|
|
ak475671 發表於 2011-8-22 13:03 ![]() + o+ [/ T' q1 W# d1 Z; k
版主你好
" g+ }( D$ q: K9 B* ^3 T版主知道哪裡有教學嗎使用DOS提KYE的過程不是很了解不知道有沒有教學可以參考的呢 k0 g5 G+ p$ f, e. d7 N) N8 g
另外你說他提取 ...
DosFlash ReadMe.txt 說明文件
$ v" o3 G# @; t( [- ?
: i4 o; P: `6 `8 x8 c! [' HDosFlash V1.9 Release Date 01.01.20113 O/ B6 F0 c, t0 z6 \* p9 F
---------------------------------------
3 q# w9 m8 j+ D% j; \4 f- SATA and IDE port scan improved in DOS and Windows+ o$ I2 m7 y* W# B% n
The ports are now enumerated with the CONFIG_ADDRESS and CONFIG_DATA register instead of using interrupts9 u* {! y5 E' s/ M
in DOS and SetupDixx functions in Windows. This change will detect more ports in Windows than the old
l J) M+ ?" [2 s c SetupDixx method.( A' a4 ?0 }+ ~/ z# j6 q
- Settings saved to ini file for DosFlash32 and DosFlash646 i( l; K" j) t, g8 H0 X: Y. B
Settings like Port, Position, Task, COM Port, Enable Drives and DvdKey state are now saved to an ini file4 Z3 l) {( ~; E9 J& E
inside the program folder. If the ini file is not present it is created after the first run. On the first6 U9 u4 b4 g- |9 r
startup DosFlash will choose the most common and stable settings.
% M* s" O6 a+ }# I! ~( L& Z* o5 E3 X- EnableDrives option included in dialog as a check box7 n5 F7 [% X. S' j% u: B- ~: c
Due to high demand we removed the "Enabling CD-/DVD-ROMs" MessageBox on program termination and included
; U* N! f7 ]* U$ H; i) f! [ a check box "Enable Drives" inside the dialog. For security and more stability this is deactivated on the
5 R/ U$ a; s8 n+ ] first run. If you enable it the checked state is saved to the ini file.
& C0 S m3 ^) O- enabling drives in Windows caused some hangs from time to time, this is now fixed by a recoded enable! F& U, F9 I8 J$ U1 h
drives function" j4 ` s# P2 @: M$ @: u1 t
- port drivers portio32.sys and portio64.sys are now added to the executable and unpacked during runtime% ^2 |" A+ x8 p8 u& g
- PATA and SATA controllers list updated
1 ?3 N& p) Q- s3 ]0 e4 E! Z- Fix for NForce motherboards in combination with drives like the "Samsung SH-D163C", "LG DH18NS40" or
7 J2 |0 d6 I4 Q$ k4 P: l% ` "LiteOn iHDS118"
6 N3 O) s% G2 { Some drives have problems with flash identify, read, write and erase. This is clearly related to the
4 [$ Z% v$ \! b/ p NVidia NForce chipset. For manual mode in DosFlash16 an additional command line parameter is added called
) y& ?! Q& ?" D/ _ "NFORCE FIX". This parameter should be set to 1 for NForce chipsets if you experience strange problems.7 g8 D( t/ V: @$ K4 x% {
In DosFlash32 and DosFlash64 we added a static control which shows if the NForce Fix is applied or not.
) ^! u1 S8 ^+ a8 g+ ]: D Remember there is no need to activate this with every drive. It seems to be a combination between drive( d6 I" o+ C" s0 g- n: }
and NForce chipset that causes the problem. The fix is automatically applied for DosFlash16 in auto mode,9 n5 Y% y6 L* ?, r. H
DosFlash32 and DosFlash64.
7 V2 k# I1 k& K1 o0 e" e* Z6 ?# y- DosFlash32 and DosFlash64 are now DPI Aware for Windows7/ T H) ^& U w; |; W" ^
- New task Verfiy Key/Inject Key added for verification/injection of drive keys
+ U8 g" ]( R; q3 k- d1 X All DosFlash versions now have the possibility to validate drive keys against an XBOX360 drive and set" @ r w5 \. f9 c. u
the key for an XBOX360 drive. We use the same authentication method like the console to verify a key.5 E1 w$ a9 V% H' s. T6 A* I
In the Windows versions you have the choice to paste the drive key from the clipboard to our custom hex+ ]' d9 h7 o. p6 K5 A1 `8 ~1 G
edit control or load a key file. To add a key simply click right inside the hex edit control and select9 q( R. a F# q) z. {% }
your choice from the shortcut menu. In DosFlash16 you can enter the key in the format "1A-2B-3C" without0 G9 l! `6 N2 A6 H3 T. z
quotes. Remember that a key has 16 bytes of data. The key file to import should also have 16 bytes of data
) ^/ w+ Q( J5 _ Y+ Y" O like the key files exported by LiteOn Key functions.- i6 x! p( ?' m7 C- A
- Removed multiple key extractions for LiteOn Key functions, added Verify Key after extraction# @( m5 U3 O9 p) J; n
For LiteOn Key functions we removed the multiple extractions, because the key is now verified immediately
7 e( A# U6 X4 z3 Q: \+ B. M against the XBOX360 drive.8 B1 T3 c+ m4 z
- LiteOn Key V1 and V2 now also extract the file Serial.bin and the 2nd inquiry file Inquiry2.bin$ C# D+ ?1 `8 e
We added the file Serial.bin and Inquiry2.bin to LiteOn Key functions. Inquiry2.bin is only generated for
5 ~1 H/ r* y; W; @* S8 Q7 d LiteOn drives V1 and V2." i4 }& X3 k# N0 Q( W% w; k$ {
- The drive key of Maximus patched UART drives can be extracted by using the task "LiteOn Key V1 (DvdKey)"
# Q, [9 S& A; H The drive check has been removed from LiteOn Key functions. This way we can extract a key from an UART . n; f6 h: V7 X N" K
patched drive firmware by Maximus.
: o, ~3 W# F8 E# a- LiteOn files are now extracted to a destination folder instead of prompting the user for every file name.7 F: Y, e" ^* ~4 R
- LiteOn key extraction tasks separated per drive version in "LiteOn Key V1 (DvdKey)", "LiteOn Key V2 (FreeKey)"7 ^! U% d/ @0 C I' }9 e( x5 C
and "LiteOn Key V3 (Tarablinda)"
. V% A3 p0 @. j: g- In DosFlash32 and DosFlash64 the number of installed COM ports in the system are now enumerated instead of5 X X1 }8 H; }
adding port 1 to 4
2 E0 S# j: q; a8 C2 `0 x+ `- For failing cdb commands the sense code is returned d/ a4 g, d+ j% M4 S E
- Geremia's Tarablinda functionality added" ?+ O. F2 H- D0 c ]2 S
We added all Tarablinda tasks to every DosFlash version. You can extract the key by choosing the task
& {) i% i3 Z: q "LiteOn Key V3 (Tarablinda)". For read, write and erase of the flash simply use the standard functions.
4 R1 [3 G) W8 {- n! I6 K' V8 ?2 C! ` Pay attention that the "LiteOn Erase V1/V2" task is only available for older LiteOns and not for the Slim.5 N6 ~5 s/ U0 }+ u9 b, W- o# I* F+ r
You should use "Read Flash", "Write Flash" and "Erase Flash" for the Slim. "LiteOn Key V3 (Tarablinda)"
& X9 v- D! C+ T4 d3 q! j/ H extracts 1 additional file in comparison to Tarablinda v04b, this file is called Xtram.bin and contains; u; |9 Y* E; o* s5 M0 c; f
a dump of the XTRAM8000 area. This can differ in a few bytes from one dump to the next.1 S( d3 [. U: J: M
- Device Reset in DosFlash16 manual mode is now done automatically, there is no option to turn it off anymore* U4 \( }" e0 ^7 [% E
- Code optimization to work with modern SATA2 controllers added, remember to set SATA controllers to IDE and0 }6 ?% p3 r# p. Z
not AHCI mode otherwise Port I/O will not work: L" C, o. j4 w; }
- Warning: The read, write and erase of the Slim drive is considered risky in general! So pay attention and
1 N" R# P* R+ S0 V; r3 Q always remember you use DosFlash on your own risk every time! Even during flash read the Slim gets flashed
. _8 m$ m- _; y" w with a patched firmware sector to retrieve the complete dump!4 I# m6 X; T; B
- We had to change many command line arguments for DosFlash16 Manual Mode, because of the NForce Fix, added
# \# y2 P$ k9 [! D+ U. p Tarablinda support and splitting of LiteOn Key functions. To get a better understanding we added the example
* X7 C' e; V* C: j& c D section below.
* Y' {" ]' z% s z4 V( p, q& Q7 C: D9 U g
: k T r# [ JDosFlash16 Manual Mode Examples. x& \# y; c+ g# n# E
---------------------------------( B( M8 [+ \7 _ B' j, ^
- Extract drive key on a " LDS DG-16D2S 74850C" over UART -> "LiteOn Key V1 (DvdKey)"8 L) N& S# F) H" i
DOSFLASH LITEON K V1 0970 A0 11 v/ |) d x8 c1 W Z% l
- _! S7 L1 q. D2 Y/ a3 a$ Y c- j1 v
- Extract drive key on a "LDS DG-16D2S 83850C" over SATA -> "LiteOn Key V2 (FreeKey)"
- P5 e2 @( h1 u% B0 }0 U DOSFLASH LITEON K V2 0970 A06 P2 i& J% B. c1 K
' k5 s( {. m& M1 @% Z, P- Extract drive key on a "LDS DG-16D4S 9504" over SATA -> "LiteOn Key V3 (Tarablinda)"
+ k2 ]6 R7 `& {! ?3 C DOSFLASH LITEON K V3 0970 A0
# I# F- e# M: O7 a' x) _' K9 D1 C! K8 [! U' i
- Read firmware on a "LDS DG-16D4S 9504" -> "Read Flash" this is considered risky!
3 f* T& y0 l4 J# D m DOSFLASH R 0970 1 A0 3 0 4 FWOUT.BIN 0
4 t, T: [5 U% J- Y- f& n p5 p9 Z- t6 u- y, a
- Write firmware on a "LDS DG-16D4S 9504" -> "Write Flash" this is considered risky!
. x, o: V* f9 X7 T7 Z DOSFLASH W 0970 1 A0 3 0 4 FWIN.BIN 0
! {* _9 }+ I% ?1 p: A& \: H+ ^& K0 X" D0 m0 V4 Y$ M. B$ g7 Z
- Erase firmware on a "LDS DG-16D4S 9504" -> "Erase Flash" this is considered risky!# b3 p1 N$ Z. r6 j9 h
DOSFLASH E 0970 1 A0 3 0 4 C7 0- w1 F" t: B6 D) H; n
2 p& e- a7 D$ |
- Erase firmware on a "LDS DG-16D2S 74850C" or a "LDS DG-16D2S 83850C" -> "LiteOn Erase V1/V2"+ z2 A1 _% X: X _
DOSFLASH LITEON E 0970 A0
* ]" p ^3 Z# j1 q& k
/ E6 ~! z3 D( `6 |) k6 u' ?# [- Read firmware on a "Samsung SH-D163C", "LG DH18NS40" or "LiteOn iHDS118" and a NForce motherboard -> "Read Flash"/ @+ M& ]0 E$ H% |! k5 T
DOSFLASH R 0970 1 A0 2 0 4 FWOUT.BIN 1+ N5 D/ ^6 c0 s/ K8 @
$ X3 w0 O7 Q7 R- E0 R- Write firmware on a "Samsung SH-D163C", "LG DH18NS40" or "LiteOn iHDS118" and a NForce motherboard -> "Write Flash". F4 ^8 K4 y" I; C) n$ T/ k8 o
DOSFLASH W 0970 1 A0 2 0 4 FWIN.BIN 1
& m, [# |- J7 c/ w
" ^0 q! m7 f$ z' t- [9 T1 I- Erase firmware on a "Samsung SH-D163C", "LG DH18NS40" or "LiteOn iHDS118" and a NForce motherboard -> "Erase Flash"* Q9 ^& w$ u( X/ U5 F* M+ _* f
DOSFLASH E 0970 1 A0 2 0 4 C7 1
5 b. ~% O$ e+ I: r5 C" Z8 _9 _: z6 }( x- V! x7 j
- Verify drive key on a XBOX360 drive, enter the drive key manual% w! J% e8 D9 B7 j1 m3 T! n4 v
DOSFLASH V 0970 A0 12-34-56-78-90-AB-CD-EF-12-34-56-78-90-AB-CD-EF
$ l# b0 q# K4 \* v; ?5 b' p& G; k
- Verify drive key on a XBOX360 drive, load a drive key file6 _: z7 ~$ Y/ s% i I+ k0 ]
DOSFLASH V 0970 A0 KEY.BIN3 I9 R4 q$ o! u1 b
% ?) N: L( p7 O
- Inject drive key on a XBOX360 drive, enter the drive key manual1 P$ {) W2 w6 V- V. L' w5 A7 O
DOSFLASH I 0970 A0 12-34-56-78-90-AB-CD-EF-12-34-56-78-90-AB-CD-EF( r: ^. w1 t9 y9 p/ z3 L, W
+ y9 o1 q" _1 q4 C
- Inject drive key on a XBOX360 drive, load a drive key file
! D9 l7 W& g: v2 N1 N Q# J# A DOSFLASH I 0970 A0 KEY.BIN
f, a0 B! v+ `/ b* `/ }1 p/ k+ P1 `
0 [' y. L3 B6 ^8 I. w0 s* dFor DosFlash drives on which we can extract the key via UART are considered V1. Drives we get the key over5 N& Q$ _1 R, y; X P( Q
SATA are considered V2. The new Slim is considered V3 but only firmware version 9504 is supported atm.
9 k, b2 G! p4 }+ l
% U k( Z9 b! `( B( ]4 M
% o& c" W5 @& P3 w3 v. M! OMany thanks to Geremia, Modfreakz, Redline99 and Tiros for their support. Special thanks to Geremia and1 ^2 |& \& z/ @) T& N- x- o
Modfreakz for drive sponsoring, testing, coding and much more. It is always a pleasure to work with you, p6 u0 ^ s" R7 E# \( }5 d
professional guys! Respect to Maximus for his UART enable patch. I'm looking forward to your magic Lizard' Y& h3 \( \0 N) b2 C0 k* J
hardware flasher!4 a" J6 [+ _, {% o; A% a
2 a4 a* M8 ^: W
Happy new year 2011!
! v7 N9 l( V5 |& G! p; d0 nKai Schtrom) a" g' y9 z# i) A
1 c5 @& k. E) u8 X3 n************************************************************************************************/ B6 q$ l' }4 T) b3 B8 O9 `( r
% W3 a0 f$ M5 A( a- m/ ^
8 s' I1 s/ G* `, b* x9 R1 mDosFlash V1.8 Release Date 08.08.2009) W. y; {4 k3 t$ b" F
---------------------------------------* a: u W" y' j/ W6 ?: h
- now supports LiteOn PLDS DG-16D2S 83850C V2 Geremia/Maximus LiteOn FreeKey method- R! Q8 Q0 f O1 R% a6 \
- huge firmware read/write speed increase, especially if run from a floppy disk
5 v p: |3 }0 p! n* _- updated IDE/SATA motherboard chipset list
6 A9 l/ r0 J3 O4 ~- new IDE/SATA detection for Windows and DOS
! l! S1 `" s$ y- a" F- DosFlash.typ embedded in executable file/ U& W2 P% v, B/ A2 w! x
- LiteOn V1 drive key is now extracted 10 times and compared against each other,
5 z& o- g4 I, A after the extraction a summary is displayed sorted by the most common matches
N8 n. L/ [; A- LiteOn V2 drive key is extracted 2 times and compared
+ @* g, K3 q1 b6 x* `- new BenQ unlock keys added to unlock all known BenQ drive firmwares
% H4 U" x& [* X- command line parameter "EnableDrives" removed, DosFlash asks the user on
. ~$ P% `; u% W1 ^# K: V* g application close if he wants to enable the drives or not, during the tests it |; Y4 u7 x- C7 \* ?0 o
seems that IDE drives have problems with the enable, SATA drives seem to ; {/ z+ S4 q% a3 R& c
work fine
7 g7 z4 o: Q- v- new 64-bit DosFlash edition added called DosFlash64, because some driver4 R8 I0 {! U }& T8 f9 |0 t" ?, N
functions don't work as expected in the 32 bit compatibility mode on Windows x64$ ]1 N: J0 m! J* F1 B( D, H; d
- Beta state removed/ ~$ ]/ ]6 G& X$ t- `# `
- ready and tested on Windows7 X86 and x64; L7 u/ D( A' h3 D
2 {: A/ L; s; x, Q# l7 E
' R* f3 V6 I( VGeremia/Maximus FreeKey method with DosFlash162 A6 z7 } u4 o; t4 K& {
------------------------------------------------
$ g, a: c0 o* G8 l5 GWe have added one cmd line parameter for DosFlash16 in manual mode. The COM port
6 V4 Y& T% E* z; O% l. z0 Fis simply ignored and can have any value for the V2 drives.
) w4 H1 x! s' b/ I/ k* aUse the following command line to extract your free key from 83850C:! s ~- j$ E& H
- DosFlash LITEON K 0970 1 inquiry.bin identify.bin key.bin dummy.bin enckey.bin5 T% ~2 _% Q/ l1 S$ Y
2 k2 Z% d* W+ y/ A% p
6 C8 Y- I+ B; z1 u: BTips for running DosFlash on Windows 7
7 n6 R9 x" G) h5 n----------------------------------------
) S7 Y. @8 |; [# a# P C3 n
, K$ T/ n; h: D) Q" U; I* }Since Windows Vista 64 Bit and upwards it is necessary that every driver is signed. Because
0 F6 }6 ?- l( T2 Qthe DosFlash driver will not be signed by MS due to some unknown reason we need to circumvent
! n6 J* W6 i9 J) x- s7 qthis check. You have the following 2 possibilities to do this.
' c5 R2 p% k% ?9 z& u! q
6 p# T7 e! Y2 W$ SSafe Way of Disabling Driver Signature Enforcement: y2 v. I- U! n! f: D
1) On Windows 7 bootup press F8 to get to the extended boot options screen
7 L: b; `8 y3 F( ?4 v1 S: C. F3 K2) Choose "Disable Driver Signature Enforcement"9 w: k+ d' n; U3 P, v
3) To start DosFlash right click on it in Windows Explorer and choose
' c, V. R, S& g f8 G9 b. X "Run as administrator" > answer the message box with "Yes": l( o/ r" P- I' @
4) Short after the program started a "rogram Compatibility Assistant" warning message: G# c, ?$ B6 G, ?: J! Y# ]/ Y: O
is displayed, you can simply ignore this by pressing the "Close" button2 Z1 a; T6 s5 q1 n1 N& V" ^1 H4 O* n
+ y# L, F9 y; N3 W! Y5 [
Recommended Way of Disabling Driver Signature Enforcement
1 j& o2 Q' F, v6 p, a1) Disable User Account Control (UAC)
& `9 l3 X6 {$ e- N8 y# o: m - go to "Start Menu" > "Control Panel" > "User Accounts and Family Safety" > "User Accounts"
0 w+ H/ c' m/ R6 l" u0 g) b - click on "Change User Account Control settings"0 b! [- d: j/ _8 z7 U2 D' [
- set the slider bar to the lowest value (Never notify) > click "OK"4 E" k) {1 z+ S- B- X0 u7 p# C5 N# ]
2) Sign the DosFlash driver3 Z4 }3 G- M- U( k/ x1 B
- download the "Driver Signature Enforcement Overrider" (DSEO) from
4 H: g9 z" ^( H X, F! x http://www.ngohq.com/home.php?page=dseo
. s- b7 x; W+ Z9 F* l9 ~/ O - start DSEO > click "Next" > "Yes" > choose "Sign a System File" > "Next" > enter the path to, \# R$ N- D1 O: L: _$ P( `" n) Y+ v
the used driver (portio32.sys or portio64.sys) > "OK" > "OK"
$ c% l! A9 h w0 P3) Disable Driver Signature Enforcement- E* t. i) V+ U. g7 V7 z" |4 l0 n
- start DSEO > click "Next" > "Yes" > choose "Enable Test Mode" > "Next" > "OK"
1 B! J5 ~9 }6 s4) Restart the computer! ~* s3 n& ^4 u7 i* g3 W
( ^* I& m" u8 V% A2 G
Keep in mind that with the recommended way the changes will have effect on every reboot without. w9 g5 n* Z$ u5 ~' K/ P
doing anything manual. The first way needs to be done over and over again. In addition the second
/ l7 X6 {8 N- v+ G3 b4 Mway can be used to sign every driver that doesn't run natively on Windows 7.0 Y2 m" w" v& [% K
7 ]4 B) b4 U5 i2 m9 Z8 i
For use of the VIA Cards in Windows 7 it is recommended to uninstall the VIA driver. This can be( e; y. P% {- B1 i
done like follows:
# x& Y0 H0 g7 _) \; N. I9 b5 j- start "Device Manager" > expand "Storage controllers" > right click on "VIA RAID Controller" >
0 @ m/ p: Q7 V& C' G1 I. o! w3 B choose "Uninstall" > "OK"5 Z" d" M5 c& D0 i6 b9 |
- rename C:\Windows\inf\vsmraid.inf to vsmraid.inf_
5 p. g# K3 B2 V! i- rename C:\Windows\inf\vsmraid.PNF to vsmraid.PNF_
- S# I& F) f! ]& |! T% x- rename C:\Windows\System32\drivers\vsmraid.sys to vsmraid.sys_
. r7 s8 I% z) D3 H3 v- reboot computer8 w, r( b& U, X. a
7 e" D5 Y( g3 ~* l0 g, U+ M# p! T9 N8 G+ W0 ~
Much respect and credits go to Geremia and Maximus for their money saving FreeKey app
" O- h6 C/ D/ W# aand their lightning like decryption speed!
+ I0 n* @. _4 \2 @1 t: Y7 O
5 ~3 O! D8 ?. x6 S3 H, C2 P. r- fIn Dedication To The Birth Of FreeKey On August Fifth 2009
9 [! P& w- a7 y+ E G: fKai Schtrom
& T2 ^, l& i' y* e" E8 s$ j J8 L
, i$ S+ c# q2 j( p* A$ c& \& p8 N, ~$ z6 }) i4 l! o1 E
************************************************************************************************
1 f; S/ p( \" P& ]
4 x+ @/ c1 r6 G" E
" x/ C) d4 m1 h# ~7 HDosFlash and DosFlash32 V1.7 Beta Release Date 23.12.2008
q: m7 A/ R+ D5 k-----------------------------------------------------------6 c" S" ?7 E' d$ F; ?
- now supports LiteOn PLDS DG-16D2S 74850C and Geremia's LiteOn Erase and DvdKey method! [% W4 e8 j) j/ S
9 D$ g6 Q/ E- J2 A+ ]8 p* f! N+ m! d! j9 ^) q7 @1 m
The following only applies to the new XBox360 LiteOn drive PLDS DG-16D2S 74850C.* f3 B. u' x7 s% e \0 m: c( a4 \
9 y& v1 J% f5 }: `' ]/ N2 {3 f- Z5 T1 ^% F2 y0 x! U
Geremia's DvdKey method with DosFlash16 with the PC's psu
" H5 `# L: M' ^4 g-----------------------------------------------------------$ _1 z2 ~/ L3 g' b$ s- W
- disable CD-ROM boot option in BIOS
2 D" z4 h( ?) ]" E7 o- q- connect LiteOn to your PC's power supply unit and SATA port' ~( O w9 r s* k5 c# D
- power up PC, wait until bootup is finished2 @8 N& I: w3 e# B3 C2 {
- eject tray of the LiteOn and shutdown PC completely
% ?; F" h' ]& }) ~$ Y5 j- push the LiteOn tray half in
e: a5 [2 ~6 | ~/ v( }- power up PC and boot into DOS5 ?; p$ P: X+ ?. D1 {4 P* U
- run DosFlash16 in auto mode
) O( a+ j [# S, Y% t2 _- if you read the following:7 J# f" @7 F4 y f7 P
MTK Vendor Intro failed on port 0x????.: g# Z1 I) C* Q0 Y* x# R
If you choose to resend the command you should turn the drive off and on5 D( R0 J& W: A; i9 b: x. }4 N
after you pressed "Yes".
! t) P$ D- E" i! _+ r* Z Do you want to resend the command until the drive responds (Y/N)?$ g: \. e9 t$ V' R
- press 'N' for "No"; N) N: b, k& a
- choose the number of your LiteOn ATAPI drive. e1 x8 Y! I3 U0 K/ q# Q6 ^; ]
- enter "LITEON K" to read the drive key
. B* k5 g4 {! Q) b# b- type the names of inquiry.bin, identify.bin, key.bin and dummy.bin output files- y. r) I/ k% a0 a! B" e
- enter the number of the COM port
, ` Z7 _3 }1 R- if you read the following:, J- t( ~2 g# q& d7 o
To receive the drive key use Geremia's DvdKey method like follows:
) c1 X, X9 U/ I8 o, t5 M) |: d. [1 L - Connect your drive with a serial cable to the COM port- ~) p/ {4 f/ S7 p# M, r! I
- Eject drive tray2 D7 ]( V' q8 K# _
- Power off drive
( z, T+ [7 ~) I- a6 y, R3 z7 G: Y0 f" s - Push drive tray in until it is half open6 ~% C; A3 i9 |3 s) ]' L( r, ?( O
- Power on drive1 s- z# U: i2 e, p
- Press "Yes" if you are ready# v4 s1 a; f6 S# R' ^
Are you ready (Y/N)?+ d& U3 j1 t5 ~4 t
- simply press 'Yes' without doing anything of the above, because we) i" S; |' F2 n- G
already did that before
' I6 Y% |" w9 K1 K) M; U ~5 R/ N9 _- after this DosFlash16 displays your DVD-Key and saves your key and identify data$ h6 Y' p L+ P% J
- to do the above steps in manual mode use the following command line if your drive: O2 t( ~' G$ I$ p0 m
is connected to port 0x0970 and serial cable is on COM port 1$ w6 a2 W, [- ~
DosFlash LITEON K 0970 1 inquiry.bin identify.bin key.bin dummy.bin
0 B4 }# ?7 Q; [: G( y8 C* @- G+ e
8 n* _2 L! Y4 M( Y6 D; M- l; s/ [+ @4 _' G' \
Geremia's DvdKey method with DosFlash16 and 2nd psu5 t9 X5 B" U2 |1 L: T0 l: _
----------------------------------------------------- U3 E) r* }: S/ r( M
- connect a separate power supply unit to the LiteOn, don't turn it on yet
2 J8 ?% t9 q: q( q9 w7 M* L; {- power up PC and boot into DOS& i; D' W8 s3 r9 }0 l
- turn on the LiteOn psu
9 K8 f3 \& _+ T/ J- u8 W- run DosFlash16 in auto mode
6 C/ D4 k/ S% X2 O- if you read the following:
: n/ ~. E% m0 ? MTK Vendor Intro failed on port 0x????.* X+ Q0 G" w" {/ m
If you choose to resend the command you should turn the drive off and on
+ ]8 l- D' a& x' V$ t after you pressed "Yes".- P2 b- Y5 C8 t5 D0 Z/ D* e
Do you want to resend the command until the drive responds (Y/N)?4 f$ Q4 o W- z5 c& y0 F" D
- press 'N' for "No"( q/ N( A: J0 b1 M) G4 {
- choose the number of your LiteOn ATAPI drive
+ v4 x h; j( i6 l/ @7 g, x- enter "LITEON K" to read the drive key$ U g* P& _9 b* A/ ?
- type the names of inquiry.bin, identify.bin, key.bin and dummy.bin output files) U( O8 y' `! [1 M4 k, O8 o
- enter the number of the COM port5 c: j0 U8 b: h" _8 ]
- if you read the following:0 L$ S4 j% u8 E) Y; a( y7 U" I
To receive the drive key use Geremia's DvdKey method like follows:% m" H4 l: V' z/ w) ~
- Connect your drive with a serial cable to the COM port& h$ y1 h' I: Q
- Eject drive tray
! E! @2 F4 s# m/ B3 b, q7 ? - Power off drive
C( ?6 z0 \+ y - Push drive tray in until it is half open- y* U$ Q- V+ a' d
- Power on drive9 X. Y) N& |+ D; l3 Y2 Z
- Press "Yes" if you are ready
I" C) r: m3 c% g7 o9 n Are you ready (Y/N)?
y k. I2 |; `% W* ^- g- do the above and press 'Yes'
2 S3 a6 ?4 p$ L. L8 z- after this DosFlash16 displays your DVD-Key and saves your key and identify data- Y5 ] f" h' m$ N* L
4 Z: I1 P1 X1 B( N
) e; L# S+ U% X4 z( t2 o0 W( [
Geremia's LiteOn Erase method with DosFlash16 and 2nd psu! {5 h% `$ a2 Y) i. y r1 H
-----------------------------------------------------------
, C$ Z# G( l, a6 N) z1 I2 o9 M- connect a separate power supply unit to the LiteOn, don't turn it on yet, A6 W) ~/ r6 ^" W% e$ j
- power up PC and boot into DOS8 x) C z7 m5 ]( g5 d
- turn on the LiteOn psu
; b2 j# M' c/ ]7 z0 g( u- run DosFlash16 in auto mode
8 R% a+ Y5 a2 t% x6 E# A- if you read the following:
8 w- _/ r' L1 Z MTK Vendor Intro failed on port 0x????.8 v+ G# O9 k3 O! @9 j
If you choose to resend the command you should turn the drive off and on
1 f1 e$ G' d7 h3 L+ t8 ^4 q after you pressed "Yes".: l8 w$ f [) c1 ]. i
Do you want to resend the command until the drive responds (Y/N)?! [2 Z2 P/ y7 F5 t& ^& c/ }
- press 'N' for "No"
+ | v6 @( [! F- choose the number of your LiteOn ATAPI drive6 V+ c( L( x8 d" Y/ o; Y. z
- Warning!!! Keep in mind that you will need the drive key before you erase the flash,3 C5 `* s, T& S c1 S
without the drive key your XBox360 will not work anymore
: j+ s1 g$ O, T! g; |- enter "LITEON E" to erase the flash
* S# B8 D6 |3 v6 D9 H- the first time after the LiteOn Erase the drive needs to be repowered to give" J# S* l6 _$ c- R$ S/ b
flash chip access, this can be achieved by repowering the drive before another
- O, g2 v. t0 ?) n DosFlash16 start in auto mode or by doing a MTK Vendor Intro Power Brute: z* E: _( `; i9 y) U
- in my tests it did not work to power the drive with the PC's psu, because it will) q$ V! b# x k- Z. w
always respond with busy status1 E* k2 l: y6 k2 T% p7 O2 Q, `: V1 a
- DosFlash16 can now read, write and erase the flash chip like usual
7 S( Y# X& v; }1 e- to do the above steps in manual mode use the following command line if your drive9 B" C9 E7 I4 x3 B. X; F+ P
is connected to port 0x0970, g, N k y8 \) C
DosFlash LITEON E 0970* @" @2 x4 K( f7 f* w1 D2 E
5 U/ u3 _; K9 \) Z7 u; O
. | _! H5 h: b& P7 G
Geremia's DvdKey method with DosFlash32 with the PC's psu' N2 }* Z& Y) m+ H
-----------------------------------------------------------
7 _2 o: Z. E: n0 ~$ M. g4 M- disable CD-ROM boot option in BIOS
% _. I; _3 X7 |2 P6 o$ P; [- connect LiteOn to your PC's power supply unit and SATA port* |! f- n* [0 e' }
- power up PC, wait until bootup is finished" S3 O8 ~2 Z# Z
- eject tray of the LiteOn and shutdown PC completely
9 i/ B0 D; U6 r* y- push the LiteOn tray half in
# W' m0 v$ F2 t5 \) d( {; D) i/ x" e+ D- power up PC and boot into Windows/ J4 _. Q I3 [9 G* _6 V4 ^
- run DosFlash32
' l# Z7 T% G: ~( m8 Q6 _- if you read the following:
) o) D9 x6 ?: h; h4 B0 ]8 h4 @ MTK Vendor Intro failed on port 0x????.! O/ `5 I U; z7 i6 z% k8 }- c
If you choose to resend the command you should turn the drive off and on3 D. G% U" s; O6 q& F: D! L
after you pressed "Yes". U& I4 u$ d. F
Do you want to resend the command until the drive responds?5 Y1 ^- z* y8 h% ?% n" i/ [- _
- press 'No'7 K0 j& l& b5 o1 p6 r& ~
- choose "LiteOn DvdKey" as flashing task6 z2 {- |; I' `+ Z. ^6 h/ {
- choose the COM port number
9 b6 ?3 h6 K* {. J" J4 \& e# ^- press on "LiteOn DvdKey" button6 S0 z7 c; o; _' W3 A2 g* ^
- enter the names of inquiry.bin, identify.bin, key.bin and dummy.bin output files
! N2 R* M- b4 ?% ]: h8 T1 _- if you read the following:
) }, a% U7 O3 L% Y" r To receive the drive key use Geremia's DvdKey method like follows:
; N: o* G3 j6 ?6 ]5 f7 f4 [. n; d, v - Connect your drive with a serial cable to the COM port& ^- z5 O+ v4 W
- Eject drive tray
* J$ Q1 `5 h% D& ~" q3 F - Power off drive5 `0 G4 c7 H/ B7 T% o" S
- Push drive tray in until it is half open+ L" J) z8 o% x+ b
- Power on drive8 ^+ A2 Z3 C( e- R
- Press "Yes" if you are ready; o$ S: @2 x: E3 N$ B/ h. l
Are you ready?
" x, i8 W6 J" F5 C# u- simply press 'Yes' without doing anything of the above, because we
7 z2 I) c; m) a0 h: h3 x5 N) F! Y) f2 h; P already did that before- V9 x; E1 J- ^+ I( i
- after this DosFlash32 displays your DVD-Key and saves your key and identify data- |( u9 @! w' }3 P$ e
# S2 m9 ?1 Z6 c4 i/ k5 @! }
8 U( t+ s7 ?% ~
Geremia's DvdKey method with DosFlash32 and 2nd psu0 ~; R: o, i+ _" w% c
------------------------------------------------------ ~3 p' V F7 n% j8 D2 j
- connect a separate power supply unit to the LiteOn, don't turn it on yet
" N5 b& N% l; l8 C- power up PC and boot into Windows
8 u- W5 F9 L7 [1 F4 L- turn on the LiteOn psu
; ^$ _$ y) F) |& l, K3 |- run DosFlash32
4 v7 D1 w1 C6 Q) h- if you read the following:
* r, M# j9 _; q* I# ]; d, j3 J MTK Vendor Intro failed on port 0x????.0 F6 C. ~3 f; o
If you choose to resend the command you should turn the drive off and on8 b) y b* V( P1 n/ Y0 s9 u
after you pressed "Yes".5 m+ V. c* T. I0 e9 T
Do you want to resend the command until the drive responds?
0 ] t/ L4 a. r- T- press 'No'6 U- c& A& E. v3 Y4 e- Y
- choose "LiteOn DvdKey" as flashing task
# j7 y; \% J: I$ T- choose the COM port number7 z$ S, |; m, Z' c7 C
- press on "LiteOn DvdKey" button. Z7 y8 ^) C: g9 e
- enter the names of inquiry.bin, identify.bin, key.bin and dummy.bin output files8 b) ~# ]& W0 |) d
- if you read the following:; y4 s' D3 o; X; d! w: S
To receive the drive key use Geremia's DvdKey method like follows:# X' h5 A/ L B- }" L6 r
- Connect your drive with a serial cable to the COM port- m& ^$ R; f1 r9 M+ U& j: h# X
- Eject drive tray2 f( ?( |* x; D2 w) @1 x& [
- Power off drive
1 ]5 ?# }3 B' `' g0 C1 J1 i4 |# g - Push drive tray in until it is half open
$ k5 a3 k) J& W1 Z# ], p - Power on drive
0 D& G" v6 b' t t - Press "Yes" if you are ready
9 I4 l( U- x# H% L( _ Are you ready?6 ~1 B0 B, ?, |6 D" I5 L/ U6 e! ]7 I
- do the above and press 'Yes'
* y4 `' a2 P- _& Q+ i- after this DosFlash32 displays your DVD-Key and saves your key and identify data" F3 ?2 l! ~" _% q9 j
+ E/ p( ]; p$ ?' C7 f: ^* ~) R P! s" @& `3 o% j% p
Geremia's LiteOn Erase method with DosFlash32 and 2nd psu5 h0 \, W' @. }; g! G, q
-----------------------------------------------------------
/ i+ a' Q" }: Q7 Q- }1 y. A- d- connect a separate power supply unit to the LiteOn, don't turn it on yet
# @; I f. m' Q8 i( K( d- power up PC and boot into Windows
( ^9 _1 u* d& ~; N6 \# U2 w- turn on the LiteOn psu, T9 b# W; A. X5 t) V3 t
- run DosFlash32' X) ?- P. P/ O+ h) ^- e
- if you read the following: b$ v0 }& S" d0 ?+ W
MTK Vendor Intro failed on port 0x????.8 s+ z; E& ]$ r
If you choose to resend the command you should turn the drive off and on( C0 C7 \, {) c0 h: |) v
after you pressed "Yes".. G4 p! T7 J6 k5 }# b5 z+ Z
Do you want to resend the command until the drive responds?$ R" A- ~7 Q* D! f
- press 'No'+ G& E' K5 I1 R
- the LiteOn flash is not identified
3 A1 |1 `+ m( \: I5 N1 L# _3 z- choose "LiteOn Erase" as flashing task8 c) F& L, N$ l L+ d; p, k6 {8 V
- Warning!!! Keep in mind that you will need the drive key before you erase the flash,
0 z5 e G" Y' E8 z without the drive key your XBox360 will not work anymore
# I5 y: h9 J. o! T8 Q; }- press on "LiteOn Erase" button: _/ X) y$ ~3 j. e. N+ m
- the first time after the LiteOn Erase the drive needs to be repowered to give: u& \2 R( G& t/ o' g; ^
flash chip access, this can be achieved by repowering the drive before another1 }8 s- b- f; d5 I% C; _
DosFlash32 start or by doing a MTK Vendor Intro Power Brute: H/ `) Z/ ^. g* X
- in my tests it did not work to power the drive with the PC's psu, because it will ^8 C" u. W% c5 X+ S; Y5 l
always respond with busy status5 K- m# v3 B& ~1 C; w; d+ a, u
- DosFlash32 can now read, write and erase the flash chip like usual
' C. \$ F2 c4 X% ], z: |1 v! c, C; i5 V
2 W: m, y3 w( y2 [% o
8 A0 M( N2 J1 ]. W7 xRespect to Geremia, Modfreakz, Podger, Redline99 and Tiros.
' F, x( B# }* ?, J( P7 Q/ d; C3 f1 R0 v, A% a* c9 ?+ ?
Like a wise man said: "0x2E is the MTK Intro of Death"
. o6 T% c" s# i5 P; S% L0 TKai Schtrom
+ O5 e8 ~9 e% S) x: j$ E; X- }$ K7 i' f0 d- h/ P, ~4 E/ S# V) B
1 Z9 q0 x0 T, o$ Q************************************************************************************************
( i- y5 ^. b# J3 [- o/ m: t6 X- X' C3 R9 g. ~2 ~
) b9 T! s( L+ ^; D5 Y/ x# ]) q
DosFlash and DosFlash32 V1.6 Beta! z1 w! W9 k7 N: {+ P H% K
-----------------------------------
, q' g9 p$ @* p- fixed power brute unlock bug for VIA cards, this can stop your VIA from working
, ^. }8 S$ s# m/ X. n( J with the power brute unlocking in Version 1.5
" e9 K/ Q/ B9 S$ c* u+ p% q4 G/ l- for DosFlash16 in auto mode on DOS my VIA card works best if I do a cold boot
% h2 S# K+ x. c3 e; @ and power up the drive short before or with the PC4 h# s. A/ u: b. r+ w3 K8 z5 y3 Z
- for DosFlash32 on Windows my VIA card works best if I power up the drive short
$ b; V* K! w C" b. [ before starting DosFlash326 W, M) L2 C+ n/ [: c- ?
- for me the VIA works with internal and external connectors on DOS and Windows
, A4 T% P& e, b& S) C9 `! [% Y T9 r: A5 U1 \* g* Q
Sorry for the trouble!8 L- c1 ]( g$ S
Kai Schtrom
: N1 x/ L' [' U- Y% S0 n/ Y2 j1 m9 I! {6 g
. Y2 I& i: E: n5 z: x1 a- g
************************************************************************************************) q3 h. j1 u/ z
2 h; O8 k( q& R8 O% O" m
5 D& a! J& d% L8 b! y FDosFlash and DosFlash32 V1.5 Beta
; I, M% ^1 @( k# K" P% J-----------------------------------
0 u' {% w( l2 y& l# J- now supports serial flash chip MT1309E with mediatek status 0x72 like the SH-D163B, SH-D162D,; W# ?' [7 A' m- S7 h: _
Asus DVD-E616A3, Asus DVD-E818A3, Sony Optiarc DDU1671S( o P$ ?5 P7 F% E, U+ @
- SST25LF020A and SST25LF040A chip support added
4 ]$ r! S9 r: s" G) @# ?* P' O- DosFlash32.exe ported from MFC to plain Windows API, exe size is now 22 KB
, `) b3 u& j( E/ S0 N- new port i/o driver, because giveio.sys can't be compiled for 64 Bit Windows4 I3 N! i2 L7 p: |' N$ B% T
- DosFlash16 changed slighly in manual mode, one parameter is added to support SST25LF020A and2 [1 u7 ~2 F4 y) j! U3 I
SST25LF040A! t) n8 U; `1 K. Y' }4 z. k
- two new methods of BenQ soft unlock are now possible on all motherboards with only one power: D% V/ F/ F1 u$ d3 A
supply unit7 Q9 ]' ?# ~" X
- 1st method is powered by Geremia's unlock core, thanks for the complete idea, concept and' E2 r% ^7 ?9 {) w7 i1 v( g" _
source to Geremia8 f4 g, ^0 Y6 I
- 2nd method is the Magic28 key send, this only works on BenQ VAD6038 firmware, thanks to
, h" t2 V. Q( Z" E s# U0 Z c4eva and podger for the initial idea
1 t$ B/ u, ~0 P5 \. X- the two unlock methods are send one after the other if the drive is a possible unlock
. f D! u7 v! }5 G9 w candidate, first the Magic28 command, then Geremia's unlock commands and after that the
' J- e" i1 i. N: X5 h1 U# Q already known power brute unlock is send to the drive, you can cancel any of these methods
! T+ }9 k8 }- Z3 d" _& D1 k: B before they are send to the target, this only applies to BenQ drives with a locked flash
- r: E8 O, b F+ M7 j- DosFlash.typ updated
0 v- E% k& A; b4 P- other minor improvements
, W. _" r$ n! u* z, N5 l- DosFlash32 is now ready for$ ^" N# g0 n" f: J0 x6 z. W5 P
- Windows 20004 m2 F. {8 G: D
- Windows XP 32 Bit
- l8 G- R7 ]! Q - Windows XP 64 Bit
/ d% N: M4 c3 ]/ Z _0 H2 W - Windows Server 2003 32 Bit5 x+ i$ b8 W6 \: ]. [. v
- Windows Server 2003 64 Bit
0 u G1 N) p( b$ t+ j - Windows Vista 32 Bit# p/ L& B5 Q5 ?, [: n3 ~
- Windows Vista 64 Bit
+ E e/ A9 K2 G6 |1 }: s/ a- Warning: Drivers for Windows Vista 64 Bit need to be signed, because we can't afford the
: a, X; q0 x% Y" Q8 y money to let portio64.sys sign you need to do the following:: W3 r. X/ B8 s5 o2 c% o8 C- _
1) Log on as Administrator- n# b; D" @1 k+ N: S }+ T
2) Enter the following command in a Dos-Box:. V6 ^1 E% J2 ~ P) D
"bcdedit -set loadoptions DDISABLE_INTEGRITY_CHECKS"
# E/ n* ~0 h5 e/ K y: V (we made sure there are no typos in the line above)  1 j7 w* b* I# P( z
3) Press enter and reboot your PC* }7 E- F0 U z4 ~2 p7 y1 f
4) Press F8 key upon initial system boot up: \+ J s! T0 y4 ~- L/ q
5) Choose to disable forced driver signing enforcement for that boot session. h& _6 O( s& Z; h% w1 Y2 d- O( d' `7 s
( E4 }; C" h* h( \2 Q, P
' p8 @! A5 T9 N0 \' x! ]
The following only applies to drives with a locked BenQ flash.8 H: e! m& P, `7 p/ W. }; k
+ ^. f0 H, b# z) J: s! ?/ _! P! {6 ^ ^$ {$ F# B% {
Geremia's BenQ unlock with DosFlash16 / DosFlash32 on any motherboard with the PC's psu, d; ]! H, N( y& U2 O! m6 t! m
-----------------------------------------------------------------------------------------
8 v( a X/ u7 B8 v- disable CD-ROM boot option in BIOS
2 ]: i1 c* ~: e2 p% B3 J+ r! ^- connect BenQ to your PC's power supply unit and SATA port/ r9 F. ~. m% D' L
- power up PC, wait until bootup is finished
/ w1 B! m/ y1 a& S# w _4 x- eject tray of the BenQ and shutdown PC completely" o% J9 [2 B( D
- push the BenQ tray half in& C0 U- m, F8 }3 r& d0 s
- power up PC and boot into DOS for DosFlash16 or Windows for DosFlash32
]- y: A3 n b9 B8 i5 w# X: ]3 B- v- run DosFlash16 in auto mode for DOS or DosFlash32 for Windows: |6 |0 h( B% X* E! e
- if you read the following:# ~/ i: ^ J' R* `% f0 O
MTK Vendor Intro failed on port 0x????. Because there seems. t% ?. r# H# t# T7 N6 q
to be a BenQ drive connected you should try Geremia's
( T' {; ^3 V { o unlock method.
' `6 C6 E" V+ S8 @, \; x5 B8 A: L+ L - Eject drive tray3 l. Y( j" r) `4 ]2 `' z3 I0 O1 t& ?
- Power off drive: w+ [$ A. G% O3 B: X' ?" V
- Push drive tray in until it is half open3 d8 D8 i0 l, \ {( _
- Power on drive
# b' {8 Z6 d- ?) s& Q - Press "Yes" if you are ready( v' \6 O3 _0 t9 a) s
Are you ready (Y/N)?2 G5 D+ V% G1 i1 D! H! ^+ ~6 x6 P0 \
- simply press 'Yes' without doing anything of the above, because we
$ C& H. x; U6 h: Y already did that before starting DosFlash16 / DosFlash32. u, n. u8 ~4 ?0 q% W2 _
- the BenQ flash should now be identified
9 K3 m: h# h% X# u- go on like usual
. a/ i( g4 G# r' A
/ ]( }, Y5 G1 K6 X# `1 R' N1 B. y- w" D9 _0 {
Geremia's BenQ unlock with DosFlash16 / DosFlash32 on any motherboard with 2nd psu$ o. q: y! }4 E, ~
------------------------------------------------------------------------------------
2 z' g+ ?( J7 O; _+ ?0 x8 S- connect a separate power supply unit to the BenQ, don't turn it on yet
. z( d; R! d2 ]" K8 J- power up PC and boot into DOS
# w; h M6 c7 Q9 ^& X" F- run DosFlash16 in auto mode for DOS or DosFlash32 for Windows
% d2 H1 R" [! b' X; }1 C- if you read the following:0 \/ [, m9 A% N4 F2 {
MTK Vendor Intro failed on port 0x????. Because there seems
5 Q# e# N; u6 j to be a BenQ drive connected you should try Geremia's" g1 m. k9 |; C! K
unlock method.
: ~ m1 r8 i0 `0 e( ]9 I - Eject drive tray
' u7 n. {# S6 Y8 g0 F% d - Power off drive
2 G" e+ [/ Q, K, _ - Push drive tray in until it is half open l0 |* j+ i1 S# w- z. C/ F( C. q
- Power on drive
" M# L) v4 t5 p2 f$ ~ - Press "Yes" if you are ready# V! a' V5 r6 B+ O0 }
Are you ready (Y/N)?
h6 ~" ~9 N8 W2 u9 j& U% d- do the above and press 'Yes'( i& V8 \9 h5 i; n. @
- the BenQ flash should now be identified
; ^4 e) I/ O. M! E: F- go on like usual
# v5 e4 L- ~5 q0 b& w
: K1 c# v! L* F' n1 B9 q5 b0 Q, H4 w9 T V g
Magic28 BenQ unlock with DosFlash16 / DosFlash32 on any motherboard. n( s( l2 |7 K8 s
---------------------------------------------------------------------6 ^4 U; v! o! f: g+ x
- connect BenQ to your PC's power supply unit and SATA port5 K' z7 Y* e! `
- power up PC and boot into DOS for DosFlash16 or Windows for DosFlash323 V* C# h/ V$ }8 ^8 ]' V+ K( }
- run DosFlash16 in auto mode for DOS or DosFlash32 for Windows
$ r6 G8 x2 G" e. w% h; @- if you read the following:
/ b# f A3 U/ F. G7 R! [ MTK Vendor Intro failed on port 0x????. Because there seems
& l! M8 b- c+ ~% y4 J! x* k R0 ] to be a BenQ VAD6038 drive connected you should try the
. w$ X: |* p. r7 e6 g& x1 B& b7 X- M Magic28 unlock method.( I- J8 X: `3 s2 i8 _/ {
Do you want to send the Magic28 command?
( r6 f- x8 V8 g+ x1 c& \- press 'Yes'
9 R6 M; ^6 @/ n' U; b- the BenQ flash should now be identified
4 t9 V- @& p7 E& ]& D# X- go on like usual
( \- ]) X, l; |6 ?7 ?& T
1 ~! a4 W9 P; v! l9 R9 F9 W* z) ^$ `1 s! V7 f# R
Thanks to Redline99 and Tiros for help and support.6 [( o p+ Q- H5 j( S& _
/ G' ~2 N4 l( ]% VIt's all about DOS!
/ P" h! v2 O+ o) N9 x( rThanks guys for the excellent team work!9 h* D2 a- o! J7 O9 d# r
Geremia, Modfreakz and Kai Schtrom# t, P" q K* C. t, V& K0 R
: G+ L9 N/ a# B1 }; b. U( j+ e. i5 X) V' R; k/ p
************************************************************************************************
' Z' Z6 X6 c6 m' k% q! w, r5 ], w+ S7 w7 C# `
c1 p. K8 C; ?+ a# a7 ?DosFlash and DosFlash32 V1.4 Beta
6 N& i: |' |& C-----------------------------------
7 _; J0 `% l3 P, L p- DROM6316 flashing support( s" [2 } m1 u+ ^% x; l
- a flash erase is now always done with a chip erase and not a sector erase command, because
# q; E9 j' ^ m/ f3 u the sector erase gives problems for some Winbond flash chips including the DROM6316
* u7 E/ E6 y1 s2 \6 \; s; j X- DosFlash.typ corrected and updated
: a' A3 A% y. Z8 Z; H- for a detailed explanation on the soft unlock look at the included file SoftUnlockByIriez.txt,& w: [' l8 v: c
it contains a very good explanation by Iriez from XBS, thanks for that one!
7 D% {- k* W+ F0 T5 g: H: U" P& Z3 U! W8 O* O& L( i
Thanks to Iriez, Jumba, Redline99 and Tiros for help and support." _; X- L9 e6 s5 V2 z
5 {2 d: o9 @) h0 Y( r$ b" b
Happy DROM bricking!8 Z1 T& Y9 S5 a! I
Team Modfreakz and Kai Schtrom
1 h% Z4 H& T; ~# D
H* i, o8 }0 p' E! O( W, ?
& v" D, Y8 r* H8 L6 j' E************************************************************************************************
- X* j. `' `% l3 ]
2 ?0 V0 [ d3 {, Y5 A: f7 q
" m1 k5 a( Z2 @# h7 U! ?DosFlash and DosFlash32 V1.3 Beta
( I5 c3 L3 {0 C4 G4 I. H-----------------------------------2 b" W9 Z/ t$ x, M" c/ q
- BenQ optimization in unlocking the flash chip, it should now be possible to read/write/erase
$ W6 ]+ p/ z+ Y# ] the flash without any soldering or wire tricks, the drive is polled for the correct mtk
e- G. C4 p: Y unlocking status after power on, this only works for VIA cards and NForce boards atm6 F3 O6 G. x! @1 w' z" Y4 a/ M
- DosFlash32 has one additional parameter, if you start it with the parameter "EnableDrives"- R) _( N b2 A
all the DVD-ROMs are enabled in device manager after flashing, this could give BSOD on some
. X( X9 c6 T9 m4 D$ g5 N- O8 N3 u$ ~ systems, therefor you need to create a DosFlash32 link and add that parameter manual to use it
: s: O+ ]8 Z6 L; n- DosFlash16 has one additional parameter "Send ATAPI Device Reset" in manual mode, this could* n1 g4 |- g& U7 s& t# ^- x
give better chances for soft flashing on some VIA - motherboard combinations
. b+ B& R- k" f* |( A W4 N- better support of Intel chipsets, drives can now be flashed if the controller is not set to7 G) |/ t) q# K. @& `' Q
native mode in the BIOS1 _, U4 T4 g6 y( p3 W
- the following controller list includes vendor and device IDs that are hardcoded to identify
, i: z! q/ R* ?8 i. r the controller type (IDE or SATA), this is needed if the BIOS uses IDE ports like 0x01F0 or
" D* V- o, B4 w& a u0 |+ [' M 0x0170 as SATA and not as IDE channels, this list is NOT related to soft flashing$ C. K; y- |2 ?" v
- the following chipset support is added5 l' P/ ~/ I! S( t/ l b. e
- VIA cards) n: g+ y4 j2 p1 f" c; D
- all VIA cards with a 6420 chipset
" T2 ?/ i3 ?- y. g6 c U - IDE Controllers
3 w' |" @/ t9 w - NVIDIA nForce 2 IDE Controller* |( D2 w9 l# _
- NVIDIA nForce 4 IDE Controller5 V; n, v/ U0 s) d: F
- Intel ICH9' q: ]4 b3 n$ Q8 I) K O
- Intel ICH (i810,i815,i840)3 Z- \0 [( h: Z8 J/ \: i( K0 [
- Intel ICH0
. `5 m+ Q$ E1 F2 O- I! ?. N" j5 ` - Intel ICH2M) e6 P+ @4 x9 h" g& P
- Intel ICH2 (i810E2,i845,850,860)
9 Y" V# e3 U& g - Intel C-ICH (i810E2)" t% h4 r+ o6 {5 B8 w
- Intel ICH3M E9 ?% a }' } X* G+ J3 ^2 A
- Intel ICH3 (E7500/1)7 G' |' n9 j7 Z, l1 q" z) |" J$ F" [
- Intel ICH4 (i845GV,i845E,i852,i855)
# p# G4 c6 l! q9 e3 ~ - Intel ICH50 E; U1 z( E. ?8 ]/ v& I
- Intel ESB (855GME/875P + 6300ESB)
4 z' |0 e& `: V7 N, O% F0 }5 N5 M - Intel ICH6 (and 6) (i915)( @% [. ?% z: i4 I
- Intel ICH7/7-R (i945, i975)7 K, l* O' `1 o* l
- Intel PIIX3 for the 430HX etc; T/ S" j' [7 ?/ y( m: p" P' z& }& E
- Intel PIIX4
1 M# |3 d- P9 }% p+ B - Intel PIIX4 for the 430TX/440BX/MX chipset. u0 O4 }# E: E. M) s3 O3 k3 h" t) \7 {
- Intel PIIX9 X1 N5 x/ ?) ^0 s$ g- W
- SATA Controllers
- \$ ^/ R& @2 ^4 [( u: J, P - NVIDIA nForce 4 SATA Controller
* _1 _1 e9 N g% f6 \ - NVIDIA nForce 2 SATA Controller
" K5 [5 _- P E7 j$ d' f9 q - NVIDIA nForce 3 SATA Controller
4 k, x& O3 X1 K% X+ i - NVIDIA nForce MCP04 SATA Controller- D1 d% m5 @# Y1 s
- NVIDIA nForce MCP51 SATA Controller
- [) l5 a+ D7 r' I - NVIDIA nForce MCP55 SATA Controller8 ^. ]2 U' @; o7 s
- NVIDIA nForce MCP61 SATA Controller
. T' j0 P* a& W, U) l$ f& f - Intel 82801EB (ICH5)2 K' R8 Q6 O# k2 t* k" Z8 d
- Intel 6300ESB (ICH5)7 P- ?. B: v0 h2 A
- Intel 82801FB/FW (ICH6/ICH6W)8 |1 t2 _+ }! g" ?# g) e
- Intel 82801FR/FRW (ICH6R/ICH6RW)
2 J2 O8 y- Z" l' q% c - Intel 82801FBM ICH6M, P* F- j- i4 L0 ]0 f x
- Intel Enterprise Southbridge 2 (631xESB/632xESB)
8 J' \9 U; ~. _9 J - Intel 82801GB/GR/GH (ICH7, identical to ICH6)
0 p& j: I5 ^1 b - Intel 2801GBM/GHM (ICH7M, identical to ICH6M): ~' R$ b. o1 o
- Intel SATA Controller IDE (ICH8)
9 v; }; R* t! D) S4 d - Intel Mobile SATA Controller IDE (ICH8M)7 u1 z; O) d5 T( \) `& n3 |
- Intel SATA Controller IDE (ICH9)5 C5 W5 w4 D7 m/ e F+ @
- Intel SATA Controller IDE (ICH9M)4 z- v! c. W: J6 Y# w9 { H3 {
- z) ~( }4 b+ L9 t1 ^
- T! L4 \0 D& [$ bThe following only applies to a software flash on a locked flash. The methods have been tested
( E1 j9 o! g' V8 m. u5 m$ |with the BenQ and the Sammy. The VCC trick will work on any motherboard, but you need to do + J- | j3 g7 w( H6 q
some soldering and cut traces.2 G3 p: _/ @/ P8 n
. u# d) w+ _5 f4 @9 [% l. _. e( ^ H a' g$ Q6 ^
Soft Flashing the BenQ in DOS with a VIA card and DosFlash16 in manual mode. ]* U# {- U0 A3 [+ L
-----------------------------------------------------------------------------
$ V4 {% g" y8 G" B! [- first you need to know the port addresses of your VIA card, you can get these by starting
; w2 e' m. i) d0 j msinfo32 on Windows XP and looking at the port listing for SCSI devices/ ]) l6 |8 {9 q' {
- for the 6421 the 1st port is internal SATA, 2nd is external SATA and 3rd is internal IDE
4 K/ p9 }1 L$ B: X; z- for the 6420 the 1st and 3rd port are internal SATA, F# ^" T4 V( _* [; i4 _. c
- you need the starting address e.g. 0xD000 or 0x70007 D5 i! g( t2 j/ [, {: G: C
- be warned that these addresses can change from computer to computer, they are assigned7 s& a' Z, F) Z8 N) X# P& l5 F7 c
at bootup, but Windows XP should display the ones you need for flashing in DOS' R) u$ N3 t- ^6 V
- connect a separate power supply unit to the BenQ, don't turn it on yet (can be XBOX360 or
# w# ^1 `1 \; [ Xecuter Connectivity Kit)
+ L- f7 O, h7 P6 Y- don't use the Xecuter Kit to power the drive with the same psu as your computer, cause we
1 e! C8 O, [% O3 P1 w2 w# g7 r need to power the drive off and on during soft flashing4 ~' i) i$ `5 n) B$ v
- cold reboot or reset the computer0 m( r$ @2 I" _, ] d* e
- boot from a DOS disk, I used a Windows XP MS-DOS startup disk) \4 L, z* E+ e! ^! X' P* R
- at the prompt type: ; s1 O1 [8 R0 @8 S$ E* s# j+ n6 Q
DosFlash r 7000 1 a0 1 4 a:\orig.bin 0 / q3 N+ J' Z5 e
- instead of port 7000 use the starting address your VIA card uses: {. K5 F1 ~8 F% L# b8 @! `% z1 T4 w
- press return
% l) @/ `0 L3 |$ a- DosFlash16 will ask you if you wanna resend the mtk vendor intro cmd, press Yes% U+ p A/ f& P) a* ^& {& h
- after you pressed Yes the drive status is shown on the screen, it's something like 0x7F,$ a" q+ V8 }* H% P# H# F7 c/ f
this will change during the next few steps
% u) a5 B6 h6 O& k7 ?- turn on the BenQ psu and wait 2 or more seconds, status changes between 0x51 and 0xD1* _) K- K) H& N4 |
- turn off the BenQ psu and wait 2 or more seconds, status will stay at 0xD12 S/ s% ]: p7 H; I$ S* l
- turn on the BenQ psu, you should get a good drive status 0x73 and flashing should start
, o6 u* b2 `" u9 A6 F* a- this worked only one time after the computer is powered on or resetted for me
. h4 w7 Y; r6 L$ X* D2 l* Q- writing and erasing works the same way5 J' t* H2 w6 v3 d! S3 @
- for writing type:% T9 G) o" Z6 \6 N: T o
DosFlash w 7000 1 a0 1 4 a:\ixtreme.bin 02 z5 q& i; F/ ` E, r" h2 W
- for erasing type:, q: E5 d' h+ S1 F* t- N. q* l& o
DosFlash e 7000 1 a0 1 4 D8 0 (D8 is the sector erase opcode for the BenQ flash, if you need9 }$ t( E( z5 d; `" Q" i
to erase another drive, lookup the value in the datasheet or DosFlash.typ)6 j9 m' U* I6 g6 J" p7 S9 b
- if you experience any problems try to use 1 as the parameter to the ATAPI Device Reset, cause
; J6 j7 ?3 I0 V the same VIA card will react differently on another motherboard sometimes
$ J# a# S/ d# \0 Z5 g0 ~+ ^# H' Y1 N. Q
5 q0 l( V: x4 u( c$ Q* l: fSoft Flashing the BenQ in DOS with a NForce motherboard and DosFlash16 in manuel mode
( A" ^( t5 q+ x) S" d5 X8 z5 H# r: Y---------------------------------------------------------------------------------------$ `% ^4 k& f4 ~: R
- first you need to know the port addresses of your NForce motherboard, you can get these by 3 b" s) }* S' M
starting msinfo32 on Windows XP and looking at the port listing for IDE devices
. P* j* {4 q6 K( y# j2 \7 ]- on most motherboards the 1st and 3rd ports are used for SATA7 y7 b) ^* p7 J. u
- you need the starting address e.g. 0x0970 or 0xE900
2 f4 z2 d. d% O% u/ ^; P* L- connect a separate power supply unit to the BenQ, don't turn it on yet (can be XBOX360 or * i. a# _/ @7 w& O; e
Xecuter Connectivity Kit)
( ? x* V6 I/ g1 B* ?5 E- z- don't use the Xecuter Kit to power the drive with the same psu as your computer, cause we9 }9 y' b" Z& W, Y+ g v
need to power the drive off and on during soft flashing3 X: y! J+ v/ d t$ n
- cold reboot or reset the computer9 U8 o2 f% v+ Q7 r$ M9 ~
- boot from a DOS disk, I used a Windows XP MS-DOS startup disk
9 y1 P1 W* W) y% \7 A- at the prompt type:
0 W! x v2 K! T6 Y DosFlash r 0970 1 a0 1 4 a:\orig.bin 1
3 ?) t+ z/ U6 n3 g4 r b - instead of port 0970 use the starting address your NForce motherboard uses
4 r0 ` L* d' j* H- press return
4 c( a( d; x( u" R6 G* [! A4 A' T- DosFlash16 will ask you if you wanna resend the mtk vendor intro cmd, press Yes. O& _. t4 s4 \
- after you pressed Yes the drive status is shown on the screen, it's something like 0xD1,
1 ?; I0 J: a. u/ N0 c this will change during the next few steps
/ {; @( C* g8 ^1 h7 V+ O- turn on the BenQ psu, you should get a good drive status 0x73 and flashing should start
$ j) [! a6 `1 r1 u- writing and erasing works the same way
" y' q9 Z3 i" G: Q5 X# r! o- for writing type:
7 B1 d( C0 Y, o% ? DosFlash w 0970 1 a0 1 4 a:\ixtreme.bin 1
: z5 |6 q2 M1 k- for erasing type:, c9 X! g$ I1 d, b O
DosFlash e 0970 1 a0 1 4 D8 1 (D8 is the sector erase opcode for the BenQ flash, if you need
* |2 s$ ]. C1 ?8 ? to erase another drive, lookup the value in the datasheet or DosFlash.typ)
5 ], R$ U; |& l8 `) v
$ Y- M4 z# P: m5 U0 ?- M: R3 L+ [$ f
$ M6 `- S5 U1 ]' `5 }Soft Flashing the BenQ in DOS with a NForce motherboard and DosFlash16 in auto mode
o) p0 n: P, O' g: U0 B-------------------------------------------------------------------------------------
) y; I; J! O1 W- connect a separate power supply unit to the BenQ, don't turn it on yet (can be XBOX360 or ! m0 k; b8 a- o1 w" r& @+ m+ ]
Xecuter Connectivity Kit)& K; A$ k' X: q! B. q; q+ b
- don't use the Xecuter Kit to power the drive with the same psu as your computer, cause we
8 F2 B) C9 k5 ]1 v, I5 C need to power the drive off and on during soft flashing
: t, `2 i3 V! {$ V+ M6 l' l- cold reboot or reset the computer
2 A# c$ H, R- E5 B3 _* |- v) m- boot from a DOS disk, I used a Windows XP MS-DOS startup disk4 V0 s! r/ ?# X2 n& f1 z) ]9 x
- wait until you are at the cmd prompt9 Y" F, z7 W' O! v; y
- turn on the BenQ psu6 _; |1 b% c$ U/ X% z$ i0 G; `+ {9 h
- at the prompt type:
8 q1 m# d6 a/ w% O DosFlash1 D l7 v2 `9 R/ o1 {
- press return
5 N( m- Y7 @1 d- during scann of the BenQ's port DosFlash16 will ask you if you wanna resend the mtk vendor
( _* g. m7 ]& @' U$ J3 [" K intro cmd, press Yes. c: n& A1 S! Q6 q& F2 x
- after you pressed Yes the drive status is shown on the screen, it's something like 0xD1,
. x. Y5 R# {5 h4 { this will change during the next few steps
8 E! w& e8 K3 B$ h! n" W# q) I- turn off the BenQ psu and wait 2 or more seconds, status will stay at 0xD1
; w, u- k, k9 x2 |$ a! M- turn on the BenQ psu, you should get a good drive status 0x73 and flash access is granted
8 {& i9 B: v% ^- you can now continue as usual using DosFlash4 E- L7 F" T8 _( L" H7 m( Q
- writing and erasing works the same way
/ ~) f6 W+ s& \% z/ U+ u- if the ports are scanned there is the possibility that you'll get the resend question for
, Y* Z# v2 \( P6 x1 c+ ` other drives like a NEC, this is because the NEC has no MTK chip and returns a bad status,. T7 S& d1 b( l% c
if you know the NEC is at that port you should press No and press Yes only if the port of) g& J0 L4 G0 t' F5 V$ z
the BenQ is shown or simply disconnect the NEC2 v# N0 A" q; }/ S1 @
9 U$ U6 J5 x0 d! F0 U S9 z& K
/ O; C! Y8 n" L' K a! z8 O3 lSoft Flashing the BenQ in Windows XP with a VIA card or NForce motherboard and DosFlash32
$ t3 W: t2 w2 F# K2 l, K8 `-------------------------------------------------------------------------------------------
$ X x7 p9 Z, T: g- ?" p" s- connect a separate power supply unit to the BenQ, don't turn it on yet (can be XBOX360 or
# d: f; B8 l6 Z* o( W0 o Xecuter Connectivity Kit)
2 Y" n' W5 i' s; M1 {- don't use the Xecuter Kit to power the drive with the same psu as your computer, cause we
2 J( B3 M3 k* w0 \1 [ need to power the drive off and on during soft flashing2 @* |2 ]+ z' E0 Q5 H
- cold reboot or reset the computer) w0 N4 A; V6 k5 \8 u5 R o
- turn on the BenQ psu when you are in Windows XP# O3 \4 N- \+ q* H y. I
- start DosFlash32' @2 g& H& j3 P- W
- DosFlash32 will ask you if you wanna resend the mtk vendor intro cmd, press Yes1 N# B1 A9 @6 d1 B7 t1 M. D
- turn off the BenQ psu and wait 2 or more seconds
* H. P, o" n. h' @- turn on the BenQ psu, the DosFlash32 dialog should show up' i+ B. M7 i7 ~0 T
- the flash should be recognized by DosFlash32/ m- Y; h# g2 v/ J* T0 v9 t; E
- you can now read, write or erase the flash
8 y6 V$ Q' [3 w+ J- you should be able to do the flashing more than one time in Windows, only do the power
; y0 ~. v% e; u6 S9 S off/on trick again& B: c2 R# y# D2 w" q; x
- if the ports are scanned there is the possibility that you'll get the resend question for$ W1 Y ^0 Z2 t1 J
other drives like a NEC, this is because the NEC has no MTK chip and returns a bad status,) {9 U4 ~0 ^# ?* v
if you know the NEC is at that port you should press No and press Yes only if the port of
6 j2 h5 z- Y2 k8 ~0 ?% f the BenQ is shown or simply disconnect the NEC _3 K3 W, R4 q3 v5 _
7 u8 b/ j% R1 x7 m- ], F9 ^
9 P8 @1 p, b9 D# N Q* h
Many thanks to jumba for the great idea of BenQ polling!5 ^0 h" M y- V& f$ @5 l
Thanks to Iriez, Jumba, Redline99, TeamModfreakz, Tiros and all the IRC people for testing0 Y# c" }7 p* O: ~2 l) V( U
and support.
4 J# R2 l$ C- v7 R. L/ u
. { V3 f1 B5 J: XJoin us on IRC efnet at the channel #dosflash for support.6 J1 _7 ^* S# I
5 q1 q! e. l* J$ F2 o, V
Don't brick your BenQ!
; B4 L$ @7 G! T# W" x; OKai Schtrom
- V8 f8 q9 I/ b. j- W) q( {
7 N H* l6 d8 _8 i. s' V1 P) ~" M' q. j/ V* V1 y
************************************************************************************************( F& }$ ~7 w" w+ Q# c+ W% F: ^6 p
# I+ _6 f% H4 _. A: ~/ N8 w
" X$ ?. i9 A( u4 E# {) UDosFlash and DosFlash32 V1.2 Beta
% c0 K/ H, n/ V' q9 D8 ^! A-----------------------------------
# O4 v2 i! V; U* V- bug fix for BenQ recognition
0 r) o$ ~# R# B5 @0 V* n - manufacturer and device id are sometimes 0x00 for a correct installed switch# t7 V( q. i$ c" z4 \7 x! V
- this issue is fixed with an additional ATAPI device reset before the mtk vendor intro is sent
, Y X5 {# I) G8 r O% u4 Q4 ?4 n
! P' U" y+ P# U/ E) d# XThanks to Redline99 who fixed my buggy code by adding one line! + x6 v) V: `# N r( R- K* O% B
& H ?7 s# {0 u$ f0 o* [
% i2 k% u) s: c. N" _! p# k0 p" g************************************************************************************************1 @; K/ p, R' v- ~
, D; o- Z& z4 v; f
# F2 ~7 n/ b" l, B# S1 G1 SDosFlash and DosFlash32 V1.1 Beta& T. o8 d; G! s5 E
-----------------------------------5 Y/ V7 j* \# P) f1 E& j
- DosFlash.typ modified for better BenQ support
8 X; W: i( i8 E- z; _- DosFlash16 Flash Manufacturer and Device ID screen output restructured2 M, ^3 _1 l3 |9 X: t/ b+ m# W
- flash chips are first erased before writing starts: v1 m' Z w+ ^+ `3 G6 W, B8 k) R% E
- DosFlash32 no reenable of DVD-ROMs in device manager after flashing, this means you can't see the drive, e8 `, A6 M( q; S6 g. P, d- k' h8 a
and maybe have to activate it manually again in device manager, this could give better compatibility and. z# U0 z! ?- R; L
hopefully no more blue screens7 F' A) l: `5 R! C- Z9 ^9 {
- _/ C I0 K6 k( ]. D$ wMany thanks to Jumba, Redline99, TeamModfreakz and Tiros for inspiration and help!
. z8 o" r+ ]1 G% ^" L6 o2 A) z! |! D! s9 ]
2 ^/ |& N; D2 U' O& X* |) |) d. X************************************************************************************************& h7 I, f8 K* M+ V1 I% x2 W
7 w# s* s' Y1 }* D9 ]( [4 C
$ H, X) R( m, B q$ e3 O
DosFlash and DosFlash32 V1.0 Beta4 b/ m0 V- y. x' e
-----------------------------------. P5 m$ y A: e+ Z( S7 }9 B
DosFlash can be used to read/write/erase the flash chips of most CD/DVD-ROM drives& ^7 R$ ^+ t3 c* U% a J
that have a mediatek chipset installed. DosFlash is for DOS flashing, DosFlash32
0 n% m. ]" [% Xfor Windows flashing., K- g: E( m5 P0 F# g5 l$ s
4 g- f0 u0 w+ e& c; T6 [$ Q
' J: |" \& Y% N' o+ }( m6 a
Features:+ c6 F4 A6 \4 g# e: y; J+ V
-----------
' ]3 A% L6 Q2 y" _' Y# N9 @' |: Y- flashes IDE and SATA drives
( ?5 |) Y/ ^; v9 z9 v4 Q* Z1 X- supports parallel and serial flash chips% U! G X( l, K: `% u
- flash drives in Windows with direct port access
% t _1 S! e" A4 f6 R, y/ O- no vendor cdb flashing commands are used
- o' b* f2 c( _- tested with the following drives:% e" E1 ~ }& E( J0 n S6 i, V
- TS-H943A MS25, MS28
& F# ~5 c5 w5 V9 } - SH-D162C
) J! k0 V8 T) L! z! S9 r - SH-D163A
0 w# U3 s& F* Z2 R) d$ K7 T- _- M - and some other drives like Liteon, Hitachi, ...+ e- U" ^6 ~8 f$ c, }
- NEC drives are not supported, cause they have no mediatek chipset installed
8 `+ H" i. V! O; C4 j
5 e/ V* k5 p+ g9 n: N
# r+ v7 y! x6 z& Z9 z( w0 k" mDosFlash' S! W, P' ^5 z+ t: q
----------
$ {; h% o' N7 p7 wDosFlash supports two flashing modes, Auto and Manual. If you type DOSFLASH at a DOS prompt it7 F3 A) c2 i( {, O" z; Q
will start in Auto mode. All drives and the corresponding flash chips are detected automatically.# J# J' B8 Y- a& E
If you can't get a flash chip recognized due to a bad flash or other problems you should use the
& f6 h& m8 f r0 l+ sManual mode. In Manual mode you can enter all the parameters used for flashing by hand. The
/ d d7 E2 ~4 Q+ f! Ifollowing help screen is displayed if you start DosFlash with a wrong number of parameters:
) D* H) k' h$ n4 g$ \2 I, R u+ w8 p" I0 [9 Q
( Y4 U ]; f; z# l! s
DOSFLASH by Kai Schtrom, 08/05/2007 (Ver 1.0 Beta)
/ ^. S6 y9 q& y8 b9 p( }4 m5 dDOSFLASH [R|W|E] [PORT] [PORT TYPE] [DRIVE POS] [FLASH TYPE]
3 o/ E2 R: u& z [FLASH SIZE] [FLASH SECTOR ERASE OPCODE] [FILE NAME]7 t2 U: q2 c1 m- s) x1 u* X: ?
R: Read FLASH
. e! ]3 \0 f/ k W: Write FLASH
2 S: ^5 Z& L% {" t E: Erase FLASH7 ?9 Z$ T5 ]5 D6 J
PORT: Port to send command to
% A; x: _4 e( a* T j# v2 B$ L PORT TYPE: 0 for IDE, 1 for SATA, N, E& ~: y6 k3 Z: W+ U- k! v
DRIVE POS: A0 for Master, B0 for Slave
L8 O( `) s3 ]: Q6 p, V! h FLASH TYPE: 0 for parallel flash, 1 for serial flash
8 \1 E9 w( {) n8 x& T FLASH SIZE: size of flash chip in number of banks
2 Y' l: t6 Y& b$ b' d% SFLASH SECTOR ERASE OPCODE: individual sector erase opcode command byte
8 V- T9 L5 a% J- v+ X/ d$ } this is only needed for erasing a serial flash' [* E" @1 h( V; i% E, j4 c& V
FILE NAME: name of the file to read/write from/to flash* p# h( B; A9 r
All numbers are intepreted as hex values!9 h4 i# ~2 x' ~) k c6 Y9 @2 o
8 x- ?. g! b. _! t1 }. E! ^ TExample Usage:, K6 h8 m2 l c Z4 f
"DOSFLASH R 01F0 0 A0 1 4 C:\flash.bin"! f/ D% ^7 r6 E! W9 ?: d2 v5 x
=> Read serial flash with a size of 4 bank (262144 bytes) from Master Device S% l/ k0 m/ V# C* Q- W) i
on IDE port 0x01F0
1 t" m) y1 n2 k$ T w"DOSFLASH E C000 1 A0 1 4 D8"
( b, r8 w/ \' V=> Erase serial flash with opcode 0xD8 and a size of 4 banks (262144 bytes)6 Z. a* {$ ^3 A& u \
from Master Device on SATA port 0xC000
7 V w$ R0 w7 {! D , T! i4 ?3 S; l, R$ G
/ C5 N* N) e6 Z# IExplanation of the Parameters:3 U: _$ ~+ }9 L( _* F
--------------------------------
) y; a' F7 Q: }6 D$ j/ w+ E4 N5 S& c2 u2 d: a! u; X& o. v
[R|W|E]
/ Y8 } x! V8 H---------9 f8 x" E) m, o G: k, J, r
- this will set the mode of flashing, it is recommended to first try read on any7 N9 N' K D. x; |, y
drive, if the read will fail, it is highly unlikely that a write or erase will
9 c7 {% q% u9 x" i6 H1 c( s- ^$ \ succeed* s* b& F! p. z# x
7 a" x; H2 L7 c6 O) w# a0 y! X[PORT]
0 w% @ z3 _1 D, `--------7 K# N- Q! Y& g5 R$ M* a
- the port to which the drive is connected, a port number should always be entered. Z4 ]7 I8 ~2 N) J& W
in hexadecimal and have 4 hex digits, valid ports are: 01F0, 0170, C000, C800
! I- \1 _! c8 w- this option can be used if your PCI adapter card or on board IDE/SATA ports are
( o4 y4 }- {' c not identified by the auto mode, R& z: }0 T( L
/ T; [4 {- y6 w# Q[PORT TYPE]
: [0 t7 M" _2 G1 j-------------1 E. [% f% t4 M
- the port type tells DosFlash what type of port is installed on the before entered3 _! g: J$ P, |- H2 r: \
port address
& X6 b9 Y. D$ X% V7 ~0 X- valid values are 0 for IDE and 1 for SATA; L; U# ~ A; D- b& ?. m5 \' j
- make sure you never mix the wrong port with the wrong port type, this could give: E) {5 O5 G0 S: R: N
strange results or in the worst case a bricked drive
) I4 m2 E$ U# g2 v3 U6 @& R
1 h/ W( G$ C! r5 c: c0 D1 f9 O% K* w[DRIVE POS]
% U" |' e [- }; E" b5 A" p# u5 Z-------------
5 n7 l6 d7 s$ O) p w- old style IDE channels have the possibility to connect two drives at one IDE
% W1 Q, C0 o/ X1 h8 Y& R channel, the first drive is called the master, the second drives is called the8 L* v2 f/ {: ]; g
slave
( ]5 k- w) X- o" M W# H2 [. q- you can select which drive should be flashed on the channel, A0 selects Master,& Z8 ?+ A% D( t8 I/ m \$ o& {7 u ?
B0 selects Slave
2 \: o% |1 Q& D6 X7 n) v5 ?. |$ X- on SATA ports this value is always A0, cause you can only connect one drive to& F1 j3 O a( _8 J( K
a SATA port, so for SATA you will always type A0 here
$ P5 P' L& z4 D- it is not recommended to flash IDE drives with another drive connected to the/ z/ }, _; X' {$ k5 P
same IDE channel, this could be risky if something in the Master/Slave selection9 L' M" q) x! T
fails% _+ z4 }# b, z3 {
: |. \; ]( B' V/ ]" [$ ?5 p[FLASH TYPE]
0 l0 g8 b: ?5 P2 d$ E+ Z9 G--------------1 W8 U# Q+ }" u5 m% K/ d+ G, f
- there are two types of flash chips out for CD/DVD-ROM drives atm
! i& {6 e5 o3 w" @# m4 _$ _9 J& G! x- the older type is parallel flash, which is also supported by mtkflash for example
8 E0 z4 W& J/ [- the newer type is serial flash, which is supported by flashers like XSF8 x( p5 I9 O5 N O
- the problem here is that no tool is out that can flash serial flash chips on
! q/ f; F+ j5 z/ O. i0 \6 E* h* H9 | SATA ports
0 w& Y/ N- ?" t* t
* P; d- v0 M# }$ L: D$ D9 ?[FLASH SIZE]
. q$ b X1 o0 i3 U/ _ F# F; L--------------
( Y) E- q0 _ Y( v! B/ Z$ q- this is specifies the flash chip size in banks
% ~+ ~( P- ^( w8 Y; _- one bank is always 65.536 bytes in size& U& Y' W% V5 k3 K9 P
- if you know your drive has a flash chip of 262.144 bytes in size you need to enter 4
& P/ J; U% W/ t" e) w$ x
1 F T5 F, ^, ^ k: ~[FLASH SECTOR ERASE OPCODE]
; w' r2 Z% s' y' d2 p& s9 W-----------------------------
1 S0 b- j X) _: \8 ?6 s- the opcode used in the flash chips datasheet for erasing
7 c0 n" T0 ] ]$ S9 s- for serial chips this command can be different from the standard and needs to be7 h6 m" R3 a* g c" Y
entered for flash erase
3 `. A% A% h1 h- P" p9 r7 {& }. o- for parallel flash chips you can enter a dummy cmd byte, the integrated command6 @* F; `& t) U$ |
should work on all parallel flash chips without a prob7 P$ ?2 L4 M5 _7 O8 @
0 K0 a' b* V) A
[FILE NAME]0 o4 o+ l2 I4 M4 w6 h3 A
-------------
' G/ m- E' D% E8 Y+ z% ?- name of the file that should be used for flashing6 z' A* H. b# \, g6 I3 D/ @
- for reading operations this should be the output file6 R6 R8 T' M2 a
- for writing operations this should be the input file4 J G% l" H' p7 R S2 B+ e+ t
% r$ |' h1 M0 E! T( h
" M0 w) `/ h5 W/ H% I8 FHints and Warnings
: h( |5 @# v1 i0 F$ z8 ?--------------------& Z) p4 q5 K+ a/ i7 {3 k7 F
- read, write erase TS-H943A MS28 after the firmware stealth has been disabled with Enable0800 disc
! C) `% `0 P* k: ^6 P1 B: r& M - this only works one time, after the first mtk vendor specific intro cmd is send6 r3 r; @! t2 ?" A M2 F
- if the mtk vendor specific outro cmd is send the chip goes back to stealth mode and you need
" s" m1 \: M* @7 ?" K6 b1 E again the Enable0800.iso to disable it
) F+ u8 l' S; C) I4 S! O! k/ A - therefor the mtk vendor specific intro is send at program start to all present devices and the1 z, m( ~* o/ s$ @
mtk outro is sent at program end
% v$ H* }" ]* n% j - if you have a chip manufacturer id of 0x02 and a chip device id of 0x02 for the TS-H943A
. n% g. {% A b7 e- T the flash chip is in stealth mode and won't give access to any reading, writing, erasing
2 ~/ m" {* {( X+ E9 ?% l' h( o1 q- always have a look at the DataSum generated, this is exactly the DataSum of mtkflash( l) o" i4 r' q! S( K
- the DataSum is calculated as the sum of all bytes of the firmware in a short integer
* q3 K$ X! ?+ a) t# L$ h - to make 100% sure that the flash is written right compare that DataSum to a known one
; J& A* R2 D+ k1 Y' t- this tool has not been tested on all drives out there, the typ list is simply copied from well" W$ ^, r2 y+ e* H$ K
known programs like mtkflash and XSF2 K: P0 A# g- m" L+ W8 q& T
- always try a flash read on a not yet tested drive before doing anything else
2 ^5 i2 m. C5 ?6 K% z/ @ - if the read doesn't succeed it is highly unlikely that a write or erase will
' X C9 \3 O* s+ b! x3 u- S- some LiteOn drives seem to have probs to write the firmware correct, this prob seems to be
: [- `9 B$ k3 P; D related to windows register flashing, cause even an assembler app can't do this error free
- Y6 X1 S. S& a) f/ ] - if you get errors on LiteOn drives, write the flash two times in a row- d! S8 O% c5 c! t4 ~
- for direct port I/O in windows the givoio.sys driver is used, this driver is loaded at DosFlash325 s7 _/ E6 L- O
start and unloaded at program end, be warned, this driver can possibly make your system unstable,
8 Z& d Z6 j7 T- H* U2 m) K% ? it's intention is to let privileged assembler instruction like in and out pass, even in windows,
% V6 l+ f0 k* w) R- t if this driver is not used you will not be able to get direct access to port registers
$ S' w" ^" I: l* G8 |( M- DosFlash was tested on MS-DOS 6.22 and later, you can easily copy it on a MS-DOS boot disk created
; O3 `% o" u9 h1 A! I" d, \& j, V in Windows XP and start DosFlash directly from the disk- ? v& t1 T: k
- don't forget to also copy the DosFlash.typ file, it has all the informations about flash chips
+ q2 P8 `' o5 m2 f$ } for auto mode flashing: Z8 e, ]1 ~8 k1 _
- DosFlash32 was tested without a prob on Windows XP SP2, you'll need also the typ file for the , E. n6 S( @) k/ ?
win version! a* S) `* t. r6 G! E0 `
- DosFlash32 will deactivate all CD-ROMs in device manager at startup, this is better for flashing,
. B; P7 g! g( U' I. ~ cause Windows seems to poll the drives all the time and this could result in a bad fw file or. u5 T; r' R/ F8 t. n* W' _8 b) O5 s
a program hang, the drives are activated again at program end( A# F3 y5 w& B: ~4 q
- you should make sure that the flash is not in an erased state at program end, cause device manager4 Q( C& a2 B5 @5 o# n& E2 t1 o
don't like drives that do not respond to the inquiry command3 m, c5 f# ]5 b9 T* D8 z
- deactivating all CD-ROMs could take a few seconds, so please be patient at program start
4 @0 U! R- K; W$ Z- DosFlash and DosFlash32 will try to scan for the VIA 6421L Raid Controller card, based on vendor) |& q# q3 A6 b6 f- F# U; M D
id 1106 and device id 3249, it doesn't matter if the card driver is installed or not) W# n4 u, e- U/ e, r# E
9 l$ i$ ` k+ {" \. M
1 ]8 c! J7 o' }; }4 m9 t% Z
Many thanks to Dale Roberts and his Direct Port I/O driver giveio.sys!
+ d/ H; g' R' k4 q
/ j# T1 M3 M* c0 J+ {Avoid a bad flash!1 N0 T7 M2 f" o+ t
Kai Schtrom |
|
窺視卡
雷達卡
樓主
顯身卡
發表於 2011-8-21 21:08:07
