Author Topic: Hacking the Rigol MSO5000 series oscilloscopes  (Read 383455 times)

Noy, serguletti, Ogawa Mitsuaki and 6 Guests are viewing this topic.

Offline tv84

  • Super Contributor
  • ***
  • Posts: 2131
  • Country: pt
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1975 on: April 08, 2021, 05:28:57 pm »
FYI to discover the kind of information that the user demanded being handed in a plate requires the equivalent of reading this whole thread dozen of times.

Also, I didn't know where the info was, i just surfed back a few pages. Something that the user finds a real burden to do.

I always hope to rely on the kindness of strangers that, as I, help others without expecting or demanding nothing in exchange.

 
The following users thanked this post: thm_w

Offline db6178

  • Newbie
  • Posts: 2
  • Country: il
  • Wait, am I still here? Why?
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1976 on: April 09, 2021, 08:12:51 am »
I just liberated my new MSO5074 yesterday, FW 01.03.00.01 build 2020-05-18, easy peasy and purring like a pussy.

I've attached the necessary files and describe below what I did for the convenience of others. Nothing new, it all comes from previous posts.

Steps I took to liberate the scope:
  • Verified installed FW is version 01.03.00.01 build date May 18, 2020 (Utility => System => About)
  • Copied three files, that can be extracted from attached .7z archive, to root of empty 8GB FAT32 USB drive
  • Started up scope
  • Inserted drive to front panel USB port
  • Utility => System => Help => Local upgrade
  • "Upgrade system firware?" => OK
  • Let the scope do its thing - takes a minute or two, or five, go with the flow
  • Reboot scope
  • Verified all options now licensed ...forever... (Utility => System =>  Help => Option list)
  • Bob's your uncle
I suppose I shiouuld recalibrate now too, which according to Olliver goes like this:

  • Make sure that the instrument has been operating for at least 30 minutes
  • Disconnect all input channels (including probes)
  • Utility => System => Self-Cal => Start
  • Self calibration takes ~ 35 minutes to complete
  • When complete, reboot the scope
I verified that all options were upgraded ...forever... (notwithstanding what the effects may be of any future official FW updates I may decide to apply). I did not verify that the patch disables the "phone home" firmware upgrade check, but I have no reason to think it doesn't. This patch does not enable the sshd daemon. To ssh as root into the scope, follow mabl's instructions - which needs to be reapplied after each scope reboot whenever you want SSH access.

This is not going to work for you if your installed FW is not version 01.03.00.01 and having build date May 18, 2020. In that case you will need to adjust the patch.txt file in accordance with instructions that can be found in other posts.

Where the files and info came from:

« Last Edit: April 13, 2021, 02:18:18 am by db6178 »
Sometimes it's better to dispose than to fix.
 
The following users thanked this post: keenox, iamruss, Ogawa Mitsuaki, metro

Offline db6178

  • Newbie
  • Posts: 2
  • Country: il
  • Wait, am I still here? Why?
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1977 on: April 09, 2021, 08:38:36 am »
« Last Edit: April 10, 2021, 07:54:31 pm by db6178 »
Sometimes it's better to dispose than to fix.
 

Offline keenox

  • Contributor
  • Posts: 7
  • Country: ro
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1978 on: April 09, 2021, 08:57:49 am »
Hi guys!
I just received my MSO5074. I also got the offer with included MSO5000-BND (which I understand I will receive as a separate license). If I want to try the hack will I lose the included licence? What happens if I switch back to the original firmware? Thanks!
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 2131
  • Country: pt
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1979 on: April 09, 2021, 10:07:36 am »
Hi guys!
I just received my MSO5074. I also got the offer with included MSO5000-BND (which I understand I will receive as a separate license). If I want to try the hack will I lose the included licence? What happens if I switch back to the original firmware? Thanks!

The license will be in effect every time you are on stock FW. Every time you have a patch it'll override the license.
 
The following users thanked this post: keenox

Offline normi

  • Contributor
  • Posts: 26
  • Country: 00
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1980 on: April 09, 2021, 12:17:59 pm »
I have few questions, possible they have been answered before but I can't find it.

1. If I want to switch back to the stock firmware, is the only option to do that is the secret menu (single key)
2. Is this the same method used to downgrade a stock firmware.
3. I read somewhere that using the secret menu option will erase the factory calibration, is that true and how is this calibration different from the self calibration.
4. is there a method of restoring factory calibration.
 

Offline MartinMajewski

  • Contributor
  • Posts: 6
  • Country: de
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1981 on: April 11, 2021, 02:40:11 pm »
It tells me that the checksum is wrong.

Does your summary rely on a previous stock upgrade to 01_03_00_01 or does it include that update? The first bullet point is a bit misleading.

Thanks for your effort!
 

Offline MartinMajewski

  • Contributor
  • Posts: 6
  • Country: de
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1982 on: April 11, 2021, 03:13:34 pm »
So the "Liberator" archive didn't work for me.

I went with the files I mentioned in my own post #1971 on page 79. They worked flawlessly!

However, because of all the checksum confusion, I've firstly upgraded the MSO5074 with the official GEL from RIGOL to version 01.03.00.01 and did the patch with the three files (of which one is also a GEL file, but somehow I think this was not even needed?!) from the post mentioned above.

I think the biggest confusion comes from the purpose of these three files.

The GEL file is the firmware image, right?
The patch.txt file is the entry point containing the path to the actual patch, which is the bspatch file, as well as the checksums.

Is the GEL file considered anyway when the white screen appears? If you patch with only the GEL file you get a GUI message with a progress bar. If the patch.txt and .bspatch files are present you end up in the white CLI window.
 

Offline normi

  • Contributor
  • Posts: 26
  • Country: 00
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1983 on: April 12, 2021, 01:37:10 pm »
While I have not applied the patch, from going through the thread I noted the following. There are 2 versions of the 01.03.00.01 firmware, one with a May build date and another I think April. Although they share the same firmware number, it appears there is some difference in the contents and so another patch had to be done for the later build date. That's why the checksum error is received.

The GEL file for the hack is used to automate the procedure to  modify the appEntry file and is not a firmware. The bspatch.txt allows the GEL file to check that the appEntry image on the scope is correct for the patch being installed  and also that the produced patched appEntry file matches the expected checksum before being copied to the scope. The bspatch contains the changes to be applied, it is the patch.

Persons can correct me if I am incorrect.

« Last Edit: April 18, 2021, 02:00:16 am by normi »
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 2131
  • Country: pt
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1984 on: April 12, 2021, 03:49:57 pm »
Persons can correct me if I am incorrect.

That's basically correct.

The .GEL includes the bspatch application and is mandatory to trick the scope's update process. It could contain the .txt and the .diff files (like people are used to have only a FW .GEL packed file) BUT that would make us have to build a new .GEL every time there is a new update.

With this logic, the .GEL is always the same and, people just adjust the MD5 checks .txt file and the .diff file for the patching.
« Last Edit: April 12, 2021, 03:51:42 pm by tv84 »
 

Offline Vespamike

  • Newbie
  • Posts: 2
  • Country: it
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1985 on: April 19, 2021, 08:50:51 am »
hello everyone..thank you toraunaoper for the excellent work! a question hoping not to go off topic: I found that at each start of the oscilloscope the LAN settings and the display of the background grid with the values ​​of the scales are reset ... as they are settings it seems strange to me that at each start need to reset ... to you it turns out?
 

Offline MegaVolt

  • Frequent Contributor
  • **
  • Posts: 422
  • Country: by
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1986 on: April 19, 2021, 08:53:30 am »
Have you enabled the option to save settings after power off?
 
The following users thanked this post: Vespamike

Offline Vespamike

  • Newbie
  • Posts: 2
  • Country: it
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1987 on: April 19, 2021, 06:45:23 pm »
you were right .. I missed the option of "Power ON" to "Last"!  |O thanks!!
 

Offline Panerist

  • Newbie
  • Posts: 1
  • Country: ru
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1988 on: April 24, 2021, 05:26:04 pm »
Does the print function work for anyone? I upgraded to the latest firmware and applied a patch from a post that said it's supposed to stop the scope from "phoning home." Networking does work. I can access the scope through my browser. But when I try to print to my LaserJet the scope always says "Printer Busy."

I have the same problem. "Printer is busy" all the time.
 

Offline BarsMonster

  • Contributor
  • Posts: 19
  • Country: ch
    • Microchips internals
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1989 on: May 01, 2021, 10:33:58 pm »
Do I understand it correctly that only MSO5000 series are unlockable, and 7000 or any higher series (7000/8000) are not?
There are very few mentions that 7000 might be similar....
Microchips internals: http://zeptobars.com/
 

Offline Sighound36

  • Frequent Contributor
  • **
  • Posts: 335
  • Country: gb
Seeking quality measurement equipment at realistic cost with proper service backup. If you pay peanuts you employ monkeys.
 
The following users thanked this post: BarsMonster

Online metro

  • Newbie
  • Posts: 1
  • Country: at
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1991 on: Today at 01:47:31 am »
When reading this megathread, I was left curious if all of this works with the brand new scope as well, as compared to the scopes that were sold a year, or two, or four ago.

In the interest of documenting this: the procedure does work as of May 2021 with a brand new MSO5072 scope directly shipped from rigol's official aliexpress shop.

Before getting my scope I really wasn't sure if a newly sold scope could also be unlocked like this. Interpreting the life-story of hacking an oscilloscope in an 80page thread that started 4 years ago can be difficult at times. In the interested of the next one walking down the path that I just did in the past week or so, I thought I'd assert a few things. As of May 2021:
  • A brand new, freshly manufactured, fancy-wrapped MSO5072 still does still come with FW 01.03.00.01, build 2020-05-18. There is no new, magic sauce that would prevent you from unlocking.
  • A 2-Channel MSO5072 can become a 4-channel MSO5354 and also can use its digital piggytail.
  • The firmware upgrade process files and procedure here works like a charm:
    Bob's your uncle

Thank you kindly dear Sirs and Madams involved in this process. Saved my butt. Hope this helps whoever comes after me.
« Last Edit: Today at 01:53:18 am by metro »
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf