Sniffing the Rigol's internal I2C bus

[samertje]

Hey guys,

All of this hacking is so awesome! Special thanks to all who did the great work.

After research on this forum, I bought the DS1052E and upgraded the firmware to make a DS1102E. Till this day, the scope is operating perfectly.

My next purchase will be a Rigol DS2xxxA-S series (with waveform generator). Is it possible to hack these as well?
What about the Rigol spectrum analyzers and function generators?

Cheers from Rotterdam,
Sam

[hammy]

My next purchase will be a Rigol DS2xxxA-S series (with waveform generator). Is it possible to hack these as well?
What about the Rigol spectrum analyzers and function generators?

  

Use the search, please!

[mrflibble]

My next purchase will be a Rigol DS2xxxA-S series (with waveform generator). Is it possible to hack these as well?
What about the Rigol spectrum analyzers and function generators?

  

Use the search, please!

Free service of the day. Use google, and search for: site:www.eevblog.com/forum/testgear/sniffing-the-rigol's-internal-i2c-bus <whatever_you_are_looking_for>.

Happy searching.

[hari]

rigol ds2xxxa-s? Look here: http://lmgtfy.com/?q=+site%3Awww.eevblog.com%2Fforum%2Ftestgear%2Fsniffing-the-rigol%27s-internal-i2c-bus+ds2072a-s

[georges80]

[SOLVED] Ok, I must be doing something stupid or missing a step:

VERY recently purchased a DSA815 with the TG option installed. It currently has trial (since it's new) keys for all the options other than 10Hz RBW.

I run the riglol program (also tried the owl website) and they generate the same key for option AAAD using the serial number (DSA8A....) that is on the back of the DSA (which matches the serial number on the System Info screen).

I try to send the key via my lan connection via SCPI as:

syst:lkey RAJ.....

all 28 characters with no spaces or '-' in the key.

The DSA squawks and says invalid key. Running version 00.01.07 firmware.

I've read a lot of this thread and nothing obvious pops up - my brain must be seized up I guess.

So where/what am I messing up? TIA.
[/SOLVED]

AND my mistake - after searching more and more in this thread... Can't use SCPI to send the keys, have to enter them MANUALLY on the front panel. Just activated the 10Hz RBW, yippee. Now to manually enter the other license keys.

Thanks to ALL that contributed to this excellent thread.

cheers,
george.

[KA3YAN]

Interesting, I've had 482 downloads of my 2072A unlocking guide.

Hopefully it is proving useful to people.

I'm not sure I could have done it without your help!  Seriously, I was lost trying to follow this forum.  Your guide was exactly what I needed.  Step-by-step.  Thanks dude!

[MatCat]

Finally got my DS1074Z-S yesterday, put in the proper code, and all works perfectly!  Thanks!

[Giggy]

Interesting, I've had 482 downloads of my 2072A unlocking guide.

Hopefully it is proving useful to people.

I'm not sure I could have done it without your help!  Seriously, I was lost trying to follow this forum.  Your guide was exactly what I needed.  Step-by-step.  Thanks dude!

Cheers man, good to know.

[tom66]

Is the procedure for DS1074Z hacking similar to DS2072A? Do you need the modified firmware?

[samertje]

So there's nobody who can confirm the upgrade of a DS2072A-S?
Sorry, I always get lost on forums.

[ZeroAviation]

To the folks that did the work on the keygen and finding the private keys in memory. I'm curious, what are your backgrounds? How did you get to the point to being able to turn HEX into ASM? I'm sure you used IdaPro, but where do you even being to start understanding the different platforms? I'm sure you are professionals in the field.

In short, how do we become like you?

-Matt

[gmb42]

Not related to what happened with the Rigol firmware, but look at https://microcorruption.com/ for an on-line game about cracking firmware with a debugger.

Warning, can be addictive.

[cybermaus]

Which is such an obvious ploy to find talented new hires that it may not be and just be some sort of marketing for wannabees.

[Rigby]

Is the procedure for DS1074Z hacking similar to DS2072A? Do you need the modified firmware?

No, No.

So there's nobody who can confirm the upgrade of a DS2072A-S?
Sorry, I always get lost on forums.

I upgraded my DS1074Z-S and the sig-gen kept right on working.

[tom66]

So, it is through the normal Cybernet keygen?
I'll probably place the order tonight for a DS1074Z to be upgraded to 100MHz.

[G4RKO]

Just got my DS2072A today - wading through the 286 page user guide before I attempt an upgrade. I have read this thread in its entirety and can only marvel at the fantastic work done by a team of very talented people. One thing occurs, if for any reason my 2072A needs to go back to the supplier for repair is there anyway that the upgrade can be easily reversed? Thanks for any comments.
 A Newbie!

[Giggy]

Just got my DS2072A today - wading through the 286 page user guide before I attempt an upgrade. I have read this thread in its entirety and can only marvel at the fantastic work done by a team of very talented people. One thing occurs, if for any reason my 2072A needs to go back to the supplier for repair is there anyway that the upgrade can be easily reversed? Thanks for any comments.
 A Newbie!

Theres an uninstall command for options and then you just install regular firmware.

[SteveK]

First time poster.  Thought I share my observations with the key generators posted here and give another data point.  I have one of the original DS2102s (not the A version).  Details of my scope are:

Model:  DS2102
S/N: DS2A152270xxxx
Software version:  00.01.01.00.02
Hardware version: 1.0.2.0.0
SPU: 03.01.05
WPU: 00.06.05
CCU: 12.29.00
MCU: 00.05

I used the method described in post #1345 to generate the key to unlock the serial decode function (Option code: DSAC) in my scope.  But instead of using this generated key, I decided to actually buy the option from Rigol and activated the option that way. What I found interesting is, the key I got from Rigol was totally different than the key generated by the online generator.

I guess I could of screwed something up, but the impression I got is that while the key generator may work, it doesn't look like it is the same code that Rigol gives outs.  Has anyone else observed this or am I the only one that actually purchased the option?

[zombie28]

I used the method described in post #1345 to generate the key to unlock the serial decode function (Option code: DSAC) in my scope.  But instead of using this generated key, I decided to actually buy the option from Rigol and activated the option that way. What I found interesting is, the key I got from Rigol was totally different than the key generated by the online generator.

This is obvious consequence of using ECDSA algorithm in keygen. This algorithm uses some random value called 'seed', so there are many possible license codes that contain the same option bits (for a given serial number) and each of them is equally valid.

[G4RKO]

Just got my DS2072A today - wading through the 286 page user guide before I attempt an upgrade. I have read this thread in its entirety and can only marvel at the fantastic work done by a team of very talented people. One thing occurs, if for any reason my 2072A needs to go back to the supplier for repair is there anyway that the upgrade can be easily reversed? Thanks for any comments.
 A Newbie!

Theres an uninstall command for options and then you just install regular firmware.

Thanks Giggy. It may be a dumb question for which I apologise - where do I source the regular firmware from?

[tom66]

Hmm - DS1074Z is nearly out of stock everywhere in UK and Europe. Is this pulling a Flir -- taking back units to update firmware? Or delaying production for fixed firmware?

[cybermaus]

It has been like that for ever, they just cannot supply them fast enough: I watched Batronix every day (probably twice a day) for 4 weeks till they finally had stock, purchased mine one morning, and later that same morning all 4 models were sold out again....

[mrflibble]

Indeed, same problem here. Stock just seems to go *poof*.

[Giggy]

Just got my DS2072A today - wading through the 286 page user guide before I attempt an upgrade. I have read this thread in its entirety and can only marvel at the fantastic work done by a team of very talented people. One thing occurs, if for any reason my 2072A needs to go back to the supplier for repair is there anyway that the upgrade can be easily reversed? Thanks for any comments.
 A Newbie!

Theres an uninstall command for options and then you just install regular firmware.

Thanks Giggy. It may be a dumb question for which I apologise - where do I source the regular firmware from?

To get updated firmware just email Rigol (Providing your S/N, there's a form you submit), they send it directly.

A user also posted a link to the original firmware that he uploaded. I think its between this page and ~180

[G4RKO]

To get updated firmware just email Rigol (Providing your S/N, there's a form you submit), they send it directly.

A user also posted a link to the original firmware that he uploaded. I think its between this page and ~180

Thanks for that. Now running 200MHz with all options!