Author Topic: Hacking the Rigol MSO5000 series oscilloscopes  (Read 1072449 times)

Expodermius and 9 Guests are viewing this topic.

Offline Martin72

  • Super Contributor
  • ***
  • Posts: 6089
  • Country: de
  • Testfield Technician

Offline Urzov

  • Newbie
  • Posts: 9
  • Country: ua
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1351 on: October 09, 2019, 04:10:11 pm »
Hello again to everyone. It seems that something is not right ... After connecting via LAN cable, with the PuTTY program (Windows 10 installed), after entering "root" it writes to enter the password, but does not respond to typing, only to Enter. At the same time, it says "Access denitd" after 5 presses "Enter" is buggy ... I did a reset at startup ... It does not help! Maybe something I'm doing wrong? Thank you very much!
« Last Edit: October 09, 2019, 04:46:18 pm by Urzov »
 

Offline Martin72

  • Super Contributor
  • ***
  • Posts: 6089
  • Country: de
  • Testfield Technician
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1352 on: October 09, 2019, 04:19:41 pm »
Hi,

Did you follow the instructions from the post I´ve linked here before ?

Offline Urzov

  • Newbie
  • Posts: 9
  • Country: ua
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1353 on: October 09, 2019, 05:00:44 pm »
I did everything on points! Updated to version “8”, rebooted (turned it off and on), erased the update from USB, wrote the file to enable SSH, turned on SSH, connected the cable to the PC, launched PuTTY with the address, ... But it doesn’t enter the password!
 

Offline PA0PBZ

  • Super Contributor
  • ***
  • Posts: 5147
  • Country: nl
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1354 on: October 09, 2019, 05:07:01 pm »
after entering "root" it writes to enter the password, but does not respond to typing, only to Enter.

Passwords are (almost) always hidden, so just type the password and hit enter.
Keyboard error: Press F1 to continue.
 

Offline Urzov

  • Newbie
  • Posts: 9
  • Country: ua
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1355 on: October 09, 2019, 06:39:54 pm »
Oh .. It turned out with a password! But he can not find either: "cp / rigol / appEntry / media / sda1 /" nor: "cd / media / sda1" I think and more ...   :-[ What can I do? Thank!
« Last Edit: October 09, 2019, 06:45:08 pm by Urzov »
 

Offline TK

  • Super Contributor
  • ***
  • Posts: 1722
  • Country: us
  • I am a Systems Analyst who plays with Electronics
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1356 on: October 09, 2019, 06:45:34 pm »
Oh .. It turned out with a password! But he can not find either: "cp / rigol / appEntry / media / sda1 /" nor: "cd / media / sda1" I think and more ...   :-[ What can I do? Thank!
You are doing it wrong... there must be a space after cp.
« Last Edit: October 09, 2019, 06:55:44 pm by TK »
 

Offline Urzov

  • Newbie
  • Posts: 9
  • Country: ua
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1357 on: October 09, 2019, 07:11:07 pm »
Thank you, I realized it! But it is not clear in "Step 7". Do you need to register the path to the USB drive to create a "bspatch" file in it? Can you please for more details. Thank!
 

Offline TK

  • Super Contributor
  • ***
  • Posts: 1722
  • Country: us
  • I am a Systems Analyst who plays with Electronics
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1358 on: October 09, 2019, 07:14:49 pm »
Thank you, I realized it! But it is not clear in "Step 7". Do you need to register the path to the USB drive to create a "bspatch" file in it? Can you please for more details. Thank!
Every file involved in the bspatch execution must be located in the same directory... I assume appEntry is in your USB drive, so yes... change directory to the USB drive where all the files are located before executing bspatch.
 

Offline tv84

  • Super Contributor
  • ***
  • Posts: 3251
  • Country: pt
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1359 on: October 09, 2019, 07:40:51 pm »
Learning linux commands in a scope's shell is not the best scenario...
 
The following users thanked this post: ve2mrx, Martin72, Pizzalover, Fluffhamster

Offline Martin72

  • Super Contributor
  • ***
  • Posts: 6089
  • Country: de
  • Testfield Technician
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1360 on: October 09, 2019, 07:42:11 pm »
 ;D


Offline Urzov

  • Newbie
  • Posts: 9
  • Country: ua
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1361 on: October 09, 2019, 07:55:08 pm »
I don’t understand "Step 7" ... How to copy "bspatch" to the root of the USB drive. How to set the address on a USB drive so that it creates a “bspatch” file in it How do I understand after creating a “bspatch” file it needs to be renamed to “appEntry”? Confused ... Thanks!
 

Offline TK

  • Super Contributor
  • ***
  • Posts: 1722
  • Country: us
  • I am a Systems Analyst who plays with Electronics
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1362 on: October 09, 2019, 09:40:00 pm »
bspatch is the linux/unix command you need to execute on the appEntry application you copied from your scope to the USB drive. 

It is a "Binary patch" tool.  You apply it to the original appEntry using the file that contains the information on what to patch, then you copy the resulted appEntry file back to the scope.
 

Offline mabl

  • Regular Contributor
  • *
  • Posts: 122
  • Country: 00
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1363 on: October 10, 2019, 04:12:45 am »
Oh, shit, I saw the same for-ever-boot-screen as Antlanpz, but the trick with pressing "single" with the original firmware (01.01.04.04) from Rigol on USB-stick failed? Are there any other suggestions to restore to factory default?

You should not need to do manual patching if you want to apply a bspatch. You can use my automatic patcher to apply any patch you want. You will have to provide the proper checksums, which will be checked and the patch only applied if everything worked.

I want to again point out, that manual patching, such as described by Angus and others is not required. Especially, if you know what to patch, have the MD5 sums of the binary before and after patch. Just use my new patcher firmware and create a proper configuration file containing the file name of the bspatch file, and the two md5 sums before and after patch. It works with any firmware, does not require SSH and is pretty safe.  Especially, if you have never interacted with Linux on a shell only.
 

Offline Urzov

  • Newbie
  • Posts: 9
  • Country: ua
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1364 on: October 10, 2019, 04:49:05 pm »
Hello! I saved the file (appEntry) to the USB drive with the command: "cp / rigol / appEntry / media / sda1 /". I'm trying through Ubuntu with the files "appEntry" and "appEntry_01_01_04_08.bpatch" to create "appEntryPatched". But "bspatch" does not work, nor how it doesn’t work, it isn’t anywhere ... Does anyone have a working "bspatch" utility? Thank you very much!
 

Online NoisyBoy

  • Frequent Contributor
  • **
  • Posts: 503
  • Country: us
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1365 on: October 10, 2019, 05:26:57 pm »
You really should pay attention to what mabl has to say, it will save you a lot of headache if you are having trouble with the process.  He has spent a lot of time to create tools to help the less experienced owners to avoid the exact challenges you are facing.
 
The following users thanked this post: thm_w, Pizzalover, Fluffhamster

Offline Urzov

  • Newbie
  • Posts: 9
  • Country: ua
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1366 on: October 10, 2019, 05:46:51 pm »
Good! I'll try as Mabl suggests. There are questions: where to get "name_of_patch.bpatch" What is it? The file: appEntry is mentioned in the patch.txt file. File "appEntry" to take the one that created the command "cp / rigol / appEntry / media / sda1 /" Thank you!
« Last Edit: October 10, 2019, 06:18:13 pm by Urzov »
 

Offline mabl

  • Regular Contributor
  • *
  • Posts: 122
  • Country: 00
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1367 on: October 10, 2019, 06:28:37 pm »
  • file_to_patch - do not change, since  /rigol/appEntry is the file you want to patch. No need to put appEntry on the USB
  • file_to_patch_md5sum - do not change, if you want to patch firmware version 01.01.04.08 and  its appEntry
  • patch_file - change value to the name of your patch file and put this patch file on USB
  • after_patch_md5sum - change to value to the expected checksum after  patch_file was applied to file_to_patch.
« Last Edit: October 10, 2019, 06:43:46 pm by mabl »
 

Offline texaspyro

  • Super Contributor
  • ***
  • Posts: 1407
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1368 on: October 11, 2019, 01:52:41 am »
  • after_patch_md5sum - change to value to the expected checksum after  patch_file was applied to file_to_patch.

Where/how does one come up with this checksum?
 

Offline Urzov

  • Newbie
  • Posts: 9
  • Country: ua
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1369 on: October 11, 2019, 05:10:19 am »
Hello everybody. Same question! Is it possible not to apply a checksum? Should there be only 2 files on a USB drive? (renamed "patch_file" and "patch.txt") and "DS5000Update.GEL" is not needed on a USB drive?
Need help! I don’t feel like buying another MSO5072 and torturing him too...  :-[  Thank you!
 

Offline NED88

  • Newbie
  • Posts: 9
  • Country: gb
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1370 on: October 11, 2019, 11:35:38 am »
  • after_patch_md5sum - change to value to the expected checksum after  patch_file was applied to file_to_patch.

Where/how does one come up with this checksum?


The expected md5 checksum is quoted here:  https://www.eevblog.com/forum/testgear/hacking-the-rigol-mso5000-series-oscilloscopes/msg2620701/#msg2620701  and the md5 checksum for the original file is generated with this command:  md5 -q appEntry (using a Unix/Linux/Mac terminal).  To check the md5 checksum of the patched file,  run:  echo "3f95cb3236b47826e303de960596f966  appEntry" | md5sum -c from the scope once you've ssh'd into it from Unix.
 

Offline seronday

  • Regular Contributor
  • *
  • Posts: 93
  • Country: au
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1371 on: October 12, 2019, 09:41:26 pm »
It is also possible to generate the MD5 checksum in windows, as delfinom pointed out in this message


Also instead of running strange third party software to compute a md5sum of a file on windows just do
  CertUtil -hashfile appEntry MD5
in a command window
 

Offline Xtremexp

  • Regular Contributor
  • *
  • Posts: 84
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1372 on: October 12, 2019, 09:58:02 pm »
Or you can use hxd hex editor to find the md5 hash
 

Offline mabl

  • Regular Contributor
  • *
  • Posts: 122
  • Country: 00
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1373 on: October 14, 2019, 09:05:39 am »
It is also possible to generate the MD5 checksum in windows, as delfinom pointed out in this message


Also instead of running strange third party software to compute a md5sum of a file on windows just do
  CertUtil -hashfile appEntry MD5
in a command window

Or you can use hxd hex editor to find the md5 hash

The md5 checksum after patching is usually not available to the user, since the patched file is only on the scope. The md5 should be given together with the patch file. Note that if the md5 does not match, my patcher will output the mismatch checksum values.
 

Offline nelson_mendes

  • Newbie
  • Posts: 3
  • Country: pt
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1374 on: October 14, 2019, 09:16:40 pm »
Hello everyone!

I've been following this topic quite often but never broke the ice to present myself, so here it goes...

I'm Nelson, Portuguese and currently living in Sweden.

Owning a Rigol 5072 since some time, I was able to unlock was able to unlock its features thanks to the hard worked information from this topic.
So, a special thank you to Mabi, TV84, NED88 and so many others that made it possible...

The latest firmware got my interest due to fix the overshoot in the 4 channels, something that also seen in my scope in channels 3 and 4.

Being ungodly unblessed with any kind of hacking skills, I tried my best to follow the instructions given to other members and attached You can see what I got.


When I tried to patch the scope 04.08 using Mabi's autopatcher I got the MD5sum error and a whole different MD5sum and at this moment I'm feeling quite lost.
It was only today that I got SSH working (using Putty in windows 10 didn't work for me) and I'm strugling to basically do what needs to be done.

I generated the bpatch file over the firmware file and got a wrong md5sum while atempting to patch the scope.
I also generated the bpatch file over the app_Entry file copied by SSH and tried atempted to patch the scope, but again wrong md5.

Could someone please help?
I really don't have a notion about what I'm doing wrong...

Thank you all.

//Nelson





 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf