Hacking the Rigol MSO5000 series oscilloscopes

[ebastler]

This option mentioned twice without explanation on why whould it not work. There is a speculation that we have a bw limiting settings enabled in frontend ic, maybe activating BW07T5 even partially will disable this limit.

The option list includes options for all Rigol scopes which are based on the same software platform. But that does not imply that all options will work with all members of that scope family. The 500 MHz bandwidth option is apparently supported by the DS7000 and MSO7000 only.

[tv84]

This option mentioned twice without explanation on why whould it not work. There is a speculation that we have a bw limiting settings enabled in frontend ic, maybe activating BW07T5 even partially will disable this limit.

Why do you make a question and then don't follow the answer to what you asked?

Here with 30 seconds search.

If there was anything that could be done in HW, Rigol would easily have released the 5504 model. They had the software prepared for it.

BTW, all that analysis have been done years ago. Nothing has changed.

[Neekeetos]

Why do you make a question and then don't follow the answer to what you asked?

I do follow. As you may have noticed, some time ago i made my measurements replacing low pass filter at ADC. This filter could explain your results even if you changed a model to 500M one. Don't you think it is worth to reconsider again?

[tv84]

I do follow. As you may have noticed, some time ago i made my measurements replacing low pass filter at ADC. This filter could explain your results even if you changed a model to 500M one. Don't you think it is worth to reconsider again?

How much BW you achieved? Remind me please.

But as you can read in the thread, the 470-480 MHz are available to anyone despite not having the 5504 model configured, so I guess if you open the BW a little more you don't need any other software hack.

Of course you cant go to eyes&jitter world because the machine simply doesnt have the horsepower for it.

[Neekeetos]

How much BW you achieved? Remind me please.

But as you can read in the thread, the 470-480 MHz are available to anyone despite not having the 5504 model configured, so I guess if you open the BW a little more you don't need any other software hack.

Of course you cant go to eyes&jitter world because the machine simply doesnt have the horsepower for it.

I got around 100ps of rise time reduction. You can start by looking near my post , where i made my conclusions https://www.eevblog.com/forum/testgear/hacking-the-rigol-mso5000-series-oscilloscopes/msg5175111/#msg5175111  , there are also many actual BW measurements which are missing in your description for 500M model.

[tv84]

Oh, I see. And we have talked in the past... 

Well, my advice still stands.

Although, this is "beyond infinity" territory. Personally I don't think you can get anything more from the software. Unless you go to 7000 FW. BUT the differences should be plenty which might prove that the 7000 won't work anyway.

With a FRAM and NAND backups you can test everything and, if all fails, rollback. But you'll be definitely on your own because nobody will be able to accompany you.

[gbix]

I found that the device has project mode with ssh and ftp daemon

Code: [Select]

    if ( flagInSSHDandTFTPD != 1 )
    {
      system("/usr/sbin/sshd");
      system("tcpsvd 0:21 ftpd ftpd -w /&");
      flagInSSHDandTFTPD = 1;
    }

All that remains is to find which button to launch it 

[Retired2]

Hi,
I have just received a MSO5354 and would like to unlock the “options”.
I received and it is 00.01.03.00.03 and installed from Rigol MSO5000 01.03.03.00 
Firmware: 00.01.03.03.00 Hardware: 01.01.000 Boot: 2018.6.27 Build 2023-02-22

I am using a Windows 11 OS. I used Putty on a Windows Vista connected directly to the RJ45 of each unit. I got into the Rigol web page OK.

I need some help with this.

I have read many of the post and the one I am using is the post on page 105 Reply #2604 on September 14, 2023. I backed up NAND and FRAM –ok.
I installed SSH, removed the pendrive and installed the patch with the gel file, patch.txt and bspatch. Then I got the results below and pressed any key the unit rebooted -- ignoring the gel file as the file has the wrong checksum.
 
I am not sure what I am doing wrong as this fix worked for others.
Can anyone offer suggestions?
Thanks

[Retired2]

My mistake, sorry.
I said "I used Putty on a Windows Vista connected directly to the RJ45 of each unit. I got into the Rigol web page OK."
What i should have said I connected to the rigol web page with the RJ45 on Vista. I used putty to do a SSH connection but got blank results no command lines. So no real results.

[gbix]

you used wrong patch
fw version is 01.03.03.00, but patch is for 01.03.02.02

you must downgrade fw or use patch for your fw

[seronday]

I found that the device has project mode with ssh and ftp daemon

Code: [Select]

    if ( flagInSSHDandTFTPD != 1 )
    {
      system("/usr/sbin/sshd");
      system("tcpsvd 0:21 ftpd ftpd -w /&");
      flagInSSHDandTFTPD = 1;
    }

All that remains is to find which button to launch it 

See  Reply #2307

[gbix]

I found that the device has project mode with ssh and ftp daemon

Code: [Select]

    if ( flagInSSHDandTFTPD != 1 )
    {
      system("/usr/sbin/sshd");
      system("tcpsvd 0:21 ftpd ftpd -w /&");
      flagInSSHDandTFTPD = 1;
    }

All that remains is to find which button to launch it 

See  Reply #2307

Its only for calibration menu, not for ssh

[mabl]

It's the project mode. See #2308.

[DrMefistO]

For those, who asked: this is a new version of rigol_kg.py. Now it can activate MSO5072, enable SSH or uninstall all options.

Code: [Select]

usage: rigol_kg2.py [-h] [-i] [-r] [-u] [-s] ip_addr

positional arguments:
  ip_addr          Rigol MSO5072/MSO5074 IP-address

options:
  -h, --help       show this help message and exit
  -i, --info       Print options status, model and serial then exit
  -r, --regen      Regenerate private key
  -u, --uninstall  Uninstall all options
  -s, --ssh        Activate SSH

[The Doktor]

What version of Python does this use? When I tried to run it, a window flashes up very quickly, and then disappears.

[thm_w]

What version of Python does this use? When I tried to run it, a window flashes up very quickly, and then disappears.

Never run random python scripts without looking at them and understanding what they do.
Use powershell or similar to run the script and view its output: https://realpython.com/run-python-scripts/
"py .\rigol_kg2.py"

It will probably complain about a module you don't have installed.
"py -m pip install requests"
etc.

[zauberpilz]

I'm sorry to disappoint you, but the keygen still doesn't work. 2RL and the bandwidth options are not activated for me. The other options are activated by the BND bundle. With the patch it is no problem to unlock the other options.

[DrMefistO]

Try to uninstall all options first, wait for reboot, then install with regen private key flag.

[zauberpilz]

Does not work too. I also noticed that the display shows "remaining attempts" while attempting to activate. My original BND license can no longer be used, which is why I will always have to rely on the one working patch for an update. "good job" 

Hmmm, ok. I just noticed that your script saves the priv.pem on the PC. But how can I restore this now?

[DrMefistO]

priv.pem is not a backup from the rigol. It's just your own private key for the generation process, like you're the rigol guy itself. Wrote you in pm.

[zauberpilz]

Excellent! Thanks to your short help, everything is now permanently activated. Even after a firmware update. This time it wasn't meant to be sarcastic

GOOD JOB!

[bulba99]

Excellent! Thanks to your short help, everything is now permanently activated. Even after a firmware update. This time it wasn't meant to be sarcastic

GOOD JOB!

What was causing the problem?

[reztek]

No matter if I run the script on a Windows or Linux machine, and what options I use, I always get this:

Code: [Select]

Traceback (most recent call last):
  File "C:\Users\myuser\Downloads\rigol_kg2.py", line 431, in <module>
    main()
  File "C:\Users\myuser\Downloads\rigol_kg2.py", line 380, in main
    model, ser = read_rigol_model_serial(args.ip_addr)
    ^^^^^^^^^^
TypeError: cannot unpack non-iterable NoneType object

[DrMefistO]

No matter if I run the script on a Windows or Linux machine, and what options I use, I always get this:

Code: [Select]

Traceback (most recent call last):
  File "C:\Users\myuser\Downloads\rigol_kg2.py", line 431, in <module>
    main()
  File "C:\Users\myuser\Downloads\rigol_kg2.py", line 380, in main
    model, ser = read_rigol_model_serial(args.ip_addr)
    ^^^^^^^^^^
TypeError: cannot unpack non-iterable NoneType object

Ip addr is correct? Can you ping the device?

[reztek]

Ip addr is correct? Can you ping the device?

Yes, no problem accessing the device whatsoever.