DSOX2000 and 3000 series - licence , have anyone tried to hack that scope ?

[oaba]

Hi Lads.
I have tried to connect with telnet. DSOX4024A
But I am getting an error message "Could not open connection to the  host on port 23: Connect failed."
I had ping response on the address.
I wouldlike to download the Secure\startup\infiniivision.lnk   

[oaba]

Figured.
I can connect with telnet during the boot of the scope.

[oaba]

But still have a question.
Installed the patched firmware with the infiniivision.lnk file.
But still not geting extra upgrades.
this is in the lnk file
84#"\Program Files\infiniiVision\infiniivisionLauncher.exe" -l D4000BDLA -l WAVEGEN

[Hexley]

But still not geting extra upgrades.
this is in the lnk file
84#"\Program Files\infiniiVision\infiniivisionLauncher.exe" -l D4000BDLA -l WAVEGEN

Wrong character count. Try 80#"\Program Files\infiniiVision\infiniivisionLauncher.exe" -l D4000BDLA -l WAVEGEN

[oaba]

But still not geting extra upgrades.
this is in the lnk file
84#"\Program Files\infiniiVision\infiniivisionLauncher.exe" -l D4000BDLA -l WAVEGEN

Wrong character count. Try 80#"\Program Files\infiniiVision\infiniivisionLauncher.exe" -l D4000BDLA -l WAVEGEN

I will try try it so. I did not know that is the character count. Thanks

[oaba]

Thanks. That was it.

[oaba]

Hi Lads again.
I was using BW50. But still I have 200Mhz. The rest of the options are working.
And I do not see that listed.

[2N3055]

Hi Lads again.
I was using BW50. But still I have 200Mhz. The rest of the options are working.
And I do not see that listed.

You didn't read enough.

100 and 200 MHz are first variation of hardware. 350 and 500 MHz are second one, and 1GHz is a third variation.
You cannot go to 350/500 Mhz without hardware changes on the mainboard.

[oaba]

How the software will know you have a 1GHZ hardware?
Even if you replaced the relays, caps, resistors.
Is there a jumper?

[2N3055]

How the software will know you have a 1GHZ hardware?
Even if you replaced the relays, caps, resistors.
Is there a jumper?

Yes.
There is a whole separate topic on it. I'm not going to answer sentence by sentence what is a 20 pages book somenone else wrote. Just go there and read.
And I will disappoint you: going to 1 GHz is very hard to do...
going to 500 Mhz is easier but still risky business.
You need to be experienced and know what you doing.

[Venturi962]

The release notes for 7.50 state that the Aux -V / Symbols issue was addressed in the firmware:

"- Corrected firmware update failure (AUX-V) "

Attached the Release Notes as well.  This seems to be a 3000T / 4000X Firmware only.

[Hexley]

7.50 upgrade on a 4000X went smoothly. Thanks, PhllyFlyers.

[Sievil]

4054A works, 

[molin]

The link to the 2.35 version FW in this post (https://www.eevblog.com/forum/testgear/dsox2000-and-3000-series-licence-have-anyone-tried-to-hack-that-scope/msg2136181/#msg2136181) is broken. It reports only "403 Forbidden".
Would someone please share the 2.35 FW?
Or does the guide work with other FW versions as well (even though the guide indicates that newer versions do not boot from USB)

Thanks for a great guide!

[felixsys]

Just bought a 3024T .. Has anyone updated this oscilloscope to 500 mhz? Soft upgrade is not possible. I think there's some components to modify/add on the frontend board.
all feedbacks will be appreciated!

[hugos31]

thanks  PhillyFlyers  ...worked on my DSOX1102G

[wutieru]

Does anyone have a schematic for the DSX3000?

[moloko]

I have been thinking recently about selling my DSOX 2002 (which is patched to max specs). Is there any way to restore the original configuration (bandwidth, etc.) before selling it?

[Mr. Scram]

The official stance is that if something comes in modified the warranty doesn't hold. You also might think about a DSOX1204A/G over the DSOX2004A?

Please note that this doesn't hold in the EU. Warranty can only be denied if the defect was a result of the modifications of the owner, and this can be reasonably demonstrated. General handwaving and assumptions that any change would lead to the defect are not acceptable under EU warranty laws.

[knotlogic]

Apologies for going somewhat off topic on this, but I figured this would be the best place to ask for advice.

I'm looking to buy a scope.  Had my eye on a fully loaded used MSOX2024A from the Keysight eBay store, but have had a busy time the past 1.5 years.  Now that I'm finally getting around to it, I see the prices have shot up about 50%.

Plan B, and where this thread becomes relevant, is that I hunt for a DSOX20x4A and used a patched firmware.  But on that I have questions, and I was really hoping to benefit from the experience of people who have actually done this or something like it:

Realistically, how much risk is there in doing the hack?  From what I've been reading it's now dead simple.  And if I understand correctly, we don't even need to telnet into the scope anymore?  Just install the firmware from USB?

Is flash corruption still an issue with some units?  I remember there was a thing a few years back about scopes suddenly not being able to boot anymore.  I think that was flash related, and I know that at the time there was some sort of support from Keysight, but I figure that's long past.  Was the cause ever identified?

At the end of the day, do you think I might be better off taking the hit on Keysight's new prices and buying from their eBay store.  I realise that's hard to qualify given it's impossible to predict what the alternatives are.  (And yes, I've read about their new B2B only policy).  The plus points that I can see are there are less likely to be any issues with the scope, they come with full options enabled,  and they come with at least a 30 day warranty.  The minus is they don't come with accessories, so that would be an additional cost.  Though the lack of accessories would probably be the case with other sellers as well.

On a related note, are the logic probes easy to find?

My biggest worry is ending up with a dead unit that's beyond my ability to fix.  So I could really use the advice on what I should look out for or avoid.

[Mike112]

Hey guys I have a 3000 series scope with a typical nand flash issue and I've been trying to get it to boot with no luck so far. I was hoping someone may be able to shed some light on whether I can get it back or not. I have been trying to use the method that titirus put together. So far I have made the nk.nb0 file and uploaded it to the scope as well as prepared a boot USB that is attached to the scope. Im pretty sure the problem is that the scope is is looking for the startup file on the scope rather than from the usb drive.

Code: [Select]

U-Boot 2010.03 (Jan 26 2011 - 12:37:34)Agilent P500

CPU:   SPEAr600
DRAM:  128 MiB
Flash: 512 KiB
NAND:  128 MiB
In:    serial
Out:   serial
Err:   serial
SerNum:serial number not programmed
Chip:  BD Board Rev: 4
Net:   smsc
Press space to stop autoboot:  0
p500> loady 0x0361000 115200
## Ready for binary (ymodem) download to 0x00361000 at 115200 bps...
CCxyzModem - CRC mode, 1(SOH)/19482(STX)/0(CAN) packets, 5 retries
## Total Size      = 0x013064d4 = 19948756 Bytes
p500> go 0x00362000
## Starting application at 0x00362000 ...
Windows CE Kernel for ARM (Thumb Enabled) Built on Jan 24 2013 at 14:52:37
Setting up for a Cold Reboot
Done Setting up for a Cold Reboot
Windows CE Firmware Init
BSP 1.0.0 for the SPEARHEAD600AB board (built Jun 18 2013)
Adaptation performed by ADENEO (c) 2005
+OALIntrInit
-OALIntrInit(rc = 1)
Initialize driver globals Zeros area...
pDrvGlobalArea 0xa0060000  size 0x800 (0xa0060800 -0xa0060000)
Initialize driver globals Zeros area...done
 OALKitlStart
Firmware Init Done.
OALIoctlHalEnterI2cCriticalSection init i2c cs
ERROR: C:\WINCE600\PLATFORM\COMMON\SRC\SOC\STM\SPEARHEAD600\DRIVERS\GPIO\.\sh600_gpio_hw.cpp line 170: GPB driver, RegQueryDword('ISTPriority') failed, status:2
ERROR: C:\WINCE600\PLATFORM\COMMON\SRC\SOC\STM\SPEARHEAD600\DRIVERS\GPIO\.\sh600_gpio_hw.cpp line 170: GPB driver, RegQueryDword('ISTPriority') failed, status:2
++SER_Init: context Drivers\Active\14
SER_Init, dwIndex:2
SER2 got sysintr:0x00000017
SER2 Serial Port, new baud rate:0x1c200  (UARTCLK:48000000 IBRD:0x1a FBRD:0x2)
OHCI\system.c, GCFG_USBH1_SW_RST
OHCI\system.c, GCFG_USBH2_SW_RST
-EDeviceLoadEeprom 00:30:D3:1D:28:B4
Phy found addr 31 (ticks=2582)
WaitForLink Start (ticks=2583)
No Link (ticks=3586)
<--EDeviceInitialize

GMAC DMA status register = 0x0
BALDWIN_DDI: cBaldwinHwIf::Init: Initializing...
BALDWIN_DDI: cBaldwinHwIf::Init: Scope successfully identified.
BALDWIN_DDI: cBaldwinHwIf::Init: Success!
Running infiniiVisionInstallHelper
ERROR: OALIoCtlHalGetDeviceInfo: Device doesn't support IOCTL_HAL_GET_DEVICE_INFO::SPI_GETBOOTMENAME
Failed to start/configure network.
Time for NANDFLASH to load: 0 ms.
Time for SNANDFLASH to load: 0 ms.
Starting ProcessStartupFolder
running \Secure\Startup\infiniivision.lnk...
System.MissingMethodException: Can't find an Entry Point 'RegisterNativeCompactLicensingCallbacks' in a PInvoke DLL 'Agilent.Cdf.Api.Unmanaged.dll'.
   at Agilent.Cdf.Api.Licensing.Compact.LicenseSupervisor.g.a.c()
   at Agilent.Cdf.Api.NativeInterop.RegisterNativeCallbacks()
   at Agilent.InfiniiVision.infiniiVisionLauncher.Main(String[] args)

Ending ProcessStartupFolder
The part that im looking at is:

Starting ProcessStartupFolder
running \Secure\Startup\infiniivision.lnk

shouldn't it be trying to find it on the usb?  If anyone has some ideas of where Im going wrong that would be greatly appreciated. Ive tried 2 different usb sticks formatted to FAT but maybe I did something wrong with the code?

[Bud]

I do not think booting from usb works anymore. At some firmware release version that was taken off.

[Mike112]

Hmm I don't know if this scope ever had its firmware updated, ill have to check. Is the only other way to try and source a lan card?

[Bud]

But you are booting from the memory using image you uploaded via Ymodem. Perhaps you need to upload one of the older images that can read startup folder from USB.

[TheSteve]

Could be a firmware version mismatch - try images from older firmware versions.