Hacking the Rigol DHO800/900 Scope

[norbert.kiszka]

That's very nice. But why no exact model was mentioned? Too much to write this detail?

[Gavrila218]

Hello!
I am planning to buy DHO804. As far as I know, it should arrive with firmware 00.01.03.
Please tell me, does this version go up to 924, and is it possible to activate LA?
Thanks in advance!!!

[emoned]

1. This version 1.03 has a bug and it is absolutely necessary to update to the latest 04.
2. In order to "altivate" LA, in addition to software, you will need to solder several elements on the PCB.
All of this is described in the topic.

[Gavrila218]

Hello! Thanks for the information. If it's not too much trouble, please tell me where to look for modification details, there are already 157 pages in this thread that I'll have to study until I'm old)))

[emoned]

There is another way, but it is paid. This one is free.

https://www.eevblog.com/forum/testgear/hacking-the-rigol-dho800900-scope/msg5344076/#msg5344076

[Fungus]

Please tell me, does this version go up to 924, and is it possible to activate LA?

Yes, but there's no connector on the front.

[Gavrila218]

As for the LA connector, I understood (after reading part of this thread) that it can be soldered and it will work. Is that true?

[0x00]

Is the hardware capable of Wake-on-LAN (WoL)?

[norbert.kiszka]

V0.3.1 is released.

It's a free update for those who previously purchased normal or enterprise edition.

Changelog for the v0.3.1:

• Fixed rare and random no waveform in the roll mode
• Fixed LA labels positions when size is changed to small or medium
• Fixed systemui buttons showing only home button instead of three buttons (back, home, recent apps)
• Fixed waveform rendering for low time base when roll mode is off
• Fixed waveform disruption when scope was in the stop mode (but not after singleshot), memory depth was above 62.5M and time base was changed (while scope was still in the stop mode)
• Fixed reason of crash that happened for one user (unable to reproduce) while using screen keyboard
• Fixed arrows in popup windows self-cal and fft
• Unavailable memory depth options in the roll mode now are hidden to avoid confusion
• Scope app now is executed before rigol.launcher will do it, which decreases total boot time by about 5-10s
• Another translation fixes, mostly in untranslated Chinese
• Performance improvements in initrd (CPU now works at full speed from the early boot)
• FPGA boot address is restored to 0x400000
• Multiple optimizations in the Rigol Launcher, especially in the handling physical buttons and knobs (Launcher is handling input from these, not the scope app)
• Removed Rigol opensource document (html) browser, because it was loaded on each app startup and increased it's time. Document contained only lies from the Rigol they said they will sent source code upon request, which they never did
• Removed buggy network settings in the app, since it was taking a lot of system resources and Android settings can be used instead
• Added shortcut to Android network settings in the Utility Settings, which now is the default subpage
• Added previously hidden Utility option: screen saver
• Optimizations in the multiple app functions (in some places execution time decreased from ~5s to ~1s)
• Optimizations in the math functions, mostly FFT. Measured FFT update rate was more than 30% faster
• Optimizations in deinterleaving channels, which gives more waveform updates when there are two or more channels enabled
• Waveform update rate is increased from ~85 k/s to ~100 k/s for 10 kpts, 50 ns/D and linear interpolation
• LA update rate increased to 56 k/s
• Decreased app startup time by about 10%
• Removed unnecessary '/' at the end of displayed values of time scale and vertical scale
• Displayed dot time now has format 0.#, which means it will display proper time like 1.6 ns instead of 2 ns, which was not true
• Many other displayed values will display one or two more decimal numerals (digits after dot)
• Removed insignificant zeros from values displayed on screen
• Increased visibility of trigger sweep mode displayed as a green letter in the top bar
• Installation script now enables dark (night) mode in Android
• Ethernet driver loading (insmod) is moved from start_rigol_app.sh to the bootApp.sh in case of user error in modifying start_rigol_app.sh
• Posix installation script is more human friendly.

Changelog for the v0.3 is twice that long.

Hello. I bought a project V0.2.1 with 125M memory depth, but I don't have time to install it yet. I'll probably make a live usb stick with Debian for easier use.
In the original Rigol application there is a bug related to the overall screen brightness - it doesn't remember it after turning it off and starts at maximum again. Did you manage to fix the problem?

Sorry for the late response. I had coding marathon in which I fixed this (in version 0.3).

Probably You heard too many myths about Linux/GNU. Actually Android is nothing else than Linux, but without GNU part, different GUI and tools. Current popular distributions like Debian works out of the box, which is complete opposite of the Windows, when You need find and install drivers, which often either doesn't work or makes a crash at boot. Couple years ago I was buying and fixing broken laptops - on each one Debian was working without need to change or install anything - not only Live version, but also swapping disk from one computer to another. Installing anything on the Windows with was often a nightmare. With Debian I only need to flash disk image, which saved my many hours of work.

If You have already flashed image on the USB disk, only thing that You need to do is to change boot device (it depends on Your computer, but usually You only need to press one key from F1-F12 on the keyboard at the BIOS screen after powering up) and after that wait about two minutes and it's ready to go. Using Windows today is good for masochists. Now it has 3 times users than 10 years ago, for this and many more reasons, including it's easier than Windows. But people likes myths. I will just wait until somebody will repeat them here.

As for the LA connector, I understood (after reading part of this thread) that it can be soldered and it will work. Is that true?

There is a post somewhere on this forum with many details how to make it and even there is a pinout and differences in the voltages in this socket between DHO800 aand DHO900. I can't find this in my browser bookmarks, but it is somewhere.

Is the hardware capable of Wake-on-LAN (WoL)?

I think no. Maybe if there is such posibility in the used Etherned chip, but that will require modification of DT in SD card and physical modification. However, it's possible to turn it on by switching of external power supply (and changing one setting in the app). I can confirm that works - at least in my mod.

[crysti]

As for the LA connector, I understood (after reading part of this thread) that it can be soldered and it will work. Is that true?

The DHO800 series (including the DHO804) is missing some memory modules and LA connectors from the factory, which are present on the higher-end DHO900 models.

[gastonmariano@gmail.com]

Hello again, I Finaly got the log, and just by chance I got one failing and one working. I am thinking is an SD problem. and randonly works and fails.
what do you think?

[norbert.kiszka]

Hello again, I Finaly got the log, and just by chance I got one failing and one working. I am thinking is an SD problem. and randonly works and fails.
what do you think?

Remove the card, blow some air into the socket and clean contacts on SD card. If this problem will repeat (seeing this log I guess it will do), You have either damaged data on SD card or Your SD card is dying. In such case buy a new one and flash it with a backup image. If this will not help, either You have problem with card socket or a cold joints.

[0x00]

I think no. Maybe if there is such posibility in the used Etherned chip, but that will require modification of DT in SD card and physical modification. However, it's possible to turn it on by switching of external power supply (and changing one setting in the app). I can confirm that works - at least in my mod.

What did you switch on?

[norbert.kiszka]

I think no. Maybe if there is such posibility in the used Etherned chip, but that will require modification of DT in SD card and physical modification. However, it's possible to turn it on by switching of external power supply (and changing one setting in the app). I can confirm that works - at least in my mod.

What did you switch on?

Utility -> Settings -> Power status.

[scopeman]

Norbert I saw the announcement for V3.1 and went to your site. I was looking for the installation instructions before I purchase as I would like to prevue that information.

Any chance you would post a link to that document?

Thank you,

Sam
W3OHM
A DHO924S Owner

[norbert.kiszka]

V3.1

v0.3.1 to be precise.

I was looking for the installation instructions

There is a fully POSIX compatible (Linux, MacOS, FreeBSD, OpenBSD and many many others) script, that does all the job including making backups before the installation. For the Windows, things are not so bright, because this system is complicated as hell (both to develop software or just to use it to do basic things), so I only created two simplified .bat scripts that will reduce workload a bit.

Because many people believe in myths (same human genes when many believed in dark magic) and still use this cr*p (I mean MS software), I started working to do a .GEL package, so when I eventually finish it (which I can't guarantee, because I must bypass Rigol and Google stuff), this will be completely system independent.

If You don't use any POSIX capable system, You can simply use any live system working from USB (I suggest this one), which doesn't require to install any drivers, because in opposite of Windows, everything is preinstalled, from 40 years old devices to newer ones - including most of the GPUs. Just download image, flash it on USB stick, boot computer from it and run this script. 5 seconds of work and 5 minutes of waiting (plus about minute to boot operating system on a computer). Instead of live system, You can use virtual machine (virtualized computer with same or another OS), which some people did.

Script needs only two things. Correct IP of Your oscilloscope and confirm (by pressing enter) to do installation, which will ask after it will create backups. In case of Debian and Debian based systems (which is ~95% of distributions) You don't even need to install adb, because this script will do it. If You know how to use oscilloscope, I guess You are able to put IP address from the keyboard. Nothing more and nothing less.

If You wonder how to hack Android to make this install possible, this script does it (also fully automatically) in about one minute. To be precise, in current version this script has as many code lines as my scope model is, which is 924. About half of those lines, was done to be idiot proof as much as possible and to make working with modifications that Rigol did, without telling to anybody - and they did such in lately sold DHO800/900 (not only different PSU, but also low level OS changes that can't be done in .GEL packages, at least not without some tricks).

So to be clear:
1. Unpack ZIP package.
2. Run the script.
3. Read what the scripts says. Which is practically only this:
4. Put IP address of Your scope and press enter.
5. Wait until backups are finished.
6. Press enter to confirm installation.
7. Wait about 5 minutes.

[scopeman]

Nobert,

That appears to be really slick!

So it looks like I could simply use a ethernet crossover cable to do the physical connection and enter the IP address in a browser and run your scripts!

Sounds easy peasy to me!

Thanks,

Sam
W3OHM
P.S. I need to add this to my every expanding project to do list!

[norbert.kiszka]

scripts

In case of POSIX compatible systems, it's only one script. For Windows it's two.

I just had second person which tried installing from Windows and something failed. Sometimes I can't understand why so many engineers (about 80 %) are still using Windows - there is no single day without at least one problem with it. Personally I gave up with it 20 years ago, when one small bug caused to lost all my data on my hard disk. Back then it was hard to have good software for doing electronics on Linux, but today it's quite the opposite.

[norbert.kiszka]

Patreon (I mean service with this name) again did something very bad.

I figured out what went wrong with this Windows scripts and I made new zip file with fixes to put into Patreon. But page told me that product page editing is disabled and it also told that I should make a new product... In other words, Patreon told me that I should make separate product for one quick fix of one bug and (at least) double charge everybody.

Of course, they don't have any link to their contact page (some similarity to scam pages and big corporations) but quick search with Duckduckgo (much better than Google) finds a page to contact with them. I wrote, if they will not fix it in 24h I will go somewhere else. Which I will do. BTW. In EU it's allowed by law to gave opinions about companies. Once I had issue with one lawyer which assumed that I don't know my laws and he regretted it very quickly - with very bad opinion on web. Even offered me money, which I didn't take, mostly because his conditions were a pure scam - long story.

Speaking of these scripts, If somebody had issues and not reported it for some reason, replace and run fixed scripts as in the txt file with instructions. These fixed scripts are here: http://elektrykplakal.pl/installation_scripts_windows.zip.

[Fungus]

The DHO800 series (including the DHO804) is missing some memory modules and LA connectors from the factory

You don't need the memory though, it works fine without it.

Somebody mentioned you get higher waveforms/sec. with the modules installed but I haven't seen confirmation and they aren't required.

[Songhua]

Great to know that you made some improvements.

BTW, the Rigol MSO5000 has Zone Trigger which is very useful. I haven't found Zone  Trigger on DHO4000 yet. Is it possible to have Zone Trigger on DHO800/DHO900?

[norbert.kiszka]

Great to know that you made some improvements.

BTW, the Rigol MSO5000 has Zone Trigger which is very useful. I haven't found Zone  Trigger on DHO4000 yet. Is it possible to have Zone Trigger on DHO800/DHO900?

There is a dead (unused, because other code doesn't execute it) code for zone trigger.

To test it and eventually put this into usable code, I need:

1. Change code in Assembly. While binary is compiled and I don't have source code, I can't just add something. I can only change existing machine code. For example, if there is a compiled function with switch-case, I just can't simply add another case, because I will overwrite next function or something else - in compiled binaries all functions takes constant size, one after another and there is no free space.

Because of mentioned lack of source code and other limitations, I need to change one single CPU instruction at the beginning of function to a jump into unused code (at way different memory address). In this unused code I need to make a some condition in machine code (kinda Assembly but I can only modify what is already - small mistake in the middle can force me to make a half of it from scratch, which can take hours of work).

2. After making temporary changes, I need to test it.

At first I need to pray, to not have any crash caused by SIGSEGV or any other problem that will require a lot of time to diagnose and to fix small mistake. Mistakes are extremely easy to do, when dealing with executable binary without source code. I know in C (or C++ which I hate) this is extremely harder to make mistake and extremely easier to fix, but I will repeat once more: I don't have source code, only compiled binary, so this is not the case. Maybe someday there will be somebody brave to (somehow) take source code from Rigol, but I have some doubts about that.

I can't say if making this test code will take 15 minutes, 15 hours or 15 days. Because I don't know how many problems I need to face. This is almost like dealing with the extremely big electronic device without schematics and no documentation - You can never know.

Lets say I finished temporary code and it works. Now I need to pray to be any support in FPGA firmware for this trigger and to be working properly. Hacking compiled FPGA binary firmware is at completely another level - so either it will work or it will not and I lost a lot of my time with nothing in return. I never heard of anybody doing FPGA firmware hacking (personally I tried to achieve more than 134 Mpts which is the current maximum, but it was too much time consuming).

One bright side is: FPGA firmware from DHO4000 works 100% properly on my DHO924S, at least what I tested. Only difference I noticed, is when I call unused function that takes some data - in both firmwares it gives slightly different data, but as I said, it's unused anyway. So if one will not work, I can pray for FPGA firmware from DHO4000.

Lets now say, it looks like it's working (which I will repeat - it's not guaranteed). Now I need to test if that change breaks anything, like other triggers, LA, AFG or self-calibration - this last one is the most annoying when it's not working, because testing fixes, requires to run self-cal again and again, which everytime it takes half hour. Not only highly time consuming but also very boring.

Lets say, we had luck and everything looks good. Now I need to create new code for UI to set-up this trigger by regular user (instead of temporary hacks). I need to make almost everything from scratch, every button, switch or input with values to setup from keyboard with limits set appropriately to current conditions. Normal user doesn't see this, unless something doesn't work properly - in such cases what I can only hear are complaints, as if I did it on purpose...

Anyway, to do UI changes, I need to deal with much more annoying languages. Exactly Smali and Android layouts. Believe or not, but whole Android system was made by idiots (Google, You can sue me, Im waiting.). Android become popular, because of marketing and Android-Studio, which is software that allows most stupid people on earth to make an phone app. But this (extremely slowly) generates code that is very far from being professional or easy to maintain. And when You don't have original files that Android Studio created (beside of only apk file, which we all have), it becomes much more difficult to make any changes, often including changes that can look extremely easy to make for somebody who is not a programmer.

There is a lot of people who told me how usable is my mod and how many other changes they want. But try to take one minute and look at another side, which is me. If somebody wants to have some extremely useful functionality, optimizations (everything working 5x faster), bugfixes or any other changes, don't expect to somebody seating one month and doing this for free or half-free. Either do it by Yourself or become a supporter. Currently what I see, support 3$ per moth is too much for most people, but in same time there is a hundreds of users of this series who wants my mod and future changes.

If those things, will not change, upcoming v0.3.2 will be the last release, at least with a new features/optimizations. I just don't want to spend another months doing something that gives almost nothing in return. Hacking existing software without source code is not like a black magic in Hollywood movie, when somebody screams hocus-pocus and suddenly there is a palace.

Finally answering Your question, there is a chance to make it work. But if I will still have so small support as it is today, I will start doing something completely else.

[ptluis]

Great to know that you made some improvements.

BTW, the Rigol MSO5000 has Zone Trigger which is very useful. I haven't found Zone  Trigger on DHO4000 yet. Is it possible to have Zone Trigger on DHO800/DHO900?

....

If I own this scope I certainly support your work because you are doing a wonderful job. You are implementing on a cheap scope features only available on more expensive ones and for 36 bucks year is like a free meal. Since you're already investing quite some time and neurons, create a final release that you can sell with a fixed price. You know society are used to free software 

[norbert.kiszka]

You know society are used to free software

And they think software engineering is simple like a magic in movie, as I said previously.

Speaking of free software. There is a countless open-source developers (or in other word programmers). Many of them are doing completely free software as a job. But they don't live from power of the sun, but rather from donations. Even Google which in last years become a very greedy company (they are even more bad than Rigol is) is still supporting projects like Linux and others. Because without Linux, there is no Google. All (at least most of it) their servers and Android is based on that.

Without new features and bug-fixes in open-source projects, Google and other companies will go bankrupt very quickly. Because of those donations, I can buy a computer where there is not yet (working) driver for a Windows, but everything works with a Linux out of the box - just swap a disk from one computer to other one. Most insane thing in open-sorce are the drivers for GPUs, where there was no documentation (how to communicate for each one feature, which are hundreds) and closed-source driver from manufacturer doesn't work properly - all of it done with extremely tedious reverse engineering. In the end, open-source drivers based on rev. engineering often works much better than "original" ones.

[gabiz_ro]

I'm not in that field of programmers and software.
But reversing some BIOS's and looking at some source code i see sometimes they use asm in some cases and compiler take care and insert that code as is.
Maybe it is a way, for unknown code yet, leave it in assembly and instruct compiler to insert it at required address.
That way you can build it from source code (your project) with assembly (part of original code) inserted in some places to keep offsets, jumps and calls.

You can jump before or in place of switch-cases then depending of case jump back when required and also add extra cases if enough free space.