|
ak475671 發表於 2011-8-22 13:03
% `6 J9 e8 A8 s8 ]- U" i版主你好. ]$ d4 C d% {* O# C0 x
版主知道哪裡有教學嗎使用DOS提KYE的過程不是很了解不知道有沒有教學可以參考的呢 J$ U. o$ \: e& l j. z7 _: T
另外你說他提取 ... $ j' o& m. [: o6 m9 @3 _6 c' C9 M: {
DosFlash ReadMe.txt 說明文件- \$ B4 N0 `6 Z! c- S& G( ]
6 \( K- A: Z7 G- w9 Q
DosFlash V1.9 Release Date 01.01.2011
1 l4 k7 ?5 ?6 ~---------------------------------------
& T/ Q A' t( H9 ~+ S* w& U& m" T- SATA and IDE port scan improved in DOS and Windows
! H" E8 d: V; k4 I: B# f9 M" d+ ^# a The ports are now enumerated with the CONFIG_ADDRESS and CONFIG_DATA register instead of using interrupts
% n7 s. C. M% O in DOS and SetupDixx functions in Windows. This change will detect more ports in Windows than the old
9 Z6 h4 x$ L* x* o9 T SetupDixx method.
: n, d6 v' H: m9 ]3 A- Settings saved to ini file for DosFlash32 and DosFlash64* ?1 k3 W7 ] T% s! Y6 d1 M
Settings like Port, Position, Task, COM Port, Enable Drives and DvdKey state are now saved to an ini file- L* ]2 G- C" c0 D- u/ \( L! g+ t
inside the program folder. If the ini file is not present it is created after the first run. On the first
" Q4 V% {" q h8 M startup DosFlash will choose the most common and stable settings.
7 T! |! y% F% e- o2 G: C: H+ f- EnableDrives option included in dialog as a check box
% D8 Z+ |' u2 f0 D) F0 } Due to high demand we removed the "Enabling CD-/DVD-ROMs" MessageBox on program termination and included8 E1 r& L. p3 \' w l; d8 {
a check box "Enable Drives" inside the dialog. For security and more stability this is deactivated on the
4 e% X1 P- Z- b7 [ first run. If you enable it the checked state is saved to the ini file.7 f6 t3 f& k; }% a: u
- enabling drives in Windows caused some hangs from time to time, this is now fixed by a recoded enable/ _1 s. G7 h n+ b' q
drives function5 u4 S1 M) Y7 A Y A' G
- port drivers portio32.sys and portio64.sys are now added to the executable and unpacked during runtime
4 r& G3 E3 I; w& F/ M& P* P- PATA and SATA controllers list updated
$ X3 L* T, K& Z C( B- Fix for NForce motherboards in combination with drives like the "Samsung SH-D163C", "LG DH18NS40" or
: y: ] v2 w6 R, Z7 ~; o8 K/ K "LiteOn iHDS118"
1 E. z5 u: Q/ W4 p Some drives have problems with flash identify, read, write and erase. This is clearly related to the
" B7 h2 ^) [/ { K NVidia NForce chipset. For manual mode in DosFlash16 an additional command line parameter is added called
5 v0 t& K& |; U. ?, L "NFORCE FIX". This parameter should be set to 1 for NForce chipsets if you experience strange problems.
# X9 _ K/ C6 X% B) ?' [0 t+ o In DosFlash32 and DosFlash64 we added a static control which shows if the NForce Fix is applied or not.9 j, e8 X, d6 `( m4 W
Remember there is no need to activate this with every drive. It seems to be a combination between drive6 b: F- ~6 }: s& }" c+ E
and NForce chipset that causes the problem. The fix is automatically applied for DosFlash16 in auto mode,4 Q& z% {! f+ Q- U7 v4 |( @
DosFlash32 and DosFlash64.
2 v& K; j0 M( Z- DosFlash32 and DosFlash64 are now DPI Aware for Windows7
3 U8 {& m9 G4 m4 K& r& g- New task Verfiy Key/Inject Key added for verification/injection of drive keys/ K. ^5 c, C; Q+ y) c ~& t& {
All DosFlash versions now have the possibility to validate drive keys against an XBOX360 drive and set2 R* i) u. I7 I* r% F
the key for an XBOX360 drive. We use the same authentication method like the console to verify a key.6 }% q9 O( z* l+ x, M0 v
In the Windows versions you have the choice to paste the drive key from the clipboard to our custom hex
" u4 a- \& I0 |6 {6 P edit control or load a key file. To add a key simply click right inside the hex edit control and select
/ Y) l8 X8 S; E$ m) W, D your choice from the shortcut menu. In DosFlash16 you can enter the key in the format "1A-2B-3C" without6 c* X; j, o* D/ L; X
quotes. Remember that a key has 16 bytes of data. The key file to import should also have 16 bytes of data- t6 W+ h. N+ h3 c7 |7 T
like the key files exported by LiteOn Key functions., G+ H6 v+ |" ^( y
- Removed multiple key extractions for LiteOn Key functions, added Verify Key after extraction
3 F3 M4 f1 u' d4 G For LiteOn Key functions we removed the multiple extractions, because the key is now verified immediately
) u* `+ i2 A# X$ n$ w7 X) \9 L* o, W against the XBOX360 drive./ p) w% t' D7 E3 Y0 Y2 i$ {! z
- LiteOn Key V1 and V2 now also extract the file Serial.bin and the 2nd inquiry file Inquiry2.bin
$ L; ]- u7 [1 ]" ~; M8 S+ ^8 u; q We added the file Serial.bin and Inquiry2.bin to LiteOn Key functions. Inquiry2.bin is only generated for/ k) p/ }. D4 G6 U
LiteOn drives V1 and V2.7 X/ W: l0 x2 s3 H
- The drive key of Maximus patched UART drives can be extracted by using the task "LiteOn Key V1 (DvdKey)"
! u; c9 f% P7 J% e3 ~; k% N& V The drive check has been removed from LiteOn Key functions. This way we can extract a key from an UART 2 i0 _+ F; v" P {
patched drive firmware by Maximus.) u/ d1 }6 z- B
- LiteOn files are now extracted to a destination folder instead of prompting the user for every file name.
( d0 p6 q+ c4 r& I. w0 ?- LiteOn key extraction tasks separated per drive version in "LiteOn Key V1 (DvdKey)", "LiteOn Key V2 (FreeKey)"
: Y/ u' W1 F _4 M and "LiteOn Key V3 (Tarablinda)"
) ]$ a3 u0 r0 u- In DosFlash32 and DosFlash64 the number of installed COM ports in the system are now enumerated instead of
9 U0 P2 k3 F: F( l" g& d! Z adding port 1 to 4
+ h F# R$ ^" j' m9 e! M5 ?0 ~- For failing cdb commands the sense code is returned0 _2 O h. ~- U/ N* L9 u$ C) y4 F( W
- Geremia's Tarablinda functionality added
' } n0 }3 {4 N' j! z. l We added all Tarablinda tasks to every DosFlash version. You can extract the key by choosing the task
, l0 ~; _$ P1 P: t0 H& R4 `+ v4 E "LiteOn Key V3 (Tarablinda)". For read, write and erase of the flash simply use the standard functions.
) C* L* T" V' ~ `& F+ g$ P' [ Pay attention that the "LiteOn Erase V1/V2" task is only available for older LiteOns and not for the Slim.
Z/ e' ? L; r) G: ?; ` You should use "Read Flash", "Write Flash" and "Erase Flash" for the Slim. "LiteOn Key V3 (Tarablinda)", e( V6 h$ H. k& {% o4 n' j
extracts 1 additional file in comparison to Tarablinda v04b, this file is called Xtram.bin and contains' z* z1 X6 Z7 @7 A+ h0 V3 C( v8 _
a dump of the XTRAM8000 area. This can differ in a few bytes from one dump to the next." C; q# y4 w J Q1 D3 S
- Device Reset in DosFlash16 manual mode is now done automatically, there is no option to turn it off anymore) {% R) G @5 T" a) `
- Code optimization to work with modern SATA2 controllers added, remember to set SATA controllers to IDE and) T7 o0 d8 Z9 g- [( D
not AHCI mode otherwise Port I/O will not work
8 ~" w. a5 M3 I+ [- Warning: The read, write and erase of the Slim drive is considered risky in general! So pay attention and. I, q0 B/ L5 c1 L4 r' J
always remember you use DosFlash on your own risk every time! Even during flash read the Slim gets flashed; U8 `( F; ]% m9 ?# _
with a patched firmware sector to retrieve the complete dump!
* N) h1 r: t) \& l- \/ m: N- We had to change many command line arguments for DosFlash16 Manual Mode, because of the NForce Fix, added7 w( e* w/ a: m. D
Tarablinda support and splitting of LiteOn Key functions. To get a better understanding we added the example
T& Q9 x+ L. O# k1 `1 P section below.; k i& `: r r( T9 |
9 P, m8 {9 J1 J& W. x4 C/ T
7 [0 Q7 p9 n- F' [4 }DosFlash16 Manual Mode Examples: [4 d8 P2 c1 C! o/ n
---------------------------------- O7 i; r3 c4 g
- Extract drive key on a "LDS DG-16D2S 74850C" over UART -> "LiteOn Key V1 (DvdKey)"' }+ s% C8 t. k" Q
DOSFLASH LITEON K V1 0970 A0 1& N, C( h! o( R# q& c1 Q& C) m: n: r, P
7 {6 u2 |0 P; }- Extract drive key on a "LDS DG-16D2S 83850C" over SATA -> "LiteOn Key V2 (FreeKey)"
/ w5 a0 }, o8 R# p; O DOSFLASH LITEON K V2 0970 A07 M* a( R1 v% G0 w
2 Z' m$ J( c( O( z% L( U3 b8 E$ V- Extract drive key on a "LDS DG-16D4S 9504" over SATA -> "LiteOn Key V3 (Tarablinda)"
$ @4 ^5 `- f3 [% ^. e DOSFLASH LITEON K V3 0970 A0
2 F+ s5 ~) v1 i" V o
7 r% e% L7 j9 A" U6 }- Read firmware on a "LDS DG-16D4S 9504" -> "Read Flash" this is considered risky!
! c7 q+ k! O% i, Q! n c8 v% P) F DOSFLASH R 0970 1 A0 3 0 4 FWOUT.BIN 0
, Z! n/ \: d$ }3 p1 R$ ~/ [( ]( p d# x
- Write firmware on a "LDS DG-16D4S 9504" -> "Write Flash" this is considered risky!$ Y3 z1 X& _3 G4 L b
DOSFLASH W 0970 1 A0 3 0 4 FWIN.BIN 08 b: H9 Q' D/ \0 |, L; y/ K/ v
7 B$ H% w! g+ @& H! r
- Erase firmware on a "LDS DG-16D4S 9504" -> "Erase Flash" this is considered risky!$ u. E) v+ k9 `, d! t' G
DOSFLASH E 0970 1 A0 3 0 4 C7 0
- Q: ~) N# c1 W0 v7 D
( _) z: z( U# }- \4 U% P- Erase firmware on a "LDS DG-16D2S 74850C" or a "LDS DG-16D2S 83850C" -> "LiteOn Erase V1/V2"
0 Z9 Q3 ~& n5 I9 z# [ DOSFLASH LITEON E 0970 A0, X* g' @2 p, e; T
0 {0 k+ o5 P4 K" ?+ Y- Read firmware on a "Samsung SH-D163C", "LG DH18NS40" or "LiteOn iHDS118" and a NForce motherboard -> "Read Flash"
3 ]6 O6 X% Y4 ?) _ DOSFLASH R 0970 1 A0 2 0 4 FWOUT.BIN 18 i& b0 L4 ~% X
1 g3 M6 y( I- u9 I) i- Write firmware on a "Samsung SH-D163C", "LG DH18NS40" or "LiteOn iHDS118" and a NForce motherboard -> "Write Flash"
, Z+ K/ U. K* s; S* X5 e DOSFLASH W 0970 1 A0 2 0 4 FWIN.BIN 1" y- ?' t V& ~- c7 p
' J* J2 l/ v& {& d; U1 N3 Z
- Erase firmware on a "Samsung SH-D163C", "LG DH18NS40" or "LiteOn iHDS118" and a NForce motherboard -> "Erase Flash"
0 S; n! ~+ q7 I* ~ DOSFLASH E 0970 1 A0 2 0 4 C7 1
; u$ S9 c, u! U
2 H+ k4 p! j W1 ~, L9 N9 J) X. X- Verify drive key on a XBOX360 drive, enter the drive key manual! i! L" t: E7 F
DOSFLASH V 0970 A0 12-34-56-78-90-AB-CD-EF-12-34-56-78-90-AB-CD-EF
- R% P3 u6 a2 e# W9 C$ R8 R2 n# _! n' `$ ?& U
- Verify drive key on a XBOX360 drive, load a drive key file( T5 ~6 x. Q( I3 n; E9 A
DOSFLASH V 0970 A0 KEY.BIN
! V, j, t- p8 g% W) R/ F1 `" D! f' o- @* V# Y2 U. L# N; S W5 [0 M
- Inject drive key on a XBOX360 drive, enter the drive key manual
0 o% t ~2 G, A DOSFLASH I 0970 A0 12-34-56-78-90-AB-CD-EF-12-34-56-78-90-AB-CD-EF1 q) G0 {: ~2 j- a- E/ Q: S1 R! V
5 }- p3 n7 E+ r# G- Inject drive key on a XBOX360 drive, load a drive key file
! a- `9 Y& B) M( ?/ q1 [5 V3 Q% X DOSFLASH I 0970 A0 KEY.BIN
5 ~; ?, a: P& a5 e2 G, X- b0 b. b# [; C- H0 ]
For DosFlash drives on which we can extract the key via UART are considered V1. Drives we get the key over
% u7 G5 n9 d ]- I2 Q6 ?SATA are considered V2. The new Slim is considered V3 but only firmware version 9504 is supported atm.6 F9 R2 W9 {8 l6 F9 l0 @4 p
$ m/ {: n, L/ h3 f6 H. g* @( ^
8 D! b8 B; p. r; R. ?! r5 wMany thanks to Geremia, Modfreakz, Redline99 and Tiros for their support. Special thanks to Geremia and
- n8 q( j2 b/ b8 t" e' \4 W( LModfreakz for drive sponsoring, testing, coding and much more. It is always a pleasure to work with you
; G! g4 ?( @7 F. }professional guys! Respect to Maximus for his UART enable patch. I'm looking forward to your magic Lizard
$ l! t6 G. X% f; u3 r8 ^% o* ]# chardware flasher!4 O' B" O& K% Z0 R2 \* A
7 I( h4 B5 g1 Z5 X/ l8 CHappy new year 2011!
, s9 J7 V3 D/ y1 E$ @2 d( vKai Schtrom* ~9 g, `8 W" |% `& i0 F( ?; I
1 M9 E2 P" ~) f8 O************************************************************************************************
4 ?$ t" k' |% }
) _# ^) m* X: ^8 R! r3 ^& Q& E [. \0 ?" D
DosFlash V1.8 Release Date 08.08.2009
5 |% q4 c2 o2 I! v: J---------------------------------------
& |2 t9 K8 s5 ?+ j4 M/ J5 i- now supports LiteOn PLDS DG-16D2S 83850C V2 Geremia/Maximus LiteOn FreeKey method
. ?7 }. u+ x& ~! p: L8 Y# ^3 K/ Y- huge firmware read/write speed increase, especially if run from a floppy disk6 S2 L+ i, T) d O+ W4 j
- updated IDE/SATA motherboard chipset list
4 g* p( V& ^6 F) ]- new IDE/SATA detection for Windows and DOS
$ W9 s) \( U8 K2 P5 i" E- DosFlash.typ embedded in executable file
: [, {- k- \: L, ~. q- LiteOn V1 drive key is now extracted 10 times and compared against each other,
+ s& N. k1 Z6 a' x after the extraction a summary is displayed sorted by the most common matches
* _+ U& ~$ \; k+ X# @- LiteOn V2 drive key is extracted 2 times and compared
% A& q U( n: c) T/ A4 X- new BenQ unlock keys added to unlock all known BenQ drive firmwares& L1 X* ~) C3 V
- command line parameter "EnableDrives" removed, DosFlash asks the user on2 M6 R9 J6 }+ O9 r5 W# d
application close if he wants to enable the drives or not, during the tests it
, U9 E, e$ v+ ^( S% C seems that IDE drives have problems with the enable, SATA drives seem to + \4 N3 n( R* A! k5 b* j
work fine
6 B6 S i7 t7 i3 m; b. @; ?- new 64-bit DosFlash edition added called DosFlash64, because some driver& }; A) l3 @( e1 t
functions don't work as expected in the 32 bit compatibility mode on Windows x64: E' J; Q0 h, e! P
- Beta state removed
$ n1 J1 t- W9 M7 [* c$ f0 H- ready and tested on Windows7 X86 and x64
' l4 x4 h0 Q( g6 `6 u S+ h# @
! {) F& r2 {% r+ |1 I( z" B
) ?3 X1 w7 o, W% d7 U3 jGeremia/Maximus FreeKey method with DosFlash165 e, i, ^6 ^9 ?3 T8 O8 W2 z/ D
------------------------------------------------- j& T) p0 t I& I2 R% j- U( `
We have added one cmd line parameter for DosFlash16 in manual mode. The COM port1 i; p! z$ P3 q# c" w* N2 t* v# ~, M
is simply ignored and can have any value for the V2 drives.4 R: P" I; a' A6 _. x; i' Q% X
Use the following command line to extract your free key from 83850C:3 Y7 S" q/ g) C0 j( ?+ I: j* V5 {
- DosFlash LITEON K 0970 1 inquiry.bin identify.bin key.bin dummy.bin enckey.bin4 M; @* `% z* C& }, s: l
5 F; L! [0 ?4 ?$ J j% |
# z5 U; j! I/ E1 \/ h' BTips for running DosFlash on Windows 7. f! Z4 M+ ^3 L4 w/ X
----------------------------------------
) d; @ M8 m8 t
% M1 ?1 _1 h/ }" q% YSince Windows Vista 64 Bit and upwards it is necessary that every driver is signed. Because
8 {" U Y2 C! B( s: ?0 W/ i0 Rthe DosFlash driver will not be signed by MS due to some unknown reason we need to circumvent
* O, e9 B2 z6 [) R' fthis check. You have the following 2 possibilities to do this.
% F+ o& v, f" ~: l6 c4 j$ `8 o( g6 Z
Safe Way of Disabling Driver Signature Enforcement
3 D* }% L0 }7 V( `; X( R1) On Windows 7 bootup press F8 to get to the extended boot options screen; r* u1 Q9 c3 w2 J: h) v
2) Choose "Disable Driver Signature Enforcement"! L# u- k, {4 r, m6 u) ~
3) To start DosFlash right click on it in Windows Explorer and choose( q, M9 Y# [5 g, F8 c& K' L
"Run as administrator" > answer the message box with "Yes"( O& C7 x5 ?. ?8 K8 K3 W. I
4) Short after the program started a "rogram Compatibility Assistant" warning message2 p7 u' Y" e# [* O! b
is displayed, you can simply ignore this by pressing the "Close" button7 p. B7 ~- R* I3 B4 ]2 w
4 Z- B) v- v; |+ s
Recommended Way of Disabling Driver Signature Enforcement: p6 y- [1 |! N7 T
1) Disable User Account Control (UAC)6 ^/ y' [$ f' m/ A2 Y7 D* `
- go to "Start Menu" > "Control Panel" > "User Accounts and Family Safety" > "User Accounts"
9 \& I1 S& D `2 c5 l0 x/ R& r - click on "Change User Account Control settings"! D; u1 h/ L6 X. F& C4 l# ~ S: Y
- set the slider bar to the lowest value (Never notify) > click "OK"$ u$ h# D2 B/ H. j$ M( @! c
2) Sign the DosFlash driver' A1 D% m6 o% A) B
- download the "Driver Signature Enforcement Overrider" (DSEO) from
# ]" h- E( Q n http://www.ngohq.com/home.php?page=dseo
- e7 m2 P) @. c2 J5 S - start DSEO > click "Next" > "Yes" > choose "Sign a System File" > "Next" > enter the path to
) c" A: i8 t% ^1 v( z5 ^/ C the used driver (portio32.sys or portio64.sys) > "OK" > "OK"7 `/ G7 _# h3 a8 {: g
3) Disable Driver Signature Enforcement% ?% p+ D6 E% T7 }
- start DSEO > click "Next" > "Yes" > choose "Enable Test Mode" > "Next" > "OK"1 c5 |; ]- I3 p) _# G1 N
4) Restart the computer
7 Q5 ]. \1 K; d7 r8 Q3 B7 N) y5 `, V
4 d0 d, z0 w: L: b! l% b e: tKeep in mind that with the recommended way the changes will have effect on every reboot without2 B0 }) Q4 B2 t; q
doing anything manual. The first way needs to be done over and over again. In addition the second
4 b4 h% G" ]; W4 b! Y$ @way can be used to sign every driver that doesn't run natively on Windows 7.- N, J; K; e0 z, T! {% V
K5 E! i' I3 j! P- A9 T2 uFor use of the VIA Cards in Windows 7 it is recommended to uninstall the VIA driver. This can be+ E5 v: a* L" v M3 A% V
done like follows:* X9 }6 |7 H! f) K
- start "Device Manager" > expand "Storage controllers" > right click on "VIA RAID Controller" > 0 J9 v4 ]! [/ J' N% v9 t: C% u8 P
choose "Uninstall" > "OK"
! I5 b8 o' r4 |' t2 {6 c9 ~- rename C:\Windows\inf\vsmraid.inf to vsmraid.inf_1 m1 a4 \ j3 p4 F4 M
- rename C:\Windows\inf\vsmraid.PNF to vsmraid.PNF_8 R( R4 T; \4 { V3 S
- rename C:\Windows\System32\drivers\vsmraid.sys to vsmraid.sys_) u" ?1 y, i( q$ Y
- reboot computer1 Q M# r6 a2 ^! Q/ W9 ^: X$ K
+ j" E0 E- ?8 b; |2 K
! m/ ?3 N; r7 f+ F) OMuch respect and credits go to Geremia and Maximus for their money saving FreeKey app
! V+ w! ], `; C, O. ?& V9 sand their lightning like decryption speed!/ P- x& e- }/ u4 x; {6 |( l
; Q5 B! _0 V+ ^0 m+ `In Dedication To The Birth Of FreeKey On August Fifth 2009
" O" [ W4 b$ ]$ NKai Schtrom0 o1 H: |6 k! C$ H7 H B0 i- ]
% d2 M/ L: K$ }3 B' Y4 @( K9 G3 _& e: e0 s3 K" c. A$ {
************************************************************************************************& A. g1 @$ @2 j
8 ], C5 _: ]3 ~5 g+ G* y
- ?+ X/ ]+ M d$ F. }' w3 A7 |
DosFlash and DosFlash32 V1.7 Beta Release Date 23.12.2008
. v( C: s& t! R2 n* [" c- o h. n-----------------------------------------------------------8 k7 G+ Y+ ~' z1 w. Y
- now supports LiteOn PLDS DG-16D2S 74850C and Geremia's LiteOn Erase and DvdKey method9 u; q# A u: r1 ]; X, @
S, v9 P/ \: c1 ]" p- _2 ^/ K3 c4 t$ L6 h1 K& _ p. M4 }
The following only applies to the new XBox360 LiteOn drive PLDS DG-16D2S 74850C.
' H0 P+ R2 b) F9 \9 q7 X! k" f5 y- |& l1 W2 Y
: I' z( O7 c) K& X5 P j
Geremia's DvdKey method with DosFlash16 with the PC's psu! k* `; \' x5 I# W5 M# v" `
-----------------------------------------------------------
/ A- _& T+ K$ D1 a7 ?* @( p9 N- disable CD-ROM boot option in BIOS
1 Q z9 I( q: x' m) v2 F- connect LiteOn to your PC's power supply unit and SATA port
% j* b% E8 a( O1 w* [; X0 W- power up PC, wait until bootup is finished
- Y) t5 [2 @: {% k9 f# J% t9 M) f- eject tray of the LiteOn and shutdown PC completely! R* m/ e0 Q4 }6 D: q
- push the LiteOn tray half in
" W& e& R- B0 d5 E- o( W( U, b; b! S- power up PC and boot into DOS. K9 Z Q6 [8 |' n) j8 ]2 S' p
- run DosFlash16 in auto mode8 L6 S( R ^: [" c" N9 Y0 a
- if you read the following:" g* H! r' N! E" U2 _2 |, f7 ^
MTK Vendor Intro failed on port 0x????.
2 T' k* z! N+ l1 K% x If you choose to resend the command you should turn the drive off and on
5 S" t, A# B# t after you pressed "Yes".
$ Q6 q. w/ T$ Y- I* F& x' u Do you want to resend the command until the drive responds (Y/N)?
6 K9 E* x- I! Q F- press 'N' for "No"; t5 p& V" X; n- P
- choose the number of your LiteOn ATAPI drive6 u* `# D- u' C5 a( ^& i, ~8 Y
- enter "LITEON K" to read the drive key
3 G- s" F6 R& M/ }7 t5 q. U. N- type the names of inquiry.bin, identify.bin, key.bin and dummy.bin output files4 ~) b! g/ O" V
- enter the number of the COM port g8 E* k8 I% t' t. p6 c
- if you read the following:: a) M. ~+ i- K C& _$ P0 D
To receive the drive key use Geremia's DvdKey method like follows:
% n; r4 `8 x& b9 B% ]* F6 z# I1 X& T - Connect your drive with a serial cable to the COM port2 K% |0 a5 U% ^ g6 L: M+ s
- Eject drive tray M5 K- H: {& h" x* O+ N
- Power off drive
2 _. J# h& k# T$ D, Z - Push drive tray in until it is half open
* D. {5 o1 o+ T9 `3 t - Power on drive, k1 ?3 o( Q8 j \- u
- Press "Yes" if you are ready7 D6 a; `8 ]. Q% {
Are you ready (Y/N)?
7 K4 j9 U. z( b( O0 i! o5 A/ F) \- simply press 'Yes' without doing anything of the above, because we
0 V9 o6 T/ v3 I) O already did that before* Z: N* v# C0 Z8 k5 e
- after this DosFlash16 displays your DVD-Key and saves your key and identify data
0 `+ o# I! a, y# o( M9 ^- to do the above steps in manual mode use the following command line if your drive( w& _$ m& s |
is connected to port 0x0970 and serial cable is on COM port 1$ w/ {' T( R$ H9 x5 p$ W }% a: f* s
DosFlash LITEON K 0970 1 inquiry.bin identify.bin key.bin dummy.bin1 c/ F7 [* k* C8 y2 Q! z) n
8 Y. h6 O# i/ c7 f, p$ k
9 Z/ E/ g; @4 l, N" ^; [) X: D/ ^, s% TGeremia's DvdKey method with DosFlash16 and 2nd psu
" [1 S7 Q3 c+ {-----------------------------------------------------
6 L9 M; R4 B/ Y+ u9 \1 n- connect a separate power supply unit to the LiteOn, don't turn it on yet
, L3 j2 k; _9 S- power up PC and boot into DOS
9 i: l5 j* y0 W: f. o- turn on the LiteOn psu
2 C+ V C, t: m8 v& F- run DosFlash16 in auto mode a" d" s, i1 a8 z" ?$ x
- if you read the following:. m- ^8 M5 _* |! e! ~9 k
MTK Vendor Intro failed on port 0x????.
+ x5 T# p; R0 k0 z: ?0 ? J, I If you choose to resend the command you should turn the drive off and on
3 r5 f1 Z1 L6 n, J8 a) ~1 h after you pressed "Yes".4 }" M9 \7 |: t
Do you want to resend the command until the drive responds (Y/N)?( _0 T' b" c9 w7 Q
- press 'N' for "No"
4 b; ~+ m* r# l9 N! s4 Q3 s- choose the number of your LiteOn ATAPI drive& Y5 ], X: L" K) d
- enter "LITEON K" to read the drive key
3 q h; U3 Y8 V' i J) a9 k% i- type the names of inquiry.bin, identify.bin, key.bin and dummy.bin output files
( c. Q$ n/ H& ~1 i. c+ |0 R- enter the number of the COM port
0 i' `2 g8 m* O! R# t9 ~8 I- if you read the following:
; m" j$ ?" c O o/ H3 { To receive the drive key use Geremia's DvdKey method like follows:
1 s' B( b( Z7 x. W: Q \ - Connect your drive with a serial cable to the COM port9 L* E) B' X4 ^
- Eject drive tray
: ]! ?1 \8 o9 N - Power off drive
, N- L, J, o' _" V! P - Push drive tray in until it is half open
' n' ]0 O$ ~1 q! ~# ~ - Power on drive/ O6 d- u- _: x
- Press "Yes" if you are ready8 J& p* x' F4 A; m8 c% v$ T- T. p
Are you ready (Y/N)?
: N, I4 A! y" F7 E5 I" H2 g- do the above and press 'Yes'* f. C8 W0 O- i! `6 e* Z0 A
- after this DosFlash16 displays your DVD-Key and saves your key and identify data0 ^6 ]9 r2 `1 E9 H4 h8 X( ]
: V+ }0 M' w5 |* A
: o# D3 `& s m- g QGeremia's LiteOn Erase method with DosFlash16 and 2nd psu! p9 J/ ?- M6 O1 V$ r
-----------------------------------------------------------
9 u f! S5 V; k7 W- connect a separate power supply unit to the LiteOn, don't turn it on yet
: C/ \9 n* G4 {$ U3 v- power up PC and boot into DOS. k2 c! ^4 B5 P( H, W
- turn on the LiteOn psu
- T$ Z+ C y; G/ Z* L- run DosFlash16 in auto mode4 l; G- h) T1 q: `$ L
- if you read the following:
% w" K# t0 v, r7 p; B% v MTK Vendor Intro failed on port 0x????.
3 [' V. O) F% T- `7 `- ~ If you choose to resend the command you should turn the drive off and on
, g/ [6 t( x$ m5 Z7 k& y* b after you pressed "Yes".
{: n0 E1 x9 R) P; U Do you want to resend the command until the drive responds (Y/N)?
/ j) ]; Z; A+ V- C+ p* a# _5 K- press 'N' for "No"
2 D% o, d7 u' y' d) w# P1 z) V- choose the number of your LiteOn ATAPI drive
( A$ P( w1 r. F7 F7 K$ P- Warning!!! Keep in mind that you will need the drive key before you erase the flash,
9 f, y, f! f% ^+ h9 M5 R5 Z without the drive key your XBox360 will not work anymore" s; g, ]) S/ r# |
- enter "LITEON E" to erase the flash
4 B8 `8 ?8 I6 s+ L1 O$ {) O1 o! V- the first time after the LiteOn Erase the drive needs to be repowered to give3 J* n' h" S5 B
flash chip access, this can be achieved by repowering the drive before another5 r5 _% a+ w: D- Y5 c
DosFlash16 start in auto mode or by doing a MTK Vendor Intro Power Brute
& t9 V, O+ Z4 `$ P- in my tests it did not work to power the drive with the PC's psu, because it will
% [2 L" e; T, A; ^1 e, L- \1 H6 U' g always respond with busy status& j* j' U# g k; L; k' o
- DosFlash16 can now read, write and erase the flash chip like usual
+ r0 k* A3 l p- to do the above steps in manual mode use the following command line if your drive! B; }" ~' r5 v4 q4 n
is connected to port 0x0970
& L/ u# r/ f7 M; t* X0 u DosFlash LITEON E 0970. k8 g3 p0 H$ L- ?
' x3 r2 w" c0 g6 F" W3 z+ s* n; e
* c7 s" p. h$ b' [
Geremia's DvdKey method with DosFlash32 with the PC's psu
4 |7 G) L: w- e0 R; K0 v" D-----------------------------------------------------------: S; d$ O$ E- D+ D) @' u
- disable CD-ROM boot option in BIOS0 e/ \/ D; W/ G% ]9 @
- connect LiteOn to your PC's power supply unit and SATA port
! N# x, M% U- X5 {+ e7 C% l- power up PC, wait until bootup is finished
4 V8 b. \# V( ` }6 ~3 O$ e; @- eject tray of the LiteOn and shutdown PC completely6 w( Q$ _+ F4 H, Z
- push the LiteOn tray half in. o1 n1 h( z6 n( e
- power up PC and boot into Windows
% F m! E6 i q; C& O, |- run DosFlash32# y; n0 y( p9 |
- if you read the following:+ d' T2 m: A4 S
MTK Vendor Intro failed on port 0x????.
u; Y' W6 r; W& c1 g8 s If you choose to resend the command you should turn the drive off and on5 b" \6 x4 H4 B) L L# P) a
after you pressed "Yes".
( y6 a% L5 s. `: ]) F' q# D! l Do you want to resend the command until the drive responds?- F! \% A/ |1 B" y' d1 c
- press 'No'( \. f( G8 e3 N6 F- R
- choose "LiteOn DvdKey" as flashing task
3 a2 b2 X& O* T+ N* A& j4 w- choose the COM port number' M- Z% X Y3 H& t3 u; j3 T
- press on "LiteOn DvdKey" button/ e! N7 C" T: y0 {# |2 ]
- enter the names of inquiry.bin, identify.bin, key.bin and dummy.bin output files
; X* P0 S! I7 `, K- if you read the following:4 Y9 F3 F+ E6 b/ [" V
To receive the drive key use Geremia's DvdKey method like follows:! M6 L5 R* e \2 B) f$ y
- Connect your drive with a serial cable to the COM port
) Q" e1 ?. L6 } - Eject drive tray9 h3 D$ ^" E, ?$ {2 O/ ?
- Power off drive
% s; v D* f+ t4 r1 N, w - Push drive tray in until it is half open+ ^) x5 w" \; U7 q9 L
- Power on drive
4 O Z" b& p( }& ]2 h' B - Press "Yes" if you are ready
# M: p0 S/ n, Q6 F Are you ready?- N! ], `1 I/ q1 x1 M1 L: F
- simply press 'Yes' without doing anything of the above, because we+ j! p) p% o! c, X5 j! r/ d/ S
already did that before. H6 t- b% K- f+ N5 e, B
- after this DosFlash32 displays your DVD-Key and saves your key and identify data
7 w9 d' j3 R; N0 h2 h" H# q' i- ^- ]+ m) V, r( A
6 ?5 R+ D* U/ b( l. T/ s7 s
Geremia's DvdKey method with DosFlash32 and 2nd psu5 l3 v, m* Q! B$ i/ n. ~
-----------------------------------------------------
/ G4 |2 K: F, ]! D+ N/ s- connect a separate power supply unit to the LiteOn, don't turn it on yet
" N, t0 A T. {) g: @% \! q- power up PC and boot into Windows
0 F! \! F0 S; v6 Y5 Y* e( A- turn on the LiteOn psu
" ]4 D0 _) ?( |5 R# h5 K- run DosFlash329 Z% B* d6 d5 E2 o; t* `" @
- if you read the following:
& f8 i( C" D3 y7 x1 {9 n5 y; g4 Z MTK Vendor Intro failed on port 0x????.
% A" G( ?6 I5 d If you choose to resend the command you should turn the drive off and on) |8 G: Q3 ]! r; a6 q0 z- o
after you pressed "Yes".. T4 |6 {+ N4 u) ]5 H. q) G
Do you want to resend the command until the drive responds?
! D$ o! e' j- j$ R. \0 T: `- press 'No'# I! L/ ^4 Z1 J; F% o" R8 k
- choose "LiteOn DvdKey" as flashing task
& M* t3 w" [# F/ w9 O; J& y- choose the COM port number
/ U# A- j+ y3 k/ |' q- press on "LiteOn DvdKey" button( I0 q) m; _! T5 W+ c4 [
- enter the names of inquiry.bin, identify.bin, key.bin and dummy.bin output files8 a8 T0 R! G1 n& Y6 f
- if you read the following:
; V. j) n, }3 @) ]7 D4 d To receive the drive key use Geremia's DvdKey method like follows:
8 ?3 E/ d V9 \6 S' G# l9 Q% m - Connect your drive with a serial cable to the COM port
" x/ V& A& b! Y - Eject drive tray9 v: M1 d7 X" R R% S" m
- Power off drive) W1 B3 S( L! F% X) o1 T
- Push drive tray in until it is half open
1 V$ j0 z1 z; \# ?# A8 K - Power on drive
z: O% H, G/ o+ J F9 i5 v# z% |% m - Press "Yes" if you are ready* H9 ^' d& j/ j
Are you ready?! b8 I3 ?6 |) X1 z5 ? `
- do the above and press 'Yes'
* Z/ A/ |+ s A* {9 I, h4 l. T- after this DosFlash32 displays your DVD-Key and saves your key and identify data
: Y& @* R9 m/ E K' D- X9 m: w# J7 C- G r3 Q! i1 ^& \- m
- ^2 U$ C8 b( r! ^, xGeremia's LiteOn Erase method with DosFlash32 and 2nd psu0 C/ v& p! S1 M0 {( L! q
-----------------------------------------------------------: H5 k: d+ ?% m3 J l% a- o, f
- connect a separate power supply unit to the LiteOn, don't turn it on yet4 X& V$ m; O3 k6 W$ _+ P9 u/ J% D
- power up PC and boot into Windows
0 i1 H" W3 H9 J! k9 s, W8 S. V- turn on the LiteOn psu
* j3 t3 @) J0 l+ v* O' [- run DosFlash32
: c- j5 y8 _' ^: _* i( w: l- if you read the following:0 i1 V; v; E9 v$ ]8 v' J3 x
MTK Vendor Intro failed on port 0x????.3 L- C; J0 p9 p: n& q5 v. X! t
If you choose to resend the command you should turn the drive off and on
* I$ m! M% t& _. j after you pressed "Yes"." W& F7 o$ z: R' e( q( }* E2 i; I' i
Do you want to resend the command until the drive responds?
" [- ]+ W# {$ K- press 'No'
+ o- ~# o4 E- Q% w) X- the LiteOn flash is not identified
0 x# ?5 Y+ W! L7 @9 v- choose "LiteOn Erase" as flashing task
7 k; d0 `1 S" K+ d: p$ S) @- Warning!!! Keep in mind that you will need the drive key before you erase the flash,
" V( v8 |9 m; S$ [; J% o+ `% w without the drive key your XBox360 will not work anymore
+ B: U! v3 D/ [' v2 f- press on "LiteOn Erase" button
9 q- ]" S0 ^4 }- the first time after the LiteOn Erase the drive needs to be repowered to give* g; Q5 u m: f
flash chip access, this can be achieved by repowering the drive before another+ T5 [4 Q8 O: w' z3 n7 N
DosFlash32 start or by doing a MTK Vendor Intro Power Brute; c9 r6 F7 e* b3 n, T
- in my tests it did not work to power the drive with the PC's psu, because it will0 c D0 ]6 u9 {7 T% f
always respond with busy status
2 ?; D$ |3 s3 |' y5 P- DosFlash32 can now read, write and erase the flash chip like usual8 l& B7 M" ?$ ]5 `- P
5 w& O$ S6 }- j; D) k# I% \& e: p- B; C
Respect to Geremia, Modfreakz, Podger, Redline99 and Tiros.
1 _8 V6 A+ d) {6 O: L) Q
6 M7 [1 W) j, d$ u( u! Z9 v+ pLike a wise man said: "0x2E is the MTK Intro of Death"
+ d$ G7 e( r, R0 a4 tKai Schtrom
8 A }* ?( R/ d% {. H) o' T# n" q& A9 W3 I' |0 E+ Q
8 P T3 J6 t/ q& B
************************************************************************************************
7 H; ~" X* m1 ]$ b
7 v% U9 P7 j" t n5 g4 v
, I& p2 J1 [; h8 [. qDosFlash and DosFlash32 V1.6 Beta7 h! u6 u# R! B% t$ a, p
-----------------------------------) W, t/ a( E- T6 n
- fixed power brute unlock bug for VIA cards, this can stop your VIA from working
- f( N9 \. o0 p5 e9 |$ V1 w with the power brute unlocking in Version 1.5
f* E0 I7 R( `/ j4 G6 S- for DosFlash16 in auto mode on DOS my VIA card works best if I do a cold boot* h+ r; S* o \ C R2 h7 s: a# I
and power up the drive short before or with the PC! ~$ F8 [; S, X) B
- for DosFlash32 on Windows my VIA card works best if I power up the drive short: e3 e- Q2 C" `$ b3 x, _( W0 K% e: I
before starting DosFlash32. b# }& b" |# c$ k6 \6 {
- for me the VIA works with internal and external connectors on DOS and Windows
2 b2 Z$ q/ {2 ~% J/ n( ?5 L1 C* Q
& D2 i: `0 l6 H+ ?/ c: iSorry for the trouble!
8 q4 n+ G0 v8 P& h) ]3 k) D( BKai Schtrom- m9 }9 y0 q7 d( Y3 _ n i
$ D$ R0 @- a8 Z( R4 j# k( n G$ ]3 R+ C; \2 b' T' y
************************************************************************************************
: W# N7 k; A' f( Y$ D
5 l6 q& w' F9 ]. f1 b- Y1 p% ?6 A% K% [9 E* Q1 V8 [5 a
DosFlash and DosFlash32 V1.5 Beta
3 o7 D' D N3 {# N: g0 ~3 h" j+ @1 l-----------------------------------
% o( U. ~5 G* H- now supports serial flash chip MT1309E with mediatek status 0x72 like the SH-D163B, SH-D162D,
6 R3 A( Z- j4 W' p7 u) X Asus DVD-E616A3, Asus DVD-E818A3, Sony Optiarc DDU1671S
& ^2 n$ A5 D7 [- SST25LF020A and SST25LF040A chip support added$ y1 J; U8 W z$ g7 {
- DosFlash32.exe ported from MFC to plain Windows API, exe size is now 22 KB$ Y" S# u1 `, {- `) g: W
- new port i/o driver, because giveio.sys can't be compiled for 64 Bit Windows# m# f* r. f: G- ^& h4 o7 X
- DosFlash16 changed slighly in manual mode, one parameter is added to support SST25LF020A and
6 r/ ~ m* c# D8 h4 G3 U( u3 M SST25LF040A
5 n, X" \. r7 q: _" r; P- two new methods of BenQ soft unlock are now possible on all motherboards with only one power
, i( ^7 ` n) ^% x supply unit
* I4 M0 M# s1 G; u' U6 G4 { s- 1st method is powered by Geremia's unlock core, thanks for the complete idea, concept and( A- B" e7 f6 c7 t) f
source to Geremia
' u2 [# v: k0 X/ ?# C4 I- 2nd method is the Magic28 key send, this only works on BenQ VAD6038 firmware, thanks to8 c' h0 H$ e$ g) {
c4eva and podger for the initial idea% `5 d @$ Y2 P4 G ^" l
- the two unlock methods are send one after the other if the drive is a possible unlock
- L; n" j4 h* _/ B B7 x candidate, first the Magic28 command, then Geremia's unlock commands and after that the
, g2 ?4 o; @9 v% Z) h/ F% c already known power brute unlock is send to the drive, you can cancel any of these methods; R- ?/ r% r/ a* z0 y8 r1 t. Y
before they are send to the target, this only applies to BenQ drives with a locked flash0 L( a2 P- {0 ^3 c$ j+ Q
- DosFlash.typ updated
1 {$ Q7 T( W! J. V' R5 a6 G8 C- other minor improvements" }- r5 |( Q8 u' ^7 f' U
- DosFlash32 is now ready for- c# \( \4 |, d/ f! s o8 @
- Windows 2000
^* h7 @& E# i* E - Windows XP 32 Bit5 i$ F: W; b! r$ @. i
- Windows XP 64 Bit' @ U, ]2 W: ^7 O# V7 p+ v
- Windows Server 2003 32 Bit5 y! U4 }' h# E/ ^3 u& {. k6 _8 |
- Windows Server 2003 64 Bit
: R+ V- I8 X( I' Q - Windows Vista 32 Bit
4 f9 u* _% R/ N, M - Windows Vista 64 Bit
, X2 M& u& c- ^( ~- Warning: Drivers for Windows Vista 64 Bit need to be signed, because we can't afford the; {( T4 n2 v3 f- B( b2 }
money to let portio64.sys sign you need to do the following: {9 ?+ G4 C! H6 q$ o1 X
1) Log on as Administrator
3 q- d, S: Z P8 z 2) Enter the following command in a Dos-Box:
8 P. ]7 _2 ~) j8 y "bcdedit -set loadoptions DDISABLE_INTEGRITY_CHECKS"
; p5 Y# d6 p0 p7 |( } (we made sure there are no typos in the line above)
1 {( k& d+ D0 F) U% ? 3) Press enter and reboot your PC( Z. J! L" _+ C: j
4) Press F8 key upon initial system boot up
) d, t/ N1 {! w- g 5) Choose to disable forced driver signing enforcement for that boot session
* q- M' V) @! l( S0 B' B4 y3 n1 {8 x- Y4 p/ Y0 |( E( L
+ d9 j# Q7 d! w
The following only applies to drives with a locked BenQ flash.$ S! w3 W$ T$ B' F f ~
. w2 r- h2 f0 h! L' p. C) B d9 A
9 M% p; M4 A9 Z: Q% } r
Geremia's BenQ unlock with DosFlash16 / DosFlash32 on any motherboard with the PC's psu
# H6 a+ h6 Y: [-----------------------------------------------------------------------------------------2 w$ c; J9 \" X# c* i3 z+ O; R
- disable CD-ROM boot option in BIOS/ ^' I- J2 x2 N n, @0 J7 A
- connect BenQ to your PC's power supply unit and SATA port
3 n$ s4 j9 F. |9 B! r/ u5 B4 ^3 X- power up PC, wait until bootup is finished
! G* H! H/ x: P7 l- g- eject tray of the BenQ and shutdown PC completely
) L8 m' E5 T% ^- c/ Y' V6 |5 ^- push the BenQ tray half in; y4 l" y' x$ Y2 J) L
- power up PC and boot into DOS for DosFlash16 or Windows for DosFlash321 ?" ]' O4 L4 U `; Q( D- `
- run DosFlash16 in auto mode for DOS or DosFlash32 for Windows# E- z9 o# |. y6 e" `* u1 g
- if you read the following:" y! G/ f& H5 Y9 Z. S0 c
MTK Vendor Intro failed on port 0x????. Because there seems
7 T, b3 z6 L$ d! _! w% m to be a BenQ drive connected you should try Geremia's
& K2 x* c; i" G unlock method.
* z, G t' S, W& Q+ F. @ - Eject drive tray N' B1 C: Q( X/ P) S2 C
- Power off drive
, ~( N7 Q9 d! q6 W' o9 V - Push drive tray in until it is half open
* m3 [. R( F$ W+ H% ?# t - Power on drive* Y" p' b& p* S3 {/ M% N& B
- Press "Yes" if you are ready9 q/ N, `) @/ A) m( k! I6 ~
Are you ready (Y/N)?
6 h" ?* r/ q2 Z1 }- simply press 'Yes' without doing anything of the above, because we/ V6 h8 i# `: D: D D
already did that before starting DosFlash16 / DosFlash32
4 C8 g9 c7 ^9 R8 C* t8 I: v' y- the BenQ flash should now be identified
: O+ {: g) }" f: C }7 w- go on like usual
6 P* K/ v% O2 _* F
5 w6 z7 ~0 b$ t5 Z6 p6 U0 u$ v6 u( f2 A
Geremia's BenQ unlock with DosFlash16 / DosFlash32 on any motherboard with 2nd psu
8 m0 Y c9 z$ c, Z- O/ i------------------------------------------------------------------------------------4 V! w# c) D8 R2 O) L0 `$ ~6 ]
- connect a separate power supply unit to the BenQ, don't turn it on yet
2 U: u5 j) J. Y5 R- power up PC and boot into DOS. @# x# F6 L( v& x Q
- run DosFlash16 in auto mode for DOS or DosFlash32 for Windows0 {) b. K' Q( C+ b" S, ~ }3 m
- if you read the following:$ |$ g3 s) Y' |# |
MTK Vendor Intro failed on port 0x????. Because there seems
9 |; t* ~; P; n1 @% ? to be a BenQ drive connected you should try Geremia's
; r' f( o( x# ~% q5 m$ J unlock method.# q+ g4 X3 S* N+ X( V N6 {
- Eject drive tray3 u. ~( F! A! c' `% b. c& J
- Power off drive i( s4 d: W& M3 B/ _2 v
- Push drive tray in until it is half open6 P' W4 ^" c- t6 p% e3 d" h
- Power on drive
7 J9 g( y2 o. B# B' [ - Press "Yes" if you are ready
8 }0 R; \% ], |! F Are you ready (Y/N)?+ [4 G0 u$ \; D* K+ J! j: S
- do the above and press 'Yes'# h3 }) [" p/ ?5 l% i7 b. X$ V' g
- the BenQ flash should now be identified
; V& n' _! r; I3 F- go on like usual& A, }( y( F; n' N; X6 h( q6 R
6 M3 b8 @1 r! N; h9 d1 p* N6 A, h5 v0 x8 D/ P; B9 W, y
Magic28 BenQ unlock with DosFlash16 / DosFlash32 on any motherboard
1 x, ^ \8 @0 [* j---------------------------------------------------------------------
5 Y4 K2 v. w1 @9 u# y7 t4 c6 X- connect BenQ to your PC's power supply unit and SATA port9 h x. x8 L, Y: V/ ]
- power up PC and boot into DOS for DosFlash16 or Windows for DosFlash32, i4 @$ P: |* `( N8 X1 q c
- run DosFlash16 in auto mode for DOS or DosFlash32 for Windows
# Z& P0 y5 E$ ^; V# u, U3 n- if you read the following:
1 W0 X4 u( g& p- Y MTK Vendor Intro failed on port 0x????. Because there seems
, u: p2 N/ Z. \, @9 C# z to be a BenQ VAD6038 drive connected you should try the
# P/ Y5 [" d9 `/ ?6 M' B7 O Magic28 unlock method.- I) |) b& x! p7 h+ a
Do you want to send the Magic28 command?) {% { s' H$ a% t% c, ^3 J5 }
- press 'Yes'2 y- [# m" Z$ H$ i& c. g
- the BenQ flash should now be identified
+ @+ H1 A5 S& t9 z: G M( ~8 ]4 y9 h4 G- go on like usual& d5 W4 p$ q7 ]9 U! ~
n; U; x9 V1 L* j/ h. ]
, t7 l+ @' S6 I! w) I! _Thanks to Redline99 and Tiros for help and support.
/ W( {& R0 g3 {# l
: B- n- M+ ]" I& k2 C% z; F# hIt's all about DOS!
" c, w9 k6 `6 P0 n+ `Thanks guys for the excellent team work!
5 }! x3 k7 \/ H3 Y0 eGeremia, Modfreakz and Kai Schtrom9 R" o. ~$ W) h6 _3 K9 H' ^7 W* I
/ x/ `1 `1 A- S- q _/ ^& N+ f+ S
( i/ ~ G3 W* c r- ~# N************************************************************************************************ R( O1 b9 i. ~- x1 X: F
+ F6 E5 c, F! X7 n) \+ z; V2 A2 o; t5 c% @
DosFlash and DosFlash32 V1.4 Beta; Z. t% e/ y4 n1 ]9 s$ q# i8 c4 [0 w
-----------------------------------
; ]$ r: x" K. P+ ?- DROM6316 flashing support. z, V# r; O: U
- a flash erase is now always done with a chip erase and not a sector erase command, because y$ Q# v# E5 a+ Q3 r1 p
the sector erase gives problems for some Winbond flash chips including the DROM63169 H- I) i, v% S3 y8 e
- DosFlash.typ corrected and updated7 O$ K2 N7 I3 n6 N9 P
- for a detailed explanation on the soft unlock look at the included file SoftUnlockByIriez.txt,4 J/ q3 b/ C. O- {5 W
it contains a very good explanation by Iriez from XBS, thanks for that one!+ J; Z( w; Z0 v `% ?3 L" G
3 R$ r% l8 |! w, z
Thanks to Iriez, Jumba, Redline99 and Tiros for help and support.
6 L3 ~% L$ e4 ?: B( g) j* C
7 b6 g: o" q' Y) |, G- hHappy DROM bricking!
9 w! @; Y7 k3 ]Team Modfreakz and Kai Schtrom
3 H- J, b$ J; T1 V1 h$ ]
8 p4 M" G6 \4 g4 z2 D% F- V- v& @& v
************************************************************************************************2 H7 j5 A7 a, h3 W4 d2 S- J3 Q2 } t
+ T7 x* P" [4 o$ I& O6 h
/ j0 [, d' ]; { kDosFlash and DosFlash32 V1.3 Beta
, U0 W( B4 {( M$ B; `% |) I+ N! |-----------------------------------4 M) k# v V9 j. w
- BenQ optimization in unlocking the flash chip, it should now be possible to read/write/erase6 g8 a: b C& t" Y
the flash without any soldering or wire tricks, the drive is polled for the correct mtk) q3 b& j; D( t4 Y* x# \
unlocking status after power on, this only works for VIA cards and NForce boards atm8 E1 T5 c! M/ U: ?* l6 A
- DosFlash32 has one additional parameter, if you start it with the parameter "EnableDrives". x! s; g; K. p, _) H( I$ `
all the DVD-ROMs are enabled in device manager after flashing, this could give BSOD on some# J: R0 D) C, y1 D! H
systems, therefor you need to create a DosFlash32 link and add that parameter manual to use it
6 Y" D8 |- P. b$ j- DosFlash16 has one additional parameter "Send ATAPI Device Reset" in manual mode, this could; e3 I* x8 R6 N- }
give better chances for soft flashing on some VIA - motherboard combinations
1 L5 R( ~& Y" J4 P" j b5 m- better support of Intel chipsets, drives can now be flashed if the controller is not set to! f* H3 ^5 b' m1 }. ?
native mode in the BIOS
9 d) O" g/ M" g) t M( o3 \, r- the following controller list includes vendor and device IDs that are hardcoded to identify; o2 [6 s# D" r& ^" E1 Q9 n
the controller type (IDE or SATA), this is needed if the BIOS uses IDE ports like 0x01F0 or, J& ^+ ^8 Z/ Y( \" J- t) e
0x0170 as SATA and not as IDE channels, this list is NOT related to soft flashing( Z7 x3 u! B$ v* t- {
- the following chipset support is added8 \* D3 w- @, m9 Z5 T9 }9 {- n
- VIA cards* z5 N, r* p) P% u3 ~3 u3 [
- all VIA cards with a 6420 chipset
|; ^3 w% e' B- q. C+ j, z+ c - IDE Controllers& d1 B: c* t: P2 c ^' ]% C3 G: o
- NVIDIA nForce 2 IDE Controller
0 K) w) S2 |; [1 m3 N F% {- F - NVIDIA nForce 4 IDE Controller
1 M- g: [6 T! P6 @2 u/ M - Intel ICH9; B# K8 ^3 c- p7 _
- Intel ICH (i810,i815,i840)
9 V& |' U; {$ x. n& [# |; }7 R - Intel ICH0
. N( z* f- T6 r; s( E6 ~" y - Intel ICH2M
& C! V4 Y4 [' ~; N: t% k0 ? - Intel ICH2 (i810E2,i845,850,860)
- @7 g' \; |; z$ L0 t - Intel C-ICH (i810E2)
+ S5 _( k$ v+ `. Y; e - Intel ICH3M
p" O& A0 p ?& |& N - Intel ICH3 (E7500/1)
# {3 W- O2 _8 m0 ~' n0 x - Intel ICH4 (i845GV,i845E,i852,i855)- ^% q; S |" C. ~
- Intel ICH5: e) y$ P6 ~. H" d
- Intel ESB (855GME/875P + 6300ESB)
9 f) }0 \, G4 p" C. a" r) M - Intel ICH6 (and 6) (i915)6 g0 O& [. _0 w# T; g
- Intel ICH7/7-R (i945, i975)$ R* i# S6 m2 ?/ Q3 v S/ O7 Z$ o
- Intel PIIX3 for the 430HX etc
+ v3 \$ y3 U9 k# G+ c! l& U - Intel PIIX48 s3 V/ [: r, O" `/ y$ u
- Intel PIIX4 for the 430TX/440BX/MX chipset
( h0 h+ i' W. F8 {2 h3 F9 C/ {! } - Intel PIIX0 y* r8 _( v8 m1 L
- SATA Controllers) M$ r D: m7 ^% X8 j
- NVIDIA nForce 4 SATA Controller
' }/ y5 w3 @2 J$ i J5 `2 A& w - NVIDIA nForce 2 SATA Controller3 q3 ]) |; S7 F
- NVIDIA nForce 3 SATA Controller
$ W @" x( e0 a* i% Z - NVIDIA nForce MCP04 SATA Controller
& q! ~$ Y( }! \! M, m) _ - NVIDIA nForce MCP51 SATA Controller
" j6 T- V$ o4 W. t3 ?' y - NVIDIA nForce MCP55 SATA Controller
. r2 {/ I$ T1 r - NVIDIA nForce MCP61 SATA Controller& r7 o# i! o& _* F5 W: R+ o3 k7 q
- Intel 82801EB (ICH5)
; l* }4 P" l0 z9 S# K - Intel 6300ESB (ICH5)
$ _. R2 e) a: t( j" U2 b8 N - Intel 82801FB/FW (ICH6/ICH6W)
' k/ P% }9 ^; v3 ~3 ` - Intel 82801FR/FRW (ICH6R/ICH6RW)
) G9 X* `+ p0 ?4 K5 e9 @ - Intel 82801FBM ICH6M
; ~1 z( }6 b5 z7 K# L; b - Intel Enterprise Southbridge 2 (631xESB/632xESB)9 f$ s. a/ ~* d# g' c
- Intel 82801GB/GR/GH (ICH7, identical to ICH6)
! N1 E7 M1 M) m5 i" W* {1 U - Intel 2801GBM/GHM (ICH7M, identical to ICH6M)2 ~. A7 T! w% h7 }1 o
- Intel SATA Controller IDE (ICH8)
7 i. K4 m% K6 w' e2 R3 l - Intel Mobile SATA Controller IDE (ICH8M)
# }( ]3 w7 ~8 e2 X! A L* z5 d9 Y2 V - Intel SATA Controller IDE (ICH9)
) y; U# X( i$ k, ? - Intel SATA Controller IDE (ICH9M)
$ O7 I6 n; J+ L" F) B& v
( ?+ _7 q; `, L2 `
, G$ e. t, ^+ t X6 V. AThe following only applies to a software flash on a locked flash. The methods have been tested, `- M: x4 t+ M
with the BenQ and the Sammy. The VCC trick will work on any motherboard, but you need to do
/ b2 Y' l8 h7 ^: n2 g" T' P& Usome soldering and cut traces.6 Y6 a) S6 f+ w
! @7 S8 s/ z; u- R7 Y- `( r# I) C4 `, G" f, ~' J* ^6 V
Soft Flashing the BenQ in DOS with a VIA card and DosFlash16 in manual mode
! x' A7 Y0 p1 N: G: u9 [0 Q/ K------------------------------------------------------------------------------ C G/ U; j! ^/ b' n0 ~
- first you need to know the port addresses of your VIA card, you can get these by starting
+ I7 j: w+ B, T' @2 n# l( i K msinfo32 on Windows XP and looking at the port listing for SCSI devices
9 P# Y) M( Z' d+ b+ e3 r- for the 6421 the 1st port is internal SATA, 2nd is external SATA and 3rd is internal IDE
" k% t9 r& ?, p. i8 [- for the 6420 the 1st and 3rd port are internal SATA2 E2 H* N+ e% q5 W3 \" t4 w
- you need the starting address e.g. 0xD000 or 0x7000
9 s# z! u7 e; h' a8 v- be warned that these addresses can change from computer to computer, they are assigned3 c# Y9 d) a$ h I' t9 k
at bootup, but Windows XP should display the ones you need for flashing in DOS
' t, y" @( H; q; t! a* N" F, X4 J" w! {0 i- connect a separate power supply unit to the BenQ, don't turn it on yet (can be XBOX360 or ; F% p) m, n* S0 n
Xecuter Connectivity Kit)
3 _- q1 [1 _( p3 z6 x# ?5 R- don't use the Xecuter Kit to power the drive with the same psu as your computer, cause we8 d* ?! r9 m) D) n: ~" `3 M7 |
need to power the drive off and on during soft flashing0 [3 l: a1 X) N* k
- cold reboot or reset the computer
0 Y1 C/ u! K- m b( i! m- boot from a DOS disk, I used a Windows XP MS-DOS startup disk
! W2 | i7 b4 `6 a5 @ w- at the prompt type: 1 K$ ^% x. N5 E# |6 P
DosFlash r 7000 1 a0 1 4 a:\orig.bin 0
3 D; [9 w. Y8 K$ {. n- `* W - instead of port 7000 use the starting address your VIA card uses5 L3 Y( R& p- @ C+ C) R
- press return; M& D, C: K2 ^
- DosFlash16 will ask you if you wanna resend the mtk vendor intro cmd, press Yes) A# M9 v1 }$ A
- after you pressed Yes the drive status is shown on the screen, it's something like 0x7F,
# v# e* g" B$ U2 t& \4 Q$ d7 D this will change during the next few steps# Z9 V- S: A! [ S9 h. Z
- turn on the BenQ psu and wait 2 or more seconds, status changes between 0x51 and 0xD1% W" C# b4 [& S% ?' m: p: M! h
- turn off the BenQ psu and wait 2 or more seconds, status will stay at 0xD1. G# p! a0 b8 [6 q9 F; i
- turn on the BenQ psu, you should get a good drive status 0x73 and flashing should start
+ \0 {: d; ^ D9 X. W- this worked only one time after the computer is powered on or resetted for me
' b; O+ N# }* V0 ]7 @; }1 h- writing and erasing works the same way& [" i4 e) g' H1 l
- for writing type:
' Z5 B0 L; h/ x- ?) L# [) x. { DosFlash w 7000 1 a0 1 4 a:\ixtreme.bin 0# X/ l% @$ C0 w6 `/ P. o ^
- for erasing type:
' f# f- L7 R/ @ DosFlash e 7000 1 a0 1 4 D8 0 (D8 is the sector erase opcode for the BenQ flash, if you need
% i6 I* j, j+ {! i' P3 [+ Y to erase another drive, lookup the value in the datasheet or DosFlash.typ)
9 c/ ~' [6 w7 D+ E8 P- if you experience any problems try to use 1 as the parameter to the ATAPI Device Reset, cause
) P5 f4 m a: _) G' a the same VIA card will react differently on another motherboard sometimes" o* w4 q. ]" _$ L- R! V7 L
& v# Y* N' |8 b, D5 ^( B4 a
2 G' ^1 c3 V0 k" S2 PSoft Flashing the BenQ in DOS with a NForce motherboard and DosFlash16 in manuel mode# x( ~7 D; v8 ~: P/ x
---------------------------------------------------------------------------------------' Q$ v# u# C! Z8 J
- first you need to know the port addresses of your NForce motherboard, you can get these by ) e8 J! ~1 ?. J7 u4 \
starting msinfo32 on Windows XP and looking at the port listing for IDE devices g% }( R% I$ o( [, D
- on most motherboards the 1st and 3rd ports are used for SATA
1 ?% G7 j( J" L% l- you need the starting address e.g. 0x0970 or 0xE900
6 U/ R; U( H! V9 M3 N- connect a separate power supply unit to the BenQ, don't turn it on yet (can be XBOX360 or
) b. `, v! l' n1 E Xecuter Connectivity Kit)
" U7 P: g! F2 [# j( v C# M( c- don't use the Xecuter Kit to power the drive with the same psu as your computer, cause we
5 N* P& B$ @( q need to power the drive off and on during soft flashing
: c$ m' N$ _: Z& ]- cold reboot or reset the computer
, t# {- I, v' n \- boot from a DOS disk, I used a Windows XP MS-DOS startup disk( D. p. Z j5 V) \# c
- at the prompt type:
9 [% m& ~/ g3 k" l. O* E8 W- q, S DosFlash r 0970 1 a0 1 4 a:\orig.bin 1 . r, N0 M7 V1 r: P: V" |! r
- instead of port 0970 use the starting address your NForce motherboard uses' j% h, k! ^* i+ R
- press return
- I4 Z3 x9 l! v- m- \& |2 }- DosFlash16 will ask you if you wanna resend the mtk vendor intro cmd, press Yes6 W# L7 [: [5 M) ?+ t
- after you pressed Yes the drive status is shown on the screen, it's something like 0xD1,
" }' V' M# @9 D" l2 `2 { this will change during the next few steps
9 Y! n% d1 S& L: [- turn on the BenQ psu, you should get a good drive status 0x73 and flashing should start
/ K" o: Y: f) _# y9 G. M- writing and erasing works the same way3 e9 U, M1 T& U0 x1 i
- for writing type:
" o- v! k2 `- s _( B! n DosFlash w 0970 1 a0 1 4 a:\ixtreme.bin 1" `$ j5 V* \2 f O3 L0 Y
- for erasing type:
! Z( N* w& L) D8 g- M8 c- |, z6 ^0 | DosFlash e 0970 1 a0 1 4 D8 1 (D8 is the sector erase opcode for the BenQ flash, if you need9 e" t$ r) N8 Q6 s8 t
to erase another drive, lookup the value in the datasheet or DosFlash.typ)0 V9 Q I/ f) a @; C1 m. p
6 G; ^5 a1 C$ A$ }( M8 ]
0 G. z9 T# a* M+ FSoft Flashing the BenQ in DOS with a NForce motherboard and DosFlash16 in auto mode- N, Q9 l; Q8 r
-------------------------------------------------------------------------------------* s8 d7 a' r3 [3 b' z
- connect a separate power supply unit to the BenQ, don't turn it on yet (can be XBOX360 or
, y) b9 E' q0 ]( L: L4 S" u# u* v Xecuter Connectivity Kit)
& I: G+ O9 K% F; B( k4 C- don't use the Xecuter Kit to power the drive with the same psu as your computer, cause we, E, d G9 i/ z( o. c( r5 L$ B% W
need to power the drive off and on during soft flashing
6 ?' j9 y( ]" D$ w- cold reboot or reset the computer! c+ Z7 q3 f4 t* z8 c2 @
- boot from a DOS disk, I used a Windows XP MS-DOS startup disk1 O4 ^1 A9 U! m" Q& `" f
- wait until you are at the cmd prompt
1 S0 e6 M6 k5 I' z d; v- turn on the BenQ psu
: h/ j; W- z/ B1 o h4 }- at the prompt type:
7 r5 e5 O4 @ T' \. L6 ^ DosFlash- `6 x3 @, ? n! y' W3 G& }. ~
- press return
0 N3 Y; G6 A+ H- during scann of the BenQ's port DosFlash16 will ask you if you wanna resend the mtk vendor( i8 E/ e% M. V* Y
intro cmd, press Yes
' D% R2 i8 M: P1 u0 X: ~' ~7 W/ l. k- after you pressed Yes the drive status is shown on the screen, it's something like 0xD1,, N7 S9 A$ e- L" o" z5 N
this will change during the next few steps
; m- w' P8 ^8 Q) F# I/ P- turn off the BenQ psu and wait 2 or more seconds, status will stay at 0xD18 N% X% o9 }7 X* X* o c' F
- turn on the BenQ psu, you should get a good drive status 0x73 and flash access is granted0 P H3 g9 q9 |$ w, f
- you can now continue as usual using DosFlash
5 ^- e" ]$ A( b+ n8 F1 _- writing and erasing works the same way
8 F" o% \$ J- L' Z( r- if the ports are scanned there is the possibility that you'll get the resend question for
( n( L& P. ?) x+ q6 i other drives like a NEC, this is because the NEC has no MTK chip and returns a bad status,
- L6 j! t' B! p if you know the NEC is at that port you should press No and press Yes only if the port of
/ ^8 {: Q- y9 N0 V h* F' d# D the BenQ is shown or simply disconnect the NEC
3 _) a5 o; e+ u) F
* o( a$ }+ l: ?- [1 t: ~5 K+ z0 J d/ ]& I% _! l2 u2 g
Soft Flashing the BenQ in Windows XP with a VIA card or NForce motherboard and DosFlash32
0 f, Y0 N, ? ^7 E) B- z% J-------------------------------------------------------------------------------------------
4 c6 ~ E+ v/ B* i3 t4 k# W& t" A- y6 e" |- connect a separate power supply unit to the BenQ, don't turn it on yet (can be XBOX360 or % \0 n% Y/ n. S5 h- ]
Xecuter Connectivity Kit)
" z9 p6 Q$ ~* ^1 m+ m& d1 Z- don't use the Xecuter Kit to power the drive with the same psu as your computer, cause we
/ q& A3 P2 c9 c$ y* a/ ?% F+ _ need to power the drive off and on during soft flashing
5 `5 V; g% Q: k6 [8 E: Z- cold reboot or reset the computer6 q0 N% V7 h- N
- turn on the BenQ psu when you are in Windows XP; | C$ W4 y( W: d# ?7 {7 O8 \
- start DosFlash324 b" T! U0 V0 u- w. Y
- DosFlash32 will ask you if you wanna resend the mtk vendor intro cmd, press Yes
3 `$ o, b6 X, V& }# r% Y# K8 l2 }- turn off the BenQ psu and wait 2 or more seconds
& a; i& V2 {6 N8 z6 a- turn on the BenQ psu, the DosFlash32 dialog should show up. O. j4 }- N9 p0 c
- the flash should be recognized by DosFlash32" W7 ^) f w! j
- you can now read, write or erase the flash
* B+ m, i9 T0 s- e% @4 e2 ^; z4 ]- you should be able to do the flashing more than one time in Windows, only do the power / E2 E3 R( M: ?- v8 l* ?5 c
off/on trick again
" ^0 _8 i) g7 w3 z% I$ w' m+ s6 Y- if the ports are scanned there is the possibility that you'll get the resend question for
( s) [8 H8 B) ? other drives like a NEC, this is because the NEC has no MTK chip and returns a bad status,
$ T/ X/ L; p% \9 Q+ w B5 M if you know the NEC is at that port you should press No and press Yes only if the port of! ~& \* h& q. @' A7 l
the BenQ is shown or simply disconnect the NEC
; h$ p* ?9 X' o, ~/ h
, e9 y9 n4 _4 N0 ^" Z6 e' z+ N- m I5 e# L. i! ]; `; u
Many thanks to jumba for the great idea of BenQ polling!
! V b' |6 l) L$ ]7 D' RThanks to Iriez, Jumba, Redline99, TeamModfreakz, Tiros and all the IRC people for testing
/ I/ ^, x. d* D. v! \. s5 c, M land support.- S+ ?( s$ \! a8 ^# B( h
) W8 L8 P: v( D
Join us on IRC efnet at the channel #dosflash for support.
% k; l8 V8 O4 |) T! C9 O9 S. r5 v7 u' U7 M! f
Don't brick your BenQ!
1 l' C3 t' N" ^6 p0 D/ R7 rKai Schtrom. W; f- y7 t, k2 J8 Q9 [
, b2 o p/ l3 ?% p
: `4 Y& S; `2 t+ D9 ^
************************************************************************************************6 q5 }) _. J" g: N+ @) i0 I
% u% q! l1 t0 L; J6 ?
: F% e2 [6 T$ F" T, r2 Z( P9 A% I
DosFlash and DosFlash32 V1.2 Beta
g" d3 ]6 Z: U- a-----------------------------------8 G% S- E* q0 C
- bug fix for BenQ recognition
; |. v* ]0 Y) w4 s0 ` - manufacturer and device id are sometimes 0x00 for a correct installed switch: P6 F/ v' r( v) W5 x$ N! w3 j0 }9 P
- this issue is fixed with an additional ATAPI device reset before the mtk vendor intro is sent
( Y) f: o5 t; h" N: r( ?: W% j4 i
Thanks to Redline99 who fixed my buggy code by adding one line!
" F& T" z: @4 l8 s9 Y5 t7 J
0 V$ J) ?1 P6 w2 [; v$ X
0 Z. {/ r3 h0 h8 j/ l5 ~$ K# T************************************************************************************************
) [+ Q4 n$ I! Z* R4 X0 s0 ~6 n0 v+ i w4 K3 I
3 x5 u9 s* q+ I# k5 k0 l8 k, xDosFlash and DosFlash32 V1.1 Beta
& t9 i0 }$ i+ z6 x" z-----------------------------------/ C+ ~, B$ Q2 O5 ?
- DosFlash.typ modified for better BenQ support 8 b; i- T. l9 ]" R8 S1 r7 _, b# A
- DosFlash16 Flash Manufacturer and Device ID screen output restructured
: [, }, p+ O5 ]- flash chips are first erased before writing starts
4 Y2 R. t: o& Q: H7 n8 J+ u3 h7 y- DosFlash32 no reenable of DVD-ROMs in device manager after flashing, this means you can't see the drive5 G4 [4 N+ f8 }3 w8 s7 u6 P6 X
and maybe have to activate it manually again in device manager, this could give better compatibility and
8 ]; e x7 z2 I4 o hopefully no more blue screens
8 M1 G* c4 f& G8 `( {( ]! w8 i W0 }# P( z) J: e6 ]( e% x1 `
Many thanks to Jumba, Redline99, TeamModfreakz and Tiros for inspiration and help!" ? I5 z7 ~- j7 O3 j- C
% F" m: z0 y3 s3 w" n1 [: ^2 P- z2 e, C/ ^3 I6 i8 V$ f* u
************************************************************************************************( [3 d, B: ~2 ?$ R" T
( Z0 J+ U# m$ G- n1 C$ C6 {8 N) e- ^- a( U, e
DosFlash and DosFlash32 V1.0 Beta: q* N6 W& y1 p& H. H, |, i
-----------------------------------1 G' }, F) _$ J' t
DosFlash can be used to read/write/erase the flash chips of most CD/DVD-ROM drives
, I( p; D: B7 n, R$ G, p2 kthat have a mediatek chipset installed. DosFlash is for DOS flashing, DosFlash32
6 ~, O: R5 H, y7 Z' c3 yfor Windows flashing.
( h! C) `) W% G/ I* Z: [
2 w/ u0 S3 U& G) q p- }% A1 Z* n% J/ w3 t+ S7 ~
Features:
, x: h- f% t" i& @* M0 E u-----------( l5 ~/ N& } ]% Y! k8 M2 U
- flashes IDE and SATA drives
$ L" V3 m E2 f7 K2 F( o; a# W8 K! R, N- supports parallel and serial flash chips8 H2 W1 G2 k7 B
- flash drives in Windows with direct port access* G, I3 Q- J! r) ?7 n
- no vendor cdb flashing commands are used1 t/ X; u, @+ G* G2 L: u$ ^# X0 C
- tested with the following drives:
u$ ^* p6 Q4 D& h - TS-H943A MS25, MS28
9 a% Y9 z" t1 e7 p# \ - SH-D162C
5 S+ x7 u, R9 a7 {2 A# p - SH-D163A
. @4 t m" Y% k j3 ?/ s - and some other drives like Liteon, Hitachi, ...% P# f/ t# g' ]& O/ }% o% h
- NEC drives are not supported, cause they have no mediatek chipset installed9 B) Z/ t% [% f" J
3 T, ]: {, F. Y$ H8 n) u' D. R7 U1 d
DosFlash: o- i3 Q3 U8 t1 D3 V
----------! e, w+ R; i; u
DosFlash supports two flashing modes, Auto and Manual. If you type DOSFLASH at a DOS prompt it2 c5 @) S/ x1 L5 j
will start in Auto mode. All drives and the corresponding flash chips are detected automatically./ {1 ~% v! A4 ]2 I, D% Z- L- }
If you can't get a flash chip recognized due to a bad flash or other problems you should use the
# h9 B5 J% l3 ^Manual mode. In Manual mode you can enter all the parameters used for flashing by hand. The5 K& R' V! i; T; K5 `9 b* `
following help screen is displayed if you start DosFlash with a wrong number of parameters:" m" b$ ^% y: u% I$ F3 n8 P
6 C2 m1 N4 |. ^+ c
' E# J$ y, X8 _$ q {$ tDOSFLASH by Kai Schtrom, 08/05/2007 (Ver 1.0 Beta)) L1 f. C+ A8 d: o; W4 D, p4 o
DOSFLASH [R|W|E] [PORT] [PORT TYPE] [DRIVE POS] [FLASH TYPE]
; |7 |2 Z: C/ W [FLASH SIZE] [FLASH SECTOR ERASE OPCODE] [FILE NAME]
* J6 h( D4 N7 ^& y% p R: Read FLASH
* l# _$ m" {" N2 U& E, S# ^# F W: Write FLASH/ }. t7 a' P! N$ V
E: Erase FLASH+ f9 R! C* j+ _' }( D4 h. X, K
PORT: Port to send command to
& D0 M5 g$ U+ h3 J7 r$ }* E PORT TYPE: 0 for IDE, 1 for SATA0 N+ _( V+ p' K" }% V
DRIVE POS: A0 for Master, B0 for Slave
1 ]% q$ m* ]3 K2 e& M, J8 D' b FLASH TYPE: 0 for parallel flash, 1 for serial flash! I' _$ }, X4 U/ B6 d5 h6 w
FLASH SIZE: size of flash chip in number of banks
' Y$ y# o2 J' y4 }: xFLASH SECTOR ERASE OPCODE: individual sector erase opcode command byte; t8 K$ f+ [' h* b
this is only needed for erasing a serial flash
8 ^# |# G1 s. V/ J FILE NAME: name of the file to read/write from/to flash
9 R7 O% l! `! d8 v5 U0 k8 {9 [All numbers are intepreted as hex values!$ ^$ A3 V5 i, P- R+ |0 l( j
1 t4 Z0 ^( j! g! f6 Q" K
Example Usage:1 n) w% X! G+ ^- k1 d
"DOSFLASH R 01F0 0 A0 1 4 C:\flash.bin"
T: V" J3 c& L7 F! ~* I$ s4 n=> Read serial flash with a size of 4 bank (262144 bytes) from Master Device
( F4 p- P3 V* p0 ]9 A$ T2 b& D on IDE port 0x01F0
/ x) I# b/ D( @! |4 }. j"DOSFLASH E C000 1 A0 1 4 D8"/ E; @9 {! W+ U7 i9 W( A8 h z
=> Erase serial flash with opcode 0xD8 and a size of 4 banks (262144 bytes)3 H4 K' q8 \& G: {
from Master Device on SATA port 0xC000
* f- ]9 I: m* G, L9 K+ E% i4 F / A1 O3 c; Z8 s7 m# y, a5 i0 }
5 V( p U/ ]( WExplanation of the Parameters:
: y2 g8 X2 v( M. L. R: C--------------------------------( ]% F- s* }& ^2 t: c
3 s/ d9 w3 g# z, [; y* B3 `[R|W|E]
, L ?1 O+ y& K& S# A---------
, i' b, Q2 r7 H6 f$ R* r- this will set the mode of flashing, it is recommended to first try read on any x. l& V" h/ Z3 x' g, L5 `+ W
drive, if the read will fail, it is highly unlikely that a write or erase will
" b9 @# m) E! \2 b( n" Z. a, V succeed
2 V3 W$ s- y. h0 [
# c8 {6 ?$ X* j5 r[PORT]
( G' {/ x4 \- |% S2 ?9 D M2 b/ i, [--------
9 N9 j5 }/ K/ ]) T( f1 z) l q; ]- the port to which the drive is connected, a port number should always be entered/ ~' ~5 r* I. U A0 R
in hexadecimal and have 4 hex digits, valid ports are: 01F0, 0170, C000, C800' a Z& L: q, H; D4 ~1 X
- this option can be used if your PCI adapter card or on board IDE/SATA ports are
" H- K% B9 a; Q6 a$ H5 _) s not identified by the auto mode
' ^- w9 o4 z- q4 K+ e
$ b1 n; Y9 I! z X' h* ~[PORT TYPE]
, `5 h: n% ~7 Y-------------! U H2 q: y" m$ U& n
- the port type tells DosFlash what type of port is installed on the before entered
0 w/ ?* H) n7 K" g port address
, W O' H! Y$ k2 m* S, U, k8 F6 N- valid values are 0 for IDE and 1 for SATA) f6 m& ]% p$ v* R
- make sure you never mix the wrong port with the wrong port type, this could give
! G( ]9 C, K# h0 D+ R- ]1 e, G strange results or in the worst case a bricked drive
& v, x2 f$ Y0 L" U8 A2 x 4 b Y2 b4 y# A; f
[DRIVE POS]/ r# T6 ~6 p8 q
-------------
/ ]+ H5 G& F. q7 x- old style IDE channels have the possibility to connect two drives at one IDE9 L! @: C Z9 v0 G/ @4 H
channel, the first drive is called the master, the second drives is called the
* K" B. X% k% G6 } slave1 K K- k$ r/ M; r5 C. T
- you can select which drive should be flashed on the channel, A0 selects Master,
# w! e& @; m+ b( i. n2 ` B0 selects Slave
: z/ M A0 i+ H- }# P! |- on SATA ports this value is always A0, cause you can only connect one drive to
0 ^7 n1 M8 M5 k9 Q a SATA port, so for SATA you will always type A0 here0 S. \% p4 @% r( i! Q7 K
- it is not recommended to flash IDE drives with another drive connected to the
' i+ N# Q p4 Y1 w6 x same IDE channel, this could be risky if something in the Master/Slave selection
- v: G6 Q: x5 e' f4 \) Z fails
9 c+ F% f& W; l" u, F6 Y( a , {5 A+ b8 T. `8 T1 d! B% x
[FLASH TYPE]
. n. Z3 i; i% h! v1 I T: z--------------
; B- A8 D9 y5 O: e+ I! N- there are two types of flash chips out for CD/DVD-ROM drives atm
; p, b) x/ T7 `- the older type is parallel flash, which is also supported by mtkflash for example
1 u7 B! X& h! q. g& S6 F- the newer type is serial flash, which is supported by flashers like XSF
% V" }! P3 w1 ?6 Y: e- the problem here is that no tool is out that can flash serial flash chips on
8 w% J$ [5 q/ ^2 }1 r; U) ` SATA ports2 ~: V5 j( u1 s% k# `* c1 U, {
; E0 M) @+ f+ F F8 V$ r[FLASH SIZE]3 b \; N) l+ W: T2 M& ] o
--------------6 D5 ~: ^' a8 ?2 k8 g' z
- this is specifies the flash chip size in banks) C5 A3 Y) W/ X: I
- one bank is always 65.536 bytes in size
7 h9 t) I4 g. u9 H" f- ?- h( Y- if you know your drive has a flash chip of 262.144 bytes in size you need to enter 4
- ~: z( }' f- o4 m1 w- V: a. Z1 j( \' k X( R& c& S8 g- I1 v2 L
[FLASH SECTOR ERASE OPCODE]: V1 B( D4 ?$ S
-----------------------------! p6 ?0 o* t3 \) m
- the opcode used in the flash chips datasheet for erasing+ T$ u: g6 d/ D. G* X1 e! j
- for serial chips this command can be different from the standard and needs to be( ]+ |- V+ K4 t* r W
entered for flash erase
6 [* D. I; _2 U' T X, K% O/ @- w- for parallel flash chips you can enter a dummy cmd byte, the integrated command
: M' v% ]+ I" E( N: @$ w( L+ [0 ~ should work on all parallel flash chips without a prob
: Q/ l5 @2 {' G 7 X* N% h1 ~ h' v+ E. O
[FILE NAME]
4 n3 n, @ c4 E! `# |$ P-------------
$ H: n7 m+ J4 e! X9 I- name of the file that should be used for flashing
6 D' m+ v+ E A- for reading operations this should be the output file
0 ~. s! Q5 O" C$ w4 u3 P* M7 r# f- for writing operations this should be the input file. L M: g3 v9 [: `" C! P7 x) F O
7 f3 i' R+ [8 c: i
8 Z6 s- F! T H1 GHints and Warnings
8 D6 b5 q& I2 [0 G- {# c: t--------------------1 p. d9 O4 r) a
- read, write erase TS-H943A MS28 after the firmware stealth has been disabled with Enable0800 disc4 \# Q2 \+ a3 K* X; d$ ^; N: B) [
- this only works one time, after the first mtk vendor specific intro cmd is send
; O0 Q2 @6 }' @! W% l - if the mtk vendor specific outro cmd is send the chip goes back to stealth mode and you need: w. `5 L) ]" K4 T- W2 d+ w
again the Enable0800.iso to disable it, B$ f" I5 X! i) t
- therefor the mtk vendor specific intro is send at program start to all present devices and the
& D$ o! d6 m/ r mtk outro is sent at program end: n' \& X3 B4 m1 G& j+ J
- if you have a chip manufacturer id of 0x02 and a chip device id of 0x02 for the TS-H943A
2 _' _" H# ~$ s; ~* f! N the flash chip is in stealth mode and won't give access to any reading, writing, erasing
9 K$ K, Y) E8 e1 M- always have a look at the DataSum generated, this is exactly the DataSum of mtkflash
! J( Y1 G: q2 q% m4 O - the DataSum is calculated as the sum of all bytes of the firmware in a short integer
0 u' b- N4 ~0 y6 w& E% b! ` - to make 100% sure that the flash is written right compare that DataSum to a known one
G5 m, r, [6 ~0 o, s) U- this tool has not been tested on all drives out there, the typ list is simply copied from well! V' R$ c( Q P- ]3 n
known programs like mtkflash and XSF
; U* m! }7 X2 n2 S* }+ \6 c, S - always try a flash read on a not yet tested drive before doing anything else
- j8 {2 b Y9 D9 {; D - if the read doesn't succeed it is highly unlikely that a write or erase will
6 S. B1 [2 N6 R) }' K- some LiteOn drives seem to have probs to write the firmware correct, this prob seems to be
/ H9 C" i) K( {. `3 g! e related to windows register flashing, cause even an assembler app can't do this error free/ R( Z* i. c' J5 V
- if you get errors on LiteOn drives, write the flash two times in a row
0 u: V6 T8 R' }; o+ D/ I( I- for direct port I/O in windows the givoio.sys driver is used, this driver is loaded at DosFlash32
0 \! o( b, G/ Q+ G$ k start and unloaded at program end, be warned, this driver can possibly make your system unstable,2 l4 o' r6 y) P; i
it's intention is to let privileged assembler instruction like in and out pass, even in windows,8 u! o0 u+ S+ f& e
if this driver is not used you will not be able to get direct access to port registers3 o7 V& |; P5 c& L
- DosFlash was tested on MS-DOS 6.22 and later, you can easily copy it on a MS-DOS boot disk created3 v: u* \' k- A% L
in Windows XP and start DosFlash directly from the disk
: g' }( c7 l- R0 _7 M8 Q+ f- don't forget to also copy the DosFlash.typ file, it has all the informations about flash chips( @0 d! H! i$ b" `
for auto mode flashing- G5 w1 v0 e: ?) \2 K% a! |6 [
- DosFlash32 was tested without a prob on Windows XP SP2, you'll need also the typ file for the
0 D" G/ ]# Y3 g' r3 N win version
+ O8 H; e8 ]; T1 J6 Y% ~- DosFlash32 will deactivate all CD-ROMs in device manager at startup, this is better for flashing,
% P" h# t9 q5 r( X, \: \( W$ F cause Windows seems to poll the drives all the time and this could result in a bad fw file or
1 F0 _* b0 @% o& G+ H' p4 W a program hang, the drives are activated again at program end
7 _3 n$ w0 A V' y% u+ `- you should make sure that the flash is not in an erased state at program end, cause device manager
" {9 F8 U" \) p don't like drives that do not respond to the inquiry command
; X% J! b2 [2 L$ d8 R: }; }" m- deactivating all CD-ROMs could take a few seconds, so please be patient at program start
0 k/ ^; X1 Z: P7 ~" l% Y7 y9 [- DosFlash and DosFlash32 will try to scan for the VIA 6421L Raid Controller card, based on vendor
- L3 M& P. f ]6 h, i4 ` id 1106 and device id 3249, it doesn't matter if the card driver is installed or not
1 s: z) k6 h1 q! x) K0 K" d$ W, n4 Z( H, a6 T9 A' {
3 q- d/ H# r6 O: f- P3 w' G5 ?! ]8 d: x
Many thanks to Dale Roberts and his Direct Port I/O driver giveio.sys!9 }9 i9 L7 s" O$ c0 p: y
- y+ `# e# X; ~0 e* S
Avoid a bad flash!
" r+ S$ b/ U) K! @' l1 RKai Schtrom |
|