Author Topic: Hacking the Rigol MSO5000 series oscilloscopes  (Read 377542 times)

0 Members and 4 Guests are viewing this topic.

Online PA0PBZ

  • Super Contributor
  • ***
  • Posts: 4586
  • Country: nl
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #600 on: January 10, 2019, 08:31:19 am »
Here is an example of what my Keysight scope looks like with its native 50 ohm input, and then using a 50 ohm feed-through with the scope input back at 1 meg-ohm. It looks absolutely horrible using the feed-through. The third shot is the 50 ohm feed-through on its own just for reference.

Can you explain why above 800MHz the feedthrough + scope seems better than the feedthrough alone? Is the feedthrough not made for frequencies above 500MHz or something like that?
Keyboard error: Press F1 to continue.
 

Online TheSteve

  • Supporter
  • ****
  • Posts: 3271
  • Country: ca
  • Living the Dream
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #601 on: January 10, 2019, 08:42:28 am »
I don't want to get too far off topic but to answer the question the feed-through is a very cheap model from banggood(7 dollars for two shipped). I wouldn't expect  decent performance past 500 MHz.
VE7FM
 
The following users thanked this post: PA0PBZ

Offline tcottle

  • Contributor
  • Posts: 15
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #602 on: January 10, 2019, 03:32:04 pm »
Slightly off topic.  TEquipment has 2 MSO5074 in stock.  It was 3 before I bought one   :P
 

Offline nimish

  • Regular Contributor
  • *
  • Posts: 53
  • Country: us
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #603 on: January 10, 2019, 11:05:18 pm »
Slightly off topic.  TEquipment has 2 MSO5074 in stock.  It was 3 before I bought one   :P
wtf? I bought one and got my delivery bumped back and forth
 

Offline tcottle

  • Contributor
  • Posts: 15
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #604 on: January 11, 2019, 02:11:54 am »
wtf? I bought one and got my delivery bumped back and forth
Yeah my confirmation e-mail indicates a shipping date of the 15th.  I suspect shenanigans
 

Offline mrpackethead

  • Super Contributor
  • ***
  • Posts: 2831
  • Country: nz
  • D Size Cell
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #605 on: January 11, 2019, 05:36:56 am »
so they have enough time to install new firmware perhaps??
On a quest to find increasingly complicated ways to blink things
 

Offline diegogmx

  • Contributor
  • Posts: 19
  • Country: dk
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #606 on: January 11, 2019, 07:25:24 am »
wtf? I bought one and got my delivery bumped back and forth
Yeah my confirmation e-mail indicates a shipping date of the 15th.  I suspect shenanigans

it seems there are many of us in that situation, they told me they have a backlog of orders, which is to be expected i guess
 

Online Martin72

  • Super Contributor
  • ***
  • Posts: 1780
  • Country: de
  • Testfield Technician
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #607 on: January 11, 2019, 04:59:40 pm »
anyone tried logging in with firmware version 00.01.01.02.04? Build: 2018-11-09 19:49:21

i ordered the mso5074 after reading about the "hack" on hackaday. received it an hour ago, but can't log in over the lan interface & ssh...

Thought maybe the update is only via online connection to the scope avaible and take it to home, connect LAN...
No, no firmare avaible.

Offline tv84

  • Super Contributor
  • ***
  • Posts: 2085
  • Country: pt
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #608 on: January 11, 2019, 05:33:54 pm »
Chipset and front end chip in MSO7000 and MSO5000 is identical and capable of same bandwidth (frontend chipset is capable of few GHz actually). It's just that your signal from input BNC cannot get to it without being destroyed.
For a scope of this class it is more important that it has good 300 MHz with good signal integrity(which is a miracle itself), that hacking it to 1GHz with distorted signal. You get worse scope actually, and much more noise...

By looking at these FW strings (in the current models):
600MHz to 1GHz Bandwidth Upgrade Option
600MHz to 2GHz Bandwidth Upgrade Option
1GHz to 2GHz Bandwidth Upgrade Option

I would imagine that ds8000 (or ds9000) could be available in 600MHz or 1GHz base, with options to upgrade to 2GHz.

Let's hope that with another PCB as you say.
 

Offline 2N3055

  • Super Contributor
  • ***
  • Posts: 3467
  • Country: hr
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #609 on: January 11, 2019, 07:33:09 pm »
Chipset and front end chip in MSO7000 and MSO5000 is identical and capable of same bandwidth (frontend chipset is capable of few GHz actually). It's just that your signal from input BNC cannot get to it without being destroyed.
For a scope of this class it is more important that it has good 300 MHz with good signal integrity(which is a miracle itself), that hacking it to 1GHz with distorted signal. You get worse scope actually, and much more noise...

By looking at these FW strings (in the current models):
600MHz to 1GHz Bandwidth Upgrade Option
600MHz to 2GHz Bandwidth Upgrade Option
1GHz to 2GHz Bandwidth Upgrade Option

I would imagine that ds8000 (or ds9000) could be available in 600MHz or 1GHz base, with options to upgrade to 2GHz.

Let's hope that with another PCB as you say.

No need for speculation. 8000 is up to 2GHz model.
9000 is yet to be released up to 4GHz model.
Spoke with Rigol on Electronica. 8000 was there, looks pretty much like black 7000....
 

Offline hansibull

  • Regular Contributor
  • *
  • Posts: 92
  • Country: no
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #610 on: January 11, 2019, 07:51:09 pm »

No need for speculation. 8000 is up to 2GHz model.
9000 is yet to be released up to 4GHz model.
Spoke with Rigol on Electronica. 8000 was there, looks pretty much like black 7000....

There where no DS/MSO8000 on the Electronica fair? IIRC the RSA5000 was the only black instrument at the Rigol stand apart from the MSO5000.
 

Offline pascal_sweden

  • Super Contributor
  • ***
  • Posts: 1519
  • Country: no
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #611 on: January 11, 2019, 08:07:18 pm »
I don't like these 45 degree corners at all, which they obviously have adopted from the R&S RTB2000 series.

Corner design of R&S RTB2000 series:
https://www.rohde-schwarz.com/us/product/rtb2000-productstartpage_63493-266306.html

Corner design of Rigol MSO5000 series:
https://www.rigol.eu/products/digital-oscilloscopes/MSO5000/

Moreover the display seems not very bright and clear at all, plus the glossy level is way too much.


If anyone from Rigol USA is reading this:

1) Please don't use these 45 degree corners in future series!
These 45 degree corners are very ugly! It looks like Zorro was here with his sword to cut these corners in a swing! What's the point of this in the first place?

2) Also improve the display brightness and clarity!
Reduce the glossy or remove it completely as your oscilloscopes are Test&Measuremenet instruments for engineers and not Beauty Mirrors for women :)
As Dave Jones pointed out already in his review: The entry level DS1054Z series seems to have a better display than the MSO5000 series. How come? Did you change display vendor?

Don't adopt weird designs from the industry. Innovate with your own designs.
Don't try to be the "Apple-R&S" look a like! :)
 

Offline Fungus

  • Super Contributor
  • ***
  • Posts: 12078
  • Country: 00
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #612 on: January 11, 2019, 08:13:27 pm »
As Dave Jones pointed out already in his review: The entry level DS1054Z series seems to have a better display than the MSO5000 series. How come? Did you change display vendor?

One is a touch screen. Matte touch screens show all the fingerprints much more.
 

Offline 0xdeadbeef

  • Super Contributor
  • ***
  • Posts: 1554
  • Country: de
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #613 on: January 11, 2019, 08:23:18 pm »
One is a touch screen. Matte touch screens show all the fingerprints much more.
Actually, it's quite the opposite. I always use a matte screen protector on my smartphones and fingerprints are much less visible there compared to a glossy screen.
Trying is the first step towards failure - Homer J. Simpson
 

Offline 2N3055

  • Super Contributor
  • ***
  • Posts: 3467
  • Country: hr
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #614 on: January 11, 2019, 08:24:40 pm »

No need for speculation. 8000 is up to 2GHz model.
9000 is yet to be released up to 4GHz model.
Spoke with Rigol on Electronica. 8000 was there, looks pretty much like black 7000....

There where no DS/MSO8000 on the Electronica fair? IIRC the RSA5000 was the only black instrument at the Rigol stand apart from the MSO5000.
I was on Friday, last day.. I might have been mistaken,it was a long day..
There was 7000 (beige) and small (5000) and bigger black scope with active probe interface. Looked exactly like 7000 just black.
It was on a desk in the back near the booth wall.
I didn't take photo but here it is on Rigol photo:


 

Offline Noy

  • Frequent Contributor
  • **
  • Posts: 322
  • Country: de
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #615 on: January 11, 2019, 11:08:00 pm »
Hm, if they are building a unified bsp for all MSO series together it can be a problem for us in the future...
I think they will put much more effort in securing their high end MSO than now.
 

Offline joeyjoejoe

  • Regular Contributor
  • *
  • Posts: 226
  • Country: ca
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #616 on: January 11, 2019, 11:08:57 pm »
Let's hope not. I'm going to wait until an updated firmware drops to see if everything is still open, if so I'll buy one.
 

Offline Commodore8888

  • Contributor
  • Posts: 32
  • Country: us
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #617 on: January 12, 2019, 01:28:17 am »
anyone tried logging in with firmware version 00.01.01.02.04? Build: 2018-11-09 19:49:21

i ordered the mso5074 after reading about the "hack" on hackaday. received it an hour ago, but can't log in over the lan interface & ssh...

Thought maybe the update is only via online connection to the scope avaible and take it to home, connect LAN...
No, no firmare avaible.

I think Quix went and cracked the hash didn't he? Was real tiny. Edit:Did it in about 20mins on some really old gpx hardware w/ hashcat.

As far as firmwares,  I thought I saw someone DL one from Rigol to tweak/dismantle, but it was the original 1.2.3 correct? Guess it seems they haven't put the new one up for us.
I was admittedly a little worried about auto-update surprises in the beginning. Or the scope phoning hope to rat you out...

I know for licenses they use a website key entry followed by DL a license file (that's basically your key in a .lic). The work 7k's got the free xmas decodes bundle.

Granted, given the unfettered access we have now and the number of people playing with IDA and the firmware, I doubt Rigol will be able to keep us out consistently. Money better spent making corporate customers happy and bug fixing.


For reference/dating purposes, my 5074 showed up from TEquipment last Monday the 7th. Came with 1.2.3

Box appeared unopened and appears drop shipped the moment they got it in their West Coast warehouse.
« Last Edit: January 12, 2019, 01:44:10 am by Commodore8888 »
Mike D
 

Offline seronday

  • Regular Contributor
  • *
  • Posts: 65
  • Country: au
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #618 on: January 12, 2019, 11:36:22 pm »
I recently had a need to use the UART interface on an MSO5074 and found this to be a challenging exercise.
There were two issues:-
1.   The data out of the MSO5074 was corrupted from time to time.
2.   There was no response to commands sent to the unit.

The corrupted data out of the MSO5074 was found to be caused by varying widths of the Low going data bits in the serial data stream.
At 115200 bits/sec, the nominal bit width is 8.68us.  Some of the Low going bits from the UART interface were down to 3us width.
The over all packet timing was correct, just the width of the low going bits varied.
So depending on when the receiving equipment clocks the data in, it may see either a "0" or "1"

This was solved by feeding the data through an external Pulse stretching circuit to set the minimum bit width correctly.

The second issue of no response to commands was tracked down to an open circuit on the PCB trace from the UART interface connection point.
The Data IN to the MSO5074 goes via a series resistor. This resistor had been left off the circuit board.
Since the resistor is mounted on the back of the board, this meant completely dismantling the unit to bridge the gap on the trace.

After solving these issues, using the UART interface to talk to the MSO5074 was straight forward.
I found that "U Boot" can be easily interrupted by holding a keyboard key down from when the MSO5074 is powered ON.

**  Edit.  Added Pulse stretching Circuit. **
« Last Edit: January 14, 2019, 12:44:44 pm by seronday »
 
The following users thanked this post: egonotto, thm_w, Andrew McNamara, helmy, brainstorm, xek

Offline TopLoser

  • Supporter
  • ****
  • Posts: 1913
  • Country: fr
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #619 on: January 12, 2019, 11:39:15 pm »
This resistor had been left off the circuit board.

Accidentally now of course  ;)
 

Offline helmy

  • Contributor
  • Posts: 5
  • Country: eg
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #620 on: January 13, 2019, 04:51:43 am »
The corrupted data out of the MSO5074 was found to be caused by varying widths of the Low going data bits in the serial data stream.
At 115200 bits/sec, the nominal bit width is 8.68us.  Some of the Low going bits from the UART interface were down to 3us width.
The over all packet timing was correct, just the width of the low going bits varied.
So depending on when the receiving equipment clocks the data in, it may see either a "0" or "1"

This was solved by feeding the data through an external Pulse stretching circuit to set the minimum bit width correctly.

could you share this external Pulse stretching circuit ?

The second issue of no response to commands was tracked down to an open circuit on the PCB trace from the UART interface connection point.
The Data IN to the MSO5074 goes via a series resistor. This resistor had been left off the circuit board.
In the video #1146 Dave wasn't able to send commands to it either, but then if you where following along on this thread others have tried the UART interface and where able to use it with no problem and no mention of a missing resistor, and if you let it boot completely you should get a root shell without being asked to login, right?
 

Online Martin72

  • Super Contributor
  • ***
  • Posts: 1780
  • Country: de
  • Testfield Technician
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #621 on: January 13, 2019, 08:04:56 pm »
Hm ?

I thought, new updates will be present on the regular rigol sites…..
You got a new update ? What does the "changes" say ?

Martin

Single file, no 'changelog'
https://www.dropbox.com/s/7xhvif1n0ayrzju/DS5000Update%20prelim.GEL?dl=0

Just a few seconds before, I download the file, transfer it to a usb stick, plug it in the rigol…..
Stick will be recognized but "local upgrade" isn´t avaible…

Martin

Offline TopLoser

  • Supporter
  • ****
  • Posts: 1913
  • Country: fr
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #622 on: January 13, 2019, 08:09:48 pm »
Hm ?

I thought, new updates will be present on the regular rigol sites…..
You got a new update ? What does the "changes" say ?

Martin

Single file, no 'changelog'
https://www.dropbox.com/s/7xhvif1n0ayrzju/DS5000Update%20prelim.GEL?dl=0

Just a few seconds before, I download the file, transfer it to a usb stick, plug it in the rigol…..
Stick will be recognized but "local upgrade" isn´t avaible…

Martin

Rename the file DS5000Update.GEL

The update process only seems to recognise that file name.
 

Online Martin72

  • Super Contributor
  • ***
  • Posts: 1780
  • Country: de
  • Testfield Technician
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #623 on: January 13, 2019, 08:32:07 pm »
Yes, this works and upgrading will be done very quick.
But I can´t see any remarkable changes except the version number.
Before:


After:



Maybe the update was only for changing the "root" password
« Last Edit: January 13, 2019, 09:09:20 pm by Martin72 »
 

Offline TopLoser

  • Supporter
  • ****
  • Posts: 1913
  • Country: fr
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #624 on: January 13, 2019, 08:34:35 pm »
Yes, this works and upgrading will be done very quick.
But I can´t see any remarkable changes except the version number.
Maybe the update was only for changing the "root" password

Somebody compared the GEL contents and almost every file was changed. But nothing significant is obvious except the password change.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf