Hacking the Rigol MSO5000 series oscilloscopes

[ve2mrx]

To everyone contributing to this thread, Thanks!

I DID read all 72 pages of it and bought the MSO5074 :-) It will stay stock, I don't need more than 70MHz for now and I have the promo bundle (the most valuable part of the hack for me). Who knows, maybe I have backups...

Again, thanks!

Martin

[tv84]

@tv84 What is the "easy" way you mention? I have read too much in this thread to remember!

You have to re-read the whole thread but, now, "read between the lines"...

I'll help a bit: read only the last 10 pages.

[Fungus]

@tv84 What is the "easy" way you mention? I have read too much in this thread to remember!

You have to re-read the whole thread but, now, "read between the lines"...

I'll help a bit: read only the last 10 pages.

Is there any way to put the current instructions/links in the first post of the thread?

[tv84]

OP is MIA.

[gudvin1]

Good afternoon! Updated to the latest firmware, patched and everything is OK!
Many thanks to all the participants!
gudvin1.

[ve2mrx]

@tv84 What is the "easy" way you mention? I have read too much in this thread to remember!

You have to re-read the whole thread but, now, "read between the lines"...

I'll help a bit: read only the last 10 pages.

I did again. I'm not sure if it's too subtle or if I read it and not figured that was it. I know licenses are stored in FRAM, and it's probable a replay attack could be done on the trial licenses (anybody tried?!?). Cloning a scope is another possibility. Or doing something in the bootloader. But after reading 150+ pages on this forum about the Rigol MSO5k and the 121GW, I'll take a break, reading about the Siglent "easy way" will wait. Besides, I have no need to hack, it's pure curiosity. That SSH hack is calling me, but I resist ;-)

And I agree that Rigol probably doesn't believe it would be a good return on investment to lock them better. The firmware updates aren't even signed! That's an invitation to create some custom software for them. Botnet, anyone?  We already know it runs Doom...

73,
Martin VE2MRX

[Fungus]

OP is MIA.

Maybe start a new thread "How to hack the MSO5000" where the owner of the first post can update the instructions with the latest info...

[tv84]

I'm not sure if it's too subtle or if I read it and not figured that was it.

"Easy way".

[ykurban]

Could it be that bode plotting is much more faster than on the siglent sds2k+ ?


edit: forget it, it was played fast forwarding...

i speed up the video, about 20X

speed depends on frequency range and "points" you selected
 

[ykurban]

i uploaded a video of bode plot function

What was your connection configuration for this test?

CH1 = filter output
CH2 = filter input monitor

G1 = filter input

[Fungus]

speed depends on frequency range and "points" you selected

It would be cool if these things did a progressive refinement of the plot so a rough plot is fast and it gets more and more detailed the longer you leave it running.

[maginnovision]

That's what changing the number of points does. Do few points it's done fast and ugly. Want a more refined plot choose more points.

[Fungus]

That's what changing the number of points does. Do few points it's done fast and ugly. Want a more refined plot choose more points.

I know, but you have to choose when it could be automatic.

[maginnovision]

But then you'd wait a really long time as it repeats the plot over and over and over until you got some unknown resolution. It'd probably take 30 minutes for someone to figure out a couple of ideal steps for their wanted resolution which is less than waiting for it to finish successive plots until you think it looks good.

I could be misunderstanding what you're saying.

[Cerebus]

But then you'd wait a really long time as it repeats the plot over and over and over until you got some unknown resolution.

No, it doesn't have to do that. Say that the 'finished' product had 100 points at 1 MHz intervals. On the first pass you plot 10MHz, 20MHz ... 100 MHz. On the second pass you already have those points, so you fill in at 5Mhz, 15MHz ... 95MHz. Third pass 7MHz, 17 MHz ... 97 MHz and so on. You add resolution with each pass by adding extra points to ones that you already have. This isn't an analogue sweep generator that has to sweep through the whole spectrum each time, it's DDS, it can hop about. Should take no longer to get to the full 100 point plot than if you had to wait for a 100 point plot done as one pass.

[maginnovision]

I already thought about that and it only works if it's a specific mode with no flexibility at all. I suppose that's useful in some ways but you go from 10 points/decade to 20(1 between each existing point) to 40 to 80. I'm not sure the exact numbers but it ramps pretty quickly(for equidistance between points per decade). I don't know maybe that would be useful for someone. Does rigol take feature requests?

[Fungus]

I don't know maybe that would be useful for someone.

It removes the need for users to choose number of points before starting, it gives a fast initial display so you can quiclky see if there's a PEBKAC error in the setup, you can never select too few points, all you do is wait a bit longer and more will appear.

I don't see where the downside is.

[maginnovision]

Like I said the downside is the inflexible nature of the thing, you'd have fixed points even if you got an inital points/decade selection. I still don't think it's useful(this is my opinion) but if you can get Rigol to implement it go for it.

EDIT: Actually I thought of a way this might be useful. As a sort of tutorial where it can show a user how increasing the number of points affects the plot. Not really a Rigol sort of thing but I wouldn't be surprised to see it on a Keysight or Tek TBS2000 scope.

[AlexS]

Hey guys!
I've just recently got MSO 5072. I've upgraded it to the latest firmware from official website. I've calibrated it.
Trying to activate it using all methods. I've added 3 files on my USB stick. I can clearly see white screen with the patch. I've pressed "any button" . The next I can see 4 channels a couple of second but as a result it's steel not patched.

[MegaVolt]

A set of the right files for backup and hacking. If you do not need a backup, go straight to hacking.

[AlexS]

Thank you so much for trying to help.
Hmmm.... I got the same error.
I see on the white screen an error. And it looks like "No patch 'patch.txt' found on drive."
And the next "Press any key......"
And still the same result that I've reported.

[ve2mrx]

Hi AlexS,

Go read https://www.eevblog.com/forum/testgear/hacking-the-rigol-mso5000-series-oscilloscopes/msg3076547/#msg3076547. I was on the previous page, please read a little bit more next time?

Have fun!
Martin

[AlexS]

Thanks to all for help!
I did do that. I was right everywhere and it was just a problem with USB Stick. I've purchased a new one 4GB and everything done with first try.
You are awesome guys. Good luck to all, colleagues!

[S. Petrukhin]

Hi, friends!

I'm create new topic with EasyEDA project low cost logic analyzer probe for Rigol MSO5000 here:
https://www.eevblog.com/forum/testgear/low-cost-logic-analyzer-probe-for-rigol-mso5000-easyeda-project/

[hajime725]

thanks.
All Options is enable now!

tips:
upgrade method is normal Local upgrade(NOT boot&push SINGLE button method),DO help->Local upgrade