Oscyloskop DSO150 firmware - This board is FAKE !

blady-brs 34905 36
This content has been translated flag-pl » flag-en View the original version here.
  • #31
    Level 2  
    Hi, boyak75,

    Thank you very much for your feedback!

    Maybe the EEPROM is really gone... I've done several experiments with both DSO150 (fake) and DSO138mini (genuine), some of which included transplanting the EEPROM between them, to see if this way I could "genuinize" the 150 and update the FW, and maybe in one of these experiments I killed it... Or maybe not, because I'm using a cheap CH341 reader and this could be the cause of not being able to read it. But Brottoaster couldn't read it either (or read it empty), so maybe also it is really like this.

    On the other hand, even if it doesn't remember the unlock procedure, it seems to remember other settings (timebase, volts/div...), so maybe these and other data are stored in STM's internal EEPROM rather than the external one, and the external one is only for the CryptoAuthentication device capabilities, as storing the serial nº (but not in the standard I2C EEPROM space).

    I'm thinking of creating a simple program for the STM to read the EEPROM without the need of an external programmer, or even using this library to fully read the special registers of the ATSHA204A or similar CryptoAuthentication device. I'm not very skilled in programming microcontrollers, but with some luck maybe a bit of modding of the library's examples will suffice... maybe you can distract some time from your project and try this way, but I'll also give it a try

    Thanks again and I hope we can make some advances, mostly for curiosity and learning (or just for the sake of it :D ) as, in practice, I can use the scope as is, just entering the activation menu at the beginning, or going back to 064 version, or using one of the maybe even better open-source FWs out there (or, better yet, buying a "real" scope, there are now good looking units for <200€).

    Your posts and Brottoaster's were the first ones I could find with real advances on hacking this thing after some posts about a patched 064 version years ago in a Russian forum (which didn't give many clues on how they were done)
  • #32
    Level 2  
    Hi morgan_flint!

    You can take a look into the old open source of JYE https://github.com/JYEtech/DSO-Shell-open-source-version-
    Here you can find the files eeprom.h and .c. This "driver" is a eeprom emulation. This means the data is stored to the internal MCU flash. See https://www.st.com/resource/en/application_no...2f10x-microcontrollers-stmicroelectronics.pdf

    We see that the idea is to write changes of the variables in a incremental way. This means we dont write all variables in one go to the same place in memory.
    No! We write only changes. And the chages will be written to an increasing memory address. This method is surely to prevent the eeprom from wearout.
    This is a half answer to your question "where is the information stored" which i want to answer with "everywhere" ;-)

    Lets take a closer look to the datastructure stored into the eeprom.
    The structure of data is a 16bit variable id (virtual address) followed by a 16bit data value you want to store.
    This is called as key value and is very often used in software design to store dynamic data or in communication protocols.

    So far...... have fun... my next step will be to take a closer look into the option bytes.
  • #33
    Level 2  
    Ok, that justifies (at least, partially), that the external I2C EEPROM looks empty...

    I don't know why Jyetech wouldn't want to use it to store the settings, instead of the internal flash that has those wearout problems.
  • #34
    Level 6  
    If you ask Jyetech if there is anything you should consider when replacing the U2, you will get the following answer:
    "Unfortunately the U2 on the main board was used to secure the board against counterfeiting. It must be programmed in our factory to become functional. The firmware won't run without the chip."
  • #35
    Level 1  
    @boyak75 thank you very much friend, your pach worked perfectly for my chinese dso150!
  • #36
    Level 1  
    Oscyloskop DSO150 firmware - This board is FAKE ! Oscyloskop DSO150 firmware - This board is FAKE ! Oscyloskop DSO150 firmware - This board is FAKE !

    Hello, I bought dso150 fnirsi oscilloscope from aliexpress. But it malfunctioned. I changed the STM32 chip, the software was being thrown, but there was no screen, I repaired it by buying a new screen. Now, I tried all the dso150 software on the internet (including the ones described on this page), they all stay on the boot screen as in the picture. Does not continue. How can i solve this problem. As far as I understand in the picture, there is a pid ID at the bottom, but it is broken for me. Thank you to those who will help. I'm trying to improve myself in electronics for hobby purposes.
  • #37
    Level 1  
    I have exact same boot screen, with the red E and garbled text in the bottom. Same FNIRSI dso150.
    I haven't changed the MCU, nor made any hardware modification.

    UPDATE: I ended up installing "lnDSO150", it has specific support for FNIRSI: https://github.com/mean00/lnDSO150