changing the rigol DS1052E to DS1102E using USB , the dummy guide

[Polossatik]

Hello ArtRock,
anytime, glad to hear it worked fine,
I would say welcome and please do stick around

[tnt]

I'm having trouble changing the firmware.

I tried putting the file on 4 different usb sticks (of 4 different capacity and 3 different manufacturer), and tried formatting them with several different options (FAT16/FAT32 partition or not, ....) and nothing works.

When I plug it, I see "USB Device install successful" and I can read and save waveform to each stick and in the 'device manager', I can see the DS1000EUpdate.RGL file but it never propose me to update ...

The scope has just been bought on DX and has 00.02.04.00.03 installed (from *IDN?)

Anyone has an idea ?

[tnt]

To all those who have installed 00.02.04.00.03 :
does the scope let you do a downgrade from this version ? (no need to actually do it, just put an old 02.02 update file on a stick, plug it and see if it asks you or not).

I think the latest factory installed 00.02.04.00.03 just don't let you downgrade at all.

[beerhunter]

Uhh Ohh! I just tried to do the same thing on mine and I got the same response. It looks like the .03 FW ignores any FW lower in rev number.

[jongs75]

What's wrong with the 00.02.02 SP2 firmware ?

Why bother upgrading to 00.02.04.00.03 ?

[Polossatik]

What's wrong with the 00.02.02 SP2 firmware ?

Why bother upgrading to 00.02.04.00.03 ?

the problem is not so much with the people who upgrade *after* the hack, the problem is with the people who receive the scope with 00.02.04.00.03 from the factory.

added warning to the first page.

Rigol cannot disable Upgrades as such, so the only way out here is to find a way to "patch" the 00.02.02 SP2 firmware file to report itself as for example "00.02.10 SP2" , flash that "patched" firmware, do the hack and then , if wanted/needed flash back to 00.02.04.00.03 (the  00.02.02 SP2 firmware allows "dowgrades")

[tnt]

Yup tried that yesterday and it worked. I hacked the 02.02.02.00 fw image to report itself as 02.04.01.00 and then the scope "updated" just fine.

[Polossatik]

Yup tried that yesterday and it worked. I hacked the 02.02.02.00 fw image to report itself as 02.04.01.00 and then the scope "updated" just fine.

I assume you simply changed the 02.02.02.00  text string at the beginning of the file with a hex editor?

[tnt]

yes

[Polossatik]

yes

thankx,
above info should be enough for "power" users, but I'll update the guide and provide the needed files later on and then update here if it's done.
so if you're not sure and on the new firmware, wait a bit...

[Polossatik]

Guide updated, new flow, firmware files and hopefully not confusing.
I tested all provided files on my rigol, I would appriciate feedback.

[Cheshyr]

I downgraded to 2.02, and now my system boots to a White Screen.  Is it bricked?  Is there a way to recover?

[beerhunter]

Yup tried that yesterday and it worked. I hacked the 02.02.02.00 fw image to report itself as 02.04.01.00 and then the scope "updated" just fine.

I assume you simply changed the 02.02.02.00  text string at the beginning of the file with a hex editor?

You guys are good, really good. Thank You.

[Polossatik]

I downgraded to 2.02, and now my system boots to a White Screen.  Is it bricked?  Is there a way to recover?

You did come from what firmware and what file did you use to downgrade?
Also did you checked the MD5 of the file on your usb stick?
Is this is a new bought DS1052E?

I did test all the firmware files in the DS1052_to_DS1102.zip on my DS1052E , so
 or you did use other files,
 or the was a problem with the file on the usb disk
 or there is a new hardware version that does not like the 02.02.02 fw ...

I do not know how to "force" the Rigol to load a fw image without using the menu...

edit: for good mesure I downloaded the zip file and doublechecked the MD5 sums, they are correct so the files itself should be fine.

[Cheshyr]

I came upon the hack from another site, and used the files they had in their forum.  I do not recall the site unfortunately.  I did not check the MD5.  This was a new DS1052E scope, calibrated June 5th, 2010.  I was able to talk to it via serial before the flash.

I just checked the MD5 on the file I used, and it matches the MD5 of the file in the packet in this thread.

I unzipped, copied to a flash drive, inserted the flash drive, it asked if I wanted to update, I said yes, about a minute later it finished, I reboot, dead.  The screen is white, and the buttons randomly cycle if I reboot quickly.  The system no longer responds to serial or usb.

So, yeah.  Did something dangerous without doing my due diligence, etc.  Not the fault of your file-pack.  The information on this hack is pretty spread out, and I was just checking if anyone had found a way to recover from a bad flash.  One of the other threads around here mentioned people were looking at the JTAG and SPI lines, and I didn't know if there had been progress, or if there was another way around this.

edit: clarified my process a bit, and verified the md5.

[Polossatik]

ok,
than you used most likely the files from the DS1000_D,E_Upd_v2_02_02.zip from rcgroups (or a copy of those),
it also means your scope was 00.02.04.00.01 or lower otherwise it would not have asked to update

I'm afraid I cannot help you out, all I can suggest for the moment is to indeed check the other thread and see if you have something to add.

[(*steve*)]

Uhh Ohh! I just tried to do the same thing on mine and I got the same response. It looks like the .03 FW ignores any FW lower in rev number.

I've been trying to register for a while.  I compared several versions of the firmware, and it was pretty clear that there is no checksum in it.

I note that someone has already suggested modifying the firmware :-)

Does anyone know what the processor is inside these devices?  The firmware isn't encrypted and so it shouldn't be too hard to have a go at dissasembly and from there (with a couple of firmware versions in hand) patch them to allow the old version number hack -- or perhaps to simply default to the DS1102E.

Naturally this could easily brick the device and it would be prudent to have a method (is there a jtag interface?) of de-bricking them if we break them.

An even easier hack might be to get the current firmware and change where it looks for 1052E / 1102E to swap those numbers around.  That means no need to update model number and serial number.  I have searched for this (not particularly thoroughly) in the firmware without luck.

[Polossatik]

Does anyone know what the processor is inside these devices?  The firmware isn't encrypted and so it shouldn't be too hard to have a go at dissasembly and from there (with a couple of firmware versions in hand) patch them to allow the old version number hack -- or perhaps to simply default to the DS1102E.

There is a lot of info in the https://www.eevblog.com/forum/index.php?topic=30.0 thread and on rcgroups http://www.rcgroups.com/forums/showthread.php?t=663958 http://www.rcgroups.com/forums/showthread.php?t=1222045

it's there but buried, no summary I can directly link to.

Naturally this could easily brick the device and it would be prudent to have a method (is there a jtag interface?) of de-bricking them if we break them.

See https://www.eevblog.com/forum/index.php?topic=30.660

the current "mod" is a simple text string adaption, it looks like the firware flasher does not look at the actual firmware itself.
I also noted that the 02.04 fw is taking much more place compared to the 02.02 (by checking the .RGL file )

[Charlietuna]

Hi All!

Thank you all so much for your knowledge. I miraculously  was able to convert my 02.04.01 scope to the DS1102E. My heart was in my mouth when I did it. I did it over several days, using HASHCALC and trying to follow the directions precisely. I do think it's a good ideal to get ULTRASCOPE working with your scope before doing the firmware change. That's what I did. I had a little difficulty with the windows drivers. At first it thought the scope was a camera. I was much more comfortable knowing that I hadn't done any modification to the scope.

Next step is to learn more about the scope. I didn't upgrade back to the 04 firmware. I didn't want to push my luck.

Thank again!

Steve

[tokuro]

i just got one and was able to "upgrade"  Nice.

[BarsMonster]

Yesterday I've finally got my new & shiny Rigol DS1052E from China (375$), and thanks to this guide I upgraded it to 1102 without any problems (W7 64bit).
Great guide :-)

Now it shows 3.1ns risetime on my square wave generator :-)

[Andrei]

Hey guys, I just got the DS1052E scope in the mail 2 days ago. When I go to the model screen  my software version seems to be 2.04 SP1.

Is this a new version or did I just not read the instructions well? Has anyone tried downgrading using this version ?

[Polossatik]

Hey guys, I just got the DS1052E scope in the mail 2 days ago. When I go to the model screen  my software version seems to be 2.04 SP1.

Is this a new version or did I just not read the instructions well? Has anyone tried downgrading using this version ?

AFAIK this has not been seen before, what does a *IDN? gives ? (you can install the usb drivers and use the tool to get the firmware version without risk, it will not change anything on the scope)

[Andrei]

I did the read from the *IDN? the reply was as follows

Rigol Technologies,DS1052E,DS1ED123######,00.02.04.01.02

[Polossatik]

I did the read from the *IDN? the reply was as follows

Rigol Technologies,DS1052E,DS1ED123######,00.02.04.01.02

well, that's indeed not seen before, the latest I'm aware of is the 00.02.04.00.03

The next step would be to use the firmware in the 02.02.SP2_patched_to_02.04.02 and see if the scope asks to do an upgrade.

If Rigol did not added extra checks on the upgrade system the "modded" 02.02.02.00 files should work and trigger an "upgrade" (actually a downgrade but the scope thinks it's a upgrade...) prompt on the scope (which you then still should be able to cancel by simply turning off the scope before pressing the button to do the actual upgrade )

And as always, I cannot promise nothing bad will happen to the scope, it's not very likely, but possible, that there is a hardware change so that your newer 1052E does not work with the old 02.02.02.00 firmware. that's your call to see if you take the risk