Unlocking Siglent SDS1104X-E, step by step

[Fungus]

Latest unlocking instructions are in this post:

https://www.eevblog.com/forum/testgear/unlocking-siglent-sds1104x-e-step-by-step/msg4066828/#msg4066828

[gedong]

plus a video will be great.


start from here from what i observe.
https://www.eevblog.com/forum/testgear/siglent-sds1204x-e-released-for-domestic-markets-in-china/msg1612639/#msg1612639

[BillB]

Ian posted the most concise instructions for the bandwidth upgrade in that thread:

1. Update with the OS update with the known root password.

2. telnet to the scope, and log in as root.

3. Execute these commands:
   mount -o remount,rw ubi2_0 /usr/bin/siglent/firmdata0
   cd /usr/bin/siglent/firmdata0
   mv bandwidth.txt bandwidth.bak

4. Reboot

I don't think there has been a definitive consensus on unlocking the other options without option codes?

[tautech]

plus a video will be great.


start from here from what i observe.
https://www.eevblog.com/forum/testgear/siglent-sds1204x-e-released-for-domestic-markets-in-china/msg1612639/#msg1612639

Yep like that and similar for SSA too.(mentioned in SSA hack thread)
There are other/better ways too. 

[Fungus]

Ian posted the most concise instructions for the bandwidth upgrade in that thread:

1. Update with the OS update with the known root password.

a) Which you get.... where?
b) How do you install it?

2. telnet to the scope, and log in as root.

a) Telnet port #?

3. Execute these commands:
   mount -o remount,rw ubi2_0 /usr/bin/siglent/firmdata0
   cd /usr/bin/siglent/firmdata0
   mv bandwidth.txt bandwidth.bak

4. Reboot

Is that definitively all it takes? I've read a few places that there's some weird aliasing at high frequencies that isn't in the real 200Mhz version of the 'scope, that maybe something else needs tweaking.

To me it seems weird that you'd hide the bandwidth.txt file instead of modifying it (if I were a Siglent firmware writer I'd default to low bandwidth when the file is missing)

I don't think there has been a definitive consensus on unlocking the other options without option codes?

You mean the "software" part of the AWG, MSO and WiFi options?

[SMB784]

Here was my process

1.) Format a USB flash drive to FAT32

2.) Load the flash drive with the SDS1004X-E Firmware (4-Channel Model) - 6.1.25R2 (Release Date 06.29.18) by downloading it from the Siglent website and unzipping it onto the flashdrive.

3.) Once the file is loaded, install the firmware onto the oscilloscope by following the instructions in the PDF included in the firmware zip file.  Verify the correct firmware version is installed using the menus within the Utility button, and take note of the model number (should read SDS1104X-E)

4.) Once the firmware has been installed on the scope, reformat the flash drive to FAT32 and unzip the SDS1004X-E Operating System-V1 (Only For 4-Channel ) (Release Date 06.26.18) after downloading it from the Siglent website.

5.) Install the software update onto the oscilloscope by following the instructions in the PDF included in the firmware zip file.  Reboot the scope and verify the correct software version is installed using the menus within the Utility button.

6.) Download the custom operating system file that possesses the known telnet password.  Unzip it onto a USB drive and install it just as you installed the stock software file from the Siglent website.  NOTE: Some computers do not correctly load the software file onto the USB drive, thus preventing the scope from updating from the stock software to the custom software.  I have experienced this problem personally.  If this occurs, try loading it onto the USB from a different computer.  I had success using a Raspberry Pi to load the custom software onto the USB.

7.) After installing the custom software, plug the oscilloscope into your router with an ethernet cable, and telnet into the scope on port 23 using the known password.

8.) Once in the scope via telnet, execute the following commands:

mount -o remount,rw ubi2_0 /usr/bin/siglent/firmdata0
cd /usr/bin/siglent/firmdata0
mv bandwidth.txt bandwidth.bak

9.) Reboot the scope, and verify that the model number displayed in the Utility button menus has been updated to show an SDS1204X-E

Now the scope should have 200MHz bandwidth.  I have verified that mine possesses this bandwidth using a very reliable, stable signal generator (Fluke 6061A)

EDIT: Thanks ian.ameline for the link to a download source for the custom software. I have updated step 6 with this information.

[ian.ameline]

The OS with the known password can be found here; https://www45.zippyshare.com/v/SEUJEWE1/file.html

The instructions above are accurate.

[ian.ameline]

Ian posted the most concise instructions for the bandwidth upgrade in that thread:

1. Update with the OS update with the known root password.

a) Which you get.... where?
b) How do you install it?

2. telnet to the scope, and log in as root.

a) Telnet port #?

3. Execute these commands:
   mount -o remount,rw ubi2_0 /usr/bin/siglent/firmdata0
   cd /usr/bin/siglent/firmdata0
   mv bandwidth.txt bandwidth.bak

4. Reboot

Is that definitively all it takes? I've read a few places that there's some weird aliasing at high frequencies that isn't in the real 200Mhz version of the 'scope, that maybe something else needs tweaking.

To me it seems weird that you'd hide the bandwidth.txt file instead of modifying it (if I were a Siglent firmware writer I'd default to low bandwidth when the file is missing)

I don't think there has been a definitive consensus on unlocking the other options without option codes?

You mean the "software" part of the AWG, MSO and WiFi options?

- You install the OS just like you'd install the one you got from SIGLENT -- just follow their instructions

- The telnet port is the default one telnet uses -- just telnet to the ip address of the scope.

- Yes, that is all it takes. Others have confirmed that the bandwidth is increased.

- It looks to me like the scope is deliberately designed to be hackable. It would be very easy for it to have been much harder. It is not. It is *very* easy.

[PhilipPeake]

Does this work for the SDS1102X ?
Presumably it would need different hacked software?

[Fungus]

- You install the OS just like you'd install the one you got from SIGLENT -- just follow their instructions

- The telnet port is the default one telnet uses -- just telnet to the ip address of the scope.

Nice attitude.

Other 'scopes have different ports, I just want the port used by Siglent to be written down clearly (which you've failed to achieve).

- Yes, that is all it takes. Others have confirmed that the bandwidth is increased.

Nobody's doubting the bandwidth increases but some people claim to have noticed weird aliasing or that the capacitors are different.

Those problems might be just the probes. It's reasonably well known that cheap-ass probes start to go to hell around 250MHz and one of the differences between the two models is that you get much better probes with the 200MHz version.

If it is the probes then a new set of probes should probably be thrown into the upgrade mix, that puts the price of the "hacked" version up by $100.

Food for thought, yes?

- It looks to me like the scope is deliberately designed to be hackable. It would be very easy for it to have been much harder. It is not. It is *very* easy.

How do you explain the fact that the 'scope is only eight months old but you already need to download old firmwares to be able to do it, that newer firmwares don't work? What happens if Siglent decides to encrypt that file and make it default to 50Mhz when it's missing? It is *very* easy to make it much harder.

(and what happens when Siglent removes that old firmware from their web site?)

PS: Nowhere near as easy as a Rigol (neener neener).

[rf-loop]

3. Execute these commands:
   mount -o remount,rw ubi2_0 /usr/bin/siglent/firmdata0
   cd /usr/bin/siglent/firmdata0
   mv bandwidth.txt bandwidth.bak

4. Reboot

Even when this particular case do not need but with bit expensive way in history I have learned that after editing it is good practice to use sync command before shut down.
I'm, not at all linux expert (far away) so I can not my self think when it is important exactly and when not, so I use it nearly always. In some cases it is extremely important, in some cases perhaps not so important and always we can try walk with just trusting good luck.

3. Execute these commands:
   mount -o remount,rw ubi2_0 /usr/bin/siglent/firmdata0
   cd /usr/bin/siglent/firmdata0
   mv bandwidth.txt bandwidth.bak
   sync

4. Reboot

Perhaps some who really know could take position to this with reasoning.

[Fungus]

Even when this particular case do not need but with bit expensive way in history I have learned that after editing it is good practice to use sync command before shut down.

Linux knows how to do a sync before a soft reboot but the word "reboot" is ambiguous, yes. Some people might power-cycle it instead of typing "shutdown -r" at the command line.

(take note, ian.ameline).

[rf-loop]

Even when this particular case do not need but with bit expensive way in history I have learned that after editing it is good practice to use sync command before shut down.

Linux knows how to do a sync before a soft reboot but the word "reboot" is ambiguous, yes. Some people might power-cycle it instead of typing "shutdown -r" at the command line.

(take note, ian.ameline).

Just because this bolded...

[rf-loop]

- You install the OS just like you'd install the one you got from SIGLENT -- just follow their instructions

- The telnet port is the default one telnet uses -- just telnet to the ip address of the scope.

Nice attitude.

Other 'scopes have different ports, I just want the port used by Siglent to be written down clearly (which you've failed to achieve).

If some scope manufacturer do not follow RFC854 about Telnet protocol it is they own problem.
It is clearly stated in RFC854 page 15.  L=23

[Fungus]

If some scope manufacturer do not follow RFC854 about Telnet protocol it is they own problem.
It is clearly stated in RFC854 page 15.  L=23

I don't think "RTFM!" should be used in a "step by step" guide - this is the FM.

[bugi]

If some scope manufacturer do not follow RFC854 about Telnet protocol it is they own problem.
It is clearly stated in RFC854 page 15.  L=23

I don't think "RTFM!" should be used in a "step by step" guide - this is the FM.

Yes, and if this FM would not mention port, then obviously, the less than experienced user would not write it in the command either, so the command ends up using the default port, which thus works. A more experienced user would already know that if the port is the default, it is typically left out from instructions, (and that if it is not default, it is shown). Thus, the earlier version without the port number was quite sufficient, and this nitpicking about port number is just that, useless nitpicking.

Otherwise  , points for making the push to get those instructions done clearly in one place, instead of the typical spread of bits and pieces in here and there over 3 threads and 10 pages among all the other messages. Certainly makes it easier than before.

[rf-loop]

Sometimes it is easy forget that not all peoples have used telnet at 80's
So it is perhaps good to tell (but also most of good telnet client do it as default, as example many times recommended PuTTY or just plain  puttytel.exe (a Telnet-only client) )

[ian.ameline]

http://lmgtfy.com/?q=default+telnet+port

If you're too lazy to use google, I really don't know how to respond. You may have chosen the wrong hobby if you expect someone else to do all the work for you.

There -- now my attitude is clear.

- You install the OS just like you'd install the one you got from SIGLENT -- just follow their instructions

- The telnet port is the default one telnet uses -- just telnet to the ip address of the scope.

Nice attitude.

Other 'scopes have different ports, I just want the port used by Siglent to be written down clearly (which you've failed to achieve).

- Yes, that is all it takes. Others have confirmed that the bandwidth is increased.

Nobody's doubting the bandwidth increases but some people claim to have noticed weird aliasing or that the capacitors are different.

Those problems might be just the probes. It's reasonably well known that cheap-ass probes start to go to hell around 250MHz and one of the differences between the two models is that you get much better probes with the 200MHz version.

It it is the probes then a new set of probes should probably be thrown into the upgrade mix, that puts the price of the "hacked" version up by $100.

Food for thought, yes?

- It looks to me like the scope is deliberately designed to be hackable. It would be very easy for it to have been much harder. It is not. It is *very* easy.

How do you explain the fact that the 'scope is only eight months old but you already need to download old firmwares to be able to do it, that newer firmwares don't work? What happens if Siglent decides to encrypt that file and make it default to 50Mhz when it's missing? It is *very* easy to make it much harder.

(and what happens when Siglent removes that old firmware from their web site?)

PS: Nowhere near as easy as a Rigol (neener neener).

What if purple monkeys fly out of my ass? What if, what if, what if.

You asked for the hack -- we gave it to you. Now you complain. Again, you probably should take up golf instead.

Cheers...

[ian.ameline]

Even when this particular case do not need but with bit expensive way in history I have learned that after editing it is good practice to use sync command before shut down.

Linux knows how to do a sync before a soft reboot but the word "reboot" is ambiguous, yes. Some people might power-cycle it instead of typing "shutdown -r" at the command line.

(take note, ian.ameline).

Good point -- I tend to assume people around here who poke around with electrons aren't lazy idiots, and research perhaps even a little background knowledge before poking their meat-probes at things they may have little experience with -- clearly an unexamined assumption -- google must be too hard to use.

But in the case here, buffers are flushed pretty quickly -- you'd need to power cycle within milliseconds to have a problem, and even then, you'd have to get really unlucky (in a microsecond wide window) to get an inconsistent state in the flash. I doubt you could make it happen by trying.

[Fungus]

http://lmgtfy.com/?q=default+telnet+port

If you're too lazy to use google, I really don't know how to respond. You may have chosen the wrong hobby if you expect someone else to do all the work for you.

Um, the question was whether Siglent uses the standard port, not if I (or somebody who doesn't spend their lives using green-screen Linux) can google what the standard port is.

There -- now my attitude is clear.

Crystal.

[Fungus]

Next question: When people say "the one with the known root password", what would that password be?

(I think we have to assume that not everybody will "know" it)

[rf-loop]

Next question: When people say "the one with the known root password", what would that password be?

(I think we have to assume that not everybody will "know" it)

Why lazy people should be fed.

[SMB784]

Next question: When people say "the one with the known root password", what would that password be?

(I think we have to assume that not everybody will "know" it)

Let's just say that if you are a regular eevblog reader, you are typing the password every day.

As regards the concern that you are restricted to using the outdated firmware to perform the bandwidth upgrade, it is possible to modify any firmware revision yourself and insert your own custom password. You can follow the posts by janekivi & tv84 in the Siglent .ads file thread where the process is described in detail.

[Fungus]

As regards the concern that you are restricted to using the outdated firmware to perform the bandwidth upgrade, it is possible to modify any firmware revision yourself and insert your own custom password. You can follow the posts by janekivi & tv84 in the Siglent .ads file thread where the process is described in detail.

I'm more worried that in the future the 'scope might not default to 200Mhz when the bandwidth.txt file is missing.

(eg. it could just as easily default to 50MHz...  )

[tv84]

Although I disagree with the way the OP has been conducting this process, I would like to add my 2 cents to the benefit of the whole forum:

All must realize that the method described previously (removing the bandwidth.txt) triggers the activation of the PRO_MODE in the scope (which is the "Production Mode"). This mode enables all the Options and the BW to the max possible.

This mode can, in fact, be easily disabled in future FW versions and/or Siglent can change it to trigger the activation of the lowest BW instead of the highest. Maybe they use the highest precisely to evaluate the full potential of the equipment before leaving factory...

The activation using the official licenses as described by me in the Siglent .ADS thread is more future proof (and can also be used in other equipments). Of course, if you end up just discovering the lower BW licenses, then you can reinsert the original bandwidth.txt.

I leave a small "easter egg" attached that does the following:

Code: [Select]

sync
mount -o sync,rw,remount /usr/bin/siglent/firmdata0/
sync

mv /usr/bin/siglent/firmdata0/bandwidth.txt /usr/bin/siglent/firmdata0/bandwidth.bak

sync
mount -o sync,ro,remount /usr/bin/siglent/firmdata0/
sync
which means it replaces all the steps described previously in this thread without the need to change FS root password, etc.

Execute it as a normal update. It should be run after the scope is running and you should reboot after. For security reasons it won't overwrite any existing bandwidth.bak so that you can keep the original (in case people run it multiple times).