|
|
ak475671 發表於 2011-8-22 13:03 ![]() . o2 `( u" Q' k9 G6 X5 L
版主你好 \4 [9 M. O% ^* f; `
版主知道哪裡有教學嗎使用DOS提KYE的過程不是很了解不知道有沒有教學可以參考的呢
% M* a- @: h, d9 l, c4 U9 p另外你說他提取 ...
4 @( ]* k2 J9 I; f. c* y6 qDosFlash ReadMe.txt 說明文件) _% ^, w6 ?7 W6 P) r! I
) P% a; C4 ^$ U& R& q5 SDosFlash V1.9 Release Date 01.01.2011
, k5 F3 X: u( ~4 n" K/ I---------------------------------------
0 s6 e5 L8 ~7 ?- F- SATA and IDE port scan improved in DOS and Windows
8 _3 v) X9 Z& y/ b g: z! U The ports are now enumerated with the CONFIG_ADDRESS and CONFIG_DATA register instead of using interrupts- c' n+ b0 y$ z4 B% T1 _
in DOS and SetupDixx functions in Windows. This change will detect more ports in Windows than the old
$ X% b3 _9 m" } SetupDixx method.
: R' u" R+ B) w N( ?. b- Settings saved to ini file for DosFlash32 and DosFlash64
8 q$ ~5 _0 ^0 `- z5 ]2 |; x+ E Settings like Port, Position, Task, COM Port, Enable Drives and DvdKey state are now saved to an ini file" A6 r& l2 z. C' \0 s3 q
inside the program folder. If the ini file is not present it is created after the first run. On the first7 ^$ n! G5 `# ]/ c1 ?; h$ `6 V" y
startup DosFlash will choose the most common and stable settings.# `$ m. g7 g" w6 h1 l
- EnableDrives option included in dialog as a check box. j! q! J* }& d2 c9 I! C
Due to high demand we removed the "Enabling CD-/DVD-ROMs" MessageBox on program termination and included
0 n6 q5 ?. q$ y ], V a check box "Enable Drives" inside the dialog. For security and more stability this is deactivated on the
! Y) T P. }' |, c6 t first run. If you enable it the checked state is saved to the ini file.
6 q( `- G ^5 m2 D9 M- enabling drives in Windows caused some hangs from time to time, this is now fixed by a recoded enable
$ O9 R' L. a$ j5 n* j. x( e drives function
9 i6 Z @, \! a5 m' Y6 _! f- port drivers portio32.sys and portio64.sys are now added to the executable and unpacked during runtime4 T$ U& X) W, s' J- X
- PATA and SATA controllers list updated
& e6 E; o$ u" H% P4 v- Fix for NForce motherboards in combination with drives like the "Samsung SH-D163C", "LG DH18NS40" or: e% P% q2 y! i
"LiteOn iHDS118"% L6 q& b5 K7 {3 p( N
Some drives have problems with flash identify, read, write and erase. This is clearly related to the, J5 c0 i6 h8 L7 I
NVidia NForce chipset. For manual mode in DosFlash16 an additional command line parameter is added called
$ [! H) R6 s, [( [% ]. I6 z "NFORCE FIX". This parameter should be set to 1 for NForce chipsets if you experience strange problems.
9 |* Z. b, J! l. c9 F In DosFlash32 and DosFlash64 we added a static control which shows if the NForce Fix is applied or not.
/ o% {1 R( ]7 R# _, S& n( F Remember there is no need to activate this with every drive. It seems to be a combination between drive0 w, l" o" y8 {& j, ?, I( a0 t' m
and NForce chipset that causes the problem. The fix is automatically applied for DosFlash16 in auto mode,
4 |# V0 E- x, b- l DosFlash32 and DosFlash64.1 j5 ]. L0 w" F' \# @
- DosFlash32 and DosFlash64 are now DPI Aware for Windows77 {! w" M$ ]/ a/ N6 |
- New task Verfiy Key/Inject Key added for verification/injection of drive keys) B: B8 g& B8 R! X. o
All DosFlash versions now have the possibility to validate drive keys against an XBOX360 drive and set
, B7 o) j8 J/ Z! ` the key for an XBOX360 drive. We use the same authentication method like the console to verify a key.) x9 w' k2 _: v( W1 A8 e
In the Windows versions you have the choice to paste the drive key from the clipboard to our custom hex
. P. f4 W" ^% y* m edit control or load a key file. To add a key simply click right inside the hex edit control and select5 R8 k; s7 w5 I) h4 \9 `+ \
your choice from the shortcut menu. In DosFlash16 you can enter the key in the format "1A-2B-3C" without
% u$ m+ A* k( ^" U; \9 T/ i$ Q quotes. Remember that a key has 16 bytes of data. The key file to import should also have 16 bytes of data
5 N% ~' q% o% _1 d, U like the key files exported by LiteOn Key functions.
+ m- _9 _: ^- I$ H- Removed multiple key extractions for LiteOn Key functions, added Verify Key after extraction3 l6 i5 `4 }- E6 R( O# ~( x+ o
For LiteOn Key functions we removed the multiple extractions, because the key is now verified immediately
1 W( }# p) I7 K1 Q3 W against the XBOX360 drive.
4 v, {# L% j3 L- LiteOn Key V1 and V2 now also extract the file Serial.bin and the 2nd inquiry file Inquiry2.bin* y: I( x" T1 M( `7 w
We added the file Serial.bin and Inquiry2.bin to LiteOn Key functions. Inquiry2.bin is only generated for3 y" W1 |- _9 y' |6 `
LiteOn drives V1 and V2.
" m8 b4 ]3 t7 X' j- The drive key of Maximus patched UART drives can be extracted by using the task "LiteOn Key V1 (DvdKey)"
% e8 b; v3 a' ] The drive check has been removed from LiteOn Key functions. This way we can extract a key from an UART ( l9 |+ y& r8 @7 B; h W
patched drive firmware by Maximus.' A: k+ ?1 W& V: s1 q, F" u
- LiteOn files are now extracted to a destination folder instead of prompting the user for every file name.1 }2 I1 P# x( d
- LiteOn key extraction tasks separated per drive version in "LiteOn Key V1 (DvdKey)", "LiteOn Key V2 (FreeKey)"% c$ R$ d0 P9 A1 v' Y0 m5 Y$ N
and "LiteOn Key V3 (Tarablinda)"
, i; C, d1 C% h* f" L( n- In DosFlash32 and DosFlash64 the number of installed COM ports in the system are now enumerated instead of5 {# U; S- s6 Z6 ?
adding port 1 to 4
( E; o3 S) J0 U7 Z8 v1 \- For failing cdb commands the sense code is returned
3 q5 a+ G- `% V% E- Geremia's Tarablinda functionality added& T7 K4 t! h: c( T& G: @
We added all Tarablinda tasks to every DosFlash version. You can extract the key by choosing the task
) j/ r: D+ s0 M: ?! ?, }7 D( `1 D% u. \9 M "LiteOn Key V3 (Tarablinda)". For read, write and erase of the flash simply use the standard functions.2 T+ S, a9 G* p/ [
Pay attention that the "LiteOn Erase V1/V2" task is only available for older LiteOns and not for the Slim.
# j, M. q3 l6 p' k7 { You should use "Read Flash", "Write Flash" and "Erase Flash" for the Slim. "LiteOn Key V3 (Tarablinda)"/ e( h& D( z! e% u8 u
extracts 1 additional file in comparison to Tarablinda v04b, this file is called Xtram.bin and contains# a. G- L- V( `" c$ A9 `
a dump of the XTRAM8000 area. This can differ in a few bytes from one dump to the next.
9 J' B: u, Y' H% s( `' m2 N- Device Reset in DosFlash16 manual mode is now done automatically, there is no option to turn it off anymore( Q3 x& R; ]" d# G1 B
- Code optimization to work with modern SATA2 controllers added, remember to set SATA controllers to IDE and
3 y. b* F0 ?5 p& Z3 Y/ i& U3 R& M not AHCI mode otherwise Port I/O will not work
! _; {5 e- K" s k- Warning: The read, write and erase of the Slim drive is considered risky in general! So pay attention and
3 i8 A% X" w3 ^* Y1 }4 d always remember you use DosFlash on your own risk every time! Even during flash read the Slim gets flashed
8 }7 w2 |: T7 ^* k. R7 M0 m* }# H P with a patched firmware sector to retrieve the complete dump!
[: S1 `& [; ]9 @0 ~- We had to change many command line arguments for DosFlash16 Manual Mode, because of the NForce Fix, added5 r& `+ s4 }7 E* `6 F# Y
Tarablinda support and splitting of LiteOn Key functions. To get a better understanding we added the example
' e# m2 ~1 l. }; k+ p8 X section below.
! D [) h; C$ m: H4 r! g
& {4 ?8 i$ a. l# P# h$ c: C) c8 H) h7 q# w& ^
DosFlash16 Manual Mode Examples# e, _7 Z- r! n( F
---------------------------------/ {( i* n! h# N6 U* ?' q
- Extract drive key on a " LDS DG-16D2S 74850C" over UART -> "LiteOn Key V1 (DvdKey)") v( ~0 U# O% k) {6 H) [
DOSFLASH LITEON K V1 0970 A0 1
+ f+ f7 n. T/ M. w2 L
+ |8 U4 P8 K- W8 ~- Extract drive key on a "LDS DG-16D2S 83850C" over SATA -> "LiteOn Key V2 (FreeKey)"
- v3 @$ h! `3 h6 a- D8 @ C DOSFLASH LITEON K V2 0970 A0
( t7 o- l0 B& F* e m+ }
* `! H/ C- }5 o" ^1 i( q4 r- Extract drive key on a "LDS DG-16D4S 9504" over SATA -> "LiteOn Key V3 (Tarablinda)"% G5 \& v# p' T: [6 ^* a/ P
DOSFLASH LITEON K V3 0970 A09 o; N# u$ d# T Z: D7 s" Q
- @' ?# N2 d1 ~9 l7 |3 \- G
- Read firmware on a "LDS DG-16D4S 9504" -> "Read Flash" this is considered risky!% t' _' u3 _% z, a& Z' [5 M! `% z
DOSFLASH R 0970 1 A0 3 0 4 FWOUT.BIN 0: Y4 x: n7 y2 q% ^" j6 A/ t, P
7 h, t& t1 p$ w+ ?: ~* N- Write firmware on a "LDS DG-16D4S 9504" -> "Write Flash" this is considered risky!4 a) I8 ~* h/ v& }, e6 Y% R
DOSFLASH W 0970 1 A0 3 0 4 FWIN.BIN 0
. K+ }5 W Y/ @! ?5 s" i% |+ g- T G$ w5 m
- Erase firmware on a "LDS DG-16D4S 9504" -> "Erase Flash" this is considered risky!
& D1 C- e" i9 W2 d2 z. [ DOSFLASH E 0970 1 A0 3 0 4 C7 01 y+ j8 Q6 X9 ? }
% B1 f) z& O) n* Q# r9 q7 r- Erase firmware on a "LDS DG-16D2S 74850C" or a "LDS DG-16D2S 83850C" -> "LiteOn Erase V1/V2"' m5 r: c' ]* [3 U2 X6 s8 I2 ]' f
DOSFLASH LITEON E 0970 A0
6 s: S2 Z+ Q: L4 i" |. B2 P
2 }' b% A; C4 P. ?* z- Read firmware on a "Samsung SH-D163C", "LG DH18NS40" or "LiteOn iHDS118" and a NForce motherboard -> "Read Flash"
% C5 s0 V5 F7 r! o' | DOSFLASH R 0970 1 A0 2 0 4 FWOUT.BIN 1
( X; N) ` G; z# y, c5 \0 s; t6 f+ D& w( j/ R; o6 e
- Write firmware on a "Samsung SH-D163C", "LG DH18NS40" or "LiteOn iHDS118" and a NForce motherboard -> "Write Flash"
! C- B* h! p# S3 {4 G DOSFLASH W 0970 1 A0 2 0 4 FWIN.BIN 1
4 G& Z" b3 g4 [: m& n9 i7 ^; {3 s5 F
- Erase firmware on a "Samsung SH-D163C", "LG DH18NS40" or "LiteOn iHDS118" and a NForce motherboard -> "Erase Flash"
1 @& W5 o: C% R$ _ DOSFLASH E 0970 1 A0 2 0 4 C7 1
$ E2 _# L9 ^' [% S/ ~
+ K4 k* i: d& U7 A V3 X- Verify drive key on a XBOX360 drive, enter the drive key manual! K- i( \2 I4 t( q( @( S0 Q& I7 U% h: |
DOSFLASH V 0970 A0 12-34-56-78-90-AB-CD-EF-12-34-56-78-90-AB-CD-EF6 }' }5 M1 w) a7 n* l w
0 i r T" r1 S1 ^: d$ v- Verify drive key on a XBOX360 drive, load a drive key file
0 {9 o& U N0 y- O+ ` DOSFLASH V 0970 A0 KEY.BIN
7 e$ a) }3 W1 t; M$ H$ P3 ~# C* A5 |
, M# L& z1 l: M' G- Inject drive key on a XBOX360 drive, enter the drive key manual3 l! ]/ f; J+ g2 r" ~
DOSFLASH I 0970 A0 12-34-56-78-90-AB-CD-EF-12-34-56-78-90-AB-CD-EF5 B( |0 h5 R' \. O
$ ]0 Y! ~. y3 V' H/ I% {
- Inject drive key on a XBOX360 drive, load a drive key file) U. {; L) M) ~& u+ ^7 z
DOSFLASH I 0970 A0 KEY.BIN
) v. A& x& {6 d: n5 P3 I
4 C! a' \. U+ E9 E5 fFor DosFlash drives on which we can extract the key via UART are considered V1. Drives we get the key over
: H8 ~! x; I- v" U+ J( hSATA are considered V2. The new Slim is considered V3 but only firmware version 9504 is supported atm.; O' C/ d& M2 B! R
1 X+ ]1 Z( d+ Z7 g, B9 Y! x: F4 G, a. f7 `
Many thanks to Geremia, Modfreakz, Redline99 and Tiros for their support. Special thanks to Geremia and
( u( w" p' r! C& O7 i! [& l3 ?- ~ C9 KModfreakz for drive sponsoring, testing, coding and much more. It is always a pleasure to work with you. m7 x/ C1 n4 U( w6 W8 W: `5 @( m. m
professional guys! Respect to Maximus for his UART enable patch. I'm looking forward to your magic Lizard% Y/ t9 r1 T6 v- ~' c9 v2 K
hardware flasher!
9 m1 W$ m n: e3 e6 i" N0 G' u. b4 b/ Y3 J1 h) ] D7 {
Happy new year 2011!3 v6 p. k% T; M4 V' j5 H1 j I, ^6 f
Kai Schtrom* O. p7 {/ L8 Q3 g# j! e# b
1 j* m1 b. F& `; p8 O
************************************************************************************************8 o/ w2 b, ]) J6 C1 d
5 o# W4 B. G$ K
) { N& F8 H. p8 B) ?DosFlash V1.8 Release Date 08.08.2009* j1 R7 Z6 O! D5 }$ l m
---------------------------------------
/ }4 G4 y( u( c- now supports LiteOn PLDS DG-16D2S 83850C V2 Geremia/Maximus LiteOn FreeKey method) D, S1 N4 Y8 k+ T% }8 O
- huge firmware read/write speed increase, especially if run from a floppy disk1 ^/ t0 g7 z) K, c4 w- l1 J1 G
- updated IDE/SATA motherboard chipset list9 {1 c; c0 t! k% W8 M( _; r8 _: Z
- new IDE/SATA detection for Windows and DOS/ K& U' e% A& l4 c
- DosFlash.typ embedded in executable file5 k& h W% f0 v4 ?9 W* ]5 o$ T
- LiteOn V1 drive key is now extracted 10 times and compared against each other,7 g" _$ G2 ?) O* }4 j
after the extraction a summary is displayed sorted by the most common matches3 ?) Y' p# f3 D( P4 C. N
- LiteOn V2 drive key is extracted 2 times and compared1 k) }$ J: W6 |% |# n
- new BenQ unlock keys added to unlock all known BenQ drive firmwares
( O" b1 d1 P' [- command line parameter "EnableDrives" removed, DosFlash asks the user on
" T, O& i; n5 O9 m/ D0 z8 b# Y, A application close if he wants to enable the drives or not, during the tests it: Z4 l0 n+ b0 c
seems that IDE drives have problems with the enable, SATA drives seem to @4 ?# b. c2 {" P/ D) `1 Y" d t
work fine
% n- A9 O' l% o+ w) j1 P: h- V- new 64-bit DosFlash edition added called DosFlash64, because some driver
9 R3 B8 @# b- Y7 Y. D) ` J functions don't work as expected in the 32 bit compatibility mode on Windows x64
4 E/ j/ \7 x5 h& F- Beta state removed* p, w' L7 f( L( p
- ready and tested on Windows7 X86 and x649 X% `0 W* Z( @: Y
. Z, K/ U2 P6 ?- y! }6 R* w* a+ v! n
Geremia/Maximus FreeKey method with DosFlash16
! R8 b( r+ R$ u. G------------------------------------------------
. Q. L0 s6 e/ ~We have added one cmd line parameter for DosFlash16 in manual mode. The COM port7 }& `" l* x. E6 {2 c$ L
is simply ignored and can have any value for the V2 drives.
0 b" A* I8 W7 X' CUse the following command line to extract your free key from 83850C:6 s1 H( f- G; W; H) B
- DosFlash LITEON K 0970 1 inquiry.bin identify.bin key.bin dummy.bin enckey.bin
* J8 q! T5 p- \/ M2 i% ?
/ O% ^, Y1 B! U h5 r5 Y0 a, N
Tips for running DosFlash on Windows 72 d$ U/ i; }: R2 X) B
----------------------------------------
0 |8 `/ m0 Y0 M P5 c7 l4 i
, }( d/ J# H/ }4 k' K2 R) M/ I' hSince Windows Vista 64 Bit and upwards it is necessary that every driver is signed. Because0 s0 i* h4 c$ c- Q" T8 M1 S- s: E, T
the DosFlash driver will not be signed by MS due to some unknown reason we need to circumvent& W3 z! F/ h$ l; B! V
this check. You have the following 2 possibilities to do this.
. n1 A3 H( j# m; h7 N
9 H& [4 n6 x! RSafe Way of Disabling Driver Signature Enforcement
; j& Y7 O7 A6 ?1) On Windows 7 bootup press F8 to get to the extended boot options screen4 G! v8 \/ ~ V# |, @4 f Y& N
2) Choose "Disable Driver Signature Enforcement"4 F, f1 _/ _9 o0 M. i. T& V- W
3) To start DosFlash right click on it in Windows Explorer and choose
( \- V; N- ~9 D! B "Run as administrator" > answer the message box with "Yes" b: t2 v+ H' t' S- K
4) Short after the program started a "rogram Compatibility Assistant" warning message2 z- K5 M+ G% }, @, m
is displayed, you can simply ignore this by pressing the "Close" button6 p) W) p! l, z- Y* r" z
2 E! M8 }( h$ X xRecommended Way of Disabling Driver Signature Enforcement
- ^% P+ {4 j4 b1 o4 h, u! @1 X1) Disable User Account Control (UAC)
. G4 P/ a0 x; E+ M5 v6 Y# j' J, l - go to "Start Menu" > "Control Panel" > "User Accounts and Family Safety" > "User Accounts"# K! d: z; P/ J( ?6 h
- click on "Change User Account Control settings"0 x2 ^: w4 }) A
- set the slider bar to the lowest value (Never notify) > click "OK"
$ P7 u$ ^6 z' B# T; P2) Sign the DosFlash driver P! ^; e/ k0 ^6 \+ |* f& o
- download the "Driver Signature Enforcement Overrider" (DSEO) from
, C w+ U, K1 N; ?& X9 w3 [, U4 ? http://www.ngohq.com/home.php?page=dseo w* ^+ i8 q* }+ G$ U
- start DSEO > click "Next" > "Yes" > choose "Sign a System File" > "Next" > enter the path to
( ?6 ?& c: R/ A% p the used driver (portio32.sys or portio64.sys) > "OK" > "OK"% w7 k+ m( K( g e
3) Disable Driver Signature Enforcement( [& ?) w, [) U5 _- v7 o
- start DSEO > click "Next" > "Yes" > choose "Enable Test Mode" > "Next" > "OK"
4 I, D9 E% P1 Y5 b8 J4) Restart the computer
7 y! Q8 i4 P3 Q. R$ }
% u0 M% J- v; m8 lKeep in mind that with the recommended way the changes will have effect on every reboot without
& Y7 h- S( @* _' t2 g7 ldoing anything manual. The first way needs to be done over and over again. In addition the second% M! e: m" F( Y) ]6 ]1 q; R
way can be used to sign every driver that doesn't run natively on Windows 7.4 m2 I" k9 o; H" k* c+ I# P
$ |% V/ c, B9 x
For use of the VIA Cards in Windows 7 it is recommended to uninstall the VIA driver. This can be
9 D y0 v, c7 Cdone like follows:' H& [- x( w6 x* e4 B
- start "Device Manager" > expand "Storage controllers" > right click on "VIA RAID Controller" > - Y) F4 D2 @( G- I( {' D
choose "Uninstall" > "OK"
0 a. q. o& ?7 J( | t# ~- rename C:\Windows\inf\vsmraid.inf to vsmraid.inf_
" _( a% \+ n6 e7 q& O: h! z- rename C:\Windows\inf\vsmraid.PNF to vsmraid.PNF_
1 k! O5 C, ]7 e: G9 j- rename C:\Windows\System32\drivers\vsmraid.sys to vsmraid.sys_9 O7 }! f* ^8 Y5 h
- reboot computer
% ]) G! n, C6 M: m. N4 p" c6 v* e2 ?; X" x
! X9 F# P1 V; i% S9 ]+ k+ ~
Much respect and credits go to Geremia and Maximus for their money saving FreeKey app' F5 P/ v- {0 [! ~- |2 C
and their lightning like decryption speed!
4 E/ u! C# W$ D' X3 z; ]
r# F7 m8 _6 B) X0 C; BIn Dedication To The Birth Of FreeKey On August Fifth 2009
$ ~8 U s! Y- w3 @; NKai Schtrom/ Z& u+ |/ U' u. _5 p# V# E
4 m- ]$ }7 T6 b
! z2 J, K& r9 K9 [ f& L************************************************************************************************
1 v3 a' s( M2 }/ w5 \$ O- \9 f# X: c" o! t7 f3 E- o# Q+ S
& ?0 U6 x5 o& J0 k# t. HDosFlash and DosFlash32 V1.7 Beta Release Date 23.12.2008
6 |; ~3 T% y. F) W6 f-----------------------------------------------------------' _5 ] c! K" F
- now supports LiteOn PLDS DG-16D2S 74850C and Geremia's LiteOn Erase and DvdKey method& a$ u4 d; B* ?3 D
( Z: ]2 Y+ F+ s
) {% u# ]( c9 rThe following only applies to the new XBox360 LiteOn drive PLDS DG-16D2S 74850C.! Z: m4 \+ h/ E$ v9 b- w) f
% V3 v& y: ]9 A8 ]. \7 B& r
3 X0 x4 W% f- ^! U% i- f" I
Geremia's DvdKey method with DosFlash16 with the PC's psu
: ^& ^' p# T( ?: G f-----------------------------------------------------------0 t( t1 F' d5 i: c1 V
- disable CD-ROM boot option in BIOS5 J* z6 ^& N( z2 `' K N
- connect LiteOn to your PC's power supply unit and SATA port
* `' N* e& s+ s0 V0 d+ m7 U- power up PC, wait until bootup is finished
% S$ o4 x5 @: T3 {; Q' T- eject tray of the LiteOn and shutdown PC completely
' B) ~" P! P8 s: @0 e2 x+ v8 G- push the LiteOn tray half in
/ D2 v' H% J& W2 A& r8 w; ^! A- power up PC and boot into DOS
2 N2 Q+ a/ b D- run DosFlash16 in auto mode
7 K; g) t4 K/ C0 L5 P- if you read the following:# ^# H& m: I. ^3 Q. ~# |" o
MTK Vendor Intro failed on port 0x????.
9 O; j: Y- u$ K9 |: O If you choose to resend the command you should turn the drive off and on
1 Q8 ?* U0 y& M) ` @5 j after you pressed "Yes".
8 ]! p* a% j& L Do you want to resend the command until the drive responds (Y/N)?
7 M8 w& [+ h2 n5 c4 O8 V" Z- press 'N' for "No"
7 `$ H: r3 R" F2 b! k- choose the number of your LiteOn ATAPI drive; i1 I$ n6 o$ D- f# a
- enter "LITEON K" to read the drive key, l5 h" E9 F# C1 n
- type the names of inquiry.bin, identify.bin, key.bin and dummy.bin output files0 D* H! B/ Y: s' Q: ~/ p" O
- enter the number of the COM port
9 x3 W3 h- {% Y5 R! f) |- if you read the following:+ n7 o% j; V' `
To receive the drive key use Geremia's DvdKey method like follows:
% H2 ^- D* Z5 m- J6 T, B - Connect your drive with a serial cable to the COM port
( w/ i- u2 N( v% _# j0 G - Eject drive tray
& X/ M4 i6 \5 U. \1 Y8 I - Power off drive
3 z# Q* B+ D! B- M - Push drive tray in until it is half open
' H# l# ]- h$ t: n - Power on drive
6 D ]& x9 S0 G' t; V - Press "Yes" if you are ready
. M( n: y- Y5 X, v/ H) h" K Are you ready (Y/N)?
( g0 N4 ?& \) |6 |- simply press 'Yes' without doing anything of the above, because we
/ s) N. X0 ~4 x# R already did that before& I$ d4 V7 q( M
- after this DosFlash16 displays your DVD-Key and saves your key and identify data% Y1 x1 W2 x# G- x' c) X% x
- to do the above steps in manual mode use the following command line if your drive! Q0 E9 D8 r3 N; X* f, K1 F! A
is connected to port 0x0970 and serial cable is on COM port 1
f/ A- s' a/ c Y2 \/ @4 Y DosFlash LITEON K 0970 1 inquiry.bin identify.bin key.bin dummy.bin
' r6 R. n- i# V' N0 A: l9 u! `. o& e/ P9 a
* J: t! ^7 Q' d6 h9 yGeremia's DvdKey method with DosFlash16 and 2nd psu( ? X/ S- I3 I+ |1 M- x
-----------------------------------------------------
/ K; x+ y! m k# P& u4 a$ R A2 M- connect a separate power supply unit to the LiteOn, don't turn it on yet
4 C7 V0 U8 `( x; t" ? d4 M/ M4 `( E- power up PC and boot into DOS
1 i) p. x0 L$ K2 K V+ R7 O& x- turn on the LiteOn psu$ h! d/ ^$ p X7 t( m
- run DosFlash16 in auto mode
0 |- ^7 N9 B3 I& G6 s- if you read the following:6 z+ |! M6 n( X
MTK Vendor Intro failed on port 0x????.5 k% O7 Z" Q0 h+ J# M
If you choose to resend the command you should turn the drive off and on
" B! p& U+ W& K p2 t" ` after you pressed "Yes".) \. ~! O% r3 }0 g
Do you want to resend the command until the drive responds (Y/N)?
) J: b Z. s- d8 ?9 q* ?: }- press 'N' for "No"
3 Y0 f) L# v8 v( M: v3 m @- choose the number of your LiteOn ATAPI drive# g. c& J! [5 |/ I. k! r
- enter "LITEON K" to read the drive key1 k) `- I# d$ j2 g$ i
- type the names of inquiry.bin, identify.bin, key.bin and dummy.bin output files; S# G, p6 Q- N$ ?
- enter the number of the COM port% [" |# \- c0 w
- if you read the following:
4 U8 q8 J' _; N' n) g; _ To receive the drive key use Geremia's DvdKey method like follows:
/ @* d/ @; j( e - Connect your drive with a serial cable to the COM port5 }, R* k l4 E) J
- Eject drive tray
1 M B" g5 E- O - Power off drive
}0 c) B* c, {$ }- ? - Push drive tray in until it is half open
6 Q( n0 ~! h! z- V1 n) O - Power on drive
) ~5 {( o# ]; B i9 _* J0 z - Press "Yes" if you are ready
3 S' i: S/ U1 _6 Y9 g8 O+ k* j Are you ready (Y/N)?
3 m" n& J( W4 r) s: {" q6 n# ?' D- do the above and press 'Yes'8 |6 X1 y U9 ]7 B& N% [- M
- after this DosFlash16 displays your DVD-Key and saves your key and identify data
7 s+ |( o+ X7 M' R% I% s9 K. i3 d8 I$ q- }2 a) I, e
, q8 f$ r, E/ r$ tGeremia's LiteOn Erase method with DosFlash16 and 2nd psu
( Z+ ?0 P% _ S' Q% ? z' S-----------------------------------------------------------* C1 j; S" F) d- H j
- connect a separate power supply unit to the LiteOn, don't turn it on yet# {: {' c: a( T3 ]: ]8 U2 ]
- power up PC and boot into DOS, @' y) s4 p0 u# }# g
- turn on the LiteOn psu
# ~: F1 y+ F; n4 O- run DosFlash16 in auto mode8 w+ Z$ E( l! c A2 I) g9 J
- if you read the following:
' l1 t e {5 s& ]: h7 Y- X MTK Vendor Intro failed on port 0x????.% B6 s" l$ j) R! t/ k( {+ d
If you choose to resend the command you should turn the drive off and on' N1 F r& k. N5 h
after you pressed "Yes"., O1 c. ?6 {& U) X5 x9 h
Do you want to resend the command until the drive responds (Y/N)?
) G& W. t7 L4 O; w' u1 J3 `5 y- press 'N' for "No"0 i% ~1 N; q$ h
- choose the number of your LiteOn ATAPI drive
$ R( c; T2 v# D# L- Warning!!! Keep in mind that you will need the drive key before you erase the flash,/ L0 |$ Z' N# }* Z3 W. A# K/ g
without the drive key your XBox360 will not work anymore
) i6 I/ w8 V6 s) h! W- enter "LITEON E" to erase the flash
8 I+ X" P* y: b! {: H- the first time after the LiteOn Erase the drive needs to be repowered to give/ I1 U+ }1 I0 ?5 H- S
flash chip access, this can be achieved by repowering the drive before another3 w$ P% L Y2 ~9 V# s
DosFlash16 start in auto mode or by doing a MTK Vendor Intro Power Brute( [: n! M' d$ b+ O4 [
- in my tests it did not work to power the drive with the PC's psu, because it will
' F3 S7 W; m0 s+ o& T always respond with busy status
3 J) f, d$ _) u1 ?- DosFlash16 can now read, write and erase the flash chip like usual
+ H+ I/ f5 ]7 N$ N; V# J% S% L- to do the above steps in manual mode use the following command line if your drive! [' F S% t2 \% Y5 W+ E
is connected to port 0x0970
) u" ?" t0 K( W% v% `' T DosFlash LITEON E 0970
# M; U1 _0 w% K& O7 d/ ]- C: E1 s- R2 u4 S; R
: x& J5 q+ e5 d/ g; T" U
Geremia's DvdKey method with DosFlash32 with the PC's psu2 Z9 o# Z% R6 L: m- v% R
-----------------------------------------------------------
?* ^/ s8 ~8 E4 o4 \, c: N3 t- disable CD-ROM boot option in BIOS
) R' q. b) o* i3 `& r0 n- connect LiteOn to your PC's power supply unit and SATA port5 ^0 y! l% [- P5 C9 I
- power up PC, wait until bootup is finished* `# e3 @/ N5 `* r* _
- eject tray of the LiteOn and shutdown PC completely$ i$ V5 k4 G. k9 {1 l, T n8 K
- push the LiteOn tray half in
. m1 {3 n+ p' d. Z R- power up PC and boot into Windows' f9 M; f1 N% G3 e" O
- run DosFlash32& r6 U2 e3 I2 H& I1 L
- if you read the following:1 `+ }! N2 |+ b) r/ p" W
MTK Vendor Intro failed on port 0x????.; m+ K0 a' Z( t$ Q5 V
If you choose to resend the command you should turn the drive off and on3 j, i; \0 ?- d/ n
after you pressed "Yes".3 U' `. Y) o! N1 ?2 a2 K# ~
Do you want to resend the command until the drive responds?
, C9 l8 p7 q7 F9 c; f7 |- G- press 'No'! B4 \5 l( K" w9 `) T+ `
- choose "LiteOn DvdKey" as flashing task; v$ K- e* H7 r+ o) j
- choose the COM port number
7 b+ Z4 G- u" n- press on "LiteOn DvdKey" button
* S# h4 U: t6 G, w% R- enter the names of inquiry.bin, identify.bin, key.bin and dummy.bin output files: r8 a. j5 G' W5 Z7 g" q7 y' j
- if you read the following:/ ^( l8 y3 B1 N7 y8 p
To receive the drive key use Geremia's DvdKey method like follows:
$ i J# u n, F8 n3 `1 }# j: p7 J - Connect your drive with a serial cable to the COM port, Q H8 ^# Z6 ^
- Eject drive tray
' i! J; n; c5 ^0 l - Power off drive. f0 g! g" R- e. q$ o
- Push drive tray in until it is half open6 d6 q7 i0 Q* e$ ~9 u
- Power on drive
5 r+ P* ]* y, |4 o: J7 R - Press "Yes" if you are ready0 h) j, r' b( `* s" i9 n
Are you ready?' L. h0 h7 X7 D+ ?3 |3 V
- simply press 'Yes' without doing anything of the above, because we
" g) T% A* N; D! Q; [; s, Q already did that before
9 A7 E3 |, U; x6 F/ ^- after this DosFlash32 displays your DVD-Key and saves your key and identify data
& g' U( s/ C3 b9 U J) S2 _5 b5 K) t
& Z- }& U0 W- u7 l2 V) j2 P. h2 `+ R. C: C2 H
Geremia's DvdKey method with DosFlash32 and 2nd psu2 L5 F) }" l7 M6 R
------------------------------------------------------ f! w* v" G- l1 u+ N
- connect a separate power supply unit to the LiteOn, don't turn it on yet! Q' J9 B* p$ a2 R
- power up PC and boot into Windows; \8 k2 j$ [: N5 {
- turn on the LiteOn psu
8 [/ H2 a' w/ K" M( o, X' L4 M- run DosFlash32" k. V; g6 O$ O7 ~/ w1 v' }' H9 ^& @
- if you read the following:' j. a4 k. K5 _! Z% l
MTK Vendor Intro failed on port 0x????.4 [4 A5 V3 }; m3 r0 l" g
If you choose to resend the command you should turn the drive off and on7 m) d# B7 s# r& @1 ]
after you pressed "Yes".
' j l( h O, v& g Do you want to resend the command until the drive responds?
2 K6 H% L( C# e( p8 F- press 'No'
8 {- y8 o+ H; `, X) t% t1 ?2 F& I& t- choose "LiteOn DvdKey" as flashing task
8 g2 }4 `1 [7 ~% h# N% o6 l- choose the COM port number- F. G* Q3 z% y% M* H
- press on "LiteOn DvdKey" button. v' y2 f5 I% M& a) S' z
- enter the names of inquiry.bin, identify.bin, key.bin and dummy.bin output files% ?+ {! e$ H/ r( `
- if you read the following:
" ~# ^+ q* c& u* V2 K To receive the drive key use Geremia's DvdKey method like follows:
& c8 e& J% r/ u9 } - Connect your drive with a serial cable to the COM port1 U5 d: u0 ]" r4 `) _0 W
- Eject drive tray
3 V* W! j/ N! b% K- K - Power off drive
4 ]( R0 X; P$ a, y- e3 b - Push drive tray in until it is half open
' v$ D5 {. z6 B: R7 T9 O# Q - Power on drive
6 A. x4 p3 R. N2 B! |) [# Z8 V - Press "Yes" if you are ready2 Q" d8 @! I! I e$ B
Are you ready?
$ ?8 S: a" L5 Q% ~- do the above and press 'Yes'1 B1 g! q( d. w d: Z f0 S
- after this DosFlash32 displays your DVD-Key and saves your key and identify data: z' f- d# _9 V1 }" h0 H9 \9 H
- s3 [3 K7 m. [0 Y. o
: x. C3 n2 O- l% T, ~Geremia's LiteOn Erase method with DosFlash32 and 2nd psu9 B0 J8 X6 f( C# {3 Q+ {2 R. p
-----------------------------------------------------------
, w+ w$ e- Q; N& V- connect a separate power supply unit to the LiteOn, don't turn it on yet4 c4 R# _3 S* i) _
- power up PC and boot into Windows+ A5 j' g8 c9 Y; ]9 ]) z
- turn on the LiteOn psu: c3 A6 e; V$ L; O" G' U$ L
- run DosFlash32
- P e% f' B& u$ |. I( }# y+ g- if you read the following:
5 U# Z$ D2 W* w w1 r* v5 [ MTK Vendor Intro failed on port 0x????.& M9 t) {9 o6 O
If you choose to resend the command you should turn the drive off and on
1 a t- c8 ^4 d after you pressed "Yes".
; p, n3 o2 z0 ^- x Do you want to resend the command until the drive responds?4 M- S- A9 o$ o: V
- press 'No'5 w7 o* B+ J f
- the LiteOn flash is not identified
$ i8 h8 e _- y, X7 V" w( s- choose "LiteOn Erase" as flashing task0 I: k2 H, l! ?- t, j
- Warning!!! Keep in mind that you will need the drive key before you erase the flash,8 Z+ ^ P5 K$ B% \
without the drive key your XBox360 will not work anymore
# w7 i2 G2 y y* Q8 K+ u: W+ j1 X- press on "LiteOn Erase" button# [# f2 t8 B; o$ T9 G1 p4 N @
- the first time after the LiteOn Erase the drive needs to be repowered to give
0 z/ w+ w* N4 A! `" B flash chip access, this can be achieved by repowering the drive before another
+ ?! D; d7 u' P DosFlash32 start or by doing a MTK Vendor Intro Power Brute
5 }5 p5 M1 d3 P6 ^- in my tests it did not work to power the drive with the PC's psu, because it will
3 e3 M g" T4 T always respond with busy status4 n0 l0 C! H; Z; S3 N
- DosFlash32 can now read, write and erase the flash chip like usual* H u1 A! t1 m( c- s* F
7 f* c9 ?% d7 j. T! w. K7 L5 Y
3 Y5 B8 R) ^% n5 w) K/ F9 j/ aRespect to Geremia, Modfreakz, Podger, Redline99 and Tiros.
0 `8 o+ `- n* u- D M
0 o& t' Q' D3 O+ DLike a wise man said: "0x2E is the MTK Intro of Death"8 N Q( w, N5 ^: V
Kai Schtrom8 v# ~; I9 S a, C/ [# _) g* w) N/ h
/ t( K3 Z$ F1 q: Y! E2 L
- F- T( v! h, X T
************************************************************************************************
9 h, | u3 e3 o. p; U: `* q2 a$ } J4 g& }2 C
' e- X2 E) i# t- K2 SDosFlash and DosFlash32 V1.6 Beta1 V6 E Q+ B: }! ]0 U/ o
-----------------------------------
( Q* J+ C/ [7 N) J1 B- b- fixed power brute unlock bug for VIA cards, this can stop your VIA from working
+ ^$ X& r$ V' o4 w% u) c. E1 q/ ] with the power brute unlocking in Version 1.5
; i x% ~: X2 g" D- for DosFlash16 in auto mode on DOS my VIA card works best if I do a cold boot; g: e$ P3 }( N, h' k
and power up the drive short before or with the PC: J- p7 i) M" _6 A& P
- for DosFlash32 on Windows my VIA card works best if I power up the drive short. u+ k5 e7 N! ], i0 f2 [7 ^; E
before starting DosFlash32
% A/ z+ |* U# D+ [% p# o" f, Z5 r# X- for me the VIA works with internal and external connectors on DOS and Windows/ `( D% R, T: j6 J8 G$ F+ z7 R
" V& g7 V, z* I q6 z6 L. D
Sorry for the trouble!
y' j- g1 r- E3 Q9 ~Kai Schtrom
3 \+ j7 K5 M, Q: U5 O/ N
- u- g" R/ P4 y/ v$ I3 @) |. k. s8 s& E+ ]7 k# S' U. [- }
************************************************************************************************
4 |+ C* b8 X$ }3 c6 e) \' T- e& b( M0 M
3 B- k3 `5 B2 ^
Z/ p s& r) @0 lDosFlash and DosFlash32 V1.5 Beta+ o" ]5 q" ~' K8 i/ p$ G& p
-----------------------------------
4 k; d: [1 h# y2 W+ M U- now supports serial flash chip MT1309E with mediatek status 0x72 like the SH-D163B, SH-D162D,
$ {7 v$ G* i7 T7 r4 U Asus DVD-E616A3, Asus DVD-E818A3, Sony Optiarc DDU1671S+ ]2 ]$ |+ Q5 L& A# ?& o7 g0 F# i
- SST25LF020A and SST25LF040A chip support added( L& p9 g1 [5 `
- DosFlash32.exe ported from MFC to plain Windows API, exe size is now 22 KB# } q {& p' l1 b6 c) W' M
- new port i/o driver, because giveio.sys can't be compiled for 64 Bit Windows
( Q e" q+ D; b- DosFlash16 changed slighly in manual mode, one parameter is added to support SST25LF020A and4 C- ]& j2 l; w3 @' O& R k" h# F' l
SST25LF040A
5 K; x9 k( a# L$ n% D! v$ A- two new methods of BenQ soft unlock are now possible on all motherboards with only one power1 b0 a, R H' h9 T0 W! ~* h. S
supply unit4 ]8 C; j) U( d; p' |
- 1st method is powered by Geremia's unlock core, thanks for the complete idea, concept and
( N. D, X7 U1 t F source to Geremia
6 b) \' x9 [% \( c) A6 r- 2nd method is the Magic28 key send, this only works on BenQ VAD6038 firmware, thanks to- z) u. r0 G9 X+ j
c4eva and podger for the initial idea) ^ B& Z: i5 k6 j. S! Y9 [
- the two unlock methods are send one after the other if the drive is a possible unlock; r2 H- b- c- J0 k: b
candidate, first the Magic28 command, then Geremia's unlock commands and after that the# {0 X2 X6 U/ r, J
already known power brute unlock is send to the drive, you can cancel any of these methods
y2 o1 q3 H, [ before they are send to the target, this only applies to BenQ drives with a locked flash
- m- H. A3 Y! y- DosFlash.typ updated- n( z! I) G7 d8 |+ F
- other minor improvements" `' ?2 x7 G! {
- DosFlash32 is now ready for
/ Y2 m$ U& e& @9 T - Windows 2000
6 ^ ]: L. h5 w6 p7 I ~7 h$ P - Windows XP 32 Bit9 h# N, z( K( E3 l6 X
- Windows XP 64 Bit- X# j: [; i) s# Y7 B6 a- `+ G+ e. d
- Windows Server 2003 32 Bit
/ q% d% f1 Z6 R7 ]7 k! J - Windows Server 2003 64 Bit0 L2 J4 g2 _/ k
- Windows Vista 32 Bit. {' |. f5 q0 R5 n% r7 k
- Windows Vista 64 Bit
9 m2 z- H: @0 M8 w- Warning: Drivers for Windows Vista 64 Bit need to be signed, because we can't afford the, ~; [' ~+ I$ q% k8 g0 b
money to let portio64.sys sign you need to do the following:
: H% @) G W* L& V1 T8 r- [% E 1) Log on as Administrator8 n7 m7 R7 z- h. I" w& @
2) Enter the following command in a Dos-Box:
/ T4 D0 T% W4 ~+ i "bcdedit -set loadoptions DDISABLE_INTEGRITY_CHECKS"
: T) J2 P0 S3 C% E* F; d# Z& z (we made sure there are no typos in the line above)  ( d! X E5 x7 A1 {) l# E/ ?
3) Press enter and reboot your PC
" ^6 Q/ q/ R: b- t 4) Press F8 key upon initial system boot up# D2 z: C* T' c
5) Choose to disable forced driver signing enforcement for that boot session1 j3 D1 }1 C9 @% F
% C5 Y3 s c+ W, c6 ?
6 T' m& `1 o$ c- Z6 v" Q- w t* d3 j9 rThe following only applies to drives with a locked BenQ flash.% H( i: C% T% E( O& K2 o l# C( \3 K2 u
1 {6 z$ E7 g x- Y t
% K& N- Q% i" s) U c3 ^& R' c
Geremia's BenQ unlock with DosFlash16 / DosFlash32 on any motherboard with the PC's psu! O/ S( r/ C& t j/ e
-----------------------------------------------------------------------------------------7 v: S. E. E- Z" z
- disable CD-ROM boot option in BIOS }6 N+ y6 T; p/ u, ]4 q6 J
- connect BenQ to your PC's power supply unit and SATA port8 j" q4 N/ r, v4 S' J/ a$ g
- power up PC, wait until bootup is finished' r4 j+ Q8 |$ S/ E: {2 ~
- eject tray of the BenQ and shutdown PC completely
) q6 m. g$ @+ M G$ j* z8 r7 u- push the BenQ tray half in3 T+ h, K/ N9 V; j0 d5 ?
- power up PC and boot into DOS for DosFlash16 or Windows for DosFlash32, t0 X; W0 z$ |! c) [8 Z
- run DosFlash16 in auto mode for DOS or DosFlash32 for Windows0 `" O" S4 o1 u$ H' f
- if you read the following: w' {* t# H8 s: F
MTK Vendor Intro failed on port 0x????. Because there seems
2 B9 D0 ~) j3 F! d7 n/ Q! N' B% P to be a BenQ drive connected you should try Geremia's
; O' p; y3 N0 x8 d. ]# t) _* ~ unlock method.+ d6 u. u9 Y& K# f3 M
- Eject drive tray& c9 Q7 {# Z% S+ m# z
- Power off drive
* I1 w: T5 U: n4 p$ Y - Push drive tray in until it is half open1 A5 d- z- v" G* V% H* I' `$ g' a
- Power on drive
& b4 i5 X: g" C. x8 `# n$ |0 { - Press "Yes" if you are ready f9 C! A2 ] H- ~( G1 x
Are you ready (Y/N)?
( L* n+ Z+ h, v( g6 |: L- B# A+ U; `. T- simply press 'Yes' without doing anything of the above, because we( h* L0 q6 B2 S/ V
already did that before starting DosFlash16 / DosFlash32
7 S* O1 x& i8 j# F0 k( W$ e# U- S6 z- the BenQ flash should now be identified
8 V2 r, J+ X* T- { `- go on like usual
& ?3 D8 {. q6 c( M$ v& E: L" f% Z' i7 _# i6 G* |4 W$ O% u
0 X+ r3 Y0 \3 Q* n9 k
Geremia's BenQ unlock with DosFlash16 / DosFlash32 on any motherboard with 2nd psu
5 w% ^( P1 p2 ?# n1 v------------------------------------------------------------------------------------
9 \; h& w& Z9 k! f- connect a separate power supply unit to the BenQ, don't turn it on yet
Y8 V' \; [, F. r/ e- power up PC and boot into DOS/ y. D6 r; B/ p- T( c& o# Z
- run DosFlash16 in auto mode for DOS or DosFlash32 for Windows ]7 y# r: ]/ n" r3 u, O; q" b3 q
- if you read the following:
# [6 H8 q7 b y MTK Vendor Intro failed on port 0x????. Because there seems; ?1 W7 a- h& B5 Y& d
to be a BenQ drive connected you should try Geremia's
; i. k2 S$ y+ x7 a unlock method.
$ N" @# R! S2 j3 v! o w- y - Eject drive tray; s _& v* s* g7 D0 N
- Power off drive6 E) _7 `& ^8 E4 m# g" R" H% ]7 ?
- Push drive tray in until it is half open5 n/ G& A' S7 ]. B
- Power on drive
! H: i( Z7 W5 ~ - Press "Yes" if you are ready
$ H* h* o5 v5 E% ?. {$ A# @4 h3 F Are you ready (Y/N)?
! q( a9 R* m1 ^ ^3 n: y- X- do the above and press 'Yes'$ [. l4 t# i2 Z. K
- the BenQ flash should now be identified
) c! E) ?% @( t6 ^7 S, y9 |' P2 l- R- go on like usual
) j. D' E- U4 c1 g Y" \
. y" l/ p/ N" }2 X2 b n8 H, [; K' D2 z# [
Magic28 BenQ unlock with DosFlash16 / DosFlash32 on any motherboard1 `. c3 E" E$ d. z0 v5 a% T$ }- t
---------------------------------------------------------------------
8 _ g3 a) n0 E- connect BenQ to your PC's power supply unit and SATA port' y- r( R4 K P0 ^! S2 l; X
- power up PC and boot into DOS for DosFlash16 or Windows for DosFlash32. O& l/ w7 S* f+ ^# W1 [
- run DosFlash16 in auto mode for DOS or DosFlash32 for Windows
7 \1 x# b5 p& @/ I# F0 m; w7 @- if you read the following:
( I$ m5 Y* I$ `+ Z# I( r1 u5 Y MTK Vendor Intro failed on port 0x????. Because there seems
! @$ A! o3 g6 f6 J0 r8 V to be a BenQ VAD6038 drive connected you should try the
( J, K3 g$ L0 y% H7 A3 Q Magic28 unlock method.
0 c4 L. y. R s Do you want to send the Magic28 command?$ ]- a; M9 f3 w; G- o
- press 'Yes'! O: m6 Q+ v& Q n, y' J2 L
- the BenQ flash should now be identified( ?8 _4 {5 Q' l+ i
- go on like usual7 m8 b( ~. v {& W, }
/ u; O! {# y. M. K# _8 i( E. o2 w, w5 M. R0 B
Thanks to Redline99 and Tiros for help and support.
6 q% Y; c6 g& [7 e0 m2 X
' i( l9 s1 E% @" ?( L" hIt's all about DOS!
. N- S0 p! |: v% ]Thanks guys for the excellent team work!% q" U4 [: c$ n0 [1 l* k7 r
Geremia, Modfreakz and Kai Schtrom
0 x. G/ x5 x! D6 v: h
3 o6 Y/ R5 o% A5 V; S; a# }/ v& {3 F7 V1 N
************************************************************************************************
' l: t$ A7 V: ` b2 U* ?
0 x5 O0 X1 h# ]' P5 e
" K3 l7 _/ O3 [/ P SDosFlash and DosFlash32 V1.4 Beta. e3 k4 T) ^' D, B! s, T
-----------------------------------# f* S& E; m" g3 w/ h. N9 P4 n
- DROM6316 flashing support
$ i7 Y8 m9 W+ J, z$ h- a flash erase is now always done with a chip erase and not a sector erase command, because
; k" n4 m$ N9 ]& ^# R3 p the sector erase gives problems for some Winbond flash chips including the DROM6316$ y. ^3 l) q, E1 w- s* ]. b
- DosFlash.typ corrected and updated) X6 b, ?$ a; Z. E1 ]; b% R
- for a detailed explanation on the soft unlock look at the included file SoftUnlockByIriez.txt,
8 @, {* c; Z/ l it contains a very good explanation by Iriez from XBS, thanks for that one!: \9 ^' w& u8 b0 D
* S! t3 O! Q* v* j3 T- gThanks to Iriez, Jumba, Redline99 and Tiros for help and support.
( ]1 J S' b. n: y' ~ t9 [9 v8 T% E* v3 V& x$ q
Happy DROM bricking!% z' H# T' E {5 c+ j
Team Modfreakz and Kai Schtrom) P. z/ H' O: g! q# z
- x4 f0 j n: X( E0 N% e
! g. ]* y$ ?" N! G; R1 K3 S2 A************************************************************************************************0 v7 M( c) y4 t T! W1 P
. T$ G3 W8 q7 N* F% ?% ]
% f* p! u* S: l5 P' P5 B! D
DosFlash and DosFlash32 V1.3 Beta
' N6 }1 P i" f, B! o) ^5 H' R( D" j-----------------------------------+ r- N' B- _, ^3 G' h
- BenQ optimization in unlocking the flash chip, it should now be possible to read/write/erase! o7 d: z( P: K
the flash without any soldering or wire tricks, the drive is polled for the correct mtk
7 j& b$ O( b L2 [ unlocking status after power on, this only works for VIA cards and NForce boards atm
! @& J, A+ B- a, @- DosFlash32 has one additional parameter, if you start it with the parameter "EnableDrives"6 k- z9 x! t0 |7 H8 @2 [
all the DVD-ROMs are enabled in device manager after flashing, this could give BSOD on some0 g% K8 |9 N: o4 W; N
systems, therefor you need to create a DosFlash32 link and add that parameter manual to use it+ w3 E& L3 l" j) s6 ]3 A
- DosFlash16 has one additional parameter "Send ATAPI Device Reset" in manual mode, this could/ V F' F7 s- V$ G* Z, z6 P
give better chances for soft flashing on some VIA - motherboard combinations2 X" x& L- }4 w, h
- better support of Intel chipsets, drives can now be flashed if the controller is not set to v9 z! r5 S& c9 @9 x! k I
native mode in the BIOS
* ?8 `2 a# C; Z: ]7 p- the following controller list includes vendor and device IDs that are hardcoded to identify
' t6 t# t; x) }8 g! L the controller type (IDE or SATA), this is needed if the BIOS uses IDE ports like 0x01F0 or9 m# Y) X1 I5 M. A
0x0170 as SATA and not as IDE channels, this list is NOT related to soft flashing+ t: Q/ Y+ H1 |: ]) T- l3 H
- the following chipset support is added
# [0 I# @! E! @8 W' f' V6 ] - VIA cards8 ]6 p# N! d" H: @% o
- all VIA cards with a 6420 chipset2 o$ X0 B; K& J) p/ g p
- IDE Controllers
' M6 j4 \$ X- ?! d - NVIDIA nForce 2 IDE Controller
: F" b# }/ F7 y. t+ F - NVIDIA nForce 4 IDE Controller
) \, ]% G4 z4 `+ h9 H- U - Intel ICH9
) W! C, Y) c8 t' r - Intel ICH (i810,i815,i840)
. T9 g+ w/ V4 x% q) V6 ?* `: c. G( r0 N - Intel ICH08 L5 L9 u! z; N3 W9 Z: C ^- p
- Intel ICH2M8 V( g& D6 n" `, h* s1 T" g- B" l
- Intel ICH2 (i810E2,i845,850,860)
7 F9 t6 \: V* P6 w g, Y0 C8 P, o - Intel C-ICH (i810E2)
3 s: R; }1 Q9 I i$ q - Intel ICH3M# @! C2 F$ g5 }* R- O) N) ?( T3 f
- Intel ICH3 (E7500/1)8 w) O6 ]& J5 B( C. Z
- Intel ICH4 (i845GV,i845E,i852,i855)
' ^, t [8 W) Z - Intel ICH5
, m: m. g7 O7 u. M! b6 s' w# g5 V1 _ - Intel ESB (855GME/875P + 6300ESB)& o, U: I. |; z: F% \
- Intel ICH6 (and 6) (i915)& q& N% Q6 R7 J* q/ N. a% [7 Z: m' I
- Intel ICH7/7-R (i945, i975)- `9 ^* b1 W2 M9 ^7 D; h; K- \1 b
- Intel PIIX3 for the 430HX etc; R6 V2 w1 G5 W0 Y/ u2 j$ B) |
- Intel PIIX4
. U4 ^0 ^" X& y5 ]( X( ^ - Intel PIIX4 for the 430TX/440BX/MX chipset
7 w$ a& c9 r2 }; g - Intel PIIX3 ~7 N+ z$ i3 `$ V3 Y
- SATA Controllers8 q/ @' C' s1 v9 O9 r- E( s
- NVIDIA nForce 4 SATA Controller X$ \" [ L' k- z
- NVIDIA nForce 2 SATA Controller
$ i! B, e0 a5 z3 o4 h7 D+ U - NVIDIA nForce 3 SATA Controller
- [3 \$ f* N4 D, O8 m - NVIDIA nForce MCP04 SATA Controller' A. f0 U& }; q# z& n3 ?6 ^
- NVIDIA nForce MCP51 SATA Controller' B' j _" a/ H9 ~+ E
- NVIDIA nForce MCP55 SATA Controller+ X7 `* f# q. [ ]
- NVIDIA nForce MCP61 SATA Controller
" T& h% X* _; Q - Intel 82801EB (ICH5)
; ]% w, g l, `6 z4 d; _2 T+ N - Intel 6300ESB (ICH5)
+ i3 T& K) p/ X. y: \ - Intel 82801FB/FW (ICH6/ICH6W)
& |/ O: t2 H v7 { - Intel 82801FR/FRW (ICH6R/ICH6RW) P& [# x* j! u$ p: m/ m; u
- Intel 82801FBM ICH6M8 c' Q/ n5 c0 m0 H* u4 X
- Intel Enterprise Southbridge 2 (631xESB/632xESB)/ P6 D8 v% ]9 H- G: s
- Intel 82801GB/GR/GH (ICH7, identical to ICH6)
& e4 E# d W5 u. _ - Intel 2801GBM/GHM (ICH7M, identical to ICH6M)
" }6 ~4 \* ]6 {0 F, c2 F - Intel SATA Controller IDE (ICH8)
" p- X; p& U# E' M* X4 o0 |) P - Intel Mobile SATA Controller IDE (ICH8M)4 G5 [3 f4 }2 u$ l- _2 m
- Intel SATA Controller IDE (ICH9)
: ]2 G0 w8 Z9 q - Intel SATA Controller IDE (ICH9M)5 G; s3 i9 S4 B. ^# F9 [
5 v. j' F3 Y: Y0 z' v7 l9 X: z1 L+ O4 S S1 w
The following only applies to a software flash on a locked flash. The methods have been tested& y8 o/ y' R) W
with the BenQ and the Sammy. The VCC trick will work on any motherboard, but you need to do
2 ?) ]- [0 I ysome soldering and cut traces.
& Z/ Y# r& S( k/ h% A6 P4 F1 z) n8 V$ ~% k
) K" | R* a% N( WSoft Flashing the BenQ in DOS with a VIA card and DosFlash16 in manual mode
4 [) t4 \' O* O7 t4 m5 |! M# u-----------------------------------------------------------------------------
E, p+ Y' g% M! Y! I- first you need to know the port addresses of your VIA card, you can get these by starting
: G7 H# h% Q1 }3 @1 ?) S5 O5 | msinfo32 on Windows XP and looking at the port listing for SCSI devices
* a& t* u' ?" [$ ` d; M9 g- for the 6421 the 1st port is internal SATA, 2nd is external SATA and 3rd is internal IDE
7 G5 W% _5 f) r$ t) z# i: M1 Q; C R- for the 6420 the 1st and 3rd port are internal SATA3 t) Q3 `: H9 h0 Z0 n
- you need the starting address e.g. 0xD000 or 0x7000
8 \4 M2 A- k: Q! c( J- be warned that these addresses can change from computer to computer, they are assigned
+ f5 i; c; E) b/ c8 I at bootup, but Windows XP should display the ones you need for flashing in DOS0 W/ S2 ~/ l+ z* c5 W( N- ~
- connect a separate power supply unit to the BenQ, don't turn it on yet (can be XBOX360 or % G/ A( |1 l. N$ {; P
Xecuter Connectivity Kit)
& p2 K% G0 U/ X/ [- don't use the Xecuter Kit to power the drive with the same psu as your computer, cause we
' D, Z( i D' j; P1 _5 E need to power the drive off and on during soft flashing
- N# F Y! n, g, r& A' G8 c- cold reboot or reset the computer, S1 d" S% ^& q w
- boot from a DOS disk, I used a Windows XP MS-DOS startup disk, m5 _& Q2 ^' [" l4 B) W
- at the prompt type: : S$ Q* ~! M+ H, \' X* \
DosFlash r 7000 1 a0 1 4 a:\orig.bin 0 + D" L6 _. r+ x$ s/ q. k
- instead of port 7000 use the starting address your VIA card uses( v w" _- b6 n8 x& b, {0 Y
- press return
P t! Z! w5 e* V% s: C- DosFlash16 will ask you if you wanna resend the mtk vendor intro cmd, press Yes) r: [0 v5 w4 C) M+ x; s- h5 l) J4 n
- after you pressed Yes the drive status is shown on the screen, it's something like 0x7F, n! y) Y z" i# m; a" ]/ n/ i
this will change during the next few steps
% J- c5 F( u1 [# J- turn on the BenQ psu and wait 2 or more seconds, status changes between 0x51 and 0xD1
& ]. P' I/ [ H: K& w8 o# ?- turn off the BenQ psu and wait 2 or more seconds, status will stay at 0xD13 `( ]/ e7 \0 H1 \# L" c! k% N
- turn on the BenQ psu, you should get a good drive status 0x73 and flashing should start
4 _% s$ f1 M1 P ]2 B- I+ a+ X- this worked only one time after the computer is powered on or resetted for me* z) x# N" k4 I$ |
- writing and erasing works the same way3 Z X( z) D5 B! f1 P
- for writing type:. Q, N$ a* P% S' m: E! Z
DosFlash w 7000 1 a0 1 4 a:\ixtreme.bin 0
4 e i: ?0 ^* w5 j6 Z$ h. h$ F- for erasing type:9 J' P6 J* z4 A- M$ U% j
DosFlash e 7000 1 a0 1 4 D8 0 (D8 is the sector erase opcode for the BenQ flash, if you need
' @7 w5 v( K! ~ k+ x5 H" M) E to erase another drive, lookup the value in the datasheet or DosFlash.typ)" F7 F# G( z. D1 V3 v7 m
- if you experience any problems try to use 1 as the parameter to the ATAPI Device Reset, cause0 i& u6 ]& w! ^- q/ b
the same VIA card will react differently on another motherboard sometimes
A$ q* M9 F& {- E4 G8 q# ?- E$ f% K4 i( C. P+ o& k' ^
% d0 [3 i7 f' M' k+ ?8 x
Soft Flashing the BenQ in DOS with a NForce motherboard and DosFlash16 in manuel mode
. n) z( ^1 {8 ]5 C1 v- S' E7 Y---------------------------------------------------------------------------------------! W6 F, X6 f9 V) u8 |
- first you need to know the port addresses of your NForce motherboard, you can get these by Q6 v) B: q0 y ^3 ]/ m% Y
starting msinfo32 on Windows XP and looking at the port listing for IDE devices6 ?/ y1 O/ K2 a9 m% ]" c4 p2 O
- on most motherboards the 1st and 3rd ports are used for SATA3 s" B: w3 w6 ^) h9 u8 |
- you need the starting address e.g. 0x0970 or 0xE900: c6 F1 t. T7 q# ?6 U* w& L
- connect a separate power supply unit to the BenQ, don't turn it on yet (can be XBOX360 or
' t) d0 k9 I8 @1 r' z' I Xecuter Connectivity Kit)
( m+ \% j8 ^1 W$ P) Z- don't use the Xecuter Kit to power the drive with the same psu as your computer, cause we- F4 T' m& B( ^# ~
need to power the drive off and on during soft flashing
( l/ C" U0 N4 V' ~( M- cold reboot or reset the computer
; Y7 @5 P P2 y- boot from a DOS disk, I used a Windows XP MS-DOS startup disk o/ ]: Z( A4 p- L1 G* O- q" A
- at the prompt type: 4 Q9 B4 L5 k$ Y: a3 b% c. |( g
DosFlash r 0970 1 a0 1 4 a:\orig.bin 1 5 [5 f. {9 G O4 b
- instead of port 0970 use the starting address your NForce motherboard uses
4 C! R M$ a/ p+ t* f$ J- r- press return! L6 f$ r' x3 ~7 b$ D' M
- DosFlash16 will ask you if you wanna resend the mtk vendor intro cmd, press Yes
7 y! b3 ]$ v, O" m- after you pressed Yes the drive status is shown on the screen, it's something like 0xD1,4 P7 `- c9 _+ M5 R/ ]
this will change during the next few steps) B( n) i! b$ m2 ~7 D; X8 `; i: f
- turn on the BenQ psu, you should get a good drive status 0x73 and flashing should start
. v/ o0 j) V6 f& M. P- writing and erasing works the same way3 p9 q% g, i0 s
- for writing type:
. ~7 r& f$ k' ~, ~ t9 R7 J1 b4 k3 D4 {6 k DosFlash w 0970 1 a0 1 4 a:\ixtreme.bin 16 S6 f7 ^ h6 _& `1 M0 f
- for erasing type:3 ` B6 _; ^' Y! D3 J8 W
DosFlash e 0970 1 a0 1 4 D8 1 (D8 is the sector erase opcode for the BenQ flash, if you need
1 v6 J$ t T( E+ ~" T T+ s! [1 b' z to erase another drive, lookup the value in the datasheet or DosFlash.typ)
, t, a2 U# h/ e" G f/ _
2 r( y, C B' t( B* G+ p2 B3 Y# L# U6 J y; K% k/ D. ]
Soft Flashing the BenQ in DOS with a NForce motherboard and DosFlash16 in auto mode
* g9 X4 I6 F4 S-------------------------------------------------------------------------------------( O$ b J; r1 P# g8 ~& R4 n! [3 c
- connect a separate power supply unit to the BenQ, don't turn it on yet (can be XBOX360 or & P I+ |1 G) p% ?
Xecuter Connectivity Kit)' t E/ V w0 X
- don't use the Xecuter Kit to power the drive with the same psu as your computer, cause we
7 R7 U/ w, H) K need to power the drive off and on during soft flashing
! p( m" W' \2 {1 z$ |. ]/ K7 `- cold reboot or reset the computer6 e9 P6 \+ q8 Y8 p7 v2 l' S
- boot from a DOS disk, I used a Windows XP MS-DOS startup disk
2 q1 {7 ]* [" y9 E' \- wait until you are at the cmd prompt
' ^8 R" \7 P+ D) p- turn on the BenQ psu7 S$ O$ o$ l& G$ c3 p
- at the prompt type:
# A1 X$ y1 R x DosFlash
' `' W. k5 ?$ P, o; f: O' Y- press return- |% M3 G& r; k' t0 c& s
- during scann of the BenQ's port DosFlash16 will ask you if you wanna resend the mtk vendor( m5 I% V. D% ~/ u
intro cmd, press Yes4 W, c( p/ c1 ?
- after you pressed Yes the drive status is shown on the screen, it's something like 0xD1,
5 q& ^; H/ P# o7 J& @ this will change during the next few steps* L" c) w" l# {1 c4 t
- turn off the BenQ psu and wait 2 or more seconds, status will stay at 0xD19 V8 [/ U3 |0 u& x: C3 Y
- turn on the BenQ psu, you should get a good drive status 0x73 and flash access is granted" b9 a% T0 ~' n1 R! I
- you can now continue as usual using DosFlash5 G2 C s! }7 B: k3 j- L
- writing and erasing works the same way6 L: v2 K& H1 q
- if the ports are scanned there is the possibility that you'll get the resend question for
`0 {) A5 f s& t9 |* `7 i other drives like a NEC, this is because the NEC has no MTK chip and returns a bad status,
% X; | C0 a1 o$ l& {6 ]. P/ z if you know the NEC is at that port you should press No and press Yes only if the port of
& H2 n1 D( p8 V& s. p9 x' S the BenQ is shown or simply disconnect the NEC' r) Q! k; g) k4 Q0 X. ~
- c- c7 H t j5 x( n5 z, G* N+ v& b+ S
Soft Flashing the BenQ in Windows XP with a VIA card or NForce motherboard and DosFlash32
; L7 P2 q( t2 C* ^-------------------------------------------------------------------------------------------
e. o( ?5 B& m& b- connect a separate power supply unit to the BenQ, don't turn it on yet (can be XBOX360 or
0 r) i8 y: C+ A" A0 I' x Xecuter Connectivity Kit)
) m: j5 r0 R0 r' }, L- don't use the Xecuter Kit to power the drive with the same psu as your computer, cause we
7 G) S, a* z/ v4 q" [5 L) `4 J% c need to power the drive off and on during soft flashing8 d& y' m9 y+ Z0 i( N5 E
- cold reboot or reset the computer( B2 n+ L- z$ N! v0 n
- turn on the BenQ psu when you are in Windows XP
0 X# j4 O0 O- B; Y: x6 T6 W- start DosFlash32# j K- ^0 A+ a9 D* G$ w
- DosFlash32 will ask you if you wanna resend the mtk vendor intro cmd, press Yes+ @. e2 ^8 T5 c$ m
- turn off the BenQ psu and wait 2 or more seconds% {( E$ Z& @# P/ j3 h
- turn on the BenQ psu, the DosFlash32 dialog should show up- e$ x2 e) P6 L3 g4 o" L) b. q
- the flash should be recognized by DosFlash325 {# m; R7 W; F( h& x; j0 @
- you can now read, write or erase the flash, w* [% @8 ]# _: L+ F; a
- you should be able to do the flashing more than one time in Windows, only do the power
+ ^) j3 ?: V0 |" y- K; @7 |5 { off/on trick again: n: ^* v: D" B' X! l4 t) E
- if the ports are scanned there is the possibility that you'll get the resend question for0 y+ w) n5 }; R* ^! Y
other drives like a NEC, this is because the NEC has no MTK chip and returns a bad status," a9 g8 B3 i' D2 F$ W
if you know the NEC is at that port you should press No and press Yes only if the port of
, |$ ] W' m. g* r the BenQ is shown or simply disconnect the NEC0 k! H$ Q0 P" `7 g0 U2 d
4 `& B1 V X# q. J# Y( f! H! X. t" e2 D" Z7 M: W/ \. R: _/ K
Many thanks to jumba for the great idea of BenQ polling!* U: ~2 e, }: m7 \
Thanks to Iriez, Jumba, Redline99, TeamModfreakz, Tiros and all the IRC people for testing
Y5 m3 G4 x; R5 ?" ~' v! jand support.
3 c# s# K( y! @. }1 S& ~" n: Z, @/ Z0 S' v
Join us on IRC efnet at the channel #dosflash for support.
1 y3 V5 b0 E. P2 P O. s8 i
5 }, |5 ]3 Q$ A0 A S. BDon't brick your BenQ!2 T& ^+ N u- `. g1 s7 E
Kai Schtrom
m+ p: i L. w% j: h6 w$ e* k6 ~( e W. f r) ^6 G
) q4 Y) l* w* m) I. _************************************************************************************************8 [- N& B8 a2 J8 R, K* t
& K8 H+ R( s/ G8 b. u7 w* x% `+ J( l
DosFlash and DosFlash32 V1.2 Beta1 o: @7 k5 d, R; `
-----------------------------------
$ Q, J7 H; b8 ]7 v, h- bug fix for BenQ recognition
8 i! N6 N% F3 G" G% h7 k* r4 i - manufacturer and device id are sometimes 0x00 for a correct installed switch X2 g9 K5 M/ m3 V$ U( \
- this issue is fixed with an additional ATAPI device reset before the mtk vendor intro is sent
& U6 F) ^: V1 O( J5 ]3 A+ _1 H* ~8 I% ^2 ^
Thanks to Redline99 who fixed my buggy code by adding one line! . o8 f8 V* N6 X( ]( O
8 K9 r0 X, x& [# W, a7 v
+ J6 ^% T$ k& b6 i G* B7 E$ S
************************************************************************************************7 T& Q6 D" d, U4 M3 A
4 S' l2 _( h/ l( M
1 g m- c( a6 v/ b1 D$ JDosFlash and DosFlash32 V1.1 Beta
; A8 ]/ p: q1 k1 O4 j7 e) q v-----------------------------------
4 \1 J$ e! T5 ^2 p% {- DosFlash.typ modified for better BenQ support
3 |; x, ^" w% w% M! v1 ?0 z- DosFlash16 Flash Manufacturer and Device ID screen output restructured
# f7 d6 i! J/ _! o! f7 |- flash chips are first erased before writing starts
- f8 | c4 R) i- DosFlash32 no reenable of DVD-ROMs in device manager after flashing, this means you can't see the drive. J& ]; E$ ?' s& o. R
and maybe have to activate it manually again in device manager, this could give better compatibility and
; k. r) C! f4 c hopefully no more blue screens
3 o5 M6 U$ w6 L$ Y9 Y! \2 q9 l" T0 }+ c
' @) Y2 s1 j0 k- Y1 |Many thanks to Jumba, Redline99, TeamModfreakz and Tiros for inspiration and help!- Q9 T- s# ?5 W
: f. c+ y& q; m y3 l* \
& D- @( Z/ [$ y7 e5 a, @; b# g************************************************************************************************% v( H. a' R' F" A: R
: u5 n: S4 Q, J6 O- m5 g0 m: s. i0 G
+ W( G" t* C0 G5 I& T
DosFlash and DosFlash32 V1.0 Beta( Q8 } S9 X) T; r7 d1 w
-----------------------------------% K& }4 V2 O1 r7 H4 P ?
DosFlash can be used to read/write/erase the flash chips of most CD/DVD-ROM drives
9 N+ @- _* g# R6 ?) D1 j6 o3 kthat have a mediatek chipset installed. DosFlash is for DOS flashing, DosFlash325 e; P& w5 Y# N5 g( `/ F
for Windows flashing.3 S8 p( J( U2 N; J/ B8 i
8 l# v7 d6 G! r$ i4 O
& H8 u, a8 W. a; j( `! s
Features:( U. T g, W5 c* F/ |
-----------: q0 t+ C& V8 Q4 i X
- flashes IDE and SATA drives
! l; y" o. F' v, X9 Z- supports parallel and serial flash chips
6 [5 ^2 m, f% T3 }- flash drives in Windows with direct port access
. W6 L/ d" p& ]* H$ u- no vendor cdb flashing commands are used
" {+ Q3 z2 n+ w: Y0 m/ W$ O- tested with the following drives:# n+ a, J0 K H. Q: w- C
- TS-H943A MS25, MS28* C1 \* c3 o( w7 K" k* Q
- SH-D162C
# F1 p- {) x) B( [% \2 f- g - SH-D163A
- \6 u# n3 `( R) c0 E - and some other drives like Liteon, Hitachi, ...3 D. u. X1 M0 ^( r7 M2 W
- NEC drives are not supported, cause they have no mediatek chipset installed5 I5 }/ s; @7 l i; P9 r& w) m
3 y. v+ n- u5 o" o2 Z. {. Q& k+ Z% f4 n# ]9 v+ F
DosFlash2 \4 b) {0 @& W8 g6 J3 Y
----------3 [/ G+ b1 N, v R( z: k( I! b$ E
DosFlash supports two flashing modes, Auto and Manual. If you type DOSFLASH at a DOS prompt it
+ x4 i& Y8 f0 }1 `6 r6 o. mwill start in Auto mode. All drives and the corresponding flash chips are detected automatically.
1 [. t |4 C! {- |# t9 vIf you can't get a flash chip recognized due to a bad flash or other problems you should use the- k6 ?1 h: }5 q3 v4 _% u% t2 f2 p# _
Manual mode. In Manual mode you can enter all the parameters used for flashing by hand. The
. L- ?4 K2 y: ]4 w" |! d) _following help screen is displayed if you start DosFlash with a wrong number of parameters:
2 @( e8 ], f$ _2 a! [9 i/ E5 v: B; R* q
: s1 |% t! O: r+ A# V2 [$ y( ?, I- v% D# J: ~6 C) T2 p
DOSFLASH by Kai Schtrom, 08/05/2007 (Ver 1.0 Beta)
5 E1 m2 {; r# }; g! SDOSFLASH [R|W|E] [PORT] [PORT TYPE] [DRIVE POS] [FLASH TYPE]
# \; c% i% M/ Z/ I. ` [FLASH SIZE] [FLASH SECTOR ERASE OPCODE] [FILE NAME]
( M. Y2 r7 ~ `* N0 u R: Read FLASH
$ u4 l q& E6 c2 S8 ]) Y+ p W: Write FLASH
5 }* ?) Z$ `9 }- j; }& R$ J E: Erase FLASH) A" f G# n) u7 Q$ R
PORT: Port to send command to
9 P1 f2 T7 M) }% R: F9 E PORT TYPE: 0 for IDE, 1 for SATA7 q) v7 W9 b F. t6 ?
DRIVE POS: A0 for Master, B0 for Slave- L; s" O2 s j j7 y$ {" \8 M; d
FLASH TYPE: 0 for parallel flash, 1 for serial flash
9 d: t- S( {5 h: \: } FLASH SIZE: size of flash chip in number of banks0 W v. @5 m) k2 ^' P
FLASH SECTOR ERASE OPCODE: individual sector erase opcode command byte
8 p5 S5 o- C6 n1 R this is only needed for erasing a serial flash
% ^' y* @/ R7 T FILE NAME: name of the file to read/write from/to flash
& s$ ?; Q7 S$ @& |, I# Y9 eAll numbers are intepreted as hex values!* v6 V. u9 T+ Q
8 J: q8 f, i# p- q. X4 |/ GExample Usage:
: |2 C: p& g5 q8 p5 {! U) e"DOSFLASH R 01F0 0 A0 1 4 C:\flash.bin"
+ w4 F) U6 ?2 t) X=> Read serial flash with a size of 4 bank (262144 bytes) from Master Device7 d! B( `- \( o( e" G* L
on IDE port 0x01F0. ]8 C, P2 M3 _5 c3 W
"DOSFLASH E C000 1 A0 1 4 D8"8 \# L. T3 \8 f7 ~
=> Erase serial flash with opcode 0xD8 and a size of 4 banks (262144 bytes)% S* q( `1 _) [2 J. }. u- {
from Master Device on SATA port 0xC0000 f: e, A5 B& R) v [
2 V) J1 n7 H' z 7 Z& k7 G( @! q
Explanation of the Parameters:
2 c r/ ]' L# f1 e--------------------------------
8 g0 G e* u( K! x4 E8 L% k
; e+ m, y& g2 k- \% y6 y- C& l1 }[R|W|E]
. Z% M$ _- R& c! Z6 D0 w( E---------
+ D- n2 ~$ ` q9 m0 o R1 X$ x2 b- this will set the mode of flashing, it is recommended to first try read on any
8 W% ]; z; E+ d1 T drive, if the read will fail, it is highly unlikely that a write or erase will
5 _) Z" o1 Q3 H& T: _: W0 w" p- f succeed, {6 G2 D7 k% J5 M, S D7 |8 Y5 r
, D) |. u4 s3 D4 z. `$ W, F
[PORT]. Z: `6 g' p; ~2 }
--------
r$ \1 }& `# `( K- H1 S+ y- the port to which the drive is connected, a port number should always be entered
1 p' J! S; e2 w' M2 {: J8 _2 n in hexadecimal and have 4 hex digits, valid ports are: 01F0, 0170, C000, C800
: O. @/ V8 r2 `2 {# }- this option can be used if your PCI adapter card or on board IDE/SATA ports are
$ P! P% N: h, W$ ] not identified by the auto mode$ D& K; M, [) }
- f" z( B) K. M6 M: Q" `[PORT TYPE]
' }; p0 { \6 s+ n-------------
1 w4 C+ G2 J2 r" W- the port type tells DosFlash what type of port is installed on the before entered# d2 n1 C: L; j: G
port address' d, ?( b5 `' f8 k7 M& i% m
- valid values are 0 for IDE and 1 for SATA& \( J- R) h, ^; I- m2 L1 J
- make sure you never mix the wrong port with the wrong port type, this could give
: f7 n2 J& i. \! A$ r7 x9 ?2 f5 N strange results or in the worst case a bricked drive) }9 s& }# W" b1 ]3 E
\2 O+ H4 ]0 T: ^4 l& P; _! |0 i
[DRIVE POS]
" k& e# N& O0 G" _-------------
# M/ n9 ]* j2 {- old style IDE channels have the possibility to connect two drives at one IDE
: z N" K- X+ D0 O, L channel, the first drive is called the master, the second drives is called the/ P& _) H$ E; _) t* l9 Q
slave3 Y9 C, t' ~' e: B) z0 }* _
- you can select which drive should be flashed on the channel, A0 selects Master,
) ]! r/ w- z; w9 c! D$ B1 r: U B0 selects Slave' ~9 ~3 x+ W4 _# [2 }
- on SATA ports this value is always A0, cause you can only connect one drive to# X* b0 A) C4 S" I. E( Z
a SATA port, so for SATA you will always type A0 here1 \* j" k, W# Z' O
- it is not recommended to flash IDE drives with another drive connected to the
7 e9 ^( F& ]# ]6 |; ? same IDE channel, this could be risky if something in the Master/Slave selection. u6 o. _7 }8 X9 M h# m8 B
fails
4 `% H4 [ u5 v3 m3 c5 r & {+ L- E8 y" @
[FLASH TYPE]
* S1 n, B6 q' A# ~6 \, n--------------
& I9 P4 O. ^: Y. T2 {# h- there are two types of flash chips out for CD/DVD-ROM drives atm
* \( F9 H# _& M/ P- the older type is parallel flash, which is also supported by mtkflash for example* X4 b' d/ W4 k4 B+ q1 d( e
- the newer type is serial flash, which is supported by flashers like XSF
- B) p! d! r% m6 s' _- the problem here is that no tool is out that can flash serial flash chips on # d7 W- o, n9 y; W
SATA ports! O, \/ e" X: g# R8 P7 p8 e
0 |9 L2 f2 ^+ P6 @/ Y
[FLASH SIZE]
( M! j! @, Z5 D--------------% g0 B9 l; M7 {6 Q
- this is specifies the flash chip size in banks; G2 p' r. [. E) V7 u
- one bank is always 65.536 bytes in size
5 Z/ I& G, X# J' l- if you know your drive has a flash chip of 262.144 bytes in size you need to enter 4 c. A( Z; }2 \5 W' u2 ]$ o
+ J8 Y8 ~* V; ?7 h$ `, r- H9 }
[FLASH SECTOR ERASE OPCODE]
, b0 e( ]; R! d* _; J$ x$ A-----------------------------5 l6 ^) y+ U& Y) h
- the opcode used in the flash chips datasheet for erasing8 _5 a+ b# l; a# R
- for serial chips this command can be different from the standard and needs to be
8 H- q+ @4 y# N+ [4 E entered for flash erase
+ ?) a5 K6 k2 A) f- for parallel flash chips you can enter a dummy cmd byte, the integrated command
6 A/ I7 L4 y3 X2 n* f should work on all parallel flash chips without a prob( _- C+ S& ?. f8 z- [" a% z
1 \* @. y. y0 \0 Z2 m[FILE NAME]
5 A+ ^- J2 m' I8 ^1 h7 }8 f, }-------------
4 s% g( {4 o q/ p8 D& i- name of the file that should be used for flashing4 R0 ?6 g9 i6 B, ?9 Q& t) T4 d
- for reading operations this should be the output file3 d5 `# W0 |3 s
- for writing operations this should be the input file( _# N, Z9 _! ?% z9 H7 V
9 i+ T8 t0 d% k1 v8 G
- m) j. `: ^% z: Y0 ?
Hints and Warnings' |) m' ^ B) n- i
--------------------
r" p8 z% V- ~ \- read, write erase TS-H943A MS28 after the firmware stealth has been disabled with Enable0800 disc
7 X8 f) S1 h6 c: P - this only works one time, after the first mtk vendor specific intro cmd is send
* T9 Y' m! U- i( M5 Z! g; F - if the mtk vendor specific outro cmd is send the chip goes back to stealth mode and you need( ^& B% |$ c! U
again the Enable0800.iso to disable it
" F1 N0 Y3 ?) l5 L$ E$ M8 s - therefor the mtk vendor specific intro is send at program start to all present devices and the( j, e: z% P' L: x% R: b; Q2 G* Q8 W
mtk outro is sent at program end
4 }2 V H1 R: s) i, d9 ~- D3 W( { - if you have a chip manufacturer id of 0x02 and a chip device id of 0x02 for the TS-H943A8 N7 r V& q% ?* W/ u( }) i
the flash chip is in stealth mode and won't give access to any reading, writing, erasing
d& D# P. [6 m9 }% w9 ?$ f- p- always have a look at the DataSum generated, this is exactly the DataSum of mtkflash8 U- P+ ]( l. j0 L% I+ g; I/ S
- the DataSum is calculated as the sum of all bytes of the firmware in a short integer
2 a2 q2 B7 m+ v) I& Y d - to make 100% sure that the flash is written right compare that DataSum to a known one* [" ?4 A- \3 M1 ` ~
- this tool has not been tested on all drives out there, the typ list is simply copied from well
2 c+ O! W# G. t7 @: o known programs like mtkflash and XSF% I# |3 I' a5 [* w) N- P
- always try a flash read on a not yet tested drive before doing anything else
' A1 D+ S1 C4 K+ o/ _ - if the read doesn't succeed it is highly unlikely that a write or erase will' I) W# J/ Y9 }. p* s8 q2 [1 G
- some LiteOn drives seem to have probs to write the firmware correct, this prob seems to be
( a/ F( r: [& U( r0 l4 Z' g related to windows register flashing, cause even an assembler app can't do this error free
8 B* } e4 m2 E7 D% ^3 N( W! j+ u - if you get errors on LiteOn drives, write the flash two times in a row+ d" w$ ~2 z% R% g! W
- for direct port I/O in windows the givoio.sys driver is used, this driver is loaded at DosFlash32
% p! ?& ?& }: z' F# d- L start and unloaded at program end, be warned, this driver can possibly make your system unstable,
) P& E: e7 [. y" {2 [ it's intention is to let privileged assembler instruction like in and out pass, even in windows,
( [* X# t1 ?- ^: h& e; ` if this driver is not used you will not be able to get direct access to port registers
) _- H3 s4 T* x7 n% A- DosFlash was tested on MS-DOS 6.22 and later, you can easily copy it on a MS-DOS boot disk created3 `7 T# M1 [% \& K+ ^* |
in Windows XP and start DosFlash directly from the disk
' j0 {. W/ f7 @$ C! h7 [- don't forget to also copy the DosFlash.typ file, it has all the informations about flash chips
: q+ {% D% P9 m* u9 i for auto mode flashing
) H$ v+ k; L; [+ ?; v# d- DosFlash32 was tested without a prob on Windows XP SP2, you'll need also the typ file for the
( j$ _7 y. j# c1 x* C! t5 X win version
+ l) {, g4 t% Z- DosFlash32 will deactivate all CD-ROMs in device manager at startup, this is better for flashing,
5 a; q5 M* W8 S" D! @ cause Windows seems to poll the drives all the time and this could result in a bad fw file or
/ Y6 I2 `+ B: \! r8 w a program hang, the drives are activated again at program end
7 X2 q6 g) }3 g5 Q3 {5 k. z1 i' J- you should make sure that the flash is not in an erased state at program end, cause device manager
+ g( i6 T H! }' |/ F. v p don't like drives that do not respond to the inquiry command
# ~8 p# s* J0 ?' U7 t9 v" H- deactivating all CD-ROMs could take a few seconds, so please be patient at program start
. P/ G& m6 f3 d; ^9 C7 r1 F- DosFlash and DosFlash32 will try to scan for the VIA 6421L Raid Controller card, based on vendor4 |: m! B1 s6 u9 M5 y0 o. c* M$ F
id 1106 and device id 3249, it doesn't matter if the card driver is installed or not( e8 H% Z" O, \( V6 C3 A
0 i) \# k4 w- A- c' Q
$ m) H1 v! g) Q+ k8 {Many thanks to Dale Roberts and his Direct Port I/O driver giveio.sys!
( S7 X3 q4 a$ B7 f, b* ]" U+ @& X6 z2 j/ ?! ~7 @" l
Avoid a bad flash!) {& D1 g6 z( J$ c: \
Kai Schtrom |
|
窺視卡
雷達卡
樓主
顯身卡
發表於 2011-8-21 21:08:07
