This is an unofficial guide on how to unlock 200Mhz bandwidth on SDS1104X-E oscilloscopes, effectively turning them into SDS1204X-Es....................
Warning: The PP510 probes that are supplied with the SDS1104X-E are 100MHz probes. If you intend to make use of the 200Mhz bandwidth then you need to spend an extra $100 and get a set of real 200Mhz probes, eg. the PP215 probes that are supplied with the SDS1204X-E.
If you don't do this then you won't have 200MHz bandwidth and you may get misleading readings on screen. You have been warned.
Next question: When people say "the one with the known root password", what would that password be?
(I think we have to assume that not everybody will "know" it)
The activation using the official licenses as described by me in the Siglent .ADS thread is more future proof (and can also be used in other equipments). Of course, if you end up just discovering the lower BW licenses, then you can reinsert the original bandwidth.txt.
If I take that file, and run it through the license code detector C# app, I get ~100 unique strings. Most of them look like regular text strings (e.g. ' 6cachingiterator'), others -- about 6 -- look like random strings (FTKW-UZFD-7PKY-D5MK and b4fa-cf7d-5c37-c2df). I tried plugging in those 6 random strings into the license manager (Options->Install) but I get a "data is invalid" error. So
The remaining 6, I attempted to install through the scopes panel -- I attempted each code for each option (MSO, Wifi, AWG) and each time I receive "The data is invalid", which leads me to suspect the output generated from the C# code does not contain any licensing codes.
I suppose I could print out a hex dump of the bin file and look for strings by hand, to see if there are keys missed by the C# code.... the PDF created by winhex is only 91,301 pages long
Any chance you could share how you run the memdump.bin in the C# script?
Any chance you could share how you run the memdump.bin in the C# script?
Have you even looked at the script?
byte[] buffer = System.IO.File.ReadAllBytes(@"memdump.bin");
using System;
using System.IO;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace TestApp
{
class Program
{
static void Main(string[] args)
{
byte[] buffer = System.IO.File.ReadAllBytes(@"G:\memdump.bin");
for (int j = 0, l = 0; j < 2; j++, l += 0x20)
for (int i = 0, strStart = 0, strSize = 0; i < buffer.Length; i++)
if ( ((buffer[i] < '2') || (buffer[i] > '9')) &&
((buffer[i] < 'A' + l) || (buffer[i] > 'Z' + l)) &&
buffer[i] != ('L' + l) &&
buffer[i] != ('O' + l))
{
if (strSize == 16)
Console.WriteLine("{0:X8} - {1}", strStart, Encoding.UTF8.GetString(buffer, strStart, strSize));
strSize = 0;
strStart = i + 1;
}
else strSize++;
Console.ReadKey();
}
}
If you carefully RTFM it suggests: "the most probable thing happening is that the text is concatenated with some other string/license! I leave that as homework. First, inspect both halfs of 32-char size strings..."
download/install visual studio community edition, and then cut/paste the code into a Win32 console application:Code: [Select]using System;
using System.IO;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace TestApp
{
class Program
{
static void Main(string[] args)
{
byte[] buffer = System.IO.File.ReadAllBytes(@"G:\memdump.bin");
for (int j = 0, l = 0; j < 2; j++, l += 0x20)
for (int i = 0, strStart = 0, strSize = 0; i < buffer.Length; i++)
if ( ((buffer[i] < '2') || (buffer[i] > '9')) &&
((buffer[i] < 'A' + l) || (buffer[i] > 'Z' + l)) &&
buffer[i] != ('L' + l) &&
buffer[i] != ('O' + l))
{
if (strSize == 16)
Console.WriteLine("{0:X8} - {1}", strStart, Encoding.UTF8.GetString(buffer, strStart, strSize));
strSize = 0;
strStart = i + 1;
}
else strSize++;
Console.ReadKey();
}
}
change hard-coded filename if you like, or, perhaps, modify code to use args[1] compile and run.
Thank you very much, managed to get the memory dump processed, and found some interesting things with some (a lot of) help
This process will obtain your license keys from a core dump of the scope application itself, in case you lost the paperwork after you purchased them (of course).
...
27. Write keys down in a safe place so you do not lose them again.
import re
import string
def getkeys(scopeid, serialno, memdumpfile):
"""
Parse a memory dump from a Siglent 1000X-E oscilloscope and return a dict containing
license keys for bandwidths and options. The 'activebw' key is the one that is currently
active in the 'scope (e.g. if the value of '100M' is the same as the value of 'activebw',
the oscilloscope is software locked to 100 MHz bandwidth)
"""
if len(scopeid) == 16 and set(scopeid) <= set(string.hexdigits):
scopeid = scopeid.lower().encode('utf-8')
else:
raise ValueError('Scope ID must be 16 hexadecimal characters (remove dashes).')
if len(serialno) == 14 and set(serialno) <= set(string.ascii_letters + string.digits):
serialno = serialno.upper().encode('utf-8')
else:
raise ValueError('Serial number must be 14 alphanumeric characters.')
f = open(memdumpfile, 'rb')
data = f.read()
f.close()
regex_bw = re.compile(scopeid + b'.*?'+ scopeid + b'.*?([0-9A-Z]{16}).*?([0-9A-Z]{16}).*?([0-9A-Z]{16}).*?([0-9A-Z]{16}).*?([0-9A-Z]{16})', re.DOTALL)
regex_opt = re.compile(serialno + b'.*?' + serialno + b'.*?([0-9A-Z]{48})', re.DOTALL)
key_bw = list([n.decode('utf-8') for n in re.findall(regex_bw, data)[0]])
key_opt = re.findall('.{16}', re.findall(regex_opt, data)[0].decode('utf-8'))
keys = {}
key_labels = ('100M', '200M', '50M', '70M', 'activebw', 'awg', 'wifi', 'mso')
keys.update(zip(key_labels, key_bw + key_opt))
return(keys)
Hello, i have a simple question last month i've updated to SDS1004X-E Firmware (4-Channel Model)- 6.1.26 (Release Date 09.26.18 ) do I have to downgrade to 6.1.25R2 before the unlock ?
thanks !
Thanks for this guys, VT100s guide has a few typos, but worked well.
This process will obtain your license keys from a core dump of the scope application itself, in case you lost the paperwork after you purchased them (of course). No "guessing games" like the other software posted (although it was a fun intellectual exercise!)
Skill level: Easy/Moderate
Risk: Slim to none.
Assumptions: You know the root password to your scope.
Steps:
1. download full armv7l version of busybox which has core dump enabled.
see: [url]https://busybox.net/downloads/binaries/1.28.1-defconfig-multiarch/busybox-armv7l[/url]
2. put version on thumb disk
3. reboot scope to known state
4. telnet to scope and log in as root
5. insert usb stick
6. copy busybox binary from usb to /tmp:
cp /usr/bin/siglent/usr/mass_storage0/U-disk/busybox-armv7l /tmp
7. unmount and remove usb
umount /usr/bin/siglent/usr/mass_storage/U-disk0
(and then remove usb stick)
8. identify and kill existing sds1000b.app
ps -ef | grep sds | awk '{printf "kill -9 %s\n", $1}' | ash
9. change to /tmp directory:
cd /tmp
10. launch new busybox ash shell
/tmp/busybox_armv7l ash
(when you press enter it looks like nothing happens, but something does)
11. re-launch scope app in new busybox environment in background
/usr/bin/siglent/sds1000b.app &
12. increase core dump ulimit to unlimited:
ulimit -c unlimited
you can verify new limit by typing
ulimit -c
and you should get a response "unlimited"
12. kill scope app again, telling OS to create a core dump of the app:
ps -ef | grep sds | awk '{printf "kill -ABRT %s\n", $1}' | ash
13. wait a few seconds, and press enter once or twice. you should see:
[1]+ Aborted (core dumped) /usr/bin/siglent/sds1000b.app
if you do not, you did something wrong, go to step #3
14. verify core dump is in /tmp:
ls /tmp/core*
you should see something like this:
-rw------- 1 root root 377511936 Jan 1 00:14 /tmp/core
if not, you did something wrong, go to step #3
15. exit out of usb version of busybox shell
exit
(it will look like nothing happens when you press enter, but, something does)
16. re-launch Siglent scope application. See Step #11
17. insert usb drive
18. copy core dump to thumb drive
cp core /usr/bin/siglent/usr/mass_storage/U-disk0/coredump.bin
(this will take a minute or two, its a big file)
19. unmount usb stick and remove (see step #7)
20. Insert USB stick on Windows/Mac/Linux and open the coredump.bin file in your favorite hex editor.
21. Search for string "SDS1000X-E". Keep searching until you find the string next to either your scopeid (if you do not know your scope id, you can get it using the SCPI SCOPEID? command thru the web interface) or your serial number.
22. When you locate the entry with your scope ID, you will see a series of 5 16-character strings below it (one will look like a 32 character string, split it into half so you have two 16-character strings. These are your 100, 200, 50 and 70 mhz license keys, respectively. The one that appears twice is the license key your scope is currently licensed under.
23. You can license a different bandwidth by typing MCBD (license key) at the scope's SCPI web interface. It is necessary to reboot after you do this for everything to reset and take effect. You can verify the bandwidth by typing PRBD? through the SCPI web interface.
24. When you locate the entry with your serial number, you will see a series of (at least) 3 16-character strings. If you have any options already licensed, those keys will appear twice. if you have no options licensed, they only appear once. The keys are, respectively, AWG, WIFI and MSO.
25. You can license any options through the scope's SCPI interface using LCISL (option),(key) where (option) is AWG, WIFI or MSO and (key) is the 16-character key.
26. after doing so, even though the options are immediately licensed and active, I recommend a reboot for the new options to take effect.
27. Write keys down in a safe place so you do not lose them again.