Author Topic: Hacking the Rigol MSO5000 series oscilloscopes  (Read 901382 times)

reztek and 8 Guests are viewing this topic.

Offline NoisyBoy

  • Frequent Contributor
  • **
  • Posts: 503
  • Country: us
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #950 on: March 08, 2019, 02:38:49 pm »
It is no different in the U.S., we have to register before download as well.  It is not uncommon due to our strict anti-spam law, it allows them to reach out to you via email for marketing and other purposes.
 

Online JDubU

  • Frequent Contributor
  • **
  • Posts: 438
  • Country: us
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #951 on: March 08, 2019, 02:44:11 pm »
No registration required at the Chinese Rigol site:

http://cn.rigol.com/Support/SoftDownload/3
 
The following users thanked this post: Elandril

Offline Martin72

  • Super Contributor
  • ***
  • Posts: 5670
  • Country: de
  • Testfield Technician
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #952 on: March 08, 2019, 02:59:19 pm »
Quote
It is no different in the U.S., we have to register before download as well.

Ah, after I was on the europe site (and registered me), I went to the U.S. site and could directly go to the firmware.
Maybe once only registration is needed.

Offline peppy88

  • Regular Contributor
  • *
  • Posts: 89
  • Country: ua
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #953 on: March 08, 2019, 03:53:58 pm »
Current best practice:

  • Note your current software version down. If it is older than 01.01.04.04 you will need to upgrade.
  • Backup your scope specific data such as calibration values. Get the DS5000Update_backup.GEL.txt from here. Rename to DS5000Update.GEL and put it on a USB drive. Execute an upgrade. You will see the scope doing a backup. Unplug the stick and make sure you have a backup in the data_backup folder on the stick.
  • If you have an older version of the firmware, download 01.01.04.04 from here. Also rename it to DS5000Update.GEL, put it on your usb drive, and upgrade.
  • Make sure you are on the 01.01.04.04 firmware in the about dialog.
  • Patch the scope to have all licenses. For that download the patch from here. Again rename and copy to usb drive. This time the upgrade might take a bit longer, it should ask you to reboot, if not something failed, but it is probably not fatal for your scope, no worries. Reboot.
  • Check that all licences are activated.
  • If you want, do an auto calibration and check that everything is still okay.

You can get temporary SSH access by executing this upgrade. The upgrade will "fail", but you will have ssh until reboot. You can use this to fix your calibration data, if truly required.

Ive upgraded to the newest firmware but when I upload the patch (with renaming) scope says fail to update please check package

Did you read the last sentence? (highlighted)

Yes this is not for the ssh update I'm doing the actual patch.
 

Offline peppy88

  • Regular Contributor
  • *
  • Posts: 89
  • Country: ua
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #954 on: March 08, 2019, 03:55:06 pm »
Ive upgraded to the newest firmware but when I upload the patch (with renaming) scope says fail to update please check package

If you are talking about the license patch. This is strange. It is the first observed failure. I could only recommend trying again with a freshly FAT32 formatted usb drive. (It uses the drive as space for intermediate patching results, so there should be space.) If this does not work, you either have to wait for a new patch with better debug output on the screen, or ssh in and execute "/rigol/shell/update.sh /media/sda1/DS5000Update.GEL" and report back any failures you see.

Thanks I will try this. I think it's just not detecting my usb for some reason. Maybe because I formatted using my Mac? Are you guys formatting the drives on a windows machine? I'll keep you posted with my results.
« Last Edit: March 08, 2019, 03:58:22 pm by peppy88 »
 

Offline Elandril

  • Contributor
  • Posts: 22
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #955 on: March 08, 2019, 05:20:59 pm »
Thanks for the link. I hate those forced registrations for a simple firmware download.
 

Offline Old Printer

  • Frequent Contributor
  • **
  • Posts: 745
  • Country: us
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #956 on: March 08, 2019, 05:35:33 pm »
Ive upgraded to the newest firmware but when I upload the patch (with renaming) scope says fail to update please check package

If you are talking about the license patch. This is strange. It is the first observed failure. I could only recommend trying again with a freshly FAT32 formatted usb drive. (It uses the drive as space for intermediate patching results, so there should be space.) If this does not work, you either have to wait for a new patch with better debug output on the screen, or ssh in and execute "/rigol/shell/update.sh /media/sda1/DS5000Update.GEL" and report back any failures you see.

Thanks I will try this. I think it's just not detecting my usb for some reason. Maybe because I formatted using my Mac? Are you guys formatting the drives on a windows machine? I'll keep you posted with my results.
Try a third party dedicated usb formatting tool. It has been said that the one built into Windows 7 and on is problematic. May be the same for Mac, I think Apple is worse than Microsoft about tweaking things to suite themselves.
 

Offline offmar

  • Contributor
  • Posts: 16
  • Country: bg
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #957 on: March 08, 2019, 08:11:35 pm »
Ive upgraded to the newest firmware but when I upload the patch (with renaming) scope says fail to update please check package

If you are talking about the license patch. This is strange. It is the first observed failure. I could only recommend trying again with a freshly FAT32 formatted usb drive. (It uses the drive as space for intermediate patching results, so there should be space.) If this does not work, you either have to wait for a new patch with better debug output on the screen, or ssh in and execute "/rigol/shell/update.sh /media/sda1/DS5000Update.GEL" and report back any failures you see.

Thanks I will try this. I think it's just not detecting my usb for some reason. Maybe because I formatted using my Mac? Are you guys formatting the drives on a windows machine? I'll keep you posted with my results.


I'm doing it using DiskUtility in MacOS. I set the filesystem to FAT and Scheme to "Master Boot Record".
 

Offline kwinz

  • Newbie
  • Posts: 8
  • Country: at
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #958 on: March 08, 2019, 09:03:55 pm »
If you can cancel your order batterfly . com have them in stock right now, I've bought mine from there and was sent on the next day with free shipping

Great advice! As you suggested I ordered with batterfly (just 2days ago). Same day free shipping. I just now got the scope delivered with FW 00.01.01.02.03. Fully recommended!
 

Offline peppy88

  • Regular Contributor
  • *
  • Posts: 89
  • Country: ua
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #959 on: March 08, 2019, 11:43:16 pm »
Ok upgrade worked.

I have a MSO5072 it would not update on the start menu where you press the single button.

It works by doing Utility->System->Help Local upgrade
 

Offline NED88

  • Newbie
  • Posts: 9
  • Country: gb
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #960 on: March 09, 2019, 01:09:34 am »
Hi all.

I'm new to this forum and have been following this thread for about two weeks. 

A week or so ago, I decided purchased a Rigol MSO5104 (which came with F/W v02.03) and then added the -fullopt to a line on the start.sh file.

Two days ago, I decided to upgrade the F/W to v04.04 and used the various .GEL files produced by mabl (a big thanks to you) and I too can confirm that update patch works  :-+

Afterwards, I edited the start.sh file as suggest by oliv3r (see https://www.eevblog.com/forum/testgear/hacking-the-rigol-mso5000-series-oscilloscopes/msg2245083/#msg2245083) instead of having to insert a USB stick with the 10kB .GEL file on it (see https://www.eevblog.com/forum/testgear/hacking-the-rigol-mso5000-series-oscilloscopes/msg2234076/#msg2234076) in order to enable SSH.

Fellow members, I have a few questions for you:

Q1:  I tried editing two commented-out lines in /etc/init.d/rcS to enable SSH and FTP, but would like to know why/how it reverts back to the commented-out lines after a reboot?

Q2:  Also, is the power button/switch the only way to reboot (other than connecting via SSH and running the command reboot) ?

Q3:  I backed-up my .hex calibration files (using mabl's .GEL file) before upgrading the F/W and then manually copied them back afterwards.  Is it safe to do a self-calibration with the current F/W version or should one stick to the backed up calibration files (as I have done)?


Thanks again to all those who have contributed to this forum.  :)
« Last Edit: March 09, 2019, 10:18:59 am by NED88 »
 

Offline rgwan

  • Contributor
  • Posts: 24
  • Country: us
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #961 on: March 09, 2019, 03:07:27 am »
Hi all.

I'm new to this forum and have been following this thread for about two weeks. 

A week or so ago, I decided purchased a Rigol MSO5104 (which came with F/W v02.03) and then added the -fullopt to a line on the start.sh file.

Two days ago, I decided to upgrade the F/W to v04.04 and used the various .GEL files produced by mabl (a big thanks to you) and I too can confirm that update patch works  :-+

Afterwards, I edited the start.sh file as suggest by oliv3r (see https://www.eevblog.com/forum/testgear/hacking-the-rigol-mso5000-series-oscilloscopes/msg2245083/#msg2245083) instead of having to insert a USB stick with the 10kB .GEL file on it (see https://www.eevblog.com/forum/testgear/hacking-the-rigol-mso5000-series-oscilloscopes/msg2234076/#msg2234076) in order to enable SSH.

Fellow members, I have a few questions for you:

Q1:  I tried editing two commented-out lines in /etc/init.d/rcS to enable SSH and FTP, but would like to know why/how it reverts back to the commented-out lines after a reboot?

Q2:  Also, is the power button/switch the only way to reboot (other than connecting via SSH and running the command reboot ?

Q3:  I backed-up my .hex calibration files (using mabl's .GEL file) before upgrading the F/W and then manually copied them back afterwards.  Is it safe to do a self-calibration with the current F/W version or should one stick to the backed up calibration files (as I have done)?


Thanks again to all those who have contributed to this forum.  :)

1. The entire root filesystem is an initramfs, so whatever changes you made to / will revert back to initial state, unless your change system.img and flash it to a specific MTD partition.

2. You can use reboot command.

3. Yes
 
The following users thanked this post: NED88

Offline luma

  • Regular Contributor
  • *
  • Posts: 130
  • Country: us
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #962 on: March 09, 2019, 03:09:32 am »
Has anyone poked around in the web server files?  If you go to http://<scopeip>/DataControl.html you get a simple file manager and remote commands via SCPI (page source).



The server is lighthttpd with the config at /rigol/webcontrol/config/lighttpd.conf and docroot at /rigol/webcontrol/webpages.  This is pretty stripped down, no scripting environment so everything is CGI.  Still, seems like the web front end could get some custom love with client side js if one were so inclined. Keystrokes and wave data are all sent over websockets. It also appears one could enable SSL with a custom cert as the openssl binaries are available.

The http://<scopeip>/img folder symlinks to /tmp so you can poke at files there, or drop files there from shell/boot scripts to be viewed remotely if you don't want to be writing anything to flash.

There are some weird things in there too.  This file has a link to this site which appears to offer web tutorials and sample code which visually date from the late 90s. It does explain the look of the web UI...  This page has a simple waveviewer (that doesn't work) and some test info.
« Last Edit: March 09, 2019, 03:18:54 am by luma »
 

Offline mabl

  • Regular Contributor
  • *
  • Posts: 120
  • Country: 00
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #963 on: March 09, 2019, 10:26:12 am »
Yes, I also looked into these. However, I do think all interaction is via SCPI commands and there is hence no secret there, which is not also in the SCPI definitions in /rigol/resources.

It looks to me, that there is a message passing system, which is also partially used to define the SCPI commands. However not all messages are also exposed via SCPI commands. I believe the production version of the firmware is not shipped with a full set of SCPI command definitions, hence giving no way to access all possible messages.  (until we define our own SCPI commands to access them :popcorn:. I failed in my first quick attempt tough.)
« Last Edit: March 09, 2019, 10:28:13 am by mabl »
 
The following users thanked this post: luma

Offline nimish

  • Regular Contributor
  • *
  • Posts: 144
  • Country: us
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #964 on: March 12, 2019, 03:46:09 am »
mabl's process works like a charm. Could probably combine the patcher + backup into one easy to use "upgrade" but that's nit picking.

I wasn't able to get the boot menu accessed by hitting "SINGLE" while booting to upgrade correctly, but the in-app upgrade works. Maybe b/c my USB stick is USB3?

 

Offline oliv3r

  • Frequent Contributor
  • **
  • Posts: 279
  • Country: nl
    • Rigol related stuff!
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #965 on: March 12, 2019, 08:44:43 pm »
Hi all.

I'm new to this forum and have been following this thread for about two weeks. 

A week or so ago, I decided purchased a Rigol MSO5104 (which came with F/W v02.03) and then added the -fullopt to a line on the start.sh file.

Two days ago, I decided to upgrade the F/W to v04.04 and used the various .GEL files produced by mabl (a big thanks to you) and I too can confirm that update patch works  :-+

Afterwards, I edited the start.sh file as suggest by oliv3r (see https://www.eevblog.com/forum/testgear/hacking-the-rigol-mso5000-series-oscilloscopes/msg2245083/#msg2245083) instead of having to insert a USB stick with the 10kB .GEL file on it (see https://www.eevblog.com/forum/testgear/hacking-the-rigol-mso5000-series-oscilloscopes/msg2234076/#msg2234076) in order to enable SSH.

Fellow members, I have a few questions for you:

Q1:  I tried editing two commented-out lines in /etc/init.d/rcS to enable SSH and FTP, but would like to know why/how it reverts back to the commented-out lines after a reboot?

Q2:  Also, is the power button/switch the only way to reboot (other than connecting via SSH and running the command reboot) ?

Q3:  I backed-up my .hex calibration files (using mabl's .GEL file) before upgrading the F/W and then manually copied them back afterwards.  Is it safe to do a self-calibration with the current F/W version or should one stick to the backed up calibration files (as I have done)?


Thanks again to all those who have contributed to this forum.  :)

I just realized, you may also want to start udhcpc -i eth0 & somewhere :) probably before your ssh line. If your appEntry fails to start or crashes or whatever, the devices will be without an IP, so ssh will be up and running, but you won't be able to access it.

appEntry does its own network management (wtf much?) but that doesn't conflict.

Offline NoisyBoy

  • Frequent Contributor
  • **
  • Posts: 503
  • Country: us
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #966 on: March 12, 2019, 09:24:32 pm »
Hi mabl,

After rereading all the posts after page 30, I believe I made a mistake in saying that the serial number may be lost.  Looks like what could be lost are the "licenses", are we only referring to losing the 2160 min of trial serial decoder licenses?

Thanks again.

I read the serial number could be lost after the patch, if I restore to official firmware state, then is the serial number restored? 
Serial number is saved in /rigol/data together with the calibration data. Once you loose that, you loos it, I think.

If I have is for whatever reason if I need to back out the patch to restore to official firmware state, is there a tested process to do that?  Is is just to reapply the official update, or is there more?

Either manually copy back appEntry over ssh, or flash the original firmware. I'm not sure if there is a patch against same-version flashing though. Could potentially be patched out, though.
 

Offline NED88

  • Newbie
  • Posts: 9
  • Country: gb
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #967 on: March 13, 2019, 01:31:48 am »
I just realized, you may also want to start udhcpc -i eth0 & somewhere :) probably before your ssh line. If your appEntry fails to start or crashes or whatever, the devices will be without an IP, so ssh will be up and running, but you won't be able to access it.

appEntry does its own network management (wtf much?) but that doesn't conflict.

Hi oliv3r.

Thanks for the suggestion above - I'll try it out and see if it works... :)  Would I expect udhcpc in the list of processes by running ps -al  in the terminal?


I have a few additional questions for this thread/forum  ;)

1) Regarding the ssh command (I'm using Terminal on the Mac), it keeps saying "Warning: Permanently added '<IP address>' (ECDSA) to the list of known hosts." - is this anything to worry about?

2) Does anyone know if there a terminal command (on the scope) that can check the FAT-formatted partition on a USB memory stick (I usually use fsck but can't see the msdos version)?

3) I'm not sure if this is the correct Rigol MSO5000-related thread to post this question...  So, I decided to use the Measure menu to add Frequency, Period, Undershoot and Overshoot measurements in order to calibrate the four passive probes supplied with my MSO5104.  I managed to get both the Under/Overshoot down to ~0.6060% for channels 1, 2 and 4 using the 1KHz square wave (from the probe compensation terminal) and those three channels now show a good flat square wave.  However, channel 3 is showing a bit of overshoot (0.6711%) that I can't get rid of - is this normal and/or is it possible to rectify it??  Not sure if it's a software or hardware problem either.  I have attached, below, a screenshot of the measurements and I did run the SelfCal function beforehand.

« Last Edit: March 13, 2019, 01:44:04 am by NED88 »
 

Offline mabl

  • Regular Contributor
  • *
  • Posts: 120
  • Country: 00
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #968 on: March 13, 2019, 07:01:26 am »
First of all, I have updated the backup script, and it should be more reliable now. Do use it, really  ;D

I read the serial number could be lost after the patch, if I restore to official firmware state, then is the serial number restored? 
Serial number is saved in /rigol/data together with the calibration data. Once you loose that, you loos it, I think.
After rereading all the posts after page 30, I believe I made a mistake in saying that the serial number may be lost.  Looks like what could be lost are the "licenses", are we only referring to losing the 2160 min of trial serial decoder licenses?

All scope specific data is in one folder. When and what can and is usually lost is not very clear. There is a reset to default thing, which copies the scope default data and hence overwrites these files. I have personally lost the all .LIC files during upgrade. But I went a more convoluted way with a partial downgrade. So it might have been my fault. Anyways. Make a backup and you are fine.

1) Regarding the ssh command (I'm using Terminal on the Mac), it keeps saying "Warning: Permanently added '<IP address>' (ECDSA) to the list of known hosts." - is this anything to worry about?

2) Does anyone know if there a terminal command (on the scope) that can check the FAT-formatted partition on a USB memory stick (I usually use fsck but can't see the msdos version)?

1. That is normal, everytime your scopes IP is different. Usually your router should give it a more or less stable address though. It will not hurt you.
2. There is none. I do really not like how there is no way of unmounting the usb drive.
« Last Edit: March 13, 2019, 07:04:44 am by mabl »
 
The following users thanked this post: thm_w, Shodge, NoisyBoy, NED88

Offline el_man

  • Contributor
  • Posts: 19
  • Country: bg
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #969 on: March 13, 2019, 09:37:00 am »
If you can cancel your order batterfly . com have them in stock right now, I've bought mine from there and was sent on the next day with free shipping

Great advice! As you suggested I ordered with batterfly (just 2days ago). Same day free shipping. I just now got the scope delivered with FW 00.01.01.02.03. Fully recommended!

I'm glad to hear it. Wish you a Happy scoping  ;)
 

Offline NED88

  • Newbie
  • Posts: 9
  • Country: gb
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #970 on: March 13, 2019, 03:52:51 pm »
First of all, I have updated the backup script, and it should be more reliable now. Do use it, really  ;D

Q: Is this updated .GEL file for running from a USB memory stick and/or via a terminal command, as it says "Press any key to continue..." ?

 

Offline NoisyBoy

  • Frequent Contributor
  • **
  • Posts: 503
  • Country: us
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #971 on: March 13, 2019, 04:16:48 pm »
I saw that too, I just push one of the red key on the right of the screen, the screen will then go black for about 10 sec, then the scope screen will return.

After that, you will get a backup file on the USB with an extension of .tar.bz3 (if I recall correctly).  I don't believe the extra bz3 extension was there before in the old script.  I just delete the extra .bz3, and I was able to untar it into its own directory on a Windows 10 PC.

I also noticed that Windows will report the USB drive needs to be repaired when it comes back from the scope.  I wonder if it has to do with me not doing a proper eject on the scope.  On that note, is there even an eject USB drive option on the scope? 

In any event, I did not repair the USB drive and ignored the message on the Windows 10 machine, Windows was able to retrieve the file without any problem.

A big shoutout to mabl for making all this possible, thank you!

First of all, I have updated the backup script, and it should be more reliable now. Do use it, really  ;D

Q: Is this updated .GEL file for running from a USB memory stick and/or via a terminal command, as it says "Press any key to continue..." ?
[/quote]
 

Offline mabl

  • Regular Contributor
  • *
  • Posts: 120
  • Country: 00
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #972 on: March 13, 2019, 05:34:20 pm »
Q: Is this updated .GEL file for running from a USB memory stick and/or via a terminal command, as it says "Press any key to continue..." ?

I saw that too, I just push one of the red key on the right of the screen, the screen will then go black for about 10 sec, then the scope screen will return.

It really means any key on the scope. Restarting the main application takes some time.

After that, you will get a backup file on the USB with an extension of .tar.bz3 (if I recall correctly).  I don't believe the extra bz3 extension was there before in the old script.  I just delete the extra .bz3, and I was able to untar it into its own directory on a Windows 10 PC.
It tried to do it previously too, but failed due to timing during this process. The new system will make sure everything is written first and adds the user interaction.

I also noticed that Windows will report the USB drive needs to be repaired when it comes back from the scope.  I wonder if it has to do with me not doing a proper eject on the scope.  On that note, is there even an eject USB drive option on the scope? 

In any event, I did not repair the USB drive and ignored the message on the Windows 10 machine, Windows was able to retrieve the file without any problem.

A big shoutout to mabl for making all this possible, thank you!

You are very welcome! There is unfortunately no eject. However, I make sure to sync all data to the stick, so it should be save to just pull it. The file system dirty flag will still be set, since Windows has now way of knowing that i synced it properly. It should not find any file system errors due to this process.
 

Offline NED88

  • Newbie
  • Posts: 9
  • Country: gb
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #973 on: March 13, 2019, 05:54:16 pm »
Hi mabl, NoisyBoy

After ssh-ing into the scope, I executed: /rigol/shell/update.sh  /media/sda1/DS5000Update.GEL (as suggested in https://www.eevblog.com/forum/testgear/hacking-the-rigol-mso5000-series-oscilloscopes/msg2252349/#msg2252349) and have attached a screenshot of the terminal output.  I pressed one of the red buttons to the right of the screen when asked.

 

Offline mabl

  • Regular Contributor
  • *
  • Posts: 120
  • Country: 00
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #974 on: March 13, 2019, 05:56:32 pm »
That is how the backup script should look like. Did your patch succeed now? You can run it from the command line too, but it will not give as much output.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf