Author Topic: Hacking the Rigol MSO5000 series oscilloscopes  (Read 901386 times)

reztek and 7 Guests are viewing this topic.

Offline Noy

  • Frequent Contributor
  • **
  • Posts: 361
  • Country: de
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #650 on: January 23, 2019, 07:15:26 am »
Add a Bode Plot function...  8)

Find out how the "original" licence management works, maybe we can add "own" licences.

If the -fullopt will be closed with the next update...
 

Offline mrpackethead

  • Super Contributor
  • ***
  • Posts: 2845
  • Country: nz
  • D Size Cell
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #651 on: January 23, 2019, 07:35:10 am »
It would be interesting to be able to develop new software features for it.  Maybe even fix the bugs.
On a quest to find increasingly complicated ways to blink things
 

Online Fungus

  • Super Contributor
  • ***
  • Posts: 16560
  • Country: 00
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #652 on: January 23, 2019, 07:36:23 am »
If the -fullopt will be closed with the next update...

Then it will be interesting again (for a few hours).
 

Offline 2N3055

  • Super Contributor
  • ***
  • Posts: 6447
  • Country: hr
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #653 on: January 23, 2019, 07:44:08 am »
Probably digging into it and finding undocumented stuff. E.g. how have they implemented the protocol decoders. As they are done in the screen buffer it likely means others can be added.
They are not done in screen buffer. They are decoded mostly in FPGA over whole acquisition buffer.
And as it is, it has more decodes than  R&S 2000 series, Keysight 2000 series,  Lecroy Wavesurfer 3000 series...
They are missing CAN FD from what I can see and decode I could think of as being useful that it doesn't have would be parametric Manchester/NRZ decode.
That would put them in a class with some 10000 USD scopes as far as decoding goes.
One more thing that would be nice would be FRA, it has siggen built in. I thing Rigol might even make that one eventually, since everybody else seem to have one..

New Rigol 5000/7000 series is not missing any significant features. And aside it being new and in need of debugging (which they will eventually do and it will be fine), I don't like how they missed opportunity to make new U/I that would be more like Lecroy or R/S, to better utilize screen.  Despite all analog scope nostalgia, new digital scopes are computers, and need to have proper computer U/I to be able to handle vast complexity of it's analytic functions they have. For instance, instead of splitting screen for decode function, they slap small window in the middle of the screen with decoded packets. Zoom windows cannot be resized... Stuff like that.  You really need to try to use R/S 2000/3000/4000 to see how much better they use the screen. Even old Keysight 3000 series manages to put more info on 8.5" screen than Rigol on 10".
 

Offline mrpackethead

  • Super Contributor
  • ***
  • Posts: 2845
  • Country: nz
  • D Size Cell
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #654 on: January 23, 2019, 10:16:44 am »
If the -fullopt will be closed with the next update...

Then it will be interesting again (for a few hours).

12-18 at most?   You might be able to use the hack that rgwan  claimed to have found. ( still nothing to verify ).. I think they did a modificaiton of the binarys, which returns the licence status.
On a quest to find increasingly complicated ways to blink things
 

Online tv84

  • Super Contributor
  • ***
  • Posts: 3212
  • Country: pt
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #655 on: January 23, 2019, 11:37:46 am »
rgwan claimed a KG. With a KG you don't need to do anything more (regarding future updates). Unless it's not a true KG...
 

Offline Martin72

  • Super Contributor
  • ***
  • Posts: 5670
  • Country: de
  • Testfield Technician
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #656 on: January 23, 2019, 10:01:21 pm »
New Rigol 5000/7000 series is not missing any significant features. And aside it being new and in need of debugging (which they will eventually do and it will be fine)

I know they do it..

Offline oliv3r

  • Frequent Contributor
  • **
  • Posts: 279
  • Country: nl
    • Rigol related stuff!
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #657 on: January 26, 2019, 12:28:06 pm »
Hi all! Long-time reader, first-time poster. When I read the MSO5000 had a trivially-accessible Linux shell, I pulled the trigger and now have a nice MSO5074 on my desk. Thought I would also add something to the hacking community, although it's quite trite.

So, there's an ancient rule on the Internet that whenever something runs Linux and is hacked, it shall be made to run Doom. I noticed that the fine community of MSO5000 hackers has up till now flagrantly disregarded this rule, so I decided to correct that. I present to you: Doom running on a MSO5000 oscilloscope:



If you want to try this yourself (or look at the sources), feel free to take a gander in the Github repo. It's more-or-less a straight port of prboom, with some hacks in order to support the weird framebuffer hardware the scope has, and to interface with the front panel.
Aww, you took that slice of cheese from my sandwitch :p
I'm supprised that you managed to get a MSo5074 allready, they are sold out everywhere; so while I have bits and pieces ready, couldn't do this just yet :( and it's kinda hard without a scope :p

But you are absolutly right; and it runs doom as it should!

Online Fungus

  • Super Contributor
  • ***
  • Posts: 16560
  • Country: 00
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #658 on: January 26, 2019, 12:39:41 pm »
But you are absolutly right; and it runs doom as it should!

Good frame rate, too.
 

Online Fungus

  • Super Contributor
  • ***
  • Posts: 16560
  • Country: 00
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #659 on: January 26, 2019, 03:18:26 pm »
I've mentioned it before but nobody answered: Why does this thing take so long to boot? A whole minute seems ridiculous.

a) Is this time typical of this sort of Xilinx/Linux system or just somebody at Rigol being lazy?
b) Could it be improved?
 

Online mikeselectricstuff

  • Super Contributor
  • ***
  • Posts: 13695
  • Country: gb
    • Mike's Electric Stuff
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #660 on: January 26, 2019, 04:38:52 pm »
I've mentioned it before but nobody answered: Why does this thing take so long to boot? A whole minute seems ridiculous.

a) Is this time typical of this sort of Xilinx/Linux system or just somebody at Rigol being lazy?
b) Could it be improved?
I doubt Rigol have enough knowledge of the OS to be able to optimise boot time, or at least were prioritising the scope functionality
Youtube channel:Taking wierd stuff apart. Very apart.
Mike's Electric Stuff: High voltage, vintage electronics etc.
Day Job: Mostly LEDs
 
The following users thanked this post: mrpackethead

Offline Martin72

  • Super Contributor
  • ***
  • Posts: 5670
  • Country: de
  • Testfield Technician
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #661 on: January 26, 2019, 05:13:47 pm »
Quote
A whole minute seems ridiculous.

Owner of a lecroy ws-422/4 would be happy if they have only one minute to wait... 8)

Offline filssavi

  • Frequent Contributor
  • **
  • Posts: 433
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #662 on: January 26, 2019, 06:31:01 pm »
I've mentioned it before but nobody answered: Why does this thing take so long to boot? A whole minute seems ridiculous.

a) Is this time typical of this sort of Xilinx/Linux system or just somebody at Rigol being lazy?
b) Could it be improved?

A) probably yes
B) of course

The standard yocto/petalinux is quite slow to boot since it is not optimised for boot speed you can cut down the boot time to shell from ~10s  to  ~2 by just turning off delaying dhcp initialization, Ubuntu (so a full blown desktop gui distro) boots in 5/10~ from a typical sad and it can be optimised further
 

Offline 2N3055

  • Super Contributor
  • ***
  • Posts: 6447
  • Country: hr
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #663 on: January 26, 2019, 07:26:33 pm »
My 2 cents..
15000 USD Keysight MSOX3104 boots in 58 seconds....

Also why is everybody talking how fast it takes Linux to boot?
Linux is only part of equation. You need comprehensive self test of all other stuff that is in scope (as opposed to just OS boot on a computer), and you need to also load code in FPGA-s and self test that too.

Fast boot time is nice but not an issue... You switch it on, and by the time you grab probes and connect you're there.
If they manage to optimize it later, fine, if not it is not a problem. There are real bugs and usability improvements that need to addressed first.
 
The following users thanked this post: tv84

Offline bitwelder

  • Frequent Contributor
  • **
  • Posts: 964
  • Country: fi
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #664 on: January 26, 2019, 10:26:40 pm »
I doubt Rigol have enough knowledge of the OS to be able to optimise boot time, or at least were prioritising the scope functionality
Sometimes I wonder if Rigol let the 'hack' leak so that somebody else can improve their scope at no R&D cost.
 

Online Fungus

  • Super Contributor
  • ***
  • Posts: 16560
  • Country: 00
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #665 on: January 26, 2019, 11:48:21 pm »
I doubt Rigol have enough knowledge of the OS to be able to optimise boot time, or at least were prioritising the scope functionality
Sometimes I wonder if Rigol let the 'hack' leak so that somebody else can improve their scope at no R&D cost.

If you got the 'scope for $999 then you aren't being ripped off even if you do a little bit of work for Rigol.  :D
 

Offline Bud

  • Super Contributor
  • ***
  • Posts: 6877
  • Country: ca
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #666 on: January 27, 2019, 05:22:20 am »
I doubt Rigol have enough knowledge of the OS to be able to optimise boot time, or at least were prioritising the scope functionality
Sometimes I wonder if Rigol let the 'hack' leak so that somebody else can improve their scope at no R&D cost.
The idea of an intended hack or leak is fundamentally stupid. How do you think it is practically implemented? This is a fair size company with directors, top and mid managers, bunch of departments, documentation, legal, development, marketing, etc. I imagine the board of directors in a meeting and Mr.Woo saying why don't we create a hack or leak. You Mr. Boo take care of communicating the hackable instrument strategy to the engineering department and make sure every engineer follows it. You Mr. Noo make sure proper documentation gets build on the hack feature. You Mr. Doo get your sockpuppet team deployed to the major electronics forums to strategically leak information according to the plan Mr.Zoo will create.  And make goddamn sure our hole dont accidentally become patched with the next firmware update. You Mr.Foo is responsible for regression testing to make sure this is not happen.

Is this how hack leaks are operationalized at rigol?
Facebook-free life and Rigol-free shack.
 

Offline mrpackethead

  • Super Contributor
  • ***
  • Posts: 2845
  • Country: nz
  • D Size Cell
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #667 on: January 27, 2019, 09:14:20 am »
TEquipment now has over 80 MSO5074 units on order. We are working our best to fulfill orders on a first come, first serve basis. We would suggest placing your pre-order now to get in line, as they will be shipped on a first come, first serve basis.
We currently have the following models in stock if anyone wants something more immediate, please see here: https://www.screencast.com/t/huJDkWJKtIk
If we can help to answer any more detailed questions, please do not hesitate to contact us: salesteam@tequipment.net or direct by phone: 1-877-571-7901

Thank you for all of your patronage and support,

The TEquipment Team

Guessing the 5074 is outselling the other models.  TEquipment could you tell us if Rigol accidently left their devices very insecure or was it deliberate?
On a quest to find increasingly complicated ways to blink things
 

Offline Romain

  • Regular Contributor
  • *
  • Posts: 72
  • Country: fr
  • HW & SW consultant
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #668 on: January 27, 2019, 09:18:50 am »
TEquipment now has over 80 MSO5074 units on order. We are working our best to fulfill orders on a first come, first serve basis. We would suggest placing your pre-order now to get in line, as they will be shipped on a first come, first serve basis.
We currently have the following models in stock if anyone wants something more immediate, please see here: https://www.screencast.com/t/huJDkWJKtIk
If we can help to answer any more detailed questions, please do not hesitate to contact us: salesteam@tequipment.net or direct by phone: 1-877-571-7901

Thank you for all of your patronage and support,

The TEquipment Team

Guessing the 5074 is outselling the other models.  TEquipment could you tell us if Rigol accidently left their devices very insecure or was it deliberate?
Asking the question would satiate our curiosity (if we ever get a response from Rigol) but it may lead them to think that it's not just a bunch of geeks in their garage hacking their scopes anymore...
They may start tackling this if they  consider that it hinders the sales of their more expensive models...

Sent from my SM-G930F using Tapatalk

 

Online Fungus

  • Super Contributor
  • ***
  • Posts: 16560
  • Country: 00
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #669 on: January 27, 2019, 11:53:21 am »
Guessing the 5074 is outselling the other models.  TEquipment could you tell us if Rigol accidently left their devices very insecure or was it deliberate?

What do you want? A definitive statement from the head of Rigol?  :-//

 
The following users thanked this post: Kean

Offline 2N3055

  • Super Contributor
  • ***
  • Posts: 6447
  • Country: hr
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #670 on: January 27, 2019, 12:44:26 pm »
People are unhappy that they can buy scope for very little money (compared to what it used to be) that can be hacked to full specs.
And also feel a need to insult people who are making it.....  :-//

There are many wrong statements here used by those unhappy people.

Making a secure scope (OS, device, whatever) takes effort.

If you just take Linux distro and load it to a scope (like they did) it will not be secure. 
So it's not that they are stupid, they are not, and being a rather big company by now, they could have hired ANY security consultant for anywhere in the world if they didn't have a staff on board.

Securing things is expensive and not only once, but whole platform needs to be maintained in different workflow once you go that route.
Also they know that even top notch protection is breakable once there is enough will to spend time on it.

So they make it such that you have some basic licensing mechanism and that's it. Companies will buy legal options (they are exposed to all kinds of auditing, liability and traceability) and hobbyists will buy it for hackability and unlock it. It generates sales. 
It is not that they are stupid, or don't know how to do it. Or they do this as some elaborate plan. They simply didn't want to spend more money to develop something that will generate less sales later.

Option bundle for RTB2000 costs € 1,190.- net (no VAT).

You can buy MSO5074 + Logic probe for that money and unlock all features.
For a hobbyist no need to think much...
 
The following users thanked this post: tv84

Online Fungus

  • Super Contributor
  • ***
  • Posts: 16560
  • Country: 00
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #671 on: January 27, 2019, 01:38:38 pm »
If you just take Linux distro and load it to a scope (like they did) it will not be secure. 

Securing Linux isn't difficult. If it was then half the web servers in the world would be hacked.

So it's not that they are stupid, they are not, and being a rather big company by now, they could have hired ANY security consultant for anywhere in the world if they didn't have a staff on board.

Or .... maybe it's deliberate!

They're probably still making $250+ on each one and they're flying off the shelves. Most places have no stock.

If it wasn't hackable then those naughty hackers would probably be buying Siglents instead (the SDS1204X-E is cheaper than a Rigol MSO5072 and is better, a hacked 1104X-E even more so!) so it will be difficult to make a case that the hacking is bad for Rigol. $250 is infinitely better than nothing at all.

PS: Has anybody done a BOM on one of these? Case, screen and knobs is probably $125, PSU $25, PCB $10, How much do those Xilinx and RAM chips cost? Can the thing be built for $300?

Securing things is expensive and not only once, but whole platform needs to be maintained in different workflow once you go that route.
Also they know that even top notch protection is breakable once there is enough will to spend time on it.

They don't have to make it 100% secure, they just have to make it so you have to at least open it up and solder JTAG wires to the PCB to reprogram it (or whatever). That would reduce hacking massively and could probably be done with a couple of morning's work.

Problem? Hackers would buy easily-hackable Siglents instead.
« Last Edit: January 27, 2019, 01:43:22 pm by Fungus »
 
The following users thanked this post: theirishscion

Online voltsandjolts

  • Supporter
  • ****
  • Posts: 2281
  • Country: gb
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #672 on: January 27, 2019, 01:43:55 pm »
Securing Linux isn't difficult. If it was then half the web servers in the world would be hacked.

That's not a valid comparision.
With the scope you have full fw binary and hardware access.
In comparison, securing a remote web server is a walk in the park.
 

Offline supercilious

  • Contributor
  • Posts: 41
  • Country: gb
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #673 on: January 27, 2019, 01:46:06 pm »
Securing Linux isn't difficult. If it was then half the web servers in the world would be hacked.
Securing Linux (or anything) against physical access to the machine is HARD - to the point of being damn near impossible.

The best one can hope for is that the "cost" of hacking it is high enough that its not worth doing.
 
The following users thanked this post: tv84

Offline Rerouter

  • Super Contributor
  • ***
  • Posts: 4694
  • Country: au
  • Question Everything... Except This Statement
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #674 on: January 27, 2019, 02:19:17 pm »
physical access is literally impossible to secure against, as if you deal with any external device or interface, you expose yourself, and all it takes is 1 corner case the designers didn't think of out of millions of possible attacks, and they are in, even if they are still trapped in userland, once there in, they have a wider attack surface and can keep driving the wedge forward.

E.g. a router I just got from a certain ISP will default into the root account of the UI if you give it a username of unicode zero width spaces. Its not null, and its not ascii whitespace, but later it gets stripped back to be an empty string, so it ends up getting into a part of the code that it wasn't meant to and I get access to more than I should.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf