Sniffing the Rigol's internal I2C bus

[mrflibble]

I'd be happy to write one myself, or even start a separate thread with all the instructions, plus a video showing me doing it with my scope. I just need to understand which method is better, and figure out which firmware is which etc. I guess I'll try and slug through the whole thread.

In the interest of future n00bs, please do. Write a summary of the installation procedure that is easy to follow for others I mean. Otherwise you are just another "me too" never to be heard of again after they fixed stuff for themselves. See enough of that shit in other threads already. Notably the Flir E4 thread.

[neslekkim]

I have read most of the thread, but it's 61 pages!! It's crazy. And where is the summary? I can't find a summary that includes both methods and the steps required.

I'd be happy to write one myself, or even start a separate thread with all the instructions, plus a video showing me doing it with my scope. I just need to understand which method is better, and figure out which firmware is which etc. I guess I'll try and slug through the whole thread.

around the pages here https://www.eevblog.com/forum/testgear/sniffing-the-rigol's-internal-i2c-bus/2835/ there is a good summary.

[GlassFET]

New here. I'm an experienced analog engineer, but an IT neophyte, so please go easy on me for what could be a stupid question:

I want to hack a DS2102A. My software version is 00.02.00, never touched. I am nervous about messing up the unit, so I tried to "dry run" some of the procedure WITHOUT first loading the hacked FW, just to get a handle on it before taking that first step. When I perform the "*IDN?" query in UltraSigma, it returns: "RIGOL TECHNOLOGIES,DS2102A,DS2D15xxxxxxx,00.02.00". I do not see the string beginning with "02008400..." that I was expecting.

So, is this simply because I have not yet loaded the hacked FW which would enable the correct response, or something else I'm doing wrong?

Thanks

[corax]

So, is this simply because I have not yet loaded the hacked FW which would enable the correct response, or something else I'm doing wrong?

Yes.  That's the point of the hacked firmware- to add a dump of the keys to that output.

[GlassFET]

Corax,

Thanks for answering my simpleton question. OK, I guess I will have to "bite the bullet" and load the revised FW then.

[neslekkim]

Read the url I posted right above your question, everything is written there..
you only need the hacked firmware to get the keys out, save them, and use rigup to create the license.
You can choose to revert to latest official firmware, no need to keep the hacked in the scope.

[GlassFET]

That's wonderful. Thanks to all.

[MrAureliusR]

I'd be happy to write one myself, or even start a separate thread with all the instructions, plus a video showing me doing it with my scope. I just need to understand which method is better, and figure out which firmware is which etc. I guess I'll try and slug through the whole thread.

In the interest of future n00bs, please do. Write a summary of the installation procedure that is easy to follow for others I mean. Otherwise you are just another "me too" never to be heard of again after they fixed stuff for themselves. See enough of that shit in other threads already. Notably the Flir E4 thread.

That was exactly what I was trying to avoid -- I am not by any means new to forums. I've been using them for almost ten years and I know the etiquette. However, I also know what constitutes a good, well-organized thread -- and this is far from it. I understand that the easier it is, the more Rigol will try and stomp it out, but that will never fully happen. As long as you can update firmware, the hacks we have now will never be undone.

Plus, if I do make a video and instructions, I will re-host all the files myself, and post it elsewhere so it doesn't get fully associated. As soon as I have a walkthrough video done I will let interested parties know.

[Nebukad]

I've done this Hack on my DS2072A-S, so if it works with this one, it will also work with any other 2xxx.
Here is, what you have to do:

1) Download https://mega.co.nz/#!MdcEWTgL!0EEmSr-Q6TxaFSsyEmjhRrgqDvFCoXg9K49BalL5Uxc
2) Install this firmware during bootup - check Rigol's guide on how to do that
3) Connect the scope to a PC using USB.
4) Install and start "Rigol Ultra Sigma", right click on your scope, open "SCPI Control Panel" and "Send&Read" string "*IDN?"
5) Copy string from comma after serial # of your DS2xxxA to the end ("02008400...").
6) Open HEX editor, create a new file and paste string as HEX (not ASCII).
7) Copy serial # of your DS2xxxA.
Append serial # as ASCII to the data in HEX editor.
9) Append "00" as HEX.
10) Save file as "keyfile.bin" to folder with "rigup" (https://mega.co.nz/#!qAkUkTZB!XG12bUKhIz4CmQt6DbBnGRMvEe5AvUjEaBxi4R03tw8).
11) Open command line and navigate to folder with "rigup".
12) Execute "rigup scan keyfile.bin" and get some keys:

RC5KEY1:        88359067012Exxxxxxxxxxxxxxxxxxx
RC5KEY2:        3D44CD4EC48Fxxxxxxxxxxxxxxxxxxx
XXTEAKEY:       95F6CC12864Axxxxxxxxxxxxxxxxxxx
PUBKEY:         006CE7F7xxxxxxxx
PRIVKEY:        008ABBC4xxxxxxxx
SERIAL:         DS2D154xxxxxx

13) Copy them to another text file "keyfile.txt" in "rigup" folder.
14) Execute "rigup license keyfile.txt NSxx", where:

NSEH (0x1C087) - All options
NSER (0x1C08F) - 100 MHz + all options
NSEQ (0x1C097) - 200 MHz + all options
NS8H (0x1C0C7) - 300 MHz + all options

15) Copy license key.
16) In "Rigol Ultra Sigma" -> "SCPI Control Panel"" -> "Send&Read" ":SYSTem:OPTion:INSTall YOURLICENSEKEYWITHOUTDASHES".

This is Variant b.
Thx Fagear for the instructions and of course big thanks to zombie28 and tirulerbach, who made this hack possible!

[jkw13]

It's now Firmware version  00.01.09 for the DP800 Series including the DP832 (non A).  And I understand that it's not good news with all options lost, and no way to go back to FW 06, or 08.

Note: This Firmware has been provided to DP832 (non A) users by Rigol for those that had requested a FW Update for their units.

Ref.  RIGOL DP832 Power Supply - firmware upgrade, « Reply #36 on: Yesterday at 03:38:23 AM »   Although I don't think Rigol supplied this particular person his FW 09.

In the post you reference, Sebastian states "the Riglol Keys don't work" --- which is no different from 01.08 where they didn't work either (and why people downgraded to 01.06 to install the keys and then upgraded to 01.08). 

How exactly are you concluding "all options lost"?

The trick with getting the options in 1.06 and then upgrading to 1.08 never worked for me. If I would install all the options in 1.06 and upgrade to 1.08 everything would be lost, not just the trigger option as other people here report for there units. If I would then go back to 1.06 the options would be there again without entering the codes again.
FW1.09 is essentially the same as 1.08, none of the bugs are fixed, the only difference is that you can not flash older versions anymore because of the new bootloader,

Same thing happened to me, I stupidly did the 1.09 upgrade also
Had it all calibrated in 1.06, but found the bugs too annoying.
Bu**er
Maybe one day some brlliant person will find a way around this??

[Giggy]

Hey Guys,

Finally got around to hacking my oscilloscope (DS2072A) and it went well, I have enabled 300MHz bandwidth with all options.
I decided to document my process with a good amount of detail and have created a PDF. I recommend anyone who would like
to hack their to view this. I had to upload the file elsewhere because of the 2mb imposed on us my eevblog.

The document was generated from information collected from this thread, thanks to all those whom contributed.

If there are any recommendations/revisions for the document let me know.

All the Best.

- Please view revised post on page 204 -

[Rigby]

by the way, has anyone tried anything (hack/poke around) on the newer DS1xxx series?

Yes.  Please take the time to read the thread.

[GlassFET]

OK, I flashed my DS2102A with Zombie28's hacked FW. I verified that it had flashed because the system now shows that version 00.02.01 is loaded and it was 00.02.00 before.

When I run Ultra Sigma and do the *IDN? query, I get:

-> *IDN?
<- (Return Count:50)
RIGOL TECHNOLOGIES,DS2102A,DS2D15xxxxxxx,00.02.01

I tried reflashing and was very careful to use the correct DS2000update.gel file. Same result.

This is the same behavior I saw before with my original un-hacked FW. I'm not getting the long string for the key as expected.  Huh?

Any ideas? What am I doing wrong?

[GlassFET]

Re: My prior post just above. I tried re-flashing a third time (same hacked FW file) and this time I got the key string in Ultra Sigma. Strange.

On the prior two attempts I noticed that my free option trials had vanished. Upon rebooting after this third flash, the welcome screen showed my trials again.

[GlassFET]

OK, success! 300MHz+ all options. A thanks to all the smart people who made this possible!

A question: I understand that I may still flash new FW without losing these options. But, if I keep Zombie28's FW in the scope, will it perform identically to regular 00.02.01.00.03 FW? In other words, any reason to replace the FW with un-hacked FW? I don't want to tempt fate...

[neslekkim]

Read what I wrote to you on the previous page..

[Rigby]

How many of you are upgrading because you can vs. upgrading for features you need?

[GlassFET]

Read what I wrote to you on the previous page..

Yes I did read your post that there is no need to keep the hacked firmware. That's different from my question, which is there any performance limitation in the hacked software that would drive one to replace it with original FW? The flashing process posed me some problems having to do with the USB connector or size of my USB stick. If I don't have to replace it to recover some feature or capability, I'll leave it with the hacked FW.

[neslekkim]

If it is the same version as the last, just keep it, but don't let it stop you from upgrading.
I used an 4gb sandisk, worked very good, but the rigol is kinda picky about the usb stick, and that is also documented in the official firmware upgrade doc. (It states that you need to test the usb sticks on the rigol before you attemt to start upgrading)

[GlassFET]

If it is the same version as the last, just keep it, but don't let it stop you from upgrading.
I used an 4gb sandisk, worked very good, but the rigol is kinda picky about the usb stick, and that is also documented in the official firmware upgrade doc. (It states that you need to test the usb sticks on the rigol before you attemt to start upgrading)

I think that USB memory stick compatibility must have been the issue, requiring three flashing attempts. The smallest stick I could find around here was 8GB, so that's what I used. I've read that the stick should be less than 4GB, or less than 8GB, depending on which source you read, so I knew I was close to the edge. I did read (some of us actually DO read instructions) about inserting the stick and looking for "USB detected" as a test. That test worked fine, and I was able to print a screen image to the stick, so I thought I was good-to-go. I will have to find a 2GB or 4GB stick someplace. (Perhaps one can't buy them that small anymore?). But in the meantime I wanted to keep Zombie28's FW and use the scope without worrying about performance issues. Thanks.

[commongrounder]

If it is the same version as the last, just keep it, but don't let it stop you from upgrading.
I used an 4gb sandisk, worked very good, but the rigol is kinda picky about the usb stick, and that is also documented in the official firmware upgrade doc. (It states that you need to test the usb sticks on the rigol before you attemt to start upgrading)

I think that USB memory stick compatibility must have been the issue, requiring three flashing attempts. The smallest stick I could find around here was 8GB, so that's what I used. I've read that the stick should be less than 4GB, or less than 8GB, depending on which source you read, so I knew I was close to the edge. I did read (some of us actually DO read instructions) about inserting the stick and looking for "USB detected" as a test. That test worked fine, and I was able to print a screen image to the stick, so I thought I was good-to-go. I will have to find a 2GB or 4GB stick someplace. (Perhaps one can't buy them that small anymore?). But in the meantime I wanted to keep Zombie28's FW and use the scope without worrying about performance issues. Thanks.

I'm so glad I kept a bunch of those old 1GB USB flash drives around.  They all work perfectly in my DS4000 series 'scope.

[Giggy]

Hey Guys,

Finally got around to hacking my oscilloscope (DS2072A) and it went well, I have enabled 300MHz bandwidth with all options.
I decided to document my process with a good amount of detail and have created a PDF. I recommend anyone who would like
to hack their to view this. I had to upload the file elsewhere because of the 2mb imposed on us my eevblog.

The document was generated from information collected from this thread, thanks to all those whom contributed.

If there are any recommendations/revisions for the document let me know.

All the Best.

http://www.mediafire.com/view/2avoeclmwvvlfsf/DS2072A.pdf

mediafire is not happy with me trying to download the PDF ...
will you be so kind to email it to me? 3roomlab at gmail dort com :p

by the way, has anyone tried anything (hack/poke around) on the newer DS1xxx series?

Are you able to view online? It comes up in a pdf reader for me?

Sent it off to you, let me know if you receive it.

[NYG]

tnx giggy, got it.
(yes i was able to see it online, but i cant R-click to save as)
(and maybe since im un-decided over which DSO to get, maybe i should just get the one with the better graduation which displays slightly more like an agilent)

When I first saw that video I was concerned so I hooked my new DS2072A up to a video signal. It looks great. No issues.

[NYG]

Not as nice as that Agilent but I'm pleased with it.

Hopefully this works..

[AndersAnd]

tnx giggy, got it.
(yes i was able to see it online, but i cant R-click to save as)

Just click the big green download button here: http://www.mediafire.com/download/2avoeclmwvvlfsf/DS2072A.pdf
Right-clicking doesn't work.