I just wonder why your version displays 9 options instead of 7. The "options" #1 and #2 are always there and not listed on a "normal" MHO98 or MHO900. I.e. they are actually no options.
V0.0.1 is released (https://buymeacoffee.com/norbert.kiszka/e/479030).
Changelog:
- Unlocked all options.
- Unlocked bandwidth 1 GHz (for all MHO900 models).
- Added bandwidth manual options (separately for each channel): 350 MHz, 500 MHz, 800 MHz.
- Optimizations.
- Minimum time base changed to 200 ps.
No license text means everybody can do whatever they want with it.
Same thing I can say to Rigol, because they used somebody else software code without giving a sh*t to license conditions.
Are you saying you have not generated any license codes?
If so, what did you do, by pass the license code checking or something?
I've noticed you are working with MHO934. Will this work on MHO954?Forget that you'll get an answer here. Don't you see that administrator Simon took offense and banned Norbert on November 16, 2025? This is a specific reward for his significant contribution to modifying the broken Rigol software. You can try asking Norbert a question on the Patronite page.
I've noticed you are working with MHO934. Will this work on MHO954?Forget that you'll get an answer here. Don't you see that administrator Simon took offense and banned Norbert on November 16, 2025? This is a specific reward for his significant contribution to modifying the broken Rigol software. You can try asking Norbert a question on the Patronite page.
I've noticed you are working with MHO934. Will this work on MHO954?Forget that you'll get an answer here. Don't you see that administrator Simon took offense and banned Norbert on November 16, 2025? This is a specific reward for his significant contribution to modifying the broken Rigol software. You can try asking Norbert a question on the Patronite page.
I've noticed you are working with MHO934. Will this work on MHO954?Forget that you'll get an answer here. Don't you see that administrator Simon took offense and banned Norbert on November 16, 2025? This is a specific reward for his significant contribution to modifying the broken Rigol software. You can try asking Norbert a question on the Patronite page.
60 bucks for cracked dho800/900 full feature version, and 30 bucks for a non finished cracked version of MHO900 is not a contribution to anybody on this forum. Its a financial contribution to his pocket.
Also who knows if he injected some malware code on the files? He injected some protection code on his "cracks/mods" to not run on several machines.
For me a contribution is something that everybody could use for free.
So not a big contribution.
I've noticed you are working with MHO934. Will this work on MHO954?Forget that you'll get an answer here. Don't you see that administrator Simon took offense and banned Norbert on November 16, 2025? This is a specific reward for his significant contribution to modifying the broken Rigol software. You can try asking Norbert a question on the Patronite page.
60 bucks for cracked dho800/900 full feature version, and 30 bucks for a non finished cracked version of MHO900 is not a contribution to anybody on this forum. Its a financial contribution to his pocket.
Also who knows if he injected some malware code on the files? He injected some protection code on his "cracks/mods" to not run on several machines.
For me a contribution is something that everybody could use for free.
So not a big contribution.
Have you analyzed this software, or are you just fabricating? Norbert can't answer for himself, but you can insinuate.
Nothing comes for free, and knowledge costs money. Have you seen free McDonald's?
I've noticed you are working with MHO934. Will this work on MHO954?Forget that you'll get an answer here. Don't you see that administrator Simon took offense and banned Norbert on November 16, 2025? This is a specific reward for his significant contribution to modifying the broken Rigol software. You can try asking Norbert a question on the Patronite page.
I've noticed you are working with MHO934. Will this work on MHO954?Forget that you'll get an answer here. Don't you see that administrator Simon took offense and banned Norbert on November 16, 2025? This is a specific reward for his significant contribution to modifying the broken Rigol software. You can try asking Norbert a question on the Patronite page.
a) He tried to sell his upgrade hacks here.
b) He was very insulting to people who called him out over certain things.
He got a seven day ban. He'll be back next week (if he wants to).
conduct does exist between crackers and one is that a cracker never charge for his "work" and seek for world recognition.
I even add this little thing: people here post the MHO files for FREE and he take them and rush to release a PAID CRACK, so he got something for free and charge in return? nobody ask him to crack software, he did it because he want to, and because he is a smart guy and know how to do it, but he must realize that nobody here really liked that attitude (except a few guys that didn't realized the seriousness of the action).
The approach to the subject was totally wrong. Seems like he's trying to get a high monthly income from cracking and that's not acceptable.
There are special places to upload cracks and all illegal stuff without compromising others.
He could argue all he can about licences but he messed the rigols code and assume publicly that action.Perhaps because he could be right. As said on my previous post, Android seems to be a diferent, very fuzzy thing. How could lineageOS and other alternative android distros be distributing even privative binary blobs in the open and have no legal problems whatsoever? He said he was able to link a rigol library directly to Debian which means linux kernel-related. So that library would be free software. Just saying. Perhaps it would be wise to shut up and leave any decission to the people that have skin in this game. I would only ask these people to not fall in prejudice and make sure it's really illegal before any banning.
Still need to learn a few things about conduct and yes conduct does exist between crackers and one is that a cracker never charge for his "work" and seek for world recognition.Well sorry to be blunt but this statement is laughable. Have you ever tried to get any automotive software? It doesn't seem to be the case.
conduct does exist between crackers and one is that a cracker never charge for his "work" and seek for world recognition.
So, you're saying, if I understand you correctly; licensing violation and the unauthorised modification of Rigol's software is OK, just so long as the person doing it gives it away for free and/or a pat on the head? It's morally acceptable to shoplift, so long as I give all the goods away for nothing to anyone who asks for them?
Personally, I couldn't care less what he's done. He can face the consequences of his own actions alone, if Rigol 'come for him'. But let's not treat this as if he was somehow exploiting forum members. No one was being forced nor coerced into helping him with, nor buying his 'crack'. Those that did so, did of their own free will, and presumably considered the modest charge to represent good value. If it's not for you, just ignore it.
I fail to see how what Norbert has done here is so much more morally reprehensible and worthy of public 'condemnation', as what has been offered and sought here for years, namely license generators/unlocks. Those could just as easily attract legal 'interest', if Rigol started caring about it.
So, you're saying, if I understand you correctly; licensing violation and the unauthorised modification of Rigol's software is OK, just so long as the person doing it gives it away for free and/or a pat on the head? It's morally acceptable to shoplift, so long as I give all the goods away for nothing to anyone who asks for them?
So, you're saying, if I understand you correctly; licensing violation and the unauthorised modification of Rigol's software is OK, just so long as the person doing it gives it away for free and/or a pat on the head? It's morally acceptable to shoplift, so long as I give all the goods away for nothing to anyone who asks for them?
False equivalence. You have to buy a 'scope from Rigol in order to be able to hack it.
Rigol's done the math and figured out they sell more 'scopes, and therefore make more money because of hacking. Hacking is an integral part of their business model.
Siglent, too.
Bottom line: It's more like supermarkets selling bread at a loss to get people to go shopping there - they lose on the bread but overall they make more money.
Feel free not to do it if you don't want to.
False equivalence. You have to buy a 'scope from Rigol in order to be able to hack it.
Rigol's done the math and figured out they sell more 'scopes, and therefore make more money because of hacking. Hacking is an integral part of their business model.
.............History of what's happened here on EEVblog is also good to know.
He gets banned for hacking, perhaps even cracking: bad karma, and anyone posting any crack/license generator, whatever cracking-related, even for free, should be banned too.
I've noticed you are working with MHO934. Will this work on MHO954?Forget that you'll get an answer here. Don't you see that administrator Simon took offense and banned Norbert on November 16, 2025? This is a specific reward for his significant contribution to modifying the broken Rigol software. You can try asking Norbert a question on the Patronite page.
If Dave and/or the moderatos decide this man has to go, because he's doing something illegal or just because he's insulting people, so be it.
.............History of what's happened here on EEVblog is also good to know.
He gets banned for hacking, perhaps even cracking: bad karma, and anyone posting any crack/license generator, whatever cracking-related, even for free, should be banned too.
Hacks were not posted back in the old days but links to online hacks have always been.
Rigup and RigLOL are 2 old examples.
Dave only needs protect his forum and personal liability at any cost.
Yeah well you're not exactly squeaky clean when it comes to hacking. :P.............History of what's happened here on EEVblog is also good to know.
He gets banned for hacking, perhaps even cracking: bad karma, and anyone posting any crack/license generator, whatever cracking-related, even for free, should be banned too.
Hacks were not posted back in the old days but links to online hacks have always been.
Rigup and RigLOL are 2 old examples.
Dave only needs protect his forum and personal liability at any cost.
The only thing we don't allow here is actual copyrighted/cracked material being uploaded to this server. Anyone is free to post a link to a third party website if they so choose.
Lecroy once threatened legal action against me if I didn't remove this thread:
https://www.eevblog.com/forum/testgear/lecroy-options-recovery/ (https://www.eevblog.com/forum/testgear/lecroy-options-recovery/)
I told them very politely that I would not do that, and that pursuing that would be very bad for their reputation. I didn't hear from them again.
Have you analyzed this software, or are you just fabricating? Norbert can't answer for himself, but you can insinuate.
Nothing comes for free, and knowledge costs money. Have you seen free McDonald's?
It was a temporary ban, and it was not because of the hack or any potential legal issue.
So, you're saying, if I understand you correctly; licensing violation and the unauthorised modification of Rigol's software is OK, just so long as the person doing it gives it away for free and/or a pat on the head? It's morally acceptable to shoplift, so long as I give all the goods away for nothing to anyone who asks for them?
False equivalence. You have to buy a 'scope from Rigol in order to be able to hack it.
Rigol's done the math and figured out they sell more 'scopes, and therefore make more money because of hacking. Hacking is an integral part of their business model.
Siglent, too.
Bottom line: It's more like supermarkets selling bread at a loss to get people to go shopping there - they lose on the bread but overall they make more money.
Feel free not to do it if you don't want to.
You don’t know a single thing about Rigols’ marketing.
So you better stop pretending.
.GEL (installation from USB flashdrive) build and Posix script as in the DHO800/900 mod (system performance changes and Android desktop by Nova launcher with basic apps).
Added UPA option (power analysis).
Changed AFG sine wave max frequency limit up to 350 MHz.
Changed AFG square wave max frequency limit up to 250 MHz.
Changed AFG arbitrary and predefined wave max frequency limit up to 250 MHz.
Changed AFG ramp wave max frequency limit up to 50 MHz.
Code optimizations (lower CPU usage, faster UI and more wfm/s).
hdcode number (/dev/hdcode_gpio) app reads only once and it's cached.
"TestModel" hardcoded (gives advanced settings and more features).
"image header" (model name added to screenshots) disabled by default.
Removed app screen borders.
Removed windows vertical margins.
Changed windows (waveform, XY, math, etc) background from dark gray to black.
Increased space for shortcuts.
Increased margin between vertical elements in bottom bar (normal mode).
Changed background of botom bar in full screen mode from light gray to black.
Fixed some translations.
Removed code loading gif in the app bootsplash, because sometimes it triggered bug in the "Flutter", which caused app crash.
Fixed random Androidx lib crash caused by loading unavailable class View$OnUnhandledKeyEventListener.
Changed Rigol launcher to the same as in the DHO800/900 mod (optimized and modified).
Instant (first) reboot after upgrade from .GEL file.
Quick fix of the waveform cache lock (caused issues with start/stop on CH1).
Ha, so the AFG is actually capable of much higher frequencies than Rigol, by default, allows us to use?
Ha, so the AFG is actually capable of much higher frequencies than Rigol, by default, allows us to use?
Does it have the bandwidth to output that signal?
Does it heat up or burn any components?
Maybe he's bought one in the last few days, but he didn't even have an MHO9xx when initially releasing a hacked firmware.Ha, so the AFG is actually capable of much higher frequencies than Rigol, by default, allows us to use?
Does it have the bandwidth to output that signal?
Does it heat up or burn any components?
You should ask Norbert, he’s the one that noticed it.
I've noticed you are working with MHO934. Will this work on MHO954?Forget that you'll get an answer here. Don't you see that administrator Simon took offense and banned Norbert on November 16, 2025? This is a specific reward for his significant contribution to modifying the broken Rigol software. You can try asking Norbert a question on the Patronite page.
60 bucks for cracked dho800/900 full feature version, and 30 bucks for a non finished cracked version of MHO900 is not a contribution to anybody on this forum. Its a financial contribution to his pocket.
Also who knows if he injected some malware code on the files? He injected some protection code on his "cracks/mods" to not run on several machines.
For me a contribution is something that everybody could use for free.
So not a big contribution.
------------ v0.4.2 ------------
Fixed crash in FFT when time base was switched to 50 ms/D or below.
Fixed randomly displayed reference waveform GND pointer, when no reference was used.
Fixed crash when USB at the back was connected.
UI changes in self calibration to avoid confusion and wrong user decisions.
Unhidden info about the last self-cal date and time.
FFT peak search vertical tab (math popup window) background changed to almost black to increase readability.
Optimizations, mostly in the math functions.
Removed some leftovers of the Rigol license system, which was a huge bottleneck of UI performance.
Removed insignificant zeros in some math displayed values.
Auto button and auto in start menu changes memory depth to auto.
Memory depth in default settings is changed to auto (auto gives max 125 Mpts).
Default interpolation is changed to auto/sinc.
Changed table data from black text on white background to white text on black background to match everything else.
Table data now uses regular font, including header (first line).
Removed unnecessary header from all measurements.
Measurements open/close buttons (icons) are now semitransparent.
Added failsafe loop in Posix installation script in case of network problems or bugs in adb.
Screenshot now are with no header (model name at the left top) by default.
UPA power quality refresh time is lowered to 2 per second.
Added chmod for i2c devices which should prevent from problems with loading settings (from FRAM) at the app startup.
Removed unused dead code from UI (barteksc/pdfviewer).
Increased time to wait for the signal in auto settings (auto button).
Optimizations in various functions.
start_rigol_app.sh checks if there is a file stopstartscope.txt on the connected USB stick, and if there is such file, it stops execution this change should help with the very rare issues with the bootloop without the need of removing internal SD card. Removing USB stick (with mentioned file) will unpause this script.
start_rigol_app.sh checks if there is a file disablescopeapp.txt on the USB stick and in such case it disables scope apps (pm disable com.rigol.scope and pm disable com.rigol.launcher).
start_rigol_app.sh checks if there is a file enablescopeapp.txt on the USB stick and in such case it enables scope apps (pm enable com.rigol.scope and pm enable com.rigol.launcher).
start_rigol_app.sh looks for the apk files in the folder named scopeapk in the USB stick and tries to install all apk files from this directory. After successful installation, file is deleted, otherwise in case of installation failure, file is preserved.
start_rigol_app.sh looks for a files executemeatstart.sh and executemeatend.sh in the USB stick, and executes it as a bash script (no execute permission needed).
------------ v0.4.1 ------------
Fixed AFG not working properly right after restoring settings to default.
Fixed issues with the front panel when mod was installed via .GEL file. Reported by two people and reproduced only on one SD card image.
Fixed external installation script error "Can't find mmc device" (SD card is a MMC type memory), which happened mostly for MacOS users. Added part of the code which was sent by one of users.
Added code (into installation Posix script) from mentioned above user (reworked), to obtain local timezone from other systems, including MacOS.
Increased amount of available probe attenuation ratios when selected unit is A (current).
Insignificant app optimizations.
------------ v0.4 ------------
Fixed not working UPA (power analysis).
LA now works in the roll mode (time base equal or lower than 50 ms/D) - only in the enterprise edition.
Top bar elements now use auto width, which prevents from covering longer text (ex. 123.456mV) and makes more space for more shortcuts.
Vertical scale values for analog channels now are always in white color, which increases readability - before it has same color as waveform, which often caused to be completely unreadable. One exception is in XY, because waveform has completely different color and there are two channels involved.
Added open source scientific calculator.
Changed shortcut "Flex knob" in the top bar to the small and floating version of calculator (on top of the running app). Bigger version can be opened from it and from Android desktop (Nova launcher).
Added open source screen keyboard.
Added open source email client.
Measurements upper part is now below shortcuts in the top bar, so it will not cover half of the shortcuts.
Fixed temporary vertical offset after self calibration (no need to press auto after each self-cal as it was in v0.3.1).
Fixed not working switches start-end in FFT and on/off in UPA (same reason).
Fixed all issues with FFT scale setting.
Fixed issues with waveform exporting.
Fixed SIGSEGV (app crash) at self calibration and after reboot, which was reported only by one person.
Vertical scale for analog channels now is hidden when LA is enabled. Because otherwise those overlap each other.
Increased waveform update rate for the time base higher than 50 ns/D - up to 2.2x.
Multiple optimizations.
Reduced power usage, especially in the roll mode and scan mode.
Math low pass filter minimal possible frequency is 50 times lower.
Math band stop filter minimal frequency is 1000000 lower.
Changed font size to smaller in table data, because there was no enough space for all UPA data.
Changed table data backgrounds for better readability. From "silver" (gray) to light gray and from "medium_sea_green" (between gray and white) to white.
Reverted font in measurements to previous one - B612 wasn't good enough with such small font size.
------------ v0.3.1 ------------
Fixed rare and random no waveform in the roll mode.
Fixed LA labels positions when size is changed to small or medium.
Fixed systemui buttons showing only home button instead of three buttons (back, home, recent apps).
Fixed waveform rendering for low time base when roll mode is off.
Fixed waveform disruption when scope was in the stop mode (but not after singleshot), memory depth was above 62.5M and time base was changed (while scope was still in the stop mode).
Fixed reason of the crash that happened for one user (unable to reproduce) while using screen keyboard.
Fixed arrows in popup windows self-cal and fft.
Unavailable memory depth options in the roll mode now are hidden to avoid confusion.
Scope app now is executed before rigol.launcher will do it, which decreases total boot time by about 5-10s.
Another translation fixes, mostly in untranslated Chinese.
Performance improvements in initrd (CPU now works at full speed from the early boot).
FPGA boot address is restored to 0x400000.
Multiple optimizations in the Rigol Launcher, especially in the handling physical buttons and knobs (Launcher is handling input from these, not the scope app).
Removed Rigol opensource document (html) browser, because it was loaded on each app startup and increased it's time. Document contained only lies from the Rigol they said they will sent source code upon request, which they never did.
Removed buggy network settings in the app, since it was taking a lot of system resources and Android settings can be used instead.
Added shortcut to Android network settings in the Utility Settings, which now is the default subpage.
Added previously hidden Utility option: screen saver.
Optimizations in the multiple app functions (in some places execution time decreased from ~5s to ~1s).
Optimizations in the math functions, mostly FFT. Measured FFT update rate was more than 30% faster.
Optimizations in deinterleaving channels, which gives more waveform updates when there are two or more channels enabled.
Waveform update rate is increased from ~85 k/s to ~100 k/s for 10 kpts, 50 ns/D and linear interpolation.
LA update rate increased to 56 k/s.
Decreased app startup time by about 10%.
Removed unnecessary '/' at the end of displayed values of time scale and vertical scale.
Displayed dot time now has format 0.#, which means it will display proper time like 1.6 ns instead of 2 ns, which was not true.
Many other displayed values will display one or two more decimal numerals (digits after dot).
Removed insignificant zeros from values displayed on screen.
Increased visibility of trigger sweep mode displayed as a green letter in the top bar.
Installation script now enables dark (night) mode in Android.
Ethernet driver loading (insmod) is moved from start_rigol_app.sh to the bootApp.sh in case of user error in modifying start_rigol_app.sh.
Posix installation script is more human friendly.
------------ v0.3 ------------
Increased LA max sample rate from 625 MSa/s to 1.25 Gsa/s (only when all channels are disabled).
When all channels are disabled, LA still can do 1.25 Gsa/s with triggering from any analog channel.
Fixed positions of LA labels.
Fixed positions of LA waveforms.
Fixed waveform offset in the roll mode.
Fixed decoders list that was accidentally broken in v0.2.1
Fixed sample memory management in the roll mode.
Increased size of a spinner elements (dropdown menu) and the text in it.
Partially fixed waveform freeze (FPGA doesn't send trace data) for some settings together with very low time base, by limiting the minimum time base when it's necessary.
Increased maximum time base from 500s to 1000s.
Added selection of interpolation:
- Auto (stock).
- Auto / half sinc.
- Linear (fast).
Added information about the "sinc" value (Horizontal popup window), which is fed to the FPGA in order to drive sinc interpolation (1 = linear interpolation).
Added acquisition mode: fast this gives more waveform update rate, especially with linear interpolation, low memory depth (including auto depth) and when combined with the increased persistence time (Display menu) it's useful when scope is used to catch and diagnose rare signal glitches. Downsides: waveform can be much more flickering than in normal acquisition and system temperature will increase by couple degrees.
Added acquisition mode: slow as the name suggests, this is the opposite of the fast acquisition. It gives more nice (analog) looking signal with much less or no flickering. Combined with the sinc interpolation it's good for preliminary waveform inspection and time domain related measurements. Downside: reduced waveform update rate.
Removed acquisition mode "peak", because it was the same as the normal acquisition.
Many performance optimizations that increase waveform update rate (up to 90 k for 10 kpts, 50 ns/D, linear interpolation and fast acquisition) and decreases app start time (-3 s).
Optimizations in the math functions (including FFT) increased update rate.
Optimizations in the most of SCPI commands (tested with modified DSRemote which gave faster "connection").
Optimizations in the UI (UI is more responsive).
Fixed periodical self tests (voltages, temperatures, etc), because it was assuming that the scope is a DHO4000 instead of DHO800/DHO900.
Periodical self tests now are executed once per 10 seconds instead of once per 3 seconds. This change gives more CPU time for waveform updates, rendering and other things.
Disabled antialiasing in the FPGA which wasn't doing anything.
Increased displayed time offset precision by one digit.
Removed "/div" suffix from the zoom scale info to improve readability.
Optimizations in the self calibration measured time with default settings was 23 minutes.
Optimizations in the histogram.
Optimizations in waveform moving horizontally (time offset) and vertically (voltage offset).
Optimizations in the arbitrary waveform load and export.
Optimizations in the bode plot.
Fixed debug mode in the installation script.
Increased update rate of the automatic measurements.
Measurements thread starts with a delay of 10 seconds instead of 5 seconds, which gives more CPU to other things at a startup.
Moved results bar icon (open/close) higher, because it was partially covering waveform grid time.
Removed "type" from the counter, because mode is always obvious (frequency/period/hits) and this line unnecessarily takes screen area.
Moved mode information text (DC/AC/DC+AC) of the DVM from bottom to the right in order to save screen space.
Vertical scale is now always on the left side, instead of changing it every time when measurements are opened or closed.
Measurement results now uses font B612Mono-Regular (used in Airbus flight deck screens), which is designed to be more easily readable with less eyestrain.
Measurements now are aligned to the bottom of the screen, instead of to the top. Advantages of this change:
- When there are not many measurements opened, those don't cover top-right part of the screen, which allows to use functions listed there (Measure, Cursors, etc) without hiding measurements.
- When there is only one measurement, it covers clock instead of the waveform (main windows area). When there is more, less of the waveform is covered.
- This avoids confusion which can happen in the previous versions when measurement(s) are opened and clock was covered by invisible element, which was preventing from opening Utility window by taping/clicking on the clock.
Corrected English translation.
Corrected Polish translation.
All other languages were removed.
Fixed and improved layouts of some popup windows.
Changed text in the math buttons from M1, M2, M3, M4 to 1, 2, 3, 4.
Removed trailing .0 from displayed probe attenuation.
Measurements now can be expanded/minimized by taping on the right bottom corner. Before it was an visible arrow that took a lot of screen space.
On the lower row, vertical bars between channels, LA and AFG now are little thicker. In case of the channels, current selected channel has a bar with the color of the channel. AFG and LA bars are colorized only when it's enabled.
Changed date format from yyyy/MM/dd to dd.MM.yyyy.
Fixed bug that caused brightness not being saved.
In the start menu, help button (display pdf of Rigol manual) is changed to the Flex Knob settings.
Added timer when the installation script is waiting after scope reboot.
Fixed printing messages in installation script in POSIX systems other than Linux.
Added two Windows scripts to simplify installation from Windows systems.
------------ v0.2.1 ------------
Fixed issue with webcontrol (external access via web browser) which was not starting at boot.
Fixed boot problems which can happen for some scopes.
Fixed installation problems caused by modified Device Tree in newer scopes.
Fixed trigger source spinner (drop down menu list) not showing digital channels.
FPGA ChDlyPointTime value restored to 800 ps just in case (previously it was the same as in DHO4000 which is 250 ps).
Average acquisition memory depth limit now is 25 Mpts for single channel and 12.5 Mpts for two or more channels (previously 1 Mpts in each case).
Removed "bandwidth indicator" from DVM, since DVM bandwidth is always the same as the channel bandwidth and this takes useful space from measurements results.
"Squished" buttons in the navigation list (top right of the screen) now are text buttons.
Rarely used options from navigation list was moved into Start Menu and often used in Start Menu was added to navigation list.
UPA (power analysis) option added to Start Menu as an experimental option.
Increased width of Start Menu for better readability.
Fixed sizes of various popup windows.
Fixed sizes of some spinners (dropdown menus) which was way too big.
XY advanced settings now are always available ("testModel" is hardcoded to always on).
Removed some unnecessary "features" that decreases app performance, like a hardware version checking, since it's hardcoded to DHO4000.
Added more shortcuts to the Start Menu.
Trigger status (top left screen corner) now is also a run/stop button.
Removed unnecessary icons from notification bar.
pm now allows to change app permissions which are "not changeable" or "not requested".
Increased text size in multi windows (all measure, peak search, etc).
Removed unnecessary files that can't be used at all but takes useful space and boot time.
------------ v0.2 ------------
- Fixed issues with the installation.
- Fixed bug (v0.1) that in some cases can cause a crash when app is starting up.
- Two installation methods. One with a fully automated and human friendly posix compatible script and manual.
- Probe attenuation ratio visible at the bottom for each channel.
- Added trigger FlexRay (previously only FlexRay decoding).
- 20 MHz bandwidth filter is no longer forced when real scale is anywhere below 1 mV / D.
- App no longer reads vendor.bin.
- Model, serial number and licenses are hardcoded (DHO924S).
- AFG, LA and four channels are always available - even if the app was installed on the 2 CH scope.
- Added AFE bandwidth filters that can be selected manually for each channel:
- 70 Mhz
- 100 MHz
- 125 MHz
- 400 MHz
- AFG now can go up to 50 MHz for the sine wave.
- Bode plot can operate up to 50 MHz.
- Possibility to change any app into system app and the opposite (previously it caused an error).
- System will now allow to install older versions of apps than previously installed.
- Added experimental decoders (not tested):
- ARINC429
- SENT
- MOST
- USB
Things possible only when installing using attached script (instead of manual installation):
- Oscilloscope app will be executed only once after system boot. Previously, when user closed scope app or it crashed for some reason, it was started back again or it was brought to the front, which could be annoying when using other apps.
- Automated backups before installation.
- Timezone automatically set to Your local timezone.
- Increased system performance which results in more waveform updates per second.
- Basic configuration of Nova, unless it was previously installed.
- /system directory now is writable by default.
- Boot time (from power on to fully working scope app) decreased to 50s (without Nova Launcher it should be couple seconds less).
- Install script can work even if there is more than one Android device connected.
- Script will stop installation only on serious errors. Anyway, it can be re-run again any time.
- Added Nova Launcher (Android desktop) - can be optionally installed.
- Added Android navigation bar. It can be swiped out and swiped back in any time - USB keyboard is no longer needed to switch between apps.
- Optionally, You can configure nu.nav.bar (using icon Navigation Bar in Nova menu) in order to have better and more configurable navigation bar. In the exchange for a little bit of system performance.
- > 60 000 waveform updates per second with 10 kpts and time base 50 ns/D or lower.
- Script can be executed from any working directory.
- Script can run on any POSIX capable operating system (Linux/GNU, BSD/GNU, Mac OS, etc).
- Update possible from any firmware previously installed (previously 00.01.04.00.02 was required).
- Added safe web browser called DuckDuckGo.
- Possibility to change system boot logo to a custom one.
Know bugs:
- When time base is set to 2 ns / D or lower and some other conditions are met, waveform can freeze from time to time or completely. Details: [url]https://www.patreon.com/posts/bug-in-versions-130248117[/url] - Update: partially fixed in v0.3 by limiting lowest time base when necessary.
- [Fixed in v0.3.1] When memory depth is above 62.5 Mpts, signal has very low frequency (10-100 Hz), acquisition mode is normal, there are some points outside of screen, stop button was pressed (stop, not single shot) and time base was changed, it sometimes results with corrupted rendering of a waveform. Workarounds: use single shot or use lower memory than 100 M or don't change time base with this settings.
------------ v0.1 ------------
125 M points memory depth for single analog channel (50 M in the original Rigol app).
62.5 M points memory depth for two analog channels (25 M in the original Rigol app).
31.25 M points memory depth for three or four analog channels (10 M in the original Rigol app).
31.25 M points memory depth for Logic Analyzer with or without single analog channel (25 M in the original Rigol app).
12.5 M points memory depth for Logic Analyzer with two analog channels (10 M in the original Rigol app).
10 M points memory depth for Logic Analyzer with three or four analog channels (1 M in the original Rigol app).
Same memory depth limits applies for auto memory depth setting (1 M in the original Rigol app in each case).
18 memory depth manual options (8 in the original Rigol app).
Improved and more ergonomic GUI.
Space for windows (single waveform window at default settings) is increased up to 91% of screen height.
Acquisition parameters now are displayed as white on black with little bigger and more visible font.
Smallest fonts in various places now are bigger, with some exceptions.
Windows background (waveform, math, etc) is now changed to real black instead of dark gray, which increases readability of waveforms and other data which is actually displayed.
Vertical scale now goes down to 100 uV / D (1x probe ratio). Same as in the higher and more expensive series DHO4000.
System date and time now are always displayed at the right bottom corner.
------------ v0.0.1 ------------
Removed sinc interpolation.
No bandwidth limit from the software side (250 MHz normally and about 1 GHz after removing physical LC filters between AFE and ADC).
Horizontal scale down to 800 ps / div (one div per sample).
I2S trigger / decode.
CAN trigger / decode.
FlexRay decode.
MIL-STD-1553 trigger / decode.
I've noticed you are working with MHO934. Will this work on MHO954?Forget that you'll get an answer here. Don't you see that administrator Simon took offense and banned Norbert on November 16, 2025? This is a specific reward for his significant contribution to modifying the broken Rigol software. You can try asking Norbert a question on the Patronite page.
60 bucks for cracked dho800/900 full feature version, and 30 bucks for a non finished cracked version of MHO900 is not a contribution to anybody on this forum. Its a financial contribution to his pocket.
Also who knows if he injected some malware code on the files? He injected some protection code on his "cracks/mods" to not run on several machines.
For me a contribution is something that everybody could use for free.
So not a big contribution.
hi ptluis,
how old are u? 10 or 15? my eyes itch reading such stupidity.
how much contribution there is from your side to make this device a bit better than what's Rigol delivering?
if the effort is just to spit hatred on others hard work, please go out of here.
this is forum to exchange the passion, not another hate room.
if u yet not understood basic life rules return to playground, mum will certainly take care of your problems.
i'm following this and similar threads wrt new dho series i own since 1 year, also actively supporting Norbert.
i know his social habits and views are a bit off from mainstream, and it hurts me as he in some extend represent me,
my country and nation, but i'm living same env and likely have better understanding of reasons which
might lead to this. any of such give me the right to judge, or demand from him that "contribution is something that
everybody could use for free". back to the point, after this 1 year observation this is one of few who actively invest
private/spare time to boost this crappy scope app. long days and nights. i remember few times chatting with him early
dawn at the days when his firmware was at early stages having problem with my install. leads out he made special
image just for me to overcome the early boot issue with my scope which appeared had multiple stacked flaws from
day 0. i'm using his mod because it's makes difference to this equipment. just to mention its fast acquisition with linear
interpolation, 125M mem depth and fixed auto sampling function which always try to use the fastest possible rate.
here are the release notes from all upto now versions (v0.4.2) for dho800/900 series:
https://www.patreon.com/posts/131407128?utm_id=8b87d88a-3e37-4f17-ad46-6905fa5924fd&utm_medium=email (https://www.patreon.com/posts/131407128?utm_id=8b87d88a-3e37-4f17-ad46-6905fa5924fd&utm_medium=email)Code: [Select]------------ v0.4.2 ------------
Fixed crash in FFT when time base was switched to 50 ms/D or below.
Fixed randomly displayed reference waveform GND pointer, when no reference was used.
Fixed crash when USB at the back was connected.
UI changes in self calibration to avoid confusion and wrong user decisions.
Unhidden info about the last self-cal date and time.
FFT peak search vertical tab (math popup window) background changed to almost black to increase readability.
Optimizations, mostly in the math functions.
Removed some leftovers of the Rigol license system, which was a huge bottleneck of UI performance.
Removed insignificant zeros in some math displayed values.
Auto button and auto in start menu changes memory depth to auto.
Memory depth in default settings is changed to auto (auto gives max 125 Mpts).
Default interpolation is changed to auto/sinc.
Changed table data from black text on white background to white text on black background to match everything else.
Table data now uses regular font, including header (first line).
Removed unnecessary header from all measurements.
Measurements open/close buttons (icons) are now semitransparent.
Added failsafe loop in Posix installation script in case of network problems or bugs in adb.
Screenshot now are with no header (model name at the left top) by default.
UPA power quality refresh time is lowered to 2 per second.
Added chmod for i2c devices which should prevent from problems with loading settings (from FRAM) at the app startup.
Removed unused dead code from UI (barteksc/pdfviewer).
Increased time to wait for the signal in auto settings (auto button).
Optimizations in various functions.
start_rigol_app.sh checks if there is a file stopstartscope.txt on the connected USB stick, and if there is such file, it stops execution this change should help with the very rare issues with the bootloop without the need of removing internal SD card. Removing USB stick (with mentioned file) will unpause this script.
start_rigol_app.sh checks if there is a file disablescopeapp.txt on the USB stick and in such case it disables scope apps (pm disable com.rigol.scope and pm disable com.rigol.launcher).
start_rigol_app.sh checks if there is a file enablescopeapp.txt on the USB stick and in such case it enables scope apps (pm enable com.rigol.scope and pm enable com.rigol.launcher).
start_rigol_app.sh looks for the apk files in the folder named scopeapk in the USB stick and tries to install all apk files from this directory. After successful installation, file is deleted, otherwise in case of installation failure, file is preserved.
start_rigol_app.sh looks for a files executemeatstart.sh and executemeatend.sh in the USB stick, and executes it as a bash script (no execute permission needed).
------------ v0.4.1 ------------
Fixed AFG not working properly right after restoring settings to default.
Fixed issues with the front panel when mod was installed via .GEL file. Reported by two people and reproduced only on one SD card image.
Fixed external installation script error "Can't find mmc device" (SD card is a MMC type memory), which happened mostly for MacOS users. Added part of the code which was sent by one of users.
Added code (into installation Posix script) from mentioned above user (reworked), to obtain local timezone from other systems, including MacOS.
Increased amount of available probe attenuation ratios when selected unit is A (current).
Insignificant app optimizations.
------------ v0.4 ------------
Fixed not working UPA (power analysis).
LA now works in the roll mode (time base equal or lower than 50 ms/D) - only in the enterprise edition.
Top bar elements now use auto width, which prevents from covering longer text (ex. 123.456mV) and makes more space for more shortcuts.
Vertical scale values for analog channels now are always in white color, which increases readability - before it has same color as waveform, which often caused to be completely unreadable. One exception is in XY, because waveform has completely different color and there are two channels involved.
Added open source scientific calculator.
Changed shortcut "Flex knob" in the top bar to the small and floating version of calculator (on top of the running app). Bigger version can be opened from it and from Android desktop (Nova launcher).
Added open source screen keyboard.
Added open source email client.
Measurements upper part is now below shortcuts in the top bar, so it will not cover half of the shortcuts.
Fixed temporary vertical offset after self calibration (no need to press auto after each self-cal as it was in v0.3.1).
Fixed not working switches start-end in FFT and on/off in UPA (same reason).
Fixed all issues with FFT scale setting.
Fixed issues with waveform exporting.
Fixed SIGSEGV (app crash) at self calibration and after reboot, which was reported only by one person.
Vertical scale for analog channels now is hidden when LA is enabled. Because otherwise those overlap each other.
Increased waveform update rate for the time base higher than 50 ns/D - up to 2.2x.
Multiple optimizations.
Reduced power usage, especially in the roll mode and scan mode.
Math low pass filter minimal possible frequency is 50 times lower.
Math band stop filter minimal frequency is 1000000 lower.
Changed font size to smaller in table data, because there was no enough space for all UPA data.
Changed table data backgrounds for better readability. From "silver" (gray) to light gray and from "medium_sea_green" (between gray and white) to white.
Reverted font in measurements to previous one - B612 wasn't good enough with such small font size.
------------ v0.3.1 ------------
Fixed rare and random no waveform in the roll mode.
Fixed LA labels positions when size is changed to small or medium.
Fixed systemui buttons showing only home button instead of three buttons (back, home, recent apps).
Fixed waveform rendering for low time base when roll mode is off.
Fixed waveform disruption when scope was in the stop mode (but not after singleshot), memory depth was above 62.5M and time base was changed (while scope was still in the stop mode).
Fixed reason of the crash that happened for one user (unable to reproduce) while using screen keyboard.
Fixed arrows in popup windows self-cal and fft.
Unavailable memory depth options in the roll mode now are hidden to avoid confusion.
Scope app now is executed before rigol.launcher will do it, which decreases total boot time by about 5-10s.
Another translation fixes, mostly in untranslated Chinese.
Performance improvements in initrd (CPU now works at full speed from the early boot).
FPGA boot address is restored to 0x400000.
Multiple optimizations in the Rigol Launcher, especially in the handling physical buttons and knobs (Launcher is handling input from these, not the scope app).
Removed Rigol opensource document (html) browser, because it was loaded on each app startup and increased it's time. Document contained only lies from the Rigol they said they will sent source code upon request, which they never did.
Removed buggy network settings in the app, since it was taking a lot of system resources and Android settings can be used instead.
Added shortcut to Android network settings in the Utility Settings, which now is the default subpage.
Added previously hidden Utility option: screen saver.
Optimizations in the multiple app functions (in some places execution time decreased from ~5s to ~1s).
Optimizations in the math functions, mostly FFT. Measured FFT update rate was more than 30% faster.
Optimizations in deinterleaving channels, which gives more waveform updates when there are two or more channels enabled.
Waveform update rate is increased from ~85 k/s to ~100 k/s for 10 kpts, 50 ns/D and linear interpolation.
LA update rate increased to 56 k/s.
Decreased app startup time by about 10%.
Removed unnecessary '/' at the end of displayed values of time scale and vertical scale.
Displayed dot time now has format 0.#, which means it will display proper time like 1.6 ns instead of 2 ns, which was not true.
Many other displayed values will display one or two more decimal numerals (digits after dot).
Removed insignificant zeros from values displayed on screen.
Increased visibility of trigger sweep mode displayed as a green letter in the top bar.
Installation script now enables dark (night) mode in Android.
Ethernet driver loading (insmod) is moved from start_rigol_app.sh to the bootApp.sh in case of user error in modifying start_rigol_app.sh.
Posix installation script is more human friendly.
------------ v0.3 ------------
Increased LA max sample rate from 625 MSa/s to 1.25 Gsa/s (only when all channels are disabled).
When all channels are disabled, LA still can do 1.25 Gsa/s with triggering from any analog channel.
Fixed positions of LA labels.
Fixed positions of LA waveforms.
Fixed waveform offset in the roll mode.
Fixed decoders list that was accidentally broken in v0.2.1
Fixed sample memory management in the roll mode.
Increased size of a spinner elements (dropdown menu) and the text in it.
Partially fixed waveform freeze (FPGA doesn't send trace data) for some settings together with very low time base, by limiting the minimum time base when it's necessary.
Increased maximum time base from 500s to 1000s.
Added selection of interpolation:
- Auto (stock).
- Auto / half sinc.
- Linear (fast).
Added information about the "sinc" value (Horizontal popup window), which is fed to the FPGA in order to drive sinc interpolation (1 = linear interpolation).
Added acquisition mode: fast this gives more waveform update rate, especially with linear interpolation, low memory depth (including auto depth) and when combined with the increased persistence time (Display menu) it's useful when scope is used to catch and diagnose rare signal glitches. Downsides: waveform can be much more flickering than in normal acquisition and system temperature will increase by couple degrees.
Added acquisition mode: slow as the name suggests, this is the opposite of the fast acquisition. It gives more nice (analog) looking signal with much less or no flickering. Combined with the sinc interpolation it's good for preliminary waveform inspection and time domain related measurements. Downside: reduced waveform update rate.
Removed acquisition mode "peak", because it was the same as the normal acquisition.
Many performance optimizations that increase waveform update rate (up to 90 k for 10 kpts, 50 ns/D, linear interpolation and fast acquisition) and decreases app start time (-3 s).
Optimizations in the math functions (including FFT) increased update rate.
Optimizations in the most of SCPI commands (tested with modified DSRemote which gave faster "connection").
Optimizations in the UI (UI is more responsive).
Fixed periodical self tests (voltages, temperatures, etc), because it was assuming that the scope is a DHO4000 instead of DHO800/DHO900.
Periodical self tests now are executed once per 10 seconds instead of once per 3 seconds. This change gives more CPU time for waveform updates, rendering and other things.
Disabled antialiasing in the FPGA which wasn't doing anything.
Increased displayed time offset precision by one digit.
Removed "/div" suffix from the zoom scale info to improve readability.
Optimizations in the self calibration measured time with default settings was 23 minutes.
Optimizations in the histogram.
Optimizations in waveform moving horizontally (time offset) and vertically (voltage offset).
Optimizations in the arbitrary waveform load and export.
Optimizations in the bode plot.
Fixed debug mode in the installation script.
Increased update rate of the automatic measurements.
Measurements thread starts with a delay of 10 seconds instead of 5 seconds, which gives more CPU to other things at a startup.
Moved results bar icon (open/close) higher, because it was partially covering waveform grid time.
Removed "type" from the counter, because mode is always obvious (frequency/period/hits) and this line unnecessarily takes screen area.
Moved mode information text (DC/AC/DC+AC) of the DVM from bottom to the right in order to save screen space.
Vertical scale is now always on the left side, instead of changing it every time when measurements are opened or closed.
Measurement results now uses font B612Mono-Regular (used in Airbus flight deck screens), which is designed to be more easily readable with less eyestrain.
Measurements now are aligned to the bottom of the screen, instead of to the top. Advantages of this change:
- When there are not many measurements opened, those don't cover top-right part of the screen, which allows to use functions listed there (Measure, Cursors, etc) without hiding measurements.
- When there is only one measurement, it covers clock instead of the waveform (main windows area). When there is more, less of the waveform is covered.
- This avoids confusion which can happen in the previous versions when measurement(s) are opened and clock was covered by invisible element, which was preventing from opening Utility window by taping/clicking on the clock.
Corrected English translation.
Corrected Polish translation.
All other languages were removed.
Fixed and improved layouts of some popup windows.
Changed text in the math buttons from M1, M2, M3, M4 to 1, 2, 3, 4.
Removed trailing .0 from displayed probe attenuation.
Measurements now can be expanded/minimized by taping on the right bottom corner. Before it was an visible arrow that took a lot of screen space.
On the lower row, vertical bars between channels, LA and AFG now are little thicker. In case of the channels, current selected channel has a bar with the color of the channel. AFG and LA bars are colorized only when it's enabled.
Changed date format from yyyy/MM/dd to dd.MM.yyyy.
Fixed bug that caused brightness not being saved.
In the start menu, help button (display pdf of Rigol manual) is changed to the Flex Knob settings.
Added timer when the installation script is waiting after scope reboot.
Fixed printing messages in installation script in POSIX systems other than Linux.
Added two Windows scripts to simplify installation from Windows systems.
------------ v0.2.1 ------------
Fixed issue with webcontrol (external access via web browser) which was not starting at boot.
Fixed boot problems which can happen for some scopes.
Fixed installation problems caused by modified Device Tree in newer scopes.
Fixed trigger source spinner (drop down menu list) not showing digital channels.
FPGA ChDlyPointTime value restored to 800 ps just in case (previously it was the same as in DHO4000 which is 250 ps).
Average acquisition memory depth limit now is 25 Mpts for single channel and 12.5 Mpts for two or more channels (previously 1 Mpts in each case).
Removed "bandwidth indicator" from DVM, since DVM bandwidth is always the same as the channel bandwidth and this takes useful space from measurements results.
"Squished" buttons in the navigation list (top right of the screen) now are text buttons.
Rarely used options from navigation list was moved into Start Menu and often used in Start Menu was added to navigation list.
UPA (power analysis) option added to Start Menu as an experimental option.
Increased width of Start Menu for better readability.
Fixed sizes of various popup windows.
Fixed sizes of some spinners (dropdown menus) which was way too big.
XY advanced settings now are always available ("testModel" is hardcoded to always on).
Removed some unnecessary "features" that decreases app performance, like a hardware version checking, since it's hardcoded to DHO4000.
Added more shortcuts to the Start Menu.
Trigger status (top left screen corner) now is also a run/stop button.
Removed unnecessary icons from notification bar.
pm now allows to change app permissions which are "not changeable" or "not requested".
Increased text size in multi windows (all measure, peak search, etc).
Removed unnecessary files that can't be used at all but takes useful space and boot time.
------------ v0.2 ------------
- Fixed issues with the installation.
- Fixed bug (v0.1) that in some cases can cause a crash when app is starting up.
- Two installation methods. One with a fully automated and human friendly posix compatible script and manual.
- Probe attenuation ratio visible at the bottom for each channel.
- Added trigger FlexRay (previously only FlexRay decoding).
- 20 MHz bandwidth filter is no longer forced when real scale is anywhere below 1 mV / D.
- App no longer reads vendor.bin.
- Model, serial number and licenses are hardcoded (DHO924S).
- AFG, LA and four channels are always available - even if the app was installed on the 2 CH scope.
- Added AFE bandwidth filters that can be selected manually for each channel:
- 70 Mhz
- 100 MHz
- 125 MHz
- 400 MHz
- AFG now can go up to 50 MHz for the sine wave.
- Bode plot can operate up to 50 MHz.
- Possibility to change any app into system app and the opposite (previously it caused an error).
- System will now allow to install older versions of apps than previously installed.
- Added experimental decoders (not tested):
- ARINC429
- SENT
- MOST
- USB
Things possible only when installing using attached script (instead of manual installation):
- Oscilloscope app will be executed only once after system boot. Previously, when user closed scope app or it crashed for some reason, it was started back again or it was brought to the front, which could be annoying when using other apps.
- Automated backups before installation.
- Timezone automatically set to Your local timezone.
- Increased system performance which results in more waveform updates per second.
- Basic configuration of Nova, unless it was previously installed.
- /system directory now is writable by default.
- Boot time (from power on to fully working scope app) decreased to 50s (without Nova Launcher it should be couple seconds less).
- Install script can work even if there is more than one Android device connected.
- Script will stop installation only on serious errors. Anyway, it can be re-run again any time.
- Added Nova Launcher (Android desktop) - can be optionally installed.
- Added Android navigation bar. It can be swiped out and swiped back in any time - USB keyboard is no longer needed to switch between apps.
- Optionally, You can configure nu.nav.bar (using icon Navigation Bar in Nova menu) in order to have better and more configurable navigation bar. In the exchange for a little bit of system performance.
- > 60 000 waveform updates per second with 10 kpts and time base 50 ns/D or lower.
- Script can be executed from any working directory.
- Script can run on any POSIX capable operating system (Linux/GNU, BSD/GNU, Mac OS, etc).
- Update possible from any firmware previously installed (previously 00.01.04.00.02 was required).
- Added safe web browser called DuckDuckGo.
- Possibility to change system boot logo to a custom one.
Know bugs:
- When time base is set to 2 ns / D or lower and some other conditions are met, waveform can freeze from time to time or completely. Details: [url]https://www.patreon.com/posts/bug-in-versions-130248117[/url] - Update: partially fixed in v0.3 by limiting lowest time base when necessary.
- [Fixed in v0.3.1] When memory depth is above 62.5 Mpts, signal has very low frequency (10-100 Hz), acquisition mode is normal, there are some points outside of screen, stop button was pressed (stop, not single shot) and time base was changed, it sometimes results with corrupted rendering of a waveform. Workarounds: use single shot or use lower memory than 100 M or don't change time base with this settings.
------------ v0.1 ------------
125 M points memory depth for single analog channel (50 M in the original Rigol app).
62.5 M points memory depth for two analog channels (25 M in the original Rigol app).
31.25 M points memory depth for three or four analog channels (10 M in the original Rigol app).
31.25 M points memory depth for Logic Analyzer with or without single analog channel (25 M in the original Rigol app).
12.5 M points memory depth for Logic Analyzer with two analog channels (10 M in the original Rigol app).
10 M points memory depth for Logic Analyzer with three or four analog channels (1 M in the original Rigol app).
Same memory depth limits applies for auto memory depth setting (1 M in the original Rigol app in each case).
18 memory depth manual options (8 in the original Rigol app).
Improved and more ergonomic GUI.
Space for windows (single waveform window at default settings) is increased up to 91% of screen height.
Acquisition parameters now are displayed as white on black with little bigger and more visible font.
Smallest fonts in various places now are bigger, with some exceptions.
Windows background (waveform, math, etc) is now changed to real black instead of dark gray, which increases readability of waveforms and other data which is actually displayed.
Vertical scale now goes down to 100 uV / D (1x probe ratio). Same as in the higher and more expensive series DHO4000.
System date and time now are always displayed at the right bottom corner.
------------ v0.0.1 ------------
Removed sinc interpolation.
No bandwidth limit from the software side (250 MHz normally and about 1 GHz after removing physical LC filters between AFE and ADC).
Horizontal scale down to 800 ps / div (one div per sample).
I2S trigger / decode.
CAN trigger / decode.
FlexRay decode.
MIL-STD-1553 trigger / decode.
show me your contribution, dude. start with the free one.
best regards
Piotr
As to that being "illegal", not really. Reverse engineering is not illegal and anyone is normally free to do whatever they want to products they have bought.It depends. For personal use, probably yes. But if you want to share, then, for example, in the US you can potentially get several years of prison because you'll violate the DMCA. I'm sure it can be similar in many other countries. In any case, should Rigol decide to lift a finger, the respective Patreon account will be gone in no time.
As to that being "illegal", not really. Reverse engineering is not illegal and anyone is normally free to do whatever they want to products they have bought.It depends. For personal use, probably yes. But if you want to share, then, for example, in the US you can potentially get several years of prison because you'll violate the DMCA. I'm sure it can be similar in many other countries. In any case, should Rigol decide to lift a finger, the respective Patreon account will be gone in no time.
Speaking of the ethical side of things, IMO, selling hacks for money is not good. It goes against the de facto approach that have long been observed in the community, generally speaking.
As far as mods/improvements to the rest of the software go, well, why not. It won't be as welcome as free for all with a donation option, but there's nothing inherently wrong in that.
So it would probably be better to keep the two separate.
besides norbert has already been well paid for his crack that took him a few minutes.
I think I'm going to buy his crack and post a link for everybody to download it for free!
I think I'm going to buy his crack and post a link for everybody to download it for free!How low can one go…
how do you crack potheads feel about it? it would be really cool right?
how do you norbert feel about it? (you may answer when you got back from your punishment)
You can't sue me because oops! it's not your code!
Quotebesides norbert has already been well paid for his crack that took him a few minutes.
did you realize this is not a coffee bar chat? and your words represent you? did you care?
it maybe took him 5 minutes because most of the firmware and hw is shared
between Rigol's 12-bit series :palm:QuoteI think I'm going to buy his crack and post a link for everybody to download it for free!
oh, said one who just post earlier insulted me with being used to technology piracy :palm:
anyway, i highly encourage you to go for it. it will barely help others as his firmware is somewhat piracy protected from losers like you, but maybe you just realize to what extend you wasted your life if others can archieve this supremacy in 5 minutes :clap:
i appologize to the forum for feeding this, was my last word in topic. if anyone from Poland or EU wants to evaluate this firmware mod v0.4.2 on dho804 and has time, equipment and knowledge, please contact me PM and we will settle the details.
warm regards
Piotr
I think I'm going to buy his crack and post a link for everybody to download it for free!How low can one go…
how do you crack potheads feel about it? it would be really cool right?
how do you norbert feel about it? (you may answer when you got back from your punishment)
You can't sue me because oops! it's not your code!
Keep your word and finally shut up, conquistador.Quotebesides norbert has already been well paid for his crack that took him a few minutes.
did you realize this is not a coffee bar chat? and your words represent you? did you care?
it maybe took him 5 minutes because most of the firmware and hw is shared
between Rigol's 12-bit series :palm:QuoteI think I'm going to buy his crack and post a link for everybody to download it for free!
oh, said one who just post earlier insulted me with being used to technology piracy :palm:
anyway, i highly encourage you to go for it. it will barely help others as his firmware is somewhat piracy protected from losers like you, but maybe you just realize to what extend you wasted your life if others can archieve this supremacy in 5 minutes :clap:
i appologize to the forum for feeding this, was my last word in topic. if anyone from Poland or EU wants to evaluate this firmware mod v0.4.2 on dho804 and has time, equipment and knowledge, please contact me PM and we will settle the details.
warm regards
Piotr
You are the one who call me stupid.
So you're assuming his crack is piracy protected! This is hilarious!
And no more talk with you also.
For all others on this forum I'm done with this subject, i don't want to monopolize your time and hate about this subject. Most of you already get it why my behaviour about this kind of activities.
Keep your word and finally shut up, conquistador.Quotebesides norbert has already been well paid for his crack that took him a few minutes.
did you realize this is not a coffee bar chat? and your words represent you? did you care?
it maybe took him 5 minutes because most of the firmware and hw is shared
between Rigol's 12-bit series :palm:QuoteI think I'm going to buy his crack and post a link for everybody to download it for free!
oh, said one who just post earlier insulted me with being used to technology piracy :palm:
anyway, i highly encourage you to go for it. it will barely help others as his firmware is somewhat piracy protected from losers like you, but maybe you just realize to what extend you wasted your life if others can archieve this supremacy in 5 minutes :clap:
i appologize to the forum for feeding this, was my last word in topic. if anyone from Poland or EU wants to evaluate this firmware mod v0.4.2 on dho804 and has time, equipment and knowledge, please contact me PM and we will settle the details.
warm regards
Piotr
You are the one who call me stupid.
So you're assuming his crack is piracy protected! This is hilarious!
And no more talk with you also.
For all others on this forum I'm done with this subject, i don't want to monopolize your time and hate about this subject. Most of you already get it why my behaviour about this kind of activities.
in the words of a famous Polish philosopher: "No matter which way you turn, your ass will always be behind you".
I think I'm going to buy his crack and post a link for everybody to download it for free!How low can one go…
how do you crack potheads feel about it? it would be really cool right?
how do you norbert feel about it? (you may answer when you got back from your punishment)
You can't sue me because oops! it's not your code!
Poor cracker is going to loose money, but he and you doesn't care if they destroy other people's jobs!
according to sources https://en.wikipedia.org/wiki/Charles_Bukowski (https://en.wikipedia.org/wiki/Charles_Bukowski) was born far west of Germany from both German parents and then they all migrated to America.
likely his grandfather was Pole from Danzig area, but calling Bukowski Pole is an abuse.
br/Piotr
I think I'm going to buy his crack and post a link for everybody to download it for free!How low can one go…
how do you crack potheads feel about it? it would be really cool right?
how do you norbert feel about it? (you may answer when you got back from your punishment)
You can't sue me because oops! it's not your code!
Poor cracker is going to loose money, but he and you doesn't care if they destroy other people's jobs!
Why didn’t we hear you when the Siglent crack came on EEVBLOG?
That is exactly the same, except no bug fixing nor extra features or improvements.
I think I'm going to buy his crack and post a link for everybody to download it for free!How low can one go…
how do you crack potheads feel about it? it would be really cool right?
how do you norbert feel about it? (you may answer when you got back from your punishment)
You can't sue me because oops! it's not your code!
Poor cracker is going to loose money, but he and you doesn't care if they destroy other people's jobs!
Why didn’t we hear you when the Siglent crack came on EEVBLOG?
That is exactly the same, except no bug fixing nor extra features or improvements.
First is not about siglent, rigol, etc, not brand related. If you're referring to the license keygen it's not exactly the same, no original file was used, cracked, modified, shared and sold. There's a flaw on copyright law that allows this. Make your own research. Besides, source code was written from scratch, the files generated are new ones, no cracking is made on the original files. In case of license code generation their inputed by legal means, meaning, using the proper function of the equipment. But if you sell licenses that's another story. There's not much legal stuff to avoid this and the costs of individual law suits won't worth. But this flaw is being discussed so..
But since people still don't realize the seriousness of this subject, I'm going to tell you this: a worldwide legal action is being prepared on government level to shutdown servers, websites, etc. wait and see. I don't care if you believe it or not, it's not my problem. The same way it happened in the beginning of 2025.
When governments realize their losing trillions they'll act.
Norbert is an intelligent, talented guy, I follow him for some time, (yes I know who he is) due to electrical stuff, but the way he act and exposed himself is dumb.
And from the moment Poland join EU they are subject to Europol actions.
This will be the last time I reply about this subject. Believe or think about it if you want, I don't really care. Have a nice day.
The Siglent script does the exact same thing, so either you consequently condemn the persons involved in the Siglent key crack, or you shut up.
stupidity
Dave already stated this forum doesn't have any problem with Norbert's activity.
Maybe he's bought one in the last few days, but he didn't even have an MHO9xx when initially releasing a hacked firmware.
it does seem to me that he is NOT writing any ARM code or HDLs for that matter but JUST disassembling to intermediate language (smali)
Please don't lock this thread Simon. Until it was completely derailed, some folks found it useful and held an interest in Norbert's work, both from the technical perspective and gaining from it directly. And I hold out some hope that Norbert may 'return' and continue to contribute to it.
May I suggest that you instead treat anyone who now disregards your warning to an extended period on the naughty step themselves?
If someone really wants to continue to debate/argue the ethics of hacking they can start their own thread and take it all there, away from the technical threads, which they are then welcome to leave if it causes them offense.
Dedicated thread. Norbert can go wild in there. If he spreads it elsewhere on the forum he'll get banned.
https://www.eevblog.com/forum/testgear/legalities-of-hacking-the-rigol-mho900-scope/ (https://www.eevblog.com/forum/testgear/legalities-of-hacking-the-rigol-mho900-scope/)
First, it's probably best to stay quiet for a while.Dedicated thread. Norbert can go wild in there. If he spreads it elsewhere on the forum he'll get banned.Im disgusted, not because of insults against me, but because of the moderation "quality" being here.
https://www.eevblog.com/forum/testgear/legalities-of-hacking-the-rigol-mho900-scope/ (https://www.eevblog.com/forum/testgear/legalities-of-hacking-the-rigol-mho900-scope/)
Do you use JADX for the apk's?
I don't mind standard libc programs on Android.
I haven't found a working link for the complete firmware, so I've only been going off the firmware update. It's obviously incomplete though, I took a peek at the main file in IDA and it's obvious that it's referring to code that already exists but not in the update.
Ha, so the AFG is actually capable of much higher frequencies than Rigol, by default, allows us to use?
Does it have the bandwidth to output that signal?
Does it heat up or burn any components?
I haven't found a working link for the complete firmware, so I've only been going off the firmware update. It's obviously incomplete though, I took a peek at the main file in IDA and it's obvious that it's referring to code that already exists but not in the update.
Sorry, I have no idea what are You referring to.
Does it heat up or burn any components?
Im not sure, but I think I said it already somewhere. According to the documentation, AFG has a sample rate 1 G Sa/s. So theoretically it should be able to give sine wave 500 MHz.
IMHO capacitive load hurts the feelings of the power rails designed by Rigol.
MTD is used instead of partition table.
Testdisk is much faster than binwalk - unless You want to play with bootloader or DT.
That "capacitive load" is the danger. Will you take responsibility if this "hack" destroys people's limited edition bling 'scopes?
When I said "referring to code that doesn't exist" this is what I was talking about. In the SparrowIII...bin file there's several entries in the vector table that reference memory addresses that are outside the range of the Sparrow binary. Originally I thought it was missing because I was looking at the binary from the update, but this screenshot is from the SDCard image you posted, so there is something else going on here.
When I said "referring to code that doesn't exist" this is what I was talking about. In the SparrowIII...bin file there's several entries in the vector table that reference memory addresses that are outside the range of the Sparrow binary. Originally I thought it was missing because I was looking at the binary from the update, but this screenshot is from the SDCard image you posted, so there is something else going on here.
probably Norbert can explain more and details but this scope.apk is build around glibc library libscope-auklet.so
where most of driver i/f functions and math is implemented. those addresses are likely direct calls to such.
br/Piotr
glibc library libscope-auklet.so
Maybe Rigol was designing a 100Mhz device, not a 500Mhz device.
That "capacitive load" is the danger.
At the very least you set yours to maximum voltage/500Mhz and pointed a thermal camera at it for an hour, right?
A cautionary tale:
https://youtu.be/4rADgFqFFH8?t=766 (https://youtu.be/4rADgFqFFH8?t=766)
A cautionary tale:
https://youtu.be/4rADgFqFFH8?t=766 (https://youtu.be/4rADgFqFFH8?t=766)
From this video I see a multimeter with frequency measurement, without AFG inside of it. From the Uni-T webpage and datasheet in pdf, it can measure frequency up to 220 MHz. But it had problems with less than half of that. Also I have no idea if there was proper termination on the both ends.
A cautionary tale:
https://youtu.be/4rADgFqFFH8?t=766 (https://youtu.be/4rADgFqFFH8?t=766)
From this video I see a multimeter with frequency measurement, without AFG inside of it. From the Uni-T webpage and datasheet in pdf, it can measure frequency up to 220 MHz. But it had problems with less than half of that. Also I have no idea if there was proper termination on the both ends.
And I see somebody who doesn't understand capacitance and missed the part where actually putting 200MHz into it made the meter melt.
Short version: learn about frequency derating before posting again.
Again, this is bad design.
Again, this is bad design.
Rigol sells a 100MHz signal generator, not a 500MHz signal generator.
| Option | Description | |
| BND | CAN-FD serial bus decoding analysis option Flexray bus trigger and decoding analysis option Audio serial bus 12S trigger and decoding analysis option MIL-STD-1553 bus trigger and decoding analysis option Built-in dual-channel 100MHz function generator(and Bode) option | |
| EMBD | Embedded serial bus trigger and analysis | |
| COMP | Computer serial trigger and analysis (RS232/UART) | |
| AUTO | Auto serial bus trigger and analysis | |
| AUTOA | CAN-FD serial bus decoding analysis option | |
| FlexA | Flexray bus trigger and decoding analysis option | |
| AUDIOA | Audio serial bus 12S trigger and decoding analysis option | |
| AEROA | MIL-STD-1553 bus trigger and decoding analysis option | |
| RLU05 | 500Mpts storage depth option | |
| AFG50 | Built-in dual-channel 50MHz function generator(and Bode) option | |
| AFG100 | Built-in dual-channel 100MHz function generator(and Bode) option | |
| BWU03T05 | 350MHz to 500MHz bandwidth upgrade option | |
| BWU03T08 | 350MHz to 800MHz bandwidth upgrade option | |
| BWU05T08 | 500MHz to 800MHz bandwidth upgrade option |
Hi, I'd love to activate all options
Hi, I'd love to activate all options
Right now all options are hacked and some features are added to the scope firmware. It's here (https://buymeacoffee.com/norbert.kiszka/e/479030).
rkXXXX_rigol:/ $ su - rootrkXXXX_rigol:/ # ps | grep rigol
root 675 1 3104 504 0 0000000000 S /rigol/tools/tcpsvd
root 689 1 816 4 0 0000000000 S /rigol/tools/pmapService
system 1160 235 1758572 116404 0 0000000000 S com.rigol.launcher
system 1213 235 3816544 302636 0 0000000000 S com.rigol.scope
system 1283 235 1601540 101012 0 0000000000 S com.rigol.launcher:Watchdog
system 1297 235 1621496 85728 0 0000000000 S com.rigol.webcontrolrkXXXX_rigol:/ # cat /proc/1213/maps | grep "libc_malloc"
7ee2200000-7ee2400000 rw-p 00000000 00:00 0 [anon:libc_malloc]
7efac00000-7efae00000 rw-p 00000000 00:00 0 [anon:libc_malloc]
7efba00000-7efbc00000 rw-p 00000000 00:00 0 [anon:libc_malloc]
7f04200000-7f04600000 rw-p 00000000 00:00 0 [anon:libc_malloc]
7f1e400000-7f1e600000 rw-p 00000000 00:00 0 [anon:libc_malloc]
7f1ea00000-7f1ec00000 rw-p 00000000 00:00 0 [anon:libc_malloc]
7f1ee00000-7f1f000000 rw-p 00000000 00:00 0 [anon:libc_malloc]
7f1f200000-7f24600000 rw-p 00000000 00:00 0 [anon:libc_malloc]
7f24800000-7f4a800000 rw-p 00000000 00:00 0 [anon:libc_malloc]
7f4be00000-7f4c000000 rw-p 00000000 00:00 0 [anon:libc_malloc]
7f4ce00000-7f4d000000 rw-p 00000000 00:00 0 [anon:libc_malloc]
7f4de00000-7f4e000000 rw-p 00000000 00:00 0 [anon:libc_malloc]
7f4e200000-7f50200000 rw-p 00000000 00:00 0 [anon:libc_malloc]
7f50400000-7f57800000 rw-p 00000000 00:00 0 [anon:libc_malloc]
7f58800000-7f59a00000 rw-p 00000000 00:00 0 [anon:libc_malloc]
7f62c00000-7f63000000 rw-p 00000000 00:00 0 [anon:libc_malloc]
7f64400000-7f64600000 rw-p 00000000 00:00 0 [anon:libc_malloc]
7f65400000-7f65800000 rw-p 00000000 00:00 0 [anon:libc_malloc]
7f69800000-7f69a00000 rw-p 00000000 00:00 0 [anon:libc_malloc]
7f7c600000-7f7c800000 rw-p 00000000 00:00 0 [anon:libc_malloc]
7f84c00000-7f84e00000 rw-p 00000000 00:00 0 [anon:libc_malloc]
7f85c00000-7f86000000 rw-p 00000000 00:00 0 [anon:libc_malloc]
7f7c600000-7f7c800000 rw-p 00000000 00:00 0 [anon:libc_malloc]rkXXXX_rigol:/ # cd /data/UserData
rkXXXX_rigol:/data/UserData # dd if=/proc/1213/mem bs=4096 skip=$((0x7f7c600)) count=512 of=./memory.dmp
512+0 records in
512+0 records out
2097152 bytes transferred in 0.018 secs (116508444 bytes/sec)rkXXXX_rigol:/data/UserData # ls -l
total 4096
-rw------- 1 root root 2097152 2025-12-01 16:51 memory.dmprkXXXX_rigol:/data/UserData # rm memory.dmp00000000 16 f9 39 41 6d 9d 16 8e e7 a9 73 61 fd c2 fd f7 |..9Am.....sa....|
00000010 e3 cd 39 ee c0 1e 64 35 c4 92 35 46 cd 15 24 af |..9...d5..5F..$.|
00000020 ea 46 42 4c 4d fd fd 20 7c d3 3c 13 cf ec 6f 0a |.FBLM.. |.<...o.|
00000030 cc 61 1a d3 8b 9b 34 ef f2 08 99 89 fd 86 7f c8 |.a....4.........|
00000040 cc 41 ce 34 53 f2 f8 0c c1 44 f1 cd f7 6c e3 fc |.A.4S....D...l..|
00000050 4a 90 c7 c3 bd 6f 25 dd e7 81 aa df df df fd 70 |J....o%........p|
00000060 57 b3 f3 33 63 26 56 00 e9 1d 02 e6 fd 60 d3 43 |W..3c&V......`.C|
00000070 35 43 c5 34 56 88 9e a0 0c e2 ec cc d9 85 fd 0c |5C.4V...........|
00000080 dd fb a8 f1 f1 bd cc 5b bc bd f0 67 3c 6f 08 1d |.......[...g<o..|
00000090 ad f4 45 54 |..ET|
00000000 00 00 00 00 00 00 00 00 00 00 00 16 f9 39 41 6d |.............9Am|
00000010 9d 16 8e e7 a9 73 61 fd c2 fd f7 e3 cd 39 ee c0 |.....sa......9..|
00000020 1e 64 35 c4 92 35 46 cd 15 24 af ea 46 42 4c 4d |.d5..5F..$..FBLM|
00000030 fd fd 20 7c d3 3c 13 cf ec 6f 0a cc 61 1a d3 8b |.. |.<...o..a...|
00000040 9b 34 ef f2 08 99 89 fd 86 7f c8 cc 41 ce 34 53 |.4..........A.4S|
00000050 f2 f8 0c c1 44 f1 cd f7 6c e3 fc 4a 90 c7 c3 bd |....D...l..J....|
00000060 6f 25 dd e7 81 aa df df df fd 70 57 b3 f3 33 63 |o%........pW..3c|
00000070 26 56 00 e9 1d 02 e6 fd 60 d3 43 35 43 c5 34 56 |&V......`.C5C.4V|
00000080 88 9e a0 0c e2 ec cc d9 85 fd 0c dd fb a8 f1 f1 |................|
00000090 bd cc 5b bc bd f0 67 3c 6f 08 1d ad f4 45 54 00 |..[...g<o....ET.|
000000a0 00 00 00 00 00 00 00 00 00 00 00 22 41 44 43 31 |..........."ADC1|
000000b0 5f 41 4d 42 49 45 4e 54 5f 54 45 4d 50 00 00 00 |_AMBIENT_TEMP...|
000000c0 00 00 00 90 43 43 24 56 57 8d fa 78 d7 8d f8 9f |....CC$VW..x....|
000000d0 78 9f f5 00 00 00 00 00 00 00 00 00 00 00 00 00 |x...............|
000000e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000110 00 00 00 00 00 00 00 00 00 00 00 68 99 00 da ff |...........h....|
00000120 d8 78 9d 00 00 00 00 00 00 00 00 00 00 00 00 00 |.x..............|
00000130 56 df 67 00 00 00 00 00 00 df 76 56 58 76 99 41 |V.g.......vVXv.A|
00000140 00 00 00 03 00 00 00 00 00 00 00 1c 41 44 43 31 |............ADC1|
00000150 5f 43 48 49 50 5f 54 45 4d 50 00 00 00 00 00 00 |_CHIP_TEMP......|
00000160 00 00 00 42 35 36 37 32 33 45 35 34 46 35 37 41 |...B56723E54F57A|
00000170 42 35 45 00 00 00 00 00 00 00 00 00 00 00 00 00 |B5E.............|
00000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001b0 00 00 00 00 00 00 00 00 00 00 00 37 38 39 34 35 |...........78945|
000001c0 37 41 31 00 00 00 00 00 00 00 00 00 00 00 00 00 |7A1.............|
000001d0 c0 57 40 00 00 00 00 00 00 f0 bf 01 44 00 00 07 |.W[member=242705].....[/member]....D...|
000001e0 00 00 00 02 00 00 00 00 00 00 00 20 43 48 34 5f |........... CH4_|
000001f0 41 4d 42 49 45 4e 54 5f 54 45 4d 50 00 00 00 00 |AMBIENT_TEMP....|
00000200 00 00 00 41 36 37 38 41 44 46 45 39 35 33 34 33 |...A678ADFE95343|
00000210 35 39 41 00 00 00 00 00 00 00 00 00 00 00 00 00 |59A.............|
00000220 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000250 00 00 00 00 00 00 00 00 00 00 00 34 35 36 41 46 |...........456AF|
00000260 36 38 45 00 00 00 00 00 00 00 00 00 00 00 00 00 |68E.............|
00000270 34 67 80 00 00 00 00 00 00 45 78 84 2a 00 00 aa |4g.......Ex.*...|
00000280 00 00 00 0d ad ff df 00 00 00 00 30 34 36 38 37 |...........04687|
00000290 41 45 44 30 34 33 37 36 37 38 43 45 35 37 41 46 |AED0437678CE57AF|
000002a0 36 31 32 44 44 33 35 37 36 46 41 37 39 35 44 37 |612DD3576FA795D7|
000002b0 43 30 43 32 33 33 43 42 43 35 34 37 38 37 38 39 |C0C233CBC5478789|
000002c0 41 37 36 39 31 41 39 30 32 35 36 32 42 39 39 42 |A7691A902562B99B|
000002d0 45 42 37 36 38 39 34 41 37 38 37 30 30 35 31 43 |EB76894A7870051C|
000002e0 36 37 38 38 45 36 39 31 36 33 32 38 42 34 43 38 |6788E6916328B4C8|
000002f0 31 34 35 33 35 36 31 32 37 38 31 32 31 36 36 44 |145356127812166D|
00000300 31 43 43 42 36 33 35 35 39 45 46 46 41 00 00 44 |1CCB63559EFFA..D|
00000310 31 43 43 42 36 33 35 35 39 45 46 46 41 00 00 00 |1CCB63559EFFA...|
00000320 00 00 00 00 00 00 00 00 00 00 00 1a 43 48 34 5f |............CH4_|
00000330 43 48 49 50 5f 54 45 4d 50 00 00 00 00 00 00 00 |CHIP_TEMP.......|
00000340 00 00 00 33 35 36 41 44 35 37 41 45 33 36 37 36 |...356AD57AE3676|
00000350 36 43 43 00 00 00 00 00 00 00 00 00 00 |6CC..........|
04687AED0437678CE57AF612DD3576FA795D7C0C233CBC5478789A7691A902562B99BEB76894A7870051C6788E6916328B4C8145356127812166D1CCB63559EFFAbrainpoolP256r1;04687AED0437678CE57AF612DD3576FA795D7C0C233CBC5478789A7691A902562B99BEB76894A7870051C6788E6916328B4C8145356127812166D1CCB63559EFFA163 func LoadKeys() ([]uint8, error, []uint8) {
164 data, err := ioutil.ReadFile(Expand(keyFile))
165 if nil != err {
166 return nil, err, nil
167 }
168 dd := decodeDefaultXXTEA(data)
169 i := bytes.Index(dd, []uint8(";"))
170 if -1 == i {
171 return nil, errors.New("key format error"), nil
172 }
173 return dd[i+1:], nil, dd
174 }
163 func LoadKeys() ([]uint8, error, []uint8) {
164 data, err := ioutil.ReadFile(Expand(keyFile))
165 if nil != err {
166 return nil, err, nil
167 }
168 dd := decodeDefaultXXTEA(data)
169 dd = []byte ("brainpoolP256r1;04687AED0437678CE57AF612DD3576FA795D7C0C233CBC5478789A7691A902562B99BEB76894A7870051C6788E6916328B4C8145356127812166D1CCB63559EFFA")
170 i := bytes.Index(dd, []uint8(";"))
171 if -1 == i {
172 return nil, errors.New("key format error"), nil
173 }
174 return dd[i+1:], nil, dd
175 }
# go run ./rgtoolMod.go Key.data MHO9 :SYST:OPT:INST BND EMBD COMP AUTO AUTOA FlexA AUDIOA AEROA RLU05 AFG50 AFG100 BWU03T05 BWU03T08 BWU05T08
keyFile: Key.data
deviceId: MHO9
SCPI format: ':SYST:OPT:INST'
options: [BND EMBD COMP AUTO AUTOA FlexA AUDIOA AEROA RLU05 AFG50 AFG100 BWU03T05 BWU03T08 BWU05T08]
Key: brainpoolP256r1;04687AED0437678CE57AF612DD3576FA795D7C0C233CBC5478789A7691A902562B99BEB76894A7870051C6788E6916328B4C8145356127812166D1CCB63559EFFA
Generating unlock SCPI commands for the MHO900 series scope:
:SYST:OPT:INST MHO900-BND@34889ad79cb89ae70997912344acb5686c654675744252cf82e4ecd43e30b7cba78d980daf843570d878b77cb320fa1a
:SYST:OPT:INST MHO900-EMBD@86545315253a910cc3434566758aa68c663477da0f1ece98c37705978d8747dea78d980daf843570d878b77cb320fa1a
:SYST:OPT:INST MHO900-COMP@a66787500e54329d356f99c53aac579899deb7d4ed506a5c9cf427ce6cba5aa9a78d980daf843570d878b77cb320fa1a
:SYST:OPT:INST MHO900-AUTO@12885349aff89055600dc04dd9a805d6d86048a94ebf09d53843177a99bcec6aa78d980daf843570d878b77cb320fa1a
:SYST:OPT:INST MHO900-AUTOA@3348780acc356ff5768dc04dd9a805d68a56f1500834b1cb157cb677f5cb422ea78d980daf843570d878b77cb320fa1a
:SYST:OPT:INST MHO900-FlexA@44678a78997e878ff7709cccd1314ecab90b3b059ccaa572794dbcbdb6def9aba78d980daf843570d878b77cb320fa1a
:SYST:OPT:INST MHO900-AUDIOA@13a897c8755f88900caac00f995e40fda49b99c176d7ff8e112b02494dbc9587a78d980daf843570d878b77cb320fa1a
:SYST:OPT:INST MHO900-AEROA@f6897345a7988cc8787f977e7585210c8a56f1500834b1cb157cb677f5cb422ea78d980daf843570d878b77cb320fa1a
:SYST:OPT:INST MHO900-RLU05@e76590a08c70b80b8888e5d89194b88ab3186bc261a888a87ec774c82bf1d4eba78d980daf843570d878b77cb320fa1a
:SYST:OPT:INST MHO900-AFG50@b989684311467a97f9077b69886d622a93e2cae7fe5c271ad9e7a23cee986a74a78d980daf843570d878b77cb320fa1a
:SYST:OPT:INST MHO900-AFG100@5972afc799dd987e00f7007f05f4222a6c6342dcb384cd4e2bd3caf775af8d71a78d980daf843570d878b77cb320fa1a
:SYST:OPT:INST MHO900-BWU03T05@89cb234ff124eb4566ef7888d8887fabd2b602a87903da4b0a5fb2c1981fe02ca78d980daf843570d878b77cb320fa1a
:SYST:OPT:INST MHO900-BWU03T08@28feb79add88070301ad3545696643ab4f7587b603350f808cd89291d5de6a58a78d980daf843570d878b77cb320fa1a
:SYST:OPT:INST MHO900-BWU05T08@a869d080b8e04655aa879fe567cb78ab5bc24e5a8f5cbdc1c4196c85ad318fc9a78d980daf843570d878b77cb320fa1a
Generated option commands saved to the file: 'SCPI_commands_generated.txt'
func LoadKeys() ([]uint8, error, []uint8) {
data, err := ioutil.ReadFile(Expand(keyFile))
if nil != err {
return nil, err, nil
}
dd := decodeDefaultXXTEA(data)
dd = []byte ("brainpoolP256r1;04687AED0437678CE57AF612DD3576FA795D7C0C233CBC5478789A7691A902562B99BEB76894A7870051C6788E6916328B4C8145356127812166D1CCB63559EFFA")
i := bytes.Index(dd, []uint8(";"))
if -1 == i {
return nil, errors.New("key format error"), nil
}
return dd[i+1:], nil, dd
}
Also, I noticed that 3 options - EMB, COMP and AUTO are not officially offered, but can be found in firmware, :-//IMHO, these are always included by default.
Also, I noticed that 3 options - EMB, COMP and AUTO are not officially offered, but can be found in firmware, :-//IMHO, these are always included by default.
From what I can tell, "AUTO" is CAN (non FD) and LIN, "EMB" is SPI and I2C and "COMP" is UART.
If you made it this far, you are brave or ..., yeah let's go with brave. :-+
Im not sure, but I think I said it already somewhere. According to the documentation, AFG has a sample rate 1 G Sa/s. So theoretically it should be able to give sine wave 500 MHz.
Low pass filters, even in theory, will not cut out everything. Unless we start speak about extremely high frequency like 100 THz or more.
Upper limit is only a limit - If You don't need to use it, then don't use it.
One person reported on his scope that anything above 100 MHz is unstable and with square wave above 25 MHz it's the same.
haha, yeah anything above 100MHz is really weird looking and unusable.Not really a total surprise though.
Well... I just tried 100MHz, 110MHz and 150MHz sine wave on my new hacked MHO954 and... haha, yeah anything above 100MHz is really weird looking and unusable.
I used a straight bnc-bnc coax cable from G1 output to ch1 input, and configured ch1 with 50 ohm impedance.
Below are a few screenshots I saved.
If you have something specific to also try out, let me know. Thanks.
Well... I just tried 100MHz, 110MHz and 150MHz sine wave on my new hacked MHO954 and... haha, yeah anything above 100MHz is really weird looking and unusable.
I used a straight bnc-bnc coax cable from G1 output to ch1 input, and configured ch1 with 50 ohm impedance.
Below are a few screenshots I saved.
If you have something specific to also try out, let me know. Thanks.
Just asking as I don't see in on the thread, has anyone done a real bandwidth measurement on an upgraded MHO900 scope?
can an MHO934, MHO954, MHO980 all hit 1GHz?
norbert.kiszka thanks for the hack for the scope! Just installed it on my MHO934. Just one thing, please add a mention in the instructions that a LAN (wired) connection is required for the install script :-DD . It is my first Android-based scope, so I connected in via WAN (Rigol is so lovely to include the dongle with the scope) and started the installation... Only after the first reboot did I understand my mistake, quickly made a wired connection, and updated the DHCP settings to match the IP address :D - great that you added so many retry attempts to the script.
Yeah, wired LAN is a must. I just installed this last week on my MHO98. I never heard back from Rigol about license keys. After about two weeks from delivery I decided to call. No way to get through to anybody, so I gave up and spent the extra few bucks for the upgrade/unlock forever. Absurd level of support from the company that made it. Can't get em to respond to my ticket, no emails to spam (or my inbox for that matter). Just ignored. This is probably my first and last Rigol product.I received my MHO98 on Dec 3 and requested the license key right away via the google form. The response came yesterday, Dec 8 with subject "MHO98 Bundle CDKEY".
The form on the rigol europe website worked immediately for me. Maybe worth a try even if your unit is a NA one?
Be very interested in AFE BW boost (and the intermediate filters, I wish they gave more options than 20 and 250) - obviously >1GHz is only really applicable for a single channel but nice to have the option!
Question: Self-Cal
It seems, that in mod 0.1.2 the self cal has options too choose from, which do not exist in the stock self-cal.
- At least 4 options are not checked after installing - does that mean, that is what the stock self-cal does?
- when checking ALL options, self-cal fails after <1min (4%). Is that expected? Do some self-cal items require external connections, i.e. some (BNC) cables?
Wishlist:
1. Customize Shortcuts (top right): Ability to remove certain buttons
1b. if 1) not possible, would you mind [adding an option] to remove all shortcuts, that are directly accessible via hardware buttons?
(i.e. run/stop, Measure, navigate, ...)
2. Pressing the Default button: load `DEFAULT.stp` instead of the rigol hard coded default settings?
(Allows to customize own defaults)
2b. if 2) is not feasible: Can we change hard coded default, so all channels are configured for 10x?
They are lost on reboot (or poweroff) as well as after loading the "Default".
Is it useful to file a bug with rigol on this?
I will check this later. For ~90% it's a Rigol bug, since I didn't made any change in saving settings. Beside of the optimizations in a way like compiler should do it when -O flags are used (which is never the case in Rigol firmware...).Again, might be just my experience, but I tend to disagree. I reported a bug in early October (LA threshold set and LA threshold used off by a factor of two), received some additional questions about this and finally a test firmware on last Friday. I just tested this today and the issue is fixed now. It will certainly not always be like this, but in my specific case, I have nothing to complain about.Is it useful to file a bug with rigol on this?
You can wait years for bugfix in Rigol.
Again, might be just my experience, but I tend to disagree. I reported a bug in early October (LA threshold set and LA threshold used off by a factor of two), received some additional questions about this and finally a test firmware on last Friday. I just tested this today and the issue is fixed now. It will certainly not always be like this, but in my specific case, I have nothing to complain about.
There are obviously people working for Rigol who are capable and willing to fix existing issues. Well, at least regarding blatant bugs which are easy to reproduce...
Sweet, this worked out great on my MHO954, excellent.
Incidentally, when you pull the memory dump, its much faster to do an ASCII search for the string "CH4_CHIP_TEMP", that string appears right after the key.
Again, this is bad design.
Rigol sells a 100MHz signal generator, not a 500MHz signal generator.
Really? I didn't know that before. Thanks to letting me know.
In that case, explain why this is AFG and original software allows to make 500 MHz with custom samples?
What is the point of choosing such fast and expensive DAC and using it's (presumably) full sample rate, when other parts can't keep up with it?
That is why there is somethic called specifications which you should follow, you cannot make everything idiot proof. :palm:
Quote from: norbert.kiszkaWhat is the point of choosing such fast and expensive DAC and using it's (presumably) full sample rate, when other parts can't keep up with it?
It is called oversampling and increase signal fidelity, but other reason could be that they just used what met minimal specs and some of them are surplus or simply what they got available.
I guess you are software guy (reverse engineering, making mods), but not very good in analog domain.
Not everything that can be "unlocked" in software is backed up by proper hardware, chaning software won't magicaly improve components used in the scope, there are limits in software for a reason.
You totally ignored my point about oversampling, Nyquist theorem only said that MINIMUM requirments for recreating signal of limitted bandwith you need to sample as twice the speed of the highest componnet in the signal, but there is more about signal than just recreating approximate of it, oversampling increase dynamic range and SNR, but you need to first read about it before based on your limitted knowledge.
In case of your audio example, guess why sound cards allow you to change sampling rate to 96k, not because they could produce sound above 20kHz.
As for increasing bandwidth in the scope you can tune it in some way to have better pulse response, but did you maintain flatness in the whole range?
What's the reference of this DAC?
Then I guess the DAC is operated with 4x interpolation, 1 GSa/s output sample rate and 250 MSa/s input sample rate. According to the datasheet, the filters are halfband filters with a stopband corner of 0.6x input sample rate which implies a max. reproducible frequency of 0.4x input sample or 100 MHz. In this case it is to be expected that the attenuation of images already begins to suffer noticeably at 110 or 120 MHz.
I'm surprised that they spent a quite expensive DAC.
It goes bad at 101 MHz. So IMHO sample rate is more like 200 MSa/s.
In case of DHO800/900, it also has low pass filters (LC after the DAC) and officially it can output up to 25 MHz with 156.25 MSa/s. Without changing sample rate, it works properly up to 50 MHz (even higher with higher THD) with reduced amplitude because of filters. After changing PLL clock from 1.25 GHZ to 2 GHz, sample rate goes up to 250 MSa/s and 80 MHz instead of 50 MHz.
With such DAC chip, Rigol definitely did something wrong - either very bad design of AWG board or sample rate is 200 MSa/s.
Then I guess the DAC is operated with 4x interpolation, 1 GSa/s output sample rate and 250 MSa/s input sample rate.As a side note: I recently used the AWG to create a 975kHz square wave signal and was a bit puzzled that it jittered considerably between ~972kHz and ~976kHz.
MHO900s have one of those? That by itself is a ~$100 chip :o
Hi. I saw that Rigol released a new firmware for the MHO900 (v00.01.00.00.25)
Is it possible to have the hack along with the new version by replacing the firmware files in the "files_v0.1.2\firmware_00_01_00_00_24_mod_v0.1.2" folder and using the posix script intallation or should we wait for the next release of the hack?
Thanks a lot for your work!
MHO900s have one of those? That by itself is a ~$100 chip :o
Obviously that's not the price they get and using the same chip for all their scopes further lowers costs.
As talked about earlier, the "entry-level" scopes are crippled on purpose in order not to compete with their higher-end scopes - or for that matter, with their standalone AWGs as well.
Now, even if the DAC itself could be used at higher sample rates, the scope may not have the resources otherwise to leverage that (fast enough DDS and appropriate output stage).
Would it be possible that Rigol got an underperforming batch of DAC chips for cheap ?
Hi. I saw that Rigol released a new firmware for the MHO900 (v00.01.00.00.25)
Is it possible to have the hack along with the new version by replacing the firmware files in the "files_v0.1.2\firmware_00_01_00_00_24_mod_v0.1.2" folder and using the posix script intallation or should we wait for the next release of the hack?
Thanks a lot for your work!
Hi. I noticed their release, which was a surprise (updates are extremely rare). I have already downloaded it to make a review. After comparing changes I will need to decide either to merge changes or to make everything almost from scratch.
As for now, Im maintaining three mods and my current work is with DHO800/900, which already took much longer than I expected. It's based on the same code (also similar hardware) and good thing is I can do same fixes and improvements for other two series.
Making mentioned review and merging changes or making it almost from scratch will take at least one-two weeks.
Before that, I have plan to release quick update with changed AFE bandwidth binary flags, based on my findings from a reverse engineering - mainly this will allow to have more than 1 GHz bandwidth (around 1.4 GHz - 1.5 GHz).
Hello dka
Many thanks for the python script.
Another happy upgrade of the MHO934 to the 800MHz version, with the 100MHz generator and the rest of the functions.
Regards
He needs BWU03T08 instead of BWU03T05.
You need to add another variable to this line (see picture) of code (increases the bandwidth to 500MHz -> BWU03T05):Technically, there is no need to modify script, one can supply list of options on the command line via mho9x4_auto_enhance.py --options FOO BAR to activate options FOO and BAR.
Here is the full list of options mentioned earlier by someone on this forum:I believe BND, EMBD, COM AUTO are not valid license options in the case of MHO9xx-series.
BND, EMBD, COM, AUTO, AUTOA, FlexA, AUDIOA, AEROA, RLU05, AFG50, AFG100, BWU03T05, BWU03T08, BWU05T08
However, there seem to be new options in the trigger menu. If you haven't enabled it yet, compare the trigger window with the one I've attached in the photo.
Don't need the unlocks with the MHO98, but thanks dka for contributing the python code.