I would buy one right away... but only if it could be cracked.
I somehow got confused and thought the firmwares were the same, but you are right, not the same hardware.
My interest is in the series 4 and specifically the MSO44.
I have found how most of the licensing works...
It uses an RSA signature in the license file. There is a license database in the scope and the signature is verified in multiple modules.
So it is not really possible to do a keygen unless there is a flaw in the way the signature is verified.
However... just like the Rigol MSO5000 hack, the firmware could be cracked... I am 99% sure I found what to change.
But I would need someone with a MSO44 or MSO46 and some knowledge, to test it.
PS: If there are people with more reverse engineering experience around, you are welcome to join the effort.
Look for the tek::okdb namespace, InstrumentManager object, "verify" function...