Author Topic: The Rigol DS1052E  (Read 622660 times)

0 Members and 2 Guests are viewing this topic.

Offline jakent

  • Newbie
  • Posts: 2
  • Country: us
Re: The Rigol DS1052E
« Reply #425 on: March 29, 2010, 06:37:38 pm »
Are you sure the package is heading towards you? I ordered mine DS1052E from DealExtreme a month ago and it is still out of stock according to the status. It think your status will change to out of stock in a couple of days :(

I'm as sure as I can be, the package was last in Shenzhen, China.  Only the DS1052E was put on this particular order.

Perhaps the Chinese New Year/Spring Festival caused your order to be overlooked?  Things get quite hectic and slow around that time.  This year it fell between Feb 13 to the 19th.
 

Offline JasperNL

  • Contributor
  • Posts: 21
Re: The Rigol DS1052E
« Reply #426 on: March 30, 2010, 10:25:53 am »
 :o...... DealExtreme >:(
The last time I contacted DE they promised me that the package will be shipped ASAP.
But again nothing happend, time to mail again I guess......
Service is very bad, they answer your questions always a week later. And the response you get is useless. Very annoying!   

 
 

Offline EEVblog

  • Administrator
  • *****
  • Posts: 37661
  • Country: au
    • EEVblog
Re: The Rigol DS1052E
« Reply #427 on: March 30, 2010, 11:28:24 am »
Just modded mine, and yep, it works!
Guess what the next blog is going to be about...

Dave.
 

Offline SimonTopic starter

  • Global Moderator
  • *****
  • Posts: 17728
  • Country: gb
  • Did that just blow up? No? might work after all !!
    • Simon's Electronics
Re: The Rigol DS1052E
« Reply #428 on: March 30, 2010, 11:32:23 am »
Rigol will get Hit men after you  ;D
 

Offline anli

  • Newbie
  • Posts: 7
Re: The Rigol DS1052E
« Reply #429 on: March 30, 2010, 11:52:22 am »
Can anybody suggest a hint where to dig in the hack for other RIGOL model sries (DS1022C at my case)? I have tried the same commands, but, say, :INFO:MODEL? returns nothing, :IO:TEST someText doesn't echo. Connection is OK (say, *IDN? and :INFO:SERIAL? do work).
 

Offline SimonTopic starter

  • Global Moderator
  • *****
  • Posts: 17728
  • Country: gb
  • Did that just blow up? No? might work after all !!
    • Simon's Electronics
Re: The Rigol DS1052E
« Reply #430 on: March 30, 2010, 11:56:07 am »
what type of serial cable are you using ? have you followed the rigol manual for connecting the scope to a pc terminal ?
 

Offline darkith

  • Contributor
  • Posts: 11
Re: The Rigol DS1052E
« Reply #431 on: March 30, 2010, 12:08:56 pm »
Can anybody suggest a hint where to dig in the hack for other RIGOL model sries (DS1022C at my case)? I have tried the same commands, but, say, :INFO:MODEL? returns nothing, :IO:TEST someText doesn't echo. Connection is OK (say, *IDN? and :INFO:SERIAL? do work).

This was all made possible by the "hidden commands" that "mxmxmx" found in the DS1000E firmware (see http://www.rcgroups.com/forums/showthread.php?t=663958&page=49#post13549739)

It sounds like he parsed through a firmware file for the acceptable commands, either through just searching for strings, or actually dis-assembling the binary.  You could try that, but there's no guarantee that the DS1000C series used the same method to select model...ie. it could have been done in hardware instead.

D.
 

Offline anli

  • Newbie
  • Posts: 7
Re: The Rigol DS1052E
« Reply #432 on: March 30, 2010, 12:09:39 pm »
I'm under Linux, have used USB connection and Python script as decribed here:

http://www.rcgroups.com/forums/showthread.php?t=663958&page=14
http://www.rcgroups.com/forums/showthread.php?t=663958&page=17

with installed usbtmc kernel driver.

As I have said, other commands do work without any problems, say

Code: [Select]
$ ./rq.py '*IDN?'
SEND *IDN?
RECV RIGOL TECHNOLOGIES,DS1022C,DS1022xxxxxxxxx,03.07.01
RIGOL TECHNOLOGIES,DS1022C,DS1022xxxxxxxxx,03.07.01

$ ./rq.py ':DISPLAY:SCREEN?'
SEND :DISPLAY:SCREEN?
RECV NORMAL
NORMAL

Red "Rmt" lable exists, DSO listens to and executes commands as expected (:RUN, :STOP, and so on).
 

Offline rf-loop

  • Super Contributor
  • ***
  • Posts: 4064
  • Country: fi
  • Born in Finland with DLL21 in hand
Re: The Rigol DS1052E
« Reply #433 on: March 30, 2010, 12:29:14 pm »
Day ago I get new DS1052E from China.
Command modification did NOT work as before!
I have try with many variations how to do.

With these units what I have before all goes ok.

I have not yet find solution with these new. If I try as before, display go sometimes "black" and only button what make anything is power ON/OFF. After this scope continues as DS1052E (serial number it (sometimes) keep as I type it, but it return to 1052). Some times there is only white random scratch over model number row from left to right over display.) One time it was totally difficult to return so that system display was ok.

FW with these new are exactly same 020202

Only difference what I can see is different start of serial number after letters. (first 4 digits... maybe these are some "prefix" what indicate some product revisions?

So I think we need continue more public discussions to push factory make good stop for modifications. We can teach them to do hack proof scopes. Maybe they make nearly "waterproof" next revision. (or this what I have now is just this)

----------
Do NOT try try this modification with RS232 communication if you do not really know how to do this kind of RS232 communication what works perfect. It need work perfect in HW level and it must do without any mistake in data. If you are not really sure how to do reliable trustworth and robust serial connection do not even try. You may seriously damage your oscilloscope. Remember: this use undocumented commands! fail in data may damage your machine nearly as permanently.

Before you do anything with undocumented commands you need (minimum) be sure that communication have no any kind error what may product unwanted transmitted data inside oscilloscope.

Also do not trust Windows/PC RS232 port. It may be out of specifications by many meanings even with voltage levels.
Any missing, extra or wrong data may damage your scope with these undocumented commands.


This is only one small example about RS232 problems with PC and Microsoft (not related to this mod but related to RS232 many kind of possible problems with today computers. (In TTY time it was different):

http://www.home.agilent.com/agilent/editorial.jspx?cc=US&lc=eng&ckey=131609&nid=-35204.0.00&id=131609

"Problems Using RS-232 on Agilent Instruments with Laptop PCs running any Microsoft OS
Symptoms: Timeouts, corrupt data, missing data, error messages while uploading data
"
« Last Edit: April 09, 2010, 02:01:49 pm by rf-loop »
I drive a LEC (low el. consumption) BEV car. Smoke exhaust pipes - go to museum. In Finland quite all electric power is made using nuclear, wind, solar and water.

Wises must compel the mad barbarians to stop their crimes against humanity. Where have the wises gone?
 

Offline anli

  • Newbie
  • Posts: 7
Re: The Rigol DS1052E
« Reply #434 on: March 30, 2010, 12:29:50 pm »
It sounds like he parsed through a firmware file for the acceptable commands, either through just searching for strings, or actually dis-assembling the binary.  You could try that, but there's no guarantee that the DS1000C series used the same method to select model...ie. it could have been done in hardware instead.

D.
I have tried to find something MODEL-related - the only fragment with "model" (case-insensitive context) is:

Code: [Select]
DS1102CD    DS1062CD    DS1042CD    DS1022CD    DS1102C DS1062C
DS1042C DS1022C DS1102MD    DS1062MD    DS1042MD    DS1022MD   
DS1102M DS1062M DS1042M DS1022M DS-5110 DS-5106 DS-5104 DS-5102
Parameter  Trig_Level_K    Trig_Level_M     Gain_A_K1   Gain_A_K2   Gain_B_K1   
Gain_B_K2  Offset_1_A  Offset_1_K  Offset_1_M  Offset_2_A  Offset_2_K  Offset_2_M
ADC_Offset  ADC_A_Offset_1  ADC_B_Offset_1  ADC_A_Offset_2  ADC_B_Offset_2  %6.1f
CH1   %6d   EXT    EXT5     CH2   Trig_Sens_A     =%6.1f  Trig_Sens_K EquMin  =%d
EquTrigDelay    RealTrigDelay   RealTrigOffset  Saving...   %s  SERVICE  Model SerialID
Save   Clear  Power Up     1/2     2/2     System Parameter     Color   About InterploatorScale
Press 'Stop' key to Exit    Press 'AUTO' key to load Default Value  Press 'STOP' key to Exit
 

Offline darkith

  • Contributor
  • Posts: 11
Re: The Rigol DS1052E
« Reply #435 on: March 30, 2010, 01:42:33 pm »
Day ago I get new DS1052E from China.
Command modification did NOT work as before!
I have try with many variations how to do.

With these units what I have before all goes ok.

I have not yet find solution with these new. If I try as before, display go sometimes "black" and only button what make anything is power ON/OFF. After this scope continues as DS1052E (serial number it (sometimes) keep as I type it, but it return to 1052). Some times there is only white random scratch over model number row from left to right over display.) One time it was totally difficult to return so that system display was ok.

FW with these new are exactly same 020202

Only difference what I can see is different start of serial number after letters. (first 4 digits... maybe these are some "prefix" what indicate some product revisions?

So I think we need continue more public discussions to push factory make good stop for modifications. We can teach them to do hack proof scopes. Maybe they make nearly "waterproof" next revision. (or this what I have now is just this)

Wow, are you saying that Rigol has already locked down this hack?  That's pretty quick!

Things that might be worth trying:
-Using a completely valid old DS1102E style serial (think somebody posted one earlier)
-Trying to get hold of a brand-new DS1102E and see what serial they are using now (maybe they just changed the pattern the firmware checks for)

Glad I got my scope shipped from a vendor that had stock on hand.  I'd be careful of ordering from any supplier that might use "directly-from-factory" supply.

D.
 

Offline rf-loop

  • Super Contributor
  • ***
  • Posts: 4064
  • Country: fi
  • Born in Finland with DLL21 in hand
Re: The Rigol DS1052E
« Reply #436 on: March 30, 2010, 01:56:42 pm »
" Wow, are you saying that Rigol has already locked down this hack?"
Not exactly.

Maybe this situation is not (yet) related to hack, maybe it is related only to product revision.
(also I do not believe that this hack is first known outside China. ;) 
 
..... but maybe they have not so open mouth...)
I drive a LEC (low el. consumption) BEV car. Smoke exhaust pipes - go to museum. In Finland quite all electric power is made using nuclear, wind, solar and water.

Wises must compel the mad barbarians to stop their crimes against humanity. Where have the wises gone?
 

Offline darkith

  • Contributor
  • Posts: 11
Re: The Rigol DS1052E
« Reply #437 on: March 30, 2010, 02:05:30 pm »
" Wow, are you saying that Rigol has already locked down this hack?"
Not exactly.

Maybe this situation is not (yet) related to hack, maybe it is related only to product revision.
(also I do not believe that this hack is first known outside China. ;) 
 
..... but maybe they have not so open mouth...)


Laff, gotcha.  Makes sense that it would have been found earlier but kept closely guarded, since some Chinese middlemen have a talent for, shall we say "optimizing the value of goods before reselling them"  :)
Wonder where I could get a DS1102E label to make the front of my scope match it's capabilities....

Have you tried replacing the entire serial with a known-good, older-style DS1102E serial?

D.
 

Offline SimonTopic starter

  • Global Moderator
  • *****
  • Posts: 17728
  • Country: gb
  • Did that just blow up? No? might work after all !!
    • Simon's Electronics
Re: The Rigol DS1052E
« Reply #438 on: March 30, 2010, 05:01:24 pm »
I would think all known 1102 serials have been blocked in the new versions, it is obvious that rigol saw this thread and other mentions on the net pretty quickly, and I'm sure  blocking this hack was simple: just remove the model changing commands from the command set, clearly this was an easy way of choosing later what the scope would be, now they probably have to Flash two different versions of the firmware to the scopes to make the choice ie: it is preobably now hard coded. Perhaps copying the firmware of a 1102 to a 1052 would get around that but then they could put something in like the bios to prevent it being accepted. suerely at some point a new hack will be found but it wil be a case of how far one is willing to go to carry out the mod
 

Offline Mark_O

  • Frequent Contributor
  • **
  • Posts: 939
  • Country: us
Re: The Rigol DS1052E
« Reply #439 on: March 30, 2010, 05:34:50 pm »
Just modded mine, and yep, it works!
Guess what the next blog is going to be about...

Nothing subtle about you, Dave.  :o  Are you planning on rubbing their nose in it, like you did with the "caught with their pants down" incident?  I'm sure that had them ROTF at Rigol HQ.

While you're at it, perhaps you should point out that this really turns the DS1052E into a 150 MHz scope.  If you look at the rise-time results posted by flolic and rf-loop, and sweep tests by Andreas (JimBeam), the performance of the modded units (as well as the stock DS1102E's) definitely meets 150 MHz spec criteria.  (down 3 dB at 160+ MHz, risetimes <2 nS)  Also, the gain flatness is good (i.e., uniform rolloff, with no peaks and valleys, -4.5 dB at 200 MHz).

- Mark
 

Offline Mark_O

  • Frequent Contributor
  • **
  • Posts: 939
  • Country: us
Re: The Rigol DS1052E
« Reply #440 on: March 30, 2010, 05:48:55 pm »
(also I do not believe that this hack is first known outside China. ;)  
..... but maybe they have not so open mouth...)

I agree.

Everyone here seems to want to publicize this in the most public way possible.  Even flaunting it in "reviews" on the Hong Kong websites, with links back to here.  Thus forcing Rigol to take action.  There's lots of things they could do, but I'm not going to enumerate them here, because I don't want to give them any good ideas.  (I work on embedded systems.)

I can understand sharing the good fortune with others, that came from Rigol "leaving the back door open".  Security through obscurity (undocumented commands) is never a good idea.  And many could have benefitted (even Rigol).  But I'm not sure why so many are hell bent on turning this into a "Once upon a time..." story, as soon as possible.  It just seems very immature to me.

- Mark
« Last Edit: March 30, 2010, 06:47:06 pm by Mark_O »
 

Offline darkith

  • Contributor
  • Posts: 11
Re: The Rigol DS1052E
« Reply #441 on: March 30, 2010, 05:51:10 pm »
I would think all known 1102 serials have been blocked in the new versions, it is obvious that rigol saw this thread and other mentions on the net pretty quickly, and I'm sure  blocking this hack was simple: just remove the model changing commands from the command set, clearly this was an easy way of choosing later what the scope would be, now they probably have to Flash two different versions of the firmware to the scopes to make the choice ie: it is preobably now hard coded. Perhaps copying the firmware of a 1102 to a 1052 would get around that but then they could put something in like the bios to prevent it being accepted. suerely at some point a new hack will be found but it wil be a case of how far one is willing to go to carry out the mod

Mmm.  Possibly.  But rf-loop's message seems to suggest that the commands would run, but they just wouldn't "stick".  He said that the serial number sometimes changed, but the model reverted to 1052 or got glitchy, which sounds like previous experiences where people were inputting the commands in the opposite order didn't get them in correctly and the firmware didn't like the mismatched model config.  

I don't know if they'd waste flash space with a list of blacklisted serials....they might change the algorithm (which may be what happened) or just lock out the capability, either remove the commands entirely, or make them "one-time" use only, so that they'd still only need one firmware, and just program them whichever way.

I wonder if perhaps the "model check" based upon the serial number was more sophisticated than just checking the one digit out of the prefix, and newer scopes with a different prefix need more than one character changed?  That's why I'm wondering if the older style serials would work, if as rf-loop suggested it's just a running change and not an actual countermeasure.  

If they did change the verification algorithm, it could be an interesting headache. That would make upgrading existing scopes (hacked or not) tricky/impossible.  And I wonder if the old firmware could be flashed onto these newer scopes.  I'm sure the dedicated "re-badgers" would work quite hard at restoring this capability (thought they would probably keep it secret again).

Ahh well, all speculation.  Though it does make me very curious...  :)

D.
 

Offline Mark_O

  • Frequent Contributor
  • **
  • Posts: 939
  • Country: us
Re: The Rigol DS1052E
« Reply #442 on: March 30, 2010, 06:06:58 pm »
Can anybody suggest a hint where to dig in the hack for other RIGOL model sries (DS1022C at my case)? I have tried the same commands, but, say, :INFO:MODEL? returns nothing, :IO:TEST someText doesn't echo. Connection is OK (say, *IDN? and :INFO:SERIAL? do work).

This was all made possible by the "hidden commands" that "mxmxmx" found in the DS1000E firmware (see http://www.rcgroups.com/forums/showthread.php?t=663958&page=49#post13549739)

It sounds like he parsed through a firmware file for the acceptable commands, either through just searching for strings, or actually dis-assembling the binary.  You could try that, but there's no guarantee that the DS1000C series used the same method to select model...ie. it could have been done in hardware instead.

Anli,

"Can anybody suggest a hint".  mxmxmx found the undocumented commands using a simple string search utility.  I've done the same thing myself.  It's not very hard.

Unfortunately for you, those commands do not exist in the earlier C-series Rigols.  That was a "clever" addition they made to the E and D-series units.  There is no command to either read out or write in a MODEL string on your (older) unit.  So you're not going to turn lead into gold with a SCPI command.  Sorry.

- Mark
« Last Edit: March 30, 2010, 06:09:50 pm by Mark_O »
 

Offline Mark_O

  • Frequent Contributor
  • **
  • Posts: 939
  • Country: us
Re: The Rigol DS1052E
« Reply #443 on: March 30, 2010, 06:23:32 pm »
I would think all known 1102 serials have been blocked in the new versions

You might think that, but you'd be wrong.

Quote
I'm sure  blocking this hack was simple: just remove the model changing commands from the command set

And wrong again.  No need to remove any commands.

Quote
they probably have to Flash two different versions of the firmware to the scopes to make the choice ie: it is preobably now hard coded.

Nope.

Quote
Perhaps copying the firmware of a 1102 to a 1052 would get around that

Nope.  (That info isn't stored in the firmware.)

Quote
suerely at some point a new hack will be found but it wil be a case of how far one is willing to go to carry out the mod

Maybe.  But certainly not "surely".

- Mark
 

Offline SimonTopic starter

  • Global Moderator
  • *****
  • Posts: 17728
  • Country: gb
  • Did that just blow up? No? might work after all !!
    • Simon's Electronics
Re: The Rigol DS1052E
« Reply #444 on: March 30, 2010, 06:29:06 pm »
I would think all known 1102 serials have been blocked in the new versions

You might think that, but you'd be wrong.

Quote
I'm sure  blocking this hack was simple: just remove the model changing commands from the command set

And wrong again.  No need to remove any commands.

Quote
they probably have to Flash two different versions of the firmware to the scopes to make the choice ie: it is preobably now hard coded.

Nope.

Quote
Perhaps copying the firmware of a 1102 to a 1052 would get around that

Nope.  (That info isn't stored in the firmware.)

Quote
suerely at some point a new hack will be found but it wil be a case of how far one is willing to go to carry out the mod

Maybe.  But certainly not "surely".

- Mark


I'm not software expert but I can see how easy the mod was (even I managed it), i'm sure rigol can come up with something more substantial if they put their minds to it
 

Offline Mark_O

  • Frequent Contributor
  • **
  • Posts: 939
  • Country: us
Re: The Rigol DS1052E
« Reply #445 on: March 30, 2010, 06:34:32 pm »
I don't know if they'd... they might change... or just lock out...  I wonder if perhaps...

If they did change... it could be an interesting headache. That would make upgrading existing scopes (hacked or not) tricky/impossible. And I wonder if ...
Ahh well, all speculation. Though it does make me very curious...

Yes, curious indeed.  

Now that the "secret" is out, and being broadcast worldwide, I suggest we turn our discussions to possible ways that Rigol could lock these types of hacks out.  As we come up with each idea for a potential lock, we can look for ways to circumvent it.  Really put our minds to it.  Once we have come up with a methodology that is impervious to hacking, then we can e-mail that to Rigol Engineering.  That will save them a lot of time and trouble implementing weaker solutions.   ::)

I'm not trying to pick on you, darkith.  Just pointing out that public speculation on issues like this are unlikely to be helpful to us in the long run.

- Mark
« Last Edit: March 30, 2010, 06:43:59 pm by Mark_O »
 

Offline Mark_O

  • Frequent Contributor
  • **
  • Posts: 939
  • Country: us
Re: The Rigol DS1052E
« Reply #446 on: March 30, 2010, 06:43:17 pm »
I'm not software expert...

Agreed.

Quote
but I can see how easy the mod was (even I managed it)

You're joking, right?  It was obvious AND easy, in the end, but that didn't stop you from being baffled and delay your "upgrade" for a long time, while you played the "thousand question game".

Quote
i'm sure rigol can come up with something more substantial if they put their minds to it

Oh, absolutely!  Nothing in my comments should be construed otherwise.  They won't even need to think that hard.  I was just pointing out that none of your ideas made any sense.  ;)

- Mark
 

Offline Mark_O

  • Frequent Contributor
  • **
  • Posts: 939
  • Country: us
Re: The Rigol DS1052E
« Reply #447 on: March 30, 2010, 06:57:10 pm »
So I think we need continue more public discussions to push factory make good stop for modifications. We can teach them to do hack proof scopes. Maybe they make nearly "waterproof" next revision. (or this what I have now is just this)

Exactly!  Now that's what I'm talking about.  :)

- Mark
 

Offline darkith

  • Contributor
  • Posts: 11
Re: The Rigol DS1052E
« Reply #448 on: March 30, 2010, 07:18:39 pm »

I'm not trying to pick on you, darkith.  Just pointing out that public speculation on issues like this are unlikely to be helpful to us in the long run.

- Mark


Heck, I should be flattered that you think my speculation is dangerous enough to be unhelpful in the long run.
But, IMHO, the cat is already well out of the bag, and has long left the area.  So, I figured a little speculation on what could be a Mark2 bag (now with kevlar thread?) shouldn't be too harmful.  If Rigol has any decent developers (and they must to have produced a pretty decent scope), they'll quickly realize (or have) the folly of "security through obscurity" and would be smart enough to come up with a reasonable fix to this hack. 

The really annoying thing about this sort of hack is that it's almost a lose-lose.  Spread the information (and in today's age, it'll spread far and wide quickly) and the company will disable it sooner or later.  Keep it secret, and only a handful of privileged people "in the know" will find out about it, and the big abusers will be the shady companies who will buy 1052Es and re-sell them as 1102Es with a new sticker on them.

Similar things happen with the copy-protection/anti-mod hacks on the game consoles (Xboxes, Wiis, etc).

D.
 

Offline mlaargh

  • Contributor
  • Posts: 10
Re: The Rigol DS1052E
« Reply #449 on: March 30, 2010, 08:38:28 pm »
Day ago I get new DS1052E from China.
Command modification did NOT work as before!

Man, that makes me nervous... Did you get yours from DealExtreme? I have one sitting in US customs right now that I ordered through them last Monday. Hopefully my unit will be in the clear! Anyone else have pending deliveries or problems upgrading?
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf