Author Topic: Hacking the Rigol MSO5000 series oscilloscopes  (Read 901304 times)

0 Members and 8 Guests are viewing this topic.

Offline jgmrequel

  • Newbie
  • Posts: 3
  • Country: us
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #625 on: January 13, 2019, 08:52:59 pm »
Has someone tried to verify if the "upgrade" enables also the other two channels on the MSO5XX2?  ^-^

No they haven’t, but tv84 thinks it won’t.  I’m not sure it’s worth saving 90 euros to find out the hard way. Buy the 4 channel model and you get 2 extra 350MHz probes and a warranty that covers all 4 channels.

But it would be interesting to have somebody verify it.

This does in fact work - I've a MSO 5072, FW 01.01.02.03, and channels 3 and 4 get enabled with the fullopt.

I'm catching up on this thread and working on the hardware/firmware myself.
« Last Edit: January 13, 2019, 08:57:51 pm by jgmrequel »
 

Offline seronday

  • Regular Contributor
  • *
  • Posts: 93
  • Country: au
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #626 on: January 14, 2019, 12:54:40 pm »
The corrupted data out of the MSO5074 was found to be caused by varying widths of the Low going data bits in the serial data stream.
At 115200 bits/sec, the nominal bit width is 8.68us.  Some of the Low going bits from the UART interface were down to 3us width.
The over all packet timing was correct, just the width of the low going bits varied.
So depending on when the receiving equipment clocks the data in, it may see either a "0" or "1"

This was solved by feeding the data through an external Pulse stretching circuit to set the minimum bit width correctly.

could you share this external Pulse stretching circuit ?

The second issue of no response to commands was tracked down to an open circuit on the PCB trace from the UART interface connection point.
The Data IN to the MSO5074 goes via a series resistor. This resistor had been left off the circuit board.
In the video #1146 Dave wasn't able to send commands to it either, but then if you where following along on this thread others have tried the UART interface and where able to use it with no problem and no mention of a missing resistor, and if you let it boot completely you should get a root shell without being asked to login, right?

@ helmy.
                Pulse stretching circuit added to original posting

Root access is available as soon as the operating system has been loaded.

If you follow the progress bar that appears on the display of your MSO5000 series when you first turn it ON, at approximately 1/4 of the way along is when the operating system has loaded and root access is available via the UART port.

Regards.
 
The following users thanked this post: helmy

Offline Sprite_tm

  • Newbie
  • Posts: 3
  • Country: cn
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #627 on: January 19, 2019, 04:04:47 pm »
Hi all! Long-time reader, first-time poster. When I read the MSO5000 had a trivially-accessible Linux shell, I pulled the trigger and now have a nice MSO5074 on my desk. Thought I would also add something to the hacking community, although it's quite trite.

So, there's an ancient rule on the Internet that whenever something runs Linux and is hacked, it shall be made to run Doom. I noticed that the fine community of MSO5000 hackers has up till now flagrantly disregarded this rule, so I decided to correct that. I present to you: Doom running on a MSO5000 oscilloscope:



If you want to try this yourself (or look at the sources), feel free to take a gander in the Github repo. It's more-or-less a straight port of prboom, with some hacks in order to support the weird framebuffer hardware the scope has, and to interface with the front panel.
« Last Edit: January 19, 2019, 04:06:37 pm by Sprite_tm »
 

Online Martin72

  • Super Contributor
  • ***
  • Posts: 5670
  • Country: de
  • Testfield Technician
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #628 on: January 19, 2019, 04:47:54 pm »
LOL  :-DD

Offline ebclr

  • Super Contributor
  • ***
  • Posts: 2328
  • Country: 00
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #629 on: January 19, 2019, 05:51:03 pm »
What is the actual state of the MSO5000 hack.

What  I will get if I buy a MSO 5072 and hack it.

I assume 4 chanelss 350 Mhz and all options, Is that True?

Have any one post only guideline on do the Hack ?



 

Offline mikeselectricstuff

  • Super Contributor
  • ***
  • Posts: 13694
  • Country: gb
    • Mike's Electric Stuff
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #630 on: January 19, 2019, 06:34:24 pm »
Hi all! Long-time reader, first-time poster. When I read the MSO5000 had a trivially-accessible Linux shell, I pulled the trigger and now have a nice MSO5074 on my desk. Thought I would also add something to the hacking community, although it's quite trite.

So, there's an ancient rule on the Internet that whenever something runs Linux and is hacked, it shall be made to run Doom. I noticed that the fine community of MSO5000 hackers has up till now flagrantly disregarded this rule, so I decided to correct that. I present to you: Doom running on a MSO5000 oscilloscope:



If you want to try this yourself (or look at the sources), feel free to take a gander in the Github repo. It's more-or-less a straight port of prboom, with some hacks in order to support the weird framebuffer hardware the scope has, and to interface with the front panel.

Sound via the wavegen perhaps?
Youtube channel:Taking wierd stuff apart. Very apart.
Mike's Electric Stuff: High voltage, vintage electronics etc.
Day Job: Mostly LEDs
 

Online TurboTom

  • Super Contributor
  • ***
  • Posts: 1388
  • Country: de
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #631 on: January 19, 2019, 07:40:36 pm »
...
So, there's an ancient rule on the Internet that whenever something runs Linux and is hacked, it shall be made to run Doom. I noticed that the fine community of MSO5000 hackers has up till now flagrantly disregarded this rule, so I decided to correct that. I present to you: Doom running on a MSO5000 oscilloscope:
...

...Delicious!  :-+ ...
 

Offline mrpackethead

  • Super Contributor
  • ***
  • Posts: 2845
  • Country: nz
  • D Size Cell
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #632 on: January 19, 2019, 08:27:51 pm »
What is the actual state of the MSO5000 hack.

What  I will get if I buy a MSO 5072 and hack it.

I assume 4 chanelss 350 Mhz and all options, Is that True?

Have any one post only guideline on do the Hack ?

Yes, you can go from a 5072 --> 4 channel, 350Mhz and all options.     There is a single post in this thread that details how to do it.    But you'll have to go and find it.
On a quest to find increasingly complicated ways to blink things
 

Offline Shodge

  • Contributor
  • Posts: 19
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #633 on: January 19, 2019, 08:28:52 pm »
What is the actual state of the MSO5000 hack.

What  I will get if I buy a MSO 5072 and hack it.

I assume 4 chanelss 350 Mhz and all options, Is that True?

Have any one post only guideline on do the Hack ?

Just received a 5072.....  You get all channels, full bandwidth(350M), all decoding and the AWGs.  At least with the firmware released to date....
See: Reply 404...
Password is ether root or Rigol201... (dependent on the firmware version)...

FYI...
 

Online Martin72

  • Super Contributor
  • ***
  • Posts: 5670
  • Country: de
  • Testfield Technician
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #634 on: January 19, 2019, 09:53:53 pm »
Are the full options "correct" displayed, meaning the installed options table or the before greyed out functions like power analyzing ?

Offline Shodge

  • Contributor
  • Posts: 19
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #635 on: January 20, 2019, 01:22:10 am »
The option table does not change.  However, everything I have tried - works.  I.E the AWG buttons prior to the change brought up a screen saying a license was required - and the function did not come up.  For me with a 5072 - the same occurred when I selected channel 3 or 4.  Now, with the change - all function without any license notification....

FYI...
 
The following users thanked this post: jgmrequel, Martin72

Offline KeBeNe

  • Regular Contributor
  • *
  • Posts: 73
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #636 on: January 20, 2019, 04:21:39 am »
Hi,

here is a sweep and roll from 0Mhz to 2Ghz(FFT),  source R&S SMT06, -10dbm, sweep 9khz to 2ghz for sweep and 9khz to 1ghz for roll, 50ohm hp feed through.

Before the "update" the cut off was at about 120Mhz, then at around 450Mhz



« Last Edit: January 20, 2019, 06:29:23 am by KeBeNe »
 

Offline mrpackethead

  • Super Contributor
  • ***
  • Posts: 2845
  • Country: nz
  • D Size Cell
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #637 on: January 20, 2019, 05:59:32 am »
thanks thats great to see.  I can't make out any units on the pics..
On a quest to find increasingly complicated ways to blink things
 

Offline KeBeNe

  • Regular Contributor
  • *
  • Posts: 73
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #638 on: January 20, 2019, 06:33:42 am »
Have some inscription inserted into the picture.

Does the Rigol at FFT work somehow peak hold? (this works for the Siglent SDS2kX)
 
The following users thanked this post: mrpackethead

Online Martin72

  • Super Contributor
  • ***
  • Posts: 5670
  • Country: de
  • Testfield Technician
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #639 on: January 20, 2019, 10:52:43 am »
The option table does not change.  However, everything I have tried - works.  I.E the AWG buttons prior to the change brought up a screen saying a license was required - and the function did not come up.  For me with a 5072 - the same occurred when I selected channel 3 or 4.  Now, with the change - all function without any license notification....

FYI...

Hmpf, it would be nice (and not so irritating) to have "the official touch" too.

Offline Fungus

  • Super Contributor
  • ***
  • Posts: 16560
  • Country: 00
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #640 on: January 20, 2019, 01:03:19 pm »
What is the actual state of the MSO5000 hack.

What  I will get if I buy a MSO 5072 and hack it.

I assume 4 chanelss 350 Mhz and all options, Is that True?

Yes.

Have any one post only guideline on do the Hack ?

This thread.
 

Online Martin72

  • Super Contributor
  • ***
  • Posts: 5670
  • Country: de
  • Testfield Technician
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #641 on: January 20, 2019, 11:31:33 pm »
Hmpf, it would be nice (and not so irritating) to have "the official touch" too.

How could this be going….

All options enabled is no problem but obviously it takes more changes to display it correct.

Offline mrpackethead

  • Super Contributor
  • ***
  • Posts: 2845
  • Country: nz
  • D Size Cell
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #642 on: January 21, 2019, 12:09:52 am »
So, what else do we need to do to hack this.
On a quest to find increasingly complicated ways to blink things
 

Offline maginnovision

  • Super Contributor
  • ***
  • Posts: 1963
  • Country: us
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #643 on: January 21, 2019, 03:12:49 am »
So, what else do we need to do to hack this.

Find out after the next update.
 

Offline ShortBuss

  • Newbie
  • Posts: 1
  • Country: us
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #644 on: January 22, 2019, 10:46:34 pm »
Rigol MSO5074 Ordered from Tequipment (U.S.A.) Delivered today. Shipped with build date of 2018-10-15 and firmware 00.01.01.02.03. Called Rigol support and asked for a firmware upgrade. Technician stated that 00.01.01.02.03 is the Current firmware in the USA. Expected new firmware in 30 days. root/root login still worked.  >:D FYI
 

Offline tequipment

  • Regular Contributor
  • *
  • Posts: 207
  • Country: us
    • TEquipment
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #645 on: January 22, 2019, 10:50:52 pm »
TEquipment now has over 80 MSO5074 units on order. We are working our best to fulfill orders on a first come, first serve basis. We would suggest placing your pre-order now to get in line, as they will be shipped on a first come, first serve basis.
We currently have the following models in stock if anyone wants something more immediate, please see here: https://www.screencast.com/t/huJDkWJKtIk
If we can help to answer any more detailed questions, please do not hesitate to contact us: salesteam@tequipment.net or direct by phone: 1-877-571-7901

Thank you for all of your patronage and support,

The TEquipment Team


 

Offline tcottle

  • Contributor
  • Posts: 24
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #646 on: January 22, 2019, 10:51:50 pm »
Rigol MSO5074 Ordered from Tequipment (U.S.A.) Delivered today. Shipped with build date of 2018-10-15 and firmware 00.01.01.02.03. Called Rigol support and asked for a firmware upgrade. Technician stated that 00.01.01.02.03 is the Current firmware in the USA. Expected new firmware in 30 days. root/root login still worked.  >:D FYI

Just received mine.  Tequipment order, direct ship from Rigol (Beaverton, OR) Same as above.  Last self cal date is 12/27
 

Online Martin72

  • Super Contributor
  • ***
  • Posts: 5670
  • Country: de
  • Testfield Technician
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #647 on: January 22, 2019, 11:00:01 pm »
Official update will be launched mid/end of february.


Offline mrpackethead

  • Super Contributor
  • ***
  • Posts: 2845
  • Country: nz
  • D Size Cell
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #648 on: January 22, 2019, 11:35:50 pm »
So, other than playing doom, and upgrading to 350Mhz, what else is there to do.

On a quest to find increasingly complicated ways to blink things
 

Offline Rerouter

  • Super Contributor
  • ***
  • Posts: 4694
  • Country: au
  • Question Everything... Except This Statement
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #649 on: January 23, 2019, 02:43:42 am »
Probably digging into it and finding undocumented stuff. E.g. how have they implemented the protocol decoders. As they are done in the screen buffer it likely means others can be added.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf