Author Topic: Hacking the Rigol MSO5000 series oscilloscopes  (Read 182824 times)

Sparky, nikolai and 8 Guests are viewing this topic.

Offline FireBird

  • Regular Contributor
  • *
  • Posts: 56
  • Country: at
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #925 on: March 07, 2019, 01:53:42 pm »
But /rigol/data only exists once, doesn't it?
Yepp.
 

Offline nerdineer

  • Newbie
  • Posts: 2
  • Country: gb
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #926 on: March 07, 2019, 03:34:51 pm »
Thanks to everyone one whos worked on hacking this scope! Been a long time lurker on this forum and this is my first post.

Got my MSO5074 scope yesterday from Lambdaphoto and had it hacked in ~30mins. Super simple!  :)

Interestingly when you use the web interface the options list shows many with the demo time.

Cheers again!
 

Offline el_man

  • Contributor
  • Posts: 8
  • Country: bg
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #927 on: March 07, 2019, 03:56:47 pm »
Initially it did not worked for me from the first time as well.
Keep pressing "SINGLE" key at the same time as you Power On.
You should see two options at the top right corner.

How long did you hold pressed the SINGLE key?  At what time the menu popup ? Do I need to release it at particular moment.

It doesn't work for me, I tried several times - my Boot: 2018.06.27

   
« Last Edit: March 07, 2019, 04:01:44 pm by el_man »
 

Offline mindy

  • Contributor
  • Posts: 15
  • Country: 00
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #928 on: March 07, 2019, 04:03:40 pm »
Initially it did not worked for me from the first time as well.
Keep pressing "SINGLE" key at the same time as you Power On.
You should see two options at the top right corner.
How long did you hold pressed the SINGLE key?  At what time the menu popup ? Do I need to release it at particular moment.
It doesn't work for me - my Boot: 2018.06.27

Press "SINGLE" button multiple times until you see additional menu items.
If progress bar is in the middle this indicates that you missed it - start over again (turn off & on).
 
The following users thanked this post: Harvs, el_man

Offline el_man

  • Contributor
  • Posts: 8
  • Country: bg
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #929 on: March 07, 2019, 04:11:34 pm »
Initially it did not worked for me from the first time as well.
Keep pressing "SINGLE" key at the same time as you Power On.
You should see two options at the top right corner.
How long did you hold pressed the SINGLE key?  At what time the menu popup ? Do I need to release it at particular moment.
It doesn't work for me - my Boot: 2018.06.27


The trick is to
Press "SINGLE" button multiple times until you see additional menu items.
If progress bar is in the middle this indicates that you missed it - start over again (turn off & on).



It works from first time  :D

The trick is to pressed it Multiple times rapidly - I was just holding it

A Big thank you!
 

Offline mabl

  • Regular Contributor
  • *
  • Posts: 100
  • Country: 00
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #930 on: March 07, 2019, 05:17:26 pm »
Interestingly when you use the web interface the options list shows many with the demo time.

Haha I was waiting for somebody to notice this. The check function exists twice, and I missed it back when I did the patch. Better luck next time  ;D
For now I  don't want to change the patch anymore, since it is well tested by now. Maybe I or somebody else will do one based on my lua package?   :popcorn:
 

Offline Martin72

  • Frequent Contributor
  • **
  • Posts: 585
  • Country: de
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #931 on: March 07, 2019, 08:13:23 pm »
Hi,
It seems, that the trial time for the options at my 5074 was running out - no decoder functions avaible, except parallel-bus ( hm? )…
So I want to try the hack.
There´s so much written here in the last days ( and so much I don´t understand), so a little summary would be nice.
What must I do to get the options, actual ?
Are there any risks, like this overshoot Thing ( which I don´t have ) ?

A short explanation would be fine .  :)

Martin
« Last Edit: March 07, 2019, 08:43:12 pm by Martin72 »
 
The following users thanked this post: misspoggy

Offline mabl

  • Regular Contributor
  • *
  • Posts: 100
  • Country: 00
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #932 on: March 07, 2019, 08:35:51 pm »
Please find a script for automatic backup of the /rigol/data directory attached. It is based on oliv3r's work, but adds status output to know things work.

EDIT: Fix to backup script to make it more reliable.
« Last Edit: March 13, 2019, 06:54:19 am by mabl »
 
The following users thanked this post: NoisyBoy, NED88, chancs, sumect

Offline mabl

  • Regular Contributor
  • *
  • Posts: 100
  • Country: 00
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #933 on: March 07, 2019, 08:48:46 pm »
Current best practice:

First: You will perform a series of upgrades. These have to be done using the help menu and the DS5000Update.GEL filename. The files you download here have a .txt extension. Remove it and rename it to the proper name. Attention, Windows might just hide the .txt extension! Make sure to properly unmount your USB drive, and that there is free space left on it (<50MB).

Now:
  • Note your current software version down. If it is older than 01.01.04.04 you will need to upgrade.
  • Backup your scope specific data such as calibration values. Get the DS5000Update_backup.GEL.txt from here. Rename to DS5000Update.GEL and put it on a USB drive. Execute an upgrade using the help menu in your scope, NOT the secret menu. You will see the scope doing a backup. Unplug the stick and make sure you have a backup in the data_backup folder on the stick.
  • If you have an older version of the firmware, download 01.01.04.04 from here. Also rename it to DS5000Update.GEL, put it on your usb drive, and upgrade.
  • Make sure you are on the 01.01.04.04 firmware in the about dialog.
  • Patch the scope to have all licenses. For that download the patch from here. Again rename and copy to usb drive. This time the upgrade might take a bit longer, it should ask you to reboot, if not something failed, but it is probably not fatal for your scope, no worries. Reboot.
  • Check that all licences are activated.
  • If you want, do an auto calibration and check that everything is still okay.

You can get temporary SSH access by executing this upgrade. The upgrade will "fail", but you will have ssh until reboot. You can use this to fix your calibration data, if truly required.
« Last Edit: March 13, 2019, 06:05:23 pm by mabl »
 
The following users thanked this post: N2tl, testmode, luma, 2N3055, joeyjoejoe, Martin72, quix, NoisyBoy, timber23, BatteryBob, chancs, sumect

Offline mabl

  • Regular Contributor
  • *
  • Posts: 100
  • Country: 00
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #934 on: March 07, 2019, 08:54:10 pm »
Are there any risks, like this overshoot Thing ( which I don´t have ) ?

The risks are minimal. As long as you have done the backup, there is always a way to get back to where you are.  The most important things is probably to use a clean USB drive and unmount it properly in your computer. Even then, most actions are with checksums and will fail before doing damage.
 
The following users thanked this post: jackenhack, joeyjoejoe, Martin72

Offline Martin72

  • Frequent Contributor
  • **
  • Posts: 585
  • Country: de
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #935 on: March 07, 2019, 09:01:44 pm »
Thank You !  :)

I already got the 01.01.04.04 Version (and wonder, why it isn´t on the webpages of rigol U.S. or europe), will try it tomorrow.
When a new FW is there and upgraded to the scope, the hack will be gone, I guess ?

Offline mabl

  • Regular Contributor
  • *
  • Posts: 100
  • Country: 00
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #936 on: March 07, 2019, 09:03:37 pm »
When a new FW is there and upgraded to the scope, the hack will be gone, I guess ?
Yes. with no trace left. Somebody will need to create a new patch then.
 
The following users thanked this post: Martin72

Offline Martin72

  • Frequent Contributor
  • **
  • Posts: 585
  • Country: de
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #937 on: March 07, 2019, 09:20:03 pm »
So it is a difference between installing the options buying - which stays forever.
It would be helpful I guess, when someone buy the option-bundle (or even one) and let the cracks having a look on it.


Offline tv84

  • Frequent Contributor
  • **
  • Posts: 929
  • Country: pt
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #938 on: March 07, 2019, 09:45:10 pm »
So it is a difference between installing the options buying - which stays forever.
It would be helpful I guess, when someone buy the option-bundle (or even one) and let the cracks having a look on it.

Of course, real licenses are the only thing that will be future-proof...

The trial licenses that everybody has are sufficient to see how they are done. The .LIC files are basically ECDSA Signatures.

Those signatures are verified with the PubKey in KEY.DATA file.
 

Offline luma

  • Regular Contributor
  • *
  • Posts: 70
  • Country: us
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #939 on: March 07, 2019, 09:51:20 pm »
Is there a good solution to have SSH enabled on each boot?
 

Offline tv84

  • Frequent Contributor
  • **
  • Posts: 929
  • Country: pt
 
The following users thanked this post: luma

Offline Martin72

  • Frequent Contributor
  • **
  • Posts: 585
  • Country: de
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #941 on: March 07, 2019, 09:55:26 pm »
Quote
Of course, real licenses are the only thing that will be future-proof...

If I buy the option-bundle, having you or other a look on it - I will get the 350Mhz and 200 Mpts for free and "ever" from you/them.

Deal ?  ;)

Seriously, I´m thinking long time about to do this and bandwith-upgrades are too expensive....

Online NoisyBoy

  • Regular Contributor
  • *
  • Posts: 169
  • Country: us
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #942 on: March 07, 2019, 09:59:30 pm »
Hi mabl,

Thank you so much for the concise summary, much appreciated (I am sure numerous others feel the same).

One quick question, does the DS5000Update_backup.GEL also backup other data other than the calibration data?  I understand some files could be lost as part of the patch (I believe the license file being one of them, is there others?), it would be nice if this backs up all the files that could be lost so we can do a full rollback/restore if needed.

Thanks in advance.

Current best practice:

  • Note your current software version down. If it is older than 01.01.04.04 you will need to upgrade.
  • Backup your scope specific data such as calibration values. Get the DS5000Update_backup.GEL.txt from here. Rename to DS5000Update.GEL and put it on a USB drive. Execute an upgrade. You will see the scope doing a backup. Unplug the stick and make sure you have a backup in the data_backup folder on the stick.
  • If you have an older version of the firmware, download 01.01.04.04 from here. Also rename it to DS5000Update.GEL, put it on your usb drive, and upgrade.
  • Make sure you are on the 01.01.04.04 firmware in the about dialog.
  • Patch the scope to have all licenses. For that download the patch from here. Again rename and copy to usb drive. This time the upgrade might take a bit longer, it should ask you to reboot, if not something failed, but it is probably not fatal for your scope, no worries. Reboot.
  • Check that all licences are activated.
  • If you want, do an auto calibration and check that everything is still okay.

You can get temporary SSH access by executing this upgrade. The upgrade will "fail", but you will have ssh until reboot. You can use this to fix your calibration data, if truly required.
 

Offline nimish

  • Regular Contributor
  • *
  • Posts: 53
  • Country: us
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #943 on: March 07, 2019, 10:04:58 pm »
So it is a difference between installing the options buying - which stays forever.
It would be helpful I guess, when someone buy the option-bundle (or even one) and let the cracks having a look on it.

Of course, real licenses are the only thing that will be future-proof...

The trial licenses that everybody has are sufficient to see how they are done. The .LIC files are basically ECDSA Signatures.

Those signatures are verified with the PubKey in KEY.DATA file.

OK, then just patch the KEY.DATA PubKey to whatever?
 

Offline mabl

  • Regular Contributor
  • *
  • Posts: 100
  • Country: 00
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #944 on: March 07, 2019, 10:09:44 pm »
One quick question, does the DS5000Update_backup.GEL also backup other data other than the calibration data?  I understand some files could be lost as part of the patch (I believe the license file being one of them, is there others?), it would be nice if this backs up all the files that could be lost so we can do a full rollback/restore if needed.

Yes it backs everything scope specific up, including licenses. Regarding loosing things, only the actual firmware upgrade has been observed messing with it, not the license patch.

OK, then just patch the KEY.DATA PubKey to whatever?

Sure, could do. "All Roads Lead to Rome". But you will loose compatibility to original keys, and that is what you initially wanted.
 
The following users thanked this post: NoisyBoy

Offline nimish

  • Regular Contributor
  • *
  • Posts: 53
  • Country: us
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #945 on: March 07, 2019, 10:10:55 pm »
One quick question, does the DS5000Update_backup.GEL also backup other data other than the calibration data?  I understand some files could be lost as part of the patch (I believe the license file being one of them, is there others?), it would be nice if this backs up all the files that could be lost so we can do a full rollback/restore if needed.

Yes it backs everything scope specific up, including licenses. Regarding loosing things, only the actual firmware upgrade has been observed messing with it, not the license patch.

OK, then just patch the KEY.DATA PubKey to whatever?

Sure, could do. "All Roads Lead to Rome". But you will loose compatibility to original keys, and that is what you initially wanted.

If we get full access do we care if KEY.DATA is replaced with a bogus pubkey that we know the privkey to? As long as you can patch it back to Rigol's keypair, all's good
 
The following users thanked this post: NoisyBoy

Offline tv84

  • Frequent Contributor
  • **
  • Posts: 929
  • Country: pt
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #946 on: March 07, 2019, 10:13:56 pm »
OK, then just patch the KEY.DATA PubKey to whatever?

A "special" whatever... ;)

it would be nice if this backs up all the files that could be lost so we can do a full rollback/restore if needed.

I've said this before:

The only thing that is necessary to backup is the /rigol/data directory. With that you can erase everything in the scope and recreate it from scratch.


Edit: This thread is so full of OT BS that people forget the essential. Remember:

https://www.eevblog.com/forum/testgear/hacking-the-rigol-mso5000-series-oscilloscopes/msg2083927/#msg2083927
« Last Edit: March 07, 2019, 10:35:19 pm by tv84 »
 
The following users thanked this post: KeBeNe, NoisyBoy

Offline nimish

  • Regular Contributor
  • *
  • Posts: 53
  • Country: us
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #947 on: March 07, 2019, 10:26:14 pm »
OK, then just patch the KEY.DATA PubKey to whatever?

A "special" whatever... ;)

Of course. Does anyone know the key algo that Rigol uses? Might be easier to just generate our own licenses after patching the firmware
 

Offline peppy88

  • Contributor
  • Posts: 45
  • Country: ua
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #948 on: March 08, 2019, 04:31:42 am »
Current best practice:

  • Note your current software version down. If it is older than 01.01.04.04 you will need to upgrade.
  • Backup your scope specific data such as calibration values. Get the DS5000Update_backup.GEL.txt from here. Rename to DS5000Update.GEL and put it on a USB drive. Execute an upgrade. You will see the scope doing a backup. Unplug the stick and make sure you have a backup in the data_backup folder on the stick.
  • If you have an older version of the firmware, download 01.01.04.04 from here. Also rename it to DS5000Update.GEL, put it on your usb drive, and upgrade.
  • Make sure you are on the 01.01.04.04 firmware in the about dialog.
  • Patch the scope to have all licenses. For that download the patch from here. Again rename and copy to usb drive. This time the upgrade might take a bit longer, it should ask you to reboot, if not something failed, but it is probably not fatal for your scope, no worries. Reboot.
  • Check that all licences are activated.
  • If you want, do an auto calibration and check that everything is still okay.

You can get temporary SSH access by executing this upgrade. The upgrade will "fail", but you will have ssh until reboot. You can use this to fix your calibration data, if truly required.

Ive upgraded to the newest firmware but when I upload the patch (with renaming) scope says fail to update please check package
 

Offline Kean

  • Supporter
  • ****
  • Posts: 922
  • Country: au
  • Embedded systems & IT consultant
    • Kean Electronics
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #949 on: March 08, 2019, 04:36:07 am »
Current best practice:

  • Note your current software version down. If it is older than 01.01.04.04 you will need to upgrade.
  • Backup your scope specific data such as calibration values. Get the DS5000Update_backup.GEL.txt from here. Rename to DS5000Update.GEL and put it on a USB drive. Execute an upgrade. You will see the scope doing a backup. Unplug the stick and make sure you have a backup in the data_backup folder on the stick.
  • If you have an older version of the firmware, download 01.01.04.04 from here. Also rename it to DS5000Update.GEL, put it on your usb drive, and upgrade.
  • Make sure you are on the 01.01.04.04 firmware in the about dialog.
  • Patch the scope to have all licenses. For that download the patch from here. Again rename and copy to usb drive. This time the upgrade might take a bit longer, it should ask you to reboot, if not something failed, but it is probably not fatal for your scope, no worries. Reboot.
  • Check that all licences are activated.
  • If you want, do an auto calibration and check that everything is still okay.

You can get temporary SSH access by executing this upgrade. The upgrade will "fail", but you will have ssh until reboot. You can use this to fix your calibration data, if truly required.

Ive upgraded to the newest firmware but when I upload the patch (with renaming) scope says fail to update please check package

Did you read the last sentence? (highlighted)
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf