Author Topic: Hacking the Rigol MSO5000 series oscilloscopes  (Read 181502 times)

0 Members and 4 Guests are viewing this topic.

Offline Urzov

  • Contributor
  • Posts: 9
  • Country: ua
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1375 on: October 11, 2019, 05:10:19 am »
Hello everybody. Same question! Is it possible not to apply a checksum? Should there be only 2 files on a USB drive? (renamed "patch_file" and "patch.txt") and "DS5000Update.GEL" is not needed on a USB drive?
Need help! I don’t feel like buying another MSO5072 and torturing him too...  :-[  Thank you!
 

Offline NED88

  • Contributor
  • Posts: 9
  • Country: gb
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1376 on: October 11, 2019, 11:35:38 am »
  • after_patch_md5sum - change to value to the expected checksum after  patch_file was applied to file_to_patch.

Where/how does one come up with this checksum?


The expected md5 checksum is quoted here:  https://www.eevblog.com/forum/testgear/hacking-the-rigol-mso5000-series-oscilloscopes/msg2620701/#msg2620701  and the md5 checksum for the original file is generated with this command:  md5 -q appEntry (using a Unix/Linux/Mac terminal).  To check the md5 checksum of the patched file,  run:  echo "3f95cb3236b47826e303de960596f966  appEntry" | md5sum -c from the scope once you've ssh'd into it from Unix.
 

Offline seronday

  • Regular Contributor
  • *
  • Posts: 51
  • Country: au
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1377 on: October 12, 2019, 09:41:26 pm »
It is also possible to generate the MD5 checksum in windows, as delfinom pointed out in this message


Also instead of running strange third party software to compute a md5sum of a file on windows just do
  CertUtil -hashfile appEntry MD5
in a command window
 

Offline Xtremexp

  • Newbie
  • Posts: 2
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1378 on: October 12, 2019, 09:58:02 pm »
Or you can use hxd hex editor to find the md5 hash
 

Offline mabl

  • Regular Contributor
  • *
  • Posts: 100
  • Country: 00
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1379 on: October 14, 2019, 09:05:39 am »
It is also possible to generate the MD5 checksum in windows, as delfinom pointed out in this message


Also instead of running strange third party software to compute a md5sum of a file on windows just do
  CertUtil -hashfile appEntry MD5
in a command window

Or you can use hxd hex editor to find the md5 hash

The md5 checksum after patching is usually not available to the user, since the patched file is only on the scope. The md5 should be given together with the patch file. Note that if the md5 does not match, my patcher will output the mismatch checksum values.
 

Offline nelson_mendes

  • Newbie
  • Posts: 3
  • Country: pt
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1380 on: October 14, 2019, 09:16:40 pm »
Hello everyone!

I've been following this topic quite often but never broke the ice to present myself, so here it goes...

I'm Nelson, Portuguese and currently living in Sweden.

Owning a Rigol 5072 since some time, I was able to unlock was able to unlock its features thanks to the hard worked information from this topic.
So, a special thank you to Mabi, TV84, NED88 and so many others that made it possible...

The latest firmware got my interest due to fix the overshoot in the 4 channels, something that also seen in my scope in channels 3 and 4.

Being ungodly unblessed with any kind of hacking skills, I tried my best to follow the instructions given to other members and attached You can see what I got.


When I tried to patch the scope 04.08 using Mabi's autopatcher I got the MD5sum error and a whole different MD5sum and at this moment I'm feeling quite lost.
It was only today that I got SSH working (using Putty in windows 10 didn't work for me) and I'm strugling to basically do what needs to be done.

I generated the bpatch file over the firmware file and got a wrong md5sum while atempting to patch the scope.
I also generated the bpatch file over the app_Entry file copied by SSH and tried atempted to patch the scope, but again wrong md5.

Could someone please help?
I really don't have a notion about what I'm doing wrong...

Thank you all.

//Nelson





 

Offline ebclr

  • Super Contributor
  • ***
  • Posts: 1932
  • Country: 00
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1381 on: October 15, 2019, 03:37:56 am »
Finally, the time arrives and I will trigger an order for 5072 or 5074

Are the new ones hackable same way, as the old ones?

Any terrifying problem that can void the new order plan?

Still the best Scope for 1K USD?  ( assuming I will hack, and I will )

 

Offline tv84

  • Frequent Contributor
  • **
  • Posts: 928
  • Country: pt
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1382 on: October 15, 2019, 08:53:17 am »
Could someone please help?
I really don't have a notion about what I'm doing wrong...

Which patch_file did you use? Reference it's origin.

Finally, the time arrives and I will trigger an order for 5072 or 5074

Are the new ones hackable same way, as the old ones?

Any terrifying problem that can void the new order plan?

Still the best Scope for 1K USD?  ( assuming I will hack, and I will )

Y N Y
« Last Edit: October 15, 2019, 08:54:48 am by tv84 »
 

Offline nelson_mendes

  • Newbie
  • Posts: 3
  • Country: pt
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1383 on: October 15, 2019, 10:31:22 am »
Hi TV84,

I got it from here and called it MABI.GEL just to make it simple during the bsdiff/bspatch process:
https://www.eevblog.com/forum/testgear/hacking-the-rigol-mso5000-series-oscilloscopes/msg2704640/#msg2704640

Let me see if I got this right...

Do I need to do "bsdiff Firmware_04.08.gel Mabi.GEL patch04.08.bpatch" or "bsdiff appEntry Mabi.GEL patch04.08.bpatch"?

Or is it something even different?


Thanks! ;)
 

Online TK

  • Super Contributor
  • ***
  • Posts: 1155
  • Country: us
  • I am a Systems Analyst who plays with Electronics
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1384 on: October 15, 2019, 10:40:55 am »
Finally, the time arrives and I will trigger an order for 5072 or 5074

Are the new ones hackable same way, as the old ones?

Any terrifying problem that can void the new order plan?

Still the best Scope for 1K USD?  ( assuming I will hack, and I will )
And Rigol has a promotion where you can get lots of the software options included for free (does not include BW upgrade, 4-channel in case you purchase 2-channel model and maybe some other options are not included in the promotion)... but you can still hack it and get all  the options activated.
 

Offline tv84

  • Frequent Contributor
  • **
  • Posts: 928
  • Country: pt
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1385 on: October 15, 2019, 11:00:06 am »
I got it from here and called it MABI.GEL just to make it simple during the bsdiff/bspatch process:

Or is it something even different?

Way off! Read mabl's msg carefully. You need to place the 3 files in the USB pen. And, mabl's doesn't include any patching info. So, you must create it yourself or get it from another place.

mabl's GEL is just a patcher tool.
 
The following users thanked this post: nelson_mendes

Offline nelson_mendes

  • Newbie
  • Posts: 3
  • Country: pt
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1386 on: October 15, 2019, 08:46:56 pm »
Good evening!

I finally made it! A very special thanks to Mabi, AngusBeef, Delfinon, TV84 and many others...

It happens I was being such a "Nabo da Serra" |O and was mixing the md5sums... All good now...


//Nelson
 

Offline AngusBeef

  • Regular Contributor
  • *
  • Posts: 78
  • Country: us
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1387 on: October 17, 2019, 03:46:45 am »

The latest firmware got my interest due to fix the overshoot in the 4 channels, something that also seen in my scope in channels 3 and 4.

Being ungodly unblessed with any kind of hacking skills, I tried my best to follow the instructions given to other members and attached You can see what I got.


The .04.08 patch didn't fix my overshoot issues, I used the calibration data that @Mabl had posted  before on a different topic and it worked for me.

https://www.eevblog.com/forum/blog/new-rigol-scope/msg2240841/#msg2240841

EDIT3:
The problematic calibration is lfcal.hex. Just replacing that file gives perfectly shaped squares again.

mabl, would it be possible for you to upload, or send to me, your working lfcal.hex?

See attached.


I will check later to be sure, but I suspect that auto-cal does nothing... I have the overshoots on 3 channels and nothing changes when I use auto-cal. I even did it while I had input signals fed to all channels - the result didn’t change, everything looked as before, and I suppose that in that scenario the ‘scope should have lost calibration.

Cannot confirm. When using the default calibration, the spikes are less pronounced then after the autocalibration. Things do not change afterwards however.
« Last Edit: October 17, 2019, 03:50:36 am by AngusBeef »
 

Offline tv84

  • Frequent Contributor
  • **
  • Posts: 928
  • Country: pt
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1388 on: October 27, 2019, 09:18:26 pm »
Backup scripts for Rigol MSO5000 and MSO/DS7000

Attached is a .GEL that does a backup of the /rigol/data directory and the 8 kB FRAM memory. Run as a normal update.

It also does a memdump (450MB) so you should use a USB disk with size >= 512 MB. (Why this one? Because sometimes its useful...  ;) )

With /rigol/data and FRAM, we can recreate the scope from scratch (as long as the bootloader is OK).

If anyone tests the script, please report the results and how much time it took.

Edit1: Added a .GEL that does a backup of the full NAND (mt0->mt12). Since the NAND is 1 GB in size, you must be patient! It could take some minutes.
« Last Edit: October 28, 2019, 03:23:02 pm by tv84 »
 
The following users thanked this post: thm_w, Vtech, skander36, nelson_mendes, SpaleKG, sumect

Offline sbehnke

  • Contributor
  • Posts: 20
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1389 on: October 27, 2019, 09:39:17 pm »
Man, I hope I just did something wrong that is easily fixable. I updated to 01.01.04.08, enabled SSH, ssh'ed in and grabbed the appEntry. I then removed the USB stick and put it in my PC where I ran the bspatch and the put the appEntry back into the /rigol folder after making sure it was executable. Now my MSO 5074 starts up and show the progress bar going completely across the screen, but the Rigol logo does not disappear and the scope does nothing. Any ideas how I can fix this?
 

Offline tv84

  • Frequent Contributor
  • **
  • Posts: 928
  • Country: pt
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1390 on: October 27, 2019, 09:46:58 pm »
 
The following users thanked this post: sbehnke

Offline sbehnke

  • Contributor
  • Posts: 20
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1391 on: October 27, 2019, 09:49:38 pm »
Thanks. I found that after I stopped freaking out a bit. So I believe the issue was that I did an online upgrade from Rigol to get to official firmware before I did the binary patch on appEntry. Clearly the version posted is different from the version included in the steps here. I haven't been able to find it on rigolna though.
 

Offline sbehnke

  • Contributor
  • Posts: 20
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1392 on: October 27, 2019, 10:17:46 pm »
Well, I went back and tried it with the version from https://gitlab.com/riglol/rigolee/blob/MSO5000/GEL/DS5000Update_01.01.04.08.GEL but I got the same results where the scope wouldn't get past the boot screen  :'( I'm not sure what I've done wrong, but at least I've back to 01.01.04.04 with all options and that silly overshoot still.
 

Online TK

  • Super Contributor
  • ***
  • Posts: 1155
  • Country: us
  • I am a Systems Analyst who plays with Electronics
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1393 on: October 27, 2019, 11:20:34 pm »
backup + FRAM: 2 minutes 40 seconds
NAND: not tested yet
« Last Edit: October 27, 2019, 11:22:06 pm by TK »
 
The following users thanked this post: tv84

Offline sbehnke

  • Contributor
  • Posts: 20
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1394 on: October 28, 2019, 02:39:26 am »
backup + FRAM: 2 minutes 40 seconds
NAND: not tested yet

I'm sorry, if this was to me, I'm not sure what you mean.
 

Offline sbehnke

  • Contributor
  • Posts: 20
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1395 on: October 28, 2019, 03:57:26 am »
I resolved my issues and now am good to go with the fixed Cal data provided earlier, the 01.01.04.08 firmware and all of the options. Thanks everyone!
 

Offline skander36

  • Regular Contributor
  • *
  • Posts: 90
  • Country: ro
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1396 on: October 28, 2019, 12:57:07 pm »
NAND backup does not work. After one second get message that upgrade is completed and need reboot but on the stick there is nothing saved.
 

Online TK

  • Super Contributor
  • ***
  • Posts: 1155
  • Country: us
  • I am a Systems Analyst who plays with Electronics
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1397 on: October 28, 2019, 01:09:14 pm »
backup + FRAM: 2 minutes 40 seconds
NAND: not tested yet

I'm sorry, if this was to me, I'm not sure what you mean.
Sorry, it is for TV84
 

Offline Jean-Michel

  • Newbie
  • Posts: 2
  • Country: be
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1398 on: October 28, 2019, 02:49:44 pm »
Hello,

I have full opetion mode version 01.01.04.04, does someone try to make the upgrade 01.01.04.08?
Do you always keep the full option?
 

Offline skander36

  • Regular Contributor
  • *
  • Posts: 90
  • Country: ro
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1399 on: October 28, 2019, 08:04:30 pm »
Sorry I have to finish some home business .
The task was completed succesfully in about 10 minutes .
On disk I found this files (attached).
Scope is 5074 witn FW: 00.01.01.04.08 with mod (bspatch).



« Last Edit: November 01, 2019, 07:23:53 am by skander36 »
 
The following users thanked this post: Vtech, tv84


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf