HACKING THE RIGOL MSO5000 - Dr Mefisto's Fully Automatic License ActivatorBACKGROUND : This post exists because of the main rigol MSO5000 Post and specifically because of the python scripting method reverse engineered by Dr Mefisto (This is the VERSION 2 of the script)
https://www.eevblog.com/forum/testgear/hacking-the-rigol-mso5000-series-oscilloscopes/2671/Also because SMAS laid out their path to activation in a very easy to understand way.
https://www.eevblog.com/forum/testgear/hacking-the-rigol-mso5000-series-oscilloscopes/2840/But also because a few members have stated that there should be one simple place to come to instead of having to dig though almost 60 pages of discussion and then it's a matter of finding the files.
The unavoidable fact of these posts is that they will be long and will have many pages.
THE PROBLEM SUMMARIZED :- As always it starts with us wanting to unlock all the features of the MSO5000 (or whatever scope it is at the time)
- as the method progressed it was quickly realized that rigol (Unlike the DS2000A) were not using "Symmetrical Encryption" but instead "Asymmetrical Encryption" which meant that since we didn't have Rigol's encryption key, we were not able to approach the solution in the same way. At this stage the "PATCH METHOD" was put into place. And it worked, but it had 1 problem... It would not survive a firmware upgrade. So in the future when the next upgrade came out and you installed it you would lose all your unlocked options.
Same thing if you downgraded. But don't get me wrong... If you stayed on the same version you were totally fine and everything worked.
- Then in Post #2671 Dr Mefisto had a eureka moment and worked out a python script that would CORRECTLY LICENSE THE SCOPE. (Actually the original script was in an earlier post and Post 2671 is the version 2 / aka The Automated Script.
- However a lot of people found this challenging and difficult to perform. it became the case that faced with "Patch Method" vs "Python Licensing Method" it was seen much easier to do the former.
WE NOW HAVE A FULLY WORKING SOLUTION...FIRST LET ME THROW SOME FEARS OUT OF THE WAYIt has become obvious also that even though everyone should upgrade to this method as it means.... when further upgrades come out you will have nothing to worry about and you'll just download the official upgrade from the Rigol website (No further hack or patching required). But even though everyone SHOULD, They are not doing it.
Why not ?
- one reason may be you're afraid of change and what may happen, because if it's working now with the patch why change ?
Answer : Because you'll have to anyway
- You've heard rumours of the scope being bricked
- You've heard people having problems with it
- You've heard that the script can damage your scope
LET ME PUT ALL THAT TO REST- My scope started on V 1.3.0.3 )00.01.03.00.03) , i used the patch method and went up to 1.3.3.0 (Latest Version). All Options Unlocked
I then Downgraded to 1.3.2.2 (During the downgrade all options are lost). I then used Dr Mefisto's script to license the scope and All Options were unlocked successfully.
I then upgraded to version 1.3.3.0 ALL OPTIONS SURVIVED, I then downgraded just to push my luck , to 1.3.0.3 ALL OPTIONS SURVIVED, i even went as low as 1.1.4.4 ALL OPTIONS SURVIVED.
So Upgrading and downgrading is not a problem , But there's a catch, You can't downgrade via the operating system you have to do it in the Pre Boot Menu
- A Note on the Pre Boot Menu. There are 2 Options "Firmware Upgrade", "Restore Defaults" . FIRMWARE UPGRADE both upgrades and downgrades your scope in a Pre O/S Environment.
However RESTORE DEFAULTS Just restores your defaults,
IT DOES NOT Lower you to a lower version of firmware
IT DOES NOT take your scope back to it's original version (After you upgraded)
All it does is.. if you changed the settings in your scope, it restores them to stock settings. This step is NOT necessary in order to upgrading, Nor does it avoid you bricking your scope if you don't do it.
it is a good step to do, but let there be no illusion, it's not a necessary step.
- I have , at the time of writing this post upgraded and downgraded my scope over 30 times just to see if i could brick it and around 3 of those times i used restore defaults, the rest i didn't. Nothing happened. I have gone between the patch and back to the script method over and over. THIS METHOD IS A VERY RELIABLE METHOD
- A WORD ON BRICKING YOUR SCOPE1. You're probably not going to
2. IF YOU LOSE POWER during the FRAM copy process YES.. YOU'LL BRICK YOUR SCOPE
3. IF YOUR LOSE ETHERNET CONNECTION during the FRAM copy process... YES, YOU'LL BRICK YOUR SCOPE
Because the data stream cannot be interrupted until it gets to 100% (this only applies to the .. maybe 2mins that the FRAM is actually being written to)
If this method doesn't work for you you can always revert back to the Patch Method if you wish.
- I have observed that most of the problems arise either from fear or lack of knowledge how to do this method so......
HERE IS WHAT YOU NEED TO DO (This post has been put up so that if you can get through it you won't need to watch the video) but i have included a video that will take you through it step by step.
and you can also ask me for help and i'll be happy to help you
STEP 1.
DOWNLOAD THE FOLLOWING Rufus
https://rufus.ie/en/Python
https://www.python.org/downloads/THEN. GO TO MY MEGA CLOUD SERVER
https://mega.nz/folder/A8cEgQRI#5FSoMrCurJi71T7VkRPgYQHere you will find a few things that you'll need
1. Scope Firmware Version 1.3.2.2
2. Scope Firmware Version 1.3.3.0
3. Rigol_kg2.py (Dr Mefisto's Script Version 2)
4. STEP BY STEP INSTRUCTIONAL PDF FILE (MSO5000 DrMefisto Licensing Method) (Also Attached)
OPTIONAL
- Downgrading to 1.3.2.2 Video (this video shows you how to get into the Pre Boot Menu)
- FULL TUTORIAL VIDEO (Name not established yet and video is still to come, I'll keep you updated)
THE ACTUAL UPGRADE PROCESSI'm going to give you 3 options
OPTION 1 - I will BRIEFLY detail the steps in this post , You can take a crack at it if you feel competent, However i personally feel if you are competent enough you wouldn't be here in the first place.
OPTION 2 - There will be a DETAILED pdf of the steps at my MEGA cloud location , Download the pdf and follow that
OPTION 3 - You can download the full tutorial video and watch it step by step, it's not short, but it will explain everything.
NOW...
HERE ARE THE BRIEFLY OUTLINED STEPS that you'll have to do
(THESE STEPS ASSUME THAT YOU HAVE A DECENT DEGREE OF NETWORKING EXPERIENCE AND BASIC PROGRAMMING EXPERIENCE - Python is preferred but not necessary, But you MUST have had some experience actually programming from scratch, not just uploading sketches into arduino for example. you must be familiar with C.L.I. if you don't know what C.L.I. is then don't do this method. you must be familiar with flashing EEPROM Basics.)
Now, i'm not saying Dr Mefisto's method is hard, i'm just saying, if you want to take the quick road and just read this post and jump in the deep end, IT DOES REQUIRE TECHNICAL KNOWLEDGE.
The other option is the PDF walkthrough or the video. But the method is easy, it's just very particular.
so...
- Get a USB Stick (up to 16GB)
- Download Rufus and format the USB stick to FAT32 File System (or... You can just use windows format if you like, but SOMETIMES this causes problems) Rufus is more reliable.
- Establish which firmware version your scope is on.
- To do this upgrade you will need to start on Version 1.3.2.2You will however be required to download both 1.3.2.2 and 1.3.3.0 for the entire process to be successful.
(NOTE : I AM ASSUMING A WINDOWS 10 PRO ENVIRONMENT - If you have Linux of Mac Make the appropriate Adjustments , Although i will say a few things later regarding Linux that you need to be aware of.)
- if you are on 1.3.3.0 and patched ,
Put the 1.3.2.2 software version on your USB stick (First use Step 1 and do your backups) , Then Use the STEP 2 GEL file and put it on your USB stick.
- if you are on 1.3.2.2 with no options installed (You're fine), You just need to download the 1.3.3.0 firmware, Use Step 1, Do your backups , Then use STEP 2 GEL file and put it on USB Stick (Min. 2GB)
- Now you need to turn off your scope, Insert the USB stick into the scope, and
Enter the PRE Boot menu and do the firmware ugprade (You can feel free to select RESTORE DEFAULTS if you want, it doesn't hurt anything )
- After that , Regardless of what version you started on, you will now be on Ver. 1.3.2.2
- Now download the rigol_kg2.py script- Open your command shell YOU HAVE THE CHOICE TO USE WINDOWS cmd.exe OR WINDOWS POWERSHELL (Powershell is recommended), it has had a higher success rate.
Start in Powershell though if not sure.
- now whatever directory your command prompt or Powershell is starting in,
Copy your script to that location .- NOW SET UP YOUR NETWORKYou need a router (Internet is not required) (But the downloaded files are)
You need a PC
The PC needs to be connected to a LAN Port in the back of your router
You need an MSO5000
the MSO5000 needs to be connected to a LAN Port in the back of your router
(This is a basic Star Toplogy Configuration)
MAKE SURE THE POWER IS RELIABLE
MAKE SURE THE ETHERNET CABLES ARE PLUGGED IN PROPERLY
Make sure you don't have a lightning storm going on or power outtages
Make sure you don't have shit power boards and that everything is securely plugged in and can't fall out
(YOU'VE BEEN WARNED... IF YOU BRICK YOUR SCOPE IT'S BECAUSE YOU IGNORED THIS)
Now that everything is connected
- Download Python_ Install Python (this is the part where ... if you're not sure... Read the PDF or watch the video)
If you install python and run it and you can't connect to the scope (Uninstall Python and do not proceed with this method, but instead do the PDF or Video method). i'm assuming here you know
how to install python correctly and run it and have basic programming experience.
- Now take that USB stick out of your scope
- Obtain the scopes IP Address and Use Command prompt or powershell to run a ping command to see if your PC is communicating with it.
IF YES... Proceed
IF NO... Troubleshoot the network
Stay on AUTO and DHCP (Try to avoid using STATIC IP)
- TYPE
Python Into the command shell or powershell to see if it connects to the python interpreter
in Linux the command is
$ python
if it does
- TYPE
exit() and press enter (do not enter the commands directly from the python interpreter) Use cmd or Powershell only to interface with the interpreter
in Linux the command is
$ exit()
Now you want to see what options you have before you (ASSUME MY RIGOL SCOPE IP ADDRESS IS 10.1.1.666)
TYPE
python rigol_kg2.py -h 10.1.1.666in Linux the command is
$ python rigol_kg2.py -h 10.1.1.666
Press ENTER
this will bring up the help menu (you can do no harm to your scope by doing this)
The options we are interested in the SWITCHES that we are interested in are
-h HELP --------------------------------- (THIS CANNOT HARM YOUR SCOPE)
-i INFORMATION ------------------------ (THIS CANNOT HARM YOUR SCOPE)
-r REGENERATE PRIVATE KEY--------- (THIS GENERATE THE PRIVATE KEY (Priv Prem) needed before activation)
-u UNINSTALL THE OPTIONS--------- (THIS Uninstalls all options and bundles) so if you are on 1.3.2.2 with installed patched options, you use this option to uninstall them
Note the version of the scope
Note if the options are FOREVER or -
if you are on 1.3.2.2 and it says FOREVER because you used the patched version do this now
TYPE
python rigol_kg2.py -u 10.1.1.666Press ENTER
Make sure to restart your scope after this
NOW LET'S PULL UP THE SCOPE INFORMATIONTYPE
python rigol_kg2.py -i 10.1.1.666Press ENTER
in Linux the command is
$ python rigol_kg2.py -i 10.1.1.666
If you now have
- All Options Uninstalled
- and are on 1.3.2.2
WE ARE NOW READY TO GENERATE THE PRIVATE KEY.... (Ensure you do not lose network or power connection at this stage)
TYPE
python rigol_kg2.py -r 10.1.1.666Press ENTER
in Linux the command is
$ python rigol_kg2.py -r 10.1.1.666
EXPECT THIS...
- the information table will appear
- A progress bar will appear that says "READING CFRAM" ... Let it get to 100%
- Then "APPLYING NEW CFRAM" Let it get to 100%
(if it seems to stall for longer than 1 min, it means you clicked on the screen, RIGHT CLICK to un pause, then leave it alone)
- Then you will see multiple lines of ACTIVATING
- at the end of it you'll get an information window. The options will still NOT BE ACTIVATED (that's normal)
NOW WE RUN THE SCRIPTTYPE
python rigol_kg2.py 10.1.1.666in Linux the command is
$ python rigol_kg2.py 10.1.1.666
Press ENTER
After this you will expect all options to be activated (They won't be), That's also normal
- Now REINSTALL 1.3.2.2 even though the current version is 1.3.2.2 DO IT AGAIN, put the USB in the scope with that firmware version on it and run Firmware upgrade again.
(Sounds stupid.. Just do it)
- Then follow the steps again
Get the python INFORMATION up again
NO NEED TO REGENERATE THE KEY THIS TIME
Then just run the script again
TYPE
python rigol_kg2.py 10.1.1.666in Linux the command is
$ python rigol_kg2.py 10.1.1.666
Press ENTER
THIS TIME YOU WILL BE ACTIVATEDBUT WAIT , YOU'RE NOT DONE JUST YET - Now erase the USB stick and load 1.3.3.0 onto it
- do the Pre Boot Menu UPGRADE FIRMWARE to 1.3.3.0or you can do this straight from the operating system
NOW YOU WILL NOTICE A FEW THINGS
1. You're now on 1.3.3.0
2. ALL YOUR OPTIONS HAVE SURVIVED A FIRMWARE UPGRADE
3. You're now good to go
REMEMBER THOUGH
1. Do a self check (3 tests)
2. Do a self calibration
3. RUN YOUR BACKUPS AGAIN (Always remember to backup)
NOW YOU'RE ALL DONE , that's itLastly, if you have any further concerns, Let me know and i'll test it and post the results.
My goal here is to get everyone comfortable with Dr Mefisto's script, and to upgrade their scopes confidently.
EDIT : New pdf uploaded to include the step that shows you how to install the modules.
Home
Help
Search
Login
Register
Topic: Hacking the Rigol MSO5000 - Dr Mefisto Licensing Method (Read 2735 times)