Hacking the Rigol MSO5000 series oscilloscopes

[BTO]

Just went through this process successfully using vadimcreates' older guide - which was super helpful (I was lost before that). 

I updated their guide and made a collection of the files I used to update my 5074 bought in March 2025: https://www.dropbox.com/scl/fi/nopj4f3dm9uhodiv9ywl0/vectorstofinal-update-MSO5xxx.zip?rlkey=zkbu1cx6w6gayx2ijb85a4i8g

OK.....
1. I'm happy you got your scope activated
2. (Although you didn't)   YOU PATCHED YOUR SCOPE

3. Everyone always appreciates when you do something to contribute and then you go out of your way to upload all that to a cloud.... Thank you.

4. Although you need to understand a few things
    - There's no need for people to SSH Into the scope (it causes confusion and adds complexity for the newbies)
    - THE PATCH METHOD IS NOW WELL OUTDATED

5. The Patch Method doesn't survive firmware updates
    As a result TVS84  and DrMefist0 worked out the first PROPERLY LICENSING METHOD.  that's the one you should be using.
   it should also be obvious that the method you used was old because it put you on version 1.3.2.2 and called it "The Latest"  we are on 1.3.3.0 at the moment

6. Here is the link to the current method
https://www.eevblog.com/forum/testgear/hacking-the-rigol-mso5000-dr-mefisto-licensing-method/

Here is the direct link to the download for activation (on the cloud)

https://mega.nz/folder/A8cEgQRI#5FSoMrCurJi71T7VkRPgYQ

so now, from where you are, You can run the new script and select Uninstall as the switch.
then follow the PDF
Now you've already done your backup stuff. so you can skip that part and go straight to licensing FYI

but yeah.. the method that you read is as old as approx 2018 or so ,
do what you like, but really, you should be using the current method as in the future it will mean you just need to download the .GEL file from Rigol officially
and you won't lose your unlocked options.

I mean.. Were you aware of this method ?

[vectorstofinal]

Thanks! I will admit, I'm new to this forum and the post is so huge I struggled to find that sort of full explanation - used the first one I found that seemed do-able.  I will make a note to use that better method before I update firmware in the future.

[BTO]

Thanks! I will admit, I'm new to this forum and the post is so huge I struggled to find that sort of full explanation - used the first one I found that seemed do-able.  I will make a note to use that better method before I update firmware in the future.

Thanks!

You're Welcome

I will admit, I'm new to this forum

1. We can see that by your status

2. No No.. it's ok, You're fine , it's not a problem

and the post is so huge

well, just so you know, These "How to Hack your [Insert Scope here]" Posts usually tend to be massive and out of control.
they tend to start on topic with troubleshooting
then maybe 15 pages into it the members find the solution to the hack
(Now.... 50 pages later, How are you supposed to find the solution on page 15)  Ya know ?

and then everyone starts activating
and then after a while... everyone just sort of drifts off topic

The post gets long and then someone like me comes across and starts a new post to abbreviate everything .
that's more or less how these things evolve

Also i'm very familiar with dealing with Newbies, I've helped Literally, Hundreds of you guys activate your scopes. so.. No need to apologize

I struggled to find that sort of full explanation - used the first one I found that seemed do-able

and the Patch method is still DO-ABLE
However it has limitations, You need to understand how it started

Before the MSO5000 we were all pre occupied with the DS2000A and after that there was an influx of DS1054z
Now the 1054Z was easy.. You just went to a website, Entered a code and you were done,  Sort of like how we did it with the DS100E series

Now with the DS2000A Series
Stage 1 was remoting into the scope and entering commands (i think it was via ultra sigma)
Stage 2 evolved to a program being made that did 3 things (i think it was)
        1. it installed the necessary scope drivers
        2. You had to enter your serial number
        3. It would combine your serial number with another key and then generate an activation key for you (Based also on the options that you selected, i think the Option was AAA)

so when we got to the MSO5000 we thought the encryption would work the same way.........IT DIDN'T

so then they started to use some old tricks to bypass activation and this was  THE PATCH
so the patch makes the scope think that it's unlocked.
so you'll see things like EYE ANALYSIS , But it won't actually work because the MSO5000 doesn't actually support that feature

so the PATCH METHOD.... Tricks the scope into thinking something , While the license file is still not activated

THE NEW METHOD _Dr Mefist0 Licensing method........ ACTUALLY LICENSES THE FILE IN THE SAME WAY THAT IT WOULD IF YOU WENT TO RIGOL AND PAID THEM AND THEY INSERTED THE USB STICK
AND RAN THEIR SCRIPT TO ACTIVATE IT (which you would pay approx $300 for each option)

so to bring this home.....  Appreciate the fact that DrMefist0 really did something cool here
and then let's not forget  ASP who then took us from the first 2 versions through the next 10 versions of the script and did a whole bunch of stuff that is too long to mention here.
but some of the highlights are

- Made the activation time much much shorter
- This in turn reduced the risk of people bricking their scopes
- We also put in safety features so they didn't brick their scopes
- he put in lines of code so the scope rebooted itself instead of just sitting there after activation
- He added diagnostic features to the script
- Then Jointly we looked into unlocking the scope to 500MHz

so yeah..the patch thingy is way way way outdated
it still technically works, but you shouldn't use it because at this stage it's very old and theres' no reason to use it since... on the next firmware update you're gonna lose all your options
at which point
1. You will re patch again (don't know why you would that )

2. You'll run the properly licensed method (in which case, why not just do it now)

I will make a note to use that better method before I update firmware in the future.

Sure, do whatever you like, it's your scope.  i recommend you do it now since you're doing this anyway.
but.. it is ultimately up to you

a few things in that pdf you read

RE   Restore Default (and where it's mentioned that you have to do that before the upgrade)
NO... that was a rumour that went around for a while,   it's not actually true or required, it's just one of those things that people incorrectly conclude
along the way and sort of becomes a thing

I personally tested that one and went from the lowest version to the highest version without ever resetting defaults.
it's not a requirement for upgrading
although it's handy to know that you can do it if you have a problem with your scope

[rolfdegen]

I have problem with win11 and ssh <scope-ip-addr> -l root

win11 say "SSH protocol v.1 is no longer supported  !!

I dont now ?

[rolfdegen]

ok. win11 ssh clint need admin rights.

Now input: C:\Windows\System32>ssh root@192.168.0.157
and result:  root@192.168.0.157's password:
i will input "rigol" but the text input doesn't work ??

[rolfdegen]

Okay. I found the password. It's Rigol201.
Now I want to perform a local upgrade, but I immediately get an error message: "Fail to upgrade! Check the upgrade file

[zauberpilz]

Try Rigol201

[rolfdegen]

Hallo EEVblog fans
I successfully upgraded my MSO5104 to 350MHz. Thanks for your support 
How can I check the 350Mhz bandwidth and the 200Mpts DeepMemory option ?

[Kean]

How can I check the 350Mhz bandwidth and the 200Mpts DeepMemory option ?

A good way to check bandwidth is by measuring risetime of a fast edge.
The Leo Bodnar pulse generator is popular for this, but there are some DIY fast risetime pulse generator designs published here and elsewhere.
The LBE-1320 datasheet gives some details on calculating scope bandwidth based on measured risetime.
https://www.leobodnar.com/shop/index.php?main_page=index&cPath=124

If the license for the deep memory option is showing then it should work.
Check the manual if you are not sure how to set memory depth, but basically it is set under Acquire menu and you should now have the 200Mpts option with a single channel enabled, less for 2-4 channels.

[JCS666]

https://es.aliexpress.com/item/1005005262650725.html?spm=a2g0o.order_list.order_list_main.1543.56a8194d5DRca3&gatewayAdapt=glo2esp

[BTO]

NOTE: here's the better/proper version of this process
https://www.eevblog.com/forum/testgear/hacking-the-rigol-mso5000-dr-mefisto-licensing-method/

Below is what I just did, the older patch method with some notes from a Mac user:
-----
Just went through this process successfully using vadimcreates' older guide - which was super helpful (I was lost before that). 

I updated their guide and made a collection of the files I used to patch my 5074 bought in March 2025: https://www.dropbox.com/scl/fi/nopj4f3dm9uhodiv9ywl0/vectorstofinal-update-MSO5xxx.zip?rlkey=zkbu1cx6w6gayx2ijb85a4i8g

NOTE: here's the better/proper version of this process
https://www.eevblog.com/forum/testgear/hacking-the-rigol-mso5000-dr-mefisto-licensing-method/

CORRECT !

as for the rest, Good work. both methods actually work, it's just better to use the current activation version.

[BTO]

I have problem with win11 and ssh <scope-ip-addr> -l root

win11 say "SSH protocol v.1 is no longer supported  !!

I dont now ?

Hmmmm

[BTO]

ok. win11 ssh clint need admin rights.

Now input: C:\Windows\System32>ssh root@192.168.0.157
and result:  root@192.168.0.157's password:
i will input "rigol" but the text input doesn't work ??

OK COOL

[BTO]

Okay. I found the password. It's Rigol201.
Now I want to perform a local upgrade, but I immediately get an error message: "Fail to upgrade! Check the upgrade file

Yes there are 2 Passwords,  THAT'S NOTED IN THE PDF FILE THAT I SUPPLIED.

As for CHECK THE UPGARDE FILE

1. Of course check the upgrade file   
sometimes you can have a bad download, But the upgrade file itself absolutely works and has done so for 100's of people

2. it's usually the USB Stick.
Try.... Reformat the USB Stick freshly, with a FAT32 Partition.
Eject is Safely from your PC so i'ts not a "Dirty Volume"
Also... Try different USB Sticks,   these scopes are "racist" against certain USB Sticks, they just don't like certain ones and that's all there is to it.
once you find one it likes.. Stick to it religiously and dedicate it as your dedicated Scope USB

3. Do a Self Cal

4. You could try throwing on another Firmware Version, then going back to the latest. that helps sometimes.
Although i reckon this comes down to USB Sticks

[BTO]

Hallo EEVblog fans
I successfully upgraded my MSO5104 to 350MHz. Thanks for your support 
How can I check the 350Mhz bandwidth and the 200Mpts DeepMemory option ?

1.  CONGRATULATIONS.....       You didn't blow up your scope.   
I've heard that if you type in Rigol201 with a lowercase r  you can blow up your scope, just like if you type "google" into Google,
You can actually break the internet . 

2. You can check Deep Memory by pressing CH 1 and selecting the mem depth

3. You can confirm 350MHz a few ways.
the way @Kean said
then simpler ways

- You can go into the system details and see it there
- You can Go to CH 1 settings and find the setting (i don't have it handy) for the DISPLAY of the CH1 trace  (or any channel for that matter)
i think you go.. System.. More More  or something like that. and there is a part where you get to turn on Channel Label.
in that Menu you'll get an option to turn on CHANNEL LABEL ("CH1)" or you can rename it. and then you have BW,  if you have 350MHz instead of 70MHz
it will say "BW350M"
and what this does is it actually updates as you use the bandwidth, so leave it on, and switch on all channels at once and see what happens to the bandwidth.
also ... use only 1 channel when it says 350M  then go into acquistion and drop the Bandwidth down to the lowest, like 50MHz and see it change.

that's another way to check bandwidth

[rolfdegen]

Hallo friends
Thanks for your tips. My MSO5104 says bandwidth 350MHz and memory depth 200.





Everything seems to be working. I performed the upgrade using this method...
See Attachment MSO_5000_upgrade

[BTO]

Hallo friends
Thanks for your tips. My MSO5104 says bandwidth 350MHz and memory depth 200.

(Attachment Link) (Attachment Link)

Everything seems to be working. I performed the upgrade using this method...

YEP, YOU GOT IT, that's the one
Now the Bandwidth info in the system info doesn't change and it's based on the Model number, However the one there actually changes in real time.

Try this
Turn on Ch 1  only, Note the Bandwidth
then Ch 2 , Note Bandwidth
then Ch 3
Then Ch 4

Now do this

Turn on Ch 1
Then Ch 3

Notice the difference between using Ch 1 and Ch 2   vs  Ch 1 and Ch 3 
Interesting huh ?

[rolfdegen]

No matter which channel I switch on, the bandwidths do not change (see picture).

[rolfdegen]

What changes is the mem depth. With 4 channels enabled, the maximum value is 50M

[BTO]

No matter which channel I switch on, the bandwidths do not change (see picture).

(Attachment Link)

Actually, You're correct, My Mistake
if you enable all channels the Bandwidth does not change, in my case it says 500M (500MHz), that's a story for another time.
but you are correct
as you said in the next post it is in fact the Mem Depth that changes

If you use Ch 1 and Ch 2  you get Max 50 Mpts
however Ch 1 and Ch 3
or
Ch 1 and Ch 4
will allow you to utilize 100 Mpts

even if you get creative and use Ch 2 and Ch 3,   still 50   or Ch 2 and Ch 4, still 50
it seems that Rigol hates Ch 2 and if Ch 2 is used then you'll be stuck on 50   
Who made this decision, i don't know... but i think it's dumb.   who isn't gonna use Ch 1 and Ch 2 as their first 2 channels

[BTO]

What changes is the mem depth. With 4 channels enabled, the maximum value is 50M

(Attachment Link)

If you want to get deeper into the scope i can give you the link for the video series deep dive tutorial on this specific scope
that shows you LITERALLY all the features of the scope. so if you want to sink your teeth into the nitty gritty, let me know.
if you already know, that's fine then

[smokegremlin]

Hi all,

I recently picked up a second-hand MSO5074.
Firmware: 00.01.01.04.04
Hardware: 01.00.000

I've been looking into unlocking the extended features, and while I’ve browsed through some of the threads here, I'm aware my firmware version is a bit dated. Before I dive too deep, I wanted to ask:

What’s the recommended approach for unlocking features on this specific firmware version?
Is there a preferred method or resource that’s still relevant for this older firmware?

Appreciate any pointers—thanks in advance!

[BTO]

Hi all,

I recently picked up a second-hand MSO5074.
Firmware: 00.01.01.04.04
Hardware: 01.00.000

I've been looking into unlocking the extended features, and while I’ve browsed through some of the threads here, I'm aware my firmware version is a bit dated. Before I dive too deep, I wanted to ask:

What’s the recommended approach for unlocking features on this specific firmware version?
Is there a preferred method or resource that’s still relevant for this older firmware?

Appreciate any pointers—thanks in advance!

SURE.. I've tested this, it is absolutely NOT A PROBLEM at all...

Here is what you do

1. Before anything go get the GEL file that i supplied in this thread for version 1.3.3.0 and upgrade your scope to the latest version

2. Follow the procedure in the PDF as normal
it's irrelevant that your scope is on version 1.1.4.4
that was only relevant with the Patch Method.   with the full licensing method it doesn't matter

GO RIGHT AHEAD,
HAVE NO FEAR OF ANYTHING , DON'T EVEN WORRY ABOUT IT

i upgraded my scope to the latest version and i dropped it back 1 version at a time all the way to 1.1.1.7
and then 1 version at a time back up to 1.3.3.0
it can absolutely be done without a problem

[BTO]

Hi all,

I recently picked up a second-hand MSO5074.
Firmware: 00.01.01.04.04
Hardware: 01.00.000

I've been looking into unlocking the extended features, and while I’ve browsed through some of the threads here, I'm aware my firmware version is a bit dated. Before I dive too deep, I wanted to ask:

What’s the recommended approach for unlocking features on this specific firmware version?
Is there a preferred method or resource that’s still relevant for this older firmware?

Appreciate any pointers—thanks in advance!

I Guess it should be noted, since you are upgrading through quite a few versions, Even though there is nothing to worry about.
YOU WILL GET NEW FEATURES IN YOUR SCOPE
The main one being , At version 1.3.2.2 You get VNC Viewer , it's available in every version after 1.3.2.2 as well so you'll have it in 1.3.3.0  .

You will use this instead of Web Control.
and you'll notice you'll have extra icons in the quick menu as well.   so don't forget to check out the functionality of VNC Viewer.

if you're never used it.  it's easy.

You connect your scope to your network

You install VNC Viewer  (here)
https://www.realvnc.com/en/connect/download/viewer/?lai_vid=yAmmknRbvfeP5&lai_sr=5-9&lai_sl=l
To your pc

You then run it

it will ask for an IP Address.  (Check your scopes info / LAN menu for the I.P. address)
Type that into the PC Application and used the supplied password
and you'll be able to view the scopes screen on your PC and there will be 0 or minimal lag

ENJOY

[nikitasius]

I have problem with win11 and ssh <scope-ip-addr> -l root

win11 say "SSH protocol v.1 is no longer supported  !!

I dont now ?

Putty - a great open source ssh client for windows for last 15 years at least.