Sniffing the Rigol's internal I2C bus

[Icchan]

250+ posts... is there any source that has gathered all this information in one place in more concise manner? Or do I have to read up everything on a forum before knowing what to do if I get MSO4000 series and wish to upgrade it?

[Trax]

I'm affraid there is no collected info source for this, someone needs th read the whole thread and make one.

[TomThomas]

Simple question but:
When you got your scope how long have you waited before installing the hacked options?
In order to test if its running ok, etc...

One day.

And what happens if the scope would fail and be in need of repair while having hacked options? I guess as long as it boots the options could be simply removed before sending it in, but what if the scope wouldn't boot at all?

I don't understand the question. What is the relation between entering a bunch of codes  and a warranty claim?
Maybe in the states this is illegal but where I come from it's completely fine.

I don't know where you come from, but have you ever heard about  intellectual property? I don't think so!
This is valid worldwide.

[Trax]

Simple question but:
When you got your scope how long have you waited before installing the hacked options?
In order to test if its running ok, etc...

One day.

And what happens if the scope would fail and be in need of repair while having hacked options? I guess as long as it boots the options could be simply removed before sending it in, but what if the scope wouldn't boot at all?

I don't understand the question. What is the relation between entering a bunch of codes  and a warranty claim?
Maybe in the states this is illegal but where I come from it's completely fine.

I don't know where you come from, but have you ever heard about  intellectual property? I don't think so!
This is valid worldwide.

I don't think this falls under intellectual property, you are not duplicating anything. At least its a gray area.

Besides they would not legally have the right to deny a warranty claim, they may try to sue you independently (in reality the could not probably as the damage is not high enough).

But since this is a gray area they are most likely to eider do nothing or try to do some extrajudicial punishment, and than you would need to sue them such that they will repair it. But well if they are china based that may be a problem.

My question goes more in the direction of has anyone send in their scope for rapier with hacks and what was the outcome?

Trax

[pierre288]

Hi all,
Anyone have experience using rigup on a MSO1000z
at the latest firmware version 00.04.03 (June 2015) ..

Mine was originally at 00.04.01 SP2
I Updated it to 00.04.03 prior to try rigup-mso1000z.
Options do not install...

Could it be that latest version has modifications voiding rigup ?
Any hints ?

Thanks

Is this the one you used
http://gotroot.ca/rigol/rigup-0.4.1-mso1000z.zip
Just making sure you use the correct one.
there's another one on the site and it does not work
this one once you compile it worked fine but I did not upgrade mine before testing

Hi Sarah,
yes I used version you indicate...
I am concluding I should not have update firmware before "rigup"

thanks

[pierre288]

Hi all,
Anyone have experience using rigup on a MSO1000z
at the latest firmware version 00.04.03 (June 2015) ..

Mine was originally at 00.04.01 SP2
I Updated it to 00.04.03 prior to try rigup-mso1000z.
Options do not install...

Could it be that latest version has modifications voiding rigup ?
Any hints ?

Thanks

I don't have 00.04.03, but rather have 00.04.02.SP4 and that worked fine.  This probably doesn't help you much but who knows. 

BTW how did you get new F/W, did you have to request from Rigol or is there there a direct download?

FYI I got update via a reqest to Rigol...
cheers

[farzadb82]

Hi Guys,

Does anyone have a link to download the DS/MSO1000Z firmware v00.04.03 ?

[Trax]

I'm wondering why is it that rigup can hack the DSO model based only on the serial but not the MSO and needs here a memory dump.
Is the private key for the DSO's all the same while for the MSO each different? Or is there just some code not discovered that woudl allow to generate all data for the MSO also only based on the serial?

[ted572]

Hi Guys,

Does anyone have a link to download the DS/MSO1000Z firmware v00.04.03 ?

Go here -> http://beyondmeasure.rigoltech.com/acton/ct/1579/p-0019/Bct/l-3f49/l-3f49:ee3/ct1_0/1?sid=5QnnsxcKo

[farzadb82]

Hi Guys,

Does anyone have a link to download the DS/MSO1000Z firmware v00.04.03 ?

Go here -> http://beyondmeasure.rigoltech.com/acton/ct/1579/p-0019/Bct/l-3f49/l-3f49:ee3/ct1_0/1?sid=5QnnsxcKo

Fantasic!  Thanks.

[neki]

enjoy

http://pastebin.com/ghYHnCfT

The above link is not working anymore. Does anybody have those files (DSA815 options hack)? Thanks in advance.

[ted572]

enjoy
http://pastebin.com/ghYHnCfT

The above link is not working anymore. Does anybody have those files (DSA815 options hack)? Thanks in advance.

neki:  I suggest browsing back through here -> https://www.eevblog.com/forum/testgear/spectrum-analyzer-rigol-dsa815/msg683215/#msg683215  This is simply the last post, but you will be able to learn a lot about the DSA815/815-TG here.  If you currently have a DSA815, what Firmware version and Boot version does it have?  Perhaps we can save you some time researching.  In any case this is a better place to look for answers and ask DSA815 questions.

Edit:  Re. your DSA815 Firmware and Boot version, if you reply please do it on the EEVblog 'Spectrum Analyzer-Rigol DSA815' thread. 

[McBryce]

Hi Guys,

Does anyone have a link to download the DS/MSO1000Z firmware v00.04.03 ?

Go here -> http://beyondmeasure.rigoltech.com/acton/ct/1579/p-0019/Bct/l-3f49/l-3f49:ee3/ct1_0/1?sid=5QnnsxcKo

Are you sure that that Firmware is valid for the MSO series too? I was under the impression that the firmware differed between the MSO and DSO.

McBryce.

[jrmymllr]

Hi Guys,

Does anyone have a link to download the DS/MSO1000Z firmware v00.04.03 ?

Go here -> http://beyondmeasure.rigoltech.com/acton/ct/1579/p-0019/Bct/l-3f49/l-3f49:ee3/ct1_0/1?sid=5QnnsxcKo

Are you sure that that Firmware is valid for the MSO series too? I was under the impression that the firmware differed between the MSO and DSO.

McBryce.

I installed that one on my MSO1104Z.

[McBryce]

Hi Guys,

Does anyone have a link to download the DS/MSO1000Z firmware v00.04.03 ?

Go here -> http://beyondmeasure.rigoltech.com/acton/ct/1579/p-0019/Bct/l-3f49/l-3f49:ee3/ct1_0/1?sid=5QnnsxcKo

Are you sure that that Firmware is valid for the MSO series too? I was under the impression that the firmware differed between the MSO and DSO.

McBryce.

I installed that one on my MSO1104Z.

And how were the results? Hacks still there? Any noticable improvements?

McBryce.

[jrmymllr]

Hi Guys,

Does anyone have a link to download the DS/MSO1000Z firmware v00.04.03 ?

Go here -> http://beyondmeasure.rigoltech.com/acton/ct/1579/p-0019/Bct/l-3f49/l-3f49:ee3/ct1_0/1?sid=5QnnsxcKo

Are you sure that that Firmware is valid for the MSO series too? I was under the impression that the firmware differed between the MSO and DSO.

McBryce.

I installed that one on my MSO1104Z.

And how were the results? Hacks still there? Any noticable improvements?

McBryce.

Yes, it was hacked previously(trigger, decode, segmented memory, memory), and they are still there after flashing to 00.4.03.  I haven't noticed any differences, but I haven't used it extensively yet. 

[TheSteve]

Recently purchased a DSA815-TG. UPS claims it will arrive tomorrow.
Just wondering if anyone has put any effort into enabling the options on the newer units with the updated bootloader. I'd really like to know if Rigol updated the public/private keys and/or did they change the option codes themselves.
I can probably do a jtag dump at some point if that is what is needed.

Also can anyone confirm if the hardware has been updated in the newer production units, I have read mention of a lower noise floor.


PS to Rigol - I bought the DSA815-TG because I am pleased with my DS1054Z that is now fully optioned out. If you remove the ability to enable features on all products people like myself will buy from another company.

[DG5SAY]

PS to Rigol - I bought the DSA815-TG because I am pleased with my DS1054Z that is now fully optioned out. If you remove the ability to enable features on all products people like myself will buy from another company.

100 % 

[dadler]

Recently purchased a DSA815-TG. UPS claims it will arrive tomorrow.
Just wondering if anyone has put any effort into enabling the options on the newer units with the updated bootloader. I'd really like to know if Rigol updated the public/private keys and/or did they change the option codes themselves.
I can probably do a jtag dump at some point if that is what is needed.

Also can anyone confirm if the hardware has been updated in the newer production units, I have read mention of a lower noise floor.


PS to Rigol - I bought the DSA815-TG because I am pleased with my DS1054Z that is now fully optioned out. If you remove the ability to enable features on all products people like myself will buy from another company.

Get ready to buy from another company. The only current hack for the DSA815 involves opening the device up and bridging the write protect pin on the FRAM chip to Vdd, pulling it high. This seems to persist the trial options indefinitely. No 10hz RBW though.

I am holding out on opening up my unit, hoping someone finds a soft-hack. I still have option time left and turn the DSA off when not on use. If I get low on option time, I will reconsider.

[TheSteve]

Recently purchased a DSA815-TG. UPS claims it will arrive tomorrow.
Just wondering if anyone has put any effort into enabling the options on the newer units with the updated bootloader. I'd really like to know if Rigol updated the public/private keys and/or did they change the option codes themselves.
I can probably do a jtag dump at some point if that is what is needed.

Also can anyone confirm if the hardware has been updated in the newer production units, I have read mention of a lower noise floor.


PS to Rigol - I bought the DSA815-TG because I am pleased with my DS1054Z that is now fully optioned out. If you remove the ability to enable features on all products people like myself will buy from another company.

Get ready to buy from another company. The only current hack for the DSA815 involves opening the device up and bridging the write protect pin on the FRAM chip to Vdd, pulling it high. This seems to persist the trial options indefinitely. No 10hz RBW though.

I am holding out on opening up my unit, hoping someone finds a soft-hack. I still have option time left and turn the DSA off when not on use. If I get low on option time, I will reconsider.

Considering I am willing to open it to JTAG it I have no problem shorting pins 7 and 8 of the FRAM for now - I'll verify it works first!

[ademuth93]

Hello all,

Sorry if this is the wrong place - first time forum user just looking for some help.
I've been attempting to unlock the options on my DS2072A (SW version 3.01, HW 2.0) using the RigolBildschirmkopie program to dump 32MB of the scope's memory. The only problem is that when I use the command ":SYST:UTIL:READ? 1,33554432" I get an "Out of Bounds" exception. I'm able to send commands that return smaller amounts of data to the computer (getting the system time on the scope works, for example). I can run the read command up to about 100 kB and not much more.

Is this a bug in the program, or is it some kind of id-10t error on my end? I noticed the most recent build was on June 29, so it could perhaps be a new bug. Does someone have an older version of this program I could try, or any other suggestions?

Thanks for your help!

[ademuth93]

Please send me an e-mail or use the contact form on my website. Describe what operating system you use and the type of connection LAN or USB.
Screen capture of the error message would also be good.

Peter

Peter,
I've sent an email to you with the information you requested as well as some screenshots.

"For those playing along at home," I've tried this on windows 7, windows 8.1, and Mac OS 10.10 using a LAN connection.

UPDATE:
Peter was kind enough to update his program to fix the error I was getting. It now works as intended! Thanks!

[TheSteve]

I am wondering if someone out there would be willing to make a custom version of riglol.c for some DSA815 testing.
When Rigol changed the firmware which broke riglol they either changed the public/private keys, changed the option codes, or both. On the long shot chance they only changed the option codes(which is what they did with the DP832) I'd like to try to "brute force" some keys that match my DSA815. I'd like riglol.c modified to loop through option codes AAAA to 9999(including mixed alpha and numeric) automatically and output all of the possible result keys to a file.  The results could then be compared to the existing options keys which can be viewed on the screen of a DSA815-TG. For a specific serial number we could see if a match was obtained for the tracking generator and the three trial options.
If any match is obtained we know the keys have not changed and will also have enough information to then generate permanent codes for every option but the 10 Hz RBW. We can then likely determine the 10 Hz RBW option(if it still exists) with some trial and and error as well. All of this without evening opening a DSA815 up.

I did some C programming 20 years ago, it would take a lot of time to get back up to speed to start making changes, so if someone would be willing to give it a go it could really benefit a lot of people.

[Asmyldof]

Hey Guys,

I'm wondering, has anyone tried any evil tricks on a DG5 series Rigol toy? Bought a very discounted DG5072 (70MHz limit) and it does all I need in my freelance work for the next 12 to 24 months, which is good. But I wonder whether I'm right in suspecting its output bandwidth is limited in hardware as well, looking at the "square wave" at 70MHz on a 500MHz scope. Might be they are just playing tricks on me in FW of course, but it doesn't really look like it.

If anyone knows of any tricks that could be tried or need verification, I'm happy to play along up to a certain degree of risk (the replacement will cost full price). If not I may at some time next year just start poking around in it myself, see if I can find a JTAG header.

Hugs and cuddles :-)

[SmokenJoe]

I just received my DS2072A 2 days ago. I wanted to do a memory dump so I purchased an Olimex ARM-USB-OCD-H and hooked it up to the JTAG port using instructions from this thread. I downloaded blackfin toolchain and installed it. I am running Ubuntu 15. When I run bfin-gdbproxy I always get the following error.

Code: [Select]

./bfin-gdbproxy

Remote proxy for GDB, v0.7.2, Copyright (C) 1999 Quality Quorum Inc.
MSP430 adaption Copyright (C) 2002 Chris Liechti and Steve Underwood
Blackfin adaption Copyright (C) 2008 Analog Devices, Inc.

GDBproxy comes with ABSOLUTELY NO WARRANTY; for details
use `--warranty' option. This is Open Source software. You are
welcome to redistribute it under certain conditions. Use the
'--copying' option for details.

Found USB cable: ARM-USB-OCD-H
Connected to libftdi driver.
warning: TDO seems to be stuck at 1
error:     bfin: detecting parts failed
Found USB cable: ARM-USB-OCD-H
error: Couldn't connect to suitable USB device.
error:     bfin: cable initialization failed

I have double checked all the connections. Can anyone help me with this.