Maybe the EEPROM is really gone... I've done several experiments with both DSO150 (fake) and DSO138mini (genuine), some of which included transplanting the EEPROM between them, to see if this way I could "genuinize" the 150 and update the FW, and maybe in one of these experiments I killed it... Or maybe not, because I'm using a cheap CH341 reader and this could be the cause of not being able to read it. But Brottoaster couldn't read it either (or read it empty), so maybe also it is really like this.
On the other hand, even if it doesn't remember the unlock procedure, it seems to remember other settings (timebase, volts/div...), so maybe these and other data are stored in STM's internal EEPROM rather than the external one, and the external one is only for the CryptoAuthentication device capabilities, as storing the serial nº (but not in the standard I2C EEPROM space).
I'm thinking of creating a simple program for the STM to read the EEPROM without the need of an external programmer, or even using this library to fully read the special registers of the ATSHA204A or similar CryptoAuthentication device. I'm not very skilled in programming microcontrollers, but with some luck maybe a bit of modding of the library's examples will suffice... maybe you can distract some time from your project and try this way, but I'll also give it a try
Thanks again and I hope we can make some advances, mostly for curiosity and learning (or just for the sake of it ) as, in practice, I can use the scope as is, just entering the activation menu at the beginning, or going back to 064 version, or using one of the maybe even better open-source FWs out there (or, better yet, buying a "real" scope, there are now good looking units for <200€).
Your posts and Brottoaster's were the first ones I could find with real advances on hacking this thing after some posts about a patched 064 version years ago in a Russian forum (which didn't give many clues on how they were done)
We see that the idea is to write changes of the variables in a incremental way. This means we dont write all variables in one go to the same place in memory.
No! We write only changes. And the chages will be written to an increasing memory address. This method is surely to prevent the eeprom from wearout.
This is a half answer to your question "where is the information stored" which i want to answer with "everywhere"
Lets take a closer look to the datastructure stored into the eeprom.
The structure of data is a 16bit variable id (virtual address) followed by a 16bit data value you want to store.
This is called as key value and is very often used in software design to store dynamic data or in communication protocols.
So far...... have fun... my next step will be to take a closer look into the option bytes.
If you ask Jyetech if there is anything you should consider when replacing the U2, you will get the following answer: "Unfortunately the U2 on the main board was used to secure the board against counterfeiting. It must be programmed in our factory to become functional. The firmware won't run without the chip." [F]