Hacking the Rigol MSO5000 series oscilloscopes

[seppeltronics]

It shows that I have 9 remaining attempts, I can not reinstall the old keys, maybe because I have overwritten the FRAM with the option -r, which was a huge mistake.

Can someone please help me please, I'm stuck and I really do not know what to do now.

Thanks a lot, Best Regards, Seppeltronics

P.S.

Code: [Select]


C:\Program Files\Python312>python C:\mPro\rigol_kg2.py 192.168.178.21
╒════════╤══════════╤═════════════════════════════════════════════════════╕
│ Code   │ Status   │ Description                                         │
╞════════╪══════════╪═════════════════════════════════════════════════════╡
│ BW1T2  │ ----     │ 100MHz to 200MHz Bandwidth Upgrade Option           │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ BW1T3  │ ----     │ 100MHz to 350MHz Bandwidth Upgrade Option           │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ 2RL    │ ----     │ 200Mpts Deep Memory Option                          │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ COMP   │ ----     │ Computer Serial Triggering and Analysis(RS232/UART) │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ EMBD   │ ----     │ Embedded Serial Triggering and Analysis(IIC, SPI)   │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ AUTO   │ ----     │ Automotive Serial Triggering and Analysis(CAN/LIN)  │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ FLEX   │ ----     │ FlexRay Serial Triggering and Analysis              │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ AUDIO  │ ----     │ Audio Serial Triggering and Analysis(I2S)           │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ AERO   │ ----     │ MIL-STD 1553 Serial Triggering and Analysis         │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ DG     │ ----     │ Dual Channel WaveGen 25 MHz AWG                     │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ PWR    │ ----     │ Integrated Power Analysis                           │
╘════════╧══════════╧═════════════════════════════════════════════════════╛
Model: MSO5104
Serial: MS5Axxxxxxx
Version: 00.01.03.03.00
MAC: xxxxxxxxxxxx

/rigol/tools/fram is OK!

Activating: 2RL [MSO5100-2RL@3E4A0AE42A4EBA87D0D2386EA52097B212B7B4241795F2E5FAE1B334D71125ED8483193F74962BF5239CB535F4A0E8C52B10CB8D78E3DE0DDB4829E00BE3E5FB]... unavailable.
Activating: 4CH [MSO5100-4CH@465DEAE53206FBAF54DE5529965053803D26BCDCE28A4F7300F3ABB08D0ECAE05FC91B7079D36AD9BA9B75F1FE43A8F8D3E072E66BFF829FB1D3ECD80A4EDADF]... not activated.
Activating: 5RL [MSO5100-5RL@07C63D3537E61E79F37B1AF921DA1E3F702F7CFD62BD7D4DE6744126C91B3B499CCE294FF6EE91266C7AF39508C422B4547A5128771F1B3EEA676EC526BAB968]... unavailable.
Activating: AERO [MSO5100-AERO@9A5BF1A593BB6641706BF4B4FE2EACF1D674A40E9AB5A051ECABA90CBDB449B4750ACC9EF39948F82ABF09F3623E8B2F477C658409FF9BA9EED6CDA09DED5681]... not activated.
Activating: ARINC [MSO5100-ARINC@4C4625134642B3F7F6CF25A931B626127A2C4F90FBDF5C0BFE50929AED48A66418DE536513E6D118C302162CB6D9935F2E97834326D2A35DE4A501C6D6F77B56]... not activated.
Activating: AUDIO [MSO5100-AUDIO@84941C0FB778ED1E49DEDEB6845C248EE2C0A78E204C2476737313F63E2698239217282C87029FB861D4362D2CB2812D2F722F795D8C48A583CCCB92F7145083]... not activated.
Activating: AUTO [MSO5100-AUTO@40B474039C7FD62F354C1DF7485AAC4520DF35BB692736D9D9A6E17D88C8EB391422059BD47E5FBE2E54D1CFFABB44B6E8D1C75B48D3D078821F08CF20AD2A6C]... not activated.
Activating: BND [MSO5100-BND@A3E981CE398B12B619091A018179A056880A62EC0B79E51CA77A2BA1FF71FFB270C99FB9DCA45A5CB4578AB8956D3FDDC833DF299332EE4A7633EF00849D1428]... not activated.
Activating: BW07T1 [MSO5100-BW07T1@861318EBA3D06E768236C4CC79DAC8E2578500FB692CFDCF5C4B58CDD8C0D680040BFF722AB67E9AA28CB2E60BF854FB3BBF8B3C72CA9C5294A29A02D7640C66]... unavailable.
Activating: BW07T2 [MSO5100-BW07T2@67A3F6DAB880B352AAB321ED08517773A36AEB8655F96F7A89D324E240346B0297D23332D4BD529C30A8C9878460D526AC8B169CD910C6C68161400F364ABEB8]... unavailable.
Activating: BW07T3 [MSO5100-BW07T3@841055F4B6F3B08F8A1CC8DF8F103BA13AA6334577D0A72FABDB0FC4E9A1564BA7DC077A83E3A19BD48E666F9C86618AB36BD0EAEAEB73F1F7C3FDB9C34B8CE5]... unavailable.
Activating: BW07T5 [MSO5100-BW07T5@7FC62088BBAE6FB7BEF24D5F9ACDF15A993171D4BB18C869E2A83971444B7EFD2B755E1BCCF4803F6F8D32C82809B64F2BAD5BDA2A4C6AE97536E688C5AF8061]... unavailable.
Activating: BW1T2 [MSO5100-BW1T2@30C8C051F2A5C5122479DB1A9237F3FB18CE7EC9CAC0474A9F405BDA27DBC4AD324CDBB888450CAB134E49ABA1BA51ABF611A5AE6539F8F6AEB9C7475DFD4FC5]... unavailable.
Activating: BW1T3 [MSO5100-BW1T3@9B39541513B135B0E36D63C88D920A1DEB2800C63A67D2BB0C45A56837DDF71B40D270BACE358EB33BEF49D03C7A0293F881509E2369CCE9E4C5276A62D151B8]... unavailable.
Activating: BW1T5 [MSO5100-BW1T5@14A80CA48B6399A2FD0259B668962B743EE83B24C2EECA9EC23864426A514EA9A003F34E7437506D187B3B573A339A1BC3FFD15FE8C2F1CDDBC46AB774984A13]... unavailable.
Activating: BW2T3 [MSO5100-BW2T3@A163523E816C85AC70197B68FC20C7811A358ED28965D9EF286B53C3184AB9443D27C803DC4D022259F45BD0187277224292443BDAF5C9006E8683851E3BA46A]... unavailable.
Activating: BW2T5 [MSO5100-BW2T5@325FE82B891D35567A0164B596F7B84B2CED2E85D640927932140BDBA24958C32073B268EEC9449ABEFBF68A05B58C9FE9A51BCAB10E8D8E4309986D65C31CE0]... unavailable.
Activating: BW3T5 [MSO5100-BW3T5@5971AE3EF0B6EBC19B025FF2DC37A7365EA3647B33E4C38ADDEC90FA2AA6AC8A8A3B178984F93FF4C8B91479CD1006B50837B99808BC40DF532C55E96C87B8F5]... unavailable.
Activating: COMP [MSO5100-COMP@939B60C9F5D8FBAF0C680782B6DF68630F54E9ACCA3A466FD76B88244001EF3B03A0E0CE1A4A2A08D082E1647E193A0E8B4F27C600A468301578CC1B386B943B]... not activated.
Activating: CTR [MSO5100-CTR@4D6B30EA86BCA834FF0F75B5F5AF1DC6762D3B3DD8EE072B1361EDD1F337D53E7F33866FD216EC06C5E963B787912936DC1FFFE1ACECFE34BA45709E15724534]... not activated.
Activating: DG [MSO5100-DG@21147A692BFC955C514E37C4ABF2FD02FA4A73EA6AE87D9AABAD2E213D985B162B3E86A4870CB12A32235C941A034243C17E1D8B5496BD64EB0273AD32FD8CDA]... unavailable.
Activating: DVM [MSO5100-DVM@88FF659CF14AB6CC7B9585DAD2B79E2F7470770A7BF0A8D4A58DC26EDD55BBE6024A63B1EBFB28282783790779B67897A6AE55C380ED2DB264D42870F2D880A5]... not activated.
Activating: EDK [MSO5100-EDK@952C31F126219EA1391F76F60D1978EE01E863D60644A3F1158B69DEEFA7DB70A075527F54FC28227B782D196A4BA0D9FEDB95361705B54028814FB6A511ECBA]... not activated.
Activating: EMBD [MSO5100-EMBD@66C79B675A739484D2F1AE25931E57D743DB0FC6D785369129F07A47B0DF531C05BFF41E826023872F46062E5D39F7DB7564FCB062E7636ABDFDAD877FA51D67]... not activated.
Activating: FLEX [MSO5100-FLEX@A259D940749CFAE8B96DDA399D458C5AA644CC1B48BAF3A017E97E794ABB4CD34BD6F518F092C8218B249A34DF6849B2BF9350BFDAA3D131D46106A681862B3C]... not activated.
Activating: JITTER [MSO5100-JITTER@45AA3452E542DA21A3C81DB164CF35F8AB4E4E80893DCEDA674D41D1555315513BF82C21F3BBA501B3EF412AC354B87A616F9AF5C6A4E0C24D320F8A93E58EA4]... not activated.
Activating: MASK [MSO5100-MASK@390F7931353BEEABC4BF1425831F8612D86434BAF1A4E10D3DDEE918D0BD5F351F405EEF53FE29E94C8626786EE574A4FE7E59881B8BFCEBCF28B107DCFDDC22]... not activated.
Activating: MSO [MSO5100-MSO@193ED0D231141DFCB71C33A87270041321C73F0EFE0F1952ACE67C1AD73EB6332EAC4E061625B0D8F98AA55612D69133BA083BE8AED736692A896A96AB61E30B]... activated.
Activating: PWR [MSO5100-PWR@2A27DA3963D0C599C5CF9B25F819A8E90EE374C9BAE04D6316FBD56C53AAACC41E649376B6D7C5FB7A0099244929475914A9867E874E6E1EB3F381F37D8193F6]... not activated.
Activating: SENSOR [MSO5100-SENSOR@0622D1C5DF405041F4292641D9965F9CC0626EE6179150AD13A1762715462F61301B178B556C1F1A49D3755F8FB8E2DB3154AB0F14BDC510591DAB78638F0D54]... not activated.
╒════════╤══════════╤═════════════════════════════════════════════════════╕
│ Code   │ Status   │ Description                                         │
╞════════╪══════════╪═════════════════════════════════════════════════════╡
│ BW1T2  │ ----     │ 100MHz to 200MHz Bandwidth Upgrade Option           │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ BW1T3  │ ----     │ 100MHz to 350MHz Bandwidth Upgrade Option           │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ 2RL    │ ----     │ 200Mpts Deep Memory Option                          │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ COMP   │ ----     │ Computer Serial Triggering and Analysis(RS232/UART) │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ EMBD   │ ----     │ Embedded Serial Triggering and Analysis(IIC, SPI)   │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ AUTO   │ ----     │ Automotive Serial Triggering and Analysis(CAN/LIN)  │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ FLEX   │ ----     │ FlexRay Serial Triggering and Analysis              │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ AUDIO  │ ----     │ Audio Serial Triggering and Analysis(I2S)           │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ AERO   │ ----     │ MIL-STD 1553 Serial Triggering and Analysis         │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ DG     │ ----     │ Dual Channel WaveGen 25 MHz AWG                     │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ PWR    │ ----     │ Integrated Power Analysis                           │
╘════════╧══════════╧═════════════════════════════════════════════════════╛



[BTO]

It shows that I have 9 remaining attempts, I can not reinstall the old keys, maybe because I have overwritten the FRAM with the option -r, which was a huge mistake.

Can someone please help me please, I'm stuck and I really do not know what to do now.

Thanks a lot, Best Regards, Seppeltronics

P.S.

Code: [Select]


C:\Program Files\Python312>python C:\mPro\rigol_kg2.py 192.168.178.21
╒════════╤══════════╤═════════════════════════════════════════════════════╕
│ Code   │ Status   │ Description                                         │
╞════════╪══════════╪═════════════════════════════════════════════════════╡
│ BW1T2  │ ----     │ 100MHz to 200MHz Bandwidth Upgrade Option           │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ BW1T3  │ ----     │ 100MHz to 350MHz Bandwidth Upgrade Option           │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ 2RL    │ ----     │ 200Mpts Deep Memory Option                          │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ COMP   │ ----     │ Computer Serial Triggering and Analysis(RS232/UART) │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ EMBD   │ ----     │ Embedded Serial Triggering and Analysis(IIC, SPI)   │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ AUTO   │ ----     │ Automotive Serial Triggering and Analysis(CAN/LIN)  │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ FLEX   │ ----     │ FlexRay Serial Triggering and Analysis              │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ AUDIO  │ ----     │ Audio Serial Triggering and Analysis(I2S)           │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ AERO   │ ----     │ MIL-STD 1553 Serial Triggering and Analysis         │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ DG     │ ----     │ Dual Channel WaveGen 25 MHz AWG                     │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ PWR    │ ----     │ Integrated Power Analysis                           │
╘════════╧══════════╧═════════════════════════════════════════════════════╛
Model: MSO5104
Serial: MS5Axxxxxxx
Version: 00.01.03.03.00
MAC: xxxxxxxxxxxx

/rigol/tools/fram is OK!

Activating: 2RL [MSO5100-2RL@3E4A0AE42A4EBA87D0D2386EA52097B212B7B4241795F2E5FAE1B334D71125ED8483193F74962BF5239CB535F4A0E8C52B10CB8D78E3DE0DDB4829E00BE3E5FB]... unavailable.
Activating: 4CH [MSO5100-4CH@465DEAE53206FBAF54DE5529965053803D26BCDCE28A4F7300F3ABB08D0ECAE05FC91B7079D36AD9BA9B75F1FE43A8F8D3E072E66BFF829FB1D3ECD80A4EDADF]... not activated.
Activating: 5RL [MSO5100-5RL@07C63D3537E61E79F37B1AF921DA1E3F702F7CFD62BD7D4DE6744126C91B3B499CCE294FF6EE91266C7AF39508C422B4547A5128771F1B3EEA676EC526BAB968]... unavailable.
Activating: AERO [MSO5100-AERO@9A5BF1A593BB6641706BF4B4FE2EACF1D674A40E9AB5A051ECABA90CBDB449B4750ACC9EF39948F82ABF09F3623E8B2F477C658409FF9BA9EED6CDA09DED5681]... not activated.
Activating: ARINC [MSO5100-ARINC@4C4625134642B3F7F6CF25A931B626127A2C4F90FBDF5C0BFE50929AED48A66418DE536513E6D118C302162CB6D9935F2E97834326D2A35DE4A501C6D6F77B56]... not activated.
Activating: AUDIO [MSO5100-AUDIO@84941C0FB778ED1E49DEDEB6845C248EE2C0A78E204C2476737313F63E2698239217282C87029FB861D4362D2CB2812D2F722F795D8C48A583CCCB92F7145083]... not activated.
Activating: AUTO [MSO5100-AUTO@40B474039C7FD62F354C1DF7485AAC4520DF35BB692736D9D9A6E17D88C8EB391422059BD47E5FBE2E54D1CFFABB44B6E8D1C75B48D3D078821F08CF20AD2A6C]... not activated.
Activating: BND [MSO5100-BND@A3E981CE398B12B619091A018179A056880A62EC0B79E51CA77A2BA1FF71FFB270C99FB9DCA45A5CB4578AB8956D3FDDC833DF299332EE4A7633EF00849D1428]... not activated.
Activating: BW07T1 [MSO5100-BW07T1@861318EBA3D06E768236C4CC79DAC8E2578500FB692CFDCF5C4B58CDD8C0D680040BFF722AB67E9AA28CB2E60BF854FB3BBF8B3C72CA9C5294A29A02D7640C66]... unavailable.
Activating: BW07T2 [MSO5100-BW07T2@67A3F6DAB880B352AAB321ED08517773A36AEB8655F96F7A89D324E240346B0297D23332D4BD529C30A8C9878460D526AC8B169CD910C6C68161400F364ABEB8]... unavailable.
Activating: BW07T3 [MSO5100-BW07T3@841055F4B6F3B08F8A1CC8DF8F103BA13AA6334577D0A72FABDB0FC4E9A1564BA7DC077A83E3A19BD48E666F9C86618AB36BD0EAEAEB73F1F7C3FDB9C34B8CE5]... unavailable.
Activating: BW07T5 [MSO5100-BW07T5@7FC62088BBAE6FB7BEF24D5F9ACDF15A993171D4BB18C869E2A83971444B7EFD2B755E1BCCF4803F6F8D32C82809B64F2BAD5BDA2A4C6AE97536E688C5AF8061]... unavailable.
Activating: BW1T2 [MSO5100-BW1T2@30C8C051F2A5C5122479DB1A9237F3FB18CE7EC9CAC0474A9F405BDA27DBC4AD324CDBB888450CAB134E49ABA1BA51ABF611A5AE6539F8F6AEB9C7475DFD4FC5]... unavailable.
Activating: BW1T3 [MSO5100-BW1T3@9B39541513B135B0E36D63C88D920A1DEB2800C63A67D2BB0C45A56837DDF71B40D270BACE358EB33BEF49D03C7A0293F881509E2369CCE9E4C5276A62D151B8]... unavailable.
Activating: BW1T5 [MSO5100-BW1T5@14A80CA48B6399A2FD0259B668962B743EE83B24C2EECA9EC23864426A514EA9A003F34E7437506D187B3B573A339A1BC3FFD15FE8C2F1CDDBC46AB774984A13]... unavailable.
Activating: BW2T3 [MSO5100-BW2T3@A163523E816C85AC70197B68FC20C7811A358ED28965D9EF286B53C3184AB9443D27C803DC4D022259F45BD0187277224292443BDAF5C9006E8683851E3BA46A]... unavailable.
Activating: BW2T5 [MSO5100-BW2T5@325FE82B891D35567A0164B596F7B84B2CED2E85D640927932140BDBA24958C32073B268EEC9449ABEFBF68A05B58C9FE9A51BCAB10E8D8E4309986D65C31CE0]... unavailable.
Activating: BW3T5 [MSO5100-BW3T5@5971AE3EF0B6EBC19B025FF2DC37A7365EA3647B33E4C38ADDEC90FA2AA6AC8A8A3B178984F93FF4C8B91479CD1006B50837B99808BC40DF532C55E96C87B8F5]... unavailable.
Activating: COMP [MSO5100-COMP@939B60C9F5D8FBAF0C680782B6DF68630F54E9ACCA3A466FD76B88244001EF3B03A0E0CE1A4A2A08D082E1647E193A0E8B4F27C600A468301578CC1B386B943B]... not activated.
Activating: CTR [MSO5100-CTR@4D6B30EA86BCA834FF0F75B5F5AF1DC6762D3B3DD8EE072B1361EDD1F337D53E7F33866FD216EC06C5E963B787912936DC1FFFE1ACECFE34BA45709E15724534]... not activated.
Activating: DG [MSO5100-DG@21147A692BFC955C514E37C4ABF2FD02FA4A73EA6AE87D9AABAD2E213D985B162B3E86A4870CB12A32235C941A034243C17E1D8B5496BD64EB0273AD32FD8CDA]... unavailable.
Activating: DVM [MSO5100-DVM@88FF659CF14AB6CC7B9585DAD2B79E2F7470770A7BF0A8D4A58DC26EDD55BBE6024A63B1EBFB28282783790779B67897A6AE55C380ED2DB264D42870F2D880A5]... not activated.
Activating: EDK [MSO5100-EDK@952C31F126219EA1391F76F60D1978EE01E863D60644A3F1158B69DEEFA7DB70A075527F54FC28227B782D196A4BA0D9FEDB95361705B54028814FB6A511ECBA]... not activated.
Activating: EMBD [MSO5100-EMBD@66C79B675A739484D2F1AE25931E57D743DB0FC6D785369129F07A47B0DF531C05BFF41E826023872F46062E5D39F7DB7564FCB062E7636ABDFDAD877FA51D67]... not activated.
Activating: FLEX [MSO5100-FLEX@A259D940749CFAE8B96DDA399D458C5AA644CC1B48BAF3A017E97E794ABB4CD34BD6F518F092C8218B249A34DF6849B2BF9350BFDAA3D131D46106A681862B3C]... not activated.
Activating: JITTER [MSO5100-JITTER@45AA3452E542DA21A3C81DB164CF35F8AB4E4E80893DCEDA674D41D1555315513BF82C21F3BBA501B3EF412AC354B87A616F9AF5C6A4E0C24D320F8A93E58EA4]... not activated.
Activating: MASK [MSO5100-MASK@390F7931353BEEABC4BF1425831F8612D86434BAF1A4E10D3DDEE918D0BD5F351F405EEF53FE29E94C8626786EE574A4FE7E59881B8BFCEBCF28B107DCFDDC22]... not activated.
Activating: MSO [MSO5100-MSO@193ED0D231141DFCB71C33A87270041321C73F0EFE0F1952ACE67C1AD73EB6332EAC4E061625B0D8F98AA55612D69133BA083BE8AED736692A896A96AB61E30B]... activated.
Activating: PWR [MSO5100-PWR@2A27DA3963D0C599C5CF9B25F819A8E90EE374C9BAE04D6316FBD56C53AAACC41E649376B6D7C5FB7A0099244929475914A9867E874E6E1EB3F381F37D8193F6]... not activated.
Activating: SENSOR [MSO5100-SENSOR@0622D1C5DF405041F4292641D9965F9CC0626EE6179150AD13A1762715462F61301B178B556C1F1A49D3755F8FB8E2DB3154AB0F14BDC510591DAB78638F0D54]... not activated.
╒════════╤══════════╤═════════════════════════════════════════════════════╕
│ Code   │ Status   │ Description                                         │
╞════════╪══════════╪═════════════════════════════════════════════════════╡
│ BW1T2  │ ----     │ 100MHz to 200MHz Bandwidth Upgrade Option           │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ BW1T3  │ ----     │ 100MHz to 350MHz Bandwidth Upgrade Option           │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ 2RL    │ ----     │ 200Mpts Deep Memory Option                          │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ COMP   │ ----     │ Computer Serial Triggering and Analysis(RS232/UART) │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ EMBD   │ ----     │ Embedded Serial Triggering and Analysis(IIC, SPI)   │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ AUTO   │ ----     │ Automotive Serial Triggering and Analysis(CAN/LIN)  │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ FLEX   │ ----     │ FlexRay Serial Triggering and Analysis              │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ AUDIO  │ ----     │ Audio Serial Triggering and Analysis(I2S)           │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ AERO   │ ----     │ MIL-STD 1553 Serial Triggering and Analysis         │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ DG     │ ----     │ Dual Channel WaveGen 25 MHz AWG                     │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ PWR    │ ----     │ Integrated Power Analysis                           │
╘════════╧══════════╧═════════════════════════════════════════════════════╛



Hi mate, Seriously if you're having that much trouble,  Just do the method that i offered you and you'll be ready to go and
all upgraded, As i said, NO ONE has ever (with my help) not successfully upgraded.
Just follow that link i gave you in my previous post
Download the zip file
Download video #2
if you have any questions let me know, But there really are only 3 steps to it

1. Backup
2. Upgrade to version 1.3.3.0
3. Patch the firmware

if you're already on 1.3.3.0 you can just do step 3 (Copy the 3 files to USB stick) in your scope , run the LOCAL UPGRADE
and you'll be fine.

[reztek]

It shows that I have 9 remaining attempts, I can not reinstall the old keys, maybe because I have overwritten the FRAM with the option -r, which was a huge mistake.

Can someone please help me please, I'm stuck and I really do not know what to do now.

Thanks a lot, Best Regards, Seppeltronics

Was having the same problem. In my case, I had to setup a static IP on the scope and on the PC and connected both directly (no switch or router in between) and after that the script run flawlessly.

[thorstormlord]

Il.just post here that I did the static IP thing on my scope and the script still didn't work for me. The other method with the local upgrades works fine though sood the script doesn't like your setup you can do the local upgrades as a fall back

[BTO]

It shows that I have 9 remaining attempts, I can not reinstall the old keys, maybe because I have overwritten the FRAM with the option -r, which was a huge mistake.

Can someone please help me please, I'm stuck and I really do not know what to do now.

Thanks a lot, Best Regards, Seppeltronics

Was having the same problem. In my case, I had to setup a static IP on the scope and on the PC and connected both directly (no switch or router in between) and after that the script run flawlessly.

Hi Reztek
Mate, don't give yourself a headache ok
Seppletronics literally had the same problem you just did and was up shit creek and knee deep in trouble

SEPPLETRONICS IS SAVED AND UPDATED AND ALL OPTIONS UNLOCKED


Go to this link
https://www.eevblog.com/forum/testgear/post-hacking-rigol-mso5000-post-hacking-tutorial-deep-dive/

download the .zip upgrade file
download video #2

But in summary,
Just download the files and run through the steps 1 by 1,  since seppeletronics , Thorstormlord and many many others before you
have done the same thing and been successful, i don't see why it won't work for you either.
if you have trouble let me know, but i imagine you're going to come back in the next post and say , thanks very much it worked.

so go do that and then come back and tell us how happy you are   LOL

[BTO]

Il.just post here that I did the static IP thing on my scope and the script still didn't work for me. The other method with the local upgrades works fine though sood the script doesn't like your setup you can do the local upgrades as a fall back

Exactly, Seppletronics had the same problem he's now upgraded through the local upgrade successfully

[BTO]

Il.just post here that I did the static IP thing on my scope and the script still didn't work for me. The other method with the local upgrades works fine though sood the script doesn't like your setup you can do the local upgrades as a fall back

I'm curious though, and, You've done DrMephisto's method.
it seems like it would be a good path to take considering that we don't need to do further patches. However, mate. in your opinion...
Why do you think it's not working for so many ?
You said

the script doesn't like your setup

However, if it's a method that works , it shouldn't matter what the script likes or not.
I've really been thinking about this and if it works for say 1 in every 10 people then it's not worth the risk is it .

Even if i try it as i suggested, and let's say it works for me, that's still not a high probability that it'll work for someone else.
Unless i could do something like prove for the next 10 people in a row (as a min.) with a video demo that it works, then ok.
but i think at this point it's just less headache to get to the next update and then patch at that point.

if however a better solution exists at that point, then.. Cool
but for now, i think the local upgrade option is the one that works the best, but i am curious why the other way doesn't work with a high
success rate.

[seppeltronics]

Hello Reztek,

could you please share more details, how exactly did you do it?

- OS and version
- Type of network card
- IP adresses
- Call of the Script
- Log/Output of the script
-...

Thank you very much.

Best Regards, Seppeltronics

[BTO]

Try to uninstall all options first, wait for reboot, then install with regen private key flag.

I tried as described, first uninstalled and after reboot I installed with regen private key. Tried it several times but the oscilloscope only replies with "remaining attempts" as described by zauberpilz, now only 2 attempts left. What am I doing wrong? Could you please help?

Hey mate, Just wondering, How are you going with unlocking the scope.
Have you tried the method that i stated ?
You can keep persisting the method that you're doing or
You can do the method that i've put forward that we know works.

Just making sure everyone is up to date

[seppeltronics]

Zauberpilz and me had a call, as I understood it, he did not use the "01.03.03.00". Maybe that causes it?

What I also notices in the script, line 405, whatever that means?

Code: [Select]

'version': '1.0'
And I also wondered if it works for models like my MSO5104?

[BTO]

Zauberpilz and me had a call, as I understood it, he did not use the "01.03.03.00". Maybe that causes it?

What I also notices in the script, line 405, whatever that means?

Code: [Select]

'version': '1.0'
And I also wondered if it works for models like my MSO5104?

Interesting....

[zauberpilz]

I would guess version 1 of the keygen?

[zauberpilz]

Since I am apparently the only user who was able to activate an MSO5000 100% with the keygen, albeit with minor initial problems, I will write here exactly what ultimately led to success for me.

First I installed the penultimate firmware (00.01.03.02.02) so that a fresh, unedited device is available. I then deactivated the already activated BND option using the keygen (rigol_kg2.py -d ip_addr) and restarted the device. Then I installed a new private key with the keygen (rigol_kg2.py -r ip_addr) and reinstalled the firmware a second time. This was probably unnecessary, but since I did it, I'll write it. After the firmware was reinstalled, I ran the keygen along with the IP address and everything was activated. To test whether the activations are permanent, I installed the latest firmware. And yes, all the optins were still marked “forever.” Writing the private key to the device with -r creates a file called priv.pem on the computer. If I understand correctly, it contains the original key for the device. So keep it safe! So far I don't know of a way to write it back into the device. But that should be doable. And if you want to shorten your search for a compatible USB stick. Then format your USB sticks with the Rufus tool and not with Windows! Since I always pre-format my USB sticks with this, ALL devices I connect them to recognize them without even a small problem. And to avoid problems when installing the firmware, simply reset the MSO to factory settings beforehand and everything will work wonderfully as it should. I hope this helps someone here.

[zauberpilz]

There is someone else who did it.

reztek

I would have been surprised if it had only worked for me.

[BTO]

There is someone else who did it.

reztek

I would have been surprised if it had only worked for me.

Firstly thanks for the your post on how you did it successfully.

Secondly -  Do we know why the success rate is so low for activation via this method ? it seems strange that only a handful or less have done
it successfully, I've personally had approx 100 odd people approach me for a solution who said they tried it that way and failed. I'm really
trying to understand why the success rate of it is so low ...... Any Ideas   I'm literally reading through all teh posts of the hacks since
the 1052E (which i've already done) and the DS2000A (which i've already completed) and i'm now reading the MSO5000 path of which i have completed 10 pages of... i think 50 something

Thus far i have concluded that DS1052E merely had a Shared key, it was easy, one key for all.
DS2000A Use Symmetrical encryption so when the algorithm was obtained we could generate and unlock key (or.. Unlock options)
but ofcourse everyone chose the option to unlock all. Using this method legitimately unlocked and licenced the scope

it would seem that for MSO5000 rigole implemented Assymetrical encryption, simply put, there is a secret key that is held at rigol's end
that we don't have access to and for this reason we were not able to licence it and it was widely agreed (at least up to the first 10 pages, which gets us to 2018 i think it was) by those that are doing the hacking primarily that "Patching the software" would be the most viable solution.

so that's all fair and good, then dr Mephisto came up with this method of licencing the scope.
Now, here is the part i don't get . if it's a method that works

1.  Why are we being told "if it works" this will happen etc etc

2. Why is is there such a low success rate.  (Perhaps people are not doing it right, Perhaps it's a touch and go method.)  who knows.

any idea why this happens ?

[tv84]

If I understand correctly, it contains the original key for the device. So keep it safe!

No, that file is the private key that was used to generate your licenses.

You can keep it but it's a bit irrelevant. Since you have the script you can re-generate a new priv key and a pack of new lics anytime.

The file that you should keep is the original Key.data, just in case.

[smas]

Hi,

I was able to successfuly unlock all options on MSO5074 by using the phyton script rigol_kg2.py posted earlier on this forum by DrMefistO. I used the following procedure based on the experience of zauberpilz:

First, because the scope already had the patched firmware v00.01.03.03.00, I reverted it to the stock firmware v00.01.03.02.02 by using a usb stick and the factory menu (pressing SINGLE on reboot and selecting "Upgrade Firmware"). After that, I rebooted while pressing SINGLE and also did "Restore Defaults" from the same menu. After these steps, I verified in the scope (Util->Sys->Help->About and Opt List) that the firmware version became v00.01.03.02.02 and that all options were inactive.

Next, I connected the scope by a network cable to a WiFi router. I did not setup a static IP on the scope, it was assigned by the router automatically with DHCP. I checked what was the assigned IP address (192.168.1.82 in this example) and wrote it down. Next, I ran the rigol_kg2.py script on a linux laptop connected through WiFi to the same router. First, to check the network connection, I ran

Code: [Select]

$ python rigol_kg2.py -i 192.168.1.82
which returned a table of scope options (all were off), the scope's model, serial number, firmware version, etc. All looked as expected. This confirmed that the network setup was OK.

Next, I did

Code: [Select]

$ python rigol_kg2.py -r 192.168.1.82
This command first printed the same info table as the previous one, and after that

Code: [Select]

/rigol/tools/fram is OK!

Reading CFRAM...
100%|█████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████| 8192/8192 [00:21<00:00, 378.05it/s]
Reading CFRAM done.

Applying new CFRAM...
100%|██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████| 8192/8192 [03:39<00:00, 37.30it/s]
New CFRAM applied.

Key.data backup created.
New Key.data applied.

After that it printed a lot of lines like these:

Code: [Select]

Activating: 2RL [MSO5000-2RL@ ...]... unavailable.
Activating: 4CH [MSO5000-4CH@ ...]... not activated.
Activating: 5RL [MSO5000-5RL@...]... unavailable.
Activating: AERO [MSO5000-AERO@...]... not activated.


Note the "unavailable", "not activated", etc. Also after that it again printed an option table with all options off. Nevertheless, I contunued, rebooted the scope while pressing SINGLE button and reinstalled THE SAME STOCK FIRMWARE v00.01.02.02 again using the factory menu.

After that, when the scope booted, I checked its assigned IP address, and confirmed that it was the same. Then, to check connection, I issued the command

Code: [Select]

$ python rigol_kg2.py -i 192.168.1.82
and got the info table with all the same information (all options disabled). After that I did

Code: [Select]

$ python rigol_kg2.py 192.168.1.82
This command first printed the same info table, and then

Code: [Select]

/rigol/tools/fram is OK!

Activating: 2RL [MSO5000-2RL@...
Activating: 4CH [MSO5000-4CH@...
Activating: 5RL [MSO5000-5RL@...
Activating: AERO [MSO5000-AERO@...


and more lines like this, after which I FINALLY SAW

Code: [Select]

╒════════╤══════════╤═════════════════════════════════════════════════════╕
│ Code   │ Status   │ Description                                         │
╞════════╪══════════╪═════════════════════════════════════════════════════╡
│ 2RL    │ Forever  │ 200Mpts Deep Memory Option                          │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ COMP   │ Forever  │ Computer Serial Triggering and Analysis(RS232/UART) │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ EMBD   │ Forever  │ Embedded Serial Triggering and Analysis(IIC, SPI)   │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ AUTO   │ Forever  │ Automotive Serial Triggering and Analysis(CAN/LIN)  │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ FLEX   │ Forever  │ FlexRay Serial Triggering and Analysis              │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ AUDIO  │ Forever  │ Audio Serial Triggering and Analysis(I2S)           │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ AERO   │ Forever  │ MIL-STD 1553 Serial Triggering and Analysis         │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ DG     │ Forever  │ Dual Channel WaveGen 25 MHz AWG                     │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ PWR    │ Forever  │ Integrated Power Analysis                           │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ BW07T3 │ Forever  │ 70MHz to 350MHz Bandwidth Upgrade Option            │
╘════════╧══════════╧═════════════════════════════════════════════════════╛


After that I confirmed in the scope that all options were enabled. Next, I proceeded with upgrading to the stock firmware v00.01.03.03.00 using the local upgrade option from the scope menu, which went flawlessly. After upgrade finished I confirmed that all options were still active and I did the scope calibration as usual.

Hope this helps!

[bulba99]

@smas
are you sure you installed firmware v00.01.02.02 ?

Thank you for the guide.

[smas]

Hi bulba99,

Oops, I see that I made a misprint in the version number! I will fix the post.

The first thing I did, I downgraded the firmware from v00.01.03.03.00 (patched) to v00.01.03.02.02 (unpatched). The main reason to do that was to replicate the situation described by zauberpilz. Additionally, I wanted to certify that all options will remain activated after an upgrade from v00.01.03.02.02 to v00.01.03.03.00.

[seppeltronics]

Hello,

how do I downgrade to the older version and how do I get it? I'm not sure my backup worked. Is it possible with the official menu of the scope and how do I find the older version, is it available somewhere?

What does the press of the "Single Button" at the startup do? Is there a manual/tutorial on this?

Thanks a lot, best Regards, Seppeltronics.

[thm_w]

What does the press of the "Single Button" at the startup do? Is there a manual/tutorial on this?

Try it and you'll see. Pressing single brings you to the bootloader which allows upgrade/downgrade of the firmware and reset to factory defaults.
Normally you can only upgrade in the regular scope app.