Siglent SDS2000X Plus Hack

[maxspb69]

Thanks, now please attach your firmdata0\sys_cfg.cfg.

How can I get this data?

[maxspb69]

My sys_cfg.cfg attached

[tv84]

This is the parsing:

Code: [Select]

Reversing 1st part of the file [00000000-00000CF7]...
XORing with 0xFF (incrementing pattern)...
XORing with 0xFF from 0x0000067C until 0x00000CF7

00000000 - Main Checksum: FFFFB5F9 [00000004-00000CF7]  CKSM OK
00000008 - Product_Type: AKIP
00000028 - CFG Type: SDS2000X Plus
0000003C - Manufacturer_Name: ????????
00000047 - CFG Flag_LongMemory: 00
00000048 - Product_ID: 15100
0000004C - Logo Image Size: 00000000 (0 pixels)
00000050 - USB_Prod_ID_PTP: EE39
00000052 - USB_Prod_ID_RAW: EE38
00000054 - USB_Prod_ID_TMC: EE3A
00000056 - USB_Vendor_ID: F4EC
00000058 - Prefix: AKIP
0000005C - Logo_Manufacturer: Siglent
0000009C - CFG Flag_pic_machine: 01
0000009D - CFG Flag_sys_machine: 01
0000009E - CFG Flag_____USB_TMC: 01
0000009F - CFG Flag___SCPI/ERES: 01
000000A0 - CFG Fl_invert/neuter: 00
000000A1 - CFG Flag___skew/gate: 00
000000A2 - CFG Flag____vxi/roll: 01
000000A3 - CFG Flag___________A: 00    not_used(?)
000000A4 - CFG Flag___lang_mask: 1800
000000A6 - CFG Flag__lang_total: 11
000000A7 - CFG Flag_mach_series: 00
000000A8 - Machine Name  20 MHz:
000000B7 - Machine Name  40 MHz:
000000C6 - Machine Name  60 MHz:
000000D5 - Machine Name 100 MHz: ????????-4129
000000E4 - Machine Name 150 MHz:
000000F3 - Machine Name 200 MHz: ????????-4129
00000102 - Machine Name 250 MHz:
00000111 - Machine Name 300 MHz: ????????-4129
00000120 - Machine Name  50 MHz:
0000012F - Machine Name  70 MHz: ????????-4129
0000013E - CFG Flag___BW_change: 00
0000013F - CFG Flag_hide_set_BW: 01
00000140 - Machine Name 350 MHz: ????????-4129
0000014F - Machine Name 500 MHz: ????????-4129
0000015E - Machine Name 750 MHz: ????????-4129
0000016D - Machine Name1000 MHz: ????????-4129

This is from a "normal" Siglent:

Code: [Select]

Reversing 1st part of the file [00000000-00000CF7]...
XORing with 0xFF (incrementing pattern)...
XORing with 0xFF from 0x0000067C until 0x00000CF7

00000000 - Main Checksum: FFFFD397 [00000004-00000CF7]  CKSM OK
00000008 - Product_Type: SIGLENT
00000028 - CFG Type: SDS2000X Plus
0000003C - Manufacturer_Name: SIGLENT
00000047 - CFG Flag_LongMemory: 00
00000048 - Product_ID: 15100
0000004C - Logo Image Size: 00000000 (0 pixels)
00000050 - USB_Prod_ID_PTP: EE39
00000052 - USB_Prod_ID_RAW: EE38
00000054 - USB_Prod_ID_TMC: EE3A
00000056 - USB_Vendor_ID: F4EC
00000058 - Prefix: SDS
0000005C - Logo_Manufacturer: Siglent
0000009C - CFG Flag_pic_machine: 01
0000009D - CFG Flag_sys_machine: 01
0000009E - CFG Flag_____USB_TMC: 01
0000009F - CFG Flag___SCPI/ERES: 01
000000A0 - CFG Fl_invert/neuter: 00
000000A1 - CFG Flag___skew/gate: 00
000000A2 - CFG Flag____vxi/roll: 01
000000A3 - CFG Flag___________A: 00    not_used(?)
000000A4 - CFG Flag___lang_mask: 1800
000000A6 - CFG Flag__lang_total: 11
000000A7 - CFG Flag_mach_series: 00
000000A8 - Machine Name  20 MHz:
000000B7 - Machine Name  40 MHz:
000000C6 - Machine Name  60 MHz:
000000D5 - Machine Name 100 MHz: SDS2104X Plus
000000E4 - Machine Name 150 MHz:
000000F3 - Machine Name 200 MHz: SDS2204X Plus
00000102 - Machine Name 250 MHz:
00000111 - Machine Name 300 MHz: SDS2304X Plus
00000120 - Machine Name  50 MHz:
0000012F - Machine Name  70 MHz: SDS2074X Plus
0000013E - CFG Flag___BW_change: 00
0000013F - CFG Flag_hide_set_BW: 01
00000140 - Machine Name 350 MHz: SDS2354X Plus
0000014F - Machine Name 500 MHz: SDS2504X Plus
0000015E - Machine Name 750 MHz:
0000016D - Machine Name1000 MHz:

So, I suggest your replace your file with the one attached.

Sync and reboot.

Let's see what happens.

[maxspb69]

Somehow I'm afraid. Will it make a brick? There's a possibility?

[tv84]

I don't see how that could happen. But it's your call.

[maxspb69]

Ok, thank You! I try replace...
And please, send me /usr/bin/siglent/firmdata0/splash.gif file from "original siglent". This file is the boot splash logo. There is also a 'splash' file (without extension). What is it? Maybe they should be replaced together?

[tv84]

First change the cfg. After that we'll deal with the splash.

[maxspb69]

Done!
The 'Мodel' and saved file name template have changed!
It remains to change the splash (it's clear how to do it) and the little banner "AKIP" at the top right of the screen (if it possible).

[tv84]

 

Now it's time for another member to share their splash image file. I think I don't have one here.

[maxspb69]

tv84, many thanks for the help!

[maxspb69]

By the way, replacing the splash.gif file doesn't change anything. The boot splash screen remains the same. What could be the problem?

[tv84]

NAND map:

Code: [Select]

0x000000000000-0x000000780000 : "fsbl"               "BOOT.bin"       "mtd0"
0x000000780000-0x000000b80000 : "kerneldata"         "uImage"         "mtd1"
0x000000b80000-0x000000c00000 : "device-tree"        "devicetree.dtb" "mtd2"
0x000000c00000-0x000001100000 : "Manufacturedata"
0x000001100000-0x000001600000 : "reserved1"
0x000001600000-0x000002a00000 : "rootfs"
0x000002a00000-0x000003400000 : "firmdata0"          "firmdata0.img"  "mtd6"
0x000003400000-0x00000a200000 : "siglent"            "siglent.img"    "mtd7"
0x00000a200000-0x00000fc00000 : "datafs"             "datafs.img"     "mtd8"
0x00000fc00000-0x000010000000 : "reserved2"          "rootfs.cramfs"  "mtd9"
Can you make a NAND dump?

Maybe it is in the "Manufacturedata" MTD.

Or are rendered strings...

[maxspb69]

I don't want to completely lose the warranty by opening the device. Therefore, I cannot make a nand dump. However, if only a splash remains of the localization, it's also not bad, the main thing is that the names of the saved files are now more adequate!
It is strange that the most obvious thing caused difficulties (replacement of a splash)

And I corrected the caption in the upper right corner of the screen. 

[maxspb69]

tv84, can I dump mtd3 'Manufacturedata'  or full NAND dump via telnet without opening the device?

[Martin72]

I don't want to completely lose the warranty by opening the device.

There are several methods to remove the warranty sticker without damage..

[sdouble]

A feedback about my unit which was (almost) DOA. I sent it back to the seller mid of December. They waited until Jan 6th to send it back to Siglent Germany. I got a phone call yesterday. The unit is repaired which is good news. The person in charge did not know what the problem was. However, he told me that Siglent noticed that the scope had been hacked  but they concluded that my problem was unrelated to the hack. Thus they repaired the scope under warranty and will get it back to me next week.
  

I recently bought 2 units for the lab.I could find some time last Friday to hack them.
it worked well for the 1st unit. I also unlock the second one. Things happened to work flawlessly too but right after the process, the scope simply turned off and never turned on again.
Did anybody face such an issue ?

might be just a doa unit.. if you didnt do anything internally with the OS and was just keys through the UI that wouldnt have caused that

hard call to say if you should even open it up and try the uart port.. if it seems completely dead you are probly better off getting an exchange

[jemangedeslolos]

It is nice from Siglent 

[jemangedeslolos]

Now it's time for another member to share their splash image file. I think I don't have one here.

It is time for a tv84 splash screen 

[Martin72]

However, he told me that Siglent noticed that the scope had been hacked  but they concluded that my problem was unrelated to the hack. Thus they repaired the scope under warranty and will get it back to me next week.

This is a very important thing to know and should be marked on top - Thankyou for sharing !!!! 

[Peter_O]

Just purchased a SDS2104x PLUS , (and it came with SDS2000X Plus Firmware - 1.3.7R5 )
[...]
Scope now reports on screen as a SDS2504X PLUS , I didn't need to go near a computer connection, all done on the 'scope screen.

+1
Still seems to work fine.  :-)
Thx a lot!

[KungFuJosh]

Has anybody figured out the splash screen yet?

[tv84]

Here is a script to do a NAND dump.  (copied from the SVA one)

Not tested yet.

Don't blame me if anything explodes!

[maxspb69]

tv84,  thanks! I need to get up the courage and decide to bet $ 2,000   
I'll think about whether it's worth the risk to replace the splash screen 

[21KUZY073]

Hi, I bought SDS2102X+ Software updated to 1.3.7R5. Successfully updated to 200MHz so now there is written SDS2202X Plus in "System Setting".
How to upgrade to 350MHz? There is no "Option Type" in "Options" menu I can chose and where to put the key I have.
I tested 470MHz sinus and I can see the wave correctly so I do not understand what will change after 350MHz upgrade but if possible I want to test it.


Thanks.

[KeBeNe]

use SCPI commend "MCBD", e.g. "MCBD your BW-Key" and send