Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Forum for discussions about UHD-capable dives
Locked
mike admin
Posts: 4083
Joined: Wed Nov 26, 2008 2:26 am
Contact:

Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Post by mike admin »

NOTE: Information in this post is mostly obsolete, please see the main FAQ thread for an up-to-date information - viewtopic.php?f=16&t=19634

As mentioned many times earlier, I personally do not recommend downgrading your drive firmware without understanding the possible consequences.
However recently the firmware downgrade method using SPI access via vendor ATA commands (a.k.a. dosflash method, a.k.a. DVDFab tool method) became more and more popular. Live flash update in raw mode became a commodity. Guides on our forum written by fellow members are also based on this method. This method is highly dangerous ( please see viewtopic.php?f=16&t=18857 ) but is used widely because this is the only method that is publicly available.

To stop the painful drive abuse I have to divulge some information. Normally I avoid doing so, but the current insanity has to be stopped.
Here is my "guide" how to downgrade any MTK firmware using only official flashing app. No dosflash, no direct flash write, no meddling with IDE controller settings.

What we would need:
A patched official MTK flasher. Can be downloaded from https://forum.cdrinfo.pl/f29/crossflash ... s58-96313/ This flasher operates using drive self-update mode.
An unpacked official update image (bin file). The archive at link above contains some images already. This is important step - the official update BIN is needed, not a dump of any sort or "cleaned" dump. These are easy to come by.

Normally official flasher would refuse to downgrade firmware from latest versions - the so-called "Write DRAM NG 05/24/00" error. For example ASUS drive with 3.03 firmware would refuse to flash firmware 3.0 (present in archive from link above). A custom step is required to make the old firmware flash-able on a latest-firmware drive. Any old firmware can be patched this way.

Here are instructions for the super-duper-secret-mega hack that would allow flashing the old firmware into drives with latest firmware:
Open the firmware BIN file with a hex editor.
Navigate to the offset 0x1ec056 . The byte at this location should be FF . In fact on all (old) firmwares the bytes just before this byte have some distinct values, and all bytes after this byte are FFs.
Change just this single byte (at location 0x1ec056) from 0xFF to 0xDE ("downgrade enable").

Congratulations! You are an elite hacker now. With this byte changed, the firmware will be accepted by drives with latest firmware, allowing downgrade using official flasher. No checksums, no digital signatures, nothing. Just. One. Byte.

If anyone wants to make a community service and post official firmware images with this byte patched, you are welcome to do so in this thread.

p.s. There is no doubt that as with UHD support, in a few days the respectable commercial firmware downgrade utilities would stop requiring changing the setting of IDE controller and would start working with USB drives.

p.p.s. SPI bus access via vendor ATA is a firmware-controlled feature, not a hardware interface. There is no doubt that in response to mainstream usage of this interface, it will be disabled in upcoming firmware versions, making life significanty difficult for everyone. Just because greed is greed and $109 is still $109... :(
MartyMcNuts
Posts: 4032
Joined: Wed Nov 22, 2017 11:45 pm

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Post by MartyMcNuts »

It's a good thing I kept the official ASUS BW-16D1HT 3.02 Flasher. Here is the 3.02 firmware patched as per Mike's Instructions.
ASUS_BW-16D1HT_3.02_OFFICIAL_(BYTE_PATCHED).bin.zip
(1.29 MiB) Downloaded 11773 times
Cheers :D
----------------------------------------------------------------------------------------------------------------------------
For UHD enabled drives (AU/NZ/SG + Others) & DIY Single Drive Flasher (WW): https://uhdenableddrives.com
Billycar11
Posts: 5053
Joined: Sun Aug 24, 2014 5:49 am

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Post by Billycar11 »

nice thank you so much for this
How to video: https://www.youtube.com/watch?v=Yfpf6HoMMis

Included in this zip is the following firmware:
ASUS_BW-16D1HT_302
BE16NU50_1.01
BH14NS50_1.01
BH14NS58_1.00
BH16NS40_1.02_NS50
BH16NS50_1.01
BH16NS55_1.02
WH14NS40_1.02_NS50
WH16NS40_1.02_NS50
BU40N_1.00
WH16NS60_1.00
Buffalo BRUHD-PU3 BU10 Thanks to
flashback8 wrote:
for the Buffalo BRUHD-PU3 BU10 Dump This is the firmware file name DE_flash_HL-DT-ST_BD-RE_BU40N_BU10.bin



they all have the downgrade enabled so all you need to do is download this and the unlocked flasher and then choose the file for your drive. This works with SATA AHCI/RAID, IDE, and over USB!!

Big thanks to
mike admin wrote:
Wed Feb 06, 2019 12:17 pm
for letting us know where to edit
And Big thanks to
Blackened2687 wrote:
Wed Feb 06, 2019 6:53 am
for the Unlocked Flasher :D :D

Downgrade Enabled Firmware V.2
https://drive.google.com/file/d/102V7DU ... sp=sharing
MD5: D9166F375D82D808411549BF615EE70E
SHA-256: 64084863829C3C8EFABF6ED786DAC426AC70C23AE02D7525C36C369841C869B0
Last edited by Billycar11 on Wed Apr 24, 2019 11:01 pm, edited 13 times in total.
Buy a UHD drive from the guide and how to video maker: https://www.makemkv.com/forum/viewtopic ... 20&t=17831
UHD Drives Guide: https://www.makemkv.com/forum/viewtopic ... 16&t=19634
Auto flash kit $25 Email me for one Billycar5924@gmail.com
st4evr
Posts: 705
Joined: Tue Mar 06, 2018 11:38 pm

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Post by st4evr »

Thanks Mike and to the members providing the firmwares! :D

This will be very, very useful to many.
MartyMcNuts
Posts: 4032
Joined: Wed Nov 22, 2017 11:45 pm

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Post by MartyMcNuts »

Billycar11 wrote:
Wed Feb 06, 2019 12:37 am
nice thank you so much for this i will make a new video later but it might be a few days here is
LG WH16NS60 1.00
LG WH16NS40 1.02
LG WH14NS40 1.02
LG BU40N 1.00
Asus BW-161HT 3.02

https://drive.google.com/file/d/1cZo3iv ... sp=sharing
@Billycar11,

Are these bin files extracted from the official LG Firmware Update tools? As Mike said, dumps or cleaned dumps of any sort are not suitable. If you have the official LG firmware updaters could you please upload them.

Thanks
Cheers :D
----------------------------------------------------------------------------------------------------------------------------
For UHD enabled drives (AU/NZ/SG + Others) & DIY Single Drive Flasher (WW): https://uhdenableddrives.com
Billycar11
Posts: 5053
Joined: Sun Aug 24, 2014 5:49 am

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Post by Billycar11 »

MartyMcNuts wrote:
Wed Feb 06, 2019 1:20 am

@Billycar11,

Are these bin files extracted from the official LG Firmware Update tools? As Mike said, dumps or cleaned dumps of any sort are not suitable. If you have the official LG firmware updaters could you please upload them.

Thanks
its fixed now
Last edited by Billycar11 on Wed Feb 06, 2019 4:03 am, edited 2 times in total.
Buy a UHD drive from the guide and how to video maker: https://www.makemkv.com/forum/viewtopic ... 20&t=17831
UHD Drives Guide: https://www.makemkv.com/forum/viewtopic ... 16&t=19634
Auto flash kit $25 Email me for one Billycar5924@gmail.com
SamuriHL
Posts: 2688
Joined: Mon Jun 14, 2010 5:32 pm

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Post by SamuriHL »

WOA! First off, THANK YOU VERY MUCH, Mike, for posting this information. This is fantastic...well, for now. :)

Does anyone happen to have a bin file for the NS60 1.00 firmware?

Amazing!
Billycar11
Posts: 5053
Joined: Sun Aug 24, 2014 5:49 am

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Post by Billycar11 »

SamuriHL wrote:
Wed Feb 06, 2019 1:51 am
WOA! First off, THANK YOU VERY MUCH, Mike, for posting this information. This is fantastic...well, for now. :)

Does anyone happen to have a bin file for the NS60 1.00 firmware?

Amazing!
ns60 1.00 bu40n 1.00 if we get the official of those 2 everything will be perfect all the others can crossflash to each other fine

but they are probably really hard to come by since there was probably no fw update tool with them since they were initial release firmware's.
Buy a UHD drive from the guide and how to video maker: https://www.makemkv.com/forum/viewtopic ... 20&t=17831
UHD Drives Guide: https://www.makemkv.com/forum/viewtopic ... 16&t=19634
Auto flash kit $25 Email me for one Billycar5924@gmail.com
SamuriHL
Posts: 2688
Joined: Mon Jun 14, 2010 5:32 pm

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Post by SamuriHL »

Ahhhh, hell that's a really good point. Not that it REALLY matters since Mike is going to support the latest firmware versions soon. Once that happens, game is done. :)
SamuriHL
Posts: 2688
Joined: Mon Jun 14, 2010 5:32 pm

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Post by SamuriHL »

I'm probably getting to be annoying at this point so I do apologize, however...the flash tool that's linked to in the first post here comes with supposedly good bin files. However, they appear to just be bin files that were extracted and cleaned. Am I missing something or are those not extracted from LG firmware flashers? Sorry if this is a stupid question but I want to be very sure we know what it is we're flashing.
Billycar11
Posts: 5053
Joined: Sun Aug 24, 2014 5:49 am

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Post by Billycar11 »

mike admin wrote:
Tue Feb 05, 2019 10:35 pm
Can be downloaded from https://forum.cdrinfo.pl/f29/crossflash ... s58-96313/ This flasher operates using drive self-update mode.
An unpacked official update image (bin file). The archive at link above contains some images already. This is important step - the official update BIN is needed, not a dump of any sort or "cleaned" dump. These are easy to come by.

SamuriHL wrote:
Wed Feb 06, 2019 4:33 am
I'm probably getting to be annoying at this point so I do apologize, however...the flash tool that's linked to in the first post here comes with supposedly good bin files. However, they appear to just be bin files that were extracted and cleaned. Am I missing something or are those not extracted from LG firmware flashers? Sorry if this is a stupid question but I want to be very sure we know what it is we're flashing.
judging by that quote i would say yes they are from lgs fw tool i did also compare the WH14NS40 1.02 from there to the Clean WH14NS40 1.02 and they had a lot of differences outside of the calibration data so i would say that they are extracted from lgs fw tools but if not i need to take my edited ones down.
Buy a UHD drive from the guide and how to video maker: https://www.makemkv.com/forum/viewtopic ... 20&t=17831
UHD Drives Guide: https://www.makemkv.com/forum/viewtopic ... 16&t=19634
Auto flash kit $25 Email me for one Billycar5924@gmail.com
SamuriHL
Posts: 2688
Joined: Mon Jun 14, 2010 5:32 pm

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Post by SamuriHL »

The reason I ask is that I did a binary compare of some that are supposedly cleaned vs what's shipped with that tool and they are bit exact. For example:

flash_HL-DT-ST_BD-RE_WH14NS40_1.00_NS50.bin

Note also we discussed the unlikely scenario of getting a 1.00 firmware flasher....right? So if this wasn't extracted and cleaned, is there an LG flasher out there that this was extracted from? I'm not trying to be a pain in the ass. I'm genuinely trying to make sure we are flashing the right things since Mike is very concerned about that.

EDIT:

Also from the link to the modified firmware flashing tool, this line in particular is what I'm wondering about:

"Sincere thanks to everyone who shared the firmwares dumped from their own drives - without your help it wouldn't be possible to collect all these firmwares!"
Billycar11
Posts: 5053
Joined: Sun Aug 24, 2014 5:49 am

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Post by Billycar11 »

SamuriHL wrote:
Wed Feb 06, 2019 4:51 am
The reason I ask is that I did a binary compare of some that are supposedly cleaned vs what's shipped with that tool and they are bit exact. For example:

flash_HL-DT-ST_BD-RE_WH14NS40_1.00_NS50.bin

Note also we discussed the unlikely scenario of getting a 1.00 firmware flasher....right? So if this wasn't extracted and cleaned, is there an LG flasher out there that this was extracted from? I'm not trying to be a pain in the ass. I'm genuinely trying to make sure we are flashing the right things since Mike is very concerned about that.
you are right i just recompared i had selected the non ns50 version they are the same as a clean version

we should make a questions thread and stop cluttering this i think
Buy a UHD drive from the guide and how to video maker: https://www.makemkv.com/forum/viewtopic ... 20&t=17831
UHD Drives Guide: https://www.makemkv.com/forum/viewtopic ... 16&t=19634
Auto flash kit $25 Email me for one Billycar5924@gmail.com
Blackened2687
Posts: 42
Joined: Fri Jan 25, 2019 5:21 pm

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Post by Blackened2687 »

Mike, thank you very much for that info! Awesome as always!
SamuriHL wrote:
Wed Feb 06, 2019 4:51 am
"Sincere thanks to everyone who shared the firmwares dumped from their own drives - without your help it wouldn't be possible to collect all these firmwares!"
That's right, some of these firmwares were dumped from drives and cleaned by me. Of course they will match firmware images bundled with official flashers, since locations of EEPROM data are same for all firmwares.

By the way, if you use "EEPROM data mover" with your raw dump (containing all the calibration data, serial number and so on) and a clean firmware image (as supplied with official flasher) vice-versa, you will get a clean firmware image made of your dump. :)
MartyMcNuts
Posts: 4032
Joined: Wed Nov 22, 2017 11:45 pm

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Post by MartyMcNuts »

Even Better!!!

I have patched the official ASUS BW-16D1HT 3.02 Firmware Updater using Mike's instruction and used this to downgrade a BW-16D1HT-PRO with 3.03 to a BW-16D1HT with 3.02 by using just this exe.

The drive was connected via USB and firmware update (downgrade!) worked flawlessly!!!!

Here is the before & after:
before.jpg
before.jpg (66.44 KiB) Viewed 284511 times
after.jpg
after.jpg (76.98 KiB) Viewed 284511 times
Here is the file:
Attachment removed as no longer needed. Just download and use the (modified) ASUS Flasher.
Last edited by MartyMcNuts on Sun Nov 10, 2019 6:02 am, edited 1 time in total.
Cheers :D
----------------------------------------------------------------------------------------------------------------------------
For UHD enabled drives (AU/NZ/SG + Others) & DIY Single Drive Flasher (WW): https://uhdenableddrives.com
Locked