|
|
ak475671 發表於 2011-8-22 13:03 ![]() y# l* K2 k0 X/ m
版主你好8 }+ P' s1 E* }, I; o; G
版主知道哪裡有教學嗎使用DOS提KYE的過程不是很了解不知道有沒有教學可以參考的呢
1 c2 N* O( D2 E' C另外你說他提取 ...
" T% I) N$ E: g% _" r+ k; V* K6 ^DosFlash ReadMe.txt 說明文件
! N/ I a% w- j- I. H" ^4 k) T
1 z. l7 R9 T& f$ ]' h* D+ R0 TDosFlash V1.9 Release Date 01.01.2011# i5 m$ O- G/ _3 H) w4 t" r7 t
---------------------------------------
$ W2 u8 S; V2 \. M; D! c; Q- SATA and IDE port scan improved in DOS and Windows
, k6 I1 [/ Z1 C5 v The ports are now enumerated with the CONFIG_ADDRESS and CONFIG_DATA register instead of using interrupts$ J: A1 F: x+ j# I9 m, z C
in DOS and SetupDixx functions in Windows. This change will detect more ports in Windows than the old : k. G$ w% T q+ R* L% F
SetupDixx method.# |: |1 Z# A5 B2 F
- Settings saved to ini file for DosFlash32 and DosFlash64* n2 z$ P5 J% R3 \+ N b
Settings like Port, Position, Task, COM Port, Enable Drives and DvdKey state are now saved to an ini file
2 N- T1 o! r+ H- n inside the program folder. If the ini file is not present it is created after the first run. On the first
( w7 w' N9 W# B7 ?0 v, t startup DosFlash will choose the most common and stable settings.
" }4 I4 k: M# S: y1 E/ R- EnableDrives option included in dialog as a check box
2 [' I3 D, F; f0 j! H: |, N7 P5 |( I Due to high demand we removed the "Enabling CD-/DVD-ROMs" MessageBox on program termination and included
3 X' [3 F% p& k; M a check box "Enable Drives" inside the dialog. For security and more stability this is deactivated on the
y8 r0 ?: \6 L2 B1 }7 p9 L1 l9 ^ first run. If you enable it the checked state is saved to the ini file.3 c# y+ @! C" }. m$ N: L
- enabling drives in Windows caused some hangs from time to time, this is now fixed by a recoded enable
) ~9 }) O X+ ?" _. |( s drives function; p+ f3 z, \7 Z
- port drivers portio32.sys and portio64.sys are now added to the executable and unpacked during runtime% O+ }* d$ [4 _' R$ F' F
- PATA and SATA controllers list updated
# {' Z6 E; Q. M, Y& s- Fix for NForce motherboards in combination with drives like the "Samsung SH-D163C", "LG DH18NS40" or) m7 u% S1 A% P
"LiteOn iHDS118"* ]+ r, a" e* i3 f( Y+ i# }6 r
Some drives have problems with flash identify, read, write and erase. This is clearly related to the
$ n( k0 i8 j) [( T NVidia NForce chipset. For manual mode in DosFlash16 an additional command line parameter is added called
) b* ~. J- g& _+ r5 K/ u( M "NFORCE FIX". This parameter should be set to 1 for NForce chipsets if you experience strange problems.
7 o& N1 n3 o1 V8 j! g9 a0 k9 ~* ~ In DosFlash32 and DosFlash64 we added a static control which shows if the NForce Fix is applied or not.) L$ d# a9 g2 M: Q- I2 c
Remember there is no need to activate this with every drive. It seems to be a combination between drive
L( e7 z$ Z1 o0 X7 u+ D and NForce chipset that causes the problem. The fix is automatically applied for DosFlash16 in auto mode,4 f {4 H: w# U' Z. y
DosFlash32 and DosFlash64.8 v" b" B' S4 J. @9 s- }# R
- DosFlash32 and DosFlash64 are now DPI Aware for Windows77 @# T2 m$ z( @# R
- New task Verfiy Key/Inject Key added for verification/injection of drive keys5 a9 X" t* E$ d. f
All DosFlash versions now have the possibility to validate drive keys against an XBOX360 drive and set" k& H3 ?$ E0 e6 O* O# u/ r
the key for an XBOX360 drive. We use the same authentication method like the console to verify a key.- a3 b9 x0 I0 h
In the Windows versions you have the choice to paste the drive key from the clipboard to our custom hex6 S* u% {5 T0 v6 T+ Y
edit control or load a key file. To add a key simply click right inside the hex edit control and select
8 k/ w' n. s* U# Z your choice from the shortcut menu. In DosFlash16 you can enter the key in the format "1A-2B-3C" without
5 U3 G6 b5 d* ]% ~# c+ S quotes. Remember that a key has 16 bytes of data. The key file to import should also have 16 bytes of data2 J1 A+ W2 M: C y2 S( y
like the key files exported by LiteOn Key functions.5 ^1 A1 [ s' m* t' G) G
- Removed multiple key extractions for LiteOn Key functions, added Verify Key after extraction& W4 ~" ~! |# b+ {! m- j
For LiteOn Key functions we removed the multiple extractions, because the key is now verified immediately
0 |$ r4 Q/ Y" m6 K+ S! u$ S* Z against the XBOX360 drive.' y8 q" e0 ], o' K' l) `* t* x
- LiteOn Key V1 and V2 now also extract the file Serial.bin and the 2nd inquiry file Inquiry2.bin
' i2 c, ]) A- F7 {" D: n' @0 g" `' \ We added the file Serial.bin and Inquiry2.bin to LiteOn Key functions. Inquiry2.bin is only generated for/ E! e V; s, G/ p }
LiteOn drives V1 and V2.
* F+ k1 l9 h* r4 ^- A- i- The drive key of Maximus patched UART drives can be extracted by using the task "LiteOn Key V1 (DvdKey)", m, `; v( |! G1 Y* ]
The drive check has been removed from LiteOn Key functions. This way we can extract a key from an UART 6 s: c$ C3 Z3 ~( m1 {* P
patched drive firmware by Maximus.7 q: ]' F6 E5 ~7 R# k" M5 f2 k; y0 z
- LiteOn files are now extracted to a destination folder instead of prompting the user for every file name.
4 `$ @) \4 k0 F9 B; ?* N9 Q- LiteOn key extraction tasks separated per drive version in "LiteOn Key V1 (DvdKey)", "LiteOn Key V2 (FreeKey)"
/ x9 Q. Y+ W) R and "LiteOn Key V3 (Tarablinda)"# T& ?% G9 A4 p2 X
- In DosFlash32 and DosFlash64 the number of installed COM ports in the system are now enumerated instead of" |- ]' v1 l2 O' h$ i& T9 Z
adding port 1 to 40 v6 l3 f7 _/ i7 k* S0 G9 [
- For failing cdb commands the sense code is returned
6 [( A8 I, x3 \8 m, _* b* p' a$ m- Geremia's Tarablinda functionality added1 d: V5 q' s; q* v- ~( T! W) z7 ^
We added all Tarablinda tasks to every DosFlash version. You can extract the key by choosing the task
4 V9 b: p0 C/ l; S4 l# \ "LiteOn Key V3 (Tarablinda)". For read, write and erase of the flash simply use the standard functions.2 G# H- @7 o% ]1 g, u
Pay attention that the "LiteOn Erase V1/V2" task is only available for older LiteOns and not for the Slim.8 @& U0 D" {! {" t# x1 \
You should use "Read Flash", "Write Flash" and "Erase Flash" for the Slim. "LiteOn Key V3 (Tarablinda)"
9 X; M% p9 C8 U extracts 1 additional file in comparison to Tarablinda v04b, this file is called Xtram.bin and contains
% p8 r( D, l6 y0 o$ Y& u a dump of the XTRAM8000 area. This can differ in a few bytes from one dump to the next.! I2 y4 V6 ^, q J- Z$ t& l4 k
- Device Reset in DosFlash16 manual mode is now done automatically, there is no option to turn it off anymore- s. S2 @' B; ~( Y
- Code optimization to work with modern SATA2 controllers added, remember to set SATA controllers to IDE and7 Y0 r: i" p# E8 ]- D% b
not AHCI mode otherwise Port I/O will not work
; \! k4 i6 c( \- Warning: The read, write and erase of the Slim drive is considered risky in general! So pay attention and
0 E2 M7 k2 d/ \. o1 U1 B9 C3 g" F always remember you use DosFlash on your own risk every time! Even during flash read the Slim gets flashed
j+ }' A# U1 C' m( b2 Y with a patched firmware sector to retrieve the complete dump!
" U( i" a w/ M+ Z8 x8 T. x- We had to change many command line arguments for DosFlash16 Manual Mode, because of the NForce Fix, added
8 s% i5 w" l5 n @+ M. n Tarablinda support and splitting of LiteOn Key functions. To get a better understanding we added the example
0 b# z: ?. o" V3 Y7 T* }* w section below.
) q9 R; Y7 L8 \2 J; Y
! [5 l) _0 k* K+ m$ A- z
3 H( E6 v4 x! [. O. i9 IDosFlash16 Manual Mode Examples
9 B$ a* r: X3 j8 j- V9 h+ \* }- _---------------------------------$ q- X$ M5 G* @* Y6 r$ i
- Extract drive key on a " LDS DG-16D2S 74850C" over UART -> "LiteOn Key V1 (DvdKey)"
. {( q; p: Z- x DOSFLASH LITEON K V1 0970 A0 1
- P% F3 _( c& t6 b$ F2 }) |) d5 t2 g4 F" F. W! V9 h0 R
- Extract drive key on a "LDS DG-16D2S 83850C" over SATA -> "LiteOn Key V2 (FreeKey)"
( E3 Z! A$ t/ ?5 w6 P DOSFLASH LITEON K V2 0970 A0+ X' A5 M& c7 v$ M& U* ]7 {1 D
2 F; v6 e! h: \+ i" b% q% K9 b" i- Extract drive key on a "LDS DG-16D4S 9504" over SATA -> "LiteOn Key V3 (Tarablinda)"
8 i7 g. c) B: Q% F0 `- i c' B DOSFLASH LITEON K V3 0970 A0 z4 K1 o! |4 W4 b0 o
3 u7 ?5 s' \# I5 U3 L
- Read firmware on a "LDS DG-16D4S 9504" -> "Read Flash" this is considered risky!, F* Z) a- X; r! x
DOSFLASH R 0970 1 A0 3 0 4 FWOUT.BIN 0
, V# J# i+ h! Y1 {* l$ X$ }
N' p9 o% j6 `+ `- Write firmware on a "LDS DG-16D4S 9504" -> "Write Flash" this is considered risky!
. m$ E% u% p7 N( I6 Q DOSFLASH W 0970 1 A0 3 0 4 FWIN.BIN 0
6 V/ M0 G u9 J5 F, g& J$ T) J9 P* _
8 x# [& w- h# p- Erase firmware on a "LDS DG-16D4S 9504" -> "Erase Flash" this is considered risky!5 n; M4 n" B! {" t4 R
DOSFLASH E 0970 1 A0 3 0 4 C7 0
1 K4 o: t+ H$ s# s8 f: u: ~" y/ S) `' p* ?: w# Y4 y+ J) x+ X+ O, y
- Erase firmware on a "LDS DG-16D2S 74850C" or a "LDS DG-16D2S 83850C" -> "LiteOn Erase V1/V2"
1 z7 E! i( _; {2 |! I# l, S DOSFLASH LITEON E 0970 A0
: ~; i3 o" J" h7 h/ J3 l; w6 z& j' R! S* \
- Read firmware on a "Samsung SH-D163C", "LG DH18NS40" or "LiteOn iHDS118" and a NForce motherboard -> "Read Flash"7 e" K( w6 b. E* H& J6 h
DOSFLASH R 0970 1 A0 2 0 4 FWOUT.BIN 1
8 N$ ^! G* I$ e) M% x
* @( T- h, e1 I0 G: V3 x; r$ T- Write firmware on a "Samsung SH-D163C", "LG DH18NS40" or "LiteOn iHDS118" and a NForce motherboard -> "Write Flash"9 L i! ~ Y, X
DOSFLASH W 0970 1 A0 2 0 4 FWIN.BIN 1
" j8 p. A' l5 S: A" W: b% K
. A5 m8 ]7 K' ~" T6 X9 V% `$ L! }- Erase firmware on a "Samsung SH-D163C", "LG DH18NS40" or "LiteOn iHDS118" and a NForce motherboard -> "Erase Flash"
0 w+ F+ v. } r; ]' E. {4 \ DOSFLASH E 0970 1 A0 2 0 4 C7 1
0 {. i" s0 [" `8 K3 S0 y4 Z% I& Z3 u) C# ^% Y- m+ d7 f/ _
- Verify drive key on a XBOX360 drive, enter the drive key manual" X/ E0 i6 v- j
DOSFLASH V 0970 A0 12-34-56-78-90-AB-CD-EF-12-34-56-78-90-AB-CD-EF* r' K# d ]4 k( E1 a: g
w. x1 Z) v7 [# w ?- v
- Verify drive key on a XBOX360 drive, load a drive key file# r7 Z& I$ S8 |1 s& G+ S: ?: k) i
DOSFLASH V 0970 A0 KEY.BIN
5 \+ q# `: i5 A) k
4 F; u$ t- C8 K; f% s% R- Inject drive key on a XBOX360 drive, enter the drive key manual
1 w6 f. j/ ]( g8 R' a, W DOSFLASH I 0970 A0 12-34-56-78-90-AB-CD-EF-12-34-56-78-90-AB-CD-EF
1 a2 I9 q+ ]' W ~. {3 V
8 Y1 e; {- f% {; H+ R" K' S y- Inject drive key on a XBOX360 drive, load a drive key file$ O) D( ]4 Q% w1 r
DOSFLASH I 0970 A0 KEY.BIN
6 J/ m# ]& v0 N: \9 Q$ N* r# g0 Q* E4 t7 ?. B# r& Z2 B
For DosFlash drives on which we can extract the key via UART are considered V1. Drives we get the key over4 G& A% R$ S1 I- _) s$ y Q
SATA are considered V2. The new Slim is considered V3 but only firmware version 9504 is supported atm.
% C+ b7 b3 {" @- b
( B0 y' B. C, n+ n
% j# b" p; N3 }, P+ B- b# ?Many thanks to Geremia, Modfreakz, Redline99 and Tiros for their support. Special thanks to Geremia and6 K5 B3 e2 p! y, r1 T
Modfreakz for drive sponsoring, testing, coding and much more. It is always a pleasure to work with you! B4 s/ Z, |& [. v: i! s6 ~% O; M
professional guys! Respect to Maximus for his UART enable patch. I'm looking forward to your magic Lizard/ e2 R1 e L, h8 H2 Q: n
hardware flasher!
) f9 ?2 {: L9 o+ B4 D+ [ S8 a2 C7 [5 B
Happy new year 2011!2 V- f, J. M% v9 }5 E
Kai Schtrom, Y3 w1 a" d$ O
- l7 z8 @4 y6 \4 w2 M************************************************************************************************! f/ r, E6 k& v- I# y5 {6 E: w
: H( @ W: ^% L- u
$ R' j* h) O5 Y" V) M4 KDosFlash V1.8 Release Date 08.08.2009
: S. I" N- J0 F2 ~0 F, e$ i---------------------------------------
% O$ M3 y6 }( K" n' j5 M. t- now supports LiteOn PLDS DG-16D2S 83850C V2 Geremia/Maximus LiteOn FreeKey method
1 m% x# l4 v2 [0 v- huge firmware read/write speed increase, especially if run from a floppy disk4 @' H+ }# ]7 h% `
- updated IDE/SATA motherboard chipset list* u+ u9 A% {* h3 i$ f
- new IDE/SATA detection for Windows and DOS
/ v+ P) \" W' W$ q8 T$ Q- DosFlash.typ embedded in executable file5 o# S0 [2 d) R$ j! ^; I# a7 S
- LiteOn V1 drive key is now extracted 10 times and compared against each other,* U4 C( i3 v( K! A5 m: c5 F
after the extraction a summary is displayed sorted by the most common matches
5 q6 V) I7 s9 ^5 H7 H- LiteOn V2 drive key is extracted 2 times and compared
3 i& ?( U, d4 e" k2 }! o& G- new BenQ unlock keys added to unlock all known BenQ drive firmwares
( h8 n( j( n4 e7 l6 D; a9 H% }( G- command line parameter "EnableDrives" removed, DosFlash asks the user on/ J# _( H" [ r
application close if he wants to enable the drives or not, during the tests it E3 A" N V. c0 ]
seems that IDE drives have problems with the enable, SATA drives seem to 7 U0 ]: ]) T1 c7 n
work fine
$ B5 x* W( B# S+ W- new 64-bit DosFlash edition added called DosFlash64, because some driver5 ~$ Z2 Q, F. R' B4 |4 _# E- C$ E
functions don't work as expected in the 32 bit compatibility mode on Windows x64
7 V7 z/ s; E7 }2 @& ~- Beta state removed3 a! z5 } f6 x4 m( e! H8 t
- ready and tested on Windows7 X86 and x64: M, E1 C) [7 N' j
6 d: X% f" w0 ^* Y
4 B; }' j% c6 I& q3 A: e
Geremia/Maximus FreeKey method with DosFlash16
! N& s" b1 K7 E1 A5 x------------------------------------------------
; o2 H/ U' n, p0 P9 EWe have added one cmd line parameter for DosFlash16 in manual mode. The COM port
+ w3 l8 h9 t5 Zis simply ignored and can have any value for the V2 drives.
' ^& z* A% J+ q# N( @1 yUse the following command line to extract your free key from 83850C:# [6 r" J4 C1 Z" k. c
- DosFlash LITEON K 0970 1 inquiry.bin identify.bin key.bin dummy.bin enckey.bin
/ I7 O' o$ n, v, S+ A* L& x, F/ @
/ j6 b5 i* w' F8 f
Tips for running DosFlash on Windows 7% _0 n3 O- q$ b7 s+ D @
----------------------------------------" r( I, V$ ]7 x1 Y" ~& Q
5 H9 Q& v8 E) J5 y% \Since Windows Vista 64 Bit and upwards it is necessary that every driver is signed. Because
3 {. o. Q- m. q& S, g# E4 dthe DosFlash driver will not be signed by MS due to some unknown reason we need to circumvent
2 o- y3 I8 D1 w$ m# [, uthis check. You have the following 2 possibilities to do this.' T2 U% n! K4 K( h$ U: T
% o9 `- M2 V- c! e7 W
Safe Way of Disabling Driver Signature Enforcement& _# [9 u! |, m5 b3 A6 l& i0 p, N
1) On Windows 7 bootup press F8 to get to the extended boot options screen
- H* Q6 q4 k4 N2 o% m2) Choose "Disable Driver Signature Enforcement"
6 W( h( D$ p( \0 x$ s3) To start DosFlash right click on it in Windows Explorer and choose
9 V) T/ E; _8 s "Run as administrator" > answer the message box with "Yes"
2 U5 G" |! L# J6 v) l4) Short after the program started a "rogram Compatibility Assistant" warning message+ k3 b% X( ~: u; d, o# {& J
is displayed, you can simply ignore this by pressing the "Close" button
, G9 `6 S/ f t8 W0 ~1 g- L3 a# O
0 I7 V5 Q8 M7 l! A# ^- @% YRecommended Way of Disabling Driver Signature Enforcement! i* ?- J* d5 e; B' q
1) Disable User Account Control (UAC)- l* k6 ]& r6 [
- go to "Start Menu" > "Control Panel" > "User Accounts and Family Safety" > "User Accounts"! z) e% X- E7 P& F# q0 k) V0 w
- click on "Change User Account Control settings"2 T+ d2 H/ D1 I2 |
- set the slider bar to the lowest value (Never notify) > click "OK"" ^1 I$ E, ?8 R) r8 u
2) Sign the DosFlash driver0 v+ n% w4 u: z$ D
- download the "Driver Signature Enforcement Overrider" (DSEO) from& s @( R: ^* e6 `8 v
http://www.ngohq.com/home.php?page=dseo
3 |" o7 S* u: Q" l, M - start DSEO > click "Next" > "Yes" > choose "Sign a System File" > "Next" > enter the path to! S3 F$ L& y) t
the used driver (portio32.sys or portio64.sys) > "OK" > "OK"
; I% \# c& k7 W: Y* u; c; T1 q" e3) Disable Driver Signature Enforcement
' q( o9 \. {% L, L+ W% D4 Y - start DSEO > click "Next" > "Yes" > choose "Enable Test Mode" > "Next" > "OK"" e, ~6 }2 A- b/ N0 c) A. H; c: N
4) Restart the computer+ o/ v% f* E z: E5 L/ F8 M5 i
& E+ e* O( \2 @ h$ }Keep in mind that with the recommended way the changes will have effect on every reboot without E. T9 w7 U# e' }
doing anything manual. The first way needs to be done over and over again. In addition the second
1 V3 S3 x3 R% M" sway can be used to sign every driver that doesn't run natively on Windows 7.
; g9 K0 V; `8 X, A
3 W$ m9 {" x- |' J* wFor use of the VIA Cards in Windows 7 it is recommended to uninstall the VIA driver. This can be
0 F/ ~9 L: H. I ndone like follows:
& |2 P' Z" r$ {' n& G6 d% w, W- start "Device Manager" > expand "Storage controllers" > right click on "VIA RAID Controller" >
3 ?8 p: T1 _& m. ~ choose "Uninstall" > "OK"2 F( n: \2 l m
- rename C:\Windows\inf\vsmraid.inf to vsmraid.inf_; k1 e$ }& r$ O1 ]
- rename C:\Windows\inf\vsmraid.PNF to vsmraid.PNF_
8 k+ ~' J# D9 [9 S- t% p- rename C:\Windows\System32\drivers\vsmraid.sys to vsmraid.sys_4 F( }& m( L! q0 u& P% _7 ?1 \
- reboot computer
) E( S# \8 W9 k$ Y- j& l3 b7 J% H4 |4 B& n
/ Z$ a2 u* Q6 Q: {# Y# P( d9 H
Much respect and credits go to Geremia and Maximus for their money saving FreeKey app2 F/ E. R6 L9 H! h
and their lightning like decryption speed!
( Z. H0 l2 C! U) W y, e: `& u" ]
% \$ d" z3 t& \1 bIn Dedication To The Birth Of FreeKey On August Fifth 2009
$ }8 S6 t, E5 l4 r* I- |+ \Kai Schtrom
2 @+ e+ Z. @% y4 h; c+ Y: N9 D, b1 m0 N: b
4 y* H) A# ~: `- c
************************************************************************************************ c$ E, ~' x2 S% I0 S7 }
9 g% u% R5 [; B9 z8 ^, ^$ w
: m/ l7 A% H7 C. r3 |3 ?; D/ lDosFlash and DosFlash32 V1.7 Beta Release Date 23.12.2008$ C+ N- G S f0 M( m" ~ |
-----------------------------------------------------------
+ M7 D8 a/ \+ c5 i9 h! U- now supports LiteOn PLDS DG-16D2S 74850C and Geremia's LiteOn Erase and DvdKey method2 [7 Y6 X8 p; U" a! S/ T
1 h# D4 ~4 i& `7 E% j
) b/ Q4 H9 w7 t: tThe following only applies to the new XBox360 LiteOn drive PLDS DG-16D2S 74850C.* Q# j& X/ c$ @' H
/ [/ @ w$ e5 f0 c. d7 i/ E: _7 e! J" @$ \" ]- ~! |3 G' Q6 h
Geremia's DvdKey method with DosFlash16 with the PC's psu& D) j3 h: ~* o! v
-----------------------------------------------------------1 ]0 n$ J# A5 ^$ y. _, @
- disable CD-ROM boot option in BIOS
! J/ v" m. J" X- connect LiteOn to your PC's power supply unit and SATA port3 t) N# M# B, W
- power up PC, wait until bootup is finished" Q2 X& G+ y! T+ ?+ r
- eject tray of the LiteOn and shutdown PC completely |& S' Z) S: D7 C4 @8 E
- push the LiteOn tray half in: x8 U1 z0 b, x: Q# R5 V( x
- power up PC and boot into DOS
( l8 z' K' u' F- run DosFlash16 in auto mode
/ e; p8 P+ p" v8 q! v3 @- if you read the following:
9 N$ K1 M" ?4 T5 @ MTK Vendor Intro failed on port 0x????.
0 U' N, T" t' j+ n+ a3 l+ c) E& A If you choose to resend the command you should turn the drive off and on
1 D w7 x4 O: h$ J+ \& H. O after you pressed "Yes".) u& \8 y5 @! X
Do you want to resend the command until the drive responds (Y/N)?9 \& A( w% u1 P" }" P R9 w, e
- press 'N' for "No"
- X( f2 E, L, f* g8 K3 d- choose the number of your LiteOn ATAPI drive
, O: n/ H: n% m9 I- enter "LITEON K" to read the drive key: D0 n2 ~* z8 a5 S9 M+ q) Q' m* B
- type the names of inquiry.bin, identify.bin, key.bin and dummy.bin output files. z+ |3 M+ H! v7 a J p) W. g
- enter the number of the COM port
! h2 J; _) h4 s# T" u- if you read the following:
) [8 Y+ b" x7 l% v' s+ A To receive the drive key use Geremia's DvdKey method like follows:4 N! D6 o+ H+ Z* v$ m
- Connect your drive with a serial cable to the COM port \) e0 v! q! e, d6 r; M
- Eject drive tray" D7 y! L! [8 l+ Q
- Power off drive: ]3 `- V+ A) t. }
- Push drive tray in until it is half open2 e( T2 |) w5 c- w. K# J% S7 d
- Power on drive/ p$ U8 K( @9 U3 p' Q: R2 i
- Press "Yes" if you are ready
+ w/ `& o5 [& p/ e5 ~& l Are you ready (Y/N)? f: I/ v! } e7 I1 r) k0 t1 R
- simply press 'Yes' without doing anything of the above, because we/ J- {$ X0 e% O! k$ q
already did that before' P# S$ N$ H% u0 Z5 ^: V6 F
- after this DosFlash16 displays your DVD-Key and saves your key and identify data' _: {: A) W- J, Z& i
- to do the above steps in manual mode use the following command line if your drive
4 R9 q! F( U. G) x0 _ is connected to port 0x0970 and serial cable is on COM port 1
. ]: i$ J) K& p$ I+ Y- e% c DosFlash LITEON K 0970 1 inquiry.bin identify.bin key.bin dummy.bin
1 v$ a' ~2 G8 f. F7 }
/ X/ u1 }$ P' W5 ~/ b, M, v1 }/ |. c- M) \9 @0 }) h
Geremia's DvdKey method with DosFlash16 and 2nd psu" ^5 I' `1 p6 X/ W$ Z; C: [5 l
-----------------------------------------------------6 u8 w9 r, n' ~: f# J y0 j
- connect a separate power supply unit to the LiteOn, don't turn it on yet6 E, c* C0 i& o6 z6 ^/ i
- power up PC and boot into DOS
$ s& m0 n" U. t' P; m- turn on the LiteOn psu$ ?! v, Y4 [# x* o" `% v
- run DosFlash16 in auto mode
- V9 ]' ^1 ]2 w/ W- if you read the following:1 H; ]3 M, U( h, m/ L$ v: \
MTK Vendor Intro failed on port 0x????.4 Z/ `* D1 {) ?. }! f. I0 V
If you choose to resend the command you should turn the drive off and on$ u. y/ H1 U1 X
after you pressed "Yes".4 @2 t- z b6 [( J* P u
Do you want to resend the command until the drive responds (Y/N)?
# d O& p% O* Z8 T( V/ g0 F! p- press 'N' for "No"
" G8 x3 _3 w* m$ J* r5 k r r- choose the number of your LiteOn ATAPI drive
4 b; H# ^1 d, K& H$ X* p- enter "LITEON K" to read the drive key
: y$ v, ]3 X: A% F& B8 C6 `0 J% K- type the names of inquiry.bin, identify.bin, key.bin and dummy.bin output files9 s+ m' r C8 K X( e! |7 p
- enter the number of the COM port/ k, q* e& F1 \. b" f
- if you read the following:4 m9 q" ^: \8 ~( Z# p6 t
To receive the drive key use Geremia's DvdKey method like follows:! P; C) y! C F; j8 [2 t9 l
- Connect your drive with a serial cable to the COM port
3 g1 B, _2 a0 k2 Z) u - Eject drive tray
" O' W# Z X7 O9 N - Power off drive; ~6 Y+ N4 @6 L
- Push drive tray in until it is half open
2 J- v4 ^- N. F - Power on drive. w* U, S) y& i1 e# {* y" p8 y( j# d
- Press "Yes" if you are ready
2 K1 D8 c; \! ?- p( F3 J% h3 f R5 l Are you ready (Y/N)?
5 D% j) w9 l, } V# O- do the above and press 'Yes'9 C8 J) B) ?+ Z# O/ |
- after this DosFlash16 displays your DVD-Key and saves your key and identify data
* u0 P4 T9 C! c. u6 X0 j
A0 z4 C# y9 \% d
/ y' H( u% Z3 |: Q! PGeremia's LiteOn Erase method with DosFlash16 and 2nd psu. x3 H( b" W# X" i
-----------------------------------------------------------1 t- M- K1 q! q
- connect a separate power supply unit to the LiteOn, don't turn it on yet3 U6 S1 Q l/ O6 x
- power up PC and boot into DOS- R% j) `! @4 G3 U2 z
- turn on the LiteOn psu5 G; Z8 F5 Z/ m4 b# m- C
- run DosFlash16 in auto mode
& B) f, O! N" ~6 ^- if you read the following:
7 W, l) j& q' T' i. n2 E MTK Vendor Intro failed on port 0x????.' ]7 D7 e; O% C5 Y2 I
If you choose to resend the command you should turn the drive off and on& k8 O9 z6 K9 a; ^5 E3 s9 V4 l
after you pressed "Yes".
% N' g+ i7 ^$ l/ r. Q Do you want to resend the command until the drive responds (Y/N)?
1 i5 Z; g. w% N0 E% J: b: J- press 'N' for "No"
/ n9 F; g5 A# i: ~/ N& U: N- choose the number of your LiteOn ATAPI drive9 m9 @3 U% e( {/ k- ^, F/ }
- Warning!!! Keep in mind that you will need the drive key before you erase the flash,
+ _& K; H, f# V. g/ S; V without the drive key your XBox360 will not work anymore* B3 \% T, [( n8 M& T) J
- enter "LITEON E" to erase the flash- V- W1 P$ H8 S2 A5 A5 D1 A& U
- the first time after the LiteOn Erase the drive needs to be repowered to give
- o' ~3 }4 ?5 P7 ?0 R: H flash chip access, this can be achieved by repowering the drive before another
6 ?9 |# _9 ~/ F& V( b/ l& a6 v1 o DosFlash16 start in auto mode or by doing a MTK Vendor Intro Power Brute
4 J4 z: m$ w- ]' Z6 V- in my tests it did not work to power the drive with the PC's psu, because it will" N H8 g1 X+ {; M3 I" C7 v4 q2 {
always respond with busy status
' @9 V( k* B( t" b- DosFlash16 can now read, write and erase the flash chip like usual
( T9 Z' S6 k% u8 d% \. N$ a2 Q) c- to do the above steps in manual mode use the following command line if your drive
1 ?3 p8 M' r) C9 n. _3 s$ ?6 A* D is connected to port 0x0970+ J J5 ~$ e1 K% d
DosFlash LITEON E 0970, x, D, `( A1 N- _8 y A g& Z
' b6 ]3 H6 ]9 ]/ V
* W. i3 G# T! |2 \! i z nGeremia's DvdKey method with DosFlash32 with the PC's psu
9 x! o8 L1 l7 c& k# m2 i-----------------------------------------------------------, L$ E* m9 L6 Y6 w* J, S/ m
- disable CD-ROM boot option in BIOS
; H: D! E0 _: R% t& D" x+ V- connect LiteOn to your PC's power supply unit and SATA port9 @ |6 D, P# J. ~
- power up PC, wait until bootup is finished1 J8 ?' D# X: w P7 }2 U0 M/ L
- eject tray of the LiteOn and shutdown PC completely
+ I/ t1 Q& B& q4 {; O- push the LiteOn tray half in
- U( T% j1 M% K4 ~% I- power up PC and boot into Windows
" V" g% e$ v4 g( k j# M$ @- run DosFlash32
8 s' \6 F* \7 w! b7 g6 O% h- if you read the following:
/ c% v6 ?1 l& w' o) ^ `. U MTK Vendor Intro failed on port 0x????.
4 t) ^$ Z0 I. O+ o/ Z If you choose to resend the command you should turn the drive off and on
3 l; c( Q9 q1 k after you pressed "Yes"., t8 C: T! D, v* s O" _2 H& T% _
Do you want to resend the command until the drive responds?' k" Q( A: V5 H) B" @$ ?/ V" {
- press 'No'" v; g ^- q8 l
- choose "LiteOn DvdKey" as flashing task; o7 w" R; q! V! Z3 z9 f
- choose the COM port number- w6 ~8 @ y: V! j( R
- press on "LiteOn DvdKey" button6 c1 e7 a9 I1 T2 K! z0 [7 \+ ]
- enter the names of inquiry.bin, identify.bin, key.bin and dummy.bin output files
; J C. N5 C; h, I0 z" }8 l- if you read the following:$ D1 G: d+ e4 X
To receive the drive key use Geremia's DvdKey method like follows:
' T, ~4 b# `8 h w0 ?3 E# l# S - Connect your drive with a serial cable to the COM port0 x; ?( |4 }, S" o, {8 l$ L: S
- Eject drive tray
; s' J4 N* M/ K5 _ - Power off drive
* j# [* R# h Q; I5 ? - Push drive tray in until it is half open1 B. |" ^6 _# E) z' z
- Power on drive. {- ^/ Y3 I5 t5 N5 w
- Press "Yes" if you are ready
( E! X6 b1 w* W" g$ {/ j Are you ready?1 L2 z) H/ N$ c: x( j1 H1 [
- simply press 'Yes' without doing anything of the above, because we
: g6 w+ X: }3 H already did that before/ d. T. n; j5 \: p" R
- after this DosFlash32 displays your DVD-Key and saves your key and identify data) c9 ?& X8 Z& B
) X( j. {7 l- N+ s: T. j' j* C* D0 v. [
/ q3 K+ U7 ?+ P. n- w, |3 ~* zGeremia's DvdKey method with DosFlash32 and 2nd psu
' x: j2 d- q$ w& R+ ~-----------------------------------------------------* c4 m$ v9 J7 o) u
- connect a separate power supply unit to the LiteOn, don't turn it on yet
2 W1 `. p. H" C7 P- power up PC and boot into Windows
+ h1 f, @( z; p, W' [9 y- turn on the LiteOn psu; @2 r6 n5 M9 x3 s# [0 ]$ D7 u. Q
- run DosFlash32
r$ X) }4 u, x5 X. N' M- if you read the following:, R' q3 z! V3 S! ?9 t8 ]; h
MTK Vendor Intro failed on port 0x????.1 E- l. ~1 i; E9 Q1 [% x8 [
If you choose to resend the command you should turn the drive off and on4 y$ L5 v2 U2 [3 s$ r, c
after you pressed "Yes".7 B& Q2 A k6 z; G' y, U
Do you want to resend the command until the drive responds?
7 ?7 s* \0 }4 l; V- press 'No'- C. g8 G( t6 k: R$ J5 n5 G
- choose "LiteOn DvdKey" as flashing task6 |* O+ F( `+ L& d8 c( q
- choose the COM port number
( Y/ F6 e5 ]; h4 X: q q/ {- press on "LiteOn DvdKey" button% L6 K" L: I' s" \# x! Q
- enter the names of inquiry.bin, identify.bin, key.bin and dummy.bin output files
. C9 b3 ]! p9 e$ ~9 x6 A- if you read the following:
% q4 o( U& w/ ~% y To receive the drive key use Geremia's DvdKey method like follows:
$ T" O' v! H6 \% d3 D - Connect your drive with a serial cable to the COM port3 l+ I% Y) o7 O# a
- Eject drive tray2 T+ o) }, Y( K, m
- Power off drive
6 M; B1 x6 b# F& b8 r - Push drive tray in until it is half open$ K5 G! [8 V- v; g3 ]
- Power on drive' G' i0 q! @1 I) ^5 o
- Press "Yes" if you are ready
$ P8 S7 d8 r/ f" [" ?6 E$ Y1 b Are you ready?% |, v* F: r& [9 w4 x- n0 X
- do the above and press 'Yes': E4 s4 h' w7 J* g: @$ v
- after this DosFlash32 displays your DVD-Key and saves your key and identify data% x: @5 a7 O& k; I
2 Y I0 m7 N& p
Z! ]( x2 [( Y. C0 FGeremia's LiteOn Erase method with DosFlash32 and 2nd psu
1 k& y0 l( J x' b$ y-----------------------------------------------------------
0 \8 G# U# N& j0 j4 ^1 i- connect a separate power supply unit to the LiteOn, don't turn it on yet
& O/ K2 l+ O+ B6 A8 |9 ]* S4 o6 x- power up PC and boot into Windows; Z+ h- z; ?5 ~
- turn on the LiteOn psu9 x6 U+ b9 |" K$ }
- run DosFlash32
7 P* a# k% b7 m$ w$ a8 p9 ?9 x- if you read the following:
& l6 g* j- K6 M. x5 ` MTK Vendor Intro failed on port 0x????.
5 o" d; w/ Y, ^: e7 l$ j If you choose to resend the command you should turn the drive off and on& P+ X5 ^# `# X$ f- a/ _( _* A
after you pressed "Yes".
& |1 C5 Y# a. X; F* v Do you want to resend the command until the drive responds?
4 @1 g. W" _/ K$ u$ `6 A- press 'No'
; h- r5 a9 I, v* {+ k" Q7 R. ]- the LiteOn flash is not identified5 \0 m. f# u- G3 b: m6 K- ]" D
- choose "LiteOn Erase" as flashing task4 S! I( P# ?1 l: V
- Warning!!! Keep in mind that you will need the drive key before you erase the flash,) j# O* \: c8 d5 f
without the drive key your XBox360 will not work anymore
9 v! r5 v% Q& s- press on "LiteOn Erase" button
9 [: Z, m8 u- T6 C) Q' r- the first time after the LiteOn Erase the drive needs to be repowered to give
5 l+ a# V+ f$ x0 N; r3 x+ G flash chip access, this can be achieved by repowering the drive before another4 E- p2 V& w* s8 K1 V# B1 t, ?
DosFlash32 start or by doing a MTK Vendor Intro Power Brute
- y$ l; G5 E% k; V3 t' M& \- in my tests it did not work to power the drive with the PC's psu, because it will
2 [: K1 e0 n' Q" q2 _! w always respond with busy status, j( U3 O+ j/ t' \! u6 e/ G* Q1 h
- DosFlash32 can now read, write and erase the flash chip like usual
: @0 e) U8 y' u6 E
, x& G4 [( P% o( n/ J1 w- B* K( Q, j! i! O1 a
Respect to Geremia, Modfreakz, Podger, Redline99 and Tiros.5 K! J) g5 A. M' j& [! [* e
" z/ U, V! w6 i9 u9 ELike a wise man said: "0x2E is the MTK Intro of Death"
. M) K0 r6 d$ t5 G4 Z' A) B7 JKai Schtrom5 i$ v1 B/ H7 I6 o
9 U( a# V" Z! q! C/ L& _
( B# h9 d7 w& h; ^
************************************************************************************************
" b! c3 E8 @- u( Q( W0 r6 r, L6 z! Y+ b- \7 |0 x' `, l
+ d/ N; A: P% A* E
DosFlash and DosFlash32 V1.6 Beta& E* w2 r7 Y |! ~' h8 ?
-----------------------------------. C. E, D8 Z3 g8 Q3 n$ I$ S
- fixed power brute unlock bug for VIA cards, this can stop your VIA from working% g! f$ R6 ^+ w+ F3 W/ w! m
with the power brute unlocking in Version 1.5
5 }% h4 f4 U- F* b' m- for DosFlash16 in auto mode on DOS my VIA card works best if I do a cold boot5 _2 X0 p( P- \8 N1 x( E
and power up the drive short before or with the PC7 N! i, P! Q1 N/ C" P3 y* `
- for DosFlash32 on Windows my VIA card works best if I power up the drive short k3 \/ a6 m; ~' [8 v V2 p
before starting DosFlash32( W% @1 U$ H1 V* {# {" g0 R* V
- for me the VIA works with internal and external connectors on DOS and Windows
( ~$ ~3 ~& E. M, q, }2 e
} f* g. I) C" r, X8 ?Sorry for the trouble!3 B8 X. G' a/ H6 P V w+ y
Kai Schtrom
* [; x% t6 e/ X! D# C
& l/ x- }1 ^: t& G i# Z, _, X9 P$ Z4 Q0 l
************************************************************************************************
$ d2 S# j1 G* V+ Z
; k# Y5 g6 X& w# R
( l5 J& A$ |& f) sDosFlash and DosFlash32 V1.5 Beta
3 D3 ^8 C5 @7 Z+ Q-----------------------------------
. o" [, @# @+ i/ c- now supports serial flash chip MT1309E with mediatek status 0x72 like the SH-D163B, SH-D162D,
7 c* t8 M: y# \! V0 m Asus DVD-E616A3, Asus DVD-E818A3, Sony Optiarc DDU1671S1 ~& C7 D+ p! T& e+ J5 Y
- SST25LF020A and SST25LF040A chip support added
$ o: L* Z; | b3 T! r6 X3 e- DosFlash32.exe ported from MFC to plain Windows API, exe size is now 22 KB
" U2 M D. C$ f1 Q1 f z" w2 d- new port i/o driver, because giveio.sys can't be compiled for 64 Bit Windows A0 p9 P7 f+ \/ S' k6 A
- DosFlash16 changed slighly in manual mode, one parameter is added to support SST25LF020A and4 Q3 E( d* E+ ~( y* a
SST25LF040A) J1 ]; ]. v" m
- two new methods of BenQ soft unlock are now possible on all motherboards with only one power0 s0 Q: b2 F1 e+ x& w
supply unit# a% s/ g! @2 o; X S7 _% {
- 1st method is powered by Geremia's unlock core, thanks for the complete idea, concept and
0 E* S4 [3 Z6 `( m4 a# U source to Geremia" P% }% {7 T o* J# E
- 2nd method is the Magic28 key send, this only works on BenQ VAD6038 firmware, thanks to w; E$ [- M. ]7 U: |
c4eva and podger for the initial idea
# O) M3 U3 L) i) { S: D' T- the two unlock methods are send one after the other if the drive is a possible unlock
% U% N& U! ~; ?2 @3 m. M( \ candidate, first the Magic28 command, then Geremia's unlock commands and after that the3 g" _8 v2 S: D# M/ f) [' r' g. k9 E
already known power brute unlock is send to the drive, you can cancel any of these methods
" x v+ U- `3 h+ z/ z before they are send to the target, this only applies to BenQ drives with a locked flash2 J4 W6 f( D9 B; w3 k/ a J$ J
- DosFlash.typ updated
- Q. S2 ] P) ~# n0 h' v- other minor improvements
% G/ U- R9 s5 b- DosFlash32 is now ready for6 }# D6 b3 D2 X% L
- Windows 2000+ W, M+ W+ c6 l8 a+ R
- Windows XP 32 Bit; @- ?3 {" l0 ]8 b" Y
- Windows XP 64 Bit' ~' N% w# @% O! n
- Windows Server 2003 32 Bit
$ a% _; N& I: \1 q7 i - Windows Server 2003 64 Bit
4 H$ t4 h/ A& K4 |- o - Windows Vista 32 Bit
1 ?9 [4 A6 l# Z2 O; O" m/ H: O" v - Windows Vista 64 Bit
$ K1 Y; r9 |3 g% Q1 u- Warning: Drivers for Windows Vista 64 Bit need to be signed, because we can't afford the! l* \. `) @( M: ^* q- m3 o- P
money to let portio64.sys sign you need to do the following:
7 V) k) `3 x2 Q2 e! { 1) Log on as Administrator& H* b# s, l0 L; \
2) Enter the following command in a Dos-Box:
/ N( w8 x# o" g2 x _ "bcdedit -set loadoptions DDISABLE_INTEGRITY_CHECKS"
9 X, a. w1 w _. F4 S (we made sure there are no typos in the line above) 
& ^( A: K' D: [( O y- `5 P 3) Press enter and reboot your PC
0 O8 b& d1 G/ }" K$ ^, S 4) Press F8 key upon initial system boot up
2 R3 c O. E" C 5) Choose to disable forced driver signing enforcement for that boot session& w1 f- ]* l" N; F# |- G/ T
5 t! ]( R( |1 _
) C0 Q5 i9 ~" | c; x: ~
The following only applies to drives with a locked BenQ flash.
1 S: w+ `' M: e/ V' E& k+ p7 v4 Z) ]% D, f, x+ W) B( O
. a) u4 H' s. H; ~* @3 @& p
Geremia's BenQ unlock with DosFlash16 / DosFlash32 on any motherboard with the PC's psu! p) u6 Y, z7 C5 J. ~
-----------------------------------------------------------------------------------------4 D, O0 i+ d8 {5 ?" A
- disable CD-ROM boot option in BIOS
+ B( s6 b1 N. k! D. p. ]5 c- connect BenQ to your PC's power supply unit and SATA port
; {( y- u+ Z: |3 F6 R9 j% o' ]" E m- power up PC, wait until bootup is finished
. ~2 {5 s: q4 t- j) g, N* K) R- eject tray of the BenQ and shutdown PC completely! R0 n: f) U6 ^' @1 Q& e6 H
- push the BenQ tray half in7 k2 ~3 K$ |3 y7 p; o" E
- power up PC and boot into DOS for DosFlash16 or Windows for DosFlash32
) ^" n# F$ I0 c7 r1 C& C- run DosFlash16 in auto mode for DOS or DosFlash32 for Windows9 D6 ^( q6 X* N2 ?1 t5 S
- if you read the following:5 M" s: V' n9 e; P3 E, {, _
MTK Vendor Intro failed on port 0x????. Because there seems
& v" G' B" T/ ?- o8 C& U/ C to be a BenQ drive connected you should try Geremia's0 P1 E0 }( L' \( Q0 L: T- v3 ^$ X
unlock method.
) g' F% ?! i7 a: z& S. F1 R - Eject drive tray
9 e! Z. i8 _. W7 O/ T2 f9 R" }" ` - Power off drive) V. V% @1 F) o$ P( F
- Push drive tray in until it is half open9 b; q! P# A! o
- Power on drive* k7 Z9 Z; R: S: C: a- R
- Press "Yes" if you are ready& @ J, x9 \& H% B2 f
Are you ready (Y/N)?
+ {6 e% R4 N/ `3 W+ C# I% }- simply press 'Yes' without doing anything of the above, because we
% e8 ^. N' f9 s B8 S; } already did that before starting DosFlash16 / DosFlash32
. a2 T8 e5 a1 u8 Z! B2 A0 X- the BenQ flash should now be identified
4 U& G- e% K, s6 ?- go on like usual' s: G& a# ^6 t& W
5 e9 U" A/ {8 |
6 x! z. p/ _( vGeremia's BenQ unlock with DosFlash16 / DosFlash32 on any motherboard with 2nd psu
/ @" c* E$ Y2 I, e! v5 R4 m5 H------------------------------------------------------------------------------------
I) k9 c. n5 A- Y: j1 z- connect a separate power supply unit to the BenQ, don't turn it on yet
7 |9 f: r9 A& b/ g) U% z2 e- power up PC and boot into DOS
; t0 v$ w% k! x/ e* @* q- run DosFlash16 in auto mode for DOS or DosFlash32 for Windows
/ f8 u7 m. K; M. ^. }7 W6 u) m- if you read the following:
4 `4 j2 A: i% l4 u Q% R0 R MTK Vendor Intro failed on port 0x????. Because there seems( H6 ]9 C8 h% `2 ]
to be a BenQ drive connected you should try Geremia's7 O: B$ f( d C8 D! g. O2 N2 S
unlock method.
; t" A% y$ X) K% `. N! G6 N: C - Eject drive tray
: l5 v0 S9 H! x$ d3 w! [9 y, i - Power off drive; f; D/ J0 g1 E0 U1 |( e
- Push drive tray in until it is half open/ a( S6 [" _3 U4 i
- Power on drive- t) B% s' j5 [" c9 F8 {
- Press "Yes" if you are ready
1 f3 _, R! V5 X3 u. y4 |2 E* ^ Are you ready (Y/N)?8 r( f) ?; e7 O9 }. R' T. D2 b
- do the above and press 'Yes'7 o% ?6 m+ U' v+ {: b+ n
- the BenQ flash should now be identified
+ M9 B2 ~6 Z. C* `0 Q2 A/ C `- go on like usual9 d* e/ a+ v) P0 \) a
# Q; m$ `2 X0 s0 Q* H6 O1 [# H. W! }5 K4 b) K: Y+ L
Magic28 BenQ unlock with DosFlash16 / DosFlash32 on any motherboard t& i7 g P1 M
---------------------------------------------------------------------
! ~, Z) Y; ~4 ^. t7 [( {0 @- connect BenQ to your PC's power supply unit and SATA port( s3 E5 d, W3 W0 `" V
- power up PC and boot into DOS for DosFlash16 or Windows for DosFlash32
. z5 T$ L" V% H! y. g- run DosFlash16 in auto mode for DOS or DosFlash32 for Windows
1 e8 ^, e2 ~5 z0 k8 Y- if you read the following:
! n4 T9 y+ ]4 y MTK Vendor Intro failed on port 0x????. Because there seems
1 O& L1 K2 v$ n( k. x% _$ B3 | to be a BenQ VAD6038 drive connected you should try the
6 t) S+ D! m: g W, v Magic28 unlock method.
6 g( }: v6 g4 S. d% ?0 l2 g3 M; u Do you want to send the Magic28 command?
4 r5 N; ]" h2 f- press 'Yes'# K/ `8 i9 K4 R; J. ^
- the BenQ flash should now be identified
8 |! s6 s; [& \6 ?; ^- go on like usual
5 S. s: b' j1 s
) M6 W& y9 I. o8 G) O
8 M& _4 g7 [& p9 V( I5 ^Thanks to Redline99 and Tiros for help and support. y' A9 x! |, Y9 a
. w4 d# B+ l- |! E
It's all about DOS!7 @( l% D( t' n6 Y5 M) M+ r/ _1 m
Thanks guys for the excellent team work!7 W1 ]4 C9 {4 t( T( E7 W$ b% `
Geremia, Modfreakz and Kai Schtrom3 c5 k! E/ V8 N
1 v! E$ ~5 M5 S: S5 t$ N/ j# C% t- Z) H% E# A4 K7 t1 ?
************************************************************************************************
. b. M s5 p0 n
9 O- H/ {6 l6 E$ _& C7 E( W
2 n1 D2 e g- ~+ T' l+ j6 ?DosFlash and DosFlash32 V1.4 Beta
4 L# ^* X0 ?! H9 R-----------------------------------( j, I9 H5 g' K" h& |% x
- DROM6316 flashing support
) |8 B& ]: O2 j& w+ p" d- a flash erase is now always done with a chip erase and not a sector erase command, because
/ y2 ?: {/ F6 I ] the sector erase gives problems for some Winbond flash chips including the DROM6316: C4 N, a$ V7 D" o. B+ ~+ G4 Q0 t) t( c
- DosFlash.typ corrected and updated
- H2 I+ v6 k, a- for a detailed explanation on the soft unlock look at the included file SoftUnlockByIriez.txt,
0 X1 z9 ~5 A. Y+ _4 P& n3 { it contains a very good explanation by Iriez from XBS, thanks for that one!( f9 ]0 r& K' W# i1 e) u
/ S9 r h5 l- t c
Thanks to Iriez, Jumba, Redline99 and Tiros for help and support.
' K; _1 R9 s( u* Y* f5 h5 Z i, |, d. G; |9 Z8 W
Happy DROM bricking!
. g, F! }/ ^) _# g$ h5 c) K' OTeam Modfreakz and Kai Schtrom
6 C( e. u5 `3 |" d9 g
8 z" h- p6 V5 @0 o2 J7 j
: u- H2 j- m$ V; z8 U: I************************************************************************************************0 l1 i" r! s& s" N9 z! R! P
& ?( X! q* B3 U% k; c z# ~' ^# @' Q3 J
DosFlash and DosFlash32 V1.3 Beta
9 i7 ~8 L0 f) N5 M) v+ A-----------------------------------
4 d8 \' S9 [& n- V! `2 T+ m- BenQ optimization in unlocking the flash chip, it should now be possible to read/write/erase
X/ f/ M- N9 L the flash without any soldering or wire tricks, the drive is polled for the correct mtk e7 d! y$ d) N" i9 a1 V
unlocking status after power on, this only works for VIA cards and NForce boards atm
% f# d; L+ a5 J, H7 b- DosFlash32 has one additional parameter, if you start it with the parameter "EnableDrives"
, S" ?/ G U) c% B# B' h: b. D% e2 @ all the DVD-ROMs are enabled in device manager after flashing, this could give BSOD on some
6 w/ g0 Y9 { Z& L- c systems, therefor you need to create a DosFlash32 link and add that parameter manual to use it! ?3 z( N# m) ^5 w
- DosFlash16 has one additional parameter "Send ATAPI Device Reset" in manual mode, this could
4 u- z" _" G. {5 L8 a6 Y give better chances for soft flashing on some VIA - motherboard combinations1 g# H; ], L; M$ r
- better support of Intel chipsets, drives can now be flashed if the controller is not set to
3 Z! G# S7 g. A2 B+ ?0 g native mode in the BIOS7 ?( A$ q8 H2 o& G) d* `; ?) u
- the following controller list includes vendor and device IDs that are hardcoded to identify4 `0 Z' |5 C6 n+ N6 U# [( f6 J
the controller type (IDE or SATA), this is needed if the BIOS uses IDE ports like 0x01F0 or4 x' A' @6 m% c E- q$ ~9 s
0x0170 as SATA and not as IDE channels, this list is NOT related to soft flashing) |, m7 s# H/ w
- the following chipset support is added
/ e) s9 U1 N1 @& e' Y) S! E2 |9 R - VIA cards4 [! O! {* O$ |1 N; \3 o! r$ ?' R
- all VIA cards with a 6420 chipset; S* I% ^) u9 {+ I! R( @8 ]
- IDE Controllers
# Q c1 l) E `* ~" w& N - NVIDIA nForce 2 IDE Controller
( R) i9 r3 l3 \* s - NVIDIA nForce 4 IDE Controller
8 I4 ^/ M' G& e/ H0 P0 u) C - Intel ICH9
+ q& ?- ~: h# r - Intel ICH (i810,i815,i840)
: @9 |2 f7 ~8 q1 } - Intel ICH0
1 m* }8 G6 q/ g - Intel ICH2M
* [5 W. o$ ?% U0 q - Intel ICH2 (i810E2,i845,850,860)
- \3 g7 i! `* x: x7 @9 B! q9 m - Intel C-ICH (i810E2)
5 ? X' W* V( l7 G: A# c - Intel ICH3M$ H! K& C) Y$ f) y2 _
- Intel ICH3 (E7500/1)
% h c/ I |6 ~4 F. `" v - Intel ICH4 (i845GV,i845E,i852,i855)
- \# H' m1 x# U9 U, y2 V - Intel ICH5
1 G& b% t, g; J) D- h0 O( t( _ - Intel ESB (855GME/875P + 6300ESB)3 m( _& f% U: N
- Intel ICH6 (and 6) (i915)
/ f0 N) \" g* @+ T1 }- l - Intel ICH7/7-R (i945, i975)
5 L5 S x# P9 b7 r - Intel PIIX3 for the 430HX etc
8 t- v8 R6 Z$ f/ ]1 h0 [( L - Intel PIIX4
# r1 A N1 h* Q, Q8 Y2 y: X- l) _ - Intel PIIX4 for the 430TX/440BX/MX chipset
6 I6 P5 Q# k, B% G$ ~6 T. a - Intel PIIX. r6 ^5 t) i+ A2 ]* |) ]- J
- SATA Controllers
: X; y2 ^+ v g U7 D' [ - NVIDIA nForce 4 SATA Controller
+ I( J! F0 q: @: m - NVIDIA nForce 2 SATA Controller
& t9 \8 z6 [ ?3 B5 m5 _* E - NVIDIA nForce 3 SATA Controller
% D, c) E% `6 o# ~) ~ - NVIDIA nForce MCP04 SATA Controller
2 Q$ b5 b9 s9 L' P e! v* T4 Z - NVIDIA nForce MCP51 SATA Controller' Q3 Y j8 X4 g5 D U& y
- NVIDIA nForce MCP55 SATA Controller$ Y5 _1 |, G3 S/ U- J( z& K+ A
- NVIDIA nForce MCP61 SATA Controller" ]# T! v2 }) `" {8 j: M
- Intel 82801EB (ICH5)2 Z2 u; S) A' A1 U$ e( i& y; e
- Intel 6300ESB (ICH5)8 D8 H& F0 Z8 Y& S" D" {3 K0 {
- Intel 82801FB/FW (ICH6/ICH6W)6 z7 Y5 e8 ]0 `* X8 S0 l/ j! |
- Intel 82801FR/FRW (ICH6R/ICH6RW)
1 T" w8 ~9 a0 S) v1 { - Intel 82801FBM ICH6M
8 X4 w4 }! `9 e7 R$ g, _! h2 L - Intel Enterprise Southbridge 2 (631xESB/632xESB)1 o8 g+ X/ \9 B; B
- Intel 82801GB/GR/GH (ICH7, identical to ICH6)# i1 `7 }6 E' v# b( y [
- Intel 2801GBM/GHM (ICH7M, identical to ICH6M)
% T4 S6 d! @: O5 O# M - Intel SATA Controller IDE (ICH8)
. X. A% r5 K( F& n0 g8 L! d1 Q* Z# I" q( y - Intel Mobile SATA Controller IDE (ICH8M)' F& L5 @* W7 b5 ]) o- g
- Intel SATA Controller IDE (ICH9)8 C, B9 q8 j$ H2 s5 c; G* J
- Intel SATA Controller IDE (ICH9M)
( J3 i* c0 Q+ j ]6 Z s
. E" B# G2 V+ o+ I$ p' R" J# R5 w# L: J3 X
The following only applies to a software flash on a locked flash. The methods have been tested/ u3 e( |8 x, i3 Z
with the BenQ and the Sammy. The VCC trick will work on any motherboard, but you need to do
2 F( z) Y; {. O7 A V) rsome soldering and cut traces.; M+ c2 U0 z) p$ J2 P) a0 H+ ]! L; T
) T5 ~. J- N" Z* i+ e
' {$ u, F( S1 N& `1 k. |3 k0 LSoft Flashing the BenQ in DOS with a VIA card and DosFlash16 in manual mode+ P h/ E0 y9 ]/ l; G4 u
-----------------------------------------------------------------------------
( m: j5 g1 H9 U1 x. U, _! |6 K- first you need to know the port addresses of your VIA card, you can get these by starting
Y7 Y O l+ V' H8 w V, g5 Y- v msinfo32 on Windows XP and looking at the port listing for SCSI devices, K& }% u e8 k! h- |0 {+ j
- for the 6421 the 1st port is internal SATA, 2nd is external SATA and 3rd is internal IDE
( ]3 }* K) {" H+ R" l- for the 6420 the 1st and 3rd port are internal SATA
' M4 u; g4 m% C I- you need the starting address e.g. 0xD000 or 0x7000
8 n* [2 i- u: z" q; N1 G% N7 x3 H/ N- be warned that these addresses can change from computer to computer, they are assigned
: Y3 f3 c( ?9 f' G at bootup, but Windows XP should display the ones you need for flashing in DOS+ L, |% y# S3 o8 `+ ]
- connect a separate power supply unit to the BenQ, don't turn it on yet (can be XBOX360 or
$ {6 O0 V1 n% E9 n* v% b Xecuter Connectivity Kit)9 c$ C( [0 [8 K1 Z8 \
- don't use the Xecuter Kit to power the drive with the same psu as your computer, cause we7 u9 Q! l* q( s# ]" L9 U+ _
need to power the drive off and on during soft flashing
: E/ F( L. Y; c% H' ^' b- cold reboot or reset the computer. ]0 h. n/ c! w$ D2 j0 D3 }
- boot from a DOS disk, I used a Windows XP MS-DOS startup disk% J+ H$ S b( R0 T
- at the prompt type:
! i* d- @3 _- M; z& O0 D e }- i$ M DosFlash r 7000 1 a0 1 4 a:\orig.bin 0
[1 U9 b; N7 f. e - instead of port 7000 use the starting address your VIA card uses8 s; W. ] ?; s# G1 Q$ G
- press return% o6 Q% @" @2 x* ^2 E) D* G
- DosFlash16 will ask you if you wanna resend the mtk vendor intro cmd, press Yes0 ]; C) \, F) K5 e N. d
- after you pressed Yes the drive status is shown on the screen, it's something like 0x7F,/ K2 t$ y- M8 Z( @; M2 f
this will change during the next few steps! Y) N: K2 y3 f$ c
- turn on the BenQ psu and wait 2 or more seconds, status changes between 0x51 and 0xD1
: m: O8 e- J' I2 m. |! b2 M3 Z0 z- turn off the BenQ psu and wait 2 or more seconds, status will stay at 0xD1
+ E0 {# R! s, P3 D7 ?- turn on the BenQ psu, you should get a good drive status 0x73 and flashing should start
- Z# l N3 y9 U6 R, S/ m' w" X- this worked only one time after the computer is powered on or resetted for me
: G' t/ u- Z3 e/ x# I4 k& j. ?" v) L- writing and erasing works the same way7 y: @/ K' T8 g) P) @' d
- for writing type:
, Q1 J3 B2 l/ W- ~5 Y! V DosFlash w 7000 1 a0 1 4 a:\ixtreme.bin 09 P+ H1 `7 P( n8 I5 }
- for erasing type:5 R& V: _6 R4 ]& ~$ L1 X0 |
DosFlash e 7000 1 a0 1 4 D8 0 (D8 is the sector erase opcode for the BenQ flash, if you need
Z# b! F# C H' u% _" u to erase another drive, lookup the value in the datasheet or DosFlash.typ)5 U5 ?5 d* ~/ \9 G* I% Q
- if you experience any problems try to use 1 as the parameter to the ATAPI Device Reset, cause; W; n5 K' V8 V& S
the same VIA card will react differently on another motherboard sometimes
6 T2 d" x5 @; `
2 T1 N' P0 L0 B2 }
7 M+ z) W: Q& Q9 L+ cSoft Flashing the BenQ in DOS with a NForce motherboard and DosFlash16 in manuel mode: r8 J( q6 K0 _" F
---------------------------------------------------------------------------------------+ c+ ?6 Q3 p3 J0 c8 J- U; ~
- first you need to know the port addresses of your NForce motherboard, you can get these by
2 N, {* P) [5 U! E1 ~1 A- }, I- o starting msinfo32 on Windows XP and looking at the port listing for IDE devices
8 |# Q3 [4 i1 k' G4 S) ?) B3 b- on most motherboards the 1st and 3rd ports are used for SATA
) j7 q3 W$ P$ h) r0 T1 E6 {( N- you need the starting address e.g. 0x0970 or 0xE900
, }% n* c2 ]8 ^2 a( K- connect a separate power supply unit to the BenQ, don't turn it on yet (can be XBOX360 or + D' D; s% B$ c: J9 r; t2 m# D
Xecuter Connectivity Kit)
) h" |1 l! X- v Z, u1 F0 ^- don't use the Xecuter Kit to power the drive with the same psu as your computer, cause we
# v: ^6 V% v' l. |7 ~' \/ P need to power the drive off and on during soft flashing
4 _2 K, [' m8 ^% \7 V! ^, b- cold reboot or reset the computer
1 _2 [, `4 l k. {- boot from a DOS disk, I used a Windows XP MS-DOS startup disk
3 K/ a8 V2 U! j; e2 P9 h* h; c- at the prompt type:
5 j: b; i% b) h( y h DosFlash r 0970 1 a0 1 4 a:\orig.bin 1
6 s' d0 Y% m/ I9 f* A - instead of port 0970 use the starting address your NForce motherboard uses: ^" [ y$ F- V" B
- press return
! ?0 l8 T$ D! }0 s$ S6 A* e" y- DosFlash16 will ask you if you wanna resend the mtk vendor intro cmd, press Yes
8 U$ q% B t; O/ a/ Q4 R; N- after you pressed Yes the drive status is shown on the screen, it's something like 0xD1,2 _/ t3 K+ ]/ [4 H
this will change during the next few steps
, x4 s0 E3 e4 c" v3 g) f/ c- turn on the BenQ psu, you should get a good drive status 0x73 and flashing should start/ u. x0 S- G7 r
- writing and erasing works the same way, ]/ \, y! ]" M& V( B
- for writing type:
' p5 C% M; U9 J7 Z DosFlash w 0970 1 a0 1 4 a:\ixtreme.bin 1
4 N2 Y$ h& r0 G- q+ ]/ V- for erasing type:/ d7 o1 Z" u4 U5 c' D
DosFlash e 0970 1 a0 1 4 D8 1 (D8 is the sector erase opcode for the BenQ flash, if you need0 @0 E7 s* r) V: h9 }1 ~# u
to erase another drive, lookup the value in the datasheet or DosFlash.typ)
1 x p7 j; C- N8 V# r; ~& @8 E6 T8 N" `
2 s9 Q% W3 M5 F
Soft Flashing the BenQ in DOS with a NForce motherboard and DosFlash16 in auto mode' J1 q7 d5 ?" I. V" I7 U9 K
-------------------------------------------------------------------------------------1 \' a% Z& {! @( P( {9 w
- connect a separate power supply unit to the BenQ, don't turn it on yet (can be XBOX360 or S' S8 F% U* U0 j6 M! L9 u
Xecuter Connectivity Kit)
5 M4 y, i$ J, F1 |8 g8 O1 {- ^) [- don't use the Xecuter Kit to power the drive with the same psu as your computer, cause we
7 j! e. R5 r3 V0 t! M need to power the drive off and on during soft flashing- \) B8 f- S( o. W8 e
- cold reboot or reset the computer
, ^, W" G# r" D C O2 U3 B7 P- boot from a DOS disk, I used a Windows XP MS-DOS startup disk% q$ k4 { }$ M
- wait until you are at the cmd prompt
- j: a, q9 r% B- turn on the BenQ psu
9 ~) Q+ L7 z( h$ a- at the prompt type:
* E0 l8 [5 B D% n0 D) c1 w DosFlash
' R2 I4 m3 m# D8 e0 t* ?- press return* I$ ~ X& u4 U
- during scann of the BenQ's port DosFlash16 will ask you if you wanna resend the mtk vendor
# o# D( Q% T( N* ]9 Z6 n intro cmd, press Yes8 T% M7 e+ n/ J
- after you pressed Yes the drive status is shown on the screen, it's something like 0xD1,
1 w" p/ X7 r4 w" A this will change during the next few steps
h$ y1 T5 y. \+ i- turn off the BenQ psu and wait 2 or more seconds, status will stay at 0xD13 ^2 I. o+ o+ P# i/ L3 |+ _ E: l) M
- turn on the BenQ psu, you should get a good drive status 0x73 and flash access is granted
2 t6 ^. G4 M4 A# m& Y- you can now continue as usual using DosFlash
4 J9 I4 Y. s7 D& `3 O( D4 ?- writing and erasing works the same way1 F$ F m! d5 @1 o3 X) o1 Y
- if the ports are scanned there is the possibility that you'll get the resend question for
& P- s6 M4 j3 p, z) S+ x other drives like a NEC, this is because the NEC has no MTK chip and returns a bad status,; N+ j5 ~% F# k- y& t9 A
if you know the NEC is at that port you should press No and press Yes only if the port of
" V: {' ?" X& F. @# | the BenQ is shown or simply disconnect the NEC
4 N, q0 K- e3 ]8 H, l
2 E& I P% ?6 c( U. V+ ~5 r, U0 F( ?# \4 Q3 S
Soft Flashing the BenQ in Windows XP with a VIA card or NForce motherboard and DosFlash32# `! M4 H3 J8 D! A
-------------------------------------------------------------------------------------------
8 @8 b5 o+ ? l. d4 ~& y) y- connect a separate power supply unit to the BenQ, don't turn it on yet (can be XBOX360 or 0 C V9 {& d; J$ \2 @
Xecuter Connectivity Kit)$ `1 [6 G/ `* [9 U: d8 ]3 y8 Q
- don't use the Xecuter Kit to power the drive with the same psu as your computer, cause we$ b0 X( ]. v9 T5 K3 S. T
need to power the drive off and on during soft flashing
0 z+ j' g6 D3 K! @5 \& s- cold reboot or reset the computer
/ f$ }% K( _/ \) c1 `. F3 J3 Y4 ?- turn on the BenQ psu when you are in Windows XP
+ }' c: O4 _( L4 }/ J3 P! [- start DosFlash32
6 F$ z5 v" j7 h; v- DosFlash32 will ask you if you wanna resend the mtk vendor intro cmd, press Yes
+ S5 m& A8 `; {- turn off the BenQ psu and wait 2 or more seconds$ v' k: `4 |% e2 j3 A+ ?7 x6 h2 i
- turn on the BenQ psu, the DosFlash32 dialog should show up4 @# C9 P' T# U0 L" m0 k8 G8 Q
- the flash should be recognized by DosFlash32
( y( O2 Z' m0 r6 U- you can now read, write or erase the flash3 ^. H6 j: P$ v: H) o
- you should be able to do the flashing more than one time in Windows, only do the power * v% B; M0 H9 }6 ~- M
off/on trick again
( X F/ x. L+ j7 y- a: @% _' n5 }2 E- if the ports are scanned there is the possibility that you'll get the resend question for- R1 w! b: O* \6 f+ V4 k% t
other drives like a NEC, this is because the NEC has no MTK chip and returns a bad status,+ k, i6 _% ]6 V+ a2 H5 G7 O
if you know the NEC is at that port you should press No and press Yes only if the port of. b3 R4 ^6 \- y# F0 B. k2 V" `
the BenQ is shown or simply disconnect the NEC! l6 j4 y- _' J2 S" D
1 J8 i B, P7 t, z2 H1 c
4 q1 K& ~8 l- e6 a& b( IMany thanks to jumba for the great idea of BenQ polling!
; E( G8 B) D' B$ }Thanks to Iriez, Jumba, Redline99, TeamModfreakz, Tiros and all the IRC people for testing
8 A8 W4 t8 h l4 Y5 n) D6 i- Jand support.5 E4 b2 S) u' f1 {4 A" G8 |
8 h* t/ Q S n% Y" HJoin us on IRC efnet at the channel #dosflash for support.
7 j7 J' v! f) _; |3 S. m" W8 @6 p3 T
Don't brick your BenQ!- t& p: t, A9 J- v' ~0 V
Kai Schtrom9 e) t8 q& j* @9 } r
% F) \+ ^! O1 N& e
3 Y u0 \* x/ U
************************************************************************************************' ?8 w9 Z5 p% W+ F5 A, j, n' \( ~
B! C: c3 O4 F
6 {0 T- N9 h1 c3 o6 q) X4 m! sDosFlash and DosFlash32 V1.2 Beta
( \5 J; [6 k: W, Q1 Q$ G; R-----------------------------------$ }/ z4 T( L0 U; V; ^# X% q# J8 j
- bug fix for BenQ recognition
: r5 Y1 M* ]; `& B - manufacturer and device id are sometimes 0x00 for a correct installed switch
- u* P/ G0 [! `8 P2 P - this issue is fixed with an additional ATAPI device reset before the mtk vendor intro is sent/ A" _& V7 Y. l" v, q& G8 G
' p' [3 P; m ?" M% i% l
Thanks to Redline99 who fixed my buggy code by adding one line! : P2 t( ^, x: v
* C4 V2 M3 J- F U. A
8 Z7 U% x6 B* P0 t8 s5 P! _************************************************************************************************
- x* A1 c! ~7 C2 l4 V9 z/ m
# D/ O$ F- i$ |3 m; D; H0 ]! |$ k: V, l! m H7 Z6 H
DosFlash and DosFlash32 V1.1 Beta7 F/ Z8 t: o: @/ ~7 Q
-----------------------------------0 H# ]+ k# m% ~
- DosFlash.typ modified for better BenQ support
. m5 `& X1 B* X$ E* A& j5 N* a( {- DosFlash16 Flash Manufacturer and Device ID screen output restructured( c- O! X' T2 A( ^; u1 O3 ^ j
- flash chips are first erased before writing starts* T+ M9 ~% d* K3 i& d0 o, B' g
- DosFlash32 no reenable of DVD-ROMs in device manager after flashing, this means you can't see the drive
$ T7 {' X# p' K. c/ p: s8 \: D and maybe have to activate it manually again in device manager, this could give better compatibility and
6 }6 f( t9 T8 {4 w m1 t& i hopefully no more blue screens
8 Q( A3 J9 \3 }9 @2 s# g0 G& a
* {! O( E U/ i# W1 iMany thanks to Jumba, Redline99, TeamModfreakz and Tiros for inspiration and help!
9 {3 r, X! a% w9 ?% J; q: I' T) I( d* `, b$ d
; g+ E& f, ^9 q" a" @
************************************************************************************************
/ J; x3 x- I. x6 Y6 _
! C% b5 Q+ W# s* ]$ b8 y/ z( {$ Z R8 F- b" ]2 ]) d7 I
DosFlash and DosFlash32 V1.0 Beta
" W9 L( M% z" D-----------------------------------
, \0 ?( Q- g I7 m9 g( z+ v3 wDosFlash can be used to read/write/erase the flash chips of most CD/DVD-ROM drives
; D5 H; _0 O% Z1 Pthat have a mediatek chipset installed. DosFlash is for DOS flashing, DosFlash32
5 v4 B( w, w& X, w: Z) Efor Windows flashing.
% t8 H& x2 J. i" t" b( {. z* D9 X0 L. ]/ O
" J! x- r, A6 xFeatures:
: m' l3 ]/ u/ {+ d-----------
" Q, J+ q; |5 W( J: {- flashes IDE and SATA drives# B& G' w/ |- ^" P
- supports parallel and serial flash chips$ W+ L5 U- a9 K0 D5 c
- flash drives in Windows with direct port access
1 h) Y7 u! S2 w: h9 |7 ~" n- no vendor cdb flashing commands are used6 ~: p2 c# F) h$ `! b
- tested with the following drives:
# t/ a& \% y. H - TS-H943A MS25, MS28( k; C/ R7 X5 I# ]" ^9 {
- SH-D162C4 t8 y+ b0 _, {* h
- SH-D163A0 j! A/ z1 b; t
- and some other drives like Liteon, Hitachi, ...
7 G2 \: x4 b2 A/ S; ?- NEC drives are not supported, cause they have no mediatek chipset installed( {- b: ~" l! X$ F, G+ l% P
2 v5 R; g' K' E9 ~3 t3 D
# Z# O a. r4 v2 L; V1 l& yDosFlash
3 t1 e1 B" m) X) \2 Y' L& r. s, g f4 j----------
6 S/ h3 `- ^( d) R& JDosFlash supports two flashing modes, Auto and Manual. If you type DOSFLASH at a DOS prompt it ^, x+ t2 N, _0 {
will start in Auto mode. All drives and the corresponding flash chips are detected automatically.
/ G+ S. H# T( _( K: \( tIf you can't get a flash chip recognized due to a bad flash or other problems you should use the1 O, i; H# D$ D$ O: K
Manual mode. In Manual mode you can enter all the parameters used for flashing by hand. The {; Y* `) I( U9 i ^
following help screen is displayed if you start DosFlash with a wrong number of parameters:
8 A7 n+ C8 F. I0 t) F9 u% l3 ?7 X9 V: z) x. J
; D7 }3 b% |+ m+ L
DOSFLASH by Kai Schtrom, 08/05/2007 (Ver 1.0 Beta), {' W* H4 {/ _. ~" y8 j: |7 R' G
DOSFLASH [R|W|E] [PORT] [PORT TYPE] [DRIVE POS] [FLASH TYPE]9 {- D0 ?8 T* ^' y
[FLASH SIZE] [FLASH SECTOR ERASE OPCODE] [FILE NAME]
1 V$ d) w: @$ k3 L8 j& p5 j R: Read FLASH; W" |- h! K) \, ]2 e7 H
W: Write FLASH) L6 h5 ]" [% M* V7 c& U% G( {
E: Erase FLASH4 q3 V: _/ c& i# @9 _; h
PORT: Port to send command to
( X7 U9 l" I& @- U, m: n' l PORT TYPE: 0 for IDE, 1 for SATA/ W \" j" k% j7 X, R
DRIVE POS: A0 for Master, B0 for Slave
u7 j9 z( V( l* @" Q2 u FLASH TYPE: 0 for parallel flash, 1 for serial flash! a" F& X' V7 d0 O) E
FLASH SIZE: size of flash chip in number of banks
) ]7 s4 J8 @8 J5 [3 ]! u# ~FLASH SECTOR ERASE OPCODE: individual sector erase opcode command byte8 K- v3 C/ W1 l- D/ U6 n
this is only needed for erasing a serial flash& e" ]8 @# u1 j$ Z% E; W/ U4 }
FILE NAME: name of the file to read/write from/to flash
- q$ l0 f3 R \" ]All numbers are intepreted as hex values!. @4 N" _7 ?# o
& H4 q* `) D" b" N9 TExample Usage:
: C0 E0 r0 ~% b8 w, F7 l/ X4 M"DOSFLASH R 01F0 0 A0 1 4 C:\flash.bin"- ?/ I/ g+ m/ p5 G# U
=> Read serial flash with a size of 4 bank (262144 bytes) from Master Device
8 \- F$ d6 v0 |* M9 I6 i on IDE port 0x01F0
% `4 J' `8 M$ c7 y8 `( t% a; I' c+ P"DOSFLASH E C000 1 A0 1 4 D8"8 }# n) h" y8 z6 _# z q
=> Erase serial flash with opcode 0xD8 and a size of 4 banks (262144 bytes)
2 b. U3 |7 N9 R6 H" s/ ] from Master Device on SATA port 0xC0000 B4 d; D0 h% O/ t8 j
1 E( N# G; T! p, P: b8 l T
* x5 a$ Q+ ^# [, {, Y, V& B6 v6 M; KExplanation of the Parameters:
4 L6 R4 B w; f$ W9 q--------------------------------
: g% h$ @1 J$ K# ?: _3 x7 h
1 R6 x6 m' d. r[R|W|E]
. Y" g% h3 u4 l, s0 c( }---------
7 F0 ]: l4 C# \& r3 I- this will set the mode of flashing, it is recommended to first try read on any6 T* e! O6 I5 K; i* I
drive, if the read will fail, it is highly unlikely that a write or erase will
# e! c6 t7 G- Q, A! E y succeed% D# Z- `: _ T4 ^) X- V. ]
& _1 T) C# F4 `5 C[PORT]
3 ?* }* U/ j* B6 O2 H. Y" q L--------
3 y5 N6 |: ^/ q2 P+ e4 p6 y- the port to which the drive is connected, a port number should always be entered
1 y I& E I# o1 q0 \% d: c in hexadecimal and have 4 hex digits, valid ports are: 01F0, 0170, C000, C800! ?2 S' k* ]( `+ j# I# l/ U g
- this option can be used if your PCI adapter card or on board IDE/SATA ports are
D2 e. p9 s' \' c+ X! o. I- R9 Y not identified by the auto mode
S2 f; X0 s* |, [3 Z) J' R/ \3 b3 W& N- I/ ~
[PORT TYPE]/ B& B% Y! v* \& u2 p
-------------! u' y% D4 [! p) `1 u* S
- the port type tells DosFlash what type of port is installed on the before entered/ S! |: x8 y3 {( R; ^
port address* o4 ?" e3 p+ d5 y: d8 X
- valid values are 0 for IDE and 1 for SATA K w& Q4 `! \1 R$ c9 V# j
- make sure you never mix the wrong port with the wrong port type, this could give
+ `, I" s6 ]/ a$ h! G: J2 t J& K' n strange results or in the worst case a bricked drive
/ b$ [/ I- \' ^/ r2 Y& M
4 t. a! q8 v! m+ i/ b R% g, D; j[DRIVE POS] `6 l, [% a' i6 @5 A% F/ o a3 p
-------------' ~' N2 L5 p" L& m+ H) U! I
- old style IDE channels have the possibility to connect two drives at one IDE0 }; S! Z* p3 h2 d! D
channel, the first drive is called the master, the second drives is called the
& e) x2 g, e9 ?/ X: ? slave# m/ o$ k4 K; [
- you can select which drive should be flashed on the channel, A0 selects Master,
: ?( Y+ E/ e# T- ^( r1 u B0 selects Slave- r( W( b; w7 L
- on SATA ports this value is always A0, cause you can only connect one drive to
- [( J" r: c3 k( O a SATA port, so for SATA you will always type A0 here$ U+ ?5 ]. |' |; O$ ]3 Y$ P
- it is not recommended to flash IDE drives with another drive connected to the
2 @. t6 q* S# n+ w5 w) Q/ k same IDE channel, this could be risky if something in the Master/Slave selection
( J6 c2 t G6 o U: v# Q1 ^ fails- T A& z- T9 Z, r( e
1 N* Y* q z1 t7 F[FLASH TYPE]
S% |1 O8 C/ E1 g--------------: f( M: z9 n5 q& b5 B8 p
- there are two types of flash chips out for CD/DVD-ROM drives atm- E8 d3 u' v3 I4 b
- the older type is parallel flash, which is also supported by mtkflash for example8 e5 X: a- k* F3 I
- the newer type is serial flash, which is supported by flashers like XSF
* S9 n! ?4 F ?+ V* s- the problem here is that no tool is out that can flash serial flash chips on # B; ^7 _ N; T2 F# j
SATA ports
4 @' Z9 j1 x* L1 U3 ~/ |
( k3 h: w6 P( T$ ?8 v4 d1 q[FLASH SIZE]
1 K# Z; }( ^4 K: t/ P4 \--------------% }: t7 o" V O' ] k G
- this is specifies the flash chip size in banks9 R" D" { u- N6 Y! |' n
- one bank is always 65.536 bytes in size8 C% H7 N* S; }( W$ _
- if you know your drive has a flash chip of 262.144 bytes in size you need to enter 40 D( z: l% a+ L2 T1 D) J9 L8 B
; ?( @" L4 @; v- C3 H# p2 g[FLASH SECTOR ERASE OPCODE]) R% m/ Y7 z) v9 B
-----------------------------/ H$ c ]' l5 V, V) r. r
- the opcode used in the flash chips datasheet for erasing
; R$ y4 @) j8 \2 ^. k- for serial chips this command can be different from the standard and needs to be
' e' T- I! f9 J } entered for flash erase
& D9 W9 O m- `% o S- for parallel flash chips you can enter a dummy cmd byte, the integrated command- b( G8 D2 ?+ ~
should work on all parallel flash chips without a prob
" g6 @5 E" P$ C4 e
( {) ?- L' L# e2 l0 D& d7 s[FILE NAME]8 k' U. K( P# t! k0 f
-------------
3 ^7 `- ?5 {" y. f# h4 t% ]$ O: c/ |- name of the file that should be used for flashing
q$ y+ j9 Y8 r- for reading operations this should be the output file
' v7 @0 N J# n8 T E/ B- for writing operations this should be the input file1 ^ h- j y+ c9 S4 s1 A, X
3 k6 A8 K5 d0 H
1 ?- h8 o4 N/ @1 B! ]* K ~- [% j
Hints and Warnings
# d- n K0 a8 I--------------------
; E2 E- x, X( [- read, write erase TS-H943A MS28 after the firmware stealth has been disabled with Enable0800 disc; ^6 R* @7 a. l8 u5 ~ I
- this only works one time, after the first mtk vendor specific intro cmd is send o6 Z0 t! X8 L* z- K; r
- if the mtk vendor specific outro cmd is send the chip goes back to stealth mode and you need
) I5 B) }& j- C) M" J% s. v again the Enable0800.iso to disable it' S) b0 u/ k" `0 f) Z
- therefor the mtk vendor specific intro is send at program start to all present devices and the$ z9 _) u3 A5 X/ e/ s
mtk outro is sent at program end N" b% a+ \" N- G3 A+ _: _) G; Q
- if you have a chip manufacturer id of 0x02 and a chip device id of 0x02 for the TS-H943A
+ H: U9 p! @; s the flash chip is in stealth mode and won't give access to any reading, writing, erasing' b0 I1 ^$ u1 z& B" h, {+ [, [
- always have a look at the DataSum generated, this is exactly the DataSum of mtkflash
3 o+ r- _& b) @& B5 ]$ Z - the DataSum is calculated as the sum of all bytes of the firmware in a short integer
; F& e" }( \, H6 W - to make 100% sure that the flash is written right compare that DataSum to a known one- s+ @! {3 {' R
- this tool has not been tested on all drives out there, the typ list is simply copied from well) W1 T d8 |0 o0 `
known programs like mtkflash and XSF2 l8 P* R: z4 Y2 o+ w
- always try a flash read on a not yet tested drive before doing anything else
. j4 [2 f1 D+ {( c9 [* k - if the read doesn't succeed it is highly unlikely that a write or erase will
7 i f. u: I9 G9 M% k2 S) J- some LiteOn drives seem to have probs to write the firmware correct, this prob seems to be
) R& d8 G r* Z8 s( N related to windows register flashing, cause even an assembler app can't do this error free
7 {# ^9 U- v( q - if you get errors on LiteOn drives, write the flash two times in a row' s) R4 X% L& l. ?
- for direct port I/O in windows the givoio.sys driver is used, this driver is loaded at DosFlash32
3 p+ M, y: S0 C n start and unloaded at program end, be warned, this driver can possibly make your system unstable,
- B1 W# o6 ^5 R' ]2 V9 `7 m it's intention is to let privileged assembler instruction like in and out pass, even in windows,
6 l b: U0 i# s! L if this driver is not used you will not be able to get direct access to port registers
/ o7 A" F |) o" s( y- DosFlash was tested on MS-DOS 6.22 and later, you can easily copy it on a MS-DOS boot disk created
6 ~) R; T+ k+ H& N- c* G1 I in Windows XP and start DosFlash directly from the disk& G# _+ X. I$ e: T4 j
- don't forget to also copy the DosFlash.typ file, it has all the informations about flash chips+ d: n9 ^( A: _9 n" k7 K
for auto mode flashing
9 F8 c* p5 c4 X ?+ V/ k- DosFlash32 was tested without a prob on Windows XP SP2, you'll need also the typ file for the 0 S6 y7 S) k/ c8 u' |- e3 Z3 h r
win version- ]1 m; ~/ J( s9 ~
- DosFlash32 will deactivate all CD-ROMs in device manager at startup, this is better for flashing,0 j$ N8 M* w0 ? h
cause Windows seems to poll the drives all the time and this could result in a bad fw file or9 @9 `5 K. C- Q1 t8 D5 q* e
a program hang, the drives are activated again at program end# L9 v+ K! m/ z6 ?3 c% q
- you should make sure that the flash is not in an erased state at program end, cause device manager' X. j: V2 O3 E1 W& f! j) }
don't like drives that do not respond to the inquiry command
* n7 ^5 r( i9 I6 X2 y# v4 x- deactivating all CD-ROMs could take a few seconds, so please be patient at program start
0 Z# a, s7 }% X- DosFlash and DosFlash32 will try to scan for the VIA 6421L Raid Controller card, based on vendor0 j _: M# P) z# A
id 1106 and device id 3249, it doesn't matter if the card driver is installed or not
3 b8 @7 q. D. F1 O7 g
J: x' J5 p$ ^- i9 @
; B, X$ U+ e0 EMany thanks to Dale Roberts and his Direct Port I/O driver giveio.sys!
4 r: t" v. L+ {. \- I4 O5 ]6 v, w6 T& B$ o+ w( z; V* Z
Avoid a bad flash!
/ n2 M8 t1 K5 q# f1 [9 KKai Schtrom |
|
窺視卡
雷達卡
樓主
顯身卡
發表於 2011-8-21 21:08:07
