Sniffing the Rigol's internal I2C bus

[McBryce]

That's the one

Sorry I don't have a windows executable, I compiled it on SuSE 13.2.

McBryce.

[hammy]

I noticed there is an other version (rigup-0.4.1-mso1000z) you probably refer too
the only problem is this does not include executable file and I don't have required setup to compile it to run under Windows' Command session.
Anyone has the executable file ?

~250 posts ago (Reply #3754) I used this rigup-0.4.1 version to extract the keys for my MSO-1074z ...
I made the memory dump with windows 8.1 but I compiled the rigup with Linux on my RasPi. (Any other Ubuntu Linux running in a VirtualBox should do the job.)

[pierre288]

Hi Hammy,
thanks for info...

well I've been thinking to get a Pi for long.
now have a good motivation to move...hi
I expect a fairly long learning curve though but I guess I need to start somewhere.

thanks
pierre288

[Vtech]

Hi,

I've found some interesting SCPI commands for the 1000Z series.

SYST:BW
SYST:BW?

The most interesting one is SYST:BW <70 or 100>. Judging from the rise time it actually changes the bandwidth of the scope. Sending SYST:BW 100 switches bandwidth of my MSO1074Z-S to 100MHz. Unfortunately it doesn't give 2ns time base nor changes model to MSO1104. It also doesn't last after cycling the power. Still it may have some small usage. Unfortunately it is not possible to change bandwidth to 50MHz (it would be useful for me). Trying to set 50MHz gives 70MHz.
It is also possible to check current bandwidth using SYST:BW? It returns "70" or "100".

I've also checked some other hidden options but I wasn't able to figure them out:

SYST:PRESs
SYST:UDEVice
SYST:UDEVice? (this returns "COMP")
SYST:FLASh:WRITe (this one looks interesting unfortunately there is no READ command)
SYST:KEY:INCRease
SYST:KEY:DECRease

Edit:
I forgot to mention that I've used command list posted by PeDre (https://www.eevblog.com/forum/testgear/sniffing-the-rigol%27s-internal-i2c-bus/msg682648/#msg682648)
My firmware is 04.01SP2

SYST:UDEV command switches USB device port between computer and PictBridge.

[Trax]

If one gets the "Rigol MSO1104Z-S" are there any things to be unlocked? Or is that the full version?
And if this is not the full version than I guess one can go directly for the cheaper "Rigol MSO1074Z-S" and unlock one more thing afterwards?

[Trax]

com on answer!

[miguelvp]

there are still options unless you get them all.

lookup the model at tequipment.net and see what options can be purchased.

[AndersAnd]

If one gets the "Rigol MSO1104Z-S" are there any things to be unlocked? Or is that the full version?
And if this is not the full version than I guess one can go directly for the cheaper "Rigol MSO1074Z-S" and unlock one more thing afterwards?

There's no full versions out of the box. Extra options are listed here:
http://www.rigol.com/prodserv/DS1000Z/

Code: [Select]

Deep Memory Option 24Mpts (1 CH)/12Mpts (2 CH)/6Mpts (4 CH)Memory MEM-DS1000Z
Waveform record option Real Time Waveform Record and Replay function REC-DS1000Z
Advanced Trigger option RS232/UART,I2C,SPI,Runt,Windows,Nth Edge, Delay,Time Out AT-DS1000Z
Serial Analysis  Option RS232/UART,I2C,SPI trigger and decoding functions SA-DS1000Z

[m-joy]

Hi guys, can i update from 2.x version of my Rigol DS2072 (non A Version) which is patched to all options to version 00.03.03.01 without loosing stuff?

[ted572]

Hi guys, can i update from 2.x version of my Rigol DS2072 (non A Version) which is patched to all options to version 00.03.03.01 without loosing stuff?

Yes, no problem at all.

[m-joy]

strange i can not install update on my ds2072.
i took the file from here: http://beyondmeasure.rigoltech.com/acton/fs/blocks/showLandingPage/a/1579/p/p-001a/t/page/fm/0
then i followed the pdf instruction.
First i checked if the stick is recongnized...check....
I get into the menu where the SINGLE light is activ....check...
Then i put in the stick when the SINGLE light is activ. But nothing happns then. The CH1 light does not light up....
I already tried 3 different ups sticks ^^

---- update: waiting 1min before inserting the stick did the trick...

[ted572]

. . . I get into the menu where the SINGLE light is activ....check...  Then i put in the stick when the SINGLE light is activ. But nothing happns then. The CH1 light does not light up....   I already tried 3 different ups sticks ^^

Is your USB Flash Drive formatted with FAT32?  Is it empty except for the Firmware update in the root directory?

[daemonix]

Hi all,

I have a 1074z unlocked. What is the latest update of firmware i can go without losing the unlocks?!?

I see the new firmwares have some nice with gui updates.

Thanks

[ted572]

Hi all,

I have a 1074z unlocked. What is the latest update of firmware i can go without losing the unlocks?!?

I see the new firmwares have some nice with gui updates.

Thanks

You can safely install the latest Firmware.

[daemonix]

I remember at some point they pached the online key generator. Is there a new one? (I think it was because they changer the 'master key')

Thnaks a lot mate

[ted572]

I remember at some point they pached the online key generator. Is there a new one? (I think it was because they changer the 'master key')

Thnaks a lot mate

The current Keygen is 'Riglol Keygen 1.03d', previously it was version 1.33c.  It was only updated from 1.03c, to 1.03d for the DP832 Series Power Supplies with Firmware version 1.08 and above.  Version 1.03c still works fine for everything else that is listed in the Keygen.
Edit: Added the text in BOLD above.

[McBryce]

I remember at some point they pached the online key generator. Is there a new one? (I think it was because they changer the 'master key')

Thnaks a lot mate

The current Keygen is 'Riglol Keygen 1.03d', previously it was version 1.33c.  It was only updated from 1.03c, to 1.03d for the DP832 Series Power Supplies with Firmware version 1.08 and above.  Version 1.03c still works fine for everything else.

Except the MSO1xxx devices which have their own patched version of Riglol and need to be JTAGed to get a memory dump.

McBryce.

[ted572]

I remember at some point they pached the online key generator. Is there a new one? (I think it was because they changer the 'master key')

Thnaks a lot mate

The current Keygen is 'Riglol Keygen 1.03d', previously it was version 1.33c.  It was only updated from 1.03c, to 1.03d for the DP832 Series Power Supplies with Firmware version 1.08 and above.  Version 1.03c still works fine for everything else.

Except the MSO1xxx devices which have their own patched version of Riglol and need to be JTAGed to get a memory dump.

McBryce.

Everything else, is everything else listed in the Keygen, and yes the MSO01xxx is NOT listed or covered by either or any Keygen version to date. 

[daemonix]

I remember at some point they pached the online key generator. Is there a new one? (I think it was because they changer the 'master key')

Thnaks a lot mate

The current Keygen is 'Riglol Keygen 1.03d', previously it was version 1.33c.  It was only updated from 1.03c, to 1.03d for the DP832 Series Power Supplies with Firmware version 1.08 and above.  Version 1.03c still works fine for everything else.

Except the MSO1xxx devices which have their own patched version of Riglol and need to be JTAGed to get a memory dump.

McBryce.

Everything else, is everything else listed in the Keygen, and yes the MSO01xxx is NOT listed or covered by either or any Keygen version to date.

Thank you all
Ill ask for the latest firmware from rigoluk

[neslekkim]

Ill ask for the latest firmware from rigoluk

I asked here http://beyondmeasure.rigoltech.com/acton/form/1579/0012:d-0001/1/index.htm?id=0012
and got the firmware couple of hours later. (that was for ds2 series though.

[ted572]

Suggestion: Do NOT remove Options before updating Firmware!  We have never seen new Firmware that we installed remove the Options, although we have seen instances where when Firmware has been updated we were NOT able to install, or re-install the Options.

Please feel free to check this out with others here on the forum if you have doubts.

But to be safe I would NOT remove any Option unless you want to return your unit for Rigol factory repair, which by the way is very seldom ever required.  If your unit works for the first 30 days Ok it will probably last much longer than 3 years (if you don't seriously abuse it yourself).

Generally when someone returns an item for Rigol factory repair they will remove the Options for you, and in general you will never be able to re-install them yourself.  But then how bad can that be, because the Rigol gear is awesome for the price we pay for it even without the Options hijacked in.  And, you can still buy the Options if you want them bad enough.

Please don't ask me how to remove Options.  You can search for this information here in the EEVblog.  And by the way the Options Can NOT be removed by us in the 'DSA800 Series.  But don't worry, Rigol knows how to do it.  Hi Hi

[McBryce]

Except the MSO1xxx devices which have their own patched version of Riglol and need to be JTAGed to get a memory dump.

McBryce.

Everything else, is everything else listed in the Keygen, and yes the MSO01xxx is NOT listed or covered by either or any Keygen version to date.

Ah ok, I didn't understand it that way. However, many people seem to mistakenly think that the DSO1xxx hacks will work on the MSO. I've seen many comments (on this blog and others) assuming that that's the case.

McBryce.

[Trax]

Is the only difference with regard to hacking between the MSO01xxx and the DSO01xxx that for the MSO a J-Tag memory dump is needed?
Or is there something else thats different?

[BloodyCactus]

Suggestion: Do NOT remove Options before updating Firmware!  We have never seen new Firmware that we installed remove the Options, although we have seen instances where when Firmware has been updated we were NOT able to install, or re-install the Options.

except the new firmware for the AWG DG4062, if you set to 200mhz (a model they didnt sell) the new firmware reverts it to 60mhz, if you set it to 150mhz it will stay.

[ted572]

Suggestion: Do NOT remove Options before updating Firmware!  We have never seen new Firmware that we installed remove the Options, although we have seen instances where when Firmware has been updated we were NOT able to install, or re-install the Options.

except the new firmware for the AWG DG4062, if you set to 200mhz (a model they didnt sell) {Because it was never even offered by Rigol; *Ted5472} the new firmware reverts it to 60mhz, if you set it to 150mhz (correction - 160MHz*) it will stay.

This was an exception, because this was never a Rigol offered capability (or as we incorrectly referred to it, a Option).  See -> https://www.eevblog.com/forum/testgear/dg4000-a-firmware-investigation/msg581608/#msg581608  (DG4000 Firmware thread, Post #270)
It still stands that 'We have never seen new Firmware that we installed remove the Hacked in Options'.  Again, 160MHz was never an Option, although the capability was discovered and found how to get it, it was not fully functional to the Rigol, i.e. the amplitude flatness specifications as were the valid frequency BWs that were available from Rigol.  And it took some special tricks with the DG4000 calibration to get it to be decent.  Which is also documented by me and others in the DG4000 Firmware thread.