I tried "upgrading" the MSO7014 to all upgrade options using the MSO5000 guides and recommendations from here. It didn't work. Although I know I still have to try something else (more work). I just want to let everybody know about this experience.
1) Use the gel file from
https://www.eevblog.com/forum/testgear/new-rigol-ds7000/msg2930476/#msg2930476 to get ssh running.
This worked fine. One thing that I wanted to do was to get ssh _always_ running without needing to use the USB key just in case something went south with the appEntry executable and then I couldn't get to the device again (because I didn't even get appEntry program running at all!!!). I mean, the plan is to tweak a binary directly. This is kind of insane (easy to screw things up).
1.1) EXTRA STEP: Get ssh always running!!!
In the MSO5000 thread I read somewhere that at /etc/init.d/rcS ssh was previously started, but rigol removed this in newer firmware versions. I looked at the file and I saw "#/usr/sbin/sshd" commented out. Tried removing the comment, reboot: did't work. I think the reason is because the "/" rootfs of the device is some sort of union filesystem that stores changes in RAM only. Only things changed in /rigol are permanent.
Reading more, I found that after /etc/init.d/rcS /rigol/shell/start.sh is executed. In this file I added /usr/sbin/sshd at the beginning of the file. This worked perfectly. The nice thing about this is that sshd is loaded before appEntry is executed, if appEntry fails, sshd will still be running and I could restore from an old appEntry file easily and then try fast with many appEntry versions as possible.
Everybody should do this! It is nice to have ssh always running!!!
2) backup
I just used this.
https://www.eevblog.com/forum/testgear/new-rigol-ds7000/msg2757408/#msg2757408Both the normal backup and the nand backup
I also did a scp of /rigol directory
3) Get appEntry modified correctly. I couldn't find an already modified version of an appEntry for a MSO7000.
Suggestions from @tv84
https://www.eevblog.com/forum/testgear/new-rigol-ds7000/msg3070602/#msg3070602 are that one must "find" the "offsets". Well. Reading more I guessed they were referring to the bytes changed on the appEntry binary file. The suggestion appears to go in this direction:
a) go find a MSO5000 patch file
b) get the corresponding original appEntry file
c) patch
d) compare original appEntry vs patched version and find out the patched data.
e) search for that same binary data on my MSO7000 appEntry file
f) modify data on MSO7000 appEntry file to be the same as the patched MSO5000 content on those "offsets"
g) copy new patched file to the MSO7000 instead of the original file (optionally: generate a patch file and put it in the forum)
I did all this and it didn't work. Actually my oscilloscope came with several packages already activated and they got deactivated. I put the original appEntry file back again, and the licenses are still deactivated.
Result: total failure!!!!
My firmware version: 01.01.02.00.06 (which is a weird version by the way, I can only find 00.01.02.00.06 on rigol webpage, I'm guessing it is the same, for some reason it is showing 01 at the beginning).
The offsets I found are the following:
0x0017E4C8 : 4 bytes modified
0x0017E4E4 : 4 bytes modified
0x0036DDE0 : 4 bytes modified
0x0036DDFC : 4 bytes modified
0x001cc0e4 : 8 bytes modified
In the last offset the data was already "patched". My guess is that because of the already activated licenses maybe something was already activated there. But not sure. Binary file shouldn't be different in my opinion.
Next steps: disassembly/decompile. This takes a lot of analysis time. Not my idea when I decided to buy the oscilloscope.
So, for normal people, or people without time: Don't buy this oscilloscope thinking it is easily upgradable for free: it is not: unless someone does this work and puts the patch here. Get the MSO5000 instead.
Also, another word of advise, a next firmware version they may change the appEntry file so much that previous patches may not be "adjustable with finding out offsets" like pointed out before. This should apply to both generation of oscilloscopes (less of a problem with the more popular MSO5000 that people are more willing to put the patches freely online).
I'll get back if I'm getting any results with disassembly. I will be looking for a mentioned famous license checking function in it. Don't hold your breath, it could be that it changes to another function number totally different on the MSO7000. I have played a bit with ghidra before. I couldn't do much. The task then was very complicated. I hope this one is easier.