|
|
ak475671 發表於 2011-8-22 13:03 ![]() 4 k/ e5 \0 P$ T8 `- F9 _2 w1 D, L
版主你好- L9 s1 t, v) E2 d
版主知道哪裡有教學嗎使用DOS提KYE的過程不是很了解不知道有沒有教學可以參考的呢
" \! O3 H7 ^1 t' i' o; t另外你說他提取 ...
DosFlash ReadMe.txt 說明文件
% k9 b4 |6 [: J
. c) }8 K' x" ^DosFlash V1.9 Release Date 01.01.20119 T/ p: o" B; T/ r( h0 J* v
---------------------------------------7 \- ^7 g4 Q5 p3 p; M8 u
- SATA and IDE port scan improved in DOS and Windows! X6 M4 y/ i2 C* s
The ports are now enumerated with the CONFIG_ADDRESS and CONFIG_DATA register instead of using interrupts
+ d8 l6 e" [4 ?$ T( U in DOS and SetupDixx functions in Windows. This change will detect more ports in Windows than the old
) \! u% Z4 }( d g# y SetupDixx method.
1 z; F; d _! Y- Settings saved to ini file for DosFlash32 and DosFlash64
& P$ o2 v+ \5 J! N4 A2 {: Y& } Settings like Port, Position, Task, COM Port, Enable Drives and DvdKey state are now saved to an ini file0 I$ ^$ q( d6 f6 [! h) R+ o6 B
inside the program folder. If the ini file is not present it is created after the first run. On the first& q" u9 q9 @. c: b" c
startup DosFlash will choose the most common and stable settings.$ v$ {( G, O: @: J! D0 r) y! J! C
- EnableDrives option included in dialog as a check box9 \% V" ` z0 s0 [, o) z R
Due to high demand we removed the "Enabling CD-/DVD-ROMs" MessageBox on program termination and included* C+ h$ g0 a7 K; ^+ z
a check box "Enable Drives" inside the dialog. For security and more stability this is deactivated on the" b# A6 Q1 d# y0 }9 d" O
first run. If you enable it the checked state is saved to the ini file.$ I( z' P& M% I
- enabling drives in Windows caused some hangs from time to time, this is now fixed by a recoded enable, ]- L7 T5 u o4 @+ O2 h- o
drives function
5 F0 z/ p4 P* v7 I+ B0 ~3 R- port drivers portio32.sys and portio64.sys are now added to the executable and unpacked during runtime
, v1 U: o/ S# Q) t& ]5 F- PATA and SATA controllers list updated0 `, \" L4 X- b3 x _8 J _
- Fix for NForce motherboards in combination with drives like the "Samsung SH-D163C", "LG DH18NS40" or8 ~1 r8 Q( t/ A4 d2 j# H2 m
"LiteOn iHDS118"
4 ?9 a/ ^2 c. y Some drives have problems with flash identify, read, write and erase. This is clearly related to the
# G! K7 B7 A3 ?/ {1 y3 k) l NVidia NForce chipset. For manual mode in DosFlash16 an additional command line parameter is added called
% [) d2 z. _7 a "NFORCE FIX". This parameter should be set to 1 for NForce chipsets if you experience strange problems.
/ o( @7 R; m- v+ D% y4 p/ N In DosFlash32 and DosFlash64 we added a static control which shows if the NForce Fix is applied or not.
! a" @+ v5 `' D# n" b Remember there is no need to activate this with every drive. It seems to be a combination between drive" w( X3 T( D$ C/ ?. Y
and NForce chipset that causes the problem. The fix is automatically applied for DosFlash16 in auto mode,
: S0 \* Z; e* c7 i' v1 W" A DosFlash32 and DosFlash64.
+ O; h8 o5 a( h' P- DosFlash32 and DosFlash64 are now DPI Aware for Windows7
/ ^; f0 j- }3 Y, A9 ~% U2 l# h- New task Verfiy Key/Inject Key added for verification/injection of drive keys
1 N5 T0 O! d. h" D3 r All DosFlash versions now have the possibility to validate drive keys against an XBOX360 drive and set7 s+ ]; r$ O$ z: f
the key for an XBOX360 drive. We use the same authentication method like the console to verify a key.0 q: L% W- M* O
In the Windows versions you have the choice to paste the drive key from the clipboard to our custom hex. x( P/ ~1 X/ A" f- K3 s3 s
edit control or load a key file. To add a key simply click right inside the hex edit control and select2 D7 D8 l+ e }9 X# [, z
your choice from the shortcut menu. In DosFlash16 you can enter the key in the format "1A-2B-3C" without8 \3 ], n6 g) Q! D! W1 W) }
quotes. Remember that a key has 16 bytes of data. The key file to import should also have 16 bytes of data
$ N& n. D2 ^% B. \8 p like the key files exported by LiteOn Key functions." ]. ~% R+ ~) \" ?8 a% R0 f! G* U8 P
- Removed multiple key extractions for LiteOn Key functions, added Verify Key after extraction9 N8 K( f/ ^- i3 d+ g
For LiteOn Key functions we removed the multiple extractions, because the key is now verified immediately
: R+ u9 i8 J6 h7 c2 l4 M against the XBOX360 drive./ L" S9 W# L1 k% _
- LiteOn Key V1 and V2 now also extract the file Serial.bin and the 2nd inquiry file Inquiry2.bin2 F& y* M+ c- [, [, W
We added the file Serial.bin and Inquiry2.bin to LiteOn Key functions. Inquiry2.bin is only generated for; r& k- ~6 M6 f" A6 s& n6 b
LiteOn drives V1 and V2.0 d: c- q. r" q4 y; Y
- The drive key of Maximus patched UART drives can be extracted by using the task "LiteOn Key V1 (DvdKey)"
& b6 ?& n1 O7 F, F0 X3 g The drive check has been removed from LiteOn Key functions. This way we can extract a key from an UART
* i: q3 q3 X9 M% E! h1 P patched drive firmware by Maximus.% Y/ q" g a4 `0 o f6 w& P: ?7 B
- LiteOn files are now extracted to a destination folder instead of prompting the user for every file name.; B+ Q# V3 Z3 p9 F! Q7 B' n* z
- LiteOn key extraction tasks separated per drive version in "LiteOn Key V1 (DvdKey)", "LiteOn Key V2 (FreeKey)"
1 r) R+ A7 n$ f and "LiteOn Key V3 (Tarablinda)"
" W! S7 h+ G3 O' [; B, N6 _: ?9 }- In DosFlash32 and DosFlash64 the number of installed COM ports in the system are now enumerated instead of
' n& Q. r# @! n" h1 x( I( a% G* ^4 Z' l adding port 1 to 4
1 j- S g+ t' j8 |- For failing cdb commands the sense code is returned6 |& U; a' e* o* F' I1 I' C
- Geremia's Tarablinda functionality added
# ]3 x+ R; w- Y. k8 v/ n! D, Z: z We added all Tarablinda tasks to every DosFlash version. You can extract the key by choosing the task- L9 }$ _' J. t! w6 ~" t
"LiteOn Key V3 (Tarablinda)". For read, write and erase of the flash simply use the standard functions.* H+ b, Y; Y, Y5 \: A: `& E+ L. D6 o
Pay attention that the "LiteOn Erase V1/V2" task is only available for older LiteOns and not for the Slim.! Q1 ]' K+ H0 F S- U5 I4 q Q
You should use "Read Flash", "Write Flash" and "Erase Flash" for the Slim. "LiteOn Key V3 (Tarablinda)"& _3 m8 p" p% R+ d! ?9 c1 \- b. q
extracts 1 additional file in comparison to Tarablinda v04b, this file is called Xtram.bin and contains
. s) ]$ u$ r8 ]0 @3 D( ?) n a dump of the XTRAM8000 area. This can differ in a few bytes from one dump to the next.
0 z7 @/ l/ x/ X$ `2 ?- Device Reset in DosFlash16 manual mode is now done automatically, there is no option to turn it off anymore
) G: x* R- z% H6 P: E- K- Code optimization to work with modern SATA2 controllers added, remember to set SATA controllers to IDE and
/ O& R4 r9 B/ [" D not AHCI mode otherwise Port I/O will not work, n1 J8 Q8 @, Z8 K$ g
- Warning: The read, write and erase of the Slim drive is considered risky in general! So pay attention and9 j- X) _8 n. e* Q9 T) P
always remember you use DosFlash on your own risk every time! Even during flash read the Slim gets flashed! ]5 p& s* {( B
with a patched firmware sector to retrieve the complete dump!* T+ ^$ P3 X( K- p0 N, j7 o' q9 Z
- We had to change many command line arguments for DosFlash16 Manual Mode, because of the NForce Fix, added
/ H: A" c$ t6 f* Z8 g& ]" O Tarablinda support and splitting of LiteOn Key functions. To get a better understanding we added the example, G, A" Q; l6 {% L* o/ o) ?
section below." n4 a8 F, t& X* M7 F
5 j8 v9 c2 g. u0 m& o i9 Y5 H3 t% `0 W0 n2 b
DosFlash16 Manual Mode Examples
* b1 \. J% y" a3 h8 v/ A; ?! F- |---------------------------------+ ~( |: F- V, K# N
- Extract drive key on a " LDS DG-16D2S 74850C" over UART -> "LiteOn Key V1 (DvdKey)"
! @ s, O; J ~- |1 _( M1 p8 V4 \ DOSFLASH LITEON K V1 0970 A0 1
! U; y( ~( A" z' q2 q1 ^" S7 ~7 b$ j3 G+ |5 T
- Extract drive key on a "LDS DG-16D2S 83850C" over SATA -> "LiteOn Key V2 (FreeKey)"
* v% I2 E" D5 T DOSFLASH LITEON K V2 0970 A03 R/ w% @* ~6 t
4 _: z& C5 k* E* [; n/ L
- Extract drive key on a "LDS DG-16D4S 9504" over SATA -> "LiteOn Key V3 (Tarablinda)"
8 _8 Z% Q B9 I f2 g7 h DOSFLASH LITEON K V3 0970 A0* `* F( F* w. _5 x1 l9 V
, H4 Z; F. L$ h1 \- d
- Read firmware on a "LDS DG-16D4S 9504" -> "Read Flash" this is considered risky!( d. V1 j7 `3 p) r; j8 V/ u
DOSFLASH R 0970 1 A0 3 0 4 FWOUT.BIN 04 f/ f/ c$ {( _2 o" R% z9 L
- M( @! j' X) z# W. \4 G
- Write firmware on a "LDS DG-16D4S 9504" -> "Write Flash" this is considered risky!& F8 Q" F6 j; v. V: _+ ]( K
DOSFLASH W 0970 1 A0 3 0 4 FWIN.BIN 0' w8 L0 h* M1 \6 ]
& t" j( `( W* s0 ]( x
- Erase firmware on a "LDS DG-16D4S 9504" -> "Erase Flash" this is considered risky!6 G3 G8 p$ A$ i3 n- Z- t* Y
DOSFLASH E 0970 1 A0 3 0 4 C7 0" Z& N" v# o( H j8 V
4 E3 C$ ?9 N6 @; r& W$ d2 {8 V
- Erase firmware on a "LDS DG-16D2S 74850C" or a "LDS DG-16D2S 83850C" -> "LiteOn Erase V1/V2"
" {5 O& Q( Z6 ^6 d- m, f# I DOSFLASH LITEON E 0970 A0
P: y6 A* X0 A( o
V7 H% B' s0 Y6 q- Read firmware on a "Samsung SH-D163C", "LG DH18NS40" or "LiteOn iHDS118" and a NForce motherboard -> "Read Flash"
4 P6 F, \7 E8 e9 c* ]6 K DOSFLASH R 0970 1 A0 2 0 4 FWOUT.BIN 12 J0 t c6 c4 Y# K0 `
' [3 |8 }5 ?2 j. w
- Write firmware on a "Samsung SH-D163C", "LG DH18NS40" or "LiteOn iHDS118" and a NForce motherboard -> "Write Flash"
/ B9 ^. x2 |( f5 u! z" J DOSFLASH W 0970 1 A0 2 0 4 FWIN.BIN 1
5 n3 G( T, `2 x( Q7 w0 b: O" G. D
9 C5 I9 I$ ]% M; e. i- f3 @- Erase firmware on a "Samsung SH-D163C", "LG DH18NS40" or "LiteOn iHDS118" and a NForce motherboard -> "Erase Flash"
% W$ Q5 B) b/ R& B* ^' M7 X DOSFLASH E 0970 1 A0 2 0 4 C7 12 w* H: v ?8 w! @
5 j# Z d6 Q1 K$ G3 A! b2 @
- Verify drive key on a XBOX360 drive, enter the drive key manual
% m m3 O- v) q9 ] DOSFLASH V 0970 A0 12-34-56-78-90-AB-CD-EF-12-34-56-78-90-AB-CD-EF
x5 X& g( c8 d) F9 y) {8 Q1 E, _3 A) U) ] o+ ^% B
- Verify drive key on a XBOX360 drive, load a drive key file+ F' }3 x! Q; C- t
DOSFLASH V 0970 A0 KEY.BIN
4 Q0 V, J! n; {! f; H3 q) n. b3 R% w; V* i
- Inject drive key on a XBOX360 drive, enter the drive key manual
& E# ^ { T H8 S' Z( d# u4 g6 l DOSFLASH I 0970 A0 12-34-56-78-90-AB-CD-EF-12-34-56-78-90-AB-CD-EF( Z: z1 z& T: X/ v- M1 g- K
" }# ?; v- q; j. W. T! D- Inject drive key on a XBOX360 drive, load a drive key file
4 e- w+ V2 [% I5 N DOSFLASH I 0970 A0 KEY.BIN& v* A9 _; x7 c4 _$ y6 Q( M
$ B" K! J8 i9 C+ H! k
For DosFlash drives on which we can extract the key via UART are considered V1. Drives we get the key over
5 U/ {: |! N6 u& C. g9 mSATA are considered V2. The new Slim is considered V3 but only firmware version 9504 is supported atm.' G/ }) B, [0 M' X+ k
# X% t% l4 [6 E/ M6 v8 O
/ o% u* R0 M) H, b' H
Many thanks to Geremia, Modfreakz, Redline99 and Tiros for their support. Special thanks to Geremia and
: i2 W$ c; d2 Z) L& x0 N0 ^Modfreakz for drive sponsoring, testing, coding and much more. It is always a pleasure to work with you
R( u# z' G# c( L; R5 t: F+ Y* xprofessional guys! Respect to Maximus for his UART enable patch. I'm looking forward to your magic Lizard
3 P7 i+ Y G7 s7 ^: c& K/ C7 Whardware flasher!) ^3 u1 P# F1 b/ U4 i+ m- i' s% y
2 B( K( \4 D2 e; ^* \, N
Happy new year 2011!# C' T. `9 R3 V$ L
Kai Schtrom
, U- m% v+ \9 l+ R! ^8 A1 s9 q4 `2 K: E3 m; B2 c
************************************************************************************************ l- o; U: O) d4 b0 ]0 f
/ N4 f; s- e' ]' F1 V8 j- c+ H3 v
$ T& |) p6 b- U9 RDosFlash V1.8 Release Date 08.08.2009. K# { w @* A3 n2 J
---------------------------------------
' ^+ D. F. p8 e* ^- now supports LiteOn PLDS DG-16D2S 83850C V2 Geremia/Maximus LiteOn FreeKey method; W. G' Z& x( D P
- huge firmware read/write speed increase, especially if run from a floppy disk/ M' f- o1 C4 E: l3 i n' ~
- updated IDE/SATA motherboard chipset list* c: P# d# q3 q1 g5 f% H# V3 a
- new IDE/SATA detection for Windows and DOS
8 b. m# ^, C5 Y/ R& k% R- DosFlash.typ embedded in executable file
( `! | `( b( Q' A- LiteOn V1 drive key is now extracted 10 times and compared against each other,4 q/ K/ o. j5 a4 O% E- l6 x
after the extraction a summary is displayed sorted by the most common matches
3 F# N5 ^' a5 S2 e- LiteOn V2 drive key is extracted 2 times and compared
4 A1 z: N3 ^9 ?; w$ U8 V. `- new BenQ unlock keys added to unlock all known BenQ drive firmwares' W! m( t; x" a7 o8 O ~0 G
- command line parameter "EnableDrives" removed, DosFlash asks the user on* F# e7 S' C# f7 _8 _, D, {3 M
application close if he wants to enable the drives or not, during the tests it5 M8 l( b5 c. {+ f% \8 Z
seems that IDE drives have problems with the enable, SATA drives seem to 2 X3 N6 V3 g$ P& Y5 M5 e
work fine" G3 y5 c0 N- H. M& Q" _
- new 64-bit DosFlash edition added called DosFlash64, because some driver, J* H$ \$ B3 @( C: a2 t
functions don't work as expected in the 32 bit compatibility mode on Windows x64
- a8 D' F( `0 y- Beta state removed. ?7 v S/ H. v4 q8 F" F' S) y- v
- ready and tested on Windows7 X86 and x64
: k- z" Z3 _2 z. S/ j
3 I+ c- w& ?3 z- A8 x3 c( g" {2 ^ F# _9 e
Geremia/Maximus FreeKey method with DosFlash16
+ U- G" ~6 }! }------------------------------------------------2 ^6 B* U* z$ E6 p9 V6 V* p
We have added one cmd line parameter for DosFlash16 in manual mode. The COM port$ q p5 S/ d8 v9 v
is simply ignored and can have any value for the V2 drives.
@7 z/ R$ M) O; K3 E5 XUse the following command line to extract your free key from 83850C:, X, d. Y( [1 C1 w9 p
- DosFlash LITEON K 0970 1 inquiry.bin identify.bin key.bin dummy.bin enckey.bin
: D& [; B9 r+ g# @, u) T+ b* _
! H# U( { V# ?! B4 V) @$ U, G+ ^# }, a* n6 I @2 y/ {6 `
Tips for running DosFlash on Windows 7
1 v [; J0 o, K- C+ R----------------------------------------
: A% X( h$ o, K$ a2 R, P- V0 i( W6 ?# @/ U
Since Windows Vista 64 Bit and upwards it is necessary that every driver is signed. Because
# z" J; b' E$ m, x4 Pthe DosFlash driver will not be signed by MS due to some unknown reason we need to circumvent- `0 T N5 k+ v$ p% g( J R+ I2 h
this check. You have the following 2 possibilities to do this.
! t6 I% K b4 Q+ l" }& H+ I7 Y6 Q) G
Safe Way of Disabling Driver Signature Enforcement1 U- ~8 _% ?7 }0 N
1) On Windows 7 bootup press F8 to get to the extended boot options screen
/ a( u5 T5 E3 f* W* A9 n2) Choose "Disable Driver Signature Enforcement"
. r( D& u- A, j3 @9 i; B3) To start DosFlash right click on it in Windows Explorer and choose4 j6 Q6 E" `8 C' n. e* L8 p
"Run as administrator" > answer the message box with "Yes"% m5 ^4 h7 ]& v9 A" v
4) Short after the program started a "rogram Compatibility Assistant" warning message% N6 ?: `! S) ]" B( E* g/ q! d
is displayed, you can simply ignore this by pressing the "Close" button @2 Z9 i& p& i# N2 t! \
4 n4 B( v5 f5 N2 s6 B4 dRecommended Way of Disabling Driver Signature Enforcement- X3 D5 T& [; T$ A! N* B4 d
1) Disable User Account Control (UAC)
' B: O6 W1 O" c" L - go to "Start Menu" > "Control Panel" > "User Accounts and Family Safety" > "User Accounts") \, v- ~* _3 R2 u7 e
- click on "Change User Account Control settings", ]' W% b4 Z1 {9 J. K/ z2 ]
- set the slider bar to the lowest value (Never notify) > click "OK"
2 i8 B A( x i) u2) Sign the DosFlash driver/ B3 u0 ~( T b! @/ G% J
- download the "Driver Signature Enforcement Overrider" (DSEO) from
8 f, `9 n4 p* p" P: C http://www.ngohq.com/home.php?page=dseo
) _5 J" q6 q& D' F: {5 u8 | - start DSEO > click "Next" > "Yes" > choose "Sign a System File" > "Next" > enter the path to
: L# S2 C% o& U* Q" R the used driver (portio32.sys or portio64.sys) > "OK" > "OK"/ n6 o6 K8 M& X
3) Disable Driver Signature Enforcement6 s$ o" `& X) w- q- p
- start DSEO > click "Next" > "Yes" > choose "Enable Test Mode" > "Next" > "OK"
6 O9 w$ s% b: v/ E. L0 |6 Q4) Restart the computer
/ z8 i( t" I$ f: d' _ G7 f8 ^5 i' X1 B, t# a" W, w+ a
Keep in mind that with the recommended way the changes will have effect on every reboot without
& F" ^. u# j$ ]$ Y2 G( E6 wdoing anything manual. The first way needs to be done over and over again. In addition the second! R( }# w$ `! x2 |: f% s
way can be used to sign every driver that doesn't run natively on Windows 7.
" a- M: H$ ^9 _3 ]" ?" |, z6 V9 F% F) U3 H
For use of the VIA Cards in Windows 7 it is recommended to uninstall the VIA driver. This can be' z+ l, Y/ c7 y( q s7 e8 L1 f) D5 i
done like follows:
- X, p1 L% W2 {9 u- start "Device Manager" > expand "Storage controllers" > right click on "VIA RAID Controller" > ) K; a. T' x$ u2 k
choose "Uninstall" > "OK"2 e7 b6 M- j2 Z* e* ?$ t p
- rename C:\Windows\inf\vsmraid.inf to vsmraid.inf_
/ |0 E L N& T r- rename C:\Windows\inf\vsmraid.PNF to vsmraid.PNF_
! P% a$ h6 y g1 t: L- rename C:\Windows\System32\drivers\vsmraid.sys to vsmraid.sys_8 h2 c; Z$ e6 _) |5 c* v5 J! e
- reboot computer! {5 X; M+ A' G" c. N& Z
R/ P+ G; q [6 R
4 c4 k9 {0 ~* ], Q; h7 U" @" \Much respect and credits go to Geremia and Maximus for their money saving FreeKey app1 U2 [+ |; ~# q2 j! H) } K
and their lightning like decryption speed!
2 @2 t7 _% ?; V( s1 F0 m
) ^, q u3 b9 S; i% f) d$ OIn Dedication To The Birth Of FreeKey On August Fifth 2009
+ Y; |" M! \ y! j5 s+ EKai Schtrom) G7 T& y) a3 `2 p
9 p# M) X( {6 B3 r; w5 f- T/ T' {8 Z, E6 e
************************************************************************************************3 y4 ?& G( s* d+ V. S0 N, I7 V
b% L/ v& F/ E
7 m+ W# w0 Q, [* PDosFlash and DosFlash32 V1.7 Beta Release Date 23.12.20087 }8 ~& v* ]1 ?: i
-----------------------------------------------------------; k4 G: B6 Q0 U! {/ [
- now supports LiteOn PLDS DG-16D2S 74850C and Geremia's LiteOn Erase and DvdKey method
. B2 o3 i6 v- J: y. F# Z" P* w, j+ e9 j& a, k+ f+ u+ ?' \
8 ]% s" \$ a% r
The following only applies to the new XBox360 LiteOn drive PLDS DG-16D2S 74850C.! z0 ^: X+ ^% I8 h; n
4 N$ `( [0 U5 Z2 F3 a! C" c
% ^+ B9 f( u+ F) P VGeremia's DvdKey method with DosFlash16 with the PC's psu6 C N3 h: I! Q t
-----------------------------------------------------------
/ {6 W3 T& j7 ^. e- disable CD-ROM boot option in BIOS$ F! H2 g, ]$ s
- connect LiteOn to your PC's power supply unit and SATA port
) @% [# g! C' B+ X# Q0 \! u- power up PC, wait until bootup is finished
* L' {' m; ?# R& C; u0 B6 O- eject tray of the LiteOn and shutdown PC completely* Y; ^$ L2 W4 A: u
- push the LiteOn tray half in
$ X2 @- H% |3 f! u* o( y' {# |- power up PC and boot into DOS) E( z- T( W7 l9 u: R }# }
- run DosFlash16 in auto mode Q# I, o/ ?1 \0 d: S t9 V m' s
- if you read the following:
6 x, ~7 J$ Z5 e$ F( F MTK Vendor Intro failed on port 0x????.8 T8 l9 d ^* _% ~7 w
If you choose to resend the command you should turn the drive off and on
& M; \) T+ N v; H/ T6 O after you pressed "Yes".( n2 ^$ X2 u0 e+ `5 u5 Y0 b
Do you want to resend the command until the drive responds (Y/N)? q% e1 D( s2 @- H. e
- press 'N' for "No"
! n. x% ?4 u7 e- E- choose the number of your LiteOn ATAPI drive/ o1 c# ~, a6 S
- enter "LITEON K" to read the drive key$ }; M% E3 y8 V* K" R% ^& y( q
- type the names of inquiry.bin, identify.bin, key.bin and dummy.bin output files
! m: k8 G/ j) t* r- f- enter the number of the COM port+ O( e3 T6 K2 C! o
- if you read the following:
* x5 ^) F* Y) x To receive the drive key use Geremia's DvdKey method like follows:
: c$ l% | @5 ? - Connect your drive with a serial cable to the COM port
5 O+ o& h3 W8 f1 W4 ~( T- r F& J - Eject drive tray- F; S% p+ V i1 L
- Power off drive# r/ k$ w: A( C6 A- e
- Push drive tray in until it is half open
$ o& `- i u" E1 M | - Power on drive
9 F5 y, ]8 ` C& }( _4 ~; s - Press "Yes" if you are ready- o3 F+ y5 t0 y. z7 t; ^' K8 ~8 F' j1 e& k
Are you ready (Y/N)?1 {; c# `8 k' a3 N5 E
- simply press 'Yes' without doing anything of the above, because we9 [+ T4 o4 {4 g2 B% b! e$ x8 m$ k
already did that before
. w S: I% A: ^% {, d- after this DosFlash16 displays your DVD-Key and saves your key and identify data
& V' o3 ^/ d) Z0 _6 ?3 Z! d9 M5 V: i- to do the above steps in manual mode use the following command line if your drive, G! L. T% h7 G* _5 |" i
is connected to port 0x0970 and serial cable is on COM port 1
3 u6 d( t. ]9 J$ j& y! L DosFlash LITEON K 0970 1 inquiry.bin identify.bin key.bin dummy.bin
/ V9 a; f' A& _; p2 T/ h6 [0 U% E8 a3 m
& h( T- j8 ]% ^- c
Geremia's DvdKey method with DosFlash16 and 2nd psu) u: }. O/ s$ X1 D
-----------------------------------------------------
9 S8 q c) f4 w! M- r- connect a separate power supply unit to the LiteOn, don't turn it on yet
* w, l, m& ?+ r- R- power up PC and boot into DOS; ]' O* a0 {( ?1 |3 v! M+ \
- turn on the LiteOn psu
4 c1 Y8 |) c g% f& z- run DosFlash16 in auto mode# v; T9 E9 c$ Z* s
- if you read the following:9 L7 Z" ~' z% w* C4 Q) r
MTK Vendor Intro failed on port 0x????.
- ?9 s. `/ v: t }7 L& D: J: y If you choose to resend the command you should turn the drive off and on4 s& _# X1 k* w) d
after you pressed "Yes".
( C( h w1 q& Z* w" L Do you want to resend the command until the drive responds (Y/N)?
d# E+ b+ B2 N) ?# \- press 'N' for "No"
3 K, D' h( l8 C; V- choose the number of your LiteOn ATAPI drive3 H. O1 k1 g% Q6 k* u5 q B- G
- enter "LITEON K" to read the drive key
6 e; o/ `! h6 Z( A% k7 h- type the names of inquiry.bin, identify.bin, key.bin and dummy.bin output files
; _2 v5 F; o0 E5 b- enter the number of the COM port
- M: }, f0 u0 A* Q l1 [- if you read the following:" K6 L9 ^1 p R$ W+ L. N- _
To receive the drive key use Geremia's DvdKey method like follows:6 M$ ?0 O- w9 e/ Z( l% ?) [' a
- Connect your drive with a serial cable to the COM port
; S: O" G" h# ]1 G L6 U/ W - Eject drive tray3 V% L( b; u( o* K4 T
- Power off drive. t7 l6 {3 {7 J; o8 Z+ b5 U
- Push drive tray in until it is half open. m( S7 a4 U' ?
- Power on drive
' R* z# N0 ?2 ]0 L - Press "Yes" if you are ready
2 _* [' g( ~- ` n4 x# h Are you ready (Y/N)? z; b, ?/ G' B) j9 m
- do the above and press 'Yes') h Z7 X s; t- N- J a% @
- after this DosFlash16 displays your DVD-Key and saves your key and identify data
- M2 _" Y7 `$ u2 [) e) h' e& Z' |( ?. ^( h5 H( p
' M' O& @6 i7 t4 G, d
Geremia's LiteOn Erase method with DosFlash16 and 2nd psu
7 R3 }7 J) D' R! h7 v: e-----------------------------------------------------------, {- g1 N: C% g V2 S
- connect a separate power supply unit to the LiteOn, don't turn it on yet
2 g+ t! W2 }/ f- u4 ]2 i7 O3 O$ }- power up PC and boot into DOS
! U9 b$ p+ N- W6 m, U& k- turn on the LiteOn psu7 @% h0 |6 o: g' B
- run DosFlash16 in auto mode
8 r+ S8 s4 t d8 Q# ?5 i, q- if you read the following:7 \- P2 Z5 Y0 v
MTK Vendor Intro failed on port 0x????.
8 f, j0 J9 d9 j \! N; v If you choose to resend the command you should turn the drive off and on
& P8 J/ G! r3 z6 V5 A after you pressed "Yes".
9 u3 T* B' e: @* p4 e4 m Do you want to resend the command until the drive responds (Y/N)?
, U1 H. m6 V) h2 p2 X. ~- press 'N' for "No"
. Y8 ^2 ^7 Y: Y) Y, j' Y( W- choose the number of your LiteOn ATAPI drive
9 g0 f/ F, Y5 ?* X8 O D' [- Warning!!! Keep in mind that you will need the drive key before you erase the flash,
2 V& R' I5 l2 ? without the drive key your XBox360 will not work anymore$ H. O9 a7 c6 u; F4 A; g' R' h! P5 J9 U
- enter "LITEON E" to erase the flash1 Q: i6 F- L4 h w3 {" z9 x
- the first time after the LiteOn Erase the drive needs to be repowered to give2 q) S! N" I4 [( v# d) r8 O
flash chip access, this can be achieved by repowering the drive before another: d* w) A+ U& C$ p$ y; _
DosFlash16 start in auto mode or by doing a MTK Vendor Intro Power Brute- S# u7 @' b6 H6 h9 y# f2 P
- in my tests it did not work to power the drive with the PC's psu, because it will
% s) o" w4 ~: g. P always respond with busy status
- T8 T2 Y4 r0 X3 @3 W. ?9 @) o! ?/ G- DosFlash16 can now read, write and erase the flash chip like usual) T& l+ Q1 p" B+ c6 B
- to do the above steps in manual mode use the following command line if your drive
% \; G/ {3 k8 o3 \7 Z is connected to port 0x09705 ]% e+ N8 [8 v6 h, Y$ o
DosFlash LITEON E 09709 F( \! x$ _5 O1 B3 i
0 F# a* n0 Z- \
% d% G( A1 a' Z
Geremia's DvdKey method with DosFlash32 with the PC's psu
5 C) i+ F+ L- C* d. |8 P-----------------------------------------------------------
! n4 X1 T4 i4 @% p% `. h- disable CD-ROM boot option in BIOS
' M" Z; ] F; e% N3 ^# o/ J- connect LiteOn to your PC's power supply unit and SATA port
) a u; I! Q0 V- ~ N- power up PC, wait until bootup is finished
" _3 ` B* S& ~1 _- eject tray of the LiteOn and shutdown PC completely" I H$ z' }1 V% Z5 c6 @" P3 P
- push the LiteOn tray half in) R) V# P' Z" M- L9 u1 h1 T# A
- power up PC and boot into Windows
% p/ V9 h- }: _ }- run DosFlash320 @- W0 J+ U/ n. e0 @, k" \: w
- if you read the following:% u& S8 q$ d5 \/ b L
MTK Vendor Intro failed on port 0x????.! B, @3 d/ a. C9 L: v3 ?: P
If you choose to resend the command you should turn the drive off and on( G& y# \7 L3 U- Y/ N6 w
after you pressed "Yes".
% w( E* o1 S# i# ` Do you want to resend the command until the drive responds?
' N( X' y' `9 Y& `) c) o+ A& |# H- press 'No'; |, E; Y9 q! w, c
- choose "LiteOn DvdKey" as flashing task0 Q3 v2 X- k) ?/ H% _/ v
- choose the COM port number. \& ^8 M, C: D/ Y$ F
- press on "LiteOn DvdKey" button
* u, r- Z- J# r. O# P4 N- enter the names of inquiry.bin, identify.bin, key.bin and dummy.bin output files( o1 T0 |8 D4 T( Q+ w
- if you read the following:6 J/ |# p' o7 d# x; ~3 U6 J
To receive the drive key use Geremia's DvdKey method like follows:2 H$ a9 c" ~- z0 |0 p1 a' ^ z
- Connect your drive with a serial cable to the COM port* \7 c* x7 p4 v! }! O
- Eject drive tray. v; w: n Q; U/ f$ J. d$ H
- Power off drive. O8 v3 \% q/ A# f* r2 N0 x v
- Push drive tray in until it is half open
1 N- Z3 k% o2 k8 i- E - Power on drive) x/ g. H" Q% i
- Press "Yes" if you are ready% I+ q7 t1 t2 o- p& b" n
Are you ready?
5 m5 y1 |% z3 Q9 J( h- simply press 'Yes' without doing anything of the above, because we. K, o1 y3 R' w- N1 o0 I1 m; [
already did that before' w! p# H* s5 ]9 P
- after this DosFlash32 displays your DVD-Key and saves your key and identify data
) ~; V3 n* F* C0 h/ I7 J4 J+ v7 c- n. Y* R) \6 ?4 z: R4 E
- a" V# X) H- l! Q6 j- ~: Q
Geremia's DvdKey method with DosFlash32 and 2nd psu* O" ^) }, X# p. N8 v. m" V
----------------------------------------------------- M) ^; l5 g7 B' N1 {5 j$ e5 c7 c. ]$ o
- connect a separate power supply unit to the LiteOn, don't turn it on yet5 n* ` [6 c% e9 V8 n, j
- power up PC and boot into Windows: v4 D c0 b; _# f; S/ ]6 n
- turn on the LiteOn psu/ h W2 x0 d; z3 w6 w- c& ^7 a
- run DosFlash32 T: ]0 o5 d5 ~& z( s) r
- if you read the following:
, p. L$ c' y1 l: x& j MTK Vendor Intro failed on port 0x????.* K! @) K4 ~( |- u9 p9 x
If you choose to resend the command you should turn the drive off and on$ G; P0 K0 V- f$ ^3 y; Z
after you pressed "Yes".
: n+ T: X- L3 F' t" ?& H Do you want to resend the command until the drive responds?1 x" p3 s/ n0 o$ n. o
- press 'No'
- C) m% b0 b3 O+ ?) W5 E- choose "LiteOn DvdKey" as flashing task
5 p! M) N( Q$ S( W- x- choose the COM port number
9 N( z! G& a/ ^, q- press on "LiteOn DvdKey" button
, Q* T3 v5 p6 Y- enter the names of inquiry.bin, identify.bin, key.bin and dummy.bin output files9 Z( B- h1 }. ~/ x
- if you read the following:
, A2 Y/ }& B1 Y5 r To receive the drive key use Geremia's DvdKey method like follows:
8 O. ]- v x- G; s, I, e5 M! D - Connect your drive with a serial cable to the COM port
8 Z6 ?# {1 M+ g% w5 L2 c - Eject drive tray
. O( ]* N6 D0 Y* J2 J* B& t: w7 t( v - Power off drive
( I7 o0 v* L9 k2 E9 ] - Push drive tray in until it is half open' D U9 h0 c1 D
- Power on drive/ z N6 v2 X0 h3 p, d
- Press "Yes" if you are ready
. B7 b) @+ ]6 N, d4 Q H Are you ready?
: @0 V( c* S5 u9 k3 j- do the above and press 'Yes'" v0 Q4 P& ~3 x+ i4 W9 H: K
- after this DosFlash32 displays your DVD-Key and saves your key and identify data r; p c$ X5 u& j4 z- i& h
# U1 Z: L1 j# O2 d0 L9 V
9 s* g9 m2 _% s
Geremia's LiteOn Erase method with DosFlash32 and 2nd psu
. k3 E8 U |+ A-----------------------------------------------------------) Y5 R1 r6 |4 x/ X" _
- connect a separate power supply unit to the LiteOn, don't turn it on yet
/ y2 u* _& x8 \- power up PC and boot into Windows: N" F$ Y& N5 o
- turn on the LiteOn psu
$ }& l4 W: n! [0 H) e- |- run DosFlash321 q7 t5 b% H. x) H
- if you read the following:
9 e# C/ U3 W8 @- Y6 j3 z( d MTK Vendor Intro failed on port 0x????.. \. @ H7 k! i: t7 Z; k8 d: n
If you choose to resend the command you should turn the drive off and on
. e6 Y0 m# o) U d7 g' Z after you pressed "Yes".
) h- ~) [" f3 a1 x3 I& s Do you want to resend the command until the drive responds?
9 c7 y! m0 Q" \- press 'No'
6 O) ?$ z* a3 e. n$ J- the LiteOn flash is not identified
/ y x* X, k5 r4 c+ v- choose "LiteOn Erase" as flashing task
6 C' K4 T. ]" `/ H- Warning!!! Keep in mind that you will need the drive key before you erase the flash,4 |& n% Z! o8 [* o* i" a3 n
without the drive key your XBox360 will not work anymore) w9 {3 ]0 H6 B2 l: i4 g8 `
- press on "LiteOn Erase" button
/ `5 o& l9 g& k9 Z* b3 L; A- the first time after the LiteOn Erase the drive needs to be repowered to give
4 a! l$ D1 d3 W7 K l( D7 ^- F flash chip access, this can be achieved by repowering the drive before another5 ?& d$ r# x; w! [& N
DosFlash32 start or by doing a MTK Vendor Intro Power Brute
2 n" m* h6 @; m* R" Z- in my tests it did not work to power the drive with the PC's psu, because it will/ \" n: V( p& ?; q# O. c* N+ e0 R
always respond with busy status) V9 ?3 n8 X) j$ O S' P5 y
- DosFlash32 can now read, write and erase the flash chip like usual( F' K: Y: s+ o! i6 U) e
- f! A0 ?7 P' \8 B p% H
( D" q* _: c* P$ T: kRespect to Geremia, Modfreakz, Podger, Redline99 and Tiros.( f# \- J+ i# C
+ B, M( N. g1 l% `2 i1 ` a# Q
Like a wise man said: "0x2E is the MTK Intro of Death"7 x& z! K2 J d
Kai Schtrom5 N) P% I' g9 `
) W4 y- W( [7 `$ j% J( {
) j: u% _5 M0 I************************************************************************************************
% ^2 ]- `" A1 @
- C& S% ] q* a# M8 `
& U- E7 ]; e" {+ _' VDosFlash and DosFlash32 V1.6 Beta
, ]; {/ }$ K4 w" g9 f-----------------------------------
; }* v) ]6 C; z1 o3 u- fixed power brute unlock bug for VIA cards, this can stop your VIA from working% U" c% @% H' S c4 v% Z
with the power brute unlocking in Version 1.5/ l5 I/ O3 `4 X r: N
- for DosFlash16 in auto mode on DOS my VIA card works best if I do a cold boot
) o: W6 P7 `$ B" k' F and power up the drive short before or with the PC1 g# t% y' n1 n( l
- for DosFlash32 on Windows my VIA card works best if I power up the drive short: [' D+ u- v( h; H5 g$ w1 z* J# D N. t
before starting DosFlash32: `% W- w5 b$ C# y7 k: L
- for me the VIA works with internal and external connectors on DOS and Windows
. c6 v x: I; |6 B2 S2 q6 u6 @) p, ? u0 E# m- b
Sorry for the trouble!2 i5 Z, O6 F1 a! o1 F
Kai Schtrom2 Q0 W2 p2 H, b, }1 L
' u4 ~9 B* e$ p7 n* x3 E& J; C5 z
************************************************************************************************
* J2 @% y- n) V. Z' ?+ u& x* h& M, y
( N: j; y1 K$ p% T+ tDosFlash and DosFlash32 V1.5 Beta( Y* }4 L2 d5 f; s: @4 t
-----------------------------------( m* I# N; V" G$ J
- now supports serial flash chip MT1309E with mediatek status 0x72 like the SH-D163B, SH-D162D,% O) B2 v3 v2 ?* U9 e
Asus DVD-E616A3, Asus DVD-E818A3, Sony Optiarc DDU1671S" w- R) X3 A* G! V; X
- SST25LF020A and SST25LF040A chip support added
3 G& I) X$ G7 Z# n; m- DosFlash32.exe ported from MFC to plain Windows API, exe size is now 22 KB& {) L: S6 b1 I6 O. U
- new port i/o driver, because giveio.sys can't be compiled for 64 Bit Windows
S0 P: U! o+ d. `3 c- DosFlash16 changed slighly in manual mode, one parameter is added to support SST25LF020A and
$ B: ?/ D* r! S" o' i SST25LF040A# t& G6 _6 b2 C3 D P6 W6 \& g
- two new methods of BenQ soft unlock are now possible on all motherboards with only one power
' R) J# F4 l$ z8 j supply unit9 J2 a) A _, s
- 1st method is powered by Geremia's unlock core, thanks for the complete idea, concept and$ s0 Z* x: V5 l% v8 o- }
source to Geremia
8 I! e T2 C! x/ ~, T) ] A6 D- 2nd method is the Magic28 key send, this only works on BenQ VAD6038 firmware, thanks to2 h: Q0 G: p- _
c4eva and podger for the initial idea
X A, N' Z M: _- the two unlock methods are send one after the other if the drive is a possible unlock
% j1 h/ C% u- B4 ^8 t& ~ candidate, first the Magic28 command, then Geremia's unlock commands and after that the
) h+ A$ [- b" M& j$ z( p already known power brute unlock is send to the drive, you can cancel any of these methods
9 Z: v# \- n# G9 y before they are send to the target, this only applies to BenQ drives with a locked flash
" g" L" F' G: F ^ ?% V0 D" i b4 i, N- DosFlash.typ updated6 b7 e* E! G- G* n
- other minor improvements
/ y) `8 g" `) G" |, [* ^- DosFlash32 is now ready for1 O/ X! j r, H, s7 Y$ P
- Windows 2000, j& b$ _/ W& d; ]1 m8 b* X
- Windows XP 32 Bit Z5 g( g/ p- o( x
- Windows XP 64 Bit: q. }8 Z- d, V' b* |8 C( t/ S
- Windows Server 2003 32 Bit( M8 s" G( z# r3 Y# h
- Windows Server 2003 64 Bit
0 Y" }" K% M5 j7 N: G& \; ^ - Windows Vista 32 Bit/ M$ u" g. x% P% J: E1 E
- Windows Vista 64 Bit
$ \ _& D. N$ e ]8 u- Warning: Drivers for Windows Vista 64 Bit need to be signed, because we can't afford the
/ F$ Q8 S, s+ u3 y, K money to let portio64.sys sign you need to do the following:! C1 ?9 u- [4 K6 I
1) Log on as Administrator) _6 Y4 Y! c( s8 g( [7 P! ?0 g
2) Enter the following command in a Dos-Box:; W+ z5 T8 `" j3 S' g" a2 I
"bcdedit -set loadoptions DDISABLE_INTEGRITY_CHECKS"" t, ?* {9 R% ^( V4 z
(we made sure there are no typos in the line above)  / ?: ~# U$ o i% A8 S0 x9 ~
3) Press enter and reboot your PC
& Z6 m1 K! J$ h4 h2 v) a 4) Press F8 key upon initial system boot up
9 V! j4 @+ g' z- f 5) Choose to disable forced driver signing enforcement for that boot session
6 A- x; v* n& @# j* A2 J! G" R0 g* {- Q q5 T
& i6 Q" e, {. b. A! x
The following only applies to drives with a locked BenQ flash.
9 e! ?) Z! J- v( [0 W0 }1 u2 Y9 m- ]* T7 d# L8 D: |
' n' E9 e8 w! O( h
Geremia's BenQ unlock with DosFlash16 / DosFlash32 on any motherboard with the PC's psu% O4 O. e0 M; }6 O \& u* |
-----------------------------------------------------------------------------------------
+ H+ S' K- U4 G* u3 Q7 B" |- disable CD-ROM boot option in BIOS8 c9 `5 `' K6 G* r- F
- connect BenQ to your PC's power supply unit and SATA port; g o+ H) q* r7 S1 ]; z/ t
- power up PC, wait until bootup is finished
: B3 F9 ~" v4 _$ ~: L( F# k- eject tray of the BenQ and shutdown PC completely
9 y8 L: D" m) F. t! Q- e* Z- push the BenQ tray half in" ^4 a5 S# K' z6 Q2 ^' N: m9 o* U
- power up PC and boot into DOS for DosFlash16 or Windows for DosFlash32+ L+ W0 n7 D% ~# w! K; w/ C
- run DosFlash16 in auto mode for DOS or DosFlash32 for Windows
5 W" |+ d. |6 @6 B: Z7 g- if you read the following:. h% N9 ^/ \1 S0 t
MTK Vendor Intro failed on port 0x????. Because there seems
6 }/ G9 X. u6 P/ o to be a BenQ drive connected you should try Geremia's
1 b1 ^8 H; ~/ i" t' p" s( g unlock method.2 T& q [) h1 r8 M, H3 s( E
- Eject drive tray8 ~ D5 a/ ^) z; J
- Power off drive
1 `' J/ d8 D; n - Push drive tray in until it is half open$ s6 g1 _" E& C; c3 M
- Power on drive# b S! k C5 C& v8 J+ S$ o
- Press "Yes" if you are ready
: p6 s' E* ]+ {. o4 ] Are you ready (Y/N)?1 G" B6 d" z& d- W+ _, J
- simply press 'Yes' without doing anything of the above, because we
4 @0 C; w" V! ]' F4 V already did that before starting DosFlash16 / DosFlash32; ^2 f! T' L4 F, {
- the BenQ flash should now be identified1 @$ K0 S7 V* G A2 @
- go on like usual, y2 [8 g; Y% f0 x/ g6 s Z
9 _( t' H+ i/ M2 U. E4 G8 T' }3 w* h5 G5 ~2 i8 F# d2 P" d# R+ m
Geremia's BenQ unlock with DosFlash16 / DosFlash32 on any motherboard with 2nd psu* q+ E, A5 b7 l3 f1 y+ O
------------------------------------------------------------------------------------
7 K& c# K9 _7 w! @0 `* e- connect a separate power supply unit to the BenQ, don't turn it on yet
& g8 J+ w- |4 S' ~; H- power up PC and boot into DOS$ y; g6 B/ l0 {$ D, I: s
- run DosFlash16 in auto mode for DOS or DosFlash32 for Windows
$ U1 R4 ?( t( F/ F" u7 q$ A- if you read the following:
& F$ ~! F! ^1 | MTK Vendor Intro failed on port 0x????. Because there seems; P: z K2 O3 H; ~+ a0 ?0 C W+ A# C
to be a BenQ drive connected you should try Geremia's f" G1 N9 a# T3 n' } Q9 N
unlock method.1 P6 Q6 ~6 }3 s( Y
- Eject drive tray
8 l2 E" I- \) W k% i - Power off drive1 {. ]" F8 U0 A9 _1 f
- Push drive tray in until it is half open; C) H ~* x! l7 c1 {+ K1 Q* O
- Power on drive
/ \7 Y, ~6 w8 {5 i0 @8 A# G4 ^ - Press "Yes" if you are ready
5 A" M5 ]8 g1 {& M( w Are you ready (Y/N)?2 _5 B* g% o& I& z- H
- do the above and press 'Yes': c! ~! {7 ]1 Y! q9 J" n1 r
- the BenQ flash should now be identified2 X4 K; P. N, T7 b- H3 c
- go on like usual
! L: G% D- c+ _3 d E+ @2 j4 v& y2 N r! Z2 q4 p4 [2 ^
x3 \( P, C) g/ v; y- n) y% W
Magic28 BenQ unlock with DosFlash16 / DosFlash32 on any motherboard
7 k. a* i9 N0 Z/ A7 J$ y---------------------------------------------------------------------
* ? _3 A& M+ L7 v6 M! c# v- connect BenQ to your PC's power supply unit and SATA port
& l3 y& T0 f& ^" ^# Z' Q" [( I G- power up PC and boot into DOS for DosFlash16 or Windows for DosFlash32
& Z8 @ T1 H8 b9 z# i- run DosFlash16 in auto mode for DOS or DosFlash32 for Windows
* q% d6 N) n# X3 J3 [$ I- if you read the following:1 s$ o2 ?! R* c2 n% A O
MTK Vendor Intro failed on port 0x????. Because there seems1 A' Y; F* k9 u7 S8 \9 N& y
to be a BenQ VAD6038 drive connected you should try the
: s) y& c2 ]3 `0 X' @ Magic28 unlock method.7 G7 b- d/ e$ C7 \ `9 ^8 S5 p
Do you want to send the Magic28 command?, B% d' b7 }& @7 c9 f
- press 'Yes'8 ^! w- B; }1 b0 G8 B' p8 d
- the BenQ flash should now be identified9 n. A0 Y: R' f, R7 Q
- go on like usual% a2 ^& b: @5 x- f, `8 q
& _0 }4 Z5 _6 B7 W/ n4 }, h
9 V2 V2 U: t g PThanks to Redline99 and Tiros for help and support.
V1 |9 w5 p' O( K! {6 }) s) l. `7 ^" T- ]; N# O
It's all about DOS!6 ?- N" M' r E4 F
Thanks guys for the excellent team work!1 P0 W1 ?6 X4 r4 h4 F! l' _' d7 A
Geremia, Modfreakz and Kai Schtrom# y# i8 E9 A5 A6 W
* v2 t, G' n* w3 M/ a+ K7 P
; n& o) R8 C/ Y8 z# z************************************************************************************************
+ V, p/ d& X$ V i( u" J2 ~) R8 |2 M8 p8 P6 L7 P ^5 I
5 Y. V2 Z0 m, Y' N3 J$ rDosFlash and DosFlash32 V1.4 Beta# [8 b& e- C- F* A% ~7 W
-----------------------------------* n0 L1 E6 `7 `* S& h( R) \5 J
- DROM6316 flashing support( ]5 @0 Q" S, K8 X: L7 z
- a flash erase is now always done with a chip erase and not a sector erase command, because6 o4 z" B" M# `4 O# |5 {3 z% c3 w
the sector erase gives problems for some Winbond flash chips including the DROM63160 r1 I# I7 S2 ^5 D8 h) C: o
- DosFlash.typ corrected and updated
! m7 |: { V( X2 u7 N- for a detailed explanation on the soft unlock look at the included file SoftUnlockByIriez.txt,
; l+ i) ?( q3 o0 F$ Y- @2 w5 P it contains a very good explanation by Iriez from XBS, thanks for that one!+ I7 A2 {: D3 x4 z$ O
& B$ a# n0 L- W8 xThanks to Iriez, Jumba, Redline99 and Tiros for help and support.! S/ ?3 ?4 {7 Y. `
3 R0 |# ^- n% [/ U7 QHappy DROM bricking!9 h+ [5 k1 p. `" `: E1 e
Team Modfreakz and Kai Schtrom- W" O2 E+ m/ _; F
/ p( N( B4 _/ l, p& a1 w
! R! t# m4 H& ] ?9 f7 f1 |************************************************************************************************7 s3 \- j' z- ?9 ]- ]5 t0 y
7 N* L6 I+ G4 l8 g$ w' ~2 w
) X" c& I0 S* Z7 h. e& b
DosFlash and DosFlash32 V1.3 Beta
' `5 Q7 ]& w8 v2 \ a6 Q! ~$ ?- Q' d-----------------------------------
( C. Y3 T7 ~! Y, B$ l) q- BenQ optimization in unlocking the flash chip, it should now be possible to read/write/erase1 F" i1 n: a( ?. b: t7 j: M+ P
the flash without any soldering or wire tricks, the drive is polled for the correct mtk1 F( j9 m: E1 j/ @
unlocking status after power on, this only works for VIA cards and NForce boards atm0 X0 }) S& n, f( w5 K- r
- DosFlash32 has one additional parameter, if you start it with the parameter "EnableDrives"6 _& o8 i v# s: _& U5 l( I
all the DVD-ROMs are enabled in device manager after flashing, this could give BSOD on some
- v$ W7 B1 L: s3 i6 b U, i systems, therefor you need to create a DosFlash32 link and add that parameter manual to use it7 @" a, ], E. C6 c5 c% J
- DosFlash16 has one additional parameter "Send ATAPI Device Reset" in manual mode, this could
% z4 {; J3 V; d6 S- I give better chances for soft flashing on some VIA - motherboard combinations; ]0 t& U2 X d- I% c) L
- better support of Intel chipsets, drives can now be flashed if the controller is not set to8 R; d& U* l2 T9 a; ?0 P8 {
native mode in the BIOS w% g" B0 y3 j4 {% y7 w
- the following controller list includes vendor and device IDs that are hardcoded to identify& }0 z3 S c5 D/ @
the controller type (IDE or SATA), this is needed if the BIOS uses IDE ports like 0x01F0 or- x; X) s) Y+ b5 N
0x0170 as SATA and not as IDE channels, this list is NOT related to soft flashing
1 G6 q8 Y6 d0 M* S- Q0 ]" Y- the following chipset support is added
" D* n3 x9 o$ ^2 u" p7 [1 a - VIA cards
, i. j( S* F6 H( [ - all VIA cards with a 6420 chipset1 _& Y& v' U, I0 f4 d9 Q
- IDE Controllers. C) U8 @, r4 V! `! [+ N
- NVIDIA nForce 2 IDE Controller
2 Y5 Y) {# f1 m5 w K+ l - NVIDIA nForce 4 IDE Controller
+ L0 K N$ ]0 z3 y- C; E# e - Intel ICH9
. b, g! O7 G, ] I3 v - Intel ICH (i810,i815,i840)% p3 }% U {# h) M
- Intel ICH02 S( X4 B% p5 f5 T) E9 F6 `% R1 g3 S
- Intel ICH2M
- c& `- x/ `+ ~( Q9 x6 s - Intel ICH2 (i810E2,i845,850,860)
$ n; g# n& u% ]2 r - Intel C-ICH (i810E2)
t2 e. q* d: t9 r P - Intel ICH3M
1 S) u$ I# W D" [ - Intel ICH3 (E7500/1)
" Z# C z; }* ~9 j0 V5 T2 _ - Intel ICH4 (i845GV,i845E,i852,i855)
) {4 _$ A& g9 a - Intel ICH50 B/ |- i0 w7 C* f
- Intel ESB (855GME/875P + 6300ESB)1 x9 X3 d/ O: X; ~; H4 A3 D
- Intel ICH6 (and 6) (i915)" l. b2 s) {# Z9 i7 Q) m; }4 ~4 p
- Intel ICH7/7-R (i945, i975)0 C: n/ @, N" F& Y0 g
- Intel PIIX3 for the 430HX etc5 W+ h% F; s6 D# y( {8 W
- Intel PIIX4
" r9 b: R% B* D2 i' O - Intel PIIX4 for the 430TX/440BX/MX chipset
M% b, d4 F7 b- }7 W - Intel PIIX2 F; f2 I( ~; k/ n; A
- SATA Controllers+ R, c! T, ^& z8 v
- NVIDIA nForce 4 SATA Controller$ D" u9 u9 u5 y0 H
- NVIDIA nForce 2 SATA Controller
0 K& a. [9 g3 _ - NVIDIA nForce 3 SATA Controller
2 n0 @5 n, g1 F8 r - NVIDIA nForce MCP04 SATA Controller
4 r6 `& A5 S% e$ {$ L6 d, h% a - NVIDIA nForce MCP51 SATA Controller
, P5 w3 [, [* i - NVIDIA nForce MCP55 SATA Controller
) B3 N+ c( D5 C0 b# A$ a. _# _ - NVIDIA nForce MCP61 SATA Controller
: Y x# d! I, e8 s# o - Intel 82801EB (ICH5): W1 m7 X7 l9 K. \: S h* \
- Intel 6300ESB (ICH5)
. D+ j& w, ]! W8 M1 S - Intel 82801FB/FW (ICH6/ICH6W)7 L7 `# F7 a) |2 t" a0 b! b9 M
- Intel 82801FR/FRW (ICH6R/ICH6RW)
5 P! s2 F' ^- F( ?# q( L - Intel 82801FBM ICH6M3 F. R, Y3 o* I+ D8 X( j
- Intel Enterprise Southbridge 2 (631xESB/632xESB)
( T/ t# }! d4 A3 l - Intel 82801GB/GR/GH (ICH7, identical to ICH6)/ e7 @7 `! p) F# y) f" `
- Intel 2801GBM/GHM (ICH7M, identical to ICH6M)0 S5 V" o. b' P, n+ Q
- Intel SATA Controller IDE (ICH8)
9 @$ d6 s$ S/ [+ u" [6 |9 Y - Intel Mobile SATA Controller IDE (ICH8M)
) m3 D4 ]. ?* F# f - Intel SATA Controller IDE (ICH9). j9 D6 A e) U8 E, z
- Intel SATA Controller IDE (ICH9M)
$ O' B* m! \+ A$ m9 n
* [! V' K+ v- M9 e. y
* W5 r/ b% Z. ~8 W. D& J r" ]The following only applies to a software flash on a locked flash. The methods have been tested9 I% W& M' v/ E4 k: Z4 z/ W- z" d* g
with the BenQ and the Sammy. The VCC trick will work on any motherboard, but you need to do 8 E4 q& n4 |4 a
some soldering and cut traces.$ k- _) l8 X3 E3 m7 V
+ b$ g5 ~8 J& m9 _. J$ j% o% m, C1 d( o6 |* h- Y# L$ B
Soft Flashing the BenQ in DOS with a VIA card and DosFlash16 in manual mode
' i% V7 Y" U, L2 ?1 O$ g, O-----------------------------------------------------------------------------
& o1 k. L6 W) e; P- j! e5 N% Q/ S4 U1 g# g- first you need to know the port addresses of your VIA card, you can get these by starting
! W& a1 R8 [% |9 u A2 K msinfo32 on Windows XP and looking at the port listing for SCSI devices
+ Z7 k$ h" l- N( v+ A" I- for the 6421 the 1st port is internal SATA, 2nd is external SATA and 3rd is internal IDE5 w5 @( O) O& \: J; t- |
- for the 6420 the 1st and 3rd port are internal SATA2 f+ i- Y5 \( u2 U$ q0 @! ^
- you need the starting address e.g. 0xD000 or 0x7000
( t* f# i+ O4 Q# q3 S- be warned that these addresses can change from computer to computer, they are assigned
) k( T( T; ^) A# \) { at bootup, but Windows XP should display the ones you need for flashing in DOS j" ]/ w/ x7 N0 H# W* e
- connect a separate power supply unit to the BenQ, don't turn it on yet (can be XBOX360 or
* Q( W- o0 t6 m) V7 d" u% F Xecuter Connectivity Kit)5 n6 g. S5 F* n' }9 }/ P: k/ O( Q
- don't use the Xecuter Kit to power the drive with the same psu as your computer, cause we q& G5 w4 o% s2 A+ t* a
need to power the drive off and on during soft flashing( g! A" _, V- M @, A. v3 g6 ^9 ~
- cold reboot or reset the computer9 F4 w8 \: U* Z, s
- boot from a DOS disk, I used a Windows XP MS-DOS startup disk
; O( Y F' c q# N1 M- at the prompt type:
+ i( P& Z$ y, ^9 U3 w! S DosFlash r 7000 1 a0 1 4 a:\orig.bin 0
* E2 ^1 C1 t l2 F; g - instead of port 7000 use the starting address your VIA card uses
2 E- J. p5 V" ~: X, `' D- press return
Y% `- n( c. T: u- h- DosFlash16 will ask you if you wanna resend the mtk vendor intro cmd, press Yes7 d N+ M( p" T
- after you pressed Yes the drive status is shown on the screen, it's something like 0x7F,
1 k- x z5 h+ ~% f8 L9 o this will change during the next few steps
3 s9 r6 N& z6 X- turn on the BenQ psu and wait 2 or more seconds, status changes between 0x51 and 0xD1
7 E* a0 J) ]( s, _/ h4 I4 \- turn off the BenQ psu and wait 2 or more seconds, status will stay at 0xD1
( w8 W- Z$ f, S) y7 E6 h. f- turn on the BenQ psu, you should get a good drive status 0x73 and flashing should start
* r& Q- K) p1 }2 z* j' F- this worked only one time after the computer is powered on or resetted for me
; r6 _. D2 _) W- writing and erasing works the same way8 F W; p+ M2 F) c/ ]$ e5 B
- for writing type:
' i8 `# k' i p) W" V) Q DosFlash w 7000 1 a0 1 4 a:\ixtreme.bin 0
& N- }% N9 y, p" w0 G# `- E- for erasing type:7 o5 t3 G0 O, i( u. |
DosFlash e 7000 1 a0 1 4 D8 0 (D8 is the sector erase opcode for the BenQ flash, if you need
2 a ?$ h4 `6 W to erase another drive, lookup the value in the datasheet or DosFlash.typ)
H: j, ?9 Y$ f8 g- h# _: [8 @/ b: A- if you experience any problems try to use 1 as the parameter to the ATAPI Device Reset, cause
* I: Y- \- r% @. A/ F the same VIA card will react differently on another motherboard sometimes
6 L$ K( U7 r( Y4 c& y2 \7 c1 }* w8 T0 ~3 u# a9 k
6 y* u! C* c4 ~8 e: y% l0 Q% fSoft Flashing the BenQ in DOS with a NForce motherboard and DosFlash16 in manuel mode
, D' [% A- i- U+ c---------------------------------------------------------------------------------------$ ] I# n! U i5 `" M/ _* U7 O% p v5 p9 l
- first you need to know the port addresses of your NForce motherboard, you can get these by % E6 k: ^% b- C! @& y6 a' J
starting msinfo32 on Windows XP and looking at the port listing for IDE devices0 _ l V9 _! @* o5 d
- on most motherboards the 1st and 3rd ports are used for SATA
" {2 k; E1 L! A# F# t- you need the starting address e.g. 0x0970 or 0xE900
8 ~) m- z1 {5 o8 e5 w! f6 {- connect a separate power supply unit to the BenQ, don't turn it on yet (can be XBOX360 or
. K# ^; T+ g* H, {( U J8 D5 w Xecuter Connectivity Kit)
- p2 g5 j/ o" l( w+ X$ u- don't use the Xecuter Kit to power the drive with the same psu as your computer, cause we
, G2 V; { f& y+ u+ i: m need to power the drive off and on during soft flashing
1 f( |1 V' A2 e0 g- cold reboot or reset the computer5 n4 x7 B9 O4 a. Z! Z+ V' F' {
- boot from a DOS disk, I used a Windows XP MS-DOS startup disk
- a) y7 A y# `; o$ I% U+ T4 B- at the prompt type: * ~: w. Q# S$ d H0 K% ~! w. ?
DosFlash r 0970 1 a0 1 4 a:\orig.bin 1 & b) J: s* I- o+ L, [
- instead of port 0970 use the starting address your NForce motherboard uses' f, [" y" h4 z+ X) x1 e
- press return# D1 m# {' o u/ i& t2 H9 T
- DosFlash16 will ask you if you wanna resend the mtk vendor intro cmd, press Yes
$ L8 a$ X$ W5 @" |; W1 A# D* U- after you pressed Yes the drive status is shown on the screen, it's something like 0xD1,
9 ?5 E) \" @- ^. H this will change during the next few steps
3 |! ]$ H1 }9 H- turn on the BenQ psu, you should get a good drive status 0x73 and flashing should start
. t q1 p, } L8 J+ ?) S- writing and erasing works the same way
d& s% L: W9 I, x( v2 F- for writing type:( x9 l/ e& V! M; k) F
DosFlash w 0970 1 a0 1 4 a:\ixtreme.bin 12 |/ s+ l. ^6 ~9 g$ v# c5 F% B
- for erasing type:; A% U6 D0 ~7 {; Q+ M! D; O2 f8 C
DosFlash e 0970 1 a0 1 4 D8 1 (D8 is the sector erase opcode for the BenQ flash, if you need
( i$ o9 ^+ l+ @8 g# B5 S to erase another drive, lookup the value in the datasheet or DosFlash.typ)
$ g8 A5 }% u0 A" V2 S; c+ O
1 ~0 r& m7 T# W' P2 q6 m- Z, T. Y. N/ U
Soft Flashing the BenQ in DOS with a NForce motherboard and DosFlash16 in auto mode% _" T% p$ f% o- ?6 U0 p
-------------------------------------------------------------------------------------
* {9 b8 u+ B; O- connect a separate power supply unit to the BenQ, don't turn it on yet (can be XBOX360 or ; I6 {1 w* F% B3 t5 E( Y
Xecuter Connectivity Kit)
) x# X: w, d! _8 N8 f5 ?1 t5 n( B/ B. l- don't use the Xecuter Kit to power the drive with the same psu as your computer, cause we
& S/ A$ f( p: K0 [8 \2 p3 n need to power the drive off and on during soft flashing
+ y$ Y( w' x5 _: x. {7 R; v- cold reboot or reset the computer
6 `6 Y$ v$ P; n5 b0 x6 [- boot from a DOS disk, I used a Windows XP MS-DOS startup disk
/ R6 P8 [0 i" r/ V, X- wait until you are at the cmd prompt; @) d: y' Q% i1 K6 ^
- turn on the BenQ psu0 J4 s9 E/ _! V0 B. z% O
- at the prompt type: 0 U: k1 ]/ Y! G/ M7 y/ a2 |
DosFlash* [% s; j" x+ Y) L) o8 \% Z
- press return9 G6 X2 n+ k. Z0 a
- during scann of the BenQ's port DosFlash16 will ask you if you wanna resend the mtk vendor7 T9 t. G$ y$ U5 q' D! b! x* P
intro cmd, press Yes
; x/ d8 f3 q& G) X5 S; l) n- after you pressed Yes the drive status is shown on the screen, it's something like 0xD1,
( u; F7 ?+ w3 p) x6 F6 N/ x$ l this will change during the next few steps
3 h+ k5 e* T' R! f, Z0 l& ]. e% a- turn off the BenQ psu and wait 2 or more seconds, status will stay at 0xD16 v9 i) b" w1 B7 T
- turn on the BenQ psu, you should get a good drive status 0x73 and flash access is granted
5 i' W! K/ [- J( g7 t& f0 m- you can now continue as usual using DosFlash8 L/ u) y3 s& F
- writing and erasing works the same way
4 ], ~+ |$ n8 h+ Z# q+ R+ L) f- if the ports are scanned there is the possibility that you'll get the resend question for3 R0 Y) b8 V: T! N( a7 ^
other drives like a NEC, this is because the NEC has no MTK chip and returns a bad status,- Y% {- U1 X+ f2 b- `
if you know the NEC is at that port you should press No and press Yes only if the port of1 D4 g( E# U' ]
the BenQ is shown or simply disconnect the NEC
! w* j1 d( V; |7 \) i
. x1 j+ A0 h: A
8 R4 c1 I* c. `+ d( G% y4 M8 }Soft Flashing the BenQ in Windows XP with a VIA card or NForce motherboard and DosFlash32
/ K: d# v" P- c2 T+ |/ @-------------------------------------------------------------------------------------------
9 N) `8 j6 A4 e' @- U- connect a separate power supply unit to the BenQ, don't turn it on yet (can be XBOX360 or ' o4 Z7 u; D) H( e9 x4 l8 M
Xecuter Connectivity Kit)
* _) `9 ]. z% }& H# T- don't use the Xecuter Kit to power the drive with the same psu as your computer, cause we
8 F$ _0 W! f( F need to power the drive off and on during soft flashing
# A. Z& t) [) c; C) `( R- cold reboot or reset the computer
) Y3 g. R; x/ W; H, t5 i- turn on the BenQ psu when you are in Windows XP
2 o* n) S J$ j& G7 w F2 v- start DosFlash328 K* _7 v2 W, Z# v2 |
- DosFlash32 will ask you if you wanna resend the mtk vendor intro cmd, press Yes
5 W0 l( |8 Y. }# w; A- turn off the BenQ psu and wait 2 or more seconds
0 m: Z/ B* @4 N, Z$ _- turn on the BenQ psu, the DosFlash32 dialog should show up
) B3 }( K+ {( D. ~5 K% ]- the flash should be recognized by DosFlash32
0 Y: {: k; N! b" d! e- you can now read, write or erase the flash
9 h/ }( I# q/ L+ W3 F6 x5 c! |" r- you should be able to do the flashing more than one time in Windows, only do the power # z# M, S R7 \0 w& v
off/on trick again* g% J& n+ v3 n% |5 P7 V8 Q
- if the ports are scanned there is the possibility that you'll get the resend question for
: E" s4 m* S; `5 A8 l) k other drives like a NEC, this is because the NEC has no MTK chip and returns a bad status,
" h: S5 }, X7 W! | p% @ if you know the NEC is at that port you should press No and press Yes only if the port of- Y* [: a$ [2 d: i2 W) B/ k
the BenQ is shown or simply disconnect the NEC7 v% H( N$ _/ ?& T' o/ y1 w0 z- e! [
4 i2 n; e) u s s+ y6 k0 O; g/ @" Z v8 v0 A
Many thanks to jumba for the great idea of BenQ polling!6 }5 o$ q0 v2 @. q9 Y
Thanks to Iriez, Jumba, Redline99, TeamModfreakz, Tiros and all the IRC people for testing0 A6 [2 \* {1 f! T% E- ^
and support.
3 g w+ T/ a7 s' i+ X8 A+ G' F( o5 u
* r. k1 R0 N3 p: F- lJoin us on IRC efnet at the channel #dosflash for support.
$ w* P7 z, k6 X8 M1 o; i
0 `: G1 a" d) B2 S' k* W6 G& RDon't brick your BenQ!
+ r$ p& v( v6 G7 w$ }+ l$ MKai Schtrom! D0 l$ m) d! i' s) S
. k o# ~) N1 Z5 k: S# L" V X6 E: P. I$ W' a
************************************************************************************************4 t# l7 C( f/ D x+ B" Z
; u% d2 o/ E1 \; [# I+ Y& w3 u$ V& H+ Z9 |6 q& Y
DosFlash and DosFlash32 V1.2 Beta
$ d4 E- U% L8 G-----------------------------------% Y7 B% N) L! j& [
- bug fix for BenQ recognition
- Q8 @- G( e- e9 r( [9 W - manufacturer and device id are sometimes 0x00 for a correct installed switch! R* ?# z! d+ P9 x' r
- this issue is fixed with an additional ATAPI device reset before the mtk vendor intro is sent
/ i( t& h3 C+ E: b) ~2 Q9 `- N* Y3 [, e8 V
Thanks to Redline99 who fixed my buggy code by adding one line! 4 R, Q3 W9 p2 t+ [: q9 a- a- I
( j6 S, X; u4 y# R" f8 k. S# N7 ?# G3 V2 t4 D
************************************************************************************************
* U7 a6 e4 l' j- |) X( o8 I$ J" _) h$ r5 G6 V) `' v; r# ~8 r
& f }, D' v! ]8 J" H( j/ W
DosFlash and DosFlash32 V1.1 Beta
3 E E$ e/ K6 x- t! [! h3 {-----------------------------------
5 r/ D$ Z$ z N; o- DosFlash.typ modified for better BenQ support
5 ]9 R% X- W4 V! J- DosFlash16 Flash Manufacturer and Device ID screen output restructured6 l6 e" W% T1 Y: H2 g( {
- flash chips are first erased before writing starts: |% \9 j5 w/ o" b& v9 J' F
- DosFlash32 no reenable of DVD-ROMs in device manager after flashing, this means you can't see the drive
3 T# x9 c! N9 y% J: c4 q* F, m and maybe have to activate it manually again in device manager, this could give better compatibility and6 k. _2 G+ d0 l& X6 y
hopefully no more blue screens
6 O4 p; G+ u5 a3 u
2 u' z/ q# S9 G, [9 H6 NMany thanks to Jumba, Redline99, TeamModfreakz and Tiros for inspiration and help!
0 I/ K% I% ^3 M) g4 ^/ H, G
6 @; k& R% u9 T( v
4 L: Z' v; a5 f J************************************************************************************************
* x& v8 s) m j; K+ e( X
7 z! \+ p Y$ o% P0 E6 Z; E2 T- h+ T! N
DosFlash and DosFlash32 V1.0 Beta2 x+ J% Y( w+ I" n! x7 A' Q
-----------------------------------
9 o4 Y, ?8 H- W- c; ]3 l! rDosFlash can be used to read/write/erase the flash chips of most CD/DVD-ROM drives) P0 X( U7 \! U1 g# d g
that have a mediatek chipset installed. DosFlash is for DOS flashing, DosFlash32
! j6 Z. Z: I) U3 Hfor Windows flashing.
4 V5 ?% c9 s; r# G* e- k1 ^$ }5 W+ K5 t. C+ \1 V6 _5 O, Y
3 E1 e+ V A" e1 [4 |: `Features:/ j \; y1 J I' ^) D
-----------
- i/ l+ V, D) O4 }! \- flashes IDE and SATA drives
3 n6 b: a# \* `) m- supports parallel and serial flash chips
5 n" [2 g& u! S/ e: M- flash drives in Windows with direct port access$ S5 L; G3 R, ?: l( u+ N1 r6 Q. u
- no vendor cdb flashing commands are used
* ~5 q/ {. b/ ^' M- tested with the following drives:) g1 ~) e) \9 V/ y2 J* p' C$ F5 [
- TS-H943A MS25, MS287 W- c6 O" R7 |+ @/ x
- SH-D162C
" B9 V, ~2 j: @4 `" L# v - SH-D163A
* q! g! t& a( {$ g } - and some other drives like Liteon, Hitachi, ...+ `1 K; _9 ?+ n$ z x1 x/ [; i2 Y
- NEC drives are not supported, cause they have no mediatek chipset installed
* d4 C0 N) d' C* Y- {
/ C+ X/ w& B" K4 J- J) Y9 g# ]$ _& r2 y% [8 B5 n7 Z3 P g
DosFlash' B) [6 }4 ~! I' G+ q
----------
6 ^2 \7 @! a+ A; C+ UDosFlash supports two flashing modes, Auto and Manual. If you type DOSFLASH at a DOS prompt it
! }2 U( K/ Y2 Q M: R% A+ }will start in Auto mode. All drives and the corresponding flash chips are detected automatically.7 X7 ~5 A. b/ i8 A
If you can't get a flash chip recognized due to a bad flash or other problems you should use the3 J3 @8 n* m+ |2 @8 @6 P3 o
Manual mode. In Manual mode you can enter all the parameters used for flashing by hand. The
" Y9 D# v) m2 F, `9 `- h2 S3 }$ Lfollowing help screen is displayed if you start DosFlash with a wrong number of parameters:
5 `. {# Z9 l7 a6 F1 g ^' H
$ O! h; V* } [3 y1 d
5 E( Q- r3 p3 l+ }' vDOSFLASH by Kai Schtrom, 08/05/2007 (Ver 1.0 Beta)
) n2 t) L t/ I& R2 @DOSFLASH [R|W|E] [PORT] [PORT TYPE] [DRIVE POS] [FLASH TYPE]
+ t! N2 ~) I: Z, O4 A' V [FLASH SIZE] [FLASH SECTOR ERASE OPCODE] [FILE NAME]4 e" W8 X. E: r
R: Read FLASH
8 t+ [, a, Y' Z( k6 f W: Write FLASH
+ |2 M" E; K1 u! Q5 {3 j/ Q: i E: Erase FLASH' B! o% W% r& K( a1 [7 ^1 K
PORT: Port to send command to$ l0 |% C+ t2 j0 J) f9 e- A5 V
PORT TYPE: 0 for IDE, 1 for SATA7 }$ w0 F' D% q j- g. ^
DRIVE POS: A0 for Master, B0 for Slave
( S G6 ^) E2 H" w, j FLASH TYPE: 0 for parallel flash, 1 for serial flash$ @/ X' b9 O. R- `
FLASH SIZE: size of flash chip in number of banks
* f, `( u7 w1 ]FLASH SECTOR ERASE OPCODE: individual sector erase opcode command byte& {4 V* `% c! _- s
this is only needed for erasing a serial flash
4 Z$ P1 k3 y Q4 c( \ FILE NAME: name of the file to read/write from/to flash2 m3 ]9 W8 v0 Z6 _
All numbers are intepreted as hex values!# c Q+ b! E! \) [% S
, [$ f* [6 e c" j% ^6 B( K/ HExample Usage:" ?/ j( f( E0 u3 O, x
"DOSFLASH R 01F0 0 A0 1 4 C:\flash.bin"
, A/ W9 j+ {9 N9 R$ m8 U; x=> Read serial flash with a size of 4 bank (262144 bytes) from Master Device% g. ]1 p* j' c! _9 W1 j; S' q3 S
on IDE port 0x01F0/ g2 f2 A! p+ B7 s G7 V
"DOSFLASH E C000 1 A0 1 4 D8"
8 |9 }4 b4 o% N% ?& }6 V2 [( u2 @=> Erase serial flash with opcode 0xD8 and a size of 4 banks (262144 bytes)$ f' E$ r! k& p5 \+ T8 W5 @
from Master Device on SATA port 0xC000% `8 q& b9 P7 G: [& S' R9 b
, \& T4 C: f; J" e* Q) F7 |# c ; j3 B+ x+ Q" i: G5 C( m
Explanation of the Parameters:( C1 L& v' b9 n. ^- o+ U% W n8 w$ w
--------------------------------
* n; `1 p: u4 w. d6 K0 w
& W4 @$ M9 y7 W[R|W|E], t4 `* B; U/ P, C! D' l3 H! l
---------
5 W& G' o% o2 `/ b6 P- this will set the mode of flashing, it is recommended to first try read on any: s2 p% v" A7 [( t# H A4 i
drive, if the read will fail, it is highly unlikely that a write or erase will
$ n) m+ O( A, b. Q succeed
4 W- w% l6 ?3 n" c& P7 O' d9 b& ^ Q9 t0 [) b. @# |
[PORT]
: Y* Q3 T3 a I& G--------
# l7 X J* p5 H8 [, `1 o- the port to which the drive is connected, a port number should always be entered; k. ^5 [8 I; k; L& f) B
in hexadecimal and have 4 hex digits, valid ports are: 01F0, 0170, C000, C8003 F9 x% Y' o, I
- this option can be used if your PCI adapter card or on board IDE/SATA ports are
5 N0 R. l* ~8 c! v. ]& x not identified by the auto mode
6 Y% T4 w i% m4 D2 O% u2 y$ H2 B o" F0 i& T
[PORT TYPE]
P& ]1 k' Z* X6 w* B: g; e-------------+ P' X) t3 K$ l7 f0 a
- the port type tells DosFlash what type of port is installed on the before entered! A2 E2 w- u0 b9 y; e+ X
port address! A- r. a6 l! a) D+ x+ s" j
- valid values are 0 for IDE and 1 for SATA
2 D) m' j6 [- O2 p* Y. s7 x( l- make sure you never mix the wrong port with the wrong port type, this could give- f5 p* _0 E5 V% J
strange results or in the worst case a bricked drive1 A' ~8 ~, z1 b6 i
2 W, N* s3 F* N5 p* _/ L
[DRIVE POS]
6 x, ]5 Z' M/ w$ Z+ ?* s5 g7 d" R-------------
# P8 r W5 `' r, `- old style IDE channels have the possibility to connect two drives at one IDE
5 W9 |2 ?& @1 W5 T7 y0 F channel, the first drive is called the master, the second drives is called the
, b7 ?7 o+ [* U, n slave! i9 ~) q$ M4 }* B
- you can select which drive should be flashed on the channel, A0 selects Master,2 `. N' i& I- R }* T2 g( k8 r
B0 selects Slave
9 ^# N/ T) u; r1 h# m$ h& t- on SATA ports this value is always A0, cause you can only connect one drive to
6 ~- ^* y' X" {( p9 M2 y* W a SATA port, so for SATA you will always type A0 here
' b4 Z, o3 Q/ T! g+ M' d' B- it is not recommended to flash IDE drives with another drive connected to the
6 Z% k; I" z' g5 B same IDE channel, this could be risky if something in the Master/Slave selection& z' R- q* j, W1 ~7 ]
fails2 ]7 q3 S7 k1 f& T8 ]- E" A- l: n
: }4 [0 U+ j8 ^' \9 H
[FLASH TYPE]8 j* F& F* _3 Z3 e0 E& K( t
--------------6 r$ z5 Z2 [, C0 R* c, j
- there are two types of flash chips out for CD/DVD-ROM drives atm
5 q- n: T; p7 d6 M- the older type is parallel flash, which is also supported by mtkflash for example8 f" D' ?) I! D
- the newer type is serial flash, which is supported by flashers like XSF
0 E" \. l6 K* ~! }, t- the problem here is that no tool is out that can flash serial flash chips on 0 E3 _1 W! Z6 g+ U+ X. p
SATA ports
- f$ k' z/ I6 f8 ~, n# S; a
( `5 f( K' i- I7 L[FLASH SIZE]3 t# p4 B3 e0 p- A
--------------* S3 l2 t7 B0 R+ m C Q8 B
- this is specifies the flash chip size in banks
, U/ \+ N. U; [# {- f7 }- one bank is always 65.536 bytes in size
: O3 w6 T7 f% k! z( m- if you know your drive has a flash chip of 262.144 bytes in size you need to enter 4
( ~3 Z1 }/ T) q5 q4 K$ a
2 ~0 l, I% e* o. i1 ^[FLASH SECTOR ERASE OPCODE]
" }: f- [# f8 O/ q" z-----------------------------
' k! [5 b7 z) [- the opcode used in the flash chips datasheet for erasing
: I; O! S% p" M, Z& |- for serial chips this command can be different from the standard and needs to be
& R5 Y) Q4 ]& | entered for flash erase2 j' A( l8 }3 G9 T: e. f
- for parallel flash chips you can enter a dummy cmd byte, the integrated command
+ d8 f: R/ X* P& \4 K should work on all parallel flash chips without a prob7 }6 y0 U; [ z- o: D: Q& B
' X1 s; t: H6 ^
[FILE NAME]
5 W. h' h h' H- j) b: t+ W* P- x-------------8 _/ M4 v2 p( H- m& D. h! }1 \
- name of the file that should be used for flashing- b7 [6 l" T9 B# K- r
- for reading operations this should be the output file- ^6 l$ X8 z; M& \1 i; e3 S5 z4 m5 |
- for writing operations this should be the input file
* k8 b$ M3 E6 n( Z: n
5 m+ |8 f2 D" g3 S" m7 b& z% \2 ^% D' _/ W$ f9 T
Hints and Warnings. L( S; z% o. _/ U
--------------------* [2 d' \4 H4 u# s+ V- p- E. W5 F
- read, write erase TS-H943A MS28 after the firmware stealth has been disabled with Enable0800 disc9 [# t3 D; D9 \( [% e
- this only works one time, after the first mtk vendor specific intro cmd is send
" t, h% C0 Q* e# i* a4 h3 [ - if the mtk vendor specific outro cmd is send the chip goes back to stealth mode and you need* l' `" |6 p) Y3 a3 ]: ]
again the Enable0800.iso to disable it
$ _+ W9 P9 ^( h) E { - therefor the mtk vendor specific intro is send at program start to all present devices and the
# l: v$ x4 ?6 O* y: i& b mtk outro is sent at program end7 C; t+ k D M/ ]3 _/ r* z" B, x1 u
- if you have a chip manufacturer id of 0x02 and a chip device id of 0x02 for the TS-H943A
6 d. D3 x& @1 z, Y, v the flash chip is in stealth mode and won't give access to any reading, writing, erasing9 O& P+ n! {6 Z
- always have a look at the DataSum generated, this is exactly the DataSum of mtkflash0 T4 H4 H1 f) Q
- the DataSum is calculated as the sum of all bytes of the firmware in a short integer! w @' D/ S; \' A) b0 a' s
- to make 100% sure that the flash is written right compare that DataSum to a known one m, C& L: h) f6 f3 r1 X& M& f# N
- this tool has not been tested on all drives out there, the typ list is simply copied from well1 j2 @6 f T9 g( ~- W
known programs like mtkflash and XSF1 G- N1 O( g" M: d1 s/ [, H. U( p( J
- always try a flash read on a not yet tested drive before doing anything else7 U! z* _9 X2 B2 b
- if the read doesn't succeed it is highly unlikely that a write or erase will% c' N6 |' [3 F
- some LiteOn drives seem to have probs to write the firmware correct, this prob seems to be
0 V5 K2 a4 B: w- @ related to windows register flashing, cause even an assembler app can't do this error free
" u/ y4 {" l! C. I2 |/ ? - if you get errors on LiteOn drives, write the flash two times in a row
6 s9 R7 I4 ~6 ~0 f- H; F; X' Z- for direct port I/O in windows the givoio.sys driver is used, this driver is loaded at DosFlash32
+ e$ y5 i6 Q8 v$ H% g start and unloaded at program end, be warned, this driver can possibly make your system unstable,& Q: d$ Y3 `7 L4 _
it's intention is to let privileged assembler instruction like in and out pass, even in windows,
B$ l% I& U1 y if this driver is not used you will not be able to get direct access to port registers6 j& W& I9 e K5 Z% ^5 [3 k; J, w
- DosFlash was tested on MS-DOS 6.22 and later, you can easily copy it on a MS-DOS boot disk created5 e8 m, z* e* u+ M1 E3 {7 H* m/ c
in Windows XP and start DosFlash directly from the disk! X2 j+ S) R: @- ^+ y
- don't forget to also copy the DosFlash.typ file, it has all the informations about flash chips% `# @ h+ L) ^+ k
for auto mode flashing
' j+ c" f% Q; \5 k- DosFlash32 was tested without a prob on Windows XP SP2, you'll need also the typ file for the . v- R: f- V. A- x) ]
win version
( ]; h; t( i* u' O& W b- DosFlash32 will deactivate all CD-ROMs in device manager at startup, this is better for flashing,
* ~$ |1 \- F2 `! R& y, f cause Windows seems to poll the drives all the time and this could result in a bad fw file or
# ~" t8 I- K$ a8 ^; _) U% Q a program hang, the drives are activated again at program end- V9 ]& U0 H# a( ~% n% t7 u, N* L
- you should make sure that the flash is not in an erased state at program end, cause device manager
/ O. v" X1 w+ _3 l! p/ _, @! m% [& p( I don't like drives that do not respond to the inquiry command$ `5 ?" y. p6 F2 F; F; t
- deactivating all CD-ROMs could take a few seconds, so please be patient at program start, X( o6 `# K9 a+ X
- DosFlash and DosFlash32 will try to scan for the VIA 6421L Raid Controller card, based on vendor
3 R7 q5 R5 H `! j id 1106 and device id 3249, it doesn't matter if the card driver is installed or not( O' {" Q1 c' W; ]$ }( \
' R/ ~9 j8 E8 j. T
|9 o) v, l( X- H% b3 u
Many thanks to Dale Roberts and his Direct Port I/O driver giveio.sys!
( Z0 c$ p4 T. i# y$ q2 p- M, J. v# U
Avoid a bad flash!8 ~" I+ P: D# }# s" J9 x3 K
Kai Schtrom |
|
窺視卡
雷達卡
樓主
顯身卡
發表於 2011-8-21 21:08:07
