Sniffing the Rigol's internal I2C bus

[Tilman]

@Bud: not working for me, only the 200MHz is working 

@Sparky: i tried 3 Laptop running Win 8.1 x64 and one Win7 32bit, no Change 

[danander11]

1) The 300 MHz key is sometimes incorrect, and the DS/MSO detects and rejects it as such,

Just had a DS2072A updated to 300MHz. FW 00.03.00.SP1, HW 2.0

Used Bildschirmkopie to dump data from the scope via a SCPI command
:SYST:UTIL:READ? 15441920,13262848
then goes rigup-0.4 to generate the keys
then again Bildschirmkopie to install a key
:SYSTem:OPTion:INSTall A_KEY_WITHOUT_DASHES

Bildschirmkopie : http://peter.dreisiebner.at/rigol-bildschirmkopie-lan/download.htm
rigup-0.4:  http://gotroot.ca/rigol/

I am not sure why bother changing the scope firmware via a USB stick risking to brick the device, unless it is because of other goodies that I am not aware of. If all you want is options and bandwidth, the above procedure is non-intrusive and safe.

Is there some trick in getting Bildschirmkopie to see the DS2072A?  I've tried the utility method but that didn't work..  (I think something to do with the fact that I cannot get it to reset on startup), but the utility sees it just fine...  I just get a length error message and cannot get past that point.

So I'm trying the Bildschirmkopie method...  It does not see the scope via LAN, (I pull up the IP on the DO and enter it into the search feature), nor does it see it on USB...

The one difference I note from others on here is that I have SW Version 00.03.01...

Frustrating.

[TheBay]

Instead of starting a new topic I thought I would post here.

Just bought a DS2072 non A model. From Toploser (Topbloke more like  )

I have read pages and pages and pages on hacks for this model, things have changed a few times over the time it's been out so have a few questions.

Firstly I want to reset it back to defaults, remove all hacks (300mhz is enabled)
Update firmware (Not sure which is the best version?)

And enable all the options/hacks, but can someone please tell me what the best options are to enable and does 300mhz work on the non A correctly?
Apart from the 1m/50k switch do we now know any different between the A and Non A from a hardware point of view?

Any advice with the above will be gratefully appreciated.

[Bud]

Is there some trick in getting Bildschirmkopie to see the DS2072A?

No, I just ran the program and it worked by either search on the LAN or manual entering the scope IP.

Do you have a DHCP server/router on your LAN? Make sure the scope gets a correct IP that belongs to your LAN subnet and the proper default gateway. Try to ping the scope's IP from your computer, if you cannot reach it by ping then programs will not find it on the LAN.

I did not try Bildschirmkopie in USB mode, in fact I have not ever connected my scope to USB. But I'd guess when you plug it in you could check in Device Manager (if you are on Windows) that it shows up there in the list of USB devices.

Let us know if any progress.

EDIT: make sure you trying to connect  using a single method, i.e. unplug the USB when trying by LAN, see if this helps.

[plasijo]

Hi,
I used the following steps:
:SYST:UTIL:READ? 1,33554432
"Senden und Empfangen" button - the result is file with huge amount of data (32MB), but I was definetely succesful. Be patient, the read process is long (approx. 5 minutes) and during this time "Bildschirmkopie" seems to be non-working.
"Speichern" button ... save the file for rigup.
I hope everything is clear after that.

[Bud]

For the purpose of extracting necessary data it is sufficient to run
:SYST:UTIL:READ? 15441920,13262848

which is a smaller 13Mb data dump.

The copy of Bildschirmkopie I am using can 'speak' English (v0.6.5.767)

Anyway, I tried Bildschirmkopie with USB, it can see the device in the Search screen, but sending commands did not work. So for me it only worked via LAN to my DS2072A.

danander11: When I connected the updated scope to USB before I installed Rigol's Ultra Sigma software, the scope popped up in  Windows Device Manager as "Other Device - DS2302" with a question mark, but at least it was an indication Windows could see the device, was just missing proper device drivers. I then installed Ultra Sigma and after that the scope appeared as a USB Test and Measurement Device, see the picture.

I could also get the data from the scope using Ultra Sigma program but could not figure out how to save in binary, so for the purpose of getting the data out to unlock the scope, Bildschirmkopie via LAN is the way to go.

[cap4096]

If it is using one of the Firmware versions mentioned, then , Yes.

Try it and report back.

It seams to work!

/Cap4096

[danander11]

For the purpose of extracting necessary data it is sufficient to run
:SYST:UTIL:READ? 15441920,13262848

which is a smaller 13Mb data dump.

The copy of Bildschirmkopie I am using can 'speak' English (v0.6.5.767)

Anyway, I tried Bildschirmkopie with USB, it can see the device in the Search screen, but sending commands did not work. So for me it only worked via LAN to my DS2072A.

danander11: When I connected the updated scope to USB before I installed Rigol's Ultra Sigma software, the scope popped up in  Windows Device Manager as "Other Device - DS2302" with a question mark, but at least it was an indication Windows could see the device, was just missing proper device drivers. I then installed Ultra Sigma and after that the scope appeared as a USB Test and Measurement Device, see the picture.

I could also get the data from the scope using Ultra Sigma program but could not figure out how to save in binary, so for the purpose of getting the data out to unlock the scope, Bildschirmkopie via LAN is the way to go.

Thanks Gents...

One of my issues was that I was trying to connect via Win8.1....  which decided to give me grief.  I've installed everything on a Win7 box and it connects right up via LAN.  I've used Bildschirmkopie to send and read using :SYST:UTIL:READ? 15441920,13262848 and have gotten my 13mb scpi file...

From here I've decided to stop and read until I understand the process a bit better...  rigup won't look at the scpi file so I've installed HxD to look at the file..  but from there I'm not quite sure what to do.   So I'll read a bit more.  There seems to be a few divergent paths that folks have taken and I don't want to get caught out changing horses in the middle of the stream, as it were... and brick the scope.

I appreciate all of your help so far!

Cheers!

[Bud]

OK so you have done the heavy lifting and got your scpi data, say the file name is mydata.scpi . Next steps are:

- copy the .scpi file to rigup folder
- open a command line window and from rigup folder run

   rigup scan mydata.scpi > EC-keys.txt
   rigup DS2072A mydata.scpi > Options.txt

this will create two files with keys and options

- open options.txt in a text editor, copy paste the desired option key to  Bildschirmkopie (remove dashes)
:SYSTem:OPTion:INSTall A_KEY_FROM_OPTIONS_WITHOUT_DASHES

Press Send button and watch the scope screen, it should beep and show a progress bar for a few seconds. Once done you are good to go!
verify in Utility -> Options -> Installed what you got
 

[danander11]

OK so you have done the heavy lifting and got your scpi data, say the file name is mydata.scpi . Next steps are:

- copy the .scpi file to rigup folder
- open a command line window and from rigup folder run

   rigup scan mydata.scpi > EC-keys.txt
   rigup DS2072A mydata.scpi > Options.txt

this will create two files with keys and options

- open options.txt in a text editor, copy paste the desired option key to  Bildschirmkopie (remove dashes)
:SYSTem:OPTion:INSTall A_KEY_FROM_OPTIONS_WITHOUT_DASHES

Press Send button and watch the scope screen, it should beep and show a progress bar for a few seconds. Once done you are good to go!
verify in Utility -> Options -> Installed what you got
 

Once again I have to say thanks a million!   

It's not working for me though as the EC-keys.txt and Options.txt are both empty.  Not sure why that is...  I ran Bildschirmkopie again to see if maybe I had a corrupt scpi file but got the same result.  I'll dig into it later tonight or tomorrow and see if I can sort out why... 

I have to write a paper on sustainability that's due tomorrow..  yee haa   

[Bud]

I see.  Just in case, worked on my Win 7 x64. May be you could check if the rigup folder in not read-only, and may be try running a command prompt as Administrator.

Also may try to extract the whole 32Mb data from the scope and run rigup against it, who knows.

[danander11]

A million thanks to all of you...

Turns out that with the 00.03.01 firmware, I had to use the 32MB dump to get it to work...

Also, The win7 box would always show a blank txt file with  0kb size.  I copied the two txt files to a stick and opened them in a win8 box and there they were.

It now seems that I now have a fully functional 2302.

I'm a happy-chappy indeed....

Cheers everyone.

[sptm14a]

I just received a new MSO1074-S.

Someone know when the new code for the keygen will be avalaible?
The old keygen does not work with firmware 00.04.01.SP2.

Someone can put the new key table for these models to update the keyen?

riglol uses a hardcoded set of keys which makes it rather useless for MSO1000. The problem is that some of the keys that MSO uses for license validation are different for each device. A modified rigup can be used to generate valid licenses, but it needs a list of keys that can only be dumped via JTAG. Unfortunately, unlike 2000 series, DS/MSO1000 does not seem to have a way to dump memory by any means other than opening the scope and connecting a jtag. I am trying to find a way to not require memory dump for license generation, no luck so far.

[msraya]

Thank You for share your knowledge!

So, I want to know how you modificated the rigup code.
You use more characters in the serial number, or only change the private key, or what?

Regards
Manuel

[ted572]

There is a new issue with 'Rigol DS1000Z & DS2000 Oscilloscope Jitter' related to the Trigger mode/method.    See ->  https://www.eevblog.com/forum/blog/eevblog-683-rigol-ds1000z-ds2000-oscilloscope-jitter-problems/msg550964/#msg550964   This is already up to 12 pages in only two days.  I'm posting this alert here because we should all at least be advised that this issue is being discussed. I also believe that some DS4000 users are experiencing the trigger jitter issue (with the AC trigger mode).

[Matthias Toussaint]

DS4000 series Bandwidth (model type) Option Codes.

For those who have an interest in the DS4000, I have found the option codes for selecting the bandwidth .
This also sets the model type.

For example the code FAB9 will select 500Mhz, (DS405x), with all Decoders enabled.

The attached file contains all the details.

There are also two un-documented, possibly future, options called "Power Analysis" and "MA".

The option codes have been tested with firmware ver 00.02.00.00.04 and ver 00.02.01.00.03.

I first thought that this is too good to be true, but I couldn't resist to try it out. It actually works like a charm :) After upgrade I measured the bandwidth in comparison with my good old trusty Tektronix 2465A (350MHz model). The plot shows a BW of 600Mhz for the RIGOL DS4054. My confidence in the measurement is reasonably high. The plot makes sense and clearly shows the flat resonse of the RIGOL (typical for modern scopes) vs. the gaussian response of the Tek. I'm a very happy camper now! The bandwidth really increases. Before upgrade I made a quick measurement with a 400MHz sinewave and repeated the measurement after the procedure. The difference could be clearly seen (sorry, no screenshots. My thumbdrive failed and the pictures got lost)

[Sparky]

During production test, hardware could be "marked" as to its bandwidth and rise time capabilities.  During final production configuration, units can be configured for the highest level product they can meet, or a lower level if sales demands more lower level units.

Hi Den,

Thanks for your comment!  I agree that the hardware could be tested and "binned"/"marked" according to performance tests during manufacturer, however I could not find physical evidence (e.g. pull up/down resistors setting version or other info).  Still, there could be something written to EEPROM and checked by the firmware, but we have no knowledge of such checks being done.

Sparky

[Sparky]

@Bud: not working for me, only the 200MHz is working 

@Sparky: i tried 3 Laptop running Win 8.1 x64 and one Win7 32bit, no Change 

Thanks for further acknowledgement of this issue.  It is a mystery that this only occurs on 300 MHz and not 200 MHz or other options...

[levstic]

For the purpose of extracting necessary data it is sufficient to run
:SYST:UTIL:READ? 15441920,13262848

which is a smaller 13Mb data dump.

The copy of Bildschirmkopie I am using can 'speak' English (v0.6.5.767)

Anyway, I tried Bildschirmkopie with USB, it can see the device in the Search screen, but sending commands did not work. So for me it only worked via LAN to my DS2072A.

danander11: When I connected the updated scope to USB before I installed Rigol's Ultra Sigma software, the scope popped up in  Windows Device Manager as "Other Device - DS2302" with a question mark, but at least it was an indication Windows could see the device, was just missing proper device drivers. I then installed Ultra Sigma and after that the scope appeared as a USB Test and Measurement Device, see the picture.

I could also get the data from the scope using Ultra Sigma program but could not figure out how to save in binary, so for the purpose of getting the data out to unlock the scope, Bildschirmkopie via LAN is the way to go.

I have written a small program in LabView (you need labview at least 2012, NI VISA driver) that can dump the memory to the binary file using a USB connection. See attached image, the step is follow:
1. Turn on the oscilloscope and connect to the computer via USB, make sure it is recognized.
2. Open the LabView file, select the Rigol ID from the list of "VISA resource name", should be something like:  USB0::0x1AB1::0x04B0::DS2D123456789::INSTR,
you don't need to change the command, and then select the destination folder of the dump file.
3. Run the program (click play button) and then click "Send & Read".
4. Wait for about 20 ~ 30 seconds until it finishes, the complete light should be on and the file will be saved automatically (about 13 MB).
5. You can use the file with rigup-0.4 to generate the unlock code. For example in this case: "rigup ds2072a ds2072a.bin"

Tested on Windows 7 64 bit and Rigol DS2072A, upgraded to DS2302A.
(Rigol DS2072A, software version 00.03.00.SP1, hardware 2.0)

Edit:Executable file
If you don't have Labview, you can use an executable file "Rigol USB.exe" in the zip file attached.
This file requires two components to be installed before hand:
- Labview Runtime Engine 2013 Download here !
- NI VISA Runtime (you may already have this)

levstic

[daemonix]

Question! I have a 1074z hacked with all apart from 500u addons. (Identified as 1104) im using the 2.xx firmware and im thinking about getting the later firmware. (I have the 4.00 as an install file but i think there is a 4.0x now.) i think the menus got a lot of updates since my version as i saw in the latest episode's 1054.

Any problems with the update? Will the hack work?
Thanks

[Rigby]

I have written a small program in LabView (you need labview at least 2012, NI VISA driver) that can dump the memory to the binary file using a USB connection. See attached image, the step is follow:
1. Turn on the oscilloscope and connect to the computer via USB, make sure it is recognized.
2. Open the LabView file, select the Rigol ID from the list of "VISA resource name", should be something like:  USB0::0x1AB1::0x04B0::DS2D123456789::INSTR,
you don't need to change the command, and then select the destination folder of the dump file.
3. Run the program (click play button) and then click "Send & Read".
4. Wait for about 20 ~ 30 seconds until it finishes, the complete light should be on and the file will be saved automatically (about 13 MB).
5. You can use the file with rigup-0.4 to generate the unlock code. For example in this case: "rigup ds2072a ds2072a.bin"

Tested on Windows 7 64 bit and Rigol DS2072A, upgraded to DS2302A.
(Rigol DS2072A, software version 00.03.00.SP1, hardware 2.0)

For those who want to give LabView a shot for their own reasons, you can buy it with an Arduino UNO on Sparkfun.com for $50, I think.  It is WIDELY used in industry and would be a good tool to learn.  https://www.sparkfun.com/products/11225

Fear not the export warning; you would know if you life in a place that this can't be shipped to.

[miguelvp]

Thanks Rigby, I don't have an Arduino and never saw the need for it, but LabView got my interest
I do have some shields since a lot of dev kits come with Arduino headers.

[dudarobe]

Hello,
Is there a chance to unlock the DSA-815-TG with software 1.09 and 1.04 bootloader ??

thanks for reply.
Robert

[mauroh]

Question! I have a 1074z hacked with all apart from 500u addons. (Identified as 1104) im using the 2.xx firmware and im thinking about getting the later firmware. (I have the 4.00 as an install file but i think there is a 4.0x now.) i think the menus got a lot of updates since my version as i saw in the latest episode's 1054.

Any problems with the update? Will the hack work?
Thanks

I have a DS1074z bought one year ago with firmware 2.xx
Hacked to DS1104z full option (no 500u) and upgraded several times up to the latest 4.xx without any problems to the hack!

In case i need to send it back for repair, I don't know if it is possible to revert the oscilloscope to it's original configuration (I know this part is possible, read the rest of the sentence ) and use the same keys previously generated on the repaired/firmware upgraded oscilloscope.

Mauro

[Edgar Amalyan]

This has pobably been asked a million times so sorry in advance. Can a new ds2072a be hacked to enable the extra options? And if so what are the most updated methods to doing so. I saw the riglol site a few pages back, do you just enter the generated key into the oscillosope? Thanks