Woot, at the stroke of midnight the beast came to life!
This was my hand-edited appEntry running out of /tmp. I have to say, I was a little disappointed. when I did kill -9 of the appEntry process, nothing happened... It should be cool like in Tron when they shut down the Master Control Program...
The patch file and patch.txt for the May build of firmware 01.03.00.01 is attached. These are used with mabl's autopatcher. They are based on the version of the patch in
this message from typoknig which includes the patch to disable phone-home.
Here's the contents of the patch.txt file:
file_to_patch=/rigol/appEntry
file_to_patch_md5sum=783a31ebdc0d4acb7b9dc244155ba1c6
patch_file=mayBuildPatch.bspatch
after_patch_md5sum=7e39040bfb086c666be3e7cc87dd73b0
I'm also attaching the final version of my shell script that uses objdump and diff to find the difference between the original and patched version of an older executable, and then figures out what file offsets need to be hex-edited in the newer executable to manually recreate the patch. Doing this in a shell script was way more complicated than doing it manually and in fact I made the patch and then went back and spent a full day making a shell script to recreate exactly what I did manually... but for me, this feels better than writing out step-by-step instructions. It only took so long because (repeating what I said before) the included version of various command line utilities on Mac... kind of suck...
If you want to use this script, be sure to read the comments carefully. I refer to gobjdump and gsed for the gnu versions, gnu would probably be the default versions if you're on Linux, so you'd have to fix that. Also I use associative arrays and the syntax is
slightly different in zsh versus bash4 but I included both in comments. Also note that this script just finds the file offsets you need to edit; you have to do the editing yourself with a hex editor. I had to draw the line somewhere!
I'd like to thank the people in the last few days of messages who offered help... you can see who they are by scrolling back. I probably could have got it to work simply based on the info that already existed in the thread, but it would have taken a lot longer and involved a lot more trial and error and a lot more anxiety about flying blind and worrying that I was going to brick my scope. I especially want to observe, for the benefit of anyone else thinking about doing this from scratch, that the most useful piece of information was sb42 telling me the number of lines of diff to expect between patched and unpatched and clarifying my misunderstanding about diff between different versions. A close second was bmx and sb42 pointing me in the direction of objdump rather than a full reverse engineering tool.
Finally, mabl you were totally right that this was rewarding to figure out!
For completeness, here's the instructions for someone who just wants to patch:
1. In
this message mabl posted the "auto patcher".
2. Download that and rename it to remove the .txt (Make sure you actually remove the .txt extension, don't be fooled by your stupid gui.)
3. Check the "About" menu on your scope to see what version and build of firmware you have. If you have a new scope as of the date of this message it probably has 01.03.00.01 with a build date of May. For that version/build you can use the patch file and patch.txt attached to this message. Otherwise you have to search.
4. Follow the instructions in mabl's message. You will know it works because the screen will turn white with text and give you some "hit any key" prompts.
5. If it doesn't get to that screen, it's probably because you're using too large of a flash drive or it's formatted wrong or the file still has a .txt extension.
6. If the black on white text tells you that it worked, it takes a pretty long time (1 minute) for anything else to happen. that's normal.
7. If it got that far but then the licenses don't show up, then you'll have to do some deeper troubleshooting.
8. If your scope becomes non-functional try turning it off and then back on again. If that doesn't work, then you will have to use the "secret menu" and restore the firmware. This is not that hard, but you'll have to search through the thread if it comes to that.
9. At the present time the collective wisdom of this community seems to agree that it is impossible to permanently brick your scope. Restoring firmware via secret menu is the worst case scenario.
10. I think, maybe, you're supposed to use the scope's menus to run its auto-calibration routine once you've done the upgrade?