GHz. I expect the two versions use different licenses which could explain why the MSO feature was no longer enabled when memset tried it.

I can test that theory if needed....
 
The following users thanked this post: Andrew

Online cgroen

  • Supporter
  • ****
  • Posts: 650
  • Country: dk
    • Carstens personal web
I predict a rapid sales rise in the MSOX3014T.

Oh yes, I could have saved a good amount of money going with a 100MHz and no APP2BNDL  :-DD
Anyway, no regrets, its a wonderful scope !!

EDIT: But boy it would be wonderful to get 500 MHz, I did not in the first place as that was a major price increase, but would be very very nice....

It is starting to look like this might be a possible reality. Can you give us details on the internal file structure of the "T" series.
The hardware mod to 500 MHz so far looks identical to the 3000A series.


Attached is a dump of the file structure of my MSOX3024T (3 months old approx). Scope has all features enabled (APP2BNDL).
The folder \Secure\System\Licensing\Store has been changed by me, there was a list of hex keys (I guess) and I changed these to something else.


 
The following users thanked this post: Andrew

Online PA0PBZ

  • Super Contributor
  • ***
  • Posts: 5223
  • Country: nl
Attached is a dump of the file structure of my MSOX3024T (3 months old approx).

So, the infiniivisionlauncher.exe is missing from the \Secure\infiniiVision folder:

Code: [Select]
Directory of \Secure\infiniiVision

10/18/11  08:47p    <DIR>                    web
10/18/11  08:47p    <DIR>                    fpga
10/06/16  04:48p                     1152032 splashImage.bin
12/29/15  10:27a                      105160 symbols.tte
12/29/15  10:27a                        1891 usbDemoData.html
12/29/15  10:27a                      822702 usbDemoDataEye.png
12/29/15  10:27a                      822702 usbDemoDataPlot.png

Found 7 file(s). Total size 2904487 bytes.

But apart from the Program Files\infiniiVision folder there is another infiniivisionlauncher.exe in the \Windows folder... Interesting.
Can you show the content of the infiniivision.lnk in the \Secure\Startup folder? I bet it is pointing to the launcher in Program Files.


Keyboard error: Press F1 to continue.
 
The following users thanked this post: Andrew

Online cgroen

  • Supporter
  • ****
  • Posts: 650
  • Country: dk
    • Carstens personal web
Attached is a dump of the file structure of my MSOX3024T (3 months old approx).

So, the infiniivisionlauncher.exe is missing from the \Secure\infiniiVision folder:

Code: [Select]
Directory of \Secure\infiniiVision

10/18/11  08:47p    <DIR>                    web
10/18/11  08:47p    <DIR>                    fpga
10/06/16  04:48p                     1152032 splashImage.bin
12/29/15  10:27a                      105160 symbols.tte
12/29/15  10:27a                        1891 usbDemoData.html
12/29/15  10:27a                      822702 usbDemoDataEye.png
12/29/15  10:27a                      822702 usbDemoDataPlot.png

Found 7 file(s). Total size 2904487 bytes.

But apart from the Program Files\infiniiVision folder there is another infiniivisionlauncher.exe in the \Windows folder... Interesting.
Can you show the content of the infiniivision.lnk in the \Secure\Startup folder? I bet it is pointing to the launcher in Program Files.

Here you go Paul:


\> type secure\startup\infiniivision.lnk
56#"\Program Files\infiniiVision\infiniivisionLauncher.exe"
\>


 
The following users thanked this post: Andrew

Online cgroen

  • Supporter
  • ****
  • Posts: 650
  • Country: dk
    • Carstens personal web
This is the "about" screen from my scope with firmware version number etc:

 
The following users thanked this post: Andrew

Online PA0PBZ

  • Super Contributor
  • ***
  • Posts: 5223
  • Country: nl
As I expected it starts the launcher in the Program Files folder.

If you feel like doing a little experiment you can try the following:

taskkill /im infiniivisionLauncher.exe

\windows\infiniivisionlauncher.exe -bw35

Your hardware is not 350MHz but I wonder if it will show the 350MHz on the info screen, and also it could warn about 'unfinished software' like it does on the non-T version.

After that reboot the scope or kill the launcher again and start the one in Program Files\infiniiVision.
Keyboard error: Press F1 to continue.
 
The following users thanked this post: Andrew

Online cgroen

  • Supporter
  • ****
  • Posts: 650
  • Country: dk
    • Carstens personal web
As I expected it starts the launcher in the Program Files folder.

If you feel like doing a little experiment you can try the following:

taskkill /im infiniivisionLauncher.exe

\windows\infiniivisionlauncher.exe -bw35

Your hardware is not 350MHz but I wonder if it will show the 350MHz on the info screen, and also it could warn about 'unfinished software' like it does on the non-T version.

After that reboot the scope or kill the launcher again and start the one in Program Files\infiniiVision.

I'm not able to execute "taskkill" ? If I search for taskkill as an exe it is not found, and it is also not listed as a builtin command in the telnet ??
 
The following users thanked this post: Andrew


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf