iXtreme LT+ Lite Touch Xbox 360 Drive Firmware Flashing
Results 1 to 2 of 2

Thread: DosFlash V2.0

  1. #1
    Administrator
    Join Date
    Mar 2009
    Location
    Colorado
    Posts
    1,335
    Thanks
    136
    Thanked 985 Times in 73 Posts

    DosFlash V2.0

    DosFlash V2.0

    DosFlash_V2.0_Build_20110903.rar
    DosFlash V2.0
    ---------------------------------------
    - Key extraction task "LiteOn Key V3 (Tarablinda)" now supports the Slim firmware versions 9504, 0272, 0225,
    0401, 1071 and also tries to discover the key on unknown firmware versions
    - 2 new tasks added named "Lock SPI Flash" and "Unlock SPI Flash"
    The new unlock SPI flash task is used in combination with Geremia's MXIC and Winbond Unlock method.
    It is very much influenced by Geremia's unlockSPI program, which was the first bruter to unlock Winbond SPI
    flashes. To relock the flash after you have finished writing a patched firmware to it, use the lock SPI flash
    task. This will instantly make the SPI flash write protected for all blocks. BP0, BP1 and SRP status bits are
    activated afterward, so handle this function with care!
    - Read Flash task now can create a full firmware dump of the Slim firmware versions 9504, 0272, 0225, 0401 and 1071
    To create full firmware dumps of 0225 drives and above you should get a compatible SATA2 controller and set
    it to IDE mode. In addition you should be able to do Geremia's MXIC or Winbond unlock method. The compatible
    SATA2 controller is needed to unlock the MTK. Any installed drivers should be uninstalled, because they will
    switch the controller back to AHCI mode. In combination with the SPI flash status register unlock you are able
    to write to the firmware and inject Geremia's 8051 trojan, which can then dump the complete firmware. A risk
    level is added to show you how risky it is for your individual flash chip and firmware combination to write
    the patched firmware to obtain a full dump.
    - Possibility during "Read Flash" task to write firmware sector 3E of Slim drives with unknown firmware version
    This feature should be useful if new, unknown Slim firmware versions get out. If you write the patched 3E sector
    to a new and unknown firmware version this could potentially kill your drive. So handle it with care!
    - Portio.sys reimplemented as separate driver for DosFlash32 and DosFlash64
    The driver files portio32.sys and portio64.sys are again separated from the executable file. This way the
    user has the possibility to sign the drivers on his x64 system with the Driver Signature Enforcement Overrider.
    - SATA and IDE adapter list updated

    Geremia's Tarablinda method on LiteOn PLDS DG-16D4S with other firmware than 9504 and DosFlash32/64
    -----------------------------------------------------------------------------------------------------
    - connect your Slim drive to a SATA2 controller set to IDE mode
    - make sure the drivers for the SATA2 controller are uninstalled
    - connect a separate power supply unit to the LiteOn PLDS DG-16D4S, don't turn it on yet
    - power up PC and boot into Windows
    - turn on the LiteOn psu
    - run DosFlash32/64
    - the drive and flash chip should identify properly
    - choose the task "LiteOn Key V3 (Tarablinda)"
    - press "LiteOn Key V3" button
    - choose a destination directory for the extracted files
    - after this DosFlash32/64 displays your DVD-Key and saves your key and identify data
    - then DosFlash32/64 displays the following message:
    There seems to be a LiteOn Slim drive connected as Master
    to port 0xA000.
    You should try SATA2 MTK unlock method.
    - Use a compatible SATA2 controller set to IDE mode
    - Repower the drive which is connected to the SATA 2 controller
    - Press "Yes" if you are ready
    Are you ready?
    - do the above and press "Yes"
    - this repower is used to get DosFlash32/64 back to a known MTK state

    Geremia's Tarablinda method on LiteOn PLDS DG-16D4S with other firmware than 9504 and DosFlash16
    --------------------------------------------------------------------------------------------------
    - connect your Slim drive to a SATA2 controller set to IDE mode
    - connect a separate power supply unit to the LiteOn PLDS DG-16D4S, don't turn it on yet
    - power up PC and boot into Ms-DOS 6.22
    - turn on the LiteOn psu
    - run DosFlash16 in auto mode
    - the drive and flash chip should identify properly
    - choose your drive number
    - as task choose "LITEON K"
    - as extraction method choose "V3"
    - choose a destination directory for the extracted files
    - after this DosFlash16 displays your DVD-Key and saves your key and identify data

    Unlock flash on LiteOn PLDS DG-16D4S with other firmware than 9504 and DosFlash32/64
    --------------------------------------------------------------------------------------
    - connect your Slim drive to a SATA2 controller set to IDE mode
    - make sure the drivers for the SATA2 controller are uninstalled
    - connect a separate power supply unit to the LiteOn PLDS DG-16D4S, don't turn it on yet
    - power up PC and boot into Windows
    - turn on the LiteOn psu
    - run DosFlash32/64
    - the drive and flash chip should identify properly
    - choose the task "Unlock SPI Flash"
    - press "Unlock SPI Flash" button
    - you will hear a test sound from the PC speaker and the following message is displayed:
    The sound that just played was a test. You will hear the
    same sound if unlocking is successful later on. If you
    have not heard a sound, you should skip the unlock and
    check your PC speaker.
    Unlocking the SPI flash requires you to use Geremia's MXIC
    or Winbond Unlock method. Proceed like follows:
    - Press "Yes" if you are ready
    - Start Geremia's MXIC / Winbond Unlock
    - Stop if you hear the sound
    Are you ready?
    (Press ESC key to abort!)
    - press "Yes"
    - start MXIC or Winbond dremel unlock
    - stop if you hear the test sound again
    - the SPI flash should now be successfully unlocked

    Unlock flash on LiteOn PLDS DG-16D4S with other firmware than 9504 and DosFlash16
    -----------------------------------------------------------------------------------
    - connect your Slim drive to a SATA2 controller set to IDE mode
    - connect a separate power supply unit to the LiteOn PLDS DG-16D4S, don't turn it on yet
    - power up PC and boot into MS-DOS 6.22
    - turn on the LiteOn psu
    - run DosFlash16 in auto mode
    - the drive and flash chip should identify properly
    - choose your drive number
    - as task choose "U" for "Unlock SPI Flash"
    - you will hear a test sound from the PC speaker and the following message is displayed:
    The sound that just played was a test. You will hear the
    same sound if unlocking is successful later on. If you
    have not heard a sound, you should skip the unlock and
    check your PC speaker.
    Unlocking the SPI flash requires you to use Geremia's MXIC or Winbond Unlock
    method. Proceed like follows:
    - Press "Yes" if you are ready
    - Start Geremia's MXIC / Winbond Unlock
    - Stop if you hear the sound
    Are you ready?
    (Press ESC key to abort!)
    - confirm with 'Y' for "Yes"
    - start MXIC or Winbond dremel unlock
    - stop if you hear the test sound again
    - the SPI flash should now be successfully unlocked

    Read flash on LiteOn PLDS DG-16D4S with other firmware than 9504 and DosFlash32/64
    ------------------------------------------------------------------------------------
    - you should have unlocked the SPI flash prior to reading the flash, otherwise the following steps will not work
    - connect your Slim drive to a SATA2 controller set to IDE mode
    - make sure the drivers for the SATA2 controller are uninstalled
    - connect a separate power supply unit to the LiteOn PLDS DG-16D4S, don't turn it on yet
    - power up PC and boot into Windows
    - turn on the LiteOn psu
    - run DosFlash32/64
    - the drive and flash chip should identify properly
    - choose the task "Read Flash"
    - press "Read Flash" button
    - enter the name of your flash firmware output file e.g. fulldump.bin
    - you read the following (the displayed checksum and risk level can vary):
    Risk Level: Minimal! Winbond SPI flash with empty 3D3E sectors.
    Firmware sectors 0x3D000 and 0x3E000 match known checksum
    0xFFFFF800.
    Do you want to write firmware with patched code to be able to read
    the firmware?
    - press "Yes"
    - then DosFlash32/64 displays the following message:
    There seems to be a LiteOn Slim drive connected as Master
    to port 0xA000.
    You should try SATA2 MTK unlock method.
    - Use a compatible SATA2 controller set to IDE mode
    - Repower the drive which is connected to the SATA 2 controller
    - Press "Yes" if you are ready
    Are you ready?
    - do the above and press "Yes"
    - after this DosFlash32/64 saves your firmware dump and displays the above message again, repower
    the drive again and press "OK"
    - the last repower is used to get DosFlash32/64 back to a known MTK state

    Read flash on LiteOn PLDS DG-16D4S with other firmware than 9504 and DosFlash16
    ---------------------------------------------------------------------------------
    - you should have unlocked the SPI flash prior to reading the flash, otherwise the following steps will not work
    - connect your Slim drive to a SATA2 controller set to IDE mode
    - connect a separate power supply unit to the LiteOn PLDS DG-16D4S, don't turn it on yet
    - power up PC and boot into MS-DOS 6.22
    - turn on the LiteOn psu
    - run DosFlash16 in auto mode
    - the drive and flash chip should identify properly
    - choose your drive number
    - as task choose "R" for "Read Flash"
    - enter the name of your flash firmware output file e.g. fulldump.bin
    - you read the following (the displayed checksum and risk level can vary):
    Risk Level: Minimal! Winbond SPI flash with empty 3D3E sectors.
    Firmware sectors 0x3D000 and 0x3E000 match known checksum 0xFFFFF800.
    Do you want to write firmware with patched code to be able to read
    the firmware (Y/N)?
    - confirm with 'Y' for "Yes" and press Enter
    - then DosFlash16 displays the following message:
    There seems to be a LiteOn Slim drive connected as Master to port 0xA000.
    You should try SATA2 MTK unlock method.
    - Use a compatible SATA2 controller set to IDE mode
    - Repower the drive which is connected to the SATA 2 controller
    - Press "Yes" if you are ready
    Are you ready (Y/N)?
    - do the above and press 'Y' for "Yes"
    - after this DosFlash16 saves your firmware dump

    Lock flash on LiteOn PLDS DG-16D4S with other firmware than 9504 and DosFlash32/64
    ------------------------------------------------------------------------------------
    - connect your Slim drive to a SATA2 controller set to IDE mode
    - make sure the drivers for the SATA2 controller are uninstalled
    - connect a separate power supply unit to the LiteOn PLDS DG-16D4S, don't turn it on yet
    - power up PC and boot into Windows
    - turn on the LiteOn psu
    - run DosFlash32/64
    - the drive and flash chip should identify properly
    - choose the task "Lock SPI Flash"
    - press "Lock SPI Flash" button
    - read the displayed warning carefully, because locking the flash is very risky
    - press "Yes"
    - the SPI flash should now be successfully locked

    Lock flash on LiteOn PLDS DG-16D4S with other firmware than 9504 and DosFlash16
    ---------------------------------------------------------------------------------
    - connect your Slim drive to a SATA2 controller set to IDE mode
    - connect a separate power supply unit to the LiteOn PLDS DG-16D4S, don't turn it on yet
    - power up PC and boot into MS-DOS 6.22
    - turn on the LiteOn psu
    - run DosFlash16 in auto mode
    - the drive and flash chip should identify properly
    - choose your drive number
    - as task choose "L" for "Lock SPI Flash"
    - read the displayed warning carefully, because locking the flash is very risky
    - confirm with 'Y' for "Yes"
    - the SPI flash should now be successfully locked

    DosFlash16 Manual Mode Examples for LiteOn Slim 0225
    ------------------------------------------------------
    - Extract drive key on a "PLDS DG-16D4S 0225"
    DOSFLASH LITEON K V3 1010 A0
    - Unlock SPI Flash on a "PLDS DG-16D4S 0225"
    DOSFLASH U 1010 1 A0 3 0
    - Read firmware on a "PLDS DG-16D4S 0225"
    DOSFLASH R 1010 1 A0 3 0 4 FWOUT.BIN 0
    - Write firmware on a "PLDS DG-16D4S 0225"
    DOSFLASH W 1010 1 A0 3 0 4 FWIN.BIN 0
    - Erase firmware on a "PLDS DG-16D4S 0225"
    DOSFLASH E 1010 1 A0 3 0 4 C7 0
    - Lock SPI Flash on a "PLDS DG-16D4S 0225"
    DOSFLASH L 1010 1 A0 3 0

    Excellent work on the MXIC / Winbond unlock by Geremia and Maximus.
    As the Duke would say: Hail to the kings baby!
    Kai Schtrom
    ************************************************** **********************************************
    Last edited by Slick; 08-27-2013 at 06:53 PM.

  2. The Following 2 Users Say Thank You to james For This Useful Post:

    deadman (11-01-2011), ssjkakaroto (09-06-2011)

  3. #2
    Super Moderator
    Join Date
    Sep 2009
    Posts
    7,379
    Thanks
    62
    Thanked 834 Times in 392 Posts
    ***Updated to v2.0***
    Rules To Follow

    ABGX Settings

    CG Pro Gaming Tournaments

    I will no longer help via PM's sorry

Similar Threads

  1. What is/where can I get dosflash.typ
    By sizzler27 in forum iXtreme LT+ Lite Touch Firmware Slim Support
    Replies: 2
    Last Post: 09-08-2011, 05:47 PM
  2. LT+ 1.9 0225 and DosFlash (64)
    By refuse77 in forum iXtreme LT+ Lite Touch Firmware Slim Support
    Replies: 12
    Last Post: 07-25-2011, 11:03 AM
  3. Dosflash and LT 1.9
    By Aaron Hayes in forum iXtreme LT+ Lite Touch Firmware Phat Support
    Replies: 3
    Last Post: 06-15-2011, 08:36 PM
  4. LT+ and dosflash
    By swatkt in forum iXtreme LT Lite Touch Download
    Replies: 8
    Last Post: 01-16-2011, 01:57 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
1e2 Forum