Just managed to get to the end of this interesting thread. Some questions if I may, and to recap..
In the beginning, people downloaded the official firmware from Keysight that matched what was already loaded onto their scopes and manually hacked it with a hex editor. Modified files were placed on a FAT16 USB flash drive and the scope was booted from this drive. A warning message was displayed on screen about tampered files, but after clearing this the scope booted and loaded the options you hacked into the firmware. This hack had the advantage that files on the scope itself were not modified, and if you wanted to revert to the stock scope, you just unplugged the USB drive and rebooted. A big plus for those running new scopes, given Keysight have said they'll invalidate the warranty of any scope that's been tampered with.
Then Keysight started releasing firmware updates that would no longer boot from a flash drive (they read these forums too). Forum member PhillyFliers then very kindly released official Keysight firmware that was pre-hacked and could be used to modify the scope. Download links and instructions can be found below post 2603 and onwards. If you read the instructions, they seem to modify software on the scope itself. Keysight have also changed the telnet login, but there's a python script that runs over Ethernet to overcome this obstacle.
https://www.eevblog.com/forum/testgear/dsox2000-and-3000-series-licence-have-anyone-tried-to-hack-that-scope/2600/My questions are:
1. Is it possible to get the firmware from PhillyFliers to run from a USB flash drive (avoiding mods to the scope itself), or is this window now closed?
2. Does the firmware from PhillyFliers give the error message at start-up that has to be cleared, or does the scope boot without warnings?
Thanks.