With the help of new patched firmware developed by our forum member, @konnor, you can take the memory dump of MSO1000z series scopes and extract the keys from the dump, no JTAG adaptor or any hardware effort or taking the scope apart is required anymore.
1- Download the pathed firmware from the first post of the this thread:
https://www.eevblog.com/forum/testgear/rigol-ds1000z-firmware-patch-plugins/msg1467130/#msg1467130 .
You have to download the two splited files, rename their extension to “rar” and extract the DS1000ZUpdate.GEL file out of the archive.
2- Copy the patched firmware file into a 4GB FAT32 formatted USB disk and put in to the scope,. After inserting the flash drive, scope prompts you to upgrade to firmware (into the same version if you have the latest version).
3- Once the patched firmware installation is done, connect your scope to your local network with an ethernet cable and make sure it's been connected and obtained an IP address. (if you don't have a DHCP server, you can manually assign a proper IP address from the menu). In order to make sure the scope is connected and reachable from your PC, try to ping its IP address and check the scope is responding.
4- For this step you need a windows machine, I used VirtualBox to host a new windows VM and run the utility. Download the required utility from this post:
https://www.eevblog.com/forum/testgear/rigol-ds1000z-firmware-patch-plugins/msg1478726/#msg1478726and then extract it on your computer. Next from the “release” folder run the following command:
rigolif.exe r -ffw.bin -l0x3FFFFFF -a0x40000000
this command dumps the memory contents of your scope in to a file named “fw.bin”
During the memory dump process you may see a few errors, generally it's not a problem, but if in the next step you couldn't extract the keys, repeat the process from this step (step 4) again and continue.
5- Download the rigup tool from this URL:
http://gotroot.ca/rigol/rigup-0.4.1-mso1000z.zip . For this step I used my MacOS X machine and simply build the executable file from the source code by running this command in the same folder which the downloaded file has been extracted:
make
if you have a windows machine, you have to compile the file yourself (I don't know which compiler and which settings is required). You can extract the keys from the dump file with this tool as well:
http://gotroot.ca/rigol/rigup-0.4.2-x86_64-win.zip(this is just extraction, to generate the license keys, you have to use the MSO1000z version of rigup).
6- Copy the fw.bin file (obtained from step 4) in to the same folder which you have extracted the rupup tool and run the following command:
rigup-0.4.2-x86_64-win.exe scan fw.bin > keys.txt
(of course you may need to modify the command, correct executable file name and paths and etc…)
Once the command finishes, you can check the extracted keys with this command:
type keys.txt
You must have a file contains something like this:
Hacked up for MSO1000Z(-S) rmd79, 0ff eevblog.com
RC5KEY1: 6CDBAC1CCE16B5048F2425237A8A0EF4
RC5KEY2: CFFED4830820DAA382AE39E5ACCDA639
XXTEAKEY: E141B9AE1AA4773F5CF9B5B9341DB788
PUBKEY: 005497018B62F230
PRIVKEY: 0099FC5DFBE778D0
SERIAL: DS1ZC182871920
If you have a generated file like this, bingo, you're almost done. The rest is generating the license keys. I assume generating the license codes are well documented and it's not required to mention it again here. However if you had any problem, please let us know and we'd help.