Author Topic: Hacking the Rigol MSO5000 series oscilloscopes  (Read 392608 times)

0 Members and 5 Guests are viewing this topic.

Offline Sergey Astakhov

  • Contributor
  • Posts: 7
  • Country: ru
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1925 on: December 19, 2020, 11:42:35 pm »
So it´s still a problem when updating to a newer firmware, all the hacks are gone ?
There´s no keygen avaible, generating "true" license keys ?

Yep, still no keygen, only by patching.
 

Offline Martin72

  • Super Contributor
  • ***
  • Posts: 1789
  • Country: de
  • Testfield Technician
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1926 on: December 19, 2020, 11:57:27 pm »
Hm-Hm....
I´ve owned the rigol over a year, bought it in Nov. 2018.
And got a close conversation to the rigol support in that time.
Finally they thanked me for it in form as they giving me the full options license key for free.. 8)
This key and what it does I´ve send to a member here.
And it doesn´t have an impact on the hacking thing here since ?
Interesting...


Offline x-tro

  • Newbie
  • Posts: 1
  • Country: pl
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1927 on: December 20, 2020, 08:44:45 am »
Guys, outstanding work!

I have MSO5104 with MSO5000(ARM)Update v00.01.03.00.01 with 2020-03-30 build. Does anyone have patch for this or maybe somebody can share May update with me ?

ps.
March MSO5000(ARM)Update v00.01.03.00.01 GEL MD5: C85C5F4A64A8C9D435B589835225D527
March appEntry MD5: 2EFA4605B83BF1AF48BF6736BFAE3255

best regards
X-Tro
 

Offline omgoleus

  • Contributor
  • Posts: 13
  • Country: us
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1928 on: December 29, 2020, 06:47:08 am »
Hello I have the MSO5074 (70MHz) which I purchased a little over one year ago and through this forum I was able to get all the options and features, 350MHz and all other options.  However they have now added a new Bode plotter feature with the latest firmware (V00.01.03.00.01 released on April of 2019) My current version installed version is V00.01.01.04.04.  I imagine that if I tried to update to the latest I would lose my previous hack and end-up with a lot of missing features and options but my real worry is if you do an update to their latest firmware release, is there any way to go back to what I had (my hacked firmware)??? or will it totally lock me out?  Any answers or suggestions to this dilemma would be greatly appreciated.
Thank you so much!

Go ahead and update to the newest firmware from April 2019, and then install the patch as per the instructions that have worked out over the course of this thread. If you go back about 20 messages from here, my message has a summary of what others worked out, which is focused strictly on the newest version. Then you will have the bode plotting and the unlock!

The procedure is easy enough, you will just need to download the firmware onto a USB key to update, and then erase that and put the patcher and patch file on the USB key to patch. Thanks to mabl and others it’s really very smooth.

 

Offline rogersstuart

  • Contributor
  • Posts: 20
  • Country: us
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1929 on: December 30, 2020, 09:44:34 am »
Does the print function work for anyone? I upgraded to the latest firmware and applied a patch from a post that said it's supposed to stop the scope from "phoning home." Networking does work. I can access the scope through my browser. But when I try to print to my LaserJet the scope always says "Printer Busy."
 

Offline zzzox

  • Newbie
  • Posts: 1
  • Country: ru
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1930 on: December 31, 2020, 05:04:21 am »
Hi

My scope : MSO5072   01.03.00.01   hw 01.01.000 2018.06.27 2020-05-18
Omgoleus files worked.All option is unlocked forever.
Simply local upgrade from flash drive.(Kingston Data Traveler 100 G3 32GB Fat32).

MSO5000 with all option is great  oscilloscope.

Thanks to Dave and everyone on the forum  :)

B.R.
 
The following users thanked this post: whatisthis

Offline luky315

  • Regular Contributor
  • *
  • Posts: 144
  • Country: at
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1931 on: January 02, 2021, 11:12:36 am »
I find still interesting that a lot of people are installing a script "from the internet" without any idea what this script is changing or how.
 

Online tv84

  • Super Contributor
  • ***
  • Posts: 2185
  • Country: pt
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1932 on: January 02, 2021, 12:41:36 pm »
I find still interesting that a lot of people are installing a script "from the internet" without any idea what this script is changing or how.

See the definition here.

Did you create your own software? BTW, with tools "from the internet"?
 

Offline Cerebus

  • Super Contributor
  • ***
  • Posts: 7338
  • Country: gb
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1933 on: January 02, 2021, 02:16:49 pm »
I find still interesting that a lot of people are installing a script "from the internet" without any idea what this script is changing or how.

Many people are driving "cars from a garage" while being blissfully ignorant of the operation of internal combustion engines. Not everybody knows, or even wants to know, or is capable of knowing, the exact internal workings of everything they use. There are risks in that ignorance at all levels and there are opportunity costs in acquiring the knowledge to make any action relatively risk free. Between the two extreme states, people make trade-offs.
Anybody got a syringe I can use to squeeze the magic smoke back into this?
 

Offline nh90wxr

  • Newbie
  • Posts: 1
  • Country: de
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1934 on: January 13, 2021, 09:48:12 am »
After heavy struggling the last days I have got success at the end, but only when I re-installed the already available fw 00.01.03.00.01 into my MSO5074, which I freshly received in the cw 1/2021. The fw in the item with build date 2020-05-18 (e.g. missing sshd) did not accept the 1301 patch - see picture with error message. But re-installed fw with the same version number 00.01.03.00.01 as prerequisite , taken from rigolna.com with build date 2020-03-30, made the significant difference to my approach. I would like to thank all contributors and their effort for making this nice enhancement to my item happen.  8)
« Last Edit: January 13, 2021, 09:50:24 am by nh90wxr »
 
The following users thanked this post: mjanez

Offline PT_Dreamer

  • Contributor
  • Posts: 40
  • Country: pt
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1935 on: January 13, 2021, 11:18:31 am »
Hi, just wanted to thank all the work put into this "tune".
I was able to shift some bits to the MSO7024 firmware and got all the "Forevers".
No overshoots, in fact it is shooting just fine as the attached image shows.
I wasn't able to use the patchFinder script (it didn't find the appropriate sections) so I used IDA and the previous posted patches to find the required modifications.
I also changed the bootscreen but had to use mtd3 instead of mtd7 (probably depends on the current shadow image being used).
It is a shame about all the OT though, an "Hide all the BS button" would make things much less painful.

Cheers,
José 
 
The following users thanked this post: thm_w

Offline luky315

  • Regular Contributor
  • *
  • Posts: 144
  • Country: at
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1936 on: January 13, 2021, 11:30:28 am »
That's amazing, could you please share your work?
 

Offline PT_Dreamer

  • Contributor
  • Posts: 40
  • Country: pt
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1937 on: January 13, 2021, 02:02:36 pm »
That's amazing, could you please share your work?
What do you want me to share?
I'm attaching the IDA diff for the 00.01.02.00.05 appEntry, you can apply it with idadif.py script.
 

Offline ineedds

  • Newbie
  • Posts: 1
  • Country: kr
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1938 on: January 15, 2021, 09:16:33 am »
I'm struggling now.
You have same model and F/W with my 5072.
If you could, let me know the hacking procedures you've done and files.
 

Offline tweini

  • Newbie
  • Posts: 1
  • Country: de
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1939 on: January 15, 2021, 10:41:15 pm »
Hi

My scope : MSO5072   01.03.00.01   hw 01.01.000 2018.06.27 2020-05-18
Omgoleus files worked.All option is unlocked forever.
Simply local upgrade from flash drive.(Kingston Data Traveler 100 G3 32GB Fat32).
[...]

Your attachment "01_03_00_01.zip" is  according to the chesums for the march firmware and it differs from the file from Omgoleus.

Best Regards
tweini
 

Offline PT_Dreamer

  • Contributor
  • Posts: 40
  • Country: pt
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1940 on: January 16, 2021, 09:36:58 am »
I'm struggling now.
You have same model and F/W with my 5072.
If you could, let me know the hacking procedures you've done and files.
What exactly are you struggling with?
 

Offline MoriDove

  • Contributor
  • Posts: 7
  • Country: ru
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1941 on: January 24, 2021, 01:57:06 pm »
Hi, is MSO5074 Hacking the same as MSO5072 ?
 

Offline Cerebus

  • Super Contributor
  • ***
  • Posts: 7338
  • Country: gb
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1942 on: January 24, 2021, 02:54:05 pm »
Hi, is MSO5074 Hacking the same as MSO5072 ?

Yes, they're the exact same scope, the 72 comes with all four physical channels but 2 are disabled in software.
Anybody got a syringe I can use to squeeze the magic smoke back into this?
 
The following users thanked this post: dc8wan, MoriDove

Offline Commodore8888

  • Contributor
  • Posts: 32
  • Country: us
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1943 on: January 26, 2021, 03:57:55 pm »
Hi, just wanted to thank all the work put into this "tune".
I was able to shift some bits to the MSO7024 firmware and got all the "Forevers".
No overshoots, in fact it is shooting just fine as the attached image shows.
I wasn't able to use the patchFinder script (it didn't find the appropriate sections) so I used IDA and the previous posted patches to find the required modifications.
I also changed the bootscreen but had to use mtd3 instead of mtd7 (probably depends on the current shadow image being used).
It is a shame about all the OT though, an "Hide all the BS button" would make things much less painful.

Cheers,
José

The DOOM tradition continues!

Agreed on hacking the 7k series. I did the same with one we have at work for "educational purposes" (but actually this time!) after cracking my own MSO5000 once seeing some work done by mabl. In my case this was right when the NSA had released Ghirdra. Works quite well especially considering it's free. I would think HexRays should be a little worried. I've thought about selling my 5k to get a 7k, if only for the logic head being easier to deal with than the 5k. That said, folks seem to have done a decent job reversing the 5k's logic head into something less silly than the factory offering!

Only beef I ran into is I had to manually make changes to the binary with okteta, as at the time Ghirdra had a bug where it wouldn't correctly apply memory offsets when repacking the binary with your changes. This may be fixed now, been a while since I looked.

Was a lot of fun and a great opportunity to knock rust off my reversing skillset :D I'd recommend trying it to anyone else in here. It's not a super difficult challenge if you know a little assembly and your way around IDA Pro or Ghidra. Mostly just pointer redirection and some changing of JMP instructions.
« Last Edit: January 26, 2021, 04:00:30 pm by Commodore8888 »
Mike D
 

Offline nichrist

  • Contributor
  • Posts: 6
  • Country: gr
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1944 on: February 04, 2021, 08:34:29 pm »
Hi
I am thinking to upgrade my old LAB Oscilloscope (a Rigol DS1052E bought back in2009) and to buy a DSO5000. The idea is of course to buy a base model and hack for the full power. I am currently between MSO5074 and MSO5072. MSO5074 is 100euro more expensive, is it worth the extra money? Can I hack MSO5072 to 4 channels?
Thank you
 

Offline Noy

  • Frequent Contributor
  • **
  • Posts: 331
  • Country: de
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1945 on: February 04, 2021, 08:41:02 pm »
Yes you can hack the MSO5072 to 4 channel.
But consider the price of 2 additional 350MHz passive probes.. So 100€ more for 5074 with 4 probes are worth the money. Except you have already 2 additional probes (350MHz)
 
The following users thanked this post: nichrist

Offline Cnoob

  • Regular Contributor
  • *
  • Posts: 130
  • Country: gb
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1946 on: February 13, 2021, 03:53:43 pm »
Just like to thank every one involved in working out how to hack the mso5000.
I've just hack my mso5104 which arrived yesterday.
 

Offline Commodore8888

  • Contributor
  • Posts: 32
  • Country: us
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1947 on: February 18, 2021, 10:11:29 pm »
Went to pop my Dec 2018 MSO5000 open to swap in a little higher volume fan and made a not so nice discovery....

The metal inserts Rigol used to provide threads for their screws, might end up being so friendly to the ABS plastic the scope is made of  :palm: This thing has lived its whole life on a bench too.

The bigger issue is if this starts, you may one day find your scope feet are now stuck.

Still have a year of warranty left, so maybe I can get a new front cover :/[attach=1][attach=2]
Mike D
 

Offline Ogawa Mitsuaki

  • Newbie
  • Posts: 4
  • Country: jp
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1948 on: February 19, 2021, 04:11:05 am »
Everyone who is working hard.
I am always grateful for your help.

I also made 70-> 350!
I bought the other options.

The MSO5000 gets very hot.
I installed a 5V fan and filter on the back panel.
5V is taken from the front USB of the MSO5000, but even with the hacked MSO5000, there are no problems so far.
If there is a problem, I will supply it from a USB HUB.

The parts for mounting were created with a 3D printer and attached with double-sided adhesive tape. The probe holder was also created with a 3D printer.
« Last Edit: February 24, 2021, 11:36:52 pm by Ogawa Mitsuaki »
 
The following users thanked this post: thm_w

Offline jeffjmr

  • Contributor
  • Posts: 14
  • Country: us
Re: Hacking the Rigol MSO5000 series oscilloscopes
« Reply #1949 on: February 19, 2021, 01:55:45 pm »
Oh that probe holder is just what I need to keep my rat’s nest of probe cables off my bench.

How did you attach it and can I buy one?

Jeff
 
The following users thanked this post: Ogawa Mitsuaki


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf