So, having done a lot of research and made my fair share of mistakes, I would like to add to the collective wisdom / noise on this forum.
After I:
- spent a great deal of time wondering why my MSO1074Z doesn't like riglol keys, even with the MSO1000Z patches
- completely botched my warranty void sticker
- spent 42 hours (sic) on a JTAG memory dump
- got locked out of my scope for entering the wrong option keys (12 hours at a time) for more than I can count
- list of mistakes keeps going. I am a terrible hacker.
I finally unlocked the options on my MSO1074Z. I've decided to document my mistakes and hope no one else makes them.
So, here we go:
- riglol does not generate correct keys, even when patched with the MSO1000Z_private_key
From comparing , this post and my own experiences, I've come to the conclusion that, RC5KEY1, RC5KEY2 and XXTEAKEY are different for each scope. The public and private keys for all Rigol MSO1000Z scopes are the same. I've generated keys with Riglol (with MSO1000Z private key patch) and they don't work. rigup works, but it actually uses the RC5 and xxtea keys. The riglol tool doesn't know about this and can't possibly generate the correct codes.
- :SYSTem:OPTion:INSTall does not take dashes
:SYSTem:OPTion:INSTall HBHBHBH-BHBHBHB-HBHBHBH-BHBHBHB
is incorrect.
:SYSTem:OPTion:INSTall HBHBHBHBHBHBHBHBHBHBHBHBHBHB
is correct.
While we are at it, this Python code works:
import vxi11
i = vxi11.Instrument('192.168.0.100')
i.ask('*IDN?')
#No dashes in activation number
i.write(':SYSTem:OPTion:INSTall HBHBHBHBHBHBHBHBHBHBHBHBHBHB')
Just remember to install python-vxi11
- Get yourself a FTDI based JTAG programmer before doing a memory dump.
I must have the cheapest Altera USB Blaster clone that money could buy. It look me me nearly 2 days to complete the memory dump. I am not kidding:
> dump_image mso1074z.bin 0x40000000 0x3FFFFFF
dumped 67108863 bytes in 153915.625000s (0.426 KiB/s)
Yes, that's 426B/s. Uh... thats like 10% of what I got over a dialup connection. Don't do what I and this fellow did. Had I read his post before this, I would have borrowed the faster JTAG programmer from work before I left on Friday. Proportedly, OpenOCD works better with FTDI based JTAG cables.
- You don't need to wait for the memory dump to finish to run rigup
I was able to extract all the keys that I needed about 28MB into the memory dump. I thought I would finish the memory dump for good measure, but it surely wasn't necessary.
- You don't need to modify rigup if you have a serial number beginning with DS1ZC
Looking at the source code of the patched rigup tool (rigup-0.4.1-mso1000z.zip), I thought it only worked for oscilloscopes with serial numbers beginning with DS1ZD. In utils.c, there's this following line:
if ( serialNumber[4]!='D' && serialNumber[3]!='Z' && serialNumber[2]!='1' && serialNumber[1]!='S' && serialNumber[0]!='D' )
This got me concerned as my scope's serial number began with DS1ZC. Turns out this if statement never evaluates true (set a breakpoint, never hit during debug).
- Don't link rigup with -Wl,-dead_strip
As this fellow said at the end of his post, remove the -Wl,-dead_strip from the LDFLAGS parameter of the Makefile for rigup. Don't know why it seg faults on my computer, but it does. So, remove it and you'll be fine.
There's a lot of great information on this forum. The only problem is, its really hard to find it. It would be better organized as a Wiki. But who am I to complain... I am too lazy and penny pinching to start one myself!
EDITS: minor typos
Home
Help
Search
Login
Register
