Hacking the Rigol MSO8204 / MSO8000

[BTO]

Actually MSO8204A has MSO8000A-BW20T30 so that might enable it. I know on the rigolna.com it lists that option available for MSO8204 as well but it does not work. I do not have a MSO8204A available to test if it unlocks this option but if you want you can drop a message and we'll see

OK, i'll keep my eyes and ears open. although as you know we don't get many who have MSO8000 Series
But i guess if the need arises someone will poke their head up and say "can we do this"

[gao415517]

8204 can be cracked to 3G bandwidth I am using 2.10b machine to upgrade mso8000A firmware file name to be changed to mso8000 after going to upgrade after the crack

[BTO]

8204 can be cracked to 3G bandwidth I am using 2.10b machine to upgrade mso8000A firmware file name to be changed to mso8000 after going to upgrade after the crack

Thats great to hear.

Now.. the problem you're going to have is how to get that red texta mark of the screen 

[tv84]

Actually MSO8204A has MSO8000A-BW20T30 so that might enable it. I know on the rigolna.com it lists that option available for MSO8204 as well but it does not work (or I could not get it to work). I do not have a MSO8204A available to test if it unlocks this option but if you want you can drop a message and we'll see

@asp,

This is from 2019. Now it should be somewhat old but, for sure, serves as a reference:

Code: [Select]

1180 - BW1T2           RIGOL DS7000-BW1T2 BANDWIDTH UPGRADE LICENCE (100MHZ TO 200MHZ)  RIGOL MSO5000-BW1T2 BANDWIDTH UPGRADE LICENSE
1181 - BW1T3           RIGOL DS7000-BW1T3 BANDWIDTH UPGRADE LICENCE (100MHZ TO 350MHZ)  RIGOL MSO5000-BW1T3 BANDWIDTH UPGRADE LICENSE
1182 - BW1T5           RIGOL DS7000-BW1T5 BANDWIDTH UPGRADE LICENCE (100MHZ TO 500MHZ)
1183 - BW2T3           RIGOL DS7000-BW2T3 BANDWIDTH UPGRADE LICENCE (200MHZ TO 350MHZ)  RIGOL MSO5000-BW2T3 BANDWIDTH UPGRADE LICENSE
1184 - BW2T5           RIGOL DS7000-BW2T5 BANDWIDTH UPGRADE LICENCE (200MHZ TO 500MHZ)
1185 - BW3T5           RIGOL DS7000-BW3T5 BANDWIDTH UPGRADE LICENCE (300MHZ TO 500MHZ)
1186 - MSO
1187 - 2RL             RIGOL MSO5000-2RL MEMORY DEPTH UPGRADE LICENCE (200MPTS MAX.)
1188 - 5RL             RIGOL DS7000-5RL MEMORY DEPTH UPGRADE LICENCE (500MPTS MAX.)
1189 - BND <- (*)
118A - COMP    *       RIGOL MSO5000-COMP PC SERIAL BUS TRIGGER & ANALYSIS (RS232/UART) LICENCE
118B - EMBD    *       RIGOL MSO5000-EMBD I2C/SPI BUS TRIGGER & ANALYSIS LICENCE
118C - AUTO    *       RIGOL MSO5000-AUTO CAN/LIN BUS TRIGGER & ANALYSIS LICENCE
118D - FLEX    *       RIGOL MSO5000-FLEX FLEXRAY BUS TRIGGER & ANALYSIS LICENCE
118E - AUDIO   *       RIGOL MSO5000-AUDIO I2S BUS TRIGGER & ANALYSIS LICENCE
118F - SENSOR
1190 - AERO    *       RIGOL MSO5000-AERO MIL-STD-1553 BUS TRIGGER & ANALYSIS LICENCE
1191 - ARINC
1192 - DG              RIGOL MSO5000-AWG DUAL-CHANNEL UPGRADE LICENCE
1193 - JITTER
1194 - MASK
1195 - PWR             RIGOL MSO5000-PWR POWER ANALYSIS LICENCE
1196 - DVM
1197 - CTR
1198 - EDK
1199 - 4CH             RIGOL MSO5000-4CH ANALOG CHANNEL UPGRADE LICENSE
119A
119B - Key.data MSO7000
119C - BW07T1 (?)      RIGOL MSO5000-BW0T1 BANDWIDTH UPGRADE LICENSE
119D - BW07T2 (?)      RIGOL MSO5000-BW0T2 BANDWIDTH UPGRADE LICENSE
119E - BW07T3 (?)      RIGOL MSO5000-BW0T3 BANDWIDTH UPGRADE LICENSE
119F - BW07T5 (?)
11A0 - Key.data MSO5000
Fill the voids as needed.

[SpacedCowboy]

So I have an 8104, thought I'd try the latest instructions.

Downloading and running on the Mac didn't seem to work though - I got:

Code: [Select]

% python3 rigol_mso_util_2.13b.py -h
Traceback (most recent call last):
  File "./rigol_mso_util_2.13b.py", line 11, in <module>
    import requests
ModuleNotFoundError: No module named 'requests'

This is with the homebrew version of python3.

For any other Mac users, this is how I got it to at least run the script...

Trying to pip3 install requests failed with

Code: [Select]

error: externally-managed-environment

Trying to install 'requests' via homebrew told me that homebrew had disabled it

Trying to 'brew edit' the config didn't seem to work. Apparently the proper technique is to use scary options to pip3...

Code: [Select]

% pip3 install --break-system-packages  requests
% pip3 install --break-system-packages  tqdm
% pip3 install --break-system-packages  tabulate
% pip3 install --break-system-packages  xxtea
% pip3 install --break-system-packages  ecdsa

... and then finally "python3 rigol_mso_util_2.13b.py -h" works... It's late so I'll try the actual script tomorrow...

[strahd_von_zarovich]

Hello everyone,

I finally got back to the office after a long journey.

Congrats to everyone who helped in this process and thank you.

@BTO , Dear BTO, I am really sorry for not being able to answer.

I have read all the posts, but I have little knowledge on this subject. So can you guide me on this matter? I already have all the options except bandwidth. So, I want to upgrade it from 600MHz to 2GHz only.

Here is my device option list and firmware information if it matters.

As far as I understand I should do the following, correct if me I was wrong 

1- Download and install Python. (I have an installed version - Python - 3.10.8 )

2- Download rigol_mso_util_2.13b.py python file. (I downloaded it)

3- Connect computer to the oscilloscope via ethernet cable. (I connected it and I can reach the web control interface)

4- Run the codes at "UPDATE 13" which is

UPDATE 13 ( rigol_mso_util_2.13b.py ) 18-August-2024:
ADD: can enable ssh on boot
Code: [Select]
#Just in case you brick your scope add sshd at boot so you can log in via ssh
python3 rigol_mso_util_2.13b.py --ssh --start-ssh-on-boot <rigol_ip_address>
ADD: sysvendor.bin full decoder/encoder
Code: [Select]
# if this fails at any step don't go further as it will brick your device
# before you start make sure you add sshd at boot, so you can still access the device via ssh if something goes wrong
#1 -> save current sysvendor
python3 rigol_mso_util_2.13b.py --save-sysvendor <rigol_ip_address>

#2 -> find the device xxtea key (2 versions)
python3 rigol_mso_util_2.13b.py --sysvendor-key --sysvendor-key-slow <rigol_ip_address>
or
python3 rigol_mso_util_2.13b.py --sysvendor-key --sysvendor-key-fast <rigol_ip_address>

#3 -> change sysvendor model in sysvendor file (can also be used on --mac and --serial)
python3 rigol_mso_util_2.13b.py --offline --sysvendor-file <file_saved_at_step_1> --use-sysvendor-key <key_from_step_2> --model <your_desired_model>

#4 -> write modified sysvendor to device
python3 rigol_mso_util_2.13b.py --write-sysvendor --write-sysvendor-file <file_from_step_3> <rigol_ip_address>

#5 -> reactivate licenses
python3 rigol_mso_util_2.13b.py --regen <rigol_ip_address>

ADD: device xxtea key finder
Code: [Select]
#using version 1
python3 rigol_mso_util_2.13b.py --sysvendor-key --sysvendor-key-slow <rigol_ip_address>
#using version 2
python3 rigol_mso_util_2.13b.py --sysvendor-key --sysvendor-key-fast <rigol_ip_address>
ADD: write new sysvendor.bin to device (memory + file)
Code: [Select]
python3 rigol_mso_util_2.13b.py --write-sysvendor --write-sysvendor-file <file_from_step_3> <rigol_ip_address>

I have to run all the codes right including the sections "ADD: device xxtea key finder" and "ADD: write new sysvendor.bin to device (memory + file)" .

If there will be a firmware update , can we update it without an issue? 

Thanks in advance.

[BTO]

So I have an 8104, thought I'd try the latest instructions.

Downloading and running on the Mac didn't seem to work though - I got:

Code: [Select]

% python3 rigol_mso_util_2.13b.py -h
Traceback (most recent call last):
  File "./rigol_mso_util_2.13b.py", line 11, in <module>
    import requests
ModuleNotFoundError: No module named 'requests'

This is with the homebrew version of python3.

For any other Mac users, this is how I got it to at least run the script...

Trying to pip3 install requests failed with

Code: [Select]

error: externally-managed-environment

Trying to install 'requests' via homebrew told me that homebrew had disabled it

Trying to 'brew edit' the config didn't seem to work. Apparently the proper technique is to use scary options to pip3...

Code: [Select]

% pip3 install --break-system-packages  requests
% pip3 install --break-system-packages  tqdm
% pip3 install --break-system-packages  tabulate
% pip3 install --break-system-packages  xxtea
% pip3 install --break-system-packages  ecdsa

... and then finally "python3 rigol_mso_util_2.13b.py -h" works... It's late so I'll try the actual script tomorrow...

Correct, When it says  ModuleNotFoundError
whatever module it states at the end,  That's the module that needs to be installed

You've now installed them that means the script will work.

just run it first with the -i command to ensure you have good communication
then run the -r to generate the Priv.pem  , Activation will happen Automatically after that so will restarts.

Just don't forget to do backups before and after and to update to the latest firmware
then
Self Cal
Self Test

[BTO]

Hello everyone,

I finally got back to the office after a long journey.

Congrats to everyone who helped in this process and thank you.

@BTO , Dear BTO, I am really sorry for not being able to answer.

I have read all the posts, but I have little knowledge on this subject. So can you guide me on this matter? I already have all the options except bandwidth. So, I want to upgrade it from 600MHz to 2GHz only.

Here is my device option list and firmware information if it matters.

As far as I understand I should do the following, correct if me I was wrong 

1- Download and install Python. (I have an installed version - Python - 3.10.8 )

2- Download rigol_mso_util_2.13b.py python file. (I downloaded it)

3- Connect computer to the oscilloscope via ethernet cable. (I connected it and I can reach the web control interface)

4- Run the codes at "UPDATE 13" which is

UPDATE 13 ( rigol_mso_util_2.13b.py ) 18-August-2024:
ADD: can enable ssh on boot
Code: [Select]
#Just in case you brick your scope add sshd at boot so you can log in via ssh
python3 rigol_mso_util_2.13b.py --ssh --start-ssh-on-boot <rigol_ip_address>
ADD: sysvendor.bin full decoder/encoder
Code: [Select]
# if this fails at any step don't go further as it will brick your device
# before you start make sure you add sshd at boot, so you can still access the device via ssh if something goes wrong
#1 -> save current sysvendor
python3 rigol_mso_util_2.13b.py --save-sysvendor <rigol_ip_address>

#2 -> find the device xxtea key (2 versions)
python3 rigol_mso_util_2.13b.py --sysvendor-key --sysvendor-key-slow <rigol_ip_address>
or
python3 rigol_mso_util_2.13b.py --sysvendor-key --sysvendor-key-fast <rigol_ip_address>

#3 -> change sysvendor model in sysvendor file (can also be used on --mac and --serial)
python3 rigol_mso_util_2.13b.py --offline --sysvendor-file <file_saved_at_step_1> --use-sysvendor-key <key_from_step_2> --model <your_desired_model>

#4 -> write modified sysvendor to device
python3 rigol_mso_util_2.13b.py --write-sysvendor --write-sysvendor-file <file_from_step_3> <rigol_ip_address>

#5 -> reactivate licenses
python3 rigol_mso_util_2.13b.py --regen <rigol_ip_address>

ADD: device xxtea key finder
Code: [Select]
#using version 1
python3 rigol_mso_util_2.13b.py --sysvendor-key --sysvendor-key-slow <rigol_ip_address>
#using version 2
python3 rigol_mso_util_2.13b.py --sysvendor-key --sysvendor-key-fast <rigol_ip_address>
ADD: write new sysvendor.bin to device (memory + file)
Code: [Select]
python3 rigol_mso_util_2.13b.py --write-sysvendor --write-sysvendor-file <file_from_step_3> <rigol_ip_address>

I have to run all the codes right including the sections "ADD: device xxtea key finder" and "ADD: write new sysvendor.bin to device (memory + file)" .

If there will be a firmware update , can we update it without an issue? 

Thanks in advance.

@BTO , Dear BTO, I am really sorry for not being able to answer.

- Ohh i reckon i can forgive you THIS ONE TIME 

I have read all the posts, but I have little knowledge on this subject. So can you guide me on this matter? I already have all the options except bandwidth. So, I want to upgrade it from 600MHz to 2GHz only.

Sure, no problem, it's easy

Go to this link
https://www.eevblog.com/forum/testgear/hacking-the-rigol-mso5000-dr-mefisto-licensing-method/

that link will have information , but you then go to this cloud location (this has everything)

https://mega.nz/folder/A8cEgQRI#5FSoMrCurJi71T7VkRPgYQ
download the PDF
download the SCRIPT
download the GEL FILE (Actually in your case) Since that link location has GEL Files for MSO5000,

FIRST, GET THE LATEST FIRMWARE UPDATE GEL FILE FROM THE MANUFACTURER
Here is the link
https://www.rigolna.com/products/digital-oscilloscopes/MSO8000/

Update your scope to the latest, then Follow the PDF

it's pretty straight forward, if you have any issues let me know.
The process is now much much easier and quicker than it was when all this started.  Don't even worry about it

[BTO]

If there will be a firmware update , can we update it without an issue? 

Thanks in advance.

TO ANSWER YOUR LAST QUESTION (Sorry i forgot)

Yes, After your scope is properly licensed, You will be able to upgrade legitimately without a problem and never have to worry about patching or licensing again.
it'll just be a matter of .. Go to the site, Download the firmware,  Upgrade as normal.

IF NEEDED
The script has provision for you to uninstall options should you need to take the scope back to rigol.
Anyway...   Yes, you can upgrade the firmware , moving forward, without a problem


EDIT :
it seems like your current firmware is     2.0.0.12
THE CURRENT FIRMWARE IS ACTUALLY  2.2.0.0

So i say.. Yes definitely upgrade the firmware before running the script (although, you can do it before or after, it doesn't matter)

I have included the Current firmware in the attachment

[strahd_von_zarovich]

I couldn't wait for the answer 

I managed to do it somehow following the steps. 

I think it is done successfully since I don't remember that I can set the time scale to 200ps.

Thanks again.

[BTO]

I couldn't wait for the answer 

I managed to do it somehow following the steps. 

I think it is done successfully since I don't remember that I can set the time scale to 200ps.

Thanks again.

that's great, it looks like it worked, However that Web Control list seems somewhat limited, i would go to the scope and check it directly
Also, You still need to upgrade the firmware, But.. yeah it looks like you've done it, Congratulations

also, I told you it was easy