Adding more stuff to the web

Unlocking the Siglent SDS-1104X-E

Tags: hardware, hack

As a birthday present, I recently bought myself my first oscilloscope. After researching the various makes and models for a fair while and eventually decided on the Siglent SDS-1104X-E. It’s a four channel model, with 100 MHz bandwidth and options to add a waveform generator and digital input.

Given this is my first ‘scope, I started a bit of reading to find out how to best use it. In the process, I came across an interesting post on the EEVblog forums indicating that it was possible to ‘upgrade’ the 1104X-E to the 200 MHz 1204X-E. This, of course, generated a fair bit of interest, with people eventually coming up with a method to extract the license keys from the oscilloscope’s memory.

I didn’t have a whole lot of luck with this, as I wasn’t able to get the version of busybox linked in the post to actually save a core dump. In addition, I wasn’t particularly fond of having to use a modified firmware file from a file sharing site as the first step in the process. After a bit of reading (particularly this blog post from 2007 and a post on the chumby forum), I managed to come up with a slightly different method.

# mount -o loop -t cramfs /path/to/rootfs.cramfs ~/tmp
$ find ~/tmp > filelist.txt
$ cat filelist.txt | cpio -pdm siglentfs-mod/
# umount ~/tmp
$ mkpasswd -m sha-512 yourpassword DZO.HiUy
$ mkcramfs siglentfs-mod/ rootfs.cramfs
# cat /dev/mem > /usr/bin/siglent/usr/mass_storage/U-disk0/memdump.bin
cat: read error: Bad address
# umount /usr/bin/siglent/usr/mass_storage/U-disk0/

From this point, the steps are the same as those in the step-by-step post, starting from step 21. Just in case they disappear, this is my interpretation of them:

Hopefully these steps help someone else work through the process. Please bear in mind that playing with the firmware of your test equipment carries the potential for Bad Things to happen (up to and including leaving it entirely non-functional), so don’t say you weren’t warned.