Rigol DS1052E, new firmware

[MikeK]

Rigol just emailed me the latest firmware, version 2.06.  Has anyone used this?  Will it be compatible with the bandwidth hack?

[A Hellene]

Well, you can post it and I will be happy to try to hack this too, as I did with 2.05 SP2 (2.05.02.00), as soon as I reassemble my dismantled unit.


-George

[saturation]

Thanks! Did they provide release notes as to what's new in 2.6?  2.5 wasn't exactly as bug free as 2.4.

If you do have the release notes can you post here?

[MikeK]

No release notes.  Just the instructions and the firmware file.  They said it's in production since last week.

[Zero999]

Someone needs to upload the hacked firmware to a file sharing service.

[A Hellene]

Hero, the v2.06 firmware has not been hacked yet.

But, yes, it would be nice if we could lay our hands on it; and this little detail above will no longer be a problem!

I am already setting up the hot air station to reball the Cyclone III BGA chip that I have desoldered from the DS1052 mainboard in order to reverse the digital section too --a task that has been accomplished by 85%-90%, since spare time seems to be a luxury for me these days...


-George

[MikeK]

George, I sent you a PM.  Send me your email.

Mike

[Lightages]

I can host legal files relating to Rigol DS0152E hacking. Please PM me if people want them hosted, for free of course.

[alm]

I can host legal files relating to Rigol DS0152E hacking. Please PM me if people want them hosted, for free of course.

How can a firmware file with copyrights owned by Rigol be legal to distribute unless Rigol grants permission, even without modification?

[A Hellene]

George, I sent you a PM.

Mike, thank you!
I appreciate it.

I am sorry though for the delayed response. I had to go to an emergency stop mode after having successfully reballed the FPGA (that took me almost half an hour of intensive focus, placing manually 256 individual solder balls on an FBGA chip pads before baking it with hot air), since Morpheus (the god of dreams) made me an offer I could not refuse at that time!

Well, I have also had in mind Alm's thoughts about making public a piece of firmware distributed in a selective manner by its IP owner.

The good part is that the created hacked files can be made public for educational/testing purposes; the original firmware files cannot be made public without the consent of their legal owner. On the other hand, when something is released in the open, no one can be held account for "finding" it online, even though "internet anonymity" is yet another myth... So, "leaking" is a possible answer to the current problem, since I expect that people will also ask for the original new firmware to test it along with the hacked one; I know I would, as I have already done, above.

Anyway, all I will need from the new firmware file in order to hack it is a few specific bytes only! But, in order to test the hack properly, I will have to have access to a working unit loaded with the new firmware. At this time this does not seem to be possible for me because my DS1052 remains unbootable until I finish reversing its mainboard and solder the FPGA back in its place; and the FPGA is not on a socket in order to be removed at will. But I will be glad to try having the latest firmware hacked, since I think I know exactly what it takes to do it.


-George

[Zero999]

I can host legal files relating to Rigol DS0152E hacking. Please PM me if people want them hosted, for free of course.

How can a firmware file with copyrights owned by Rigol be legal to distribute unless Rigol grants permission, even without modification?

He didn't say anything about actually hosting copyrighted material, read it again.

[Lightages]

Exactly, I am willing to host files on my server as long as they are not going to cause me to have a shutdown due to copyright issues. I know this doesn't help with many files but at least I can ensure a reliable and long term free host for things we might want to share that would otherwise cost someone money to host. or the other mess, big file hosters that require membership and advertising to deal with.

If people don't want a place to put files for free access, no problem. 

[drieg]

Rigol just emailed me the latest firmware, version 2.06.  Has anyone used this?  Will it be compatible with the bandwidth hack?

Well, you can post it and I will be happy to try to hack this too, as I did with 2.05 SP2 (2.05.02.00), as soon as I reassemble my dismantled unit.

Hero, the v2.06 firmware has not been hacked yet.

But, yes, it would be nice if we could lay our hands on it; and this little detail above will no longer be a problem!

I wouldn't be so sure this time. Rigol has changed the firmware header again and you won't be able to hack it just by "guessing" and "playing" with CRC32

Nevertheless, using the FW header from version above sill remains an option. But you'll have to wait...

[A Hellene]

Yes, Drieg, I've realised that Rigol has changed the header format once more.
Even the <Std. header> field has been changed:

Code: [Select]

---------------------------------------------------------------------------
HEX Address: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14
---------------------------------------------------------------------------
    Fields: |<------ Std. header -------->|<-FW rev.->|<-?->|<- CRC32 ->|??|
---------------------------------------------------------------------------
v2.05.01.00: 44 53 31 30 30 30 45 20 20 20 82 85 84 88 C3 7B 47 92 39 C8 7E
v2.05.01.02: 44 53 31 30 30 30 45 20 20 20 82 85 84 82 8B B8 96 41 63 FF 33
v2.05.02.00: 44 53 31 30 30 30 45 20 20 20 82 85 82 88 C0 7E D7 6A 15 B6 B6
v2.06.00.01: 4A E3 3E 5E 1C EA 8D 39 9A 23 82 86 88 84 02 8C E9 A6 50 D0 BC
---------------------------------------------------------------------------
My suggestion to those who want to upgrade to the new firmware (v2.06 SP0) would also be to wait until a safe downgrade solution is found.


-George

[drieg]

Yes, Drieg, I've realised that Rigol has changed the header format once more.
Even the <Std. header> field has been changed:

Code: [Select]

---------------------------------------------------------------------------
HEX Address: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14
---------------------------------------------------------------------------
    Fields: |<------ Std. header -------->|<-FW rev.->|<-?->|<- CRC32 ->|??|
---------------------------------------------------------------------------
v2.05.01.00: 44 53 31 30 30 30 45 20 20 20 82 85 84 88 C3 7B 47 92 39 C8 7E
v2.05.01.02: 44 53 31 30 30 30 45 20 20 20 82 85 84 82 8B B8 96 41 63 FF 33
v2.05.02.00: 44 53 31 30 30 30 45 20 20 20 82 85 82 88 C0 7E D7 6A 15 B6 B6
v2.06.00.01: 4A E3 3E 5E 1C EA 8D 39 9A 23 82 86 88 84 02 8C E9 A6 50 D0 BC
---------------------------------------------------------------------------

Well, the first 10 bytes, that you call a <Std. header> for whatever reason, are quite easy to guess (hints: CRC32, start with encoded FW version, +2B each iteration).

Unfortunately to complete the hack you also need to find the answers to your quesion marks
Who first will find it, will get a nice present from me for his Rigol scope

[A Hellene]

Thank you for the hints, Drieg.
I'll look into it when I find some time.

By the way, I called the first 10 bytes "Standard Header" because, as far as I know, they had always been the ASCII representation of the string 'DS1000E   ' for the "E" models prior to the latest firmware revision.


-George

[drieg]

...don't waste your time, seems that Rigol made a stupid mistake and forgot to prevent a FW "upgrade" to the same version 

Besides that, I didn't notice any difference between v2.5 and v2.6, at least the menu is very same.

[A Hellene]

Hehe!
Thanks, Drieg!


-George

[Flavour Flave]

...don't waste your time, seems that Rigols made a stupid mistake and forgot to prevent a FW "upgrade" to the same version 

Hi there, Iv'e got a hacked Rigol its 00.02.04 SP1 can I just upgrade it to new firmware? Thanks

[gmdavies]

Hi Drieg. I have some 1052E v2.06 scopes to upgrade. Can you give me a clue as to how to convince the scope to upgrade to an earlier version of firmware so I can run the hack? I have been doing this with 2.05 for a while, but now all the scopes come with 2,06 which doesn't give me the firmware upgrade option when I insert the memory stick. I have modified header or earlier firmware to be same as you show above for 2.06, but scope still doesn't give an upgrade option. All help much appreciated.

[vtl]

Does the screen still have that stupid flicker? Not a big deal but no point in upgrading if it doesn't fix anything.

[gmdavies]

Does the screen still have that stupid flicker? Not a big deal but no point in upgrading if it doesn't fix anything.

Yes, they appear to have fixed the screen flicker problem in 2.06.  Certainly I haven't seen it flicker yet when it did it once a minute or so on 2.05 scopes.

[gmdavies]

...I have modified header or earlier firmware to be same as you show above for 2.06, but scope still doesn't give an upgrade option...

I obviously had my stupid head on yesterday. Have now successfully upgraded a 2.06 scope to 100MHz spec.

For anyone as daft as I was yesterday, here is what I did:

• Take a standard 2.02 SP2 firmware file (from the original upgrading Rigols for Dummies thread) - MD5 Hash: 272086b2037231c62446617436544a77
• Change the first 21 bytes to be same as v2.06 as shown above [4A E3 3E 5E 1C EA 8D 39 9A 23 82 86 88 84 02 8C E9 A6 50 D0 BC]. I used HxD Hex Editor from http://mh-nexus.de/en/hxd/ for this
• Now the file has MD5 hash: 19eb82ab1fa4fe57cc9410f2074e9e67
• Put this file on memory stick, check the MD5 hash and use to downgrade to 2.02 SP2
• Continue to follow the instructions in the original post

Thanks for everyone's patience with a newbie!

[Storeinfinity]

...don't waste your time, seems that Rigol made a stupid mistake and forgot to prevent a FW "upgrade" to the same version 

Besides that, I didn't notice any difference between v2.5 and v2.6, at least the menu is very same.

Great job on the coolest 1052E firmware, I saw the short video. Awesome!

[plasma]

Hi,
Where can I download the Rigol 2.02 SP2 firmware that is english?  I downloaded 2.02 from Rigol and it was in Chinese.  So now my scope shows all menus in chinese.  Thank you.