Did anyone ever try to run their own kernel on these things? That would be interesting as it would open up a nice list of tracing tools - like kprobes, ftrace and so on, which would be very helpful in reversing the scope hardware. The device drivers loaded into the kernel seem pretty simple from what i've seen.
Did anyone ever try to run their own kernel on these things?
I've ran 1 or 2 homemade apps but a kernel ? ?
That's big boys stuff...
Did anyone ever try to run their own kernel on these things?
I've ran 1 or 2 homemade apps but a kernel ? ? That's big boys stuff...
Depends on whether it's a stock kernel, or whether rigol made a lot of modifications. I extracted the devicetree which tells the kernel what devices are living where on which bus, which is a good starting point. I have not received my scope (I ordered a MSO5072 yesterday). Can anyone with a scope check whether /proc/config.gz exists? Pretty unlikely, but you never know...
Looking at the rigol kernel modules it seems like they tried to do everything in userspace, which would be good.
Not sure whether it was already posted in the amount of thread pages, but attached is the devicetree file for the linux kernel. What i can make out of this is:
I2C BUS @e0004000:
0x32: RTC
0x14: Touchscreen
0x1c: TMP421 temperature sensor
0x1d: TMP421
0x52: FRAM
0x1f: ADC #1 adc128d818 (knobs?)
0x35: ADC #2
0x37: ADC #3
Ignore it if that was already posted in this thread somewhere.
The device tree reveals a lot and nothing at the same time. There's no interesting peripherals listed here, the really interesting stuff will be in the PL part of the Zynq-7000.
The device tree reveals a lot and nothing at the same time. There's no interesting peripherals listed here, the really interesting stuff will be in the PL part of the Zynq-7000.
It's at least a starting point to know what drivers are used for the hardware in the kernel. Of course there might be drivers in the kernel that are not listed in the dt that are used by some platform code. One thing i can't find in the upstream kernel is the DPU driver. Which might be possible, as graphics processing might be different in a scope... I can't say about the PL part in the Zynq, i have no knowledge about Zynq FPGAs.
Depends on whether it's a stock kernel, or whether rigol made a lot of modifications.
What is a "stock kernel" in a scope like this?
Look here:
https://gitlab.com/riglol/rigolee/
Can someone attach a screenshot of Bode plot function
OK, let's see if this works... well I made a stupid 2x RC filter on a breadboard and after some trial and error with component values, I managed to make a nice bode plot.
BR, -sjm
I received my MSO5072 today. It came with 01.01.04.04, upgraded to latest firmware, applied the patches. all worked fine. Applying the bpatch was even faster than receiving the free options from Rigol :-). I now modified /rigol/shell/start.sh to automatically start ssh, hope i find some time during the next week
to solder the serial + jtag port...
Many thanks to the people who made that upgrade possible!
Hi all,
I read through a lot of posts of this thread, but there are 68 pages now! On the last couple of pages, I saw that the MSO5000 is pretty easily hackable without a big brick-risk. I am now about to order an MSO5074 or an MSO5104. Both have nearly all software options enabled because of a special offer. The only thing locked is the frequency.
So what I am not sure still is, if the frequencies can also be unlocked with this hack. The 70 Mhz Version is like 200 Euros (net) less, and I need the PLA2216, too. Should I spare myself the money and get the 70Mhz and "hack" as soon as I need more bandwidth, or should I go with the 100Mhz version "just in case"?
And what about the persistence of the hack? Somewhere in the thread, I read that it is gone after a reboot. But I guess this was just a work-in-progress issue during the investigation of a possible hack. Am I right?
A status overview page would be really helpful on this topic for us noobs.
I really appreciate all your efforts! Stay safe!
Martin
Hi all,
I read through a lot of posts of this thread, but there are 68 pages now! On the last couple of pages, I saw that the MSO5000 is pretty easily hackable without a big brick-risk. I am now about to order an MSO5074 or an MSO5104. Both have nearly all software options enabled because of a special offer. The only thing locked is the frequency.
So what I am not sure still is, if the frequencies can also be unlocked with this hack. The 70 Mhz Version is like 200 Euros (net) less, and I need the PLA2216, too. Should I spare myself the money and get the 70Mhz and "hack" as soon as I need more bandwidth, or should I go with the 100Mhz version "just in case"?
And what about the persistence of the hack? Somewhere in the thread, I read that it is gone after a reboot. But I guess this was just a work-in-progress issue during the investigation of a possible hack. Am I right?
A status overview page would be really helpful on this topic for us noobs.
I really appreciate all your efforts! Stay safe!
Martin
MSO5074, the hack works like a charm
Also given the hack is so easy, you will have hard time selling the 100Hz more than the 70Hz, so resale value is not as good for the 100Hz
Hi all,
I read through a lot of posts of this thread, but there are 68 pages now! On the last couple of pages, I saw that the MSO5000 is pretty easily hackable without a big brick-risk. I am now about to order an MSO5074 or an MSO5104. Both have nearly all software options enabled because of a special offer. The only thing locked is the frequency.
So what I am not sure still is, if the frequencies can also be unlocked with this hack. The 70 Mhz Version is like 200 Euros (net) less, and I need the PLA2216, too. Should I spare myself the money and get the 70Mhz and "hack" as soon as I need more bandwidth, or should I go with the 100Mhz version "just in case"?
And what about the persistence of the hack? Somewhere in the thread, I read that it is gone after a reboot. But I guess this was just a work-in-progress issue during the investigation of a possible hack. Am I right?
A status overview page would be really helpful on this topic for us noobs.
I really appreciate all your efforts! Stay safe!
Martin
MSO5074, the hack works like a charm
Also given the hack is so easy, you will have hard time selling the 100Hz more than the 70Hz, so resale value is not as good for the 100Hz
Another option that isn't enabled in the bundle is 200M memory. The 5074 is the best deal out of the MSO5000 line assuming you want 4 probes.
Depends on whether it's a stock kernel, or whether rigol made a lot of modifications.
What is a "stock kernel" in a scope like this?
They run Linux on a commercial chip. It comes with a kernel as a starting point.
They run Linux on a commercial chip. It comes with a kernel as a starting point.
It does but without specific patches and drivers we're far from having a scope. I think when Linus developed the thing he wasn't doing circuit analysis...
...And what about the persistence of the hack? Somewhere in the thread, I read that it is gone after a reboot. But I guess this was just a work-in-progress issue during the investigation of a possible hack. Am I right?
I think you're wrong, I believe the hack makes it as though the MSO5xxx has all the hacked features and they continue through power cycling.
...And what about the persistence of the hack? Somewhere in the thread, I read that it is gone after a reboot. But I guess this was just a work-in-progress issue during the investigation of a possible hack. Am I right?
I think you're wrong, I believe the hack makes it as though the MSO5xxx has all the hacked features and they continue through power cycling.
Sure it does. The hack doesnt resist to a FW upgrade but it resists to reboots!
...
So what I am not sure still is, if the frequencies can also be unlocked with this hack. The 70 Mhz Version is like 200 Euros (net) less, and I need the PLA2216, too. Should I spare myself the money and get the 70Mhz and "hack" as soon as I need more bandwidth, or should I go with the 100Mhz version "just in case"?
...
If you're going the cheap as possible route, I'd suggest NOT doing what I did: I bought an MSO5072 last year on clearance (good thing) and hacked all features including the 2->4 channel upgrade (also good thing). The 2 channel model only comes with 2 probes (less-good thing), which I knew prior to purchase but bought anyway since I had intended to buy a couple higher BW probes anyway (good thing, with max BW hack). But I didn't consider the future resale of my scope and kinda wish I started out with the 4 channel 70MHz model instead since it comes with 4 probes. When I eventually end up selling my scope, I'm NOT going to charge for hacked features, but leaving it as buyer's choice whether or not to undo hacks prior to shipping would help unload it (down the road a while), and having 4 probes to go with it would have been better.
Did we already extract the u-boot image and environment? If so, is there an easy way to do this? Hints are very welcome.
I also tried a Bode plot of the response of a guitar preamp I'm working on...
I also tried a Bode plot of the response of a guitar preamp I'm working on...
preAMP? I see a maximum gain of -22dB, or is there a scaling trick involved?
I also tried a Bode plot of the response of a guitar preamp I'm working on...
preAMP? I see a maximum gain of -22dB, or is there a scaling trick involved?
Hmmm, well it isn't working very well so I suppose there may be a problem, it's more a tone control than a preamp.
Do you need to apply all intermediary patch Or can I go from the 1st one directly to the Last one