|
|
ak475671 發表於 2011-8-22 13:03 ![]() ) d7 @# G! ?4 S
版主你好
% b4 h1 _0 @5 M" _- d. X* d$ o版主知道哪裡有教學嗎使用DOS提KYE的過程不是很了解不知道有沒有教學可以參考的呢, s# _: Z% i- p3 e$ r6 X( e
另外你說他提取 ...
7 F4 I' x7 ?, n! v/ H' d+ lDosFlash ReadMe.txt 說明文件
# G$ z+ x4 F: A0 s" I2 ~
5 d, d; P/ A& c& ], i; i- w& ]DosFlash V1.9 Release Date 01.01.2011
; M- G4 y6 ]1 x* D3 t% Q* s* }7 x: b* P---------------------------------------
: M* q l/ [2 S& f$ J2 U/ J3 y- SATA and IDE port scan improved in DOS and Windows6 ^2 c5 o7 }* `, w# I8 n
The ports are now enumerated with the CONFIG_ADDRESS and CONFIG_DATA register instead of using interrupts# g" E0 A1 f0 h0 c4 W2 X) Q* ?
in DOS and SetupDixx functions in Windows. This change will detect more ports in Windows than the old
5 B/ m& r. ?( l SetupDixx method.! Y _: r$ H$ c, h1 Y; C: R( M
- Settings saved to ini file for DosFlash32 and DosFlash64: \( c6 P; i1 B
Settings like Port, Position, Task, COM Port, Enable Drives and DvdKey state are now saved to an ini file' n5 O8 R9 H0 O8 q
inside the program folder. If the ini file is not present it is created after the first run. On the first
: a; }+ X T4 I/ o startup DosFlash will choose the most common and stable settings.
, Q8 ~7 }) ~: s7 Y6 G: m/ n- EnableDrives option included in dialog as a check box4 Y% M, x' r0 N' `% c9 G
Due to high demand we removed the "Enabling CD-/DVD-ROMs" MessageBox on program termination and included, W. l" d9 q( k O' h$ q
a check box "Enable Drives" inside the dialog. For security and more stability this is deactivated on the# E2 {5 }7 |1 z H* |$ \
first run. If you enable it the checked state is saved to the ini file./ `( O1 ]6 j6 `
- enabling drives in Windows caused some hangs from time to time, this is now fixed by a recoded enable O M8 P% W8 r) b( d
drives function
4 y& f6 Q/ _. V: R( m N7 u- port drivers portio32.sys and portio64.sys are now added to the executable and unpacked during runtime Q, b( z' X9 m3 _/ Q
- PATA and SATA controllers list updated
0 Q7 _- w' `1 m9 g# v; l* z- Fix for NForce motherboards in combination with drives like the "Samsung SH-D163C", "LG DH18NS40" or
8 v( G8 W! W7 b5 c8 a2 t "LiteOn iHDS118"
7 _ \4 C: @. E* ` Some drives have problems with flash identify, read, write and erase. This is clearly related to the
1 w$ ~$ f/ x9 m, {. u NVidia NForce chipset. For manual mode in DosFlash16 an additional command line parameter is added called- L# a* o4 k1 Z! }. _
"NFORCE FIX". This parameter should be set to 1 for NForce chipsets if you experience strange problems.
4 t, G* w3 `, t2 o In DosFlash32 and DosFlash64 we added a static control which shows if the NForce Fix is applied or not.1 e( d# h) ~ X$ r, ]: Y
Remember there is no need to activate this with every drive. It seems to be a combination between drive. ^- `: O" n) v
and NForce chipset that causes the problem. The fix is automatically applied for DosFlash16 in auto mode,2 M- @/ {& a) _# a J' ~7 x
DosFlash32 and DosFlash64." e: e/ v/ E+ w/ o* G/ K4 J3 O
- DosFlash32 and DosFlash64 are now DPI Aware for Windows7
( R- G0 x3 z* m5 m9 b7 n' _- New task Verfiy Key/Inject Key added for verification/injection of drive keys
# W3 T- x: q/ t All DosFlash versions now have the possibility to validate drive keys against an XBOX360 drive and set
2 p$ V: F5 a w the key for an XBOX360 drive. We use the same authentication method like the console to verify a key.
+ D3 m, A# c2 \, c5 y7 u/ ^! n1 f In the Windows versions you have the choice to paste the drive key from the clipboard to our custom hex
( N) z0 p- e6 B edit control or load a key file. To add a key simply click right inside the hex edit control and select
* o( ]7 Z1 X" C) _ your choice from the shortcut menu. In DosFlash16 you can enter the key in the format "1A-2B-3C" without
# a- F. x3 i) `' ] quotes. Remember that a key has 16 bytes of data. The key file to import should also have 16 bytes of data. H0 ~; K1 C% V- L+ r; u
like the key files exported by LiteOn Key functions.
4 Q% M5 v# Q& z6 z( \# f- Removed multiple key extractions for LiteOn Key functions, added Verify Key after extraction y# J/ g0 b2 @: V' v9 o
For LiteOn Key functions we removed the multiple extractions, because the key is now verified immediately
1 M2 T/ ?$ J5 m5 {* j- i$ I against the XBOX360 drive., Z3 E6 u) o4 m( Q" U
- LiteOn Key V1 and V2 now also extract the file Serial.bin and the 2nd inquiry file Inquiry2.bin( O( @, s# x6 K- p8 l) l
We added the file Serial.bin and Inquiry2.bin to LiteOn Key functions. Inquiry2.bin is only generated for
+ X" w- g2 u, F4 T8 f& F. U; w LiteOn drives V1 and V2.
, i; f! F# f% N# U& _9 G& M2 e- The drive key of Maximus patched UART drives can be extracted by using the task "LiteOn Key V1 (DvdKey)"
* @# @- D7 g; K4 \ ~0 B The drive check has been removed from LiteOn Key functions. This way we can extract a key from an UART & Q" C" U) O/ G! t8 S% _; c
patched drive firmware by Maximus.( O: H3 ^* Q" X9 m6 |0 D9 D$ \
- LiteOn files are now extracted to a destination folder instead of prompting the user for every file name.3 d* o" }. O' J7 W- F, E
- LiteOn key extraction tasks separated per drive version in "LiteOn Key V1 (DvdKey)", "LiteOn Key V2 (FreeKey)"8 E0 N' `2 t& s
and "LiteOn Key V3 (Tarablinda)"
, [9 q: a' @+ `5 l5 x- In DosFlash32 and DosFlash64 the number of installed COM ports in the system are now enumerated instead of3 h% @+ K! G' J
adding port 1 to 4
: b' P! N! W* _, g: b- For failing cdb commands the sense code is returned
; x" L; x! d; W& O- Geremia's Tarablinda functionality added
" T* g% B& @* q- Q We added all Tarablinda tasks to every DosFlash version. You can extract the key by choosing the task" Z2 g3 E/ y- v' O0 y9 ^+ e
"LiteOn Key V3 (Tarablinda)". For read, write and erase of the flash simply use the standard functions.
5 V6 \- W ]5 Z' w* D% d. Q$ S5 z; p+ j Pay attention that the "LiteOn Erase V1/V2" task is only available for older LiteOns and not for the Slim.
) `: r3 r- Y# F/ |4 t You should use "Read Flash", "Write Flash" and "Erase Flash" for the Slim. "LiteOn Key V3 (Tarablinda)"% }/ ^, T! ~' q3 f2 ]
extracts 1 additional file in comparison to Tarablinda v04b, this file is called Xtram.bin and contains# C0 K% R/ R6 i* g
a dump of the XTRAM8000 area. This can differ in a few bytes from one dump to the next.7 }5 ` x ?2 l
- Device Reset in DosFlash16 manual mode is now done automatically, there is no option to turn it off anymore
. m+ z' @5 C( j- Code optimization to work with modern SATA2 controllers added, remember to set SATA controllers to IDE and e, J! \9 r! b/ I3 R% y. |" a
not AHCI mode otherwise Port I/O will not work
0 g& u$ B; Z/ P, y% t( Q* {- Warning: The read, write and erase of the Slim drive is considered risky in general! So pay attention and
9 v/ k$ r9 Y1 f$ S5 L1 v always remember you use DosFlash on your own risk every time! Even during flash read the Slim gets flashed% ~0 L2 L5 b: n7 e/ j1 o
with a patched firmware sector to retrieve the complete dump!
c9 y$ Z* W0 v- We had to change many command line arguments for DosFlash16 Manual Mode, because of the NForce Fix, added/ S) V O- e0 t+ p* h3 Z* e/ J
Tarablinda support and splitting of LiteOn Key functions. To get a better understanding we added the example8 n' S3 s- U8 t- B
section below., o3 a7 y0 k+ V ]) i) f
5 Q3 D+ r8 n+ n$ O
9 p4 }( W! f1 F) VDosFlash16 Manual Mode Examples& ^ ~2 _! r7 s, s ^1 x" ~
---------------------------------, ^/ b n c$ A
- Extract drive key on a " LDS DG-16D2S 74850C" over UART -> "LiteOn Key V1 (DvdKey)"1 W1 O) a' r+ B9 p! _
DOSFLASH LITEON K V1 0970 A0 1; x! _7 n7 I+ R" }
c# `( L6 A0 k
- Extract drive key on a "LDS DG-16D2S 83850C" over SATA -> "LiteOn Key V2 (FreeKey)"
' m: h b; C1 x/ x) @ j, s2 i DOSFLASH LITEON K V2 0970 A0- y7 b/ B, {7 e/ ] ?
y [/ l" ?- e8 ~9 O
- Extract drive key on a "LDS DG-16D4S 9504" over SATA -> "LiteOn Key V3 (Tarablinda)") j. a( M1 u0 m# h. ? c# V
DOSFLASH LITEON K V3 0970 A02 l1 N; A! R" q* a, z: |
, A# g1 c- a, k+ V* @; ~3 E
- Read firmware on a "LDS DG-16D4S 9504" -> "Read Flash" this is considered risky!& [0 x9 b* w3 B% b+ R' D2 w
DOSFLASH R 0970 1 A0 3 0 4 FWOUT.BIN 03 J" Z. T2 ?/ F2 Q; p, v7 Y' M5 q, ^
; u5 O3 {- T' J4 W# \- Write firmware on a "LDS DG-16D4S 9504" -> "Write Flash" this is considered risky!6 g! h P; p" M$ o; ^
DOSFLASH W 0970 1 A0 3 0 4 FWIN.BIN 0$ h) L6 H" C' l1 R. ]0 |1 [
6 E; b+ V4 \& S3 c3 q
- Erase firmware on a "LDS DG-16D4S 9504" -> "Erase Flash" this is considered risky!
/ M7 E" o. f1 I: i) r DOSFLASH E 0970 1 A0 3 0 4 C7 0
9 a! Y+ W: {! a. g) Q: T7 p- d9 v% T, l) O. W" Z8 N
- Erase firmware on a "LDS DG-16D2S 74850C" or a "LDS DG-16D2S 83850C" -> "LiteOn Erase V1/V2"( N3 {5 w, q& ]4 G
DOSFLASH LITEON E 0970 A0
( O" H# C: F( J1 S" v0 D& C
5 D: R' k1 B6 ?7 ]* D- Read firmware on a "Samsung SH-D163C", "LG DH18NS40" or "LiteOn iHDS118" and a NForce motherboard -> "Read Flash"
6 B0 C, \ g1 v8 r+ `# M: R/ a DOSFLASH R 0970 1 A0 2 0 4 FWOUT.BIN 1* b# u/ ^* k/ |+ ~' T
( |% I! O7 u' c8 P% w- Write firmware on a "Samsung SH-D163C", "LG DH18NS40" or "LiteOn iHDS118" and a NForce motherboard -> "Write Flash"
, X2 D% h1 r7 d9 C2 \8 i DOSFLASH W 0970 1 A0 2 0 4 FWIN.BIN 1
2 ^9 u5 A$ r; K' u% y- n0 x) v) i
% n; t" }% }+ s, |+ t- Erase firmware on a "Samsung SH-D163C", "LG DH18NS40" or "LiteOn iHDS118" and a NForce motherboard -> "Erase Flash"6 M5 l H: z$ l0 `4 v7 ]2 e
DOSFLASH E 0970 1 A0 2 0 4 C7 13 |6 }% M/ d4 m3 L' u3 L5 ^+ f. p
2 r& v1 `: `; ]! F; ?" T( `2 F, h
- Verify drive key on a XBOX360 drive, enter the drive key manual
. O8 O( ~1 G" q$ @$ J DOSFLASH V 0970 A0 12-34-56-78-90-AB-CD-EF-12-34-56-78-90-AB-CD-EF: s7 _" N O' V+ x) N0 S
! A7 w/ b& m( Z. L* O) x' q) Z- L
- Verify drive key on a XBOX360 drive, load a drive key file) c1 ]7 M* N0 ^7 b) k& ^3 m
DOSFLASH V 0970 A0 KEY.BIN
8 G; i. q R8 t! j9 r. ~
* c+ A- P/ m8 E* z F& `7 A: c- Inject drive key on a XBOX360 drive, enter the drive key manual* y6 r! |4 h: B! L
DOSFLASH I 0970 A0 12-34-56-78-90-AB-CD-EF-12-34-56-78-90-AB-CD-EF
# L; i v4 \. s# a4 p% @% `/ e. K$ [& B, \( R A: W) C* s" k
- Inject drive key on a XBOX360 drive, load a drive key file- M9 Z+ P; T& p* B7 y4 Q
DOSFLASH I 0970 A0 KEY.BIN
. o- w2 M( P* t! f0 C+ b; j5 A7 N! x% |
For DosFlash drives on which we can extract the key via UART are considered V1. Drives we get the key over
. \4 g4 x- ]6 {3 fSATA are considered V2. The new Slim is considered V3 but only firmware version 9504 is supported atm.6 U. [. u& o2 y/ T9 Y
7 v* B+ G$ E% {/ |7 x3 g5 M
5 V6 I. c& ]* h- r* d# W4 w8 {# tMany thanks to Geremia, Modfreakz, Redline99 and Tiros for their support. Special thanks to Geremia and
+ k) N8 p' G/ ], m" xModfreakz for drive sponsoring, testing, coding and much more. It is always a pleasure to work with you
& J& K0 f) L2 Z# a' qprofessional guys! Respect to Maximus for his UART enable patch. I'm looking forward to your magic Lizard- y: h0 F: r/ b# G
hardware flasher!
2 \4 K3 y. P3 ^+ k( z* v$ `
4 F$ C; V) L/ i! L0 }4 M4 |# g; oHappy new year 2011!
% u* D1 P2 i6 s! a5 u! F) w$ fKai Schtrom
* {0 T9 o) Y- R5 ?8 c% i! |! B* j* h, [% P% }
************************************************************************************************
$ `1 P$ S5 ?% a2 G
) m# t. Q' s8 M: w: p$ ]* e- z% x0 c9 F9 i' _
DosFlash V1.8 Release Date 08.08.2009
# l. {. u U" C% i% v---------------------------------------1 A3 c% `# i* K/ x, { x n4 K
- now supports LiteOn PLDS DG-16D2S 83850C V2 Geremia/Maximus LiteOn FreeKey method
% |- @/ { b! D1 }* A- huge firmware read/write speed increase, especially if run from a floppy disk
' C+ c/ X- o) b1 x- updated IDE/SATA motherboard chipset list" _- O8 [- v- G% K1 \
- new IDE/SATA detection for Windows and DOS
+ j; ]: h }, x- DosFlash.typ embedded in executable file
+ k3 ^0 S" Q' W3 ^3 _' s- LiteOn V1 drive key is now extracted 10 times and compared against each other,
5 j/ f/ Y# Y% X, V2 q* D u) d a+ c after the extraction a summary is displayed sorted by the most common matches) r; q9 {$ l0 z7 Z5 z# K
- LiteOn V2 drive key is extracted 2 times and compared d: ?# b! B# u8 O3 |0 ~
- new BenQ unlock keys added to unlock all known BenQ drive firmwares& P$ m. ^- ^( s- n7 `8 s0 L: h3 a
- command line parameter "EnableDrives" removed, DosFlash asks the user on0 e! d% l# e3 A. u( a6 w
application close if he wants to enable the drives or not, during the tests it- d8 W& G5 W$ b/ l. U
seems that IDE drives have problems with the enable, SATA drives seem to # p8 t+ g* C7 ^. c. D( [
work fine" {; P% X2 }8 J% P1 z6 ]' R
- new 64-bit DosFlash edition added called DosFlash64, because some driver. {! K+ w \8 X+ O
functions don't work as expected in the 32 bit compatibility mode on Windows x64
( k# W) d! S$ a8 ]- Beta state removed
# G- H% ?2 V3 H* d1 a) E3 k- ready and tested on Windows7 X86 and x641 }0 _ P; l2 E, Z9 F
6 R3 c/ j- ~8 c9 t7 V) W# N3 m/ r: P; N4 t! `* k4 L
Geremia/Maximus FreeKey method with DosFlash16! {' I! q% n) j* Q b
------------------------------------------------9 a s% P9 s! {% }% v2 J
We have added one cmd line parameter for DosFlash16 in manual mode. The COM port2 Q3 i1 w, b! K) s
is simply ignored and can have any value for the V2 drives.
6 s# F; u$ q8 I3 cUse the following command line to extract your free key from 83850C:
- i7 O/ P4 n4 i) q) {5 m- DosFlash LITEON K 0970 1 inquiry.bin identify.bin key.bin dummy.bin enckey.bin c7 @9 T. U% ]. S" y
" P1 y5 K( [! s4 g) W5 M L
/ ~! n8 Q2 A8 s- v# C( j5 P
Tips for running DosFlash on Windows 7
; e" |0 ^* Z9 W) H6 v* p- \----------------------------------------
$ }7 `0 D `9 X+ Y1 C/ _8 r
# w8 x/ H* v4 Q0 K, R- _Since Windows Vista 64 Bit and upwards it is necessary that every driver is signed. Because
( }9 K/ K+ h- w, f7 r7 \the DosFlash driver will not be signed by MS due to some unknown reason we need to circumvent
8 y& r% S6 c2 @ d' hthis check. You have the following 2 possibilities to do this.. b5 J/ C+ T3 E4 V I# V
! m. n) f" v2 G: hSafe Way of Disabling Driver Signature Enforcement
( i9 @7 `( m9 p7 h+ {9 I2 }, E1) On Windows 7 bootup press F8 to get to the extended boot options screen
' I' @- {% V( K$ \+ `# o2) Choose "Disable Driver Signature Enforcement"
) j' |- g U# R" N# F$ _, v3) To start DosFlash right click on it in Windows Explorer and choose
3 d" x ?2 a7 ]5 O$ }5 b "Run as administrator" > answer the message box with "Yes"
% P, w( \' O$ {% o$ g! W/ h; A4) Short after the program started a "rogram Compatibility Assistant" warning message# w/ i# ^5 y1 i/ L6 p* a7 |
is displayed, you can simply ignore this by pressing the "Close" button
4 U w k# `% K/ w' u9 s( k, H
& [, W t. P+ @2 M' `- i" \Recommended Way of Disabling Driver Signature Enforcement% @ F, P6 {# w) \4 d# w
1) Disable User Account Control (UAC)" ?) G! z4 g' F+ B
- go to "Start Menu" > "Control Panel" > "User Accounts and Family Safety" > "User Accounts"0 e% F: j, @" z3 E9 R
- click on "Change User Account Control settings"
3 }$ `: U, z, w& G+ e; n - set the slider bar to the lowest value (Never notify) > click "OK"
. W6 m9 Z; B6 w2) Sign the DosFlash driver' O+ W" [* E- n/ ~
- download the "Driver Signature Enforcement Overrider" (DSEO) from
1 }4 `1 S) [( n* }; g http://www.ngohq.com/home.php?page=dseo( R# k3 h6 s' P) O/ ]' `+ H
- start DSEO > click "Next" > "Yes" > choose "Sign a System File" > "Next" > enter the path to
& i. f0 j: M8 G0 f the used driver (portio32.sys or portio64.sys) > "OK" > "OK"
, }' c- S! L8 ^7 O! n- w3) Disable Driver Signature Enforcement3 v7 n7 p1 W# L0 F T8 E+ m- H
- start DSEO > click "Next" > "Yes" > choose "Enable Test Mode" > "Next" > "OK"
8 D; g* t" D _/ t4) Restart the computer, E v7 ~2 U! E! f' i7 s7 i2 b
+ a2 b: W" A& J( b2 P4 Y9 cKeep in mind that with the recommended way the changes will have effect on every reboot without2 s( K- z0 f" d$ J
doing anything manual. The first way needs to be done over and over again. In addition the second- |8 ~% i2 a! ?$ V
way can be used to sign every driver that doesn't run natively on Windows 7.
2 h) j- M7 O5 k9 q5 Q
- ^* C9 }$ g6 @' x7 h ]For use of the VIA Cards in Windows 7 it is recommended to uninstall the VIA driver. This can be# V- i, }6 v/ I/ v1 V8 B$ }
done like follows:% {: f$ ~4 R+ k
- start "Device Manager" > expand "Storage controllers" > right click on "VIA RAID Controller" >
4 R* V$ F( O+ x9 U' P- n( U! M choose "Uninstall" > "OK"
# V, O6 Z. E$ A8 i5 v0 W- rename C:\Windows\inf\vsmraid.inf to vsmraid.inf_
% ?$ B0 u0 x0 \# T- rename C:\Windows\inf\vsmraid.PNF to vsmraid.PNF_
7 O6 [0 n. M" O$ h! Z- rename C:\Windows\System32\drivers\vsmraid.sys to vsmraid.sys_! l! c( a: `% _0 J x: T0 B8 h7 u, p I
- reboot computer
6 P* `2 T8 k" n) T/ s# H& K0 m2 k, X4 B
$ n1 \2 o0 x0 k
Much respect and credits go to Geremia and Maximus for their money saving FreeKey app/ K) o |6 {2 r) E6 b/ F
and their lightning like decryption speed!
9 ^# Q' i1 T8 i" P% P
& Z9 l2 Y9 a, `" H9 W7 X' BIn Dedication To The Birth Of FreeKey On August Fifth 2009( m8 I( I: q0 z6 ~; ^
Kai Schtrom0 ^/ N8 c$ r* K& a3 U, s y& U9 X
3 q' ?' H5 s# s% w6 t$ R9 N
! m: h; I! n1 d. m, H- L
************************************************************************************************
. P3 Z z1 \" e( k: x7 T. N( B
( `6 g, W& I9 s! D" W [
! e( q; B8 Y6 N( m4 aDosFlash and DosFlash32 V1.7 Beta Release Date 23.12.2008, w9 G) D% Z! Y$ [* F+ o. }
-----------------------------------------------------------6 i5 s3 F3 F0 ~% }
- now supports LiteOn PLDS DG-16D2S 74850C and Geremia's LiteOn Erase and DvdKey method! @1 _! z' w% S: V9 `
" w' k% w* ^8 |3 U
' J7 B" `4 n5 B! |1 \* ?& aThe following only applies to the new XBox360 LiteOn drive PLDS DG-16D2S 74850C.6 M* y9 u7 X6 Q; {
1 Y6 u8 f; @. o" @; K7 {
+ r+ m7 ? w3 }0 M, |% |Geremia's DvdKey method with DosFlash16 with the PC's psu
. F; V6 x' K4 b: Y h6 x-----------------------------------------------------------
, `! P) [" \/ [9 r- disable CD-ROM boot option in BIOS1 l& N% Z% d3 p
- connect LiteOn to your PC's power supply unit and SATA port
6 |" u5 D) G! `2 x+ P& c5 Z0 _- power up PC, wait until bootup is finished
1 |8 }! k6 Z5 i2 g$ `- eject tray of the LiteOn and shutdown PC completely
( Y* v' r* t) G+ J. M* D/ t- push the LiteOn tray half in# R! p% F) E" M ~ R* s
- power up PC and boot into DOS
* ~ @, {' R; I7 B9 k- run DosFlash16 in auto mode
; Y3 M2 d. v; k/ A0 a, { _2 b- if you read the following:
; f1 n; b* u6 P9 e9 ]# S( u MTK Vendor Intro failed on port 0x????.) V. U9 b. G5 z4 m1 b- L' M
If you choose to resend the command you should turn the drive off and on
6 W" e6 _" l3 M, D- L: S) E+ I after you pressed "Yes".
" R- ~7 Z. t7 ~$ p# G Do you want to resend the command until the drive responds (Y/N)?7 o W) i/ g. x' \. I! `" V
- press 'N' for "No"
, u& ^ _4 p% ?- choose the number of your LiteOn ATAPI drive
* {% P( P1 H& L6 T5 j @2 U# B- enter "LITEON K" to read the drive key; u/ J" N+ H: g' Q5 @6 d9 }9 k
- type the names of inquiry.bin, identify.bin, key.bin and dummy.bin output files
4 `8 d$ j- e1 u+ y" h5 n. t, x- enter the number of the COM port
h. Y6 H# h4 K, V9 {0 T- if you read the following:: ^& V+ I3 O6 m T) n% y
To receive the drive key use Geremia's DvdKey method like follows:7 i& U" v8 y" W- b& ^
- Connect your drive with a serial cable to the COM port2 s x9 s) j4 k) y7 B' C" ?$ N
- Eject drive tray6 x! d+ \ {0 o
- Power off drive
+ r( A' m% H* K! i& K) C - Push drive tray in until it is half open
6 i$ V% R& E. [. c7 u - Power on drive
( z7 d3 A& X( {4 s% Q Z1 L0 L; D$ j - Press "Yes" if you are ready, [) k, \' T% U/ M& {1 M
Are you ready (Y/N)?
8 t6 t8 a4 [ S m- simply press 'Yes' without doing anything of the above, because we% h9 l; O; l( L% o6 o& G# L
already did that before
: c( G! d" e9 G/ D& p: |/ x- after this DosFlash16 displays your DVD-Key and saves your key and identify data
0 l1 u& W2 \. N6 n* N- to do the above steps in manual mode use the following command line if your drive x; X! c5 M4 O7 C, e& u9 c2 f
is connected to port 0x0970 and serial cable is on COM port 1
# i8 A: B6 T* S& v DosFlash LITEON K 0970 1 inquiry.bin identify.bin key.bin dummy.bin, @- ]4 c4 K# c
3 h7 i! J3 P }2 h
5 n* f! a! C: ?Geremia's DvdKey method with DosFlash16 and 2nd psu! t9 l/ d* J9 j0 H
-----------------------------------------------------9 k/ \9 M% F7 h& O9 @& t
- connect a separate power supply unit to the LiteOn, don't turn it on yet
0 t4 f8 V7 E N7 F- power up PC and boot into DOS) M6 m) A4 F! `
- turn on the LiteOn psu
$ e2 `$ A. h9 K# ~- run DosFlash16 in auto mode( ~! Z1 C8 I- v+ H1 K+ w% f
- if you read the following:# R! I# o: h& `8 f- [9 T
MTK Vendor Intro failed on port 0x????.
: Z1 o2 }6 R9 T: Z) u; c, } If you choose to resend the command you should turn the drive off and on) d7 V" s# G6 W8 ?* o
after you pressed "Yes".
; `$ E) g6 L `8 w! f. W1 w; M/ o) } Do you want to resend the command until the drive responds (Y/N)?
- c7 [: Y9 ]+ o Z- press 'N' for "No"; [- \: i' v& F1 [* n
- choose the number of your LiteOn ATAPI drive) t. U4 R" \. ]
- enter "LITEON K" to read the drive key
0 {; B) k3 ^( A# O; r' h4 J- type the names of inquiry.bin, identify.bin, key.bin and dummy.bin output files8 J0 F% J# G/ F$ B/ d- s N- y
- enter the number of the COM port
4 g4 V0 y' ]- `/ X, o% w# Y- if you read the following:3 g: o! A r3 _3 G' S
To receive the drive key use Geremia's DvdKey method like follows:
" C, N1 `2 H5 T& G H, q - Connect your drive with a serial cable to the COM port
7 \9 R2 p7 j' |9 G5 x - Eject drive tray+ {# n* K) z5 d8 H h& P1 h. z
- Power off drive" L) h" D' G3 J# t
- Push drive tray in until it is half open% }; n* ^7 H( |+ t, a7 a
- Power on drive
1 P, `$ ^- I1 q& w - Press "Yes" if you are ready. ` I. v& F3 q0 s
Are you ready (Y/N)?7 p8 C( u* U. O
- do the above and press 'Yes'
9 g) G' z$ A2 }7 [6 ]( f h' G- after this DosFlash16 displays your DVD-Key and saves your key and identify data) d7 M1 w* N& F9 V3 g9 y
7 _6 m ]+ h) Z* \% I: p
* E w \2 N) E" X9 ]Geremia's LiteOn Erase method with DosFlash16 and 2nd psu
, I( ~" m3 [5 h-----------------------------------------------------------7 ]% \, n4 x+ j
- connect a separate power supply unit to the LiteOn, don't turn it on yet
' v' h. n. w( V6 J4 U- power up PC and boot into DOS; t3 E2 v/ M) U- @- w
- turn on the LiteOn psu
6 y. y5 I. v3 {, H% s2 s' U! v5 o2 K- run DosFlash16 in auto mode
2 \7 J3 k* K$ N9 H2 @2 @( X- if you read the following:
" g; f+ l {% j: @ MTK Vendor Intro failed on port 0x????.
4 e3 o! @& B% u# N0 [3 I3 p' d If you choose to resend the command you should turn the drive off and on
% N. w; l* b1 I0 `' i after you pressed "Yes".
1 h$ r8 v" Q7 I* ~ Do you want to resend the command until the drive responds (Y/N)?
8 X" ^* }. v1 `; ^% v1 Q7 b- press 'N' for "No": U0 D1 K. y* w( S5 C/ b) S% j
- choose the number of your LiteOn ATAPI drive$ O+ e2 {2 A( t A( h
- Warning!!! Keep in mind that you will need the drive key before you erase the flash,
1 V. O8 V2 v; P5 `/ `( v! Q without the drive key your XBox360 will not work anymore
/ n6 J( P* {3 Q6 ]; q$ z- enter "LITEON E" to erase the flash; w1 z/ F% a; S8 V* k- Y/ E f
- the first time after the LiteOn Erase the drive needs to be repowered to give
# ~3 _3 Z- c9 K# i$ x flash chip access, this can be achieved by repowering the drive before another1 N) y- \ k# U8 A
DosFlash16 start in auto mode or by doing a MTK Vendor Intro Power Brute# m7 h: b- \& [2 \0 y2 T2 |1 {
- in my tests it did not work to power the drive with the PC's psu, because it will5 e: O( W& f. h1 M/ A
always respond with busy status
7 f( {3 W' W Y* I- DosFlash16 can now read, write and erase the flash chip like usual% B6 s/ f! C$ {& S& j1 g
- to do the above steps in manual mode use the following command line if your drive- O3 h7 s0 y; ?, v1 L0 N
is connected to port 0x0970
0 Y; F% V& b! q! [. n DosFlash LITEON E 09704 E5 J- Q! e, @; K. u& X+ y' @7 a
5 f5 Y: {% c' Y7 C$ J
, U; ~& c6 m' ]9 C! ^Geremia's DvdKey method with DosFlash32 with the PC's psu" C! Y: e2 x }- R3 @/ G
-----------------------------------------------------------0 \4 e4 y; D. R5 j i9 i
- disable CD-ROM boot option in BIOS
/ j0 M, g8 r" ~' i- connect LiteOn to your PC's power supply unit and SATA port
* x+ [# }, S/ x: f' W+ _* G% }- power up PC, wait until bootup is finished6 Z! Z% u$ G0 d: u* I c. {
- eject tray of the LiteOn and shutdown PC completely2 D. u1 f* q- N V- K8 h$ L
- push the LiteOn tray half in: ], |2 m9 |' d8 X3 Z5 n6 O6 J* K+ J
- power up PC and boot into Windows
0 M$ v: ^1 w% X, t- run DosFlash32
' S2 F9 f" W: S. s1 K; A- B1 j- if you read the following:5 m# }8 ? C3 g+ f6 }3 w! s
MTK Vendor Intro failed on port 0x????.
: [7 }+ Z) Y: y, |; ~" ]- W If you choose to resend the command you should turn the drive off and on
! m$ e, `3 d1 e1 R1 q2 J* j2 h after you pressed "Yes".
4 H, q. j, J4 m6 c% e, S- w: |- Z Do you want to resend the command until the drive responds?' _7 B6 w% G2 _9 g6 l
- press 'No'% k1 @8 q" E3 X- D4 a+ x7 c) F
- choose "LiteOn DvdKey" as flashing task& G' I4 u) c s9 [8 @
- choose the COM port number8 f! {3 E0 W+ V+ Z6 S% O
- press on "LiteOn DvdKey" button
( L: @4 C+ U% b4 H1 ^$ J* _- enter the names of inquiry.bin, identify.bin, key.bin and dummy.bin output files
( t; w1 P1 ?$ h: w2 Y: I& `0 |- if you read the following:
' ?) x3 p4 S, d6 q5 ^ To receive the drive key use Geremia's DvdKey method like follows:( E/ {8 @, ]) Q. a) s' b L. k) {9 k
- Connect your drive with a serial cable to the COM port
' G W8 P% w3 H& b- t7 ?- N - Eject drive tray9 M' E! S# n& e: y/ N$ C3 d
- Power off drive
" c4 S3 \- ^) q3 t - Push drive tray in until it is half open3 a6 L# E( w& h0 I
- Power on drive1 J* |( @1 j7 P9 ?' }8 ]' e
- Press "Yes" if you are ready8 k6 H# s2 M: ~7 s9 Z; s0 |
Are you ready?
8 ?; w4 [6 N2 T2 @0 d. E: n- simply press 'Yes' without doing anything of the above, because we
! e) ?2 S( ]6 A# t' |% _4 P already did that before* Q! F3 \7 j$ J' e# F3 H. B
- after this DosFlash32 displays your DVD-Key and saves your key and identify data
2 E' V9 S; R# d* @& K# e
: v3 a# T$ z* s7 d2 k' M( ]! r8 c/ a, K9 }" S4 }( F9 D& U6 {
Geremia's DvdKey method with DosFlash32 and 2nd psu
C$ G! }$ Z* e, Q-----------------------------------------------------( c8 L- x4 y. A8 [6 A% V9 b1 q2 S
- connect a separate power supply unit to the LiteOn, don't turn it on yet
5 R% E- n k# e1 E4 |- power up PC and boot into Windows
5 D, F8 g% k4 l- E( f. D- turn on the LiteOn psu, L' }) w/ ]7 e" B- P
- run DosFlash32$ ?8 a- B7 w2 ?9 y9 \# p v* W. {8 M
- if you read the following:
4 T5 e2 P6 S, C% |1 [/ T MTK Vendor Intro failed on port 0x????.
( M) M O- W& r If you choose to resend the command you should turn the drive off and on y% Z' r$ ^ B) h1 w9 w" s
after you pressed "Yes".2 }: f" `$ P# V
Do you want to resend the command until the drive responds?
/ k( }+ M8 o8 V- } @; k; w- press 'No'# L4 q1 o; d+ f. L
- choose "LiteOn DvdKey" as flashing task5 X+ _2 |% _1 }1 }7 Q1 Q7 z
- choose the COM port number2 f) H! T/ k8 A7 W
- press on "LiteOn DvdKey" button- u1 d/ V' t2 A& k
- enter the names of inquiry.bin, identify.bin, key.bin and dummy.bin output files
) |+ K/ d/ W3 C8 m4 B- if you read the following:
6 @+ r* [2 Z. m) i. f. q. C, Y* Y2 o To receive the drive key use Geremia's DvdKey method like follows:2 v1 w% q9 t: f" I
- Connect your drive with a serial cable to the COM port
K0 p5 k0 z& `& C, u - Eject drive tray
6 y( P7 I. e, z1 S N# V - Power off drive
( @4 W! u& |, q) N - Push drive tray in until it is half open
% s5 M$ V r' Z- F5 |" \ - Power on drive/ |7 |( Z5 m( l0 D$ b! N" l
- Press "Yes" if you are ready
5 ~ I1 V4 I# S' j2 S4 \ Are you ready?0 @9 w `1 d+ N$ s& r
- do the above and press 'Yes'
; c/ Y9 @8 q m" r6 f% X# z) P. C- after this DosFlash32 displays your DVD-Key and saves your key and identify data
: C3 v$ f" _/ ]1 c. P/ ]
Y8 [) j( n( n8 ~9 w& p' ]$ c+ w
t. v6 P+ T# c7 w7 I7 `Geremia's LiteOn Erase method with DosFlash32 and 2nd psu; l+ ^2 B. ~2 Z! O/ O% M
-----------------------------------------------------------9 R' w, J4 E) d9 t( H
- connect a separate power supply unit to the LiteOn, don't turn it on yet
' _. `& u) k7 d- power up PC and boot into Windows
; D( B& x5 J7 Q4 Y; j, V- turn on the LiteOn psu
; n6 C+ s8 X0 i/ Y& a" w0 t- run DosFlash323 v0 K8 F& z7 a- W7 z
- if you read the following:
0 j' l* o2 ^) A' L MTK Vendor Intro failed on port 0x????.+ }% t G3 A, R! w
If you choose to resend the command you should turn the drive off and on7 K' w4 i0 `: _) V1 Z \0 W( e
after you pressed "Yes".
, ` ^' Y) ~0 V$ P Do you want to resend the command until the drive responds?
# s* _; ~& [5 D' J; K( E5 q; J3 c- press 'No'
2 N; H6 i |8 y3 \5 Y; ^- Q% z `- the LiteOn flash is not identified
. i) \8 U* I/ ^& {/ S6 I; d- choose "LiteOn Erase" as flashing task+ F& v# h3 Q2 B: \/ u# H' ~% }4 f; |
- Warning!!! Keep in mind that you will need the drive key before you erase the flash,2 a! A/ D f/ y3 m
without the drive key your XBox360 will not work anymore
; B' F# X `; A* }/ U* l5 I& n- press on "LiteOn Erase" button
( i0 h% v" K- [8 ?- the first time after the LiteOn Erase the drive needs to be repowered to give
# Q6 J* H) g# _8 q2 f flash chip access, this can be achieved by repowering the drive before another) a$ H9 p/ U+ a5 q5 ?4 }
DosFlash32 start or by doing a MTK Vendor Intro Power Brute$ E, Y( k- n {- E1 p) _
- in my tests it did not work to power the drive with the PC's psu, because it will5 \ [4 Y+ ?, p. h& R- y, R6 G
always respond with busy status7 k( H% N3 c4 t3 A! X( o) v4 [
- DosFlash32 can now read, write and erase the flash chip like usual
, e$ Y& M i1 z
) e" I4 D" U7 h, K8 i9 m/ A z( U I- }) t% X" _* O+ o
Respect to Geremia, Modfreakz, Podger, Redline99 and Tiros.: O( g) K/ M& {, T( l0 P5 G. r( U
# [5 `9 G0 Q) Y/ a
Like a wise man said: "0x2E is the MTK Intro of Death"
3 @1 ~$ { k( `0 u6 W9 MKai Schtrom1 ~" S E ~7 Q3 I& r
& F$ {8 F& H4 D: Y/ i5 u6 I
4 F/ {9 i, A4 y3 n$ s* Y************************************************************************************************
' o4 y' b( q2 w. y! v. k& L& B% c5 L5 {; x8 i
, d" X1 W8 L }1 ?7 I
DosFlash and DosFlash32 V1.6 Beta
: M. b9 F9 I: F5 J8 h. D* N3 k-----------------------------------5 }( A- b7 q1 @1 h( _% i
- fixed power brute unlock bug for VIA cards, this can stop your VIA from working
) f9 R! ?# ` F" a. y8 w4 | with the power brute unlocking in Version 1.5; \5 e4 Y+ G; N/ Z
- for DosFlash16 in auto mode on DOS my VIA card works best if I do a cold boot
& _& v$ }! s ? and power up the drive short before or with the PC/ G* j" j8 R( F5 @. G- \
- for DosFlash32 on Windows my VIA card works best if I power up the drive short
7 A8 s* j: }4 R/ J: ?+ S3 G% Y before starting DosFlash329 e8 z1 W" W, M6 e0 Z s
- for me the VIA works with internal and external connectors on DOS and Windows
% m K2 R, o& \- a6 a% d) D2 N1 y: o) Q& m0 F4 p2 ]
Sorry for the trouble!
/ V- C+ w& c; z! j3 m7 ~9 pKai Schtrom
M: j9 T( q4 Y
" ^* R# v; v4 v+ ^9 X
5 M K% K* N6 D5 Z1 S************************************************************************************************
3 {6 c: C) Z' ]$ }3 }$ h8 t3 d3 e0 {9 \! H" c+ B2 y/ |8 H, [$ @
# V9 b2 k1 q! r9 S8 ~! A) F9 v7 ^
DosFlash and DosFlash32 V1.5 Beta
/ m# {! ^9 q/ w* T-----------------------------------3 g! n' c8 m+ L2 }- U9 \# i
- now supports serial flash chip MT1309E with mediatek status 0x72 like the SH-D163B, SH-D162D,4 G, _* t9 h& o P
Asus DVD-E616A3, Asus DVD-E818A3, Sony Optiarc DDU1671S; M" M3 |$ x: r: o- k; j4 d7 l
- SST25LF020A and SST25LF040A chip support added
, E# K9 b7 l6 X. G2 U! t- DosFlash32.exe ported from MFC to plain Windows API, exe size is now 22 KB) P4 N9 f2 C1 N) y1 T# I# V
- new port i/o driver, because giveio.sys can't be compiled for 64 Bit Windows1 Q- k4 t) h7 |/ ]# W6 x5 b
- DosFlash16 changed slighly in manual mode, one parameter is added to support SST25LF020A and
+ \4 E, f( m# U5 s SST25LF040A
7 B4 w1 O: H0 h) z! {3 B- two new methods of BenQ soft unlock are now possible on all motherboards with only one power
9 h- m7 T; p$ z: M" p supply unit! R/ W1 X5 D$ a
- 1st method is powered by Geremia's unlock core, thanks for the complete idea, concept and& z: }, [5 s3 S3 n" g2 ?! N
source to Geremia
; q( X( _8 O5 l/ h- 2nd method is the Magic28 key send, this only works on BenQ VAD6038 firmware, thanks to
. Q5 S/ ?4 D# C/ @( Z c4eva and podger for the initial idea+ R! e3 r1 s& N
- the two unlock methods are send one after the other if the drive is a possible unlock
& z6 y0 P' O. f) d2 U7 g candidate, first the Magic28 command, then Geremia's unlock commands and after that the
x8 q* |* m* G! h# y3 j8 G already known power brute unlock is send to the drive, you can cancel any of these methods
2 v2 }! [6 e: G* S. R before they are send to the target, this only applies to BenQ drives with a locked flash2 e2 u& W7 d% P
- DosFlash.typ updated) y) [& d( t! t# b) c8 z" H
- other minor improvements
4 g* B1 q; w7 ~- v5 h8 @) ?: ^- DosFlash32 is now ready for" p1 w0 X) _ Z& Y
- Windows 2000
$ M9 j* s: y* v- H - Windows XP 32 Bit
: ?0 K( r+ K8 C b- l! p - Windows XP 64 Bit
4 Q1 h' `# W( b. u! X9 Q2 a$ z# ` - Windows Server 2003 32 Bit
8 m& |+ E4 B6 _7 h5 ]" ~/ Y - Windows Server 2003 64 Bit
|. |2 H/ K- Q) k" `$ t - Windows Vista 32 Bit
% m: X, t( x* t) O - Windows Vista 64 Bit/ x8 n+ r$ Z2 V0 _0 f
- Warning: Drivers for Windows Vista 64 Bit need to be signed, because we can't afford the
! a$ r% t' U' U3 C5 g( E4 P money to let portio64.sys sign you need to do the following:
* q P6 M8 D1 V# Q" J 1) Log on as Administrator8 g' s3 o# ^8 ~% a
2) Enter the following command in a Dos-Box:
4 _, ]0 h5 Z7 d, n8 f2 ? "bcdedit -set loadoptions DDISABLE_INTEGRITY_CHECKS"
9 y5 E3 }; Q/ O, m. t! \' P" c (we made sure there are no typos in the line above)  3 s/ `3 w& V" S3 q4 d. V
3) Press enter and reboot your PC
; f4 t# `/ b: Q 4) Press F8 key upon initial system boot up% y# Z7 [, H) C% S
5) Choose to disable forced driver signing enforcement for that boot session
# L) B6 V$ c X1 m) A: [- q5 t' r' U; F8 E" T" t3 T
( z4 ]: v. S& c s% E' M$ M
The following only applies to drives with a locked BenQ flash." D! M$ w- [) H
5 N. ~1 Y9 _, L/ J
, z/ C! N0 u+ sGeremia's BenQ unlock with DosFlash16 / DosFlash32 on any motherboard with the PC's psu
* Y7 D6 [1 X( [( t" r-----------------------------------------------------------------------------------------
, \5 j' F! _, R" ]' w w1 B- disable CD-ROM boot option in BIOS/ I* D7 r6 ?; N G: H
- connect BenQ to your PC's power supply unit and SATA port
' \5 S0 M/ T8 \: P# \7 ^- power up PC, wait until bootup is finished! n! p2 U! F1 t6 a: Y7 j+ Q. K
- eject tray of the BenQ and shutdown PC completely
3 _* Q7 b# x. i) O+ U7 w0 _9 u3 q- push the BenQ tray half in
7 \3 l; P( w3 m3 m0 D- power up PC and boot into DOS for DosFlash16 or Windows for DosFlash32
, a: ~7 b; J9 U0 J- run DosFlash16 in auto mode for DOS or DosFlash32 for Windows& s; [9 S& a' O$ B0 K
- if you read the following:
/ Q4 P. q8 P. ~ V9 N4 o. d- Q8 j MTK Vendor Intro failed on port 0x????. Because there seems
- w' ?/ \. r- k' ]+ ` to be a BenQ drive connected you should try Geremia's5 G% K1 q5 N1 P) B# h& G
unlock method.
, v) R- k( g; m" }. a$ C - Eject drive tray$ b6 B4 E8 n ^ K7 h
- Power off drive
$ G' O5 ^- I3 x4 I - Push drive tray in until it is half open
2 h6 d2 S+ a1 u& v - Power on drive5 y% t& l' J2 } j+ b; P2 v: H7 ~
- Press "Yes" if you are ready
5 {- x1 h Z. n Are you ready (Y/N)?1 H3 t% g% V, p) I; x* r
- simply press 'Yes' without doing anything of the above, because we* O% s: L$ M, c9 C- t9 c, J
already did that before starting DosFlash16 / DosFlash32) b! D; f" N# k2 W" }% U
- the BenQ flash should now be identified W* [, ]1 n! @1 X( ]" I! \+ Z' K$ x, x
- go on like usual
0 h! [. r2 B6 v& q# e# p |
0 x6 r. s, N. F9 F
" \ m: J; |6 m9 @Geremia's BenQ unlock with DosFlash16 / DosFlash32 on any motherboard with 2nd psu. F/ y" N, T1 N9 a+ O9 Y e
------------------------------------------------------------------------------------7 ~; e4 @3 U7 x. k, t5 K& I( G
- connect a separate power supply unit to the BenQ, don't turn it on yet
/ p' y6 }5 ]* q7 f' B/ ^$ V& m- power up PC and boot into DOS; [" l. c6 a5 `; `' O4 [+ o
- run DosFlash16 in auto mode for DOS or DosFlash32 for Windows) ^/ ?# v, I9 ^$ |( S3 y
- if you read the following:" a' o" L. K- Q* ]# x- |: [9 _3 b
MTK Vendor Intro failed on port 0x????. Because there seems& |/ I8 `4 j! A$ t; \: X. P. s% `
to be a BenQ drive connected you should try Geremia's8 V+ \- D4 h4 s$ v8 q6 k
unlock method.% I6 f0 I9 E2 h$ x8 U0 W+ ?
- Eject drive tray
0 Y+ z7 S2 a1 C* |$ w - Power off drive* ?$ E6 e. `6 S$ X/ W
- Push drive tray in until it is half open
{& N, }9 `+ s - Power on drive
* ], B$ L" r& J. w$ Z/ k - Press "Yes" if you are ready7 {$ G8 |- h1 M
Are you ready (Y/N)?- e6 f% s9 n$ q' G# S& F; B
- do the above and press 'Yes'
% ~3 A$ b, O# r7 `: {- the BenQ flash should now be identified
' ]2 y% c: C Q/ T, N" w: t- go on like usual
. w: L8 W! I& U% X4 C+ o- X3 S7 K. U' x
* A" t q3 n+ [+ ^' |* g+ }Magic28 BenQ unlock with DosFlash16 / DosFlash32 on any motherboard! P% d- f2 U8 J7 E* A
---------------------------------------------------------------------- {& e8 o0 R2 z( [- ^3 x3 X
- connect BenQ to your PC's power supply unit and SATA port7 u& h: V2 T A* F* R% n1 B- z
- power up PC and boot into DOS for DosFlash16 or Windows for DosFlash326 V1 s# u) |0 i0 x3 u1 R8 J- g7 Y
- run DosFlash16 in auto mode for DOS or DosFlash32 for Windows! F' a- D9 T" }
- if you read the following:. Z- r$ [% X5 l- b1 D5 b3 f
MTK Vendor Intro failed on port 0x????. Because there seems
: X" I h$ R4 U' m to be a BenQ VAD6038 drive connected you should try the% C+ X1 ?3 l- J2 d
Magic28 unlock method.7 m+ [. e& ]* d& N
Do you want to send the Magic28 command?' i" G9 ~) g- v$ \6 D
- press 'Yes'" q7 @3 C3 m: Z2 c
- the BenQ flash should now be identified
9 z8 M1 o x* W# [: |% @1 I- go on like usual
! V- e7 B- r6 @3 d2 M- {
7 [( F9 P! A: }
) E* Z; b2 a3 `# c8 o4 RThanks to Redline99 and Tiros for help and support.* t3 L8 ~, k& e
, {& U" o5 B( J3 w7 \
It's all about DOS!, C$ u, j$ J( V
Thanks guys for the excellent team work!
' s b5 w. B# N: H5 _9 C* \Geremia, Modfreakz and Kai Schtrom& v6 O6 \7 ], `) s! G
, p5 c1 l f3 b6 O1 v
" @: A2 I7 K) h4 E1 g4 G
************************************************************************************************
$ e6 A& C: T* B$ O
$ l1 c0 D- c" w! n6 X) ?3 @7 c6 b! [! j4 j
DosFlash and DosFlash32 V1.4 Beta7 @5 w1 W; N) \
-----------------------------------# y7 U. R+ b) `3 Q, W( }0 u8 L
- DROM6316 flashing support
" B; h* u# l) b! t A( B- a flash erase is now always done with a chip erase and not a sector erase command, because
& Q! t. Z- \0 K" i the sector erase gives problems for some Winbond flash chips including the DROM6316% O. B' Y* E3 d) }6 ^0 L
- DosFlash.typ corrected and updated: C6 ?# G% R; e4 v6 ^& D8 Y
- for a detailed explanation on the soft unlock look at the included file SoftUnlockByIriez.txt,
$ l) n6 {2 }+ E+ M9 J" {) M it contains a very good explanation by Iriez from XBS, thanks for that one!
8 t9 y2 _3 Y/ d) J: |
: X4 R; p" g6 ]/ L& g" A9 R0 ?9 vThanks to Iriez, Jumba, Redline99 and Tiros for help and support.# c/ w4 {3 E# u" {( ]
7 ^6 R4 s% S8 R
Happy DROM bricking!1 H; [. K1 [% O) F- c( a' w
Team Modfreakz and Kai Schtrom
V* m& ^7 z# A d1 x) t* k. }$ b( s. u: e9 W/ u! H9 X
9 @ P9 |. {% D K/ a, @4 ]************************************************************************************************
; `5 t$ d' @8 q# @9 W2 L7 o6 @: X. ?. D+ W/ k
5 w, B5 N' U+ g4 LDosFlash and DosFlash32 V1.3 Beta
: l# d6 b$ n+ Y% f2 P% w3 k-----------------------------------
5 V. W' \, z* w# O! _- BenQ optimization in unlocking the flash chip, it should now be possible to read/write/erase6 ?$ _; _# O. c+ K# w+ T- b+ t) y
the flash without any soldering or wire tricks, the drive is polled for the correct mtk
) r" c9 T5 \+ t( @ unlocking status after power on, this only works for VIA cards and NForce boards atm" \* I. q8 J6 o0 k1 E$ S& _7 x1 q7 m
- DosFlash32 has one additional parameter, if you start it with the parameter "EnableDrives"& _3 p( n1 w' X) }* A6 O: f
all the DVD-ROMs are enabled in device manager after flashing, this could give BSOD on some
) x8 v( |) g! W systems, therefor you need to create a DosFlash32 link and add that parameter manual to use it) g8 j$ i5 g3 {( }
- DosFlash16 has one additional parameter "Send ATAPI Device Reset" in manual mode, this could- Q& w7 k2 u5 n
give better chances for soft flashing on some VIA - motherboard combinations
2 m: J1 f5 P' c3 ]4 q- better support of Intel chipsets, drives can now be flashed if the controller is not set to
: ~& [0 t* i3 H9 J* S" P) c native mode in the BIOS
# Y, D/ [9 c& B- the following controller list includes vendor and device IDs that are hardcoded to identify
, T5 z3 ?1 C6 d/ H, ?$ [5 d) i the controller type (IDE or SATA), this is needed if the BIOS uses IDE ports like 0x01F0 or
- i+ j0 n( S0 x: p 0x0170 as SATA and not as IDE channels, this list is NOT related to soft flashing
# U8 y) T- `4 t- the following chipset support is added9 m$ D# {/ C$ R! c& f
- VIA cards
+ ~) S0 d1 [9 I/ S - all VIA cards with a 6420 chipset `1 a9 p& U* H7 \
- IDE Controllers
0 Y& H# z r! W, b. Z0 E - NVIDIA nForce 2 IDE Controller
! E1 h+ O0 `- S: m/ h - NVIDIA nForce 4 IDE Controller- ~5 A# K( W0 k, I8 ^0 {: S
- Intel ICH9
! B7 t" B( a; g! Q - Intel ICH (i810,i815,i840)
3 o$ }. Q4 e; l - Intel ICH0+ X# J4 @( X, q8 ^3 _4 r$ _: c( y
- Intel ICH2M
7 r/ a: H- Z$ X - Intel ICH2 (i810E2,i845,850,860)2 Z5 k7 E) c' g) y6 `) b* y" r
- Intel C-ICH (i810E2)
4 T& s- \$ x2 S" o( V - Intel ICH3M
8 S* ]1 O2 j' R6 L; z - Intel ICH3 (E7500/1)$ A9 Z; D6 x# M6 @5 m$ p% h
- Intel ICH4 (i845GV,i845E,i852,i855); p9 D9 f( Z, Q6 ?" Y
- Intel ICH57 ], d* T+ A2 b$ O F
- Intel ESB (855GME/875P + 6300ESB)* o4 a+ g* B& R
- Intel ICH6 (and 6) (i915)
- v5 a- f2 U5 T4 T) \1 N - Intel ICH7/7-R (i945, i975)
) i6 i% c! s- V: V% v4 C - Intel PIIX3 for the 430HX etc
+ Q# G7 ~5 f8 O6 W4 v! ? - Intel PIIX4
; w4 i9 f4 E( d5 e% \ - Intel PIIX4 for the 430TX/440BX/MX chipset E8 S) S$ i5 ?
- Intel PIIX: q9 u/ r# \5 w% x/ H
- SATA Controllers5 k) B$ h8 }, d5 ?* A0 b# w( C
- NVIDIA nForce 4 SATA Controller
: u1 f, y% ?0 I$ g9 `, M- a - NVIDIA nForce 2 SATA Controller3 Q) `* t/ F& L* B$ }" Y
- NVIDIA nForce 3 SATA Controller0 N8 l( X7 e8 s1 M4 b
- NVIDIA nForce MCP04 SATA Controller
8 o( i( G; L- A( p - NVIDIA nForce MCP51 SATA Controller
# z+ D, R3 ] g - NVIDIA nForce MCP55 SATA Controller/ O9 E' {# V q! \
- NVIDIA nForce MCP61 SATA Controller5 x. }5 T% A% @8 L8 O
- Intel 82801EB (ICH5)9 d& q1 J5 y9 `! ^! |! h
- Intel 6300ESB (ICH5)
6 U- Q% h5 a# y) w9 m - Intel 82801FB/FW (ICH6/ICH6W)/ D2 u1 B: P; l* Y
- Intel 82801FR/FRW (ICH6R/ICH6RW)9 l; H/ L6 k1 j5 o* b7 b* m+ ?2 I
- Intel 82801FBM ICH6M
* b0 S( Q4 b; M+ C7 ^# b" T - Intel Enterprise Southbridge 2 (631xESB/632xESB)+ E2 s' N; ]4 h( x; v6 L. W
- Intel 82801GB/GR/GH (ICH7, identical to ICH6)
* ?( C0 S% `6 J* Y - Intel 2801GBM/GHM (ICH7M, identical to ICH6M)
- T# ? O9 X8 t) X q+ s - Intel SATA Controller IDE (ICH8)% {! R) g( y1 r/ m- o' I4 P
- Intel Mobile SATA Controller IDE (ICH8M)( J% r3 P& ]# ]; g- g# v& V3 R
- Intel SATA Controller IDE (ICH9)" h0 a1 R+ h2 m1 J; ~
- Intel SATA Controller IDE (ICH9M)- h/ M* R; A4 a5 A
. p2 v# |; S1 Z' x7 E
* P% Y& h" D. D& bThe following only applies to a software flash on a locked flash. The methods have been tested6 ]5 s6 v/ q) l
with the BenQ and the Sammy. The VCC trick will work on any motherboard, but you need to do
% Q% {* M( l7 _; s% T H; S8 v4 Dsome soldering and cut traces.4 u0 |# G6 r$ F, c$ V1 p& _
0 X& X3 S) H, }* D+ Q% W% W
5 @9 \# d& q+ OSoft Flashing the BenQ in DOS with a VIA card and DosFlash16 in manual mode, L$ G9 [, {/ l) u; J& m
-----------------------------------------------------------------------------
& b: W5 O; U0 a- first you need to know the port addresses of your VIA card, you can get these by starting* J0 `: l& T4 v! Z. G
msinfo32 on Windows XP and looking at the port listing for SCSI devices
" a6 w# u9 e/ _' O2 E- Z- for the 6421 the 1st port is internal SATA, 2nd is external SATA and 3rd is internal IDE% h& R! y% y/ u
- for the 6420 the 1st and 3rd port are internal SATA
# C6 j0 e& M3 B5 f; w7 s4 X- d& m- I& U- you need the starting address e.g. 0xD000 or 0x7000) K6 o" n- S& d* }7 F; d; h ~
- be warned that these addresses can change from computer to computer, they are assigned0 i) L% o/ \" c' Y# ?) k4 i$ s
at bootup, but Windows XP should display the ones you need for flashing in DOS+ k. H$ J4 M( Q% ~8 a* b% A: e0 }
- connect a separate power supply unit to the BenQ, don't turn it on yet (can be XBOX360 or
8 ]. H& s8 b1 u6 I! S Xecuter Connectivity Kit)
; ?6 z0 ^9 J5 J# Z. _, Z7 \- don't use the Xecuter Kit to power the drive with the same psu as your computer, cause we- [+ {0 R/ }( j# @( L
need to power the drive off and on during soft flashing
# x+ `, D) B; E: o1 A9 b/ l- cold reboot or reset the computer; ?; ~8 T. M0 _$ D; A1 m' `, ?
- boot from a DOS disk, I used a Windows XP MS-DOS startup disk, E; l4 w* z1 l2 m
- at the prompt type: : y+ F/ e+ @" V$ ~ k* l* T
DosFlash r 7000 1 a0 1 4 a:\orig.bin 0 5 m# j. ~) Z' [* l# r
- instead of port 7000 use the starting address your VIA card uses. k& a. u- T5 \+ H0 k, W, g
- press return
9 ]2 U& c; ?2 o8 E* t- DosFlash16 will ask you if you wanna resend the mtk vendor intro cmd, press Yes$ Y% Q; d! K9 G# ^2 _9 n7 P: @2 [0 r/ [
- after you pressed Yes the drive status is shown on the screen, it's something like 0x7F,) a0 {+ P1 o. X" |
this will change during the next few steps
. ]( ]* Q9 `$ {- turn on the BenQ psu and wait 2 or more seconds, status changes between 0x51 and 0xD1
* ~+ g7 P# t0 t$ P% \0 R+ q. z- turn off the BenQ psu and wait 2 or more seconds, status will stay at 0xD1
& M7 @$ q+ J" N* T, g- turn on the BenQ psu, you should get a good drive status 0x73 and flashing should start
g4 n9 |( u* N' ]1 o' ]- this worked only one time after the computer is powered on or resetted for me% e0 ]! P' {0 c" {3 s$ M+ Y
- writing and erasing works the same way
) j! v: P7 D' w) ^0 {+ d7 s5 _- for writing type:
% a7 p: H. P8 M* ^, P* r* l. e DosFlash w 7000 1 a0 1 4 a:\ixtreme.bin 0& b1 U7 S* c2 V) e9 D4 e5 V
- for erasing type:
/ p0 a/ U2 W$ ]3 A9 p. U% @+ g DosFlash e 7000 1 a0 1 4 D8 0 (D8 is the sector erase opcode for the BenQ flash, if you need
2 Z5 k4 x- O) a2 Q to erase another drive, lookup the value in the datasheet or DosFlash.typ)7 h* l7 d2 _: ]9 {
- if you experience any problems try to use 1 as the parameter to the ATAPI Device Reset, cause
5 x; `- k3 {$ t) f# K the same VIA card will react differently on another motherboard sometimes
. G* M* S8 H" U# ^ H# X7 [7 U& g+ {" b; Y) [- x: t1 P
0 e2 ^# d l* o: W) l4 y) |Soft Flashing the BenQ in DOS with a NForce motherboard and DosFlash16 in manuel mode
v' |$ [% [6 N n* p5 |---------------------------------------------------------------------------------------6 j/ U' Q% J$ p1 t& W* b! z
- first you need to know the port addresses of your NForce motherboard, you can get these by ! l; d2 X. e9 ]# J$ T+ e& S
starting msinfo32 on Windows XP and looking at the port listing for IDE devices
* G7 E6 w6 s! \& E; X- on most motherboards the 1st and 3rd ports are used for SATA
1 Q/ W. R% e( v! n- Y3 x- you need the starting address e.g. 0x0970 or 0xE900
; t" ]2 k; r/ x* W- connect a separate power supply unit to the BenQ, don't turn it on yet (can be XBOX360 or 7 H& r0 {. J2 [. p. d
Xecuter Connectivity Kit)
9 v0 S" z% m) d! k1 B# z- don't use the Xecuter Kit to power the drive with the same psu as your computer, cause we
) M( L8 ^& x: F% \) |2 ]# [% L need to power the drive off and on during soft flashing6 \3 Q; P( [, r; ~% s) Z0 c
- cold reboot or reset the computer
G5 J, P4 Q; [$ }. r1 a/ ^- boot from a DOS disk, I used a Windows XP MS-DOS startup disk
7 h3 F" X; \2 d+ [& G- at the prompt type: 7 B* I4 p- M7 x4 w6 N( s
DosFlash r 0970 1 a0 1 4 a:\orig.bin 1 5 P6 W3 ^: u9 I6 D$ {4 f2 V
- instead of port 0970 use the starting address your NForce motherboard uses
8 O- b$ y* u# `+ I9 ?' p- press return$ v; a% w# S/ [8 i* Z" U8 R' I$ J
- DosFlash16 will ask you if you wanna resend the mtk vendor intro cmd, press Yes
* ~" `- g( U# s/ o8 p( N6 y' @+ t- after you pressed Yes the drive status is shown on the screen, it's something like 0xD1,6 a6 s- R: q" c) h2 h
this will change during the next few steps2 m, y" ?3 r6 N8 d( w$ ]5 ?. f! G
- turn on the BenQ psu, you should get a good drive status 0x73 and flashing should start
' l p$ d% o) A+ z' I- writing and erasing works the same way
6 m3 r5 {3 H: T/ {+ e- for writing type:
/ I1 T& Y5 y8 K8 g DosFlash w 0970 1 a0 1 4 a:\ixtreme.bin 1
3 {. r5 w4 N. w, r2 \1 v- for erasing type:
% L. i' B. s' E1 Y DosFlash e 0970 1 a0 1 4 D8 1 (D8 is the sector erase opcode for the BenQ flash, if you need7 V% L. _ I$ L) N
to erase another drive, lookup the value in the datasheet or DosFlash.typ)
1 d; g: g. C+ g8 A% J; G: \0 x6 q) P
% [. f2 K- {" ]: b
Soft Flashing the BenQ in DOS with a NForce motherboard and DosFlash16 in auto mode
- ]& {. `# X; G% @-------------------------------------------------------------------------------------) Z) Z$ f6 [& Y! I2 q; h* T
- connect a separate power supply unit to the BenQ, don't turn it on yet (can be XBOX360 or
) f' G! h( w4 u. E8 h* S Xecuter Connectivity Kit)6 ]% k! U: t* {
- don't use the Xecuter Kit to power the drive with the same psu as your computer, cause we
. C% t8 T2 ?5 V/ S8 d& j: K need to power the drive off and on during soft flashing& P7 Z% T9 f& Q( V, q% Y
- cold reboot or reset the computer) v! f7 W# r% ` r
- boot from a DOS disk, I used a Windows XP MS-DOS startup disk
, |, @7 m% z* Z+ w- wait until you are at the cmd prompt
' _4 f! z( Y3 ]* { s8 {- turn on the BenQ psu% {$ e8 W }: Q* @
- at the prompt type: 9 k4 |- m& w- A" [! H: i
DosFlash
5 |% r" Z9 Z. Z/ V+ {- press return6 `+ c% ]0 x. V+ J& W
- during scann of the BenQ's port DosFlash16 will ask you if you wanna resend the mtk vendor4 ^/ { ]9 ^5 O
intro cmd, press Yes
5 R9 ~9 S, S& f! S, j$ I2 o5 t- c- after you pressed Yes the drive status is shown on the screen, it's something like 0xD1,
" C+ x% @0 h5 Y0 d this will change during the next few steps
* Z2 D, J( T. h3 j8 N* A- turn off the BenQ psu and wait 2 or more seconds, status will stay at 0xD1
6 A- j* K6 \; N- turn on the BenQ psu, you should get a good drive status 0x73 and flash access is granted
0 p) `0 \" g# y- E" X: E8 b/ l0 P; ^- you can now continue as usual using DosFlash
; v$ M4 L% H C. M3 k- writing and erasing works the same way2 j# L' r( q$ p* s6 j& Z
- if the ports are scanned there is the possibility that you'll get the resend question for
: Q* [% E5 k/ m% M8 C other drives like a NEC, this is because the NEC has no MTK chip and returns a bad status,2 O( M, P+ F- ?! Z' V& t7 ^
if you know the NEC is at that port you should press No and press Yes only if the port of2 K6 i: n$ j3 z( M
the BenQ is shown or simply disconnect the NEC
' P/ C0 z5 v8 \9 i5 K8 C
# b. k; E; M4 H* b8 d/ R5 u [" c9 j. z- F. R2 N3 ^ m
Soft Flashing the BenQ in Windows XP with a VIA card or NForce motherboard and DosFlash32
) [. C* f X" `: `7 W-------------------------------------------------------------------------------------------
- v M2 o4 S8 u( \8 ? |- connect a separate power supply unit to the BenQ, don't turn it on yet (can be XBOX360 or
* C M! Z( _9 i6 `8 @/ _' R3 H Xecuter Connectivity Kit)
" _5 j6 n. F9 I. z- don't use the Xecuter Kit to power the drive with the same psu as your computer, cause we
8 B |* `; ^9 f d5 y( @ need to power the drive off and on during soft flashing' @8 _0 E7 v9 ]; L' K4 K- n
- cold reboot or reset the computer8 E& S6 v4 m6 p% G, ^
- turn on the BenQ psu when you are in Windows XP; o! o7 x( ~ [0 G$ j+ U# ~
- start DosFlash32
; U& l: m. M0 y% _2 d6 j- DosFlash32 will ask you if you wanna resend the mtk vendor intro cmd, press Yes% [$ U' O0 r8 E: [' j
- turn off the BenQ psu and wait 2 or more seconds
' X2 ]3 q6 e$ ?$ O; M$ x4 a7 {" `- turn on the BenQ psu, the DosFlash32 dialog should show up% ^4 H% l; g7 c* ?7 D
- the flash should be recognized by DosFlash32
8 Z, L/ p3 Z- `* R- you can now read, write or erase the flash
0 V7 f% l; f6 ?2 ^; S% X- J* h9 M- you should be able to do the flashing more than one time in Windows, only do the power
& J2 d% b( x/ [+ [9 i5 e off/on trick again7 {9 R5 K7 i& p4 y$ L
- if the ports are scanned there is the possibility that you'll get the resend question for
! j7 O3 s7 h) i other drives like a NEC, this is because the NEC has no MTK chip and returns a bad status,- t7 e# b, W: N8 P) y2 ^' F5 r
if you know the NEC is at that port you should press No and press Yes only if the port of
1 `7 p& l& W; f" h" p# a0 Q! q, T the BenQ is shown or simply disconnect the NEC
( h8 e* V( m) b/ ^. i
' o' B. K6 {4 z" y# A
( O" ~+ }7 N7 w3 xMany thanks to jumba for the great idea of BenQ polling!
: [' e3 C7 b! a2 K( F1 b, MThanks to Iriez, Jumba, Redline99, TeamModfreakz, Tiros and all the IRC people for testing
8 u) L. _2 G0 x+ J# Q& ]and support.1 U h! J) f2 L! A6 G" n8 P
" k/ o& ~% U: s0 jJoin us on IRC efnet at the channel #dosflash for support.
6 p" d2 {- a& W- A8 T2 F9 X0 W. ^( T4 [+ R6 y
Don't brick your BenQ!
: Y/ ^; a% c" pKai Schtrom, A- e$ C/ u6 D* B
4 |% N7 U9 ~5 {' n7 A
- h+ o! B) v/ W2 u
************************************************************************************************
~% i1 J9 t+ H; l& v0 N' v
, F( N1 O6 G8 C* y% `1 M+ Z8 d+ a
DosFlash and DosFlash32 V1.2 Beta
' M( ]: J2 D6 Y0 `0 m-----------------------------------
/ L( y. A! H5 X5 l: @8 p. k: X- N6 B- bug fix for BenQ recognition
& G( P* _! x& T- X; H4 l - manufacturer and device id are sometimes 0x00 for a correct installed switch
7 s, H# Q+ g3 ~ - this issue is fixed with an additional ATAPI device reset before the mtk vendor intro is sent
' q( Z5 ?, b6 G% s# W, f6 c# P/ r c* F
Thanks to Redline99 who fixed my buggy code by adding one line! 8 O* q, K+ z+ |
% o2 j9 R- R$ X% H2 W% l7 M+ m) a7 [4 ?1 X/ \
************************************************************************************************
) @8 X: O- y5 S7 X+ h( `& N J
! u/ R/ [1 G* R" V K( ]1 x- V! m: L0 l
DosFlash and DosFlash32 V1.1 Beta+ x0 u: P7 W8 o/ Z! [, b9 w9 C
-----------------------------------% a- h$ h& J {+ c6 z% U
- DosFlash.typ modified for better BenQ support 3 J; W) o: a, j# R
- DosFlash16 Flash Manufacturer and Device ID screen output restructured; Z+ Q* v: k' \3 @7 A; D
- flash chips are first erased before writing starts
7 X) V: B' C1 T; L; ~ w3 t' @ a- DosFlash32 no reenable of DVD-ROMs in device manager after flashing, this means you can't see the drive
" ^( |- w3 S* c and maybe have to activate it manually again in device manager, this could give better compatibility and4 _- s; v, F! J/ Z; Y
hopefully no more blue screens
2 }) b: R; @" Z+ N
( N. b2 c7 ] y W' v( g! CMany thanks to Jumba, Redline99, TeamModfreakz and Tiros for inspiration and help!+ y8 B8 \& R4 d! j. f0 r3 l! c
5 x' D. g" m: K( r. }" H4 R
! j- u Z) M6 C5 F% m
************************************************************************************************! l' m. z" d! y$ ]. n. u' |
2 O4 o( J( R* Y
7 w9 Z! y* i1 b) A; bDosFlash and DosFlash32 V1.0 Beta- ~2 F$ c+ {. Z$ [4 Z
-----------------------------------' K* C' g8 A2 S5 d F5 Z- U
DosFlash can be used to read/write/erase the flash chips of most CD/DVD-ROM drives( e7 x7 c M- v/ ?. i$ p
that have a mediatek chipset installed. DosFlash is for DOS flashing, DosFlash329 L2 R5 a& O% _6 Y/ |
for Windows flashing.# ?) g- ]9 O4 G
( g: J& c% s( n/ `" x& R
2 b* Y, ?8 o, B; k* }& |
Features:
1 K# Y& c' a. k* F' r H-----------0 B" n6 W3 |7 l
- flashes IDE and SATA drives
, @1 ]0 N' {8 Q1 q' n. J9 o- supports parallel and serial flash chips6 K$ E" [4 @( L! K+ h
- flash drives in Windows with direct port access4 `/ B5 T& A% u. ~7 K% w2 J$ C( ?, \
- no vendor cdb flashing commands are used$ f: f4 K; Y9 C$ d# ]) g* @
- tested with the following drives:
1 @$ ?8 p8 t7 J, F - TS-H943A MS25, MS281 L0 t% F2 t& _
- SH-D162C% a& L& a7 i1 h
- SH-D163A. {* G" x: t' h N3 b
- and some other drives like Liteon, Hitachi, ...
: R- v+ h* z$ K4 F% x; S; s- NEC drives are not supported, cause they have no mediatek chipset installed
: _/ i5 k) Q$ s8 K, S1 u% J
9 a" _& p2 e4 A D1 }9 j# P
7 s) L& ]% O- G A7 `DosFlash
' m4 G; E8 T& \! _3 n6 H6 \----------
+ u2 J- W9 m! Q' Z0 }7 i3 {DosFlash supports two flashing modes, Auto and Manual. If you type DOSFLASH at a DOS prompt it9 h s3 Z% }1 ]9 A# }5 B8 ]
will start in Auto mode. All drives and the corresponding flash chips are detected automatically.
& V6 v9 m5 a8 X5 I: M4 DIf you can't get a flash chip recognized due to a bad flash or other problems you should use the8 i6 Y e6 y; d/ K6 Q
Manual mode. In Manual mode you can enter all the parameters used for flashing by hand. The
$ b. F, H& n# \# @following help screen is displayed if you start DosFlash with a wrong number of parameters:& O6 O+ V& W- F: b; w+ N# T
" _8 M9 Q- C3 ?. g& V/ L! n6 U& T6 a8 P
DOSFLASH by Kai Schtrom, 08/05/2007 (Ver 1.0 Beta)* I0 _- z/ C8 y$ a; u3 b
DOSFLASH [R|W|E] [PORT] [PORT TYPE] [DRIVE POS] [FLASH TYPE]1 i/ h7 h: g0 i7 G' `% ^4 p! s' s
[FLASH SIZE] [FLASH SECTOR ERASE OPCODE] [FILE NAME]
! j1 D2 u4 F5 I. y% N( c R: Read FLASH
/ `: j; ^- h; X1 o, m' A7 x W: Write FLASH+ ^8 P: ?- x% Z x+ Y
E: Erase FLASH* U, R& y4 ^( p& _( \
PORT: Port to send command to, G6 E; h8 _. ?5 W/ |
PORT TYPE: 0 for IDE, 1 for SATA
& I, J+ Q% q ? DRIVE POS: A0 for Master, B0 for Slave
! p7 ?: Q4 [5 x; b3 X1 ], ?7 o FLASH TYPE: 0 for parallel flash, 1 for serial flash
( U8 E+ W, \ j) H& r7 _, Y FLASH SIZE: size of flash chip in number of banks! y4 l( U$ d" R0 z8 y
FLASH SECTOR ERASE OPCODE: individual sector erase opcode command byte
7 y2 R( q& x7 c this is only needed for erasing a serial flash0 _) n4 N7 c) e5 M7 r7 }
FILE NAME: name of the file to read/write from/to flash
' @% t/ D) M; ?( CAll numbers are intepreted as hex values!& v( `4 T; q z
/ M9 D! u! Q9 m8 Z. j4 S0 K
Example Usage:
( `: z4 ?' G. _* T7 n2 Z9 I' m2 C6 q2 l"DOSFLASH R 01F0 0 A0 1 4 C:\flash.bin"! @) E/ n- m, \. a# b, @
=> Read serial flash with a size of 4 bank (262144 bytes) from Master Device
" E' j. K& H5 t1 D6 F on IDE port 0x01F04 {4 ~: ?) w, y. ~' b" x2 T
"DOSFLASH E C000 1 A0 1 4 D8"
& U. ?, @1 ^7 |% r; Z N4 p/ _- }=> Erase serial flash with opcode 0xD8 and a size of 4 banks (262144 bytes)0 c8 R; ?4 T! p; `0 k6 l- z
from Master Device on SATA port 0xC000% p& C' D6 z* M- \ z) c. ]
# R E% I3 I2 F. I6 T4 B6 }. r
8 B& F4 h1 I6 l0 n
Explanation of the Parameters:6 ]% @; [( i, Q. f" V8 B' N
--------------------------------- s% D- Y: D# `4 g! r- {! |
* L9 |+ E7 C, c2 A[R|W|E]( }* B. i: |( C! Y" J/ J- \, g, b, a
---------
$ q D" @. j1 Y# A- this will set the mode of flashing, it is recommended to first try read on any
$ |4 y8 L$ J- ]9 Q# ^9 b drive, if the read will fail, it is highly unlikely that a write or erase will; j; z& I4 b3 u3 z, E
succeed
! l* r3 p* W) Z2 r/ f# d5 o1 D4 ^* B4 ]" W+ Z* b
[PORT]
; ^( z; i; X9 k/ B--------9 {! G! _; q0 q: O4 \& N
- the port to which the drive is connected, a port number should always be entered: g6 b$ o5 X9 Y p+ j: c9 s8 ~
in hexadecimal and have 4 hex digits, valid ports are: 01F0, 0170, C000, C8003 m9 B/ z8 ]- c/ Z
- this option can be used if your PCI adapter card or on board IDE/SATA ports are6 A& n& J( u0 L
not identified by the auto mode
/ a4 E0 ~) [' m9 b
2 e& O& e; Z4 f6 H[PORT TYPE]$ ~0 z7 J( ~# x2 v. O! ?
------------- ^4 |( q) r0 e
- the port type tells DosFlash what type of port is installed on the before entered
+ R1 B+ l* Q$ u" L n. k port address* _4 M, j/ ]7 ^8 ?, f" P: W
- valid values are 0 for IDE and 1 for SATA p0 c9 N, F F: m. L3 n- ?. E* V
- make sure you never mix the wrong port with the wrong port type, this could give- u( l8 Q2 G3 d) Y5 M* e! I# k
strange results or in the worst case a bricked drive
5 m) L7 m8 F8 }7 J8 }* y( j+ q
( E7 }& e- c' X! C# U! l[DRIVE POS]
6 |5 M' |% [8 _" E6 f+ H; D-------------
, G* s3 \6 l8 V* k! `: v- old style IDE channels have the possibility to connect two drives at one IDE4 X) s3 l" R9 t+ e( z: j
channel, the first drive is called the master, the second drives is called the2 ~% U& l( f; ]& e$ L. t
slave- c- h: w4 g( g; V( F
- you can select which drive should be flashed on the channel, A0 selects Master,
n% R; B4 ~3 s3 d2 l B0 selects Slave& B$ w5 M- W3 K( |3 q
- on SATA ports this value is always A0, cause you can only connect one drive to
( g6 b6 P' J" U, w/ I& e0 t+ } a SATA port, so for SATA you will always type A0 here S: c: n3 Q2 D2 j4 V
- it is not recommended to flash IDE drives with another drive connected to the
6 ?5 Y9 f( z+ C5 u% A same IDE channel, this could be risky if something in the Master/Slave selection( N; F# y. T: |. _# t+ Q
fails
( u; ^* ]2 N# S2 x
+ _* M* F; i( x* p: v: y7 x( @9 L[FLASH TYPE]
6 j7 D3 _# \9 Q% m0 N# G--------------$ Z: ^, t8 ^5 F6 N# s$ g* I! {, s2 c0 R
- there are two types of flash chips out for CD/DVD-ROM drives atm; i$ v$ o8 I' q* y
- the older type is parallel flash, which is also supported by mtkflash for example0 D8 `. ?' Q5 N1 Y1 K
- the newer type is serial flash, which is supported by flashers like XSF
9 a% V! U L% k8 I/ l3 L1 v, _9 ~- the problem here is that no tool is out that can flash serial flash chips on : S1 x. L( t* u- c7 W3 l5 G k! q
SATA ports/ V5 i* \& n1 `0 y$ E
4 Z$ v- F* s& K }7 n9 k5 f
[FLASH SIZE]3 h; m' ~3 z; C& i" L
--------------
* s& s p! |! |- F) Q- S) I- this is specifies the flash chip size in banks' O9 U, A4 w! U
- one bank is always 65.536 bytes in size# ~+ \% f4 c0 J; u6 k; b* ~
- if you know your drive has a flash chip of 262.144 bytes in size you need to enter 45 d5 D3 O K- A7 e7 P
2 y x" P8 u' E[FLASH SECTOR ERASE OPCODE]
! A, U6 I. w$ Z1 F; x5 o-----------------------------/ D7 l- s4 z! H
- the opcode used in the flash chips datasheet for erasing8 O4 h4 m5 I% I7 B$ {- Y, l
- for serial chips this command can be different from the standard and needs to be
1 f0 ^% c7 @ h4 R entered for flash erase9 x% G5 v( M, s: l3 _" M7 o# c
- for parallel flash chips you can enter a dummy cmd byte, the integrated command1 x- D5 {* ^3 I; u/ V5 k6 O; W
should work on all parallel flash chips without a prob
m7 x' z7 g9 g
: d0 }- R# J; L; H5 p: q( T[FILE NAME]
+ s2 n: u! h2 O5 q( Y: L-------------
5 D4 o( E% y1 V- name of the file that should be used for flashing# `3 h# }& ?) D# j3 P4 t. k
- for reading operations this should be the output file
7 ]3 w( h2 k U" V2 A! i p- for writing operations this should be the input file" x# O/ _6 v8 I2 X7 m/ C
' c O" P0 P; A7 P5 k* n+ j" r
! I8 r' B) e2 VHints and Warnings* O Y3 ^4 c& @1 N. b4 |+ s- q
--------------------
8 O% y2 O+ q# F+ y1 b- read, write erase TS-H943A MS28 after the firmware stealth has been disabled with Enable0800 disc/ _- }8 s; R% ]* O( X/ k
- this only works one time, after the first mtk vendor specific intro cmd is send6 _: d% _+ s& D8 f; }
- if the mtk vendor specific outro cmd is send the chip goes back to stealth mode and you need) r1 v8 a U+ a& _4 {7 F! w* u
again the Enable0800.iso to disable it- ?9 b/ M+ w, K# [* A" x
- therefor the mtk vendor specific intro is send at program start to all present devices and the9 Y/ K. }0 ]" Y' {0 w
mtk outro is sent at program end& z% ^( T5 H x7 E% ^% r3 Y
- if you have a chip manufacturer id of 0x02 and a chip device id of 0x02 for the TS-H943A
3 E. m9 | j* j, V! d- ~ the flash chip is in stealth mode and won't give access to any reading, writing, erasing
" ]* c" ~3 v5 w0 q- always have a look at the DataSum generated, this is exactly the DataSum of mtkflash
( ]2 ?' r9 M: Y) R6 H. \ - the DataSum is calculated as the sum of all bytes of the firmware in a short integer3 ?3 k- W- V! F# ?$ Q4 z
- to make 100% sure that the flash is written right compare that DataSum to a known one
8 l5 \# j7 P' e: J# J, W5 \- this tool has not been tested on all drives out there, the typ list is simply copied from well
8 L. ]; b9 `$ I# |! v2 H7 ^: I known programs like mtkflash and XSF. S6 h/ Z: z e" M" y4 R! p
- always try a flash read on a not yet tested drive before doing anything else% c( G+ @6 n: x( Q% O0 Y8 @
- if the read doesn't succeed it is highly unlikely that a write or erase will) K) b, c) ?3 f; Z$ s
- some LiteOn drives seem to have probs to write the firmware correct, this prob seems to be
0 o3 `4 [5 U$ M3 f related to windows register flashing, cause even an assembler app can't do this error free3 j8 S* q9 ?7 W# S/ Y( O" {8 U
- if you get errors on LiteOn drives, write the flash two times in a row/ {, L( G- f4 X. e2 v
- for direct port I/O in windows the givoio.sys driver is used, this driver is loaded at DosFlash32
1 w4 I4 _) i* U5 W3 E G7 J start and unloaded at program end, be warned, this driver can possibly make your system unstable,3 F0 D+ n( p* S$ E9 A6 K
it's intention is to let privileged assembler instruction like in and out pass, even in windows,
7 P9 d/ D- I" f# i7 w if this driver is not used you will not be able to get direct access to port registers$ ?% M( r Z: f2 i2 \
- DosFlash was tested on MS-DOS 6.22 and later, you can easily copy it on a MS-DOS boot disk created
, V$ O& ]* B4 g% I in Windows XP and start DosFlash directly from the disk; s- g% A9 Y& a! O {
- don't forget to also copy the DosFlash.typ file, it has all the informations about flash chips$ p" f- q/ l2 d P, j
for auto mode flashing
0 q# i" m9 o8 z' O1 L, ?- DosFlash32 was tested without a prob on Windows XP SP2, you'll need also the typ file for the 8 h( k! V6 `5 ]9 ]0 A4 d! k
win version
8 r# r7 C5 V) ~: U* E* N- DosFlash32 will deactivate all CD-ROMs in device manager at startup, this is better for flashing,
3 D( M( b# Q+ I/ I cause Windows seems to poll the drives all the time and this could result in a bad fw file or& C9 @4 O; F3 b
a program hang, the drives are activated again at program end" S/ w+ C. r/ G/ Z2 q
- you should make sure that the flash is not in an erased state at program end, cause device manager; q1 L, D2 e& r; t
don't like drives that do not respond to the inquiry command
: G, g+ V4 }6 U7 D- w- deactivating all CD-ROMs could take a few seconds, so please be patient at program start6 o* m0 f' _# a) J* s" l5 n, l/ w- C: S: B
- DosFlash and DosFlash32 will try to scan for the VIA 6421L Raid Controller card, based on vendor. _7 O% G4 x7 }* X
id 1106 and device id 3249, it doesn't matter if the card driver is installed or not
( g' d3 v; W6 j
/ t1 e6 c" A2 Y+ F3 M0 a6 G9 M* t- _
9 ?, O1 ^# G w+ `4 KMany thanks to Dale Roberts and his Direct Port I/O driver giveio.sys!
~$ q/ N- ]/ V$ @& H+ z
+ _& S" V' m9 J' `! v8 @& BAvoid a bad flash!7 ^1 J4 k% M. M* {! O2 F
Kai Schtrom |
|
窺視卡
雷達卡
樓主
顯身卡
發表於 2011-8-21 21:08:07
