Upgrading Rigol’s More Expensive Oscilloscopes

[mosaicmerc] over on hackaday.io has upgraded his Rigol DS2072A oscilloscope to a DS2302A, turning an $800 oscilloscope into one that sells for $2500, with all the bandwidth, storage depth, and options of the more expensive model.

Rigol o-scopes have a long and storied history of unlocking, hacking, and upgrading. The original hack that put Rigol on the map was the DS1052E upgrade that turned a 50MHz scope into a 100MHz scope. The latest low-end Rigol scope, the 1054Z can be unlocked in software to become an 1104Z with 100MHz of bandwidth, SPI, I2C, and RS232 decoders, twice the storage depth, and more triggers. It appears Rigol’s engineers are designing their products to capitalize on the hacker’s proclivity to buy their tools to get the ‘free’ upgrade. This, of course, sounds just slightly insane, but no one seems to mind.

The process of upgrading the Rigol DS2072A scope is documented over on the EEVBlog, and requires only a USB cable and a computer with the Labview Runtime Engine installed. It’s literally as simple as pressing a few buttons; a far cry from the previous keygen method that was also engineered over on the EEVBlog.

27 thoughts on “Upgrading Rigol’s More Expensive Oscilloscopes

  1. Well it looks a little simpler, I bought my DS2072A a couple of years ago just when Rigol were releasing them (the ‘A’ variant) and there was massive uncertainty if they could be hacked because the previous keygen was no longer working (the one mentioned in the other HaD post).
    Luckily by the time mine arrived, they’d solved the issues and I can’t say it looked massively more difficult than this route (okay, there was a bit of initial back-and-forth with a modified firmware to extract the ID before you could get riglol to give you a key but it was still an easy way to unlock all the capabilities).

    1. Yes, the number looks to be 163911348
      Tho the first 1 looks strange, and the second 1 could be a 5.
      But otherwise it’s really poorly blurred out. Much better to load it into paint and drag a thick solid line over them.

  2. Rigol scopes are excellent tools for very reasonable money. I only paid $400 USD for my 1102E, and I’m very happy with it. I chose not to buy the 1052E and then hack it, as it was only $20 cheaper at the time. Not worth the trouble for so little savings.
    This, however, is kinda huge. Kudos to the people who figured this one out.

    As for why Rigol does this? How many more scopes have they sold because of their upgradability than they would have otherwise? Of course, they might not even care, as their commercial customers won’t be hacking the scopes. They might just do it so that they only need to engineer one scope that they can then turn around and sell as an entire range. Very clever, if you ask me.

  3. -“It appears Rigol’s engineers are designing their products to capitalize on the hacker’s proclivity to buy their tools to get the ‘free’ upgrade. This, of course, sounds just slightly insane, but no one seems to mind.”

    It’s just an old marketing trick.

    Suppose you want people to buy your products over a competitor’s. You add some bells and whistles to your product to offer more value and differentiate yourself on the market, but that also increases the price slightly and people don’t really need the extra features, so they won’t choose your product over simpler and cheaper competing products.

    What then? Well, you pretend that the extra features are really really expensive high tech by locking them out and selling a “professional” version at many times the price. Then you let it slip that the features can be hacked into use on the “cheaper” models.

    Reminds me of the time when everyone bought loads of certain nVidia GeForce cards because someone let it slip they could be flashed into Quadro cards, which were many times more expensive, yet offered basically the same performance with a few extra features nobody actually used.

      1. Most people who bought them and modded them never used RealView or any other CAD package. They were kiddies who heard from the big boys that you can mod them into “real professional GPUs” so they bought them.

        1. Only $1200? Doesn’t sound right.

          There was certainly at least one CPU, might’ve been IBM, where you could unlock much more performance with a jumper. Usually the techs at whatever installation would change it, then when the IBM guy was due to do a service, quickly change it back. If you didn’t, IBM would charge you for the full thing. Back when computers were often leased.

          This is something I heard from the real dinosaurs, not old enough to remember stuff that happened in the 1960s. Particularly cos I wasn’t born.

    1. There’s a lot of marketing sleight-of-hand with golden screwdriver features. But sometimes this is used to recover NRE and licensing (sw development cost of protocol analyzer on the Rigol, license payout for the RasPi video decoder key). And for others it’s the cost of additional testing for those features (binning CPUs, longer test times, more expensive test equipment).

      In Rigol’s case, looking the other way doesn’t cost them anything. But at the same time they won’t guarantee your scope to the upgraded specs.

    2. This is why Microsoft never really fought with individuals that had pirated versions of their systems. It would be easy to make a update that detects if Windows has illegal key, and then either blocks it or returns information to Microsoft so their lawyers could sue any pirate. They didn’t because pirated Windows for everyone was a gateway drug that caused unhealthy dependency in most users. Corporations, universities, schools and institutions had to use original software which was enforced in many countries.
      Rigol uses basically the same scheme, because hobbyists are very small market compared to corporations and corporations can afford pimped out versions of their products. For them cracking scopes to get more functionality would be too expensive, like using pirated versions of Windows.

      1. Actually, Microsoft has done updates that detect pirated keys and present users with a black screen and a notice, but the result was that entire -countries- got blacklisted with millions and millions of users especially in the far east, which ended up being a PR disaster for Microsoft.

        1. Problem being that street vendors would sell computers with duplicated license keys to unsuspecting customers.

          Back in the late 90’s early 2000, travelling eastern and southern Europe, you wouldn’t find one person in ten with an actual licensed copy. Maybe 1/2 if it was a business office, and 3/4 if it was a government office, but even then someone had already swiped the key and sold 200 illegal copies of it elsewhere.

          Heck, Windows XP was the first OS that ever tried the online licensing thing on a commercial scale. Nobody had any idea about data security, so schools and offices had machines just sitting open, where anyone could walk in, dump the license key on a diskette and later download a matching OEM CD-ROM image from a pirate site.

          Microsoft couldn’t have had done anything because the illegal keys were 99% from paying customers.

        2. I read long time ago, back in 2003 I think, that about 70% of Windows boxes in my country were pirate copies (and over 90% in Russia). There was some talk among politicians about fighting with software piracy. Someone even started a rumor that police or some anti-piracy organization will visit every person and check their computers for music, movies and software from illegal sources. I ROTFLed when I heard that, because they can’t even force people to pay mandatory tax for owning a TV or radio. Still this caused a rise in number of OEM licenses and sales of box versions of Windows.

  4. Its long been doable on a 2072A. I jtag’d mine and scanned memory for the keys, not sure if its easier or harder now, but this has been well known to the rigol modders for almost over a year.

    1. Well, downloading some software (If you don’t already have it.), plugging in a USB cable, and running a program is definitely worlds easier than manually scanning the memory.
      Much cheaper, too, as you don’t have to get a JTAG device if you don’t already have one.

      Nice hack, though.

  5. Yeah a Chinese lawyer suing someone in another country for some infringement sounds unlikely as they probably did their fair share of copying someone else’s gear to make these things.

    You can get a better scope for less than this if you have the patience…

  6. I wonder if the DS1024 can be converted in to the MSO1000+? Basically it seems that they are missing 3 pieces of hardware? The logic port and 2 BNC’s for source? If the hardware connections exist internally and the software can be hacked using the USB connection, maybe these things can be added somewhat easily(basically solder and chassis mod).

  7. The new Rigol 5000 and 7000 series are super easy to hack.

    Connect the scope up via ethernet, you can either work out the IP or look in the scopes settings;

    SSH to it, u:root p:root

    edit /rigol/shell/start.sh with vi

    and add the “-fullopt” to the command line that executes appEntry (before the &).

    This will enable all the options for the scope and give you the max bandwidth ( 350Mhz for the 5000, and 500Mhz for the 7000 ). A 4 channel 350Mhz scope with lots of functions for US999. Its a pretty good bargin. Given the ease at which this is implemented, it makes me thing rigol want the scopes to be ‘hacked’

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.