Hacking the Rigol MSO5000 series oscilloscopes

[BTO]

BTO, the priv.pem file is generated when I run the -r command. I tried just running the script without -r and as expected, everything had a fit and didn't activate. Following the instructions, I reloaded the 1.3.3.2 firmware and ran it again, and the same thing happened. I still am only getting 1 progress bar for reading the CFRAM and an assertion error instead of a second progress bar for applying CFRAM. This seems to be the only difference between the hack working and not working as I read through all the instructions and helpful comments. I tried disabling the firewall, upgrading to 1.3.3.0 and back down again, restarting the pc, and nothing solves the issue, it all comes back to this. The invalid licensing has left me with 5 more attempts remaining and I would rather not hit 0. I'm starting to feel like that one poor sap who's the only one this didn't work for. If you have any idea what the error could be please let me know, and thanks for your time.

This seems to be the only difference between the hack working and not working as I read through all the instructions and helpful comments

CORRECT...It is !
Basically,  ... it's an ASSERTION ERROR
Let's just understand what that means, for a second

An Assertion error occurs when an ASSERTION is made and that Assertion Returns FALSE.

The purpose of the Assertion is to ensure that everything is ok, BEFORE ACTIVATION AND WRITING TO THE CFRAM,  So... it's not damaging your scope, if anything, it's protecting it.
in the code there are only 5 Assertions that are made ever , they happen on the following lines...

91
122
127
143
158

In short and to keep it simple, it's checking a few things, the checksum, the priv.pem file and the hex key in your scope.
Basically and loosely stated, it's doing this.
1. let's examine the (len)  THE LENGTH of the hex key in your scopes CFRAM
2. let's generate the priv.pem file
3. let's now compare the len THE LENGTH of the key in your priv.pem file

and  len == len
which means.. the length of the key in your scope MUST EQUAL the length of the priv.pem hex key that will shortly OVERWRITE the CFRAM.

the basic idea here is... Let's not stuff things up so let's make sure that we match the length of the key with the correct length.
there's more to it, but in short it's saying... Let's not short change a digit in the key because that would result in really bad things for the CFRAM

HENCE WHY THE ASSERTION CHECK WAS PUT IN PLACE., Basically it's a good thing.

Here's what's ABOUT TO HAPPEN

it's generated the priv.pem
it's about to start writing to the CFRAM and replace the key in it for the new key
BUT IT WANTS TO MAKE ABSOLUTE CERTAIN before it does that everything is ok and cannot be any other way.

so since the Assertion returned FALSE,  and Assertion Error is throw up and the entire script is HALTED.

so.. that's ok,  Nothing bad has happnened to your scope yet.

The invalid licensing has left me with 5 more attempts remaining and I would rather not hit 0

DON'T EVEN WORRY ABOUT IT

You have 2 choices when it goes low, let's say to like 2 or something

1. Re install another Firmware version

2. Go back and activate it via the first activation method       THE PATCH METHOD
    then Drop down to a previous or higher firmware version.... it'll reset
dont worry about that

I'm starting to feel like that one poor sap who's the only one this didn't work for. If you have any idea what the error could be please let me know, and thanks for your time.

Not at all mate, don't feel that way.  and.. i have every intention of getting you over the line.

This has only happened to 2 other people, Vs the .. i don't know 50 odd others that have contacted me and activate successfully
it has to do with the CFRAM in your particular scope, and ... it is weird, because i also have the MSO5072 and had no options installed and for me it worked fine

in a nutshell.... i would chance a guess that YOUR HEX KEY is not the same length as my HEX KEY was.
i also know that when you start with a ... say   MSO5100   the Hex Key gets longer,    that's what the version 3 is for ,   which is why it makes sense that that one would fail.
so... just focus on  the first script

but since it failed, don't use it , don't try it again, ok

Now, Look   I HAVE TO RUN OUT NOW, But i do have a few ideas
Now.... i'm confident we can fix this, if you don't give up.   the other 2 guys that had this error,   Gave Up and thanked me for my time
I would urge you not to do that.   However i can't stop you if you don't want to continue.  In their case
they got scared
they gave up
and they went back to the patch method

Ultimately, they got scared and paranoid thinking they would stuff up their scope.    REMEMBER, An Assertion error is not damaging your scope or bricking it.
it protects it from that

Now, look
Do you want to jump on zoom or something , i think we can get this sorted quicker if we do it face to face.
i mean, i can give you instructions, but... it's kinda klunky and not efficient to do it that way.

Let me know
in the meantime i gotta do some work and i'll be back and i want to make some changes to the scrript,   I've got a hunch that something may work,  so all is not lost yet..   Keep your chin up and dont' lose hope ok.

I'll get you there
Basically we are 1 tiny step away from making it happen,   we just need to know the length of your HEX key.
but we can't know that without pulling it apart and interrogating it.  so what we do is we use the knowledge that DrMefist0 already put forward and we modify a few things (i won't go into detail here... it's boring)
but only to say... I can probably take a good guess based on what the script is asking for and asserting as to what happened

ALSO....
DID YOU INSTALL THE MODULES ?
STEP 13 of the pdf
HERE IS A LIST OF THE MODULES

argparse
base64
binascii
os.path
re
socket
struct
time
zlib
requests
tqdm
sha256
tabulate
xxtea
ecdsa


INSTALL THEM 1 BY 1 LIKE THIS

Code: [Select]

python -m pip install PACKAGE NAME HERE
so first CHECK THE LIST

Code: [Select]

pip install
then

Code: [Select]

python -m pip install argparse
and you'll get something like this

Code: [Select]

efaulting to user installation because normal site-packages is not writeable
Collecting argparse
  Downloading argparse-1.4.0-py2.py3-none-any.whl.metadata (2.8 kB)
Downloading argparse-1.4.0-py2.py3-none-any.whl (23 kB)
Installing collected packages: argparse
Successfully installed argparse-1.4.0
NOW REPEAT THAT FOR ALL THE OTHER MODULES, if for nothing else but to upgrade the modules to the latest version.

if the modules are problematic it could spit up an Assertion Error.

I ALSO WANT YOU TO TELL ME IF THIS HAPPENS AT ANY POINT

Code: [Select]

  WARNING: The script tabulate is installed in '/var/data/python/bin' which is not on PATH.
  Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.
So you check the modules
i have to run out
when i come back i'll have a look at the script
and... let me know if we can catch up on zoom

let's do that for now

[BTO]

BTO, the priv.pem file is generated when I run the -r command. I tried just running the script without -r and as expected, everything had a fit and didn't activate. Following the instructions, I reloaded the 1.3.3.2 firmware and ran it again, and the same thing happened. I still am only getting 1 progress bar for reading the CFRAM and an assertion error instead of a second progress bar for applying CFRAM. This seems to be the only difference between the hack working and not working as I read through all the instructions and helpful comments. I tried disabling the firewall, upgrading to 1.3.3.0 and back down again, restarting the pc, and nothing solves the issue, it all comes back to this. The invalid licensing has left me with 5 more attempts remaining and I would rather not hit 0. I'm starting to feel like that one poor sap who's the only one this didn't work for. If you have any idea what the error could be please let me know, and thanks for your time.

ok mate, i'm back.


HERE IS WHAT I WANT YOU TO DO

1. let me know if we can get on a zoom sesion (that would be optimal.)

2. FIRST CHECK IF YOU HAVE THOSE MODULES INSTALLED , Even install them again, to ensure they are the latest version

3. I NOW HAVE A NEW SCRIPT FOR YOU   
https://mega.nz/folder/A8cEgQRI#5FSoMrCurJi71T7VkRPgYQ
I've altered the script so that it uses a different Hex key to activate
NOTE : WE HAVE CONFIRMED THAT THIS WORKS FOR THE ASSERTION ERROR

[inarybonanza]

BTO, I used the new script and got two progress bars, both went to 100%. No assertion error was found. Followed instructions from there and the scope has been set free!!!!! Well done and many thanks to you.

[BTO]

BTO, I used the new script and got two progress bars, both went to 100%. No assertion error was found. Followed instructions from there and the scope has been set free!!!!! Well done and many thanks to you.

WELL DONE MATE, and Good on you
See.. This is what i told the others that got the Assertion Error , DON'T GIVE UP !
and... They did, and YOU DIDN'T

and do you see what happens when you push through the problem ?.... You get progress.

In saying that, i do understand them and PART of what they say is valid, But then.. Another part is unjustified
and just paranoia. People seem to more importance on something if they paid more for it as well as they seem to assign more care
to it if they paid more, the irony also is, they seem to give it more paranoia the more they pay for it.

And.. All that is incorrect.
Care should be given to everything of value, but value is not defined by how much you pay .
People seem to think "If i worry more, it means that i care"  NO, THAT'S NOT CORRECT

Anyway.. the point is  IF THEY ARE SCARED THEY DO NOT PROGRESS
and i have seen this pattern occur to scopes since the Rigol DS1052E and the DS2000A series and the DS1054Z and the 4000 and now the 5000

it's understandable when it started, but.. we need to get over this so that we can all unlock our scopes

AND YOU MY FRIEND ARE NOW THE FIRST WHO HAD ABILITY TO PUSH THROUGH THE ASSERTION ERROR

WELL DONE.. GOOD ON YOU !!
and now what happens, Everyone will look to your success and they will follow.

So well done

Now, Don't forget
Do a Self Test
De A Self Cal

Watch these videos if you want to learn how to use your scope
https://www.eevblog.com/forum/testgear/hacking-the-rigol-mso5000-dr-mefisto-licensing-method/

Now.. I'm gonna take down the link in that previous post
I'll post the new script to the normal location


ALSO I need to know
Was your scope a DS5072    Standard  or did you buy it with the DSDS5000 BND Bundle

I'm trying to understand why there is a different length in the Hex Key. as this is the only thing i really haven't been able to work out yet.
I know THERE IS ONE, I just don't know WHY on the same scope with the same option there would be a different key.

so.. Let me know
thanks and well done

[BTO]

UPDATE
ASSERTION ERROR SOLVED

The first thing i want to say here is this....
If you got this error while activating
- You're probably scared
- You're probably discouraged
- You probably don't want to risk bricking your scope
- You're probably saying "You know... JUST IN CASE"

DO ME A FAVOUR.........FORGET ALL THAT OK
Because it's not relevant

Now that being said
I've created another script , it's as the same location.

https://mega.nz/folder/A8cEgQRI#5FSoMrCurJi71T7VkRPgYQ

The script you need is named :   rigol_kg2_KEY2.py

Follow the same process as you did before
and you should then find that you get 2 progress bars and no assertion error
and then the scope will be activated with all the options

WE HAVE PROVEN THIS WORKS

Also let me know which scope you have, as this worked on a MSO5072 with no bundles installed.
if you have a MS5100 i do still have another modification i can use on the script, but for now lets' try this one, i reckon it'll work.

NOW ....WHAT IS DIFFERENT IN THIS SCRIPT

An Assertion Error occurs
- When an Assertion is made
- And the Assertion returns FALSE
- Then an ASSERTION ERROR gets put up
- And the entire program HALTS

The reason it returns false is due to a "len" Statement.  which means... The program tested the LENGTH of the HEX Key
in your scope and compared it to the HEX key it was using.
Since the one the script is using is going to replace the one in your scope they need to be the same length.
In your case they were not and as such you get the error

The new script called  KEY2 (as the name suggests) Uses a different key or a different length
and when the challenge assertion is issued it returns  TRUE

SO.. GOOD NEWS GUYS,   WE HAVE A SOLUTION FOR YOU

Do let me know how it goes ok

[bmx]

Is there a way you could get rid of this 2001ish mega.nz way of sharing code? Even for yourself, putting it in a git or svn or whatever repository could help yourself organized. I'm pretty sure a thousand people (or many more) could help you jump start on this.

Anyway, please continue to enhance that script, we all enjoy it.

[BTO]

Is there a way you could get rid of this 2001ish mega.nz way of sharing code? Even for yourself, putting it in a git or svn or whatever repository could help yourself organized. I'm pretty sure a thousand people (or many more) could help you jump start on this.

Anyway, please continue to enhance that script, we all enjoy it.

Is there a way you could get rid of this 2001ish mega.nz way of sharing code?

well....There's always a way
i reckon if i worked out python code and handle people's problems everyday , Yeah, i reckon there's a way.

Will i do it ?
NO.. Probably not.  My company has worked this way for you years.

But... What is the problem with it (as you see it) ?
You said "2001ish"
2 thoughts that i have
1. Why 2001 , Why not 2000 ?
2. What is the relevance of 2001ish

The reason the link was put up this way and not covered with hypertext is because i have found that most of the people unlocking their scopes
are begininners , I don't want to leave it to chance that they missed blue text and took it for standard text and not a hyperlink.
also, thus far it's worked for many people
i also had a video coming to explain it all in detail step by step,
AS IT TURNS OUT,  No one cared for the video and the PDF seems to be doing the trick, so i'm rolling with it.

Even for yourself, putting it in a git or svn or whatever repository could help yourself organized.

My business has been organized for 35 years now and git is not my part of my plan,  i try to reduce clutter where i can
and git doesn't fit into the company policy nor the way that i do things.

In saying that... Here on the forum my company is not relevant, but of course the way that i do things in my company spills into my personal life as well.
I decided long ago......Never to walk in anyone's shadow
But i also decided not to waste time with unnecessary steps

As for MEGA
well mate, there was dropbox, there was one drive, there was google drive etc etc.
They all fell off didn't they ? They all have problems don't they ?
I constantly get calls from clients asking me to help them with their cloud solutions

I NEVER GET A CALL SAYING  "Martin, i'm having a problem with MEGA"
that LITERALLY never happens

But what i do hear is...
"Martin i have a problem with i cloud"
"Martin i have a problem with one drive"
but most of all
"Martin, i have a problem with Dropbox"  LOL

so... will i get rid of MEGA ?
GIVE ME A REASON TO GET RID OF IT , I can't see one .

I'm pretty sure a thousand people (or many more) could help you jump start on this.

Jump Start What ?
I'm not sure of the point you were trying to make here

but all in all

1. What's the problem as you see it , with Mega

2. What do you suppose i would need to jump start and why would 1,000 people be required to make it happen ?

As for the script...
Yeah i will keep looking at it.

So far since it started
the MSO5000 series was taken care of
we worked out how to do the MSO51000

I suspect i know how to do the MSO52000 and MSO53000, it's just that no one has come forward with those models
I suspect i know how to do the MSO7000 and MSO8000 , it's just that no one has come forward with those either

Beyond that, THE ONLY error we encoutered (actually there were 2)
ErrorModuleNotFound - Solved  (install the Modules)

ASSERTION ERROR : and now we have that under wraps
but the script that was created was only for the MSO5072  WITH NO BND BUNDLE

so.. Just as was the case with the originals and then the 100MHz models and higher.
i can also alter this script (as needed) to suit Models that are higher and also get the assertion error.

in a nutshell, i reckon we have this things sorted.
I've already emailed all the other people that approached me that had the assertion error, Hopefully they'll jumnp on board

so yeah, i reckon we are sorted


I'm looking at doing something else, if i get the time....

- there are 5 Assertions that are made in the script
- I was thinking to put a serial line in there to output PRECISELY AT WHAT POINT the Assertion Error Occurs.
Just a thought.... I'll have a deeper think about it later.

for now, that's what i got, Let's just get everyone activated and rolling .

[BTO]

BTO, I used the new script and got two progress bars, both went to 100%. No assertion error was found. Followed instructions from there and the scope has been set free!!!!! Well done and many thanks to you.

Hi mate, i have another question if you don't mind.
I was thinking about this Assertion error and how i got the script to work

MY QUESTION IS : 
1. Approx. WHEN did you buy your scope ?
2. You said it's MSO5072 ,  But is that WITH BND (Bundle Options) or Just standard and without them ?
3. What version was your scope on when you bought it ?



See here is what i'm thinking ....
THIS IS A BRIEF EXPLANATION OF WHY YOU GOT THE ERROR AND WHY THE NEW SCRIPT WORKED

1. In the code there are 2 KEYS that are defined as follows

Code: [Select]

KEY1 = b''.join(pack('<I', x) for x in [0x03920001, 0x08410841, 0x18C32104, 0x318639C7])
KEY2 = b''.join(pack('<I', x) for x in [0x478AA887, 0x99A85895, 0x1770078, 0x87888798])
if we examine them a bit closer we see this

KEY 1 - 0x03920001, 0x08410841, 0x18C32104, 0x318639C7
KEY 2 - 0x478AA887, 0x99A85895, 0x1770078, 0x87888798

- It's clear to see that Key 1 is longer than Key 2
- and Initially you would think it's the last Hex Set that is 1 character shorter
- IN FACT.. IT'S THE 3RD HEX SET, Look...

KEY 1 - 0x18C32104
KEY 2 - 0x1770078

2. By Default the script used KEY 1 and compares it with a key in your scope.
3. if that key is not IDENTICAL IN LENGTH you will get an Assertion Error

The Assertion is made that
- A Reference Key + A Key Under Test (that is then Inverted) MUST = 0
- Example...  If the reference key is 6 Characters long
  And the key in your scope is 6 Characters long,    But then we invert that number to be -6
  We then have the Calculation that  6 + -6 = 0  and this if the result of the Assertion is 0  it is then TRUE
  if the key under test produces any other result other than zero.  the result will be FALSE

that's how you got the error

4. The error was resolved by changing the script to incorporate KEY 2

5. WHAT THIS TELLS US IS THIS.............

- Rigol are using a certain Key 1 Length for MSO5000 Series (Example MSO5074)
- Rigol are using another certain Key 1 Length for scopes with BND Bundle Options
- Rigol are using yet another Key 1 Length for scopes that are MSO5100 Series (100MHz)

and even though i have only come across 2 of them, i suspect they are using a different Key 1 length for MSO5200 and another for MSO5300

- It is also interesting to see that a stock standard MSO5000 with no BND Option can use KEY 1, but then another requires KEY2
  Because it needs a shorter key

THIS TELLS US THAT RIGOL During certain versions are changing how the scopes are activated.
The mere altering of the key length (len) command become relevant here, will trigger the Assertion Error.

NOW, ONCE A SCOPE IS FULL LICENCED THE OWNER OF THE SCOPE NO LONGER HAS A PROBLEM
and you can receive all future firmware upgrades by simply downloading the GEL File from the official site,   

HOWEVER....... IT IS POSSIBLE in the future with scope versions that are ABOVE 1.3.3.0 that rigol changes the key requirement again.
let's say to a Key 3 or Key 4

So i'm trying to get a baseline or when you bought your scope and what version it started on to see if we can see any patterns with this.
at the moment 1.3.3.0 is the highest, But i'm interested to see if any of the latest one's require a new key or... if that KEY2 pertained to an older scope.

so there you go....Mystery solved
From what i can tell Everyone is going to ok from here on, Because

1. Even if they do release a new firmware version
2. and Even if the new scopes do require a new key

THAT IS GOING TO BE SO SO FAR OFF THAT WE'LL BE BUYING NEW SCOPES AT THAT TIME
I mean,... Is anyone buying DS1052E Anymore ?
is Anyone Buying DS2000A Anymore ?
How about 1054Z ?

Nope..  it's all faded away into the void

so, i reckon we are sorted

[Mix]

I am also stuck with the Assertion Failure.  Tried all three scripts and same issue.

Below is the list of options installed on this 5074:

│ Code   │ Status   │ Description                                         │
╞════════╪══════════╪═════════════════════════════════════════════════════╡
│ 2RL    │ ----     │ 200Mpts Deep Memory Option                          │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ COMP   │ 2098min  │ Computer Serial Triggering and Analysis(RS232/UART) │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ EMBD   │ 2098min  │ Embedded Serial Triggering and Analysis(IIC, SPI)   │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ AUTO   │ 2098min  │ Automotive Serial Triggering and Analysis(CAN/LIN)  │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ FLEX   │ 2098min  │ FlexRay Serial Triggering and Analysis              │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ AUDIO  │ 2098min  │ Audio Serial Triggering and Analysis(I2S)           │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ AERO   │ 2098min  │ MIL-STD 1553 Serial Triggering and Analysis         │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ DG     │ ----     │ Dual Channel WaveGen 25 MHz AWG                     │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ PWR    │ ----     │ Integrated Power Analysis                           │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ BW07T1 │ ----     │ 70MHz to 100MHz Bandwidth Upgrade Option            │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ BW07T2 │ ----     │ 70MHz to 200MHz Bandwidth Upgrade Option            │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ BW07T3 │ ----     │ 70MHz to 350MHz Bandwidth Upgrade Option

This is the error with the new Key2 script:

Traceback (most recent call last):
  File "C:\WINDOWS\system32\rigol_kg2_KEY2.py", line 432, in <module>
    main()
  File "C:\WINDOWS\system32\rigol_kg2_KEY2.py", line 419, in main
    new_cfram = replace_cfram_key(cfram, new_key)
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\WINDOWS\system32\rigol_kg2_KEY2.py", line 172, in replace_cfram_key
    write_block(data, 0x100, pub_key, new_key)
  File "C:\WINDOWS\system32\rigol_kg2_KEY2.py", line 143, in write_block
    assert len(block['data']) == block_len

Let me know if you have any ideas.

[BTO]

I am also stuck with the Assertion Failure.  Tried all three scripts and same issue.

Below is the list of options installed on this 5074:

│ Code   │ Status   │ Description                                         │
╞════════╪══════════╪═════════════════════════════════════════════════════╡
│ 2RL    │ ----     │ 200Mpts Deep Memory Option                          │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ COMP   │ 2098min  │ Computer Serial Triggering and Analysis(RS232/UART) │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ EMBD   │ 2098min  │ Embedded Serial Triggering and Analysis(IIC, SPI)   │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ AUTO   │ 2098min  │ Automotive Serial Triggering and Analysis(CAN/LIN)  │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ FLEX   │ 2098min  │ FlexRay Serial Triggering and Analysis              │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ AUDIO  │ 2098min  │ Audio Serial Triggering and Analysis(I2S)           │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ AERO   │ 2098min  │ MIL-STD 1553 Serial Triggering and Analysis         │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ DG     │ ----     │ Dual Channel WaveGen 25 MHz AWG                     │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ PWR    │ ----     │ Integrated Power Analysis                           │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ BW07T1 │ ----     │ 70MHz to 100MHz Bandwidth Upgrade Option            │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ BW07T2 │ ----     │ 70MHz to 200MHz Bandwidth Upgrade Option            │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ BW07T3 │ ----     │ 70MHz to 350MHz Bandwidth Upgrade Option

This is the error with the new Key2 script:

Traceback (most recent call last):
  File "C:\WINDOWS\system32\rigol_kg2_KEY2.py", line 432, in <module>
    main()
  File "C:\WINDOWS\system32\rigol_kg2_KEY2.py", line 419, in main
    new_cfram = replace_cfram_key(cfram, new_key)
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\WINDOWS\system32\rigol_kg2_KEY2.py", line 172, in replace_cfram_key
    write_block(data, 0x100, pub_key, new_key)
  File "C:\WINDOWS\system32\rigol_kg2_KEY2.py", line 143, in write_block
    assert len(block['data']) == block_len

Let me know if you have any ideas.

Hmmm.. How ..Very.. Interesting

I've activated over 80 people
They've all Been MSO5000 and MSO5100 and MSO5200
There have only ever been 2 Error
ErrorModuleNotFound    and
ActivationError


YES I DO HAVE IDEAS
But tell me something,  2 Questions

You have a MSO5074

1. When did you buy the scope approx
2. Did you buy it with any BUNDLE OPTIONS
3. What firmware version did it come with

As for your problem, Give me a second i'll make up a script for you to try

[Mix]

BTO, this scope is a new, standard 5074 with no bundles.  Was shipped with 01.03.03.00 firmware.

[BTO]

BTO, this scope is a new, standard 5074 with no bundles.  Was shipped with 01.03.03.00 firmware.

OK, I've looked at the error code
Some of the Assertions passed and others failed

TELL ME THIS

1. Did you read the entire PDF

2. When installing Python , Did you
- Choose CUSTOM INSTALLATION
- Check the box that says USE PATH
- At the end there is an option that says DISABLE MAXIMUM CHARACTER LENGTH, Did you disable it ?
If not.. Re install python and follow those steps

3. Did you install all the Modules

4. THIS PART IS IMPORTANT
- What Shell are you using ?
- When you open the shell what is the default working directory ? (what does it start in ?)
- Where did you put the python script (What directory Location)
- Did the Priv.pem file get created ?
- If YES, What location was it put in ?
LASTLY..  in the location where you put the Python script, was there another python script there
       and  in the location where the priv.pem was located was there another priv.pem file there

FYI - The script that SHOULD work without a problem with your scope is  rigol_kg2.py    you want to focus on that one.
if it keeps failing after you checked all those points above,  you'll need to try rigol_kg2_KEY2.py   this will be your second option

But before i give you a script, i want to check a few things so we're not chasing out tail
it looks strange to me that your script was in the System32 folder

[BTO]

I am also stuck with the Assertion Failure.  Tried all three scripts and same issue.

As an option , i'm happy to jump on zoom with you if you like.
if we do this will go much quicker
let me know

[Mix]

BTO, I double-checked Python and the modules are configured correctly.  I was launching a windows power shell as administrator and that is why the folder was C:\windows\system32.  It is now launching as c:\Users\xxx.  I put the rigol_kg2.py script in there and it created the priv.pem file but then crashed with the assertion failure re: block_len.  PM me with a teams link if you want to jump on and take a look.

[BTO]

BTO, I used the new script and got two progress bars, both went to 100%. No assertion error was found. Followed instructions from there and the scope has been set free!!!!! Well done and many thanks to you.

Hi mate, Hope your scope is going good.
Sorry to bother you , Need to ask a quick question about your scope and that Assertion Error you had.

NOW, PLEASE THINK BACK
Remember this screen

Code: [Select]

│ Code   │ Status   │ Description                                         │
╞════════╪══════════╪═════════════════════════════════════════════════════╡
│ 2RL    │ ----     │ 200Mpts Deep Memory Option                          │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ COMP   │ ----     │ Computer Serial Triggering and Analysis(RS232/UART) │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ EMBD   │ ----     │ Embedded Serial Triggering and Analysis(IIC, SPI)   │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ AUTO   │ ----     │ Automotive Serial Triggering and Analysis(CAN/LIN)  │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ FLEX   │ ----     │ FlexRay Serial Triggering and Analysis              │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ AUDIO  │ ----     │ Audio Serial Triggering and Analysis(I2S)           │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ AERO   │ ----     │ MIL-STD 1553 Serial Triggering and Analysis         │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ DG     │ ----     │ Dual Channel WaveGen 25 MHz AWG                     │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ PWR    │ ----     │ Integrated Power Analysis                           │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ BW07T1 │ ----     │ 70MHz to 100MHz Bandwidth Upgrade Option            │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ BW07T2 │ ----     │ 70MHz to 200MHz Bandwidth Upgrade Option            │
├────────┼──────────┼─────────────────────────────────────────────────────┤
│ BW07T3 │ ----     │ 70MHz to 350MHz Bandwidth Upgrade Option

Now BEFORE you had the Assertion error and when you bought the scope at first
WERE ANY OF THESE OPTIONS ACTIVATED

AND SPECIFICALLY
Did it state just   ----
or
Did it have a time next to it ?


QUESTION FOR DR MEFISTO OR TV8
Guys, Why is it when i run

Code: [Select]

python rigol_kg2.py -u 10.1.1.50  To Uninstall the options DURING A TRIAL PERIOD
that the Options do not get uninstalled, even though the script says, Activated Options Uninstalled.

do understand that the message is just a vebose print statement, But all things being simple,  if you use the -u switch the options should be uninstalled,
Correct ?

so, Are the trial options persistent and are beyond removal ?

Second question,   Does the Length of any of the keys required for activation  change if additional options are installed ?
if so, I believe that scopes from newly bought that have trials on them may be susceptible to the Assertion Error depending on what options were installed
at time of sale.

Any feedback would be appreciated, thank you

[Freelance]

Hello friends of the Rigol, since a few days I have a new Rigol MSO5074 (firmware the original was delivered is 1.3.2.2) and really want the activation for 350 MHz and all options license. I made the 2 backups with the Mefisto instructions (memory and NAND). But in the directory of Step3 the files are missing (bspatch, DS5000. GEL, Patch.TXT), only firmware 1.3.3.0 contains them. But the whole method is very confusing... I also downloaded files from https://www.mediafire.com/folder/zh1uiu3umgoai/Documents, but there are the patch files in the directory 1.3.2.2 included, the instructions are easier to understand, but I don't know where the difference between these two instructions is? (Also, there are no Python scripts in this guide)  Could you help me with my new 5074, on the one hand I would be very reluctant to brick it, but on the other hand I need the 350Mhz and also the options  . … Sorry For My English, im German

[BTO]

Hello friends of the Rigol, since a few days I have a new Rigol MSO5074 (firmware the original was delivered is 1.3.2.2) and really want the activation for 350 MHz and all options license. I made the 2 backups with the Mefisto instructions (memory and NAND). But in the directory of Step3 the files are missing (bspatch, DS5000. GEL, Patch.TXT), only firmware 1.3.3.0 contains them. But the whole method is very confusing... I also downloaded files from https://www.mediafire.com/folder/zh1uiu3umgoai/Documents, but there are the patch files in the directory 1.3.2.2 included, the instructions are easier to understand, but I don't know where the difference between these two instructions is? (Also, there are no Python scripts in this guide)  Could you help me with my new 5074, on the one hand I would be very reluctant to brick it, but on the other hand I need the 350Mhz and also the options  . … Sorry For My English, im German

Hi mate
the process isn't difficult, but let me just confirm a few things re the downloads

Are you getting them from my cloud server here
https://mega.nz/folder/A8cEgQRI#5FSoMrCurJi71T7VkRPgYQ

This link and instructions are located on this forum page
https://www.eevblog.com/forum/testgear/hacking-the-rigol-mso5000-dr-mefisto-licensing-method
or did you get it somewhere else ?

if you go to the link i supplied, you'll have everything you need

NOW  LET'S DO THIS STEP BY STEP

1. You're supposed to do 2 Backups... YOU'VE DONE THAT... GOOD

2. The next step for most people is to downgrade from 1.3.3.0  to 1.3.2.2
    YOU ARE ALREADY ON 1.3.2.2  so you don't need to do anything here
     HOWEVER... LATER ON YOU WILL NEED THE GEL FILE FOR 1.3.2.2   AND 1.3.3.0  so download that from  STEP 2 in each zip file

RE

But in the directory of Step3 the files are missing

YES THEY ARE, BECAUSE THEY ARE NOT NEEDED.
Those 3 files are only used for PATCHING the scope,   we are not Patching,  we are LICENCING

THEREFORE.....YOU DO NOT NEED THE FILES IN STEP 3, Although if you wanted to patch your scope,  You would just upgrade with the gel file from 1.3.3.0
then use the 3 files in step 3 from that folder,  But... we aren't doing that since it's temporary

FROM THERE
3. Download the PDF

4. Download the python file     rigol_kg2.py            Since you are on MSO5074  this is the script you'll be using

then you just follow the PDF from there

NOW.. IF YOU'RE NOT CONFIDENT, I'M MORE THAN HAPPY TO JUMP ON ZOOM WITH YOU AND GET IT ACTIVATED FOR YOU
AND SHOW YOU HOW TO DO IT,  it takes like 15mins to do

let me know what you want to do


so just remember

1. YOU DON'T NEED THE STEP 3 FOLDER AT ALL

2. The GEL file is just for upgrading and downgrading

3. the PYTHONS SCRIPT is for generating the priv.pem file and for licensing your scope


(Essentially the difference between the patch method and licensing method is that... The files in step 3 got replaced by the python script)

but I don't know where the difference between these two instructions is? (Also, there are no Python scripts in this guide)

LOOK IN THE ATTACHMENT FOR THE FILES YOU NEED TO DOWNLOAD , they are all there.

NOTE : You only need to download 1 python script.... The one that suits your scope.
it's all in the pdf
but FOR YOUR SCOPE  MSO5074    IT'S   rigol_kg2.py

if you have a 100MHz scope it would be    rigol_kg2_3_00.py

if you get an Assertion Error during activation you'll need to download  rigol_kg2_KEY2.py
BUT..THAT'S RARE TO HAPPEN

So for you

THE PDF FILE
BOTH GEL FILES
1 SCRIPT
that's all you need

[BTO]

MSO8000 HAS NOW BEEN HACKED SUCCESSFULLY

I'm putting this post here only because the MSO8000 and MSO7000 Guys are inevitably going to arrive here.

I don't want MSO8000 Discussions to happen on this thread so please PROCEED TO THIS LINK
https://www.eevblog.com/forum/testgear/hacking-the-rigol-mso8204-mso8000/msg5555455/#msg5555455

But yeah... Heads up.  THE MSO8000 HAS NOW BEEN FULLY LICENSED and unlocked with all options and up to 2GHz Bandwidth.
I'm not going to say i'm not jealous 
I mean... I helped the guys get to the goal, while i'm on my pityful MSO5000 with my pityful 350MHz   LOL

But yeah, it was cool.. CHECK IT OUT
and i reckon if we have any MSO7000 Guys out there we should be able to help them out as well.

That being said... Let's get back to MSO5000