Hi people. The site https://cn.rigol.com/Support/SoftDownload/3 has a new firmware MSO5000_00.01.01.04.08. Good luck to all.
v00.01.01.04.08 2019/08/02
-Fixed system crashed when clicking Default.
-Fixed 4CH option bug.
-Fixed noise signal captured.
-Improved the measure result updating rate.
-Fixed accurate measurements not updated in ROLL
Not a big upgrade from the notes, no bode plot or high-res fixes.
"4CH option bug" sounds like if you buy the 4-CH option it doesn't work properly? Which could be what I noticed, but it was resolved with a simple self-cal. Surprised someone actually bought it.
The chinese translation version is worded differently: "Fix version 2.3 of the 4CH option, not activated on version 4.4 and later".
Well, it would be interesting to see if the "enhancements" still work with this version of the firmware.
Agreed on it being a fairly short list given it takes 5 months to develop, likely all focus was on the MSO8000 scope launch.
Enhancements "patch" not working with 04.08 but you can downgrade back to 04.04 using the secret menu. while powering on
keep hitting single button
Good to know, as the install instruction doc states that firmware cannot be downgraded.
Not a big upgrade from the notes, no bode plot or high-res fixes.
Don't forget this should fix the overswings on self-cal for every one.
Enhancements "patch" not working with 04.08
Sure. Somebody will need to patch it again and provide a updated patch to the general public.
Good to know, as the install instruction doc states that firmware cannot be downgraded.
It has stated that since the beginning. That will only happen when they change the bootloader.
And, of course, if you have a NAND dump backup, you can always restore it fully to a previous version.
MSO5000_00.01.01.04.08:
#echo "++ Starting telnet daemon"
#telnetd -l /bin/sh
#echo "++ Starting http daemon"
#httpd -h /var/www
#echo "++ Starting ftp daemon"
#tcpsvd 0:21 ftpd ftpd -w /&
#echo "++ Starting ssh daemon"
#/usr/sbin/sshd
Interesting that the K160 FPGA programming is the same as in the MSO8000 FW released a few days ago.
Downgrading from 04.08 back to 04.04 is safe . Tested 100% .
Interesting that the K160 FPGA programming is the same as in the MSO8000 FW released a few days ago.
This makes me think again that 10GS/s is available or actually used on the MSO5000. Not that it would make a huge difference vs 8GS/s, but its interesting thought.
Sort of what I measured in the
other rigol thread, but it could just be software weirdness..
Just a heads up. On a hacked latest firmware the Jitter analysis works
(Did not get eye to work though.)
I leave it to others to prepare a general auto patcher this time, though.
MSO5000_00.01.01.04.08:
Interesting that the K160 FPGA programming is the same as in the MSO8000 FW released a few days ago.
Interestingly, the differences to latest MSO5000 firmware are really pretty minimal:
Changes not staged for commit:
(use "git add/rm <file>..." to update what will be committed)
(use "git checkout -- <file>..." to discard changes in working directory)
modified: firmware/fw4linux.sh
modified: firmware/fw4uboot.sh
deleted: firmware/kerstrel.config
deleted: firmware/kerstrel.dts
modified: firmware/logo.png
modified: firmware/rootfs/rigol/appEntry
modified: firmware/rootfs/rigol/default/cal.hex
modified: firmware/rootfs/rigol/drivers/usbtmc_dev.ko
modified: firmware/rootfs/rigol/resource/appmeta.xml
modified: firmware/rootfs/rigol/resource/boardmeta.xml
modified: firmware/rootfs/rigol/resource/dsometa.xml
deleted: firmware/rootfs/rigol/resource/satable/hori_2g/100K
deleted: firmware/rootfs/rigol/resource/satable/hori_2g/10K
deleted: firmware/rootfs/rigol/resource/satable/hori_2g/10M
deleted: firmware/rootfs/rigol/resource/satable/hori_2g/1K
deleted: firmware/rootfs/rigol/resource/satable/hori_2g/1M
deleted: firmware/rootfs/rigol/resource/satable/hori_2g/25M
deleted: firmware/rootfs/rigol/resource/satable/hori_2g/50M
deleted: firmware/rootfs/rigol/resource/satable/hori_2g/AUTO
deleted: firmware/rootfs/rigol/resource/satable/hori_4g/100K
deleted: firmware/rootfs/rigol/resource/satable/hori_4g/100M
deleted: firmware/rootfs/rigol/resource/satable/hori_4g/10K
deleted: firmware/rootfs/rigol/resource/satable/hori_4g/10M
deleted: firmware/rootfs/rigol/resource/satable/hori_4g/1K
deleted: firmware/rootfs/rigol/resource/satable/hori_4g/1M
deleted: firmware/rootfs/rigol/resource/satable/hori_4g/25M
deleted: firmware/rootfs/rigol/resource/satable/hori_4g/50M
deleted: firmware/rootfs/rigol/resource/satable/hori_4g/AUTO
deleted: firmware/rootfs/rigol/resource/satable/hori_8g/100K
deleted: firmware/rootfs/rigol/resource/satable/hori_8g/100M
deleted: firmware/rootfs/rigol/resource/satable/hori_8g/10K
deleted: firmware/rootfs/rigol/resource/satable/hori_8g/10M
deleted: firmware/rootfs/rigol/resource/satable/hori_8g/1K
deleted: firmware/rootfs/rigol/resource/satable/hori_8g/1M
deleted: firmware/rootfs/rigol/resource/satable/hori_8g/200M
deleted: firmware/rootfs/rigol/resource/satable/hori_8g/25M
deleted: firmware/rootfs/rigol/resource/satable/hori_8g/50M
deleted: firmware/rootfs/rigol/resource/satable/hori_8g/AUTO
modified: firmware/rootfs/rigol/resource/scpi/SYSTem.xml
modified: firmware/rootfs/rigol/shell/start.sh
modified: firmware/rootfs/rigol/tools/spi2cpld
modified: firmware/rootfs/rigol/tools/spi2dev
modified: firmware/rootfs/rigol/tools/spi2k7
modified: firmware/rootfs/rigol/tools/spi2pll
modified: firmware/rootfs/rigol/webcontrol/lib/libpcre.a
modified: firmware/rootfs/rigol/webcontrol/lib/libpcrecpp.a
modified: firmware/rootfs/rigol/webcontrol/lib/libpcreposix.a
modified: firmware/rootfs/rigol/webcontrol/lib/libz.a
modified: firmware/rootfs/rigol/webcontrol/webpages/Help.html
modified: firmware/rootfs/rigol/webcontrol/webpages/images/1.jpg
modified: firmware/zImage
modified: firmware/zynq.bit
Untracked files:
(use "git add <file>..." to include in what will be committed)
GEL/DS8000Update_00.01.01.00.00.GEL
firmware/rootfs/rigol/cups/testPage.bmp
firmware/rootfs/rigol/resource/satable/hori_10g/
firmware/rootfs/rigol/resource/satable/hori_20g/
firmware/rootfs/rigol/resource/satable/hori_2_5g/
firmware/rootfs/rigol/resource/satable/hori_5g/
firmware/rootfs/rigol/resource/satable/hori_5g_100m/
firmware/unknown.config
firmware/unknown.dts
Just a heads up. On a hacked latest firmware the Jitter analysis works (Did not get eye to work though.)
I leave it to others to prepare a general auto patcher this time, though.
Hi mabl
Would you mind posting some images for this in actual operation, mine always crashes after 60 or so seconds then freezes requiring a hard reset.
I have several work colleagues with an opened up 5000 and they all have the same issue.
Firmware is the 04.04 version unit was purchased in April this year and has the build date on Feb 2019, all of the other MSO 5000 exhibit the same issues with the Jitter measurements (also try and engage the histogram) and the eye pattern will not work due to BW limitations I suspect.
The <SO8000 uses 10G/s and 10Mpts for eye pattern measurements I believe.
Remember, that jitter feature is not officially part of the MSO5000. The patch just blindly enables all features there are, I rigged up a simple test with the internal wave generator and firmware 01.01.04.08. See attached file. It feels stable. I guess they invested some effort for the MSO8000 launch and we just profit from that . Also auto baud rate detection works rather well.
Remember, that jitter feature is not officially part of the MSO5000.
I somewhat disagree. If that was the case, the option wouldn't be in the available options for MSO5000 (inside the code).
Maybe they decided to cut it off when deciding the BW versions of the 5000...
Would you mind posting some images for this in actual operation, mine always crashes after 60 or so seconds then freezes requiring a hard reset.
Maybe temperature comes into play... And that's why they decided to lower the sample rate...
alexvg has been investing hard in improving the temps.
Anyone knows if the DS7000 / MSO8000 has better thermal architecture than the one described by alexvg?
https://www.eevblog.com/forum/blog/new-rigol-scope/msg2552004/#msg2552004
So the previous patch for SSH should work on the new firmware. Can anyone confirm that?
Following mabl's lead, all that would be necessary to update the .GEL patch with a new appEntry_01_01_04_04.patch.gz file which locates the same code fragment in the updated appEntry. Then repack...
Correct?
-Stan
So the previous patch for SSH should work on the new firmware. Can anyone confirm that?
Confirmed.
Following mabl's lead, all that would be necessary to update the .GEL patch with a new appEntry_01_01_04_04.patch.gz file which locates the same code fragment in the updated appEntry. Then repack...
You first need a patched appEntry. The license code has changed a bit in wake of the MSO8000 launch I guess. I'm not sure the bit sequences are identical. I just identified the relevant function again and patch it to always return 1. I then copied it over to the scope to /tmp via ssh; marked it executable and then run it. All worked, so I copied it over to /rigol/ on my scope and saved everything with a call to sync.
The patcher is required if others want to have a USB install method. Some pages pack I already provided bspatch/bsdiff compiled with that ancient Xilinx toolchain. That will be a far preferred option than doing that base64 encoding/text patch/decode thingy of my initial patch script. I'm sure based on this others will be able to create a nice solution. I just don't want to commit mass copy right infringements anymore
For now rest assured that hacking the scope is still possible.
On a side node, the self calibration is now absolutely perfect and I can trim the provided probes to a perfectly flat response. Feels even a bit better than the calibration with the (hacked) beta firmware.
Hello community,
just signed up to reply to this amazing thread.
I'm a beginner in hardware hacking and want to understand the hack deeply.
At the moment I don't own a MSO5000.
Nevertheless I want to understand what you did to turn on all functions.
Does anyone know a reference to some kind of walk through, what was patched and how the journey went there?
Best
Remember, that jitter feature is not officially part of the MSO5000. The patch just blindly enables all features there are, I rigged up a simple test with the internal wave generator and firmware 01.01.04.08. See attached file. It feels stable. I guess they invested some effort for the MSO8000 launch and we just profit from that . Also auto baud rate detection works rather well.
Hi mabl
Thank you for sharing
The jitter feature which is now working on your machine has to be related to the new FW, your machine has three more options installed on the jitter tab.
Something to attend to at the weekend!
Can anybody share the new firmware (patched ;-)) with the new Options like Jitter??
I just don't want to commit mass copy right infringements anymore
I don't blame you with sites like hackaday broadcasting the hack out loud. (Meanwhile hypocritically they censored the Tektronix hacks they had)
Thanks for your work though, easy enough to build upon
So here are the notes from what I've gathered so far:
- Connect scope to PC/network with ethernet
- Apply patch to
enable SSH-
SSH into the scope, backup files if needed, then copy appEntry file to your USB (cp /rigol/appEntry /media/sda1/).
- Apply patch to the binary (this part is known by mabl but not public, needs to be figured out)
- Copy this file back to the scope in temporary location, mark as executable (chmod +x appEntry)
- Test run it by using command: ./appEntry $PowerOn -run
- If it works, replace the original appEntry, and sync
Side note: can run 'top' to see CPU usage:
- All channels on or off 4-5%
- Logic analyzer on 5%
- FFT on 60-70%
Just actually got my MS5074 in the mail today. Updated and then replicated mabl's patch for 01.01.04.08
Works all the same.
Also just as easy to modify the web control to report forever as well
I will say, the hardware rev should have the fan fix but it's also infrequently emitting a really high pitch whine that's driving me mad and I'm going to have to replace it. The joys of being on the younger side to hear it.
I'll be nice and attach the bsdiff. But making the gel file is :effort: and I don't need it myself
Edit: Woops, accidentally attached tar copy of the file before. Attachment corrected, can be applied with bspatch
The resulting md5sum of appEntry should be 3f95cb3236b47826e303de960596f966 if you did it right.