Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"
-
- Posts: 4075
- Joined: Wed Nov 26, 2008 2:26 am
- Contact:
Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"
NOTE: Information in this post is mostly obsolete, please see the main FAQ thread for an up-to-date information - viewtopic.php?f=16&t=19634
As mentioned many times earlier, I personally do not recommend downgrading your drive firmware without understanding the possible consequences.
However recently the firmware downgrade method using SPI access via vendor ATA commands (a.k.a. dosflash method, a.k.a. DVDFab tool method) became more and more popular. Live flash update in raw mode became a commodity. Guides on our forum written by fellow members are also based on this method. This method is highly dangerous ( please see viewtopic.php?f=16&t=18857 ) but is used widely because this is the only method that is publicly available.
To stop the painful drive abuse I have to divulge some information. Normally I avoid doing so, but the current insanity has to be stopped.
Here is my "guide" how to downgrade any MTK firmware using only official flashing app. No dosflash, no direct flash write, no meddling with IDE controller settings.
What we would need:
A patched official MTK flasher. Can be downloaded from https://forum.cdrinfo.pl/f29/crossflash ... s58-96313/ This flasher operates using drive self-update mode.
An unpacked official update image (bin file). The archive at link above contains some images already. This is important step - the official update BIN is needed, not a dump of any sort or "cleaned" dump. These are easy to come by.
Normally official flasher would refuse to downgrade firmware from latest versions - the so-called "Write DRAM NG 05/24/00" error. For example ASUS drive with 3.03 firmware would refuse to flash firmware 3.0 (present in archive from link above). A custom step is required to make the old firmware flash-able on a latest-firmware drive. Any old firmware can be patched this way.
Here are instructions for the super-duper-secret-mega hack that would allow flashing the old firmware into drives with latest firmware:
Open the firmware BIN file with a hex editor.
Navigate to the offset 0x1ec056 . The byte at this location should be FF . In fact on all (old) firmwares the bytes just before this byte have some distinct values, and all bytes after this byte are FFs.
Change just this single byte (at location 0x1ec056) from 0xFF to 0xDE ("downgrade enable").
Congratulations! You are an elite hacker now. With this byte changed, the firmware will be accepted by drives with latest firmware, allowing downgrade using official flasher. No checksums, no digital signatures, nothing. Just. One. Byte.
If anyone wants to make a community service and post official firmware images with this byte patched, you are welcome to do so in this thread.
p.s. There is no doubt that as with UHD support, in a few days the respectable commercial firmware downgrade utilities would stop requiring changing the setting of IDE controller and would start working with USB drives.
p.p.s. SPI bus access via vendor ATA is a firmware-controlled feature, not a hardware interface. There is no doubt that in response to mainstream usage of this interface, it will be disabled in upcoming firmware versions, making life significanty difficult for everyone. Just because greed is greed and $109 is still $109...
As mentioned many times earlier, I personally do not recommend downgrading your drive firmware without understanding the possible consequences.
However recently the firmware downgrade method using SPI access via vendor ATA commands (a.k.a. dosflash method, a.k.a. DVDFab tool method) became more and more popular. Live flash update in raw mode became a commodity. Guides on our forum written by fellow members are also based on this method. This method is highly dangerous ( please see viewtopic.php?f=16&t=18857 ) but is used widely because this is the only method that is publicly available.
To stop the painful drive abuse I have to divulge some information. Normally I avoid doing so, but the current insanity has to be stopped.
Here is my "guide" how to downgrade any MTK firmware using only official flashing app. No dosflash, no direct flash write, no meddling with IDE controller settings.
What we would need:
A patched official MTK flasher. Can be downloaded from https://forum.cdrinfo.pl/f29/crossflash ... s58-96313/ This flasher operates using drive self-update mode.
An unpacked official update image (bin file). The archive at link above contains some images already. This is important step - the official update BIN is needed, not a dump of any sort or "cleaned" dump. These are easy to come by.
Normally official flasher would refuse to downgrade firmware from latest versions - the so-called "Write DRAM NG 05/24/00" error. For example ASUS drive with 3.03 firmware would refuse to flash firmware 3.0 (present in archive from link above). A custom step is required to make the old firmware flash-able on a latest-firmware drive. Any old firmware can be patched this way.
Here are instructions for the super-duper-secret-mega hack that would allow flashing the old firmware into drives with latest firmware:
Open the firmware BIN file with a hex editor.
Navigate to the offset 0x1ec056 . The byte at this location should be FF . In fact on all (old) firmwares the bytes just before this byte have some distinct values, and all bytes after this byte are FFs.
Change just this single byte (at location 0x1ec056) from 0xFF to 0xDE ("downgrade enable").
Congratulations! You are an elite hacker now. With this byte changed, the firmware will be accepted by drives with latest firmware, allowing downgrade using official flasher. No checksums, no digital signatures, nothing. Just. One. Byte.
If anyone wants to make a community service and post official firmware images with this byte patched, you are welcome to do so in this thread.
p.s. There is no doubt that as with UHD support, in a few days the respectable commercial firmware downgrade utilities would stop requiring changing the setting of IDE controller and would start working with USB drives.
p.p.s. SPI bus access via vendor ATA is a firmware-controlled feature, not a hardware interface. There is no doubt that in response to mainstream usage of this interface, it will be disabled in upcoming firmware versions, making life significanty difficult for everyone. Just because greed is greed and $109 is still $109...
-
- Posts: 2866
- Joined: Wed Nov 22, 2017 11:45 pm
Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"
It's a good thing I kept the official ASUS BW-16D1HT 3.02 Flasher. Here is the 3.02 firmware patched as per Mike's Instructions.
Cheers
----------------------------------------------------------------------------------------------------------------------------
For UHD enabled drives (AU/NZ/SG + Others) & DIY Single Drive Flasher (WW): https://uhdenableddrives.com
----------------------------------------------------------------------------------------------------------------------------
For UHD enabled drives (AU/NZ/SG + Others) & DIY Single Drive Flasher (WW): https://uhdenableddrives.com
-
- Posts: 4324
- Joined: Sun Aug 24, 2014 5:49 am
Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"
nice thank you so much for this
How to video: https://www.youtube.com/watch?v=Yfpf6HoMMis
Included in this zip is the following firmware:
ASUS_BW-16D1HT_302
BE16NU50_1.01
BH14NS50_1.01
BH14NS58_1.00
BH16NS40_1.02_NS50
BH16NS50_1.01
BH16NS55_1.02
WH14NS40_1.02_NS50
WH16NS40_1.02_NS50
BU40N_1.00
WH16NS60_1.00
Buffalo BRUHD-PU3 BU10 Thanks to
they all have the downgrade enabled so all you need to do is download this and the unlocked flasher and then choose the file for your drive. This works with SATA AHCI/RAID, IDE, and over USB!!
Big thanks to
And Big thanks to
Downgrade Enabled Firmware V.2
https://drive.google.com/file/d/102V7DU ... sp=sharing
MD5: D9166F375D82D808411549BF615EE70E
SHA-256: 64084863829C3C8EFABF6ED786DAC426AC70C23AE02D7525C36C369841C869B0
How to video: https://www.youtube.com/watch?v=Yfpf6HoMMis
Included in this zip is the following firmware:
ASUS_BW-16D1HT_302
BE16NU50_1.01
BH14NS50_1.01
BH14NS58_1.00
BH16NS40_1.02_NS50
BH16NS50_1.01
BH16NS55_1.02
WH14NS40_1.02_NS50
WH16NS40_1.02_NS50
BU40N_1.00
WH16NS60_1.00
Buffalo BRUHD-PU3 BU10 Thanks to
for the Buffalo BRUHD-PU3 BU10 Dump This is the firmware file name DE_flash_HL-DT-ST_BD-RE_BU40N_BU10.binflashback8 wrote:
they all have the downgrade enabled so all you need to do is download this and the unlocked flasher and then choose the file for your drive. This works with SATA AHCI/RAID, IDE, and over USB!!
Big thanks to
for letting us know where to edit
And Big thanks to
for the Unlocked Flasher
Downgrade Enabled Firmware V.2
https://drive.google.com/file/d/102V7DU ... sp=sharing
MD5: D9166F375D82D808411549BF615EE70E
SHA-256: 64084863829C3C8EFABF6ED786DAC426AC70C23AE02D7525C36C369841C869B0
Last edited by Billycar11 on Wed Apr 24, 2019 11:01 pm, edited 13 times in total.
Buy a UHD drive from the guide and how to video maker: https://www.makemkv.com/forum/viewtopic ... 20&t=17831
UHD Drives Guide: https://www.makemkv.com/forum/viewtopic ... 16&t=19634
Auto flash kit $25 Email me for one Billycar5924@gmail.com
UHD Drives Guide: https://www.makemkv.com/forum/viewtopic ... 16&t=19634
Auto flash kit $25 Email me for one Billycar5924@gmail.com
Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"
Thanks Mike and to the members providing the firmwares!
This will be very, very useful to many.
This will be very, very useful to many.
-
- Posts: 2866
- Joined: Wed Nov 22, 2017 11:45 pm
Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"
@Billycar11,Billycar11 wrote: ↑Wed Feb 06, 2019 12:37 amnice thank you so much for this i will make a new video later but it might be a few days here is
LG WH16NS60 1.00
LG WH16NS40 1.02
LG WH14NS40 1.02
LG BU40N 1.00
Asus BW-161HT 3.02
https://drive.google.com/file/d/1cZo3iv ... sp=sharing
Are these bin files extracted from the official LG Firmware Update tools? As Mike said, dumps or cleaned dumps of any sort are not suitable. If you have the official LG firmware updaters could you please upload them.
Thanks
Cheers
----------------------------------------------------------------------------------------------------------------------------
For UHD enabled drives (AU/NZ/SG + Others) & DIY Single Drive Flasher (WW): https://uhdenableddrives.com
----------------------------------------------------------------------------------------------------------------------------
For UHD enabled drives (AU/NZ/SG + Others) & DIY Single Drive Flasher (WW): https://uhdenableddrives.com
-
- Posts: 4324
- Joined: Sun Aug 24, 2014 5:49 am
Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"
its fixed nowMartyMcNuts wrote: ↑Wed Feb 06, 2019 1:20 am
@Billycar11,
Are these bin files extracted from the official LG Firmware Update tools? As Mike said, dumps or cleaned dumps of any sort are not suitable. If you have the official LG firmware updaters could you please upload them.
Thanks
Last edited by Billycar11 on Wed Feb 06, 2019 4:03 am, edited 2 times in total.
Buy a UHD drive from the guide and how to video maker: https://www.makemkv.com/forum/viewtopic ... 20&t=17831
UHD Drives Guide: https://www.makemkv.com/forum/viewtopic ... 16&t=19634
Auto flash kit $25 Email me for one Billycar5924@gmail.com
UHD Drives Guide: https://www.makemkv.com/forum/viewtopic ... 16&t=19634
Auto flash kit $25 Email me for one Billycar5924@gmail.com
Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"
WOA! First off, THANK YOU VERY MUCH, Mike, for posting this information. This is fantastic...well, for now.
Does anyone happen to have a bin file for the NS60 1.00 firmware?
Amazing!
Does anyone happen to have a bin file for the NS60 1.00 firmware?
Amazing!
-
- Posts: 4324
- Joined: Sun Aug 24, 2014 5:49 am
Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"
ns60 1.00 bu40n 1.00 if we get the official of those 2 everything will be perfect all the others can crossflash to each other fine
but they are probably really hard to come by since there was probably no fw update tool with them since they were initial release firmware's.
Buy a UHD drive from the guide and how to video maker: https://www.makemkv.com/forum/viewtopic ... 20&t=17831
UHD Drives Guide: https://www.makemkv.com/forum/viewtopic ... 16&t=19634
Auto flash kit $25 Email me for one Billycar5924@gmail.com
UHD Drives Guide: https://www.makemkv.com/forum/viewtopic ... 16&t=19634
Auto flash kit $25 Email me for one Billycar5924@gmail.com
Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"
Ahhhh, hell that's a really good point. Not that it REALLY matters since Mike is going to support the latest firmware versions soon. Once that happens, game is done.
Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"
I'm probably getting to be annoying at this point so I do apologize, however...the flash tool that's linked to in the first post here comes with supposedly good bin files. However, they appear to just be bin files that were extracted and cleaned. Am I missing something or are those not extracted from LG firmware flashers? Sorry if this is a stupid question but I want to be very sure we know what it is we're flashing.
-
- Posts: 4324
- Joined: Sun Aug 24, 2014 5:49 am
Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"
mike admin wrote: ↑Tue Feb 05, 2019 10:35 pmCan be downloaded from https://forum.cdrinfo.pl/f29/crossflash ... s58-96313/ This flasher operates using drive self-update mode.
An unpacked official update image (bin file). The archive at link above contains some images already. This is important step - the official update BIN is needed, not a dump of any sort or "cleaned" dump. These are easy to come by.
judging by that quote i would say yes they are from lgs fw tool i did also compare the WH14NS40 1.02 from there to the Clean WH14NS40 1.02 and they had a lot of differences outside of the calibration data so i would say that they are extracted from lgs fw tools but if not i need to take my edited ones down.SamuriHL wrote: ↑Wed Feb 06, 2019 4:33 amI'm probably getting to be annoying at this point so I do apologize, however...the flash tool that's linked to in the first post here comes with supposedly good bin files. However, they appear to just be bin files that were extracted and cleaned. Am I missing something or are those not extracted from LG firmware flashers? Sorry if this is a stupid question but I want to be very sure we know what it is we're flashing.
Buy a UHD drive from the guide and how to video maker: https://www.makemkv.com/forum/viewtopic ... 20&t=17831
UHD Drives Guide: https://www.makemkv.com/forum/viewtopic ... 16&t=19634
Auto flash kit $25 Email me for one Billycar5924@gmail.com
UHD Drives Guide: https://www.makemkv.com/forum/viewtopic ... 16&t=19634
Auto flash kit $25 Email me for one Billycar5924@gmail.com
Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"
The reason I ask is that I did a binary compare of some that are supposedly cleaned vs what's shipped with that tool and they are bit exact. For example:
flash_HL-DT-ST_BD-RE_WH14NS40_1.00_NS50.bin
Note also we discussed the unlikely scenario of getting a 1.00 firmware flasher....right? So if this wasn't extracted and cleaned, is there an LG flasher out there that this was extracted from? I'm not trying to be a pain in the ass. I'm genuinely trying to make sure we are flashing the right things since Mike is very concerned about that.
EDIT:
Also from the link to the modified firmware flashing tool, this line in particular is what I'm wondering about:
"Sincere thanks to everyone who shared the firmwares dumped from their own drives - without your help it wouldn't be possible to collect all these firmwares!"
flash_HL-DT-ST_BD-RE_WH14NS40_1.00_NS50.bin
Note also we discussed the unlikely scenario of getting a 1.00 firmware flasher....right? So if this wasn't extracted and cleaned, is there an LG flasher out there that this was extracted from? I'm not trying to be a pain in the ass. I'm genuinely trying to make sure we are flashing the right things since Mike is very concerned about that.
EDIT:
Also from the link to the modified firmware flashing tool, this line in particular is what I'm wondering about:
"Sincere thanks to everyone who shared the firmwares dumped from their own drives - without your help it wouldn't be possible to collect all these firmwares!"
-
- Posts: 4324
- Joined: Sun Aug 24, 2014 5:49 am
Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"
you are right i just recompared i had selected the non ns50 version they are the same as a clean versionSamuriHL wrote: ↑Wed Feb 06, 2019 4:51 amThe reason I ask is that I did a binary compare of some that are supposedly cleaned vs what's shipped with that tool and they are bit exact. For example:
flash_HL-DT-ST_BD-RE_WH14NS40_1.00_NS50.bin
Note also we discussed the unlikely scenario of getting a 1.00 firmware flasher....right? So if this wasn't extracted and cleaned, is there an LG flasher out there that this was extracted from? I'm not trying to be a pain in the ass. I'm genuinely trying to make sure we are flashing the right things since Mike is very concerned about that.
we should make a questions thread and stop cluttering this i think
Buy a UHD drive from the guide and how to video maker: https://www.makemkv.com/forum/viewtopic ... 20&t=17831
UHD Drives Guide: https://www.makemkv.com/forum/viewtopic ... 16&t=19634
Auto flash kit $25 Email me for one Billycar5924@gmail.com
UHD Drives Guide: https://www.makemkv.com/forum/viewtopic ... 16&t=19634
Auto flash kit $25 Email me for one Billycar5924@gmail.com
-
- Posts: 42
- Joined: Fri Jan 25, 2019 5:21 pm
Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"
Mike, thank you very much for that info! Awesome as always!
By the way, if you use "EEPROM data mover" with your raw dump (containing all the calibration data, serial number and so on) and a clean firmware image (as supplied with official flasher) vice-versa, you will get a clean firmware image made of your dump.
That's right, some of these firmwares were dumped from drives and cleaned by me. Of course they will match firmware images bundled with official flashers, since locations of EEPROM data are same for all firmwares.
By the way, if you use "EEPROM data mover" with your raw dump (containing all the calibration data, serial number and so on) and a clean firmware image (as supplied with official flasher) vice-versa, you will get a clean firmware image made of your dump.
-
- Posts: 2866
- Joined: Wed Nov 22, 2017 11:45 pm
Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"
Even Better!!!
I have patched the official ASUS BW-16D1HT 3.02 Firmware Updater using Mike's instruction and used this to downgrade a BW-16D1HT-PRO with 3.03 to a BW-16D1HT with 3.02 by using just this exe.
The drive was connected via USB and firmware update (downgrade!) worked flawlessly!!!!
Here is the before & after: Here is the file:
Attachment removed as no longer needed. Just download and use the (modified) ASUS Flasher.
I have patched the official ASUS BW-16D1HT 3.02 Firmware Updater using Mike's instruction and used this to downgrade a BW-16D1HT-PRO with 3.03 to a BW-16D1HT with 3.02 by using just this exe.
The drive was connected via USB and firmware update (downgrade!) worked flawlessly!!!!
Here is the before & after: Here is the file:
Attachment removed as no longer needed. Just download and use the (modified) ASUS Flasher.
Last edited by MartyMcNuts on Sun Nov 10, 2019 6:02 am, edited 1 time in total.
Cheers
----------------------------------------------------------------------------------------------------------------------------
For UHD enabled drives (AU/NZ/SG + Others) & DIY Single Drive Flasher (WW): https://uhdenableddrives.com
----------------------------------------------------------------------------------------------------------------------------
For UHD enabled drives (AU/NZ/SG + Others) & DIY Single Drive Flasher (WW): https://uhdenableddrives.com