Read Me

DosFlash and DosFlash32 V1.
6 Beta
-----------------------------------
- fixed power brute unlock bug for VIA cards, this can stop your VIA from workin
g
with the power brute unlocking in Version 1.5
- for DosFlash16 in auto mode on DOS my VIA card works best if I do a cold boot
and power up the drive short before or with the PC
- for DosFlash32 on Windows my VIA card works best if I power up the drive short
before starting DosFlash32
- for me the VIA works with internal and external connectors on DOS and Windows
Sorry for the trouble!
Kai Schtrom
********************************************************************************
****************
DosFlash and DosFlash32 V1.5 Beta

-----------------------------------
- now supports serial flash chip MT1309E with mediatek status 0x72 like the SH-D
163B, SH-D162D,
Asus DVD-E616A3, Asus DVD-E818A3, Sony Optiarc DDU1671S
- SST25LF020A and SST25LF040A chip support added
- DosFlash32.exe ported from MFC to plain Windows API, exe size is now 22 KB
- new port i/o driver, because giveio.sys can't be compiled for 64 Bit Windows
- DosFlash16 changed slighly in manual mode, one parameter is added to support S
ST25LF020A and
SST25LF040A
- two new methods of BenQ soft unlock are now possible on all motherboards with
only one power
supply unit
- 1st method is powered by Geremia's unlock core, thanks for the complete idea,
concept and
source to Geremia
- 2nd method is the Magic28 key send, this only works on BenQ VAD6038 firmware,
thanks to
c4eva and podger for the initial idea
- the two unlock methods are send one after the other if the drive is a possible
unlock
candidate, first the Magic28 command, then Geremia's unlock commands and after
that the
already known power brute unlock is send to the drive, you can cancel any of t
hese methods
before they are send to the target, this only applies to BenQ drives with a lo
cked flash
- DosFlash.typ updated
- other minor improvements
- DosFlash32 is now ready for
- Windows 2000
- Windows XP 32 Bit
- Windows XP 64 Bit
- Windows Server 2003 32 Bit
- Windows Server 2003 64 Bit
- Windows Vista 32 Bit
- Windows Vista 64 Bit
- Warning: Drivers for Windows Vista 64 Bit need to be signed, because we can't
afford the
money to let portio64.sys sign you need to do the following:
1) Log on as Administrator
2) Enter the following command in a Dos-Box:
"bcdedit -set loadoptions DDISABLE_INTEGRITY_CHECKS"
(we made sure there are no typos in the line above) :)
3) Press enter and reboot your PC
4) Press F8 key upon initial system boot up
5) Choose to disable forced driver signing enforcement for that boot session
The following only applies to drives with a locked BenQ flash.
Geremia's BenQ unlock with DosFlash16 / DosFlash32 on any motherboard with the P
C's psu
--------------------------------------------------------------------------------
---------
- disable CD-ROM boot option in BIOS
- connect BenQ to your PC's power supply unit and SATA port
- power up PC, wait until bootup is finished
- eject tray of the BenQ and shutdown PC completely
- push the BenQ tray half in
- power up PC and boot into DOS for DosFlash16 or Windows for DosFlash32
- run DosFlash16 in auto mode for DOS or DosFlash32 for Windows
- if you read the following:
MTK Vendor Intro failed on port 0x????. Because there seems
to be a BenQ drive connected you should try Geremia's
unlock method.
- Eject drive tray
- Power off drive
- Push drive tray in until it is half open
- Power on drive
- Press "Yes" if you are ready
Are you ready (Y/N)?
- simply press 'Yes' without doing anything of the above, because we
already did that before starting DosFlash16 / DosFlash32
- the BenQ flash should now be identified
- go on like usual
Geremia's BenQ unlock with DosFlash16 / DosFlash32 on any motherboard with 2nd p
su
--------------------------------------------------------------------------------
----
- connect a separate power supply unit to the BenQ, don't turn it on yet
- power up PC and boot into DOS
to be a BenQ drive connected you should try Geremia's
unlock method.
- Eject drive tray
- Power off drive
- Push drive tray in until it is half open
- Power on drive
- Press "Yes" if you are ready
Are you ready (Y/N)?
- do the above and press 'Yes'
- go on like usual
Magic28 BenQ unlock with DosFlash16 / DosFlash32 on any motherboard

---------------------------------------------------------------------
- connect BenQ to your PC's power supply unit and SATA port
- power up PC and boot into DOS for DosFlash16 or Windows for DosFlash32
to be a BenQ VAD6038 drive connected you should try the
Magic28 unlock method.
Do you want to send the Magic28 command?
- press 'Yes'
- go on like usual
Thanks to Redline99 and Tiros for help and support.

It's all about DOS!
Thanks guys for the excellent team work!
Geremia, Modfreakz and Kai Schtrom
********************************************************************************
****************

-----------------------------------
- DROM6316 flashing support
- a flash erase is now always done with a chip erase and not a sector erase comm
and, because
the sector erase gives problems for some Winbond flash chips including the DRO
M6316
- DosFlash.typ corrected and updated
- for a detailed explanation on the soft unlock look at the included file SoftUn
lockByIriez.txt,
it contains a very good explanation by Iriez from XBS, thanks for that one!
Thanks to Iriez, Jumba, Redline99 and Tiros for help and support.
Happy DROM bricking!
Team Modfreakz and Kai Schtrom
********************************************************************************
****************

-----------------------------------
- BenQ optimization in unlocking the flash chip, it should now be possible to re
ad/write/erase
the flash without any soldering or wire tricks, the drive is polled for the co
rrect mtk
unlocking status after power on, this only works for VIA cards and NForce boar
ds atm
- DosFlash32 has one additional parameter, if you start it with the parameter "E
nableDrives"
all the DVD-ROMs are enabled in device manager after flashing, this could give
BSOD on some
systems, therefor you need to create a DosFlash32 link and add that parameter
manual to use it
- DosFlash16 has one additional parameter "Send ATAPI Device Reset" in manual mo
de, this could
give better chances for soft flashing on some VIA - motherboard combinations
- better support of Intel chipsets, drives can now be flashed if the controller
is not set to
native mode in the BIOS
- the following controller list includes vendor and device IDs that are hardcode
d to identify
the controller type (IDE or SATA), this is needed if the BIOS uses IDE ports l
ike 0x01F0 or
0x0170 as SATA and not as IDE channels, this list is NOT related to soft flash
ing
- the following chipset support is added
- VIA cards
- all VIA cards with a 6420 chipset
- IDE Controllers
- NVIDIA nForce 2 IDE Controller
- NVIDIA nForce 4 IDE Controller
- Intel ICH9
- Intel ICH (i810,i815,i840)
- Intel ICH0
- Intel ICH2M
- Intel ICH2 (i810E2,i845,850,860)
- Intel C-ICH (i810E2)
- Intel ICH3M
- Intel ICH3 (E7500/1)
- Intel ICH4 (i845GV,i845E,i852,i855)
- Intel ICH5
- Intel ESB (855GME/875P + 6300ESB)
- Intel ICH6 (and 6) (i915)
- Intel ICH7/7-R (i945, i975)
- Intel PIIX3 for the 430HX etc
- Intel PIIX4
- Intel PIIX4 for the 430TX/440BX/MX chipset
- Intel PIIX
- SATA Controllers
- NVIDIA nForce 4 SATA Controller
- NVIDIA nForce MCP04 SATA Controller
- Intel 82801EB (ICH5)
- Intel 6300ESB (ICH5)
- Intel 82801FB/FW (ICH6/ICH6W)
- Intel 82801FR/FRW (ICH6R/ICH6RW)
- Intel 82801FBM ICH6M
- Intel Enterprise Southbridge 2 (631xESB/632xESB)
- Intel 82801GB/GR/GH (ICH7, identical to ICH6)
- Intel 2801GBM/GHM (ICH7M, identical to ICH6M)
- Intel SATA Controller IDE (ICH8)
- Intel Mobile SATA Controller IDE (ICH8M)
- Intel SATA Controller IDE (ICH9)
- Intel SATA Controller IDE (ICH9M)
The following only applies to a software flash on a locked flash. The methods ha
ve been tested
with the BenQ and the Sammy. The VCC trick will work on any motherboard, but you
need to do
some soldering and cut traces.
Soft Flashing the BenQ in DOS with a VIA card and DosFlash16 in manual mode
-----------------------------------------------------------------------------
- first you need to know the port addresses of your VIA card, you can get these
by starting
msinfo32 on Windows XP and looking at the port listing for SCSI devices
- for the 6421 the 1st port is internal SATA, 2nd is external SATA and 3rd is in
ternal IDE
- for the 6420 the 1st and 3rd port are internal SATA
- you need the starting address e.g. 0xD000 or 0x7000
- be warned that these addresses can change from computer to computer, they are
assigned
at bootup, but Windows XP should display the ones you need for flashing in DOS
- connect a separate power supply unit to the BenQ, don't turn it on yet (can be
XBOX360 or
Xecuter Connectivity Kit)
- don't use the Xecuter Kit to power the drive with the same psu as your compute
r, cause we
need to power the drive off and on during soft flashing
- cold reboot or reset the computer
- boot from a DOS disk, I used a Windows XP MS-DOS startup disk
- at the prompt type:
DosFlash r 7000 1 a0 1 4 a:\orig.bin 0
- instead of port 7000 use the starting address your VIA card uses
- press return
- DosFlash16 will ask you if you wanna resend the mtk vendor intro cmd, press Ye
s
- after you pressed Yes the drive status is shown on the screen, it's something
like 0x7F,
this will change during the next few steps
- turn on the BenQ psu and wait 2 or more seconds, status changes between 0x51 a
nd 0xD1
- turn off the BenQ psu and wait 2 or more seconds, status will stay at 0xD1
- turn on the BenQ psu, you should get a good drive status 0x73 and flashing sho
uld start
- this worked only one time after the computer is powered on or resetted for me
- writing and erasing works the same way
- for writing type:
DosFlash w 7000 1 a0 1 4 a:\ixtreme.bin 0
- for erasing type:
DosFlash e 7000 1 a0 1 4 D8 0 (D8 is the sector erase opcode for the BenQ flas
h, if you need
to erase another drive, lookup the value in the datasheet or DosFlash.typ)
- if you experience any problems try to use 1 as the parameter to the ATAPI Devi
ce Reset, cause
the same VIA card will react differently on another motherboard sometimes
Soft Flashing the BenQ in DOS with a NForce motherboard and DosFlash16 in manuel
mode
--------------------------------------------------------------------------------
-------
- first you need to know the port addresses of your NForce motherboard, you can
get these by
starting msinfo32 on Windows XP and looking at the port listing for IDE device
s
- on most motherboards the 1st and 3rd ports are used for SATA
- you need the starting address e.g. 0x0970 or 0xE900
XBOX360 or
r, cause we
DosFlash r 0970 1 a0 1 4 a:\orig.bin 1
- instead of port 0970 use the starting address your NForce motherboard uses
- press return
s
like 0xD1,
- turn on the BenQ psu, you should get a good drive status 0x73 and flashing sho
uld start
- for writing type:
DosFlash w 0970 1 a0 1 4 a:\ixtreme.bin 1
- for erasing type:
DosFlash e 0970 1 a0 1 4 D8 1 (D8 is the sector erase opcode for the BenQ flas
h, if you need
to erase another drive, lookup the value in the datasheet or DosFlash.typ)
Soft Flashing the BenQ in DOS with a NForce motherboard and DosFlash16 in auto m
ode
--------------------------------------------------------------------------------
-----
XBOX360 or
r, cause we
- wait until you are at the cmd prompt
- turn on the BenQ psu
DosFlash
- press return
- during scann of the BenQ's port DosFlash16 will ask you if you wanna resend th
e mtk vendor
intro cmd, press Yes
like 0xD1,
- turn off the BenQ psu and wait 2 or more seconds, status will stay at 0xD1
- turn on the BenQ psu, you should get a good drive status 0x73 and flash access
is granted
- you can now continue as usual using DosFlash
- if the ports are scanned there is the possibility that you'll get the resend q
uestion for
other drives like a NEC, this is because the NEC has no MTK chip and returns a
bad status,
if you know the NEC is at that port you should press No and press Yes only if
the port of
the BenQ is shown or simply disconnect the NEC
Soft Flashing the BenQ in Windows XP with a VIA card or NForce motherboard and D
osFlash32
--------------------------------------------------------------------------------
-----------
XBOX360 or
r, cause we
- turn on the BenQ psu when you are in Windows XP
- start DosFlash32
s
- turn off the BenQ psu and wait 2 or more seconds
- turn on the BenQ psu, the DosFlash32 dialog should show up
- the flash should be recognized by DosFlash32
- you can now read, write or erase the flash
- you should be able to do the flashing more than one time in Windows, only do t
he power
off/on trick again
- if the ports are scanned there is the possibility that you'll get the resend q
uestion for
other drives like a NEC, this is because the NEC has no MTK chip and returns a
bad status,
if you know the NEC is at that port you should press No and press Yes only if
the port of
the BenQ is shown or simply disconnect the NEC
Many thanks to jumba for the great idea of BenQ polling!

Thanks to Iriez, Jumba, Redline99, TeamModfreakz, Tiros and all the IRC people f
or testing
and support.
Join us on IRC efnet at the channel #dosflash for support.
Don't brick your BenQ!
Kai Schtrom
********************************************************************************
****************

-----------------------------------
- bug fix for BenQ recognition
- manufacturer and device id are sometimes 0x00 for a correct installed switch
- this issue is fixed with an additional ATAPI device reset before the mtk ven
dor intro is sent
Thanks to Redline99 who fixed my buggy code by adding one line! :)
********************************************************************************
****************

-----------------------------------
- DosFlash.typ modified for better BenQ support
- DosFlash16 Flash Manufacturer and Device ID screen output restructured
- flash chips are first erased before writing starts
- DosFlash32 no reenable of DVD-ROMs in device manager after flashing, this mean
s you can't see the drive
and maybe have to activate it manually again in device manager, this could giv
e better compatibility and
hopefully no more blue screens
Many thanks to Jumba, Redline99, TeamModfreakz and Tiros for inspiration and hel
p!
********************************************************************************
****************

-----------------------------------
DosFlash can be used to read/write/erase the flash chips of most CD/DVD-ROM driv
es
that have a mediatek chipset installed. DosFlash is for DOS flashing, DosFlash32
for Windows flashing.
Features:
-----------
- flashes IDE and SATA drives
- supports parallel and serial flash chips
- flash drives in Windows with direct port access
- no vendor cdb flashing commands are used
- tested with the following drives:
- TS-H943A MS25, MS28
- SH-D162C
- SH-D163A
- and some other drives like Liteon, Hitachi, ...
- NEC drives are not supported, cause they have no mediatek chipset installed
DosFlash
----------
DosFlash supports two flashing modes, Auto and Manual. If you type DOSFLASH at a
DOS prompt it
will start in Auto mode. All drives and the corresponding flash chips are detect
ed automatically.
If you can't get a flash chip recognized due to a bad flash or other problems yo
u should use the
Manual mode. In Manual mode you can enter all the parameters used for flashing b
y hand. The
following help screen is displayed if you start DosFlash with a wrong number of
parameters:
DOSFLASH by Kai Schtrom, 08/05/2007 (Ver 1.0 Beta)

DOSFLASH [R|W|E] [PORT] [PORT TYPE] [DRIVE POS] [FLASH TYPE]
[FLASH SIZE] [FLASH SECTOR ERASE OPCODE] [FILE NAME]
R: Read FLASH
W: Write FLASH
E: Erase FLASH
PORT: Port to send command to
PORT TYPE: 0 for IDE, 1 for SATA
DRIVE POS: A0 for Master, B0 for Slave
FLASH TYPE: 0 for parallel flash, 1 for serial flash
FLASH SIZE: size of flash chip in number of banks
FLASH SECTOR ERASE OPCODE: individual sector erase opcode command byte
this is only needed for erasing a serial flash
FILE NAME: name of the file to read/write from/to flash
All numbers are intepreted as hex values!
Example Usage:
"DOSFLASH R 01F0 0 A0 1 4 C:\flash.bin"
=> Read serial flash with a size of 4 bank (262144 bytes) from Master Device
on IDE port 0x01F0
"DOSFLASH E C000 1 A0 1 4 D8"
=> Erase serial flash with opcode 0xD8 and a size of 4 banks (262144 bytes)
from Master Device on SATA port 0xC000
Explanation of the Parameters:

--------------------------------
[R|W|E]
---------
- this will set the mode of flashing, it is recommended to first try read on any
drive, if the read will fail, it is highly unlikely that a write or erase will
succeed
[PORT]
--------
- the port to which the drive is connected, a port number should always be enter
ed
in hexadecimal and have 4 hex digits, valid ports are: 01F0, 0170, C000, C800
- this option can be used if your PCI adapter card or on board IDE/SATA ports ar
e
not identified by the auto mode
[PORT TYPE]
-------------
- the port type tells DosFlash what type of port is installed on the before ente
red
port address
- valid values are 0 for IDE and 1 for SATA
- make sure you never mix the wrong port with the wrong port type, this could gi
ve
strange results or in the worst case a bricked drive
[DRIVE POS]
-------------
- old style IDE channels have the possibility to connect two drives at one IDE
channel, the first drive is called the master, the second drives is called the
slave
- you can select which drive should be flashed on the channel, A0 selects Master
,
B0 selects Slave
- on SATA ports this value is always A0, cause you can only connect one drive to
a SATA port, so for SATA you will always type A0 here
- it is not recommended to flash IDE drives with another drive connected to the
same IDE channel, this could be risky if something in the Master/Slave selecti
on
fails
[FLASH TYPE]
--------------
- there are two types of flash chips out for CD/DVD-ROM drives atm
- the older type is parallel flash, which is also supported by mtkflash for exam
ple
- the newer type is serial flash, which is supported by flashers like XSF
- the problem here is that no tool is out that can flash serial flash chips on
SATA ports
[FLASH SIZE]
--------------
- this is specifies the flash chip size in banks
- one bank is always 65.536 bytes in size
- if you know your drive has a flash chip of 262.144 bytes in size you need to e
nter 4
[FLASH SECTOR ERASE OPCODE]
-----------------------------
- the opcode used in the flash chips datasheet for erasing
- for serial chips this command can be different from the standard and needs to
be
entered for flash erase
- for parallel flash chips you can enter a dummy cmd byte, the integrated comman
d
should work on all parallel flash chips without a prob
[FILE NAME]
-------------
- name of the file that should be used for flashing
- for reading operations this should be the output file
- for writing operations this should be the input file
Hints and Warnings

--------------------
- read, write erase TS-H943A MS28 after the firmware stealth has been disabled w
ith Enable0800 disc
- this only works one time, after the first mtk vendor specific intro cmd is s
end
- if the mtk vendor specific outro cmd is send the chip goes back to stealth m
ode and you need
again the Enable0800.iso to disable it
- therefor the mtk vendor specific intro is send at program start to all prese
nt devices and the
mtk outro is sent at program end
- if you have a chip manufacturer id of 0x02 and a chip device id of 0x02 for
the TS-H943A
the flash chip is in stealth mode and won't give access to any reading, writ
ing, erasing
- always have a look at the DataSum generated, this is exactly the DataSum of mt
kflash
- the DataSum is calculated as the sum of all bytes of the firmware in a short
integer
- to make 100% sure that the flash is written right compare that DataSum to a
known one
- this tool has not been tested on all drives out there, the typ list is simply
copied from well
known programs like mtkflash and XSF
- always try a flash read on a not yet tested drive before doing anything else
- if the read doesn't succeed it is highly unlikely that a write or erase will
- some LiteOn drives seem to have probs to write the firmware correct, this prob
seems to be
related to windows register flashing, cause even an assembler app can't do thi
s error free
- if you get errors on LiteOn drives, write the flash two times in a row
- for direct port I/O in windows the givoio.sys driver is used, this driver is l
oaded at DosFlash32
start and unloaded at program end, be warned, this driver can possibly make yo
ur system unstable,
it's intention is to let privileged assembler instruction like in and out pass
, even in windows,
if this driver is not used you will not be able to get direct access to port r
egisters
- DosFlash was tested on MS-DOS 6.22 and later, you can easily copy it on a MS-D
OS boot disk created
in Windows XP and start DosFlash directly from the disk
- don't forget to also copy the DosFlash.typ file, it has all the informations a
bout flash chips
for auto mode flashing
- DosFlash32 was tested without a prob on Windows XP SP2, you'll need also the t
yp file for the
win version
- DosFlash32 will deactivate all CD-ROMs in device manager at startup, this is b
etter for flashing,
cause Windows seems to poll the drives all the time and this could result in a
bad fw file or
a program hang, the drives are activated again at program end
- you should make sure that the flash is not in an erased state at program end,
cause device manager
don't like drives that do not respond to the inquiry command
- deactivating all CD-ROMs could take a few seconds, so please be patient at pro
gram start
- DosFlash and DosFlash32 will try to scan for the VIA 6421L Raid Controller car
d, based on vendor
id 1106 and device id 3249, it doesn't matter if the card driver is installed
or not
Many thanks to Dale Roberts and his Direct Port I/O driver giveio.sys!
Avoid a bad flash!
Kai Schtrom

Read Me

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Read Me

Hochgeladen von

Copyright:

Verfügbare Formate

DosFlash and DosFlash32 V1.

DosFlash and DosFlash32 V1.5 Beta

The following only applies to drives with a locked BenQ flash.

Magic28 BenQ unlock with DosFlash16 / DosFlash32 on any motherboard

Thanks to Redline99 and Tiros for help and support.

DosFlash and DosFlash32 V1.4 Beta

DosFlash and DosFlash32 V1.3 Beta

Many thanks to jumba for the great idea of BenQ polling!

DosFlash and DosFlash32 V1.2 Beta

DosFlash and DosFlash32 V1.1 Beta

DosFlash and DosFlash32 V1.0 Beta

DOSFLASH by Kai Schtrom, 08/05/2007 (Ver 1.0 Beta)

Explanation of the Parameters:

Hints and Warnings

Das könnte Ihnen auch gefallen