What, when?

I wrote this about 3-4 years ago, we had a discussion on IRC with a couple friends about how pathetic some algorithms are as I showed the reference code from a Sony Vaio bios. We had two pairs of codes and that was enough to reverse the algorithm, the pattern clearly emerged with this minuscule sample size which goes to show just how simple some algorithms out there really are.

At the time that piece of code was actually valuable, I could’ve sold the unlock service to people (like a few weasels began to afterwards…) but being the kind that would rather avoid legal issues, I simply put it on the back-burner.

Legal issues?

Well, I didn’t want any trouble with Sony. I did email them, nobody ever replied. So that’s as far as I got. I guess they would rather ignore certain problems than to face them — it ought to be cheaper…

Show me the code!

OK, Since I’m sure by now the relevance of the code has decreased and thus it’s value, and perhaps someone else already decided to post it after reversing it… (don’t know, haven’t checked — don’t care) I’m posting it here so any remaining weasels cease to profit from it.

;Sony Vaio Bios Unlock Calculator
;www.gushh.net
 
; input is numeric 7 digits, we only trim and obtain the left 7 digits as input sanitation.
Define.s input	= Left( Trim(InputRequester( "input code", "", "" )), 7 )
Define.s output	= ""
Define.i i
 
Dim buffer.i(6)
For i=0 To 6 ; extract the characters from the input string onto the working buffer
	buffer(i) = Val( Mid( input, i + 1, 1 ) )
Next
 
;10 8 7 12 11 12 16 ;- the magic pattern, reminds me of LOST...
 
Dim LUT.i(6) ; input the LUT
		LUT(0) = 10
		LUT(1) = 8
		LUT(2) = 7
		LUT(3) = 12
		LUT(4) = 11
		LUT(5) = 12
		LUT(6) = 16
 
For i=0 To 6 ; offset the buffer contents based on the LUT
	buffer(i) = LUT(i) - buffer(i)
Next
 
For i=0 To 6 ; generate the output string
	output + Right( Str( buffer(i) ), 1)
Next
 
; display it
MessageRequester( "result", output )

I’ll let it up to you to figure out the language and how to compile it. If you know other languages, porting it will be trivial. If you are not a programmer, send me a message and we’ll figure something out — I’m not going to upload / send any executables, sorry.

As an exercise, can you actually come up with the look-up table just by looking at these two pairs of numbers?

9876543 = 1006683
2335568 = 8547668

Which Vaio models?

Ah, good question… Turns out, it’s been a long time and I lost the pertinent details, can you come up with a list of supported models? — If it worked for your Vaio, maybe consider buying me a coffee?

Do you have more?

Actually yes, we broke a few other algorithms back then. But I won’t post it all at once. I am however willing to take a challenge — Just let me know. I may consider adding a live calculator to the page if someone requests it.
 
That’s all for now, cheers.
 

This letter is meant to be read by the pertinent executives or anyone in charge of the software/firmware department of the aforementioned companies (Rigol, Owon)…

It is time you take the market by surprise. Open your software. Create the world’s first real production open-source oscilloscope. Let people enhance your work and let yourselves learn from their revisions.

Of course this doesn’t mean you’ll quit developing the main firmware, it only means other people will be able to optimize, enhance and modify the firmware to their liking.

There have been reversals going on and several “hacks” on certain firmware versions, but the need is there. Open it up!

You’re selling the hardware, unlike the primary high-end oscilloscope companies who enjoy selling software and will charge you for every extra feature you want on a scope you’ve already paid full price on. This is the reason why the firmware on your scopes has to be open-sourced as soon as possible, to gain an extra edge on the entry-level market.

The reason Rigol sales sky-rocketed has simply been due to software leaks. Owon and others have not been explored deep enough as of today, so their sales were not increased. This proves the point that software is what drives your sales, not just the quality of your hardware. People want to modify the firmware, add features and remove other features they don’t want/use… Focus on delivering top-notch hardware with an initial firmware and let the clients develop it further on their own or at least allow them to fork and develop their own versions.

While it’s true that due to market segmentation you’ll share the same hardware on at least 3 different models (separated by bandwidth and other features, locked by software) — By having an open-source scope, you’ll only need to deal with one version targeted to everyone, at a fair price. The segmented model is outdated and the only reason you’ve been using it is because Tektronix, Lecroy and others still use it.

Sure, on some instances it works, but Rigol, Owon, etc. are dealing mostly with entry level equipment and thus, money is an object to your clients — Hobbyists and students alike.

For example, due to the firmware “hacks” on the Rigol Ds1052e, more 50MHz units were sold than 100MHz versions will ever be sold, proving segmentation becomes pointless when software is compromised and still, doesn’t hurt sales — to the contrary, it multiplies them.

I cannot stress enough how important this is for both parties. If you are unsure, just release the sources for your flagship model and see how it goes, you’ll be surprised by the feedback and rapid increase in sales.

Be smart: adapt, be the first company to do it and you won’t regret it. There’s no reason why scopes can’t or shouldn’t be open-sourced like some cell-phones and other platforms have been…

Hopefully we’ll see eye to eye on this one.

Best of luck,
Gus

I didn’t quite reach my goal this year with regard to this site, however that doesn’t mean I’ll stop trying. I did get twice as many unique visitors compared to last year though, so that’s a fair win – Thanks to all of you for that from all around the globe!

Having dealt with the whole moving process pretty much on my own, being literally homeless for a short period of time due to lawyers and monkeys alike, it’s been a stressful one.

Priorities are now changing a bit.

I’ll keep trying my best to not to lose focus on the task at hand, I guess that’s a fair resolution for this new year, right? — Let’s be realistic at least!

Thanks again to those who have helped and to those who visit the site, I hope you’ve found what you were looking for, if not, let me know!

Have a good one.

Cheers,
Gus

Alright, so we were able to define a statement, run it and obtain the result within PB using Python on the previous tutorial, now let’s try to modify a Python variable, in this case a long, from within PB!

The code is pretty much the same, but we’ve “imported” three extra functions to do the job. First we define our variable, instead of relying on it already being defined/instanced. Then we execute the script and finally read the results.

Import "python33.lib"
	Py_Initialize()
	Py_Finalize()
	PyRun_SimpleString( String.s )
	PyImport_AddModule( String.s )
	PyModule_GetDict( *PyModule.i )
	PyDict_GetItemString( *PyObject.i, Key.s )
	PyLong_AsLong( *PyObject.i )
	
	PyLong_FromLong( Var.l )
	PyDict_SetItemString( *PyObject.i, Key.s, *Content.i )
	Py_DecRef( *PyObject.i )
EndImport

Define.i *module, *dictionary, *retval, *longvar

If Py_Initialize()
	*module	= PyImport_AddModule("__main__") ; Obtain a reference from main
	If *module ; Did we get a reference to main?
		*dictionary = PyModule_GetDict(*module) ; Let's get a reference of it's dictionary then.
		If *dictionary
			*longvar = PyLong_FromLong(100) ; new instance of a pylong set to 100
			If *longvar
				
				PyDict_SetItemString( *dictionary, "retval", *longvar ) ; set the long to "retval", this initializes the variable.
				Py_DecRef(*longvar) ; decrease the reference count (since we instanced it and Python uses a GC)
				
				PyRun_SimpleString( "retval += 100" ) ; now let's execute our statement, this time we add 100 to retval, which was set to 100 in PB!
				
				*retval = PyDict_GetItemString(*dictionary, "retval")
				If *retval
					Debug PyLong_AsLong(*retval) ; should return 200, this function returns a long representation of *retval, which internally would be a PyLong in this case.
				EndIf
				
			EndIf
		EndIf
	EndIf
	
	Py_Finalize()
EndIf

In a real world application you would have one big script that would assume certain variables were already set or “initialized” by the host, and if not possibly set some defaults or assert in some way. That’s why we are initializing the variable first, then we execute the script and then we obtain the result.

Remember: There are many ways of achieving a goal, this is just one of them.

This method works fine for longs, but we’ve yet to talk about floats, strings and more complex data!

But for now…

Happy holidays!
Cheers.

The following is a bare-bones example of how to run a statement in python, from within PureBasic and then retrieve the result from Python. As said, the example has been stripped down for simplicity sake until you can get familiar with the Python API.

Requirements: python3.3, obtain it here.
The python33.lib file resides within Python33/python33.lib (assuming your install directory is Python33, of course)
On Windows, also, the python33.dll file resides in your system32 directory (at least for XP)

Import "python33.lib"
	Py_Initialize()
	Py_Finalize()
	PyRun_SimpleString( String.s )
	PyImport_AddModule( String.s )
	PyModule_GetDict( *PyModule.i )
	PyDict_GetItemString( *PyObject.i, Key.s )
	PyLong_AsLong( *PyObject.i )
EndImport
 
Define.i *module, *dictionary, *retval
If Py_Initialize()
 
	PyRun_SimpleString( "retval = 10+1*10-2*16/(2-3)" )	; let's run a basic mathematical expression, as a statement.
 
	*module	= PyImport_AddModule("__main__")		; Obtain a reference from main
	If *module 						; Did we get a reference to main?
		*dictionary = PyModule_GetDict(*module) 	; Let's get a reference of it's dictionary then.
		If *dictionary
			*retval = PyDict_GetItemString(*dictionary, "retval") ; Obtain a reference of retval
			If *retval
				Debug PyLong_AsLong(*retval)  	; Debug the result from the interpreter
				Debug 10+1*10-2*16/(2-3)	; Execute the same expression on native code
			EndIf
		EndIf
	EndIf
 
	Py_Finalize()
EndIf

The example above may look over-complicated, in fact we could get rid of most checks since we know there has to be a main and a dictionary as we already defined a variable… But, you have to write safe code and this implies always checking your pointers/handles.

At this point we haven’t defined any structures pertinent to Python nor have we set any variables within PB so that we may read them from Python itself, but that’s something we’ll discuss later.

Right now this code could serve you to execute simple scripts for your games or applications. For instance on an RPG game you could calculate a melee attack using a few fixed rules and then obtain the result on PB.

Have fun,
Cheers.