Rigol DP900 / DP2000 Series Hack -

[BC547B]

Hi, I have a DP2031, FW ver. 00.01.01

After I overwrote the original SousaMain with the patched SousaMain file, and rebooted the PSU. It hangs at boot, I had to re-upload the original file. I don't know what am I doing wrong.

Here's what I've done hopefully someone will point me in the right direction, and will be a guide for FW hacking beginners and newcomers like me:

0- [Backup]: I've downloaded the SousaMain file from my PSU by connecting it via ethernet using scp root@[rigol psu ip]:/mnt/app/SousaMain /SousaMainOriginal
1- [Download the patch]: I've downloaded the SousaMain patch by userli attached in his Reply #18
2- [Patch Sousa Main]: I've patched the original file using bspatch.exe that I've downloaded from Romhacking.net and then executed bspatch.exe SousaMainOriginal SousaMain_patched SousaMain_patch
3- Renamed the patched file to SousaMain
4- [Upload the patched file to root directory]: scp /SousaMain_patched root@[rigol psu ip]:/
5- [SSH to the machine] SSH'd to the PSU
6- Moved the file to /mnt/app using: mv SousaMain /mnt/app
7- On the PSU went to Utility > Option, it kept saying HADC: not installed, 10A not installed.
8- Turned it off and back on. It shows the Rigol logo and starts filling up the loading bar and then stops.
9- I got lucky and I could still SCP/SSH to it to reupload the original file 
10- I've tried all the above again and still faced the same problem.

I hope someone would let me know what I'm doing wrong.
-
There are few things I don't understand:
- Could someone explain what does the swupdate command posted by hve in the beginning of this post do? Do I need to execute it on the psu to be able to apply the patch by userli?
- Do I have to repatch when a new firmware is released?

Thank you

[Ronnyvs]

Hi BC547B,

When you say your firmware is: FW ver. 00.01.01
Then this is not the whole firmware syntax...
The whole firmwaresyntax looks like: 00.01.01.00.22,
Where te last number is the actually version where Userli made the patch for...
and the patch is made for .21 at the end.

To check your version, you can login with the ultrasigma tool from Rigol and do an SCPI command "*IDN?"
this gives you the full info about your device... It looks like this:

*IDN?
Rigol Technologies,DP932A,DP9D123456789,00.01.01.00.22

If you want to patch it your firmware has to be 21 at the end.

To check the MD5 you can test it on:
https://emn178.github.io/online-tools/md5_checksum.html

In this threat Userli also wrote down the MD5 file-size from  Sousamain before and after the patch.
These numbers should be the same!

Regards,

Ronny

[Ronnyvs]

As i'm still writing now,

i will post my remote control which i made for the 932 power supply's.
I only tested it with mij 932, but i think it wil work with most of the Rigol powersupply's.

I made it by changing the web-control from the known BB3-powersupply.

It's working and still very simple...
you can set the voltage and current, it shows in which mode it works and the meters for reading out are live.
they show U, I and P.

I post it now, so that other smart and willing engineers and hobbyists like it to make it more and better.
I only did the start...

It's working with eez-studio and that a very nice tool to operate other devices(including a lot of Rigol Scopes)
eez-studio download:

https://www.envox.eu/studio/studio-introduction/

my projects are attached...
the project-file is to run and the dashboard-file is to edit.
have fun with it!

[BC547B]

Hello Ronnyvs, thanks for pointing out the required version for the patch to work, mine says .22 unfortunately I couldn't find .21 firmware anywhere on the internet 

I just downloaded Eezstudio, is this a software that allow me to control my lab equipment from the computer? And you project is like a plugin for it to work on the DP900 and DP2000?

[sensille]

At least that information confirms that even with .22 the ssh port is still open, so I can update from .16 to .22 now If someone provides the SousaMain from .21 I can try to port the patch to .22.

[Ronnyvs]

Glad that it became more clear with the firmware.
Maybe Userli can write a patch for the .22....

According to EEZ-studio...
with EEZ-studio , you can write software which control equipment...
for example GUI's for stm32, arduino , webapplications etc...

with the last one , i made the control for the powersupply.
if you open eez-studio, then in EEZ-studio you can open my files and control the powersupply.
Its possible to have a lot of devices, or projects opened at the same time..

i also use an other instrument from Rigol to open the connection to the device...
although i noticed another port in this forum, the port=5555
In my software there has to be made an connect/disconnect button... (still not there)

Let me know if it works...
Ronny

[ivantankj]

Hi All,

I believe this is the firmware 00.21 that everyone of you are looking for?

Need some verification because the website seem to have mislabeled it as .20. This firmware dates 25th May 2023. My unit has not arrived yet so can't verify at the moment.

https://drive.google.com/file/d/1Wlrnk3dYLdw3fNQwgDsmt8e85K32Fa6g/view?usp=sharing

[sensille]

I believe this is the firmware 00.21 that everyone of you are looking for?

I can confirm that the contained SousaMain has the expected md5sum of 4a0c633eadc7c0f7009a464a16d35747.

[ivantankj]

I believe this is the firmware 00.21 that everyone of you are looking for?

I can confirm that the contained SousaMain has the expected md5sum of 4a0c633eadc7c0f7009a464a16d35747.

Fantastic! So you have managed to downgrade your firmware from .22 successfully?

[BC547B]

Hi Ronny, first I'd like to thank you for introducing me to this software I didn't know there's something like that! is this supposed to work on DP2000 series? I've never used this EEZsoftware before, but when I click run all I see is a dialog box called instrument and the list is empty and close and select, even though I have my psu online and pingable. The error is Not connected to the instrument.

[Ronnyvs]

Hello BC547B,

i already noticed this in my last post:

"i also use an other instrument from Rigol to open the connection to the device...
although i noticed another port in this forum, the port=5555
In my software there has to be made an connect/disconnect button... (still not there)"

what i did:
een eez-studio-> tab"Home"
At the right top the green button "add instrument"
choose from Generic SCPI  (only use it for making an connection...)
Then on the SCPI-Instrument you can open the connection to your powersupply

Now open the powersupply from the file i made and you can control it

The files i made hasn't been converted to a "instrument"
I would also like to add a connect/disconnect button.
Then you don't "need "another device for making the connection...

Ronny

[sensille]

Fantastic! So you have managed to downgrade your firmware from .22 successfully?

No. For one my device is still on the stock .16 it arrived on 2 weeks ago. My plan is to try to port the patch to .22 first.

[ivantankj]

Fantastic! So you have managed to downgrade your firmware from .22 successfully?

No. For one my device is still on the stock .16 it arrived on 2 weeks ago. My plan is to try to port the patch to .22 first.

I just received my unit and it's on firmware .22 unfortunately but I managed to get the test.dll file onto the PSU and it unlocked the usual 3 options. I guess I have to wait for you or someone to port the patch to .22 then. Thanks for looking into it.

[sensille]

I just received my unit and it's on firmware .22 unfortunately but I managed to get the test.dll file onto the PSU and it unlocked the usual 3 options. I guess I have to wait for you or someone to port the patch to .22 then. Thanks for looking into it.

If you feel  adventurous, I have the ported the patch from Userli to .22, but haven't tested it yet. I plan to do the update and test on the weekend.
SousaMain original: ec69fba52309f6370ed81c55552c4e08
patched: 5e277fe9ad537a6918ec22ecc696e3f7

[ivantankj]

I just received my unit and it's on firmware .22 unfortunately but I managed to get the test.dll file onto the PSU and it unlocked the usual 3 options. I guess I have to wait for you or someone to port the patch to .22 then. Thanks for looking into it.

If you feel  adventurous, I have the ported the patch from Userli to .22, but haven't tested it yet. I plan to do the update and test on the weekend.
SousaMain original: ec69fba52309f6370ed81c55552c4e08
patched: 5e277fe9ad537a6918ec22ecc696e3f7

I'm all for adventure! And guess what? It works!

The patch file you have attached has some character encoding issues on the filename I think, I had to rename it totally for bspatch to work properly.

Attaching the renamed patch in this reply as well.

Thanks once again Genius!

[Ronnyvs]

Hi all,
very nice the patch for .22 works!!! Good job! (didn't tested it myself, i'll try it this week)

I was busy with my eezproject to make the power supply as an Instrument.

Glad, now it works! The connect button works well and the Instrument is also working...

For those who like it to give it a try, i added the zip file (you can immediately add it as an instrument in EEZ studio)
I also made an instruction manual how i made the an instrument of an "dashboard"-file
this is also added as an pdf-file

hope you all will appreciate it...

Ronnyvs

[BC547B]

Hi, thanks sensille for supplying the patch and thanks ivantakj. I patched mine the check sum is the same as the one you provided but didn't work it still says: HADC: not installed and 10A not installed. But the monitor feature now works... but the others are not.

Ivantakj can you confirm that HADC and 10A are working for you please? because here they are still not installed, I checked that by trying to set 10A manually on channel 3 (because it's the only channel that allows 10A) and also by going to utility > option. I've attached some photos.
Thanks!

[ivantankj]

Hi, thanks sensille for supplying the patch and thanks ivantakj. I patched mine the check sum is the same as the one you provided but didn't work it still says: HADC: not installed and 10A not installed. But the monitor feature now works... but the others are not.

Ivantakj can you confirm that HADC and 10A are working for you please? because here they are still not installed, I checked that by trying to set 10A manually on channel 3 (because it's the only channel that allows 10A) and also by going to utility > option. I've attached some photos.
Thanks!

Hi, there are actually 2 different patches for both the DP900 and the DP2000 series. This one we are talking about now is for the DP900 series and for me personally, the DP932E specifically. You could perhaps request the Genius for the DP2000 version be ported as well.

[sensille]

Hi, there are actually 2 different patches for both the DP900 and the DP2000 series. This one we are talking about now is for the DP900 series and for me personally, the DP932E specifically. You could perhaps request the Genius for the DP2000 version be ported as well.

I have much less confidence with that one. No idea what Userli has done there. So if it works, all credits to them, if not, all blame on me.
Patched md5sum is 365adc3f5d69599eb6ac7c54c333ea45.

[Ronnyvs]

Things with EEZ Studio are working really well...

[BC547B]

Hi sensille! Thank you ever so much for porting the patch to DP2031 FW version ending with .22  I confirm that the patch is working! And thank you to Userli for making all this magic happen!

With this patch SousaMain_patch_22_2031.zip posted by sensille I've achieved

- High Current Option: CH3 10 A high range mode
- Fast Sampling: 7.5 k/s high-speed sampling option
- Monitor Mode: You can set the power supply to watch over voltage current power and either warn you or turn the output off or make a beep

I've attached pictures to confirm it's working!
 

Happy New Years guys thank yyou!!

[BC547B]

Hi Ronnyvs! WOW dude this is looking good already! Can't wait to try it on the DP2031 tomorrow! I hope it works on mine!
Thanks for sharing you work with us!

[ivantankj]

One of the features of the Rigol PSUs is the data logger in *.ROL format.

The following package from Rigol specifies the long arduous process of reading these proprietary files.

 

[Phili76]

Thanks sensille & Userli! Another DP2031 working!
Had some issues with the md5 not matching but found out that mine was still on 00.00.01.00.19. (md5 7ad7aeb10e312aa11eded45a098de412) So checking md5 before helps.
Did an update, back to Chinese language, recognized as an DP932, hard reboot, change of file, hard reboot and all OK: 10A, HADC and Monitor.

EEZ Studio is also great, for the DP2031 only the 6V/3A has to be changed to 6V/10A (or 5A). Another rabbit hole to go down.
Thanks!!
 

[Ronnyvs]

To Phili76 and all the others,
I made some changes to the EEZ-file's.
i can't test them by myself, but i think they should work...
Just le me know

Succes,
Ronny