Sniffing the Rigol's internal I2C bus

[Rigol-Friend]

Hi everybody,

I have a DS2072 (without A),  hardware version 2, so  50 Ohm input resistors plus relais are build in. I have pimped this scope (thanks, thanks, thanks and much more thanks to cybernet and all other developers !!!) to DS2302 with all available options.

Now my question: Does everyone knows, is it possible to change the inptut impedance like the "A"-Version between 1 Mohm and 50 Ohm directly at the scope??

Thanks a lot for your help....
Rigol-Friiend

[sigxcpu]

1ns TB, 200M BW Limit, and correct DS2302 Model type *yeah* ;-)

Orange noticed that the trigger is off by 3divs (lags behind) if u enable the 2nd channel - same happening, but only in 1ns mode.
maybe that is the reason why there is no official DS2302 version - anyhow i can live with that small limitation as it vanishes above 1ns TB

here is the version that will take care of model type string

http://www.filedropper.com/ds2302rilol

the "recalc" of the string is triggered by option un/install - so flush keys, and reapply them and it will become active.

did a selfcal on top of that - everything good.

Does anyone has this file anymore?

 I'm pulling my hair to get the 1ns timebase (DS2072, HW 2.0).

If I do option uninstall (and re-install with DSHH, but not mandatory) the scope stays in 500ps timebase until the next reboot. If I leave it at 500ps and reboot, it stays there until I touch the knob. Then it is stuck at 2ns and that's it (nothing below 2ns).

Thanks.
 

LE: It seems that I didn't do my homework well. So the patched firmware is not required and the 1ns timebase should be enabled by 300M option (included in DSHH). Unfortunately, the model stays at DS2202 (I was expecting DS2302, right?) and the timebase doesn't go below 2ns.

Is there something that I do wrong in the following steps?

- uninstall all options (confirmed on-screen)
- power-off
- power-on (tried with F6 and without it, doesn't matter)
- apply license code generated by using DSHH. Confirmed by the scope and checked in options menu (300M is the only bandwidth option there)
- model is DS2202, minimum timebase is 2ns

I'm using a python script for writing the commands through SCPI. If the scopes confirms commands and applies the license, I assume it doesn't matter that I don't use the scope GUI for that.

[tsmith35]

here is the version that will take care of model type string

http://www.filedropper.com/ds2302rilol

the "recalc" of the string is triggered by option un/install - so flush keys, and reapply them and it will become active.

did a selfcal on top of that - everything good.

Does anyone has this file anymore?

This file? http://www.filedropper.com/ds2302rilol

[sigxcpu]

Did you re-post it? Yesterday it wasn't available.

Thank you.

LE: It seems that this fixed it.

Steps:

• un-apply key
• downgrade to riglol 2302 version
• reboot once more. Model changed to DS2302
• apply DSAZ key
• re-boot
• upgrade to latest firmware. lost all options(?)
• apply DSHH key

Outcome:

• mode stuck to DS2302
• timebase goes to 1ns

Thank you again.

[Sir Shagsalot]

Hi,

I got 300 MHz working on my DS2072A (I was only able to get to 200 MHz before; "NS8H" didn't work).

I did it by installing Zombie28's patched firmware (this allows the DS2xxxxA to use the old DS2xxxx option keys):

https://mega.co.nz/#!FFk10SCY!UuWPXyqZwmca00pa2clOth1ryh1Z-AAgJg2yibfoUw0

Then, instead of rigup, I used the install key generated by http://riglol.3owl.com/ (mirrored, I think, at http://www.gotroot.ca/rigol/riglol/ - note that you can download those web pages and run them locally if you want), using "DSHH" to install "all options".

That worked!

BTW, that patched firmware doesn't recognize any options that were installed with the standard firmware (the options disappear).  Not to worry - you'll get them back when you install the key generated as above.

I just wanted to give a shout out to Dave92F1.

Just got a Rigol 2072A.

Followed the guide posted here by Giggy as to how install the firmware from Dave92F1's post, generated the key code. Entered it in the 'scope, rebooted, voila, I have 2302 now.

It is great 'scope for the money, no beef. starting to wonder if it would be worth buying an entry level 6K... For now this one will help a lot though.

FWIW, my 2072A was shipped from the factory in late Dec 2013.

Great stuff, ThanX to Giggy and Dave92F1!

Greez SSAL

[GlassFET]

Someone asked a while back in this long thread if anyone had tested the bandwidths of unlocked DS2000A scopes to verify that the 300 MHz goal had indeed been achieved. I don't know if anyone responded with results, but here are the results of several BW tests we conducted.

Five of us have unlocked these scopes, four starting with the DS2702A model and one with a DS2102A model. All five of us chose the full "NS8H" 300-MHz-plus-all-options upgrade. Tests were run using an RF signal generator connected to a short (~1M) 50 ohm cable, with the 50 ohm input impedance selected on the scopes.

The -3dB BW results are:

Unit 1: 354 MHz
Unit 2: 408 MHz
Unit 3: 367 MHz
Unit 4: 420 MHz
Unit 5: 480 MHz (?)

Notes: Units 1, 2, 3 were tested with a Wavetek 2510A synthesized signal generator set to 1.0 Vrms (+13 dBm) at 10MHz. The frequency was increased until the scopes read 0.707 Vrms (+10 dBm). Each channel was separately measured one, at a time, and the averages of the two BW results are presented here. Unit 4 was tested similarly with an HP8656A signal generator, except the generator was set to 0.5 Vrms (+7 dBm) at 50 MHz. The set up for Unit 5 is unknown and it might be considered an "outlier".

We didn't observe that BW varied whether two channels were selected or just one, but we could see some aliasing noise in the waveform when two channels were selected, because the 2 Gsa/s maximum sample rate has to be interleaved between channels in the two channel mode, which is typical for DSOs.

Conclusion: All units tested well exceeded the 300 MHz spec of the DS2302A.

Thanks to all here who made this possible!

[marmad]

Conclusion: All units tested well exceeded the 300 MHz spec of the DS2302A.

As mentioned already many times in this thread (and elsewhere in the forum), the fact that you get more bandwidth, in and of itself, is not necessarily a good thing.

To accurately measure the signal without sampling alias errors, your DSO must have sufficient sample rate. For a Gaussian-response oscilloscope like the Rigol, 4-6 times the bandwidth is typical. The original 200MHz DS2000 has a dual channel sampling rate of 5 times the bandwidth  - which fit the BW filter curve quite well.

Running a DS2000 at 300MHz with both channels on means a sample rate of only 3.3 times the bandwidth; an inadequate amount for the Gaussian filter - and will likely lead to alias errors in certain circumstances. So, IMO, the 300MHz is reliable when only using a single channel - but not both.

[electronics man]

What I don't realy understand is why is the bandwidth only limited in softweare, so is rigol actually selling an upgrade.

[GlassFET]

Conclusion: All units tested well exceeded the 300 MHz spec of the DS2302A.

...So, IMO, the 300MHz is reliable when only using a single channel - but not both.

That was my intended point about aliasing. I concur that only one channel should be used at close to max BW to avoid aliasing. Nothing shameful here; Tek and Agilent face the same physical realities.

[Mark_O]

That was my intended point about aliasing. I concur that only one channel should be used at close to max BW to avoid aliasing. Nothing shameful here; Tek and Agilent face the same physical realities.

That's true, however what is one supposed to do when you have two channels enabled?  You can't just say (as you did)  'don't use both at close to max BW', because you have no reasonable control over the max BW at that point.  I.e., there may be spurious harmonic content you have no knowledge of. 

As marmad pointed out, "The original 200MHz DS2000 has a dual channel sampling rate of 5 times the bandwidth  - which fit the BW filter curve quite well."  i.e., the sample rate was well-matched to the BW (or vice-versa).  So to avoid aliasing with your modded 300 MHZ (or 400!) scope, you must engage a 100 MHz BW limiting filter... which may not be as desirable as the original 200 MHz would have been.

It's really a choice between having 200 MHz at 1 and 2 channels; or 300 MHz at 1 channel, with 100 MHz at 2.  It's a point worth noting, and remembering.

[GlassFET]

Mark-O,

We only quickly looked at the aliasing effects, but I don't think it's as dire as all that, nor is the 300 MHz option necessarily completely unusable in two channels near max BW. Most, if not all, of the visible aliasing that we saw occurred with a signal well above the specified 300 MHz point at the frequencies mentioned above. Exactly where aliasing became visible in the two cases of channel selection has not yet been evaluated by us. It's also a question of degree, and the specific application of the scope. I don't have a handle on the anti-aliasing filter that Rigol used although there are hints of the initial roll-off points in the measured BWs I provided, but not the steepness of the filter. When we get a chance we will try to more fully check out the aliasing story. Meanwhile others who have measured these scopes might comment.

Nevertheless, it would have been nice if Rigol had provided a 200 MHz analog filter choice in addition to the 20 and 100 MHz filters. We're hardly in a position to complain much!

[marmad]

Most, if not all, of the visible aliasing that we saw occurred with a signal well above the specified 300 MHz point at the frequencies mentioned above.

Aside from visible aliasing, it's imperative that sin(x)/x interpolation, to reconstruct the waveform faithfully, not receive frequencies greater than the Nyquist frequency. I'm not sure evaluating this with a simple sine or square wave is adequate.

[GlassFET]

These are some of the inherent limitations of DSOs and why many of us keep an analog scope on the bench too. Each type has its advantages and disadvantages. It is always necessary to be mindful of the limitations of any kind of test instrument when making measurements. Spectrum analyzers, distortion analyzers, DMMs, whatever - they can all fool you if you haven't considered their limits.

[tiagobaracho]

Hi guys...
I requested the firmware from rigol and got the DS2000(DSP)update_00.02.01.00.03 from them...
Just one doubt.... since this is the same version as the hack here to get response to the *IDN? command, makes sense to update? will have anything new ?,what i mean is that i dont know if the the hack was made with this firmware that or if the it was another but you guys renamed to .03 to be able to update to a newer version...

I have the 300mhz all options installed.

[Arkku]

Hi,

I successfully unlocked all the features on my DS2072A with the instructions in this thread. In case it is helpful to others who may have trouble digging up all the relevant info in this long thread (especially since much of it seems Windows-specific), the process I found easiest on the *nix command line (OS X, Linux, BSD, etc) was:


1) Upgrade to the "license keys dump" firmware

• put the DSO2000Update.GEL (md5sum 8d28a810d45a9e8be3095cd312ec57ec ) on a FAT32 USB drive
• start scope and quickly double-tap HELP (screen will be blank, only SINGLE button lit)
• insert USB drive – CH1 should start blinking while the upgrade is in progress (takes several mins)
• When CH1 stops blinking and all buttons light up, turn off scope and remove USB drive

Note: This firmware is needed to get the private keys out of the scope, otherwise the next step won't work. However, once the keys have been extracted, the firmware can be changed back to an official version.


2) Get the identification string over the LAN

• set up the scope on the LAN (easy if router has DHCP server, just find out the scope's IP from LAN settings)
• connect to TCP port 5555 on the scope (replace "scope.localnet" with the IP) type "IDN?" + return, e.g.:

Code: [Select]

$ nc scope.localnet 5555
*IDN?
RIGOL TECHNOLOGIES,DS2072A,DS2…,020……………………………………………………………………………………………………………………………………………………………………

(everything after *IDN? is the reply from the scope, the …'s are replaced by lots of hexadecimal digits)


3) Generate the license key

• compile "rigup" from sources for your platform (should be a simple matter of running "make")
• in the directory with the "rigup" executable:

This is where most of the existing instructions tell you to use a hex editor, but if you've got Ruby installed here's a little oneliner script to do it straight from the command-line:

Code: [Select]

echo "RIGOL …,DS2072A,DS2…,020…" | ruby -e 'f=gets.strip.split(","); print "#{[f[-1]].pack("H*")}#{f[-2]}\0"' >scope.bin

Replace the everything in the double quotes after echo ("RIGOL …" etc) with the whole (long) line you got from the scope in the previous step. This will create the file "scope.bin" in the current directory.

Then you can generate the keyfile (here "scopekey.txt") with:

Code: [Select]

./rigup scan scope.bin >scopekey.txt

And finally generate the license using the keyfile:

Code: [Select]

./rigup license scopekey.txt NS8H

NS8H is the code for 300MHz with all options, you can also use NSEQ for 200MHz with all options.

This will output a key like:

Code: [Select]

rigup license - Version 0.1

ABCDEF0-1234567-1234567-1234567    (NS8H = 0x1C0C7)


4) Install the key

• connect to the scope's TCP port 5555 and type ":SYST:OPT:INST key" + return, where "key" is the key you got from rigup without the dashes, e.g.:

Code: [Select]

$ nc scope.localnet 5555
:SYSTEM:OPTION:INSTALL ABCDEF0123456712345671234567

A progress bar should appear on the scope's screen. Once it's done, restart the scope and verify that Utility -> Options -> Installed shows all options as "Official version":



Printing a new label for the scope is optional.


edit: Some people have been having trouble with the license for NS8H (300MHz with all options) being rejected with the message "License unavailable". If you get this problem, try sending the command "SYSTEM:OPTION:UNINSTALL", reboot the scope, install the official firmware, and try again. Also try entering the license manually through the scope's UI instead of over LAN.

If it still won't work for you, try the code NSEQ instead of NS8H when generating the license; this should give 200MHz with all options, and people seem to have more luck with that.

[Rigby]

Just one doubt....

the ISDN command

You're from India.

The *IDN? command should update with the model number the scope believes itself to be.  The serial number should not change unless there is something about the modded firmware I don't know about.

[tiagobaracho]

Just one doubt....

the ISDN command

You're from India.

The *IDN? command should update with the model number the scope believes itself to be.  The serial number should not change unless there is something about the modded firmware I don't know about.

Just one doubt....

the ISDN command

You're from India.

The *IDN? command should update with the model number the scope believes itself to be.  The serial number should not change unless there is something about the modded firmware I don't know about.

D letter close to S letter + i am not perfect, human being here = sometimes I do mistake ... should had reviewed better... I am far away from india !

What i meant is that now i have the dump key version to the IDN command... hacked here.... and it shows the same version as the rigol guys sent me ...
Since i already have the serials to use the 300Mhz with all options, should I update the firmware to this version they sent me ?

[Rigby]

Sorry, I wasn't criticizing.  If you took offense, I apologise.  Very sorry about that.

"Just one doubt" is something I very, very often heard from a lot of my Indian coworkers at a previous job.  I've never heard anyone else say it, so I assumed it was a cultural thing.

I believe the only difference between the hacked firmware and the official firmware is that the hacked firmware reveals the private key for the device.  If you want, you should be able to upgrade, or "side-grade" to the same version of un-hacked firmware and be ok.

If you try it, let us know how it turns out.  Like I said, everything should be fine.

If I'm wrong, someone will likely jump out very quickly and correct me.

[tiagobaracho]

Sorry, I wasn't criticizing.  If you took offense, I apologise.  Very sorry about that.

"Just one doubt" is something I very, very often heard from a lot of my Indian coworkers at a previous job.  I've never heard anyone else say it, so I assumed it was a cultural thing.

I believe the only difference between the hacked firmware and the official firmware is that the hacked firmware reveals the private key for the device.  If you want, you should be able to upgrade, or "side-grade" to the same version of un-hacked firmware and be ok.

If you try it, let us know how it turns out.  Like I said, everything should be fine.

If I'm wrong, someone will likely jump out very quickly and correct me.

No offense taken.. if i took offense, i would be offending Indians right ? lol

In portuguese we speak exactly like that..... but  i dont know the way it is said in english... i believe is more like " Just one question"

I read few pages back that there was a bug when at  1ns that was fixed with the latest upgrade.... but the latest seems to be the same as the hacked version that dump the keys.... so i was wondering that..

[ElektronikLabor]

Hello folk,
I'm trying to enable some options on my new DP832; i followed this instruction:

1 Download firmware at http://www.riglol.3owl.com/firmware/DP832.rar
2 Downgrade firmware to 00.01.06
3 Generate Key on riglol.3owl.com
4 Install the keys
5 Upgrade firmware to 00.01.08

I always loose all options after upgrading back to 00.01.08.
Is there any trick to prevent ist?

I searched a lot through this thread but didn't find any solution 

Thanks 

[Rigby]

I don't think so.  I believe the current notion is to just stay at .06 and not worry about it.  There aren't any significant bug fixes in .08 or .09 (except that hacked keys are lost) so just don't upgrade.

There's a thread about this.

[ve7xen]

It's been a while since I've monitored this thread and it appears plenty of progress has been made. Excellent work everyone!

Took the opportunity to mirror a bunch more useful files permanently at http://www.gotroot.ca/rigol as well as setting up a cron job to pull down the complete thread every day as well. If there's anything else that should be there, send me files or PMs and I will make it so.

How do you pull this thread?, Would it be possible to include the messagenr in the postheader or postbody?, when I'm searching in the file now, it's difficult to find the post on the forum, with an id one could construct the url, or maybe include the a-href info which looks like this:

a href="msg391147/#msg391147"

I realize this response is very delayed as I've been on vacation for all of February and haven't had time to catch up on the thread until now, but if anyone is curious I was just archiving the "printpage" URL. There's a link near the top of the thread. Unfortunately, this link no longer works, so for now the archiving is down. I'm not sure if it's intentionally disabled or if it's simply the length of this thread breaking it due to a timeout or memory limit or some such (returns a 500 error).

If the forum administrators are able to fix it, the archive script will resume pulling it daily.

[neslekkim]

ah, then it works, on other threads, tested that now, but on this thread, not working.

[mrflibble]

All the long threads suffer from the same problem. The print view for the Flir E4 thread is also broken. Probably a LIMIT=<nice_number/> in the query would already fix things.

I suspect it is either really really broken in a silly way, or just the usual query takes too long + timeout. And then cache that zero size result. But not sure, not familiar with this particular forum software.

[Rigby]

I think you're onto something there.  There is almost always an execution timeout.  It could be a process memory restriction as well.  Or both.