Разработчик: Team HyperX Регион: Region Free Язык интерфейса: английский Поддерживает: Liteon, Benq, Samsung
Описание: Данная прошивка создана исключительно для снятия образов с лицензионных дисков Xbox 360. Поддерживаются новые сектора - SSv2 которые не снять при помощи старых прошивок для дампа.
Не используйте прошивку, если вы собираетесь ставить привод в консоль для последующей игры в неё.
Это означает: *Не требуется DVD ключ (Не в коем случае не стирайте вашу оригинальную прошивку привода, если собираетесь прошивать без ключа. Иначе приставка более будет не годна для игр) Сохраните оригинальную или взломанную прошивку у себя в надёжном месте, или ключ привода. *Не требуется activate.iso, чтобы использовать эту прошивку для дампа на ПК. *Не требуется технология полуоткрытого лотка привода и тд. *Не требуется подмена диска другим DVD-DL диском перед дампом игры.
Team HyperX Presents IXtreme 1.6 0800 firmware for Benq, Samsung and Liteon drives ----------------------------------------------------------------------------------
IXtreme fw for Benq, Samsung and Liteon drives!
Features --------
-Common API designed for easier application use!
-Support for SS V2!
-Direct 0800 mode for game dumping including SS v2!
This firmware is =NOT FOR USE IN A CONSOLE= and is provided with the intended use of being in a dedicated "ripping" drive.
This means: a. Does not need your DVD key, b. Does not need spoofing as another drive, c. Does not need to use the tray half open and d. Does not need to use the activate.iso to use this firmware on the pc.
More Info ---------
SS v2 supports multiple timing samples for challenges type 5 and 7, storing them in the SS. This is a pre-requisite for SS v3 which has support for the so called AP2.5 check. Since this has never been used or may never be used by MS we will adopt a wait and see approach and continue to monitor for its usage.
ix16 0800 Commands ----------------- AD 00 FF 02 FD FF FE 00 08 00 00 C0 - SS/CPRMAI
AD 00 FF 02 FD FF FE 00 08 00 ID C0 - SS Challenge ID
- now supports LiteOn PLDS DG-16D2S 83850C V2 Geremia/Maximus LiteOn FreeKey method - huge firmware read/write speed increase, especially if run from a floppy disk - updated IDE/SATA motherboard chipset list - new IDE/SATA detection for Windows and DOS - DosFlash.typ embedded in executable file - LiteOn V1 drive key is now extracted 10 times and compared against each other, after the extraction a summary is displayed sorted by the most common matches - LiteOn V2 drive key is extracted 2 times and compared - new BenQ unlock keys added to unlock all known BenQ drive firmwares - command line parameter "EnableDrives" removed, DosFlash asks the user on application close if he wants to enable the drives or not, during the tests it seems that IDE drives have problems with the enable, SATA drives seem to work fine - new 64-bit DosFlash edition added called DosFlash64, because some driver functions don't work as expected in the 32 bit compatibility mode on Windows x64 - Beta state removed - ready and tested on Windows7 X86 and x64
Geremia/Maximus FreeKey method with DosFlash16 ------------------------------------------------ We have added one cmd line parameter for DosFlash16 in manual mode. The COM port is simply ignored and can have any value for the V2 drives. Use the following command line to extract your free key from 83850C: - DosFlash LITEON K 0970 1 inquiry.bin identify.bin key.bin dummy.bin enckey.bin
Tips for running DosFlash on Windows 7 ----------------------------------------
Since Windows Vista 64 Bit and upwards it is necessary that every driver is signed. Because the DosFlash driver will not be signed by MS due to some unknown reason we need to cicumvent this check. You have the following 2 possibilities to do this.
Safe Way of Disabling Driver Signature Enforcement 1) On Windows 7 bootup press F8 to get to the extended boot options screen 2) Choose "Disable Driver Signature Enforcement" 3) To start DosFlash right click on it in Windows Explorer and choose "Run as administrator" > answer the message box with "Yes" 4) Short after the program started a "Program Compatibility Assistant" warning message is displayed, you can simply ignore this by pressing the "Close" button
Recommended Way of Disabling Driver Signature Enforcement 1) Disable User Account Control (UAC) - go to "Start Menu" > "Control Panel" > "User Accounts and Family Safety" > "User Accounts" - click on "Change User Account Control settings" - set the slider bar to the lowest value (Never notify) > click "OK" 2) Sign the DosFlash driver - download the "Driver Signature Enforcement Overrider" (DSEO) from http://www.ngohq.com/home.php?page=dseo - start DSEO > click "Next" > "Yes" > choose "Sign a System File" > "Next" > enter the path to the used driver (portio32.sys or portio64.sys) > "OK" > "OK" 3) Disable Driver Signature Enforcement - start DSEO > click "Next" > "Yes" > choose "Enable Test Mode" > "Next" > "OK" 4) Restart the computer
Keep in mind that with the recommended way the changes will have effect on every reboot without doing anything manual. The first way needs to be done over and over again. In addition the second way can be used to sign every driver that doesn't run natively on Windows 7.
For use of the VIA Cards in Windows 7 it is recommended to uninstall the VIA driver. This can be done like follows: - start "Device Manager" > expand "Storage controllers" > right click on "VIA RAID Controller" > choose "Uninstall" > "OK" - rename C:\Windows\inf\vsmraid.inf to vsmraid.inf_ - rename C:\Windows\inf\vsmraid.PNF to vsmraid.PNF_ - rename C:\Windows\System32\drivers\vsmraid.sys to vsmraid.sys_ - reboot computer
Much respect and credits go to Geremia and Maximus for their money saving FreeKey app and their lightning like decryption speed!
In Dedication To The Birth Of FreeKey On August Fifth 2009 Kai Schtrom
DosFlash and DosFlash32 V1.7 Beta Release Date 23.12.2008 ----------------------------------------------------------- - now supports LiteOn PLDS DG-16D2S 74850C and Geremia's LiteOn Erase and DvdKey method
The following only applies to the new XBox360 LiteOn drive PLDS DG-16D2S 74850C.
Geremia's DvdKey method with DosFlash16 with the PC's psu ----------------------------------------------------------- - disable CD-ROM boot option in BIOS - connect LiteOn to your PC's power supply unit and SATA port - power up PC, wait until bootup is finished - eject tray of the LiteOn and shutdown PC completely - push the LiteOn tray half in - power up PC and boot into DOS - run DosFlash16 in auto mode - if you read the following: MTK Vendor Intro failed on port 0x????. If you choose to resend the command you should turn the drive off and on after you pressed "Yes". Do you want to resend the command until the drive responds (Y/N)? - press 'N' for "No" - choose the number of your LiteOn ATAPI drive - enter "LITEON K" to read the drive key - type the names of inquiry.bin, identify.bin, key.bin and dummy.bin output files - enter the number of the COM port - if you read the following: To receive the drive key use Geremia's DvdKey method like follows: - Connect your drive with a serial cable to the COM port - Eject drive tray - Power off drive - Push drive tray in until it is half open - Power on drive - Press "Yes" if you are ready Are you ready (Y/N)? - simply press 'Yes' without doing anything of the above, because we already did that before - after this DosFlash16 displays your DVD-Key and saves your key and identify data - to do the above steps in manual mode use the following command line if your drive is connected to port 0x0970 and serial cable is on COM port 1 DosFlash LITEON K 0970 1 inquiry.bin identify.bin key.bin dummy.bin
Geremia's DvdKey method with DosFlash16 and 2nd psu ----------------------------------------------------- - connect a separate power supply unit to the LiteOn, don't turn it on yet - power up PC and boot into DOS - turn on the LiteOn psu - run DosFlash16 in auto mode - if you read the following: MTK Vendor Intro failed on port 0x????. If you choose to resend the command you should turn the drive off and on after you pressed "Yes". Do you want to resend the command until the drive responds (Y/N)? - press 'N' for "No" - choose the number of your LiteOn ATAPI drive - enter "LITEON K" to read the drive key - type the names of inquiry.bin, identify.bin, key.bin and dummy.bin output files - enter the number of the COM port - if you read the following: To receive the drive key use Geremia's DvdKey method like follows: - Connect your drive with a serial cable to the COM port - Eject drive tray - Power off drive - Push drive tray in until it is half open - Power on drive - Press "Yes" if you are ready Are you ready (Y/N)? - do the above and press 'Yes' - after this DosFlash16 displays your DVD-Key and saves your key and identify data
Geremia's LiteOn Erase method with DosFlash16 and 2nd psu ----------------------------------------------------------- - connect a separate power supply unit to the LiteOn, don't turn it on yet - power up PC and boot into DOS - turn on the LiteOn psu - run DosFlash16 in auto mode - if you read the following: MTK Vendor Intro failed on port 0x????. If you choose to resend the command you should turn the drive off and on after you pressed "Yes". Do you want to resend the command until the drive responds (Y/N)? - press 'N' for "No" - choose the number of your LiteOn ATAPI drive - Warning!!! Keep in mind that you will need the drive key before you erase the flash, without the drive key your XBox360 will not work anymore - enter "LITEON E" to erase the flash - the first time after the LiteOn Erase the drive needs to be repowered to give flash chip access, this can be achieved by repowering the drive before another DosFlash16 start in auto mode or by doing a MTK Vendor Intro Power Brute - in my tests it did not work to power the drive with the PC's psu, because it will always respond with busy status - DosFlash16 can now read, write and erase the flash chip like usual - to do the above steps in manual mode use the following command line if your drive is connected to port 0x0970 DosFlash LITEON E 0970
Geremia's DvdKey method with DosFlash32 with the PC's psu ----------------------------------------------------------- - disable CD-ROM boot option in BIOS - connect LiteOn to your PC's power supply unit and SATA port - power up PC, wait until bootup is finished - eject tray of the LiteOn and shutdown PC completely - push the LiteOn tray half in - power up PC and boot into Windows - run DosFlash32 - if you read the following: MTK Vendor Intro failed on port 0x????. If you choose to resend the command you should turn the drive off and on after you pressed "Yes". Do you want to resend the command until the drive responds? - press 'No' - choose "LiteOn DvdKey" as flashing task - choose the COM port number - press on "LiteOn DvdKey" button - enter the names of inquiry.bin, identify.bin, key.bin and dummy.bin output files - if you read the following: To receive the drive key use Geremia's DvdKey method like follows: - Connect your drive with a serial cable to the COM port - Eject drive tray - Power off drive - Push drive tray in until it is half open - Power on drive - Press "Yes" if you are ready Are you ready? - simply press 'Yes' without doing anything of the above, because we already did that before - after this DosFlash32 displays your DVD-Key and saves your key and identify data
Geremia's DvdKey method with DosFlash32 and 2nd psu ----------------------------------------------------- - connect a separate power supply unit to the LiteOn, don't turn it on yet - power up PC and boot into Windows - turn on the LiteOn psu - run DosFlash32 - if you read the following: MTK Vendor Intro failed on port 0x????. If you choose to resend the command you should turn the drive off and on after you pressed "Yes". Do you want to resend the command until the drive responds? - press 'No' - choose "LiteOn DvdKey" as flashing task - choose the COM port number - press on "LiteOn DvdKey" button - enter the names of inquiry.bin, identify.bin, key.bin and dummy.bin output files - if you read the following: To receive the drive key use Geremia's DvdKey method like follows: - Connect your drive with a serial cable to the COM port - Eject drive tray - Power off drive - Push drive tray in until it is half open - Power on drive - Press "Yes" if you are ready Are you ready? - do the above and press 'Yes' - after this DosFlash32 displays your DVD-Key and saves your key and identify data
Geremia's LiteOn Erase method with DosFlash32 and 2nd psu ----------------------------------------------------------- - connect a separate power supply unit to the LiteOn, don't turn it on yet - power up PC and boot into Windows - turn on the LiteOn psu - run DosFlash32 - if you read the following: MTK Vendor Intro failed on port 0x????. If you choose to resend the command you should turn the drive off and on after you pressed "Yes". Do you want to resend the command until the drive responds? - press 'No' - the LiteOn flash is not identified - choose "LiteOn Erase" as flashing task - Warning!!! Keep in mind that you will need the drive key before you erase the flash, without the drive key your XBox360 will not work anymore - press on "LiteOn Erase" button - the first time after the LiteOn Erase the drive needs to be repowered to give flash chip access, this can be achieved by repowering the drive before another DosFlash32 start or by doing a MTK Vendor Intro Power Brute - in my tests it did not work to power the drive with the PC's psu, because it will always respond with busy status - DosFlash32 can now read, write and erase the flash chip like usual
Respect to Geremia, Modfreakz, Podger, Redline99 and Tiros.
Like a wise man said: "0x2E is the MTK Intro of Death" Kai Schtrom
DosFlash and DosFlash32 V1.6 Beta ----------------------------------- - fixed power brute unlock bug for VIA cards, this can stop your VIA from working with the power brute unlocking in Version 1.5 - for DosFlash16 in auto mode on DOS my VIA card works best if I do a cold boot and power up the drive short before or with the PC - for DosFlash32 on Windows my VIA card works best if I power up the drive short before starting DosFlash32 - for me the VIA works with internal and external connectors on DOS and Windows
DosFlash and DosFlash32 V1.5 Beta ----------------------------------- - now supports serial flash chip MT1309E with mediatek status 0x72 like the SH-D163B, SH-D162D, Asus DVD-E616A3, Asus DVD-E818A3, Sony Optiarc DDU1671S - SST25LF020A and SST25LF040A chip support added - DosFlash32.exe ported from MFC to plain Windows API, exe size is now 22 KB - new port i/o driver, because giveio.sys can't be compiled for 64 Bit Windows - DosFlash16 changed slighly in manual mode, one parameter is added to support SST25LF020A and SST25LF040A - two new methods of BenQ soft unlock are now possible on all motherboards with only one power supply unit - 1st method is powered by Geremia's unlock core, thanks for the complete idea, concept and source to Geremia - 2nd method is the Magic28 key send, this only works on BenQ VAD6038 firmware, thanks to c4eva and podger for the initial idea - the two unlock methods are send one after the other if the drive is a possible unlock candidate, first the Magic28 command, then Geremia's unlock commands and after that the already known power brute unlock is send to the drive, you can cancel any of these methods before they are send to the target, this only applies to BenQ drives with a locked flash - DosFlash.typ updated - other minor improvements - DosFlash32 is now ready for - Windows 2000 - Windows XP 32 Bit - Windows XP 64 Bit - Windows Server 2003 32 Bit - Windows Server 2003 64 Bit - Windows Vista 32 Bit - Windows Vista 64 Bit - Warning: Drivers for Windows Vista 64 Bit need to be signed, because we can't afford the money to let portio64.sys sign you need to do the following: 1) Log on as Administrator 2) Enter the following command in a Dos-Box: "bcdedit -set loadoptions DDISABLE_INTEGRITY_CHECKS" (we made sure there are no typos in the line above) <img class="smile" src="images/smiles/01.gif" alt="Улыбаюсь" align="absmiddle" border="0" /> 3) Press enter and reboot your PC 4) Press F8 key upon initial system boot up 5) Choose to disable forced driver signing enforcement for that boot session
The following only applies to drives with a locked BenQ flash.
Geremia's BenQ unlock with DosFlash16 / DosFlash32 on any motherboard with the PC's psu ----------------------------------------------------------------------------------------- - disable CD-ROM boot option in BIOS - connect BenQ to your PC's power supply unit and SATA port - power up PC, wait until bootup is finished - eject tray of the BenQ and shutdown PC completely - push the BenQ tray half in - power up PC and boot into DOS for DosFlash16 or Windows for DosFlash32 - run DosFlash16 in auto mode for DOS or DosFlash32 for Windows - if you read the following: MTK Vendor Intro failed on port 0x????. Because there seems to be a BenQ drive connected you should try Geremia's unlock method. - Eject drive tray - Power off drive - Push drive tray in until it is half open - Power on drive - Press "Yes" if you are ready Are you ready (Y/N)? - simply press 'Yes' without doing anything of the above, because we already did that before starting DosFlash16 / DosFlash32 - the BenQ flash should now be identified - go on like usual
Geremia's BenQ unlock with DosFlash16 / DosFlash32 on any motherboard with 2nd psu ------------------------------------------------------------------------------------ - connect a separate power supply unit to the BenQ, don't turn it on yet - power up PC and boot into DOS - run DosFlash16 in auto mode for DOS or DosFlash32 for Windows - if you read the following: MTK Vendor Intro failed on port 0x????. Because there seems to be a BenQ drive connected you should try Geremia's unlock method. - Eject drive tray - Power off drive - Push drive tray in until it is half open - Power on drive - Press "Yes" if you are ready Are you ready (Y/N)? - do the above and press 'Yes' - the BenQ flash should now be identified - go on like usual
Magic28 BenQ unlock with DosFlash16 / DosFlash32 on any motherboard --------------------------------------------------------------------- - connect BenQ to your PC's power supply unit and SATA port - power up PC and boot into DOS for DosFlash16 or Windows for DosFlash32 - run DosFlash16 in auto mode for DOS or DosFlash32 for Windows - if you read the following: MTK Vendor Intro failed on port 0x????. Because there seems to be a BenQ VAD6038 drive connected you should try the Magic28 unlock method. Do you want to send the Magic28 command? - press 'Yes' - the BenQ flash should now be identified - go on like usual
Thanks to Redline99 and Tiros for help and support.
It's all about DOS! Thanks guys for the excellent team work! Geremia, Modfreakz and Kai Schtrom
DosFlash and DosFlash32 V1.4 Beta ----------------------------------- - DROM6316 flashing support - a flash erase is now always done with a chip erase and not a sector erase command, because the sector erase gives problems for some Winbond flash chips including the DROM6316 - DosFlash.typ corrected and updated - for a detailed explanation on the soft unlock look at the included file SoftUnlockByIriez.txt, it contains a very good explanation by Iriez from XBS, thanks for that one!
Thanks to Iriez, Jumba, Redline99 and Tiros for help and support.
Happy DROM bricking! Team Modfreakz and Kai Schtrom
DosFlash and DosFlash32 V1.3 Beta ----------------------------------- - BenQ optimization in unlocking the flash chip, it should now be possible to read/write/erase the flash without any soldering or wire tricks, the drive is polled for the correct mtk unlocking status after power on, this only works for VIA cards and NForce boards atm - DosFlash32 has one additional parameter, if you start it with the parameter "EnableDrives" all the DVD-ROMs are enabled in device manager after flashing, this could give BSOD on some systems, therefor you need to create a DosFlash32 link and add that parameter manual to use it - DosFlash16 has one additional parameter "Send ATAPI Device Reset" in manual mode, this could give better chances for soft flashing on some VIA - motherboard combinations - better support of Intel chipsets, drives can now be flashed if the controller is not set to native mode in the BIOS - the following controller list includes vendor and device IDs that are hardcoded to identify the controller type (IDE or SATA), this is needed if the BIOS uses IDE ports like 0x01F0 or 0x0170 as SATA and not as IDE channels, this list is NOT related to soft flashing - the following chipset support is added - VIA cards - all VIA cards with a 6420 chipset - IDE Controllers - NVIDIA nForce 2 IDE Controller - NVIDIA nForce 4 IDE Controller - Intel ICH9 - Intel ICH (i810,i815,i840) - Intel ICH0 - Intel ICH2M - Intel ICH2 (i810E2,i845,850,860) - Intel C-ICH (i810E2) - Intel ICH3M - Intel ICH3 (E7500/1) - Intel ICH4 (i845GV,i845E,i852,i855) - Intel ICH5 - Intel ESB (855GME/875P + 6300ESB) - Intel ICH6 (and 6) (i915) - Intel ICH7/7-R (i945, i975) - Intel PIIX3 for the 430HX etc - Intel PIIX4 - Intel PIIX4 for the 430TX/440BX/MX chipset - Intel PIIX - SATA Controllers - NVIDIA nForce 4 SATA Controller - NVIDIA nForce 2 SATA Controller - NVIDIA nForce 3 SATA Controller - NVIDIA nForce MCP04 SATA Controller - NVIDIA nForce MCP51 SATA Controller - NVIDIA nForce MCP55 SATA Controller - NVIDIA nForce MCP61 SATA Controller - Intel 82801EB (ICH5) - Intel 6300ESB (ICH5) - Intel 82801FB/FW (ICH6/ICH6W) - Intel 82801FR/FRW (ICH6R/ICH6RW) - Intel 82801FBM ICH6M - Intel Enterprise Southbridge 2 (631xESB/632xESB) - Intel 82801GB/GR/GH (ICH7, identical to ICH6) - Intel 2801GBM/GHM (ICH7M, identical to ICH6M) - Intel SATA Controller IDE (ICH8) - Intel Mobile SATA Controller IDE (ICH8M) - Intel SATA Controller IDE (ICH9) - Intel SATA Controller IDE (ICH9M)
The following only applies to a software flash on a locked flash. The methods have been tested with the BenQ and the Sammy. The VCC trick will work on any motherboard, but you need to do some soldering and cut traces.
Soft Flashing the BenQ in DOS with a VIA card and DosFlash16 in manual mode ----------------------------------------------------------------------------- - first you need to know the port addresses of your VIA card, you can get these by starting msinfo32 on Windows XP and looking at the port listing for SCSI devices - for the 6421 the 1st port is internal SATA, 2nd is external SATA and 3rd is internal IDE - for the 6420 the 1st and 3rd port are internal SATA - you need the starting address e.g. 0xD000 or 0x7000 - be warned that these addresses can change from computer to computer, they are assigned at bootup, but Windows XP should display the ones you need for flashing in DOS - connect a separate power supply unit to the BenQ, don't turn it on yet (can be XBOX360 or Xecuter Connectivity Kit) - don't use the Xecuter Kit to power the drive with the same psu as your computer, cause we need to power the drive off and on during soft flashing - cold reboot or reset the computer - boot from a DOS disk, I used a Windows XP MS-DOS startup disk - at the prompt type: DosFlash r 7000 1 a0 1 4 a:\orig.bin 0 - instead of port 7000 use the starting address your VIA card uses - press return - DosFlash16 will ask you if you wanna resend the mtk vendor intro cmd, press Yes - after you pressed Yes the drive status is shown on the screen, it's something like 0x7F, this will change during the next few steps - turn on the BenQ psu and wait 2 or more seconds, status changes between 0x51 and 0xD1 - turn off the BenQ psu and wait 2 or more seconds, status will stay at 0xD1 - turn on the BenQ psu, you should get a good drive status 0x73 and flashing should start - this worked only one time after the computer is powered on or resetted for me - writing and erasing works the same way - for writing type: DosFlash w 7000 1 a0 1 4 a:\ixtreme.bin 0 - for erasing type: DosFlash e 7000 1 a0 1 4 D8 0 (D8 is the sector erase opcode for the BenQ flash, if you need to erase another drive, lookup the value in the datasheet or DosFlash.typ) - if you experience any problems try to use 1 as the parameter to the ATAPI Device Reset, cause the same VIA card will react differently on another motherboard sometimes
Soft Flashing the BenQ in DOS with a NForce motherboard and DosFlash16 in manuel mode --------------------------------------------------------------------------------------- - first you need to know the port addresses of your NForce motherboard, you can get these by starting msinfo32 on Windows XP and looking at the port listing for IDE devices - on most motherboards the 1st and 3rd ports are used for SATA - you need the starting address e.g. 0x0970 or 0xE900 - connect a separate power supply unit to the BenQ, don't turn it on yet (can be XBOX360 or Xecuter Connectivity Kit) - don't use the Xecuter Kit to power the drive with the same psu as your computer, cause we need to power the drive off and on during soft flashing - cold reboot or reset the computer - boot from a DOS disk, I used a Windows XP MS-DOS startup disk - at the prompt type: DosFlash r 0970 1 a0 1 4 a:\orig.bin 1 - instead of port 0970 use the starting address your NForce motherboard uses - press return - DosFlash16 will ask you if you wanna resend the mtk vendor intro cmd, press Yes - after you pressed Yes the drive status is shown on the screen, it's something like 0xD1, this will change during the next few steps - turn on the BenQ psu, you should get a good drive status 0x73 and flashing should start - writing and erasing works the same way - for writing type: DosFlash w 0970 1 a0 1 4 a:\ixtreme.bin 1 - for erasing type: DosFlash e 0970 1 a0 1 4 D8 1 (D8 is the sector erase opcode for the BenQ flash, if you need to erase another drive, lookup the value in the datasheet or DosFlash.typ)
Soft Flashing the BenQ in DOS with a NForce motherboard and DosFlash16 in auto mode ------------------------------------------------------------------------------------- - connect a separate power supply unit to the BenQ, don't turn it on yet (can be XBOX360 or Xecuter Connectivity Kit) - don't use the Xecuter Kit to power the drive with the same psu as your computer, cause we need to power the drive off and on during soft flashing - cold reboot or reset the computer - boot from a DOS disk, I used a Windows XP MS-DOS startup disk - wait until you are at the cmd prompt - turn on the BenQ psu - at the prompt type: DosFlash - press return - during scann of the BenQ's port DosFlash16 will ask you if you wanna resend the mtk vendor intro cmd, press Yes - after you pressed Yes the drive status is shown on the screen, it's something like 0xD1, this will change during the next few steps - turn off the BenQ psu and wait 2 or more seconds, status will stay at 0xD1 - turn on the BenQ psu, you should get a good drive status 0x73 and flash access is granted - you can now continue as usual using DosFlash - writing and erasing works the same way - if the ports are scanned there is the possibility that you'll get the resend question for other drives like a NEC, this is because the NEC has no MTK chip and returns a bad status, if you know the NEC is at that port you should press No and press Yes only if the port of the BenQ is shown or simply disconnect the NEC
Soft Flashing the BenQ in Windows XP with a VIA card or NForce motherboard and DosFlash32 ------------------------------------------------------------------------------------------- - connect a separate power supply unit to the BenQ, don't turn it on yet (can be XBOX360 or Xecuter Connectivity Kit) - don't use the Xecuter Kit to power the drive with the same psu as your computer, cause we need to power the drive off and on during soft flashing - cold reboot or reset the computer - turn on the BenQ psu when you are in Windows XP - start DosFlash32 - DosFlash32 will ask you if you wanna resend the mtk vendor intro cmd, press Yes - turn off the BenQ psu and wait 2 or more seconds - turn on the BenQ psu, the DosFlash32 dialog should show up - the flash should be recognized by DosFlash32 - you can now read, write or erase the flash - you should be able to do the flashing more than one time in Windows, only do the power off/on trick again - if the ports are scanned there is the possibility that you'll get the resend question for other drives like a NEC, this is because the NEC has no MTK chip and returns a bad status, if you know the NEC is at that port you should press No and press Yes only if the port of the BenQ is shown or simply disconnect the NEC
Many thanks to jumba for the great idea of BenQ polling! Thanks to Iriez, Jumba, Redline99, TeamModfreakz, Tiros and all the IRC people for testing and support.
Join us on IRC efnet at the channel #dosflash for support.
DosFlash and DosFlash32 V1.2 Beta ----------------------------------- - bug fix for BenQ recognition - manufacturer and device id are sometimes 0x00 for a correct installed switch - this issue is fixed with an additional ATAPI device reset before the mtk vendor intro is sent
Thanks to Redline99 who fixed my buggy code by adding one line! <img class="smile" src="images/smiles/01.gif" alt="Улыбаюсь" align="absmiddle" border="0" />
DosFlash and DosFlash32 V1.1 Beta ----------------------------------- - DosFlash.typ modified for better BenQ support - DosFlash16 Flash Manufacturer and Device ID screen output restructured - flash chips are first erased before writing starts - DosFlash32 no reenable of DVD-ROMs in device manager after flashing, this means you can't see the drive and maybe have to activate it manually again in device manager, this could give better compatibility and hopefully no more blue screens
Many thanks to Jumba, Redline99, TeamModfreakz and Tiros for inspiration and help!
DosFlash and DosFlash32 V1.0 Beta ----------------------------------- DosFlash can be used to read/write/erase the flash chips of most CD/DVD-ROM drives that have a mediatek chipset installed. DosFlash is for DOS flashing, DosFlash32 for Windows flashing.
Features: ----------- - flashes IDE and SATA drives - supports parallel and serial flash chips - flash drives in Windows with direct port access - no vendor cdb flashing commands are used - tested with the following drives: - TS-H943A MS25, MS28 - SH-D162C - SH-D163A - and some other drives like Liteon, Hitachi, ... - NEC drives are not supported, cause they have no mediatek chipset installed
DosFlash ---------- DosFlash supports two flashing modes, Auto and Manual. If you type DOSFLASH at a DOS prompt it will start in Auto mode. All drives and the corresponding flash chips are detected automatically. If you can't get a flash chip recognized due to a bad flash or other problems you should use the Manual mode. In Manual mode you can enter all the parameters used for flashing by hand. The following help screen is displayed if you start DosFlash with a wrong number of parameters:
DOSFLASH by Kai Schtrom, 08/05/2007 (Ver 1.0 Beta) DOSFLASH [R|W|E] [PORT] [PORT TYPE] [DRIVE POS] [FLASH TYPE] [FLASH SIZE] [FLASH SECTOR ERASE OPCODE] [FILE NAME] R: Read FLASH W: Write FLASH E: Erase FLASH PORT: Port to send command to PORT TYPE: 0 for IDE, 1 for SATA DRIVE POS: A0 for Master, B0 for Slave FLASH TYPE: 0 for parallel flash, 1 for serial flash FLASH SIZE: size of flash chip in number of banks FLASH SECTOR ERASE OPCODE: individual sector erase opcode command byte this is only needed for erasing a serial flash FILE NAME: name of the file to read/write from/to flash All numbers are intepreted as hex values!
Example Usage: "DOSFLASH R 01F0 0 A0 1 4 C:\flash.bin" => Read serial flash with a size of 4 bank (262144 bytes) from Master Device on IDE port 0x01F0 "DOSFLASH E C000 1 A0 1 4 D8" => Erase serial flash with opcode 0xD8 and a size of 4 banks (262144 bytes) from Master Device on SATA port 0xC000
Explanation of the Parameters: --------------------------------
[R|W|E] --------- - this will set the mode of flashing, it is recommended to first try read on any drive, if the read will fail, it is highly unlikely that a write or erase will succeed
[PORT] -------- - the port to which the drive is connected, a port number should always be entered in hexadecimal and have 4 hex digits, valid ports are: 01F0, 0170, C000, C800 - this option can be used if your PCI adapter card or on board IDE/SATA ports are not identified by the auto mode
[PORT TYPE] ------------- - the port type tells DosFlash what type of port is installed on the before entered port address - valid values are 0 for IDE and 1 for SATA - make sure you never mix the wrong port with the wrong port type, this could give strange results or in the worst case a bricked drive
[DRIVE POS] ------------- - old style IDE channels have the possibility to connect two drives at one IDE channel, the first drive is called the master, the second drives is called the slave - you can select which drive should be flashed on the channel, A0 selects Master, B0 selects Slave - on SATA ports this value is always A0, cause you can only connect one drive to a SATA port, so for SATA you will always type A0 here - it is not recommended to flash IDE drives with another drive connected to the same IDE channel, this could be risky if something in the Master/Slave selection fails
[FLASH TYPE] -------------- - there are two types of flash chips out for CD/DVD-ROM drives atm - the older type is parallel flash, which is also supported by mtkflash for example - the newer type is serial flash, which is supported by flashers like XSF - the problem here is that no tool is out that can flash serial flash chips on SATA ports
[FLASH SIZE] -------------- - this is specifies the flash chip size in banks - one bank is always 65.536 bytes in size - if you know your drive has a flash chip of 262.144 bytes in size you need to enter 4
[FLASH SECTOR ERASE OPCODE] ----------------------------- - the opcode used in the flash chips datasheet for erasing - for serial chips this command can be different from the standard and needs to be entered for flash erase - for parallel flash chips you can enter a dummy cmd byte, the integrated command should work on all parallel flash chips without a prob
[FILE NAME] ------------- - name of the file that should be used for flashing - for reading operations this should be the output file - for writing operations this should be the input file
Hints and Warnings -------------------- - read, write erase TS-H943A MS28 after the firmware stealth has been disabled with Enable0800 disc - this only works one time, after the first mtk vendor specific intro cmd is send - if the mtk vendor specific outro cmd is send the chip goes back to stealth mode and you need again the Enable0800.iso to disable it - therefor the mtk vendor specific intro is send at program start to all present devices and the mtk outro is sent at program end - if you have a chip manufacturer id of 0x02 and a chip device id of 0x02 for the TS-H943A the flash chip is in stealth mode and won't give access to any reading, writing, erasing - always have a look at the DataSum generated, this is exactly the DataSum of mtkflash - the DataSum is calculated as the sum of all bytes of the firmware in a short integer - to make 100% sure that the flash is written right compare that DataSum to a known one - this tool has not been tested on all drives out there, the typ list is simply copied from well known programs like mtkflash and XSF - always try a flash read on a not yet tested drive before doing anything else - if the read doesn't succeed it is highly unlikely that a write or erase will - some LiteOn drives seem to have probs to write the firmware correct, this prob seems to be related to windows register flashing, cause even an assembler app can't do this error free - if you get errors on LiteOn drives, write the flash two times in a row - for direct port I/O in windows the givoio.sys driver is used, this driver is loaded at DosFlash32 start and unloaded at program end, be warned, this driver can possibly make your system unstable, it's intention is to let privileged assembler instruction like in and out pass, even in windows, if this driver is not used you will not be able to get direct access to port registers - DosFlash was tested on MS-DOS 6.22 and later, you can easily copy it on a MS-DOS boot disk created in Windows XP and start DosFlash directly from the disk - don't forget to also copy the DosFlash.typ file, it has all the informations about flash chips for auto mode flashing - DosFlash32 was tested without a prob on Windows XP SP2, you'll need also the typ file for the win version - DosFlash32 will deactivate all CD-ROMs in device manager at startup, this is better for flashing, cause Windows seems to poll the drives all the time and this could result in a bad fw file or a program hang, the drives are activated again at program end - you should make sure that the flash is not in an erased state at program end, cause device manager don't like drives that do not respond to the inquiry command - deactivating all CD-ROMs could take a few seconds, so please be patient at program start - DosFlash and DosFlash32 will try to scan for the VIA 6421L Raid Controller card, based on vendor id 1106 and device id 3249, it doesn't matter if the card driver is installed or not
Many thanks to Dale Roberts and his Direct Port I/O driver giveio.sys!
Avoid a bad flash! Kai Schtrom
For those of you with VIA cards, we recommend trying dosflash32 without the VIA windows driver installed. The port is directly accessed with giveio.sys, and it seems that the VIA drivers can mess things up.
Success stories so far... onboard VIA8237 (win32 and dos16) ICH5 w/ VIA 6421 (dos16) ICH7 w/ VIA 6421 (dos16) Nforce4 - Nforce6 (both dos and win32?)
Got a different chipset and had luck? PM me or respond here!
I successfully dumped my benq with ICH7 and VIA6421L by doing the following: Boot into bios, disable sata controller. restart with benq turned on run dosflash manual command Press Y at mtk question, and hit enter Turn off benq, turn back on benq. And it should automatically dump!
If you have a VIA card, and need to run dosflash with manual commands, and you MUST erase before running the flash command (or it will likely hang on the write process) here is how you find your VIA cards port #:
1st way: The easier way is to open up iprep, check custom Serial ATA box, click list SCSI based controllers, select your VIA card, and look at the first 4 letters/numbers of the Dev IO. That is your port.
2nd way: Start, Run, msinfo32. Select Components, Storage, SCSI, then look for your VIA card. Should look like this:
Name VIA RAID Controller - 3249 Manufacturer VIA Technologies, Inc. Status OK PNP Device ID PCI\VEN_1106&DEV_3249&SUBSYS_32491106&REV_50\4&1AF1648C&0&08F0 I/O Port 0x0000CF00-0x0000CF0F
It is the last for digits/letters of the first I/O address range for your VIA card(in this example, the port is CF00). You can also reach this by going to your device manager, selecting your VIA card under scsi/raid controllers, and clicking properties, then resources tab. It is the first 4 digits/letters displayed on the first I/O range setting.
If the motherboard is a NFORCE chipset with native sata (e.g. nf3 or higher, dont think nf2 had sata?) then this software read/write will work in dos, and *possibly* windows. If you have a ICH (or other non nforce/ICH chipsets/motherboards) and a 6421 VIA, you should be able to dump in dos by disabling your sata controller and trying the described method in the readme).
Do not post links or pictures of the VIA 6421* series asking "will this work", because the answer is half a inch above this line. Those posts WILL be deleted.
Nvidia (nforce) sata controllers seem to be able to use auto mode of dosflash16, which will automatically erase before writing (no manual erase neccesary)
Key Verification - thanks to C4eva ---------------------------------------- Routines will validate a key against the attached drive 100% Routine added to: - DVDkey32 Extract, also as key ver is 100%, 6 dumps no longer necessary - LO83info Extract, also as key ver is 100%, 2 dumps no longer necessary - Source and Target context menus
IO port refresh ---------------------------------------- Extra checks to determine drive hardware type, as opposed the Inquiry info. Key is easily queryied from Samsung and Hitachi pre 78, can grab key, verify and lookup KeyDB. Lite-On Barcode uniquely identifies drive, look-Up Barcode in KeyDB and verify Fancy icon on the Drive Properites group box and tooltip to display Key and KeyDB info. Context menu on Drive Properties to peform KeyDb functions ( load files etc )
KeyDB --------------------------------------- Now index by Lite-on barcode, barcode will be added at next refresh for rapid Drive ID. Added an new field call LastFile, this will point to file last used to update KeyDb. Useful if you want to refresh KeyDb with all your Lite-On files. This is used on Drive Properties Context Menu, to load an OFW.
Dummy from KeyDB **New** -------------------------------------- There are 3 parts to this - for and identified Lite-On this will use the verified key and grab all other dummy data and build it - for un-identified Lite-On, will test ALL keys in KeyDB and return on a successful hit, build dummy as above - for non lite-on, will test ALL keys in KeyDB and return on a successful hit.
USB Com Port Enumeration --------------------------------------- Will properly report device types in Vista and Win 7 - FTD2XX.dll dependancy removed
General Support ---------------------------------------- Hyperlinks in IRC tab now launch in Preferred Browser better support for windows 7 120dpi mode
No Lite-On LT spoofing --------------------------------------- No longer says copied ID strings when target is LT No longer Shows false spoof when LT is "spoofed" with older JF ver - previous versions are not forward compatible with LT - they may put spoof in place but LT will ignore it.
Hitachi Support ---------------------------------------- Bug fix - master checksum now set when auto-spoofing Stock Hitachi Master Checksum now set when spoofing stock Hitachi in firmtools. Bug fix - JF no longer crashes when saving encrypted Hitachi.
General Support ---------------------------------------- IRC tab that calls a Java IRC client in embedded browser window requires 2 dll's... included
JungleFlasher 0.1.70(86)
=====================================
Foreign Language support --------------------------------------- German, French, Greek and Portuguese added. Spanish, Italian and Russian to follow.
Lite On Support --------------------------------------- Auto-Load Lite-Touch firmwares
Calibration data - spoof copies calibration data if present in source - dummy from traget will place calibration data in dummy v2 at same location
Secret Inquiry - performed before LO83info to identify 83 v2 and abort sequence - performed for DVDKey, Lo83info and Dummy from iXtreme and added to dummy v2 to differientiate 83v1 & 83v2
Firmtool Engine --------------------------------------- Finally re-coded firmtool engine correctly - full support for encrypted lite-on, source and target - easier support for cross spoofing
Port IO --------------------------------------- Using Schtrom's driver portIO driver, which includes 64bit support.
iXtreme 1.61 for lite-on --------------------------------------- Will autoload iX 1.61 for Liteon
Hitachi Support --------------------------------------- Added new spoofing method for Hitachi. "Auto Spoof", will spoof inquiry and key on the fly directly from source buffer. Will use existing file or request for load if empty.
KeyDB Viewer -------------------------------------- New keyDB, right click source tab.
Lite-On 83850c support --------------------------------------- - added full LO83info extract, OpenKey to Dummy.bin - checks added to LO83info.bin.key load, blank data aborts - 140F0F1011B5223D79587717FFD9EC3A from bad LO83info extract will be rejected
**** WARNING **** this uses Seacrest source, many thank.... BUT beware... use a spare drive to check the key
Lite-On support General --------------------------------------- Dump Dummy.bin from lite-On iXtreme file (in target context menu) Identify Barcode reversal - to detect and fix and use bad inquiry Barcode info - extra step to Manual spoofing to avoid bad barcode data
Hitachi Support Updated --------------------------------------- Stabilty success message is bypassed in Moddermode.
General items Updated --------------------------------------- Foreign Language Support - German - Portugueuse - Italian - French - Greek - Spanish (WIP)
General items Updated --------------------------------------- KeyDB and Log to Notepad fixed for windows 7 and foreign languages
Lite-On-Erase --------------------------------------- - Extra check added, Drive Serial is compared to Target f/w - a mismatch will cause a warning... Just in case user were - to hook up a new lite-on and forget to do DVDkey32
MtkFlash32 --------------------------------------- - Disable related windows drive letters on Intro - Windows interfers with read-back verify as it thinks drive is - still present after into. This occured primarily with benq - running ix > 1.41. The half tray unlock also give windows - drive letter. On intro, drive list is refreshed, scanned for - the drive on the current port and disabled if found..
Lite-On 83850c support --------------------------------------- - ix 1.6 83850 support added ( cross spoofing of ix revs NOT supported ) - conversion of [barcode].bin.key to dummy.bin - Autoload dummy, auto-load ix, spoof ix - extract of [barcode].bin added, for repair
General items Updated --------------------------------------- Ctrl + F4 to open iXtreme from firmware folder to Target Added context menus to Source and target tabs Source - open f/w from working folder - clear source - update to key data base Target - open f/w from working folder - open f/w from .\firmware folder - clear target Removed - not allowing blank serial in for Lite-on Dummy.bin previously if serial was blank the iX file serial was left as is Warning changed for dummy.bin w/o serial, to mention is possibly ok. Added spoof support for new lite-on 83850C JF wil recognise a 83850C dummy.bin and spoof 74850C iX accordingly Manual spoof support for 83850C support added (still no confirmation of key extract via DVDkey32 method)
Key Database in Registry --------------------------------------- Database will be populated automatically from a dump. Ctrl + F10 to add/update key database from Source tab info Ctrl + F12 to launch notepad with key database Ctrl + F11 to create .csv from key database Added extra item to explorer context to load as source and add key to db iX will not autoload to target for this task can select mutliple f/w files, these will load in turn
Hitachi Support Updated --------------------------------------- Fixed bug in Rev 36 Ram Upload Dump Code All dumps are rev checked immediately, a failure to identify will abort sequence dumps from other drives and locked 79's (coming back empty) would proceed to key check and fail
MTKFlash32 --------------------------------------- Added warning message Yes/No to Flash Erase Button (default is No!) Added Esc to abort to flash read within auto reads in moddermode Bypassed Sammy-Un-Lock warning in ModderMode
JungleFlasher 0.1.62 ======================================== Release for iX 1.6 0800 for Samsung, Benq and Lite-On...
Hitachi Support Updated --------------------------------------- Windows drive enum changed
successful Classic dump will detect and set correct drive type for pre 78 drives. Inquiry of spoofed drives would select incorrect version.
DVDKey32 Support Updated --------------------------------------- better support for Maximus USB Xtractor - using FTDI api FTD2XX.dll
General items Updated --------------------------------------- Improved launch times
Release for iX 1.6 for Samsung, Benq and Lite-On... Jf will now target 1.6 files by default
Hitachi Support Updated --------------------------------------- Right Click windows drive list for context to open/close drive tray
DVDKey32 Support Updated --------------------------------------- Added Support for USB Extractor Switch in Vista, for remote launch of DVDkey32 from probe
JungleFlasher 0.1.59 - cleanup to 0.1.55 ========================================
DVDKey32 Support Updated --------------------------------------- Added Support for USB Extractor Switch, for remote launch of DVDkey32 from probe
Added optional delay on dvdkey32... allow time for probe.... delay32 in reg, default is 0, max 20 sec
Hitachi Support Updated --------------------------------------- Added Stop-Disk to Hitachi commands, People were still putting in a disk, a habit from FWTB days, commands would fail and the drive would crash.
Improvements to Ram upload dump, should dump in 1 - 1.5 sec... added timer for the fun of it...
Introducing USmodeB with JungleUSB drivers, for Hitachi 1. JungleUSB drivers allow Hitachi on USB to be seen in Mode-A, mode-B command can be issued 2. at power up, you may need to open/close the drive to allow windows to PnP fully 3. Send USmodeB - JF will enumerate all windows drive letters and find any Hitachi, JF will send mode-b
General items Updated ---------------------------------------
Added, test for port IO.... JF will scan device tree for PortIO, 4 outcomes are possible i. port io running aok ii. port removed iii. port not installed iv. port io has an error
Fixed, Ctrl f7 for Drive pororties on PortIO, drives were not being detected
Added donate icon, users complained they conuldn't see.... ;-)
JungleFlasher 0.1.55 - cleanup to 1.51 =======================================
We have probably added or changed alot more but this is what we could remember.
Hitachi Support Updated --------------------------------------- - Portio will only be enabled with "Via Only" ticked, as it was only added to support Via w/o drivers - Via card must also report status (Code 39)... no drivers loaded - Mode Select method removed from Port IO. Mode Select is for USB support, port IO does not support USB.
Modder Mode --------------------------------------- - Now stops on bad device ID.
Splash Screen --------------------------------------- - Context enable/disable removed from splash ( added as a ctrl key)
Advanced Ctrl F Keys --------------------------------------- - Ctrl + F5 key, set modder mode backup directory, clear folder to disable it - Ctrl + F6 key, hitachi read block size 100 --> 2000 ( 78 and 79 FK models will fail on this ) - Ctrl + F7 key, set working folder in modder mode... clear all tabs and save log - Ctrl + F8 key, enable "Free Flash" and "Ram Poke" in Hiatachi - Ctrl + F1 key, enable context menus - Ctrl + F2 key, disable context menus
Lite-On Dummy.bin Serial Fixer --------------------------------------- - Bug, fixer added drive barcode byte swapped to Identify string, fixed.
Sammy flash --------------------------------------- - was failing for at least one user.. typo in last cleanup. fixed.
Port Inquiry --------------------------------------- - Timeout in port Inquiry for drive properties extended from 200ms to 1s
Lite-On-Erase --------------------------------------- - Dead time after l-o-erase extended from 2s to 3s - dots and timer added for better appearance.
Внимание! AdBlock блокирует показ скриншотов, все вопросы к разработчикам )))
