AFAIK EEVBlog user cybernet is the one that threw some stones at the Rigol firmware, then poked it with a stick and it soon became obvious, that the encryption must have been implemented by an unpaid intern - or something along that line.
Related: http://poke152.blogspot.com/2013/07/riglol.html
Nice, he seems to have reversed the firmware qnd it looks like it only has one public key in it.
Once a keygen is released for a test equipment, it becomes very difficult for the manufacturer to close the door.
Unless the number of sold devices is reduced, so that the new FW can contain the serials and respective options of all devices, it is basically impossible to change the license mechanism without having all legitimate customers entering new keys.
The Riglol hack produces serials that are 100% identical to the official ones. How should a new FW invalidate illegitimatly activated options?
It is perfectly safe to install new DS1054Z FW releases and meanwhile it has been made public how to revert to older FW by use of a magic USB disk.
Regarding the other questions: I am not at home and I have not tested anything.
Regards,
Vitor
Having multiple private keys and if one becomes compromised, deactivate one. Reissue activation codes to the legitimate costumers that have been issued activation codes with the compromised private key.
While it seems to not be the case, it's perfectly possible and if I were to engineer the product, that would be the way I would do, specially considering these multinational companies were they have offices overseas with just sales people and then there are the subversive employees. It's a 2-in-1: disable the hacks and find the responsible.
Also, it's not impossible. If Rigol wants to block past "illegitimate" software upgrades with a software update, they can.
They might have sold a lot of scopes, but these things don't sell in the numbers of PlayStations or iPhones, also most of them are bought for education and QA (running pass/fail tests), so the number of costumers that bought these scopes and upgraded must be really low, let's say 1 million.
If Rigol really wanted, they could include a whitelist in the new firmware, just 1MB would be good enough for 1 million 8bit hashes of the permitted machines. Then issue a second public/private key pair.