Page 1 of 15

Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Posted: Tue Feb 05, 2019 10:35 pm
by mike admin
As mentioned many times earlier, I personally do not recommend downgrading your drive firmware without understanding the possible consequences.
However recently the firmware downgrade method using SPI access via vendor ATA commands (a.k.a. dosflash method, a.k.a. DVDFab tool method) became more and more popular. Live flash update in raw mode became a commodity. Guides on our forum written by fellow members are also based on this method. This method is highly dangerous ( please see viewtopic.php?f=16&t=18857 ) but is used widely because this is the only method that is publicly available.

To stop the painful drive abuse I have to divulge some information. Normally I avoid doing so, but the current insanity has to be stopped.
Here is my "guide" how to downgrade any MTK firmware using only official flashing app. No dosflash, no direct flash write, no meddling with IDE controller settings.

What we would need:
A patched official MTK flasher. Can be downloaded from https://forum.cdrinfo.pl/f29/crossflash ... s58-96313/ This flasher operates using drive self-update mode.
An unpacked official update image (bin file). The archive at link above contains some images already. This is important step - the official update BIN is needed, not a dump of any sort or "cleaned" dump. These are easy to come by.

Normally official flasher would refuse to downgrade firmware from latest versions - the so-called "Write DRAM NG 05/24/00" error. For example ASUS drive with 3.03 firmware would refuse to flash firmware 3.0 (present in archive from link above). A custom step is required to make the old firmware flash-able on a latest-firmware drive. Any old firmware can be patched this way.

Here are instructions for the super-duper-secret-mega hack that would allow flashing the old firmware into drives with latest firmware:
Open the firmware BIN file with a hex editor.
Navigate to the offset 0x1ec056 . The byte at this location should be FF . In fact on all (old) firmwares the bytes just before this byte have some distinct values, and all bytes after this byte are FFs.
Change just this single byte (at location 0x1ec056) from 0xFF to 0xDE ("downgrade enable").

Congratulations! You are an elite hacker now. With this byte changed, the firmware will be accepted by drives with latest firmware, allowing downgrade using official flasher. No checksums, no digital signatures, nothing. Just. One. Byte.

If anyone wants to make a community service and post official firmware images with this byte patched, you are welcome to do so in this thread.

p.s. There is no doubt that as with UHD support, in a few days the respectable commercial firmware downgrade utilities would stop requiring changing the setting of IDE controller and would start working with USB drives.

p.p.s. SPI bus access via vendor ATA is a firmware-controlled feature, not a hardware interface. There is no doubt that in response to mainstream usage of this interface, it will be disabled in upcoming firmware versions, making life significanty difficult for everyone. Just because greed is greed and $109 is still $109... :(

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Posted: Tue Feb 05, 2019 11:37 pm
by MartyMcNuts
It's a good thing I kept the official ASUS BW-16D1HT 3.02 Flasher. Here is the 3.02 firmware patched as per Mike's Instructions.
ASUS_BW-16D1HT_3.02_OFFICIAL_(BYTE_PATCHED).bin.zip
(1.29 MiB) Downloaded 2201 times

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Posted: Wed Feb 06, 2019 12:37 am
by Billycar11
nice thank you so much for this
How to video: https://www.youtube.com/watch?v=Yfpf6HoMMis

Included in this zip is the following firmware:
ASUS_BW-16D1HT_302
BE16NU50_1.01
BH14NS50_1.01
BH14NS58_1.00
BH16NS40_1.02_NS50
BH16NS50_1.01
BH16NS55_1.02
WH14NS40_1.02_NS50
WH16NS40_1.02_NS50
BU40N_1.00
WH16NS60_1.00
Buffalo BRUHD-PU3 BU10 Thanks to
flashback8 wrote:
for the Buffalo BRUHD-PU3 BU10 Dump This is the firmware file name DE_flash_HL-DT-ST_BD-RE_BU40N_BU10.bin



they all have the downgrade enabled so all you need to do is download this and the unlocked flasher and then choose the file for your drive. This works with SATA AHCI/RAID, IDE, and over USB!!

Big thanks to
mike admin wrote:
Wed Feb 06, 2019 12:17 pm
for letting us know where to edit
And Big thanks to
Blackened2687 wrote:
Wed Feb 06, 2019 6:53 am
for the Unlocked Flasher :D :D

Downgrade Enabled Firmware V.2
https://drive.google.com/file/d/102V7DU ... sp=sharing
MD5: D9166F375D82D808411549BF615EE70E
SHA-256: 64084863829C3C8EFABF6ED786DAC426AC70C23AE02D7525C36C369841C869B0

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Posted: Wed Feb 06, 2019 1:06 am
by st4evr
Thanks Mike and to the members providing the firmwares! :D

This will be very, very useful to many.

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Posted: Wed Feb 06, 2019 1:20 am
by MartyMcNuts
Billycar11 wrote:
Wed Feb 06, 2019 12:37 am
nice thank you so much for this i will make a new video later but it might be a few days here is
LG WH16NS60 1.00
LG WH16NS40 1.02
LG WH14NS40 1.02
LG BU40N 1.00
Asus BW-161HT 3.02

https://drive.google.com/file/d/1cZo3iv ... sp=sharing
@Billycar11,

Are these bin files extracted from the official LG Firmware Update tools? As Mike said, dumps or cleaned dumps of any sort are not suitable. If you have the official LG firmware updaters could you please upload them.

Thanks

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Posted: Wed Feb 06, 2019 1:38 am
by Billycar11
MartyMcNuts wrote:
Wed Feb 06, 2019 1:20 am

@Billycar11,

Are these bin files extracted from the official LG Firmware Update tools? As Mike said, dumps or cleaned dumps of any sort are not suitable. If you have the official LG firmware updaters could you please upload them.

Thanks
its fixed now

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Posted: Wed Feb 06, 2019 1:51 am
by SamuriHL
WOA! First off, THANK YOU VERY MUCH, Mike, for posting this information. This is fantastic...well, for now. :)

Does anyone happen to have a bin file for the NS60 1.00 firmware?

Amazing!

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Posted: Wed Feb 06, 2019 2:56 am
by Billycar11
SamuriHL wrote:
Wed Feb 06, 2019 1:51 am
WOA! First off, THANK YOU VERY MUCH, Mike, for posting this information. This is fantastic...well, for now. :)

Does anyone happen to have a bin file for the NS60 1.00 firmware?

Amazing!
ns60 1.00 bu40n 1.00 if we get the official of those 2 everything will be perfect all the others can crossflash to each other fine

but they are probably really hard to come by since there was probably no fw update tool with them since they were initial release firmware's.

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Posted: Wed Feb 06, 2019 2:58 am
by SamuriHL
Ahhhh, hell that's a really good point. Not that it REALLY matters since Mike is going to support the latest firmware versions soon. Once that happens, game is done. :)

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Posted: Wed Feb 06, 2019 4:33 am
by SamuriHL
I'm probably getting to be annoying at this point so I do apologize, however...the flash tool that's linked to in the first post here comes with supposedly good bin files. However, they appear to just be bin files that were extracted and cleaned. Am I missing something or are those not extracted from LG firmware flashers? Sorry if this is a stupid question but I want to be very sure we know what it is we're flashing.

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Posted: Wed Feb 06, 2019 4:42 am
by Billycar11
mike admin wrote:
Tue Feb 05, 2019 10:35 pm
Can be downloaded from https://forum.cdrinfo.pl/f29/crossflash ... s58-96313/ This flasher operates using drive self-update mode.
An unpacked official update image (bin file). The archive at link above contains some images already. This is important step - the official update BIN is needed, not a dump of any sort or "cleaned" dump. These are easy to come by.

SamuriHL wrote:
Wed Feb 06, 2019 4:33 am
I'm probably getting to be annoying at this point so I do apologize, however...the flash tool that's linked to in the first post here comes with supposedly good bin files. However, they appear to just be bin files that were extracted and cleaned. Am I missing something or are those not extracted from LG firmware flashers? Sorry if this is a stupid question but I want to be very sure we know what it is we're flashing.
judging by that quote i would say yes they are from lgs fw tool i did also compare the WH14NS40 1.02 from there to the Clean WH14NS40 1.02 and they had a lot of differences outside of the calibration data so i would say that they are extracted from lgs fw tools but if not i need to take my edited ones down.

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Posted: Wed Feb 06, 2019 4:51 am
by SamuriHL
The reason I ask is that I did a binary compare of some that are supposedly cleaned vs what's shipped with that tool and they are bit exact. For example:

flash_HL-DT-ST_BD-RE_WH14NS40_1.00_NS50.bin

Note also we discussed the unlikely scenario of getting a 1.00 firmware flasher....right? So if this wasn't extracted and cleaned, is there an LG flasher out there that this was extracted from? I'm not trying to be a pain in the ass. I'm genuinely trying to make sure we are flashing the right things since Mike is very concerned about that.

EDIT:

Also from the link to the modified firmware flashing tool, this line in particular is what I'm wondering about:

"Sincere thanks to everyone who shared the firmwares dumped from their own drives - without your help it wouldn't be possible to collect all these firmwares!"

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Posted: Wed Feb 06, 2019 4:54 am
by Billycar11
SamuriHL wrote:
Wed Feb 06, 2019 4:51 am
The reason I ask is that I did a binary compare of some that are supposedly cleaned vs what's shipped with that tool and they are bit exact. For example:

flash_HL-DT-ST_BD-RE_WH14NS40_1.00_NS50.bin

Note also we discussed the unlikely scenario of getting a 1.00 firmware flasher....right? So if this wasn't extracted and cleaned, is there an LG flasher out there that this was extracted from? I'm not trying to be a pain in the ass. I'm genuinely trying to make sure we are flashing the right things since Mike is very concerned about that.
you are right i just recompared i had selected the non ns50 version they are the same as a clean version

we should make a questions thread and stop cluttering this i think

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Posted: Wed Feb 06, 2019 6:53 am
by Blackened2687
Mike, thank you very much for that info! Awesome as always!
SamuriHL wrote:
Wed Feb 06, 2019 4:51 am
"Sincere thanks to everyone who shared the firmwares dumped from their own drives - without your help it wouldn't be possible to collect all these firmwares!"
That's right, some of these firmwares were dumped from drives and cleaned by me. Of course they will match firmware images bundled with official flashers, since locations of EEPROM data are same for all firmwares.

By the way, if you use "EEPROM data mover" with your raw dump (containing all the calibration data, serial number and so on) and a clean firmware image (as supplied with official flasher) vice-versa, you will get a clean firmware image made of your dump. :)

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Posted: Wed Feb 06, 2019 6:55 am
by MartyMcNuts
Even Better!!!

I have patched the official ASUS BW-16D1HT 3.02 Firmware Updater using Mike's instruction and used this to downgrade a BW-16D1HT-PRO with 3.03 to a BW-16D1HT with 3.02 by using just this exe.

The drive was connected via USB and firmware update (downgrade!) worked flawlessly!!!!

Here is the before & after:
before.jpg
before.jpg (66.44 KiB) Viewed 37314 times
after.jpg
after.jpg (76.98 KiB) Viewed 37314 times
Here is the file:
Attachment removed as no longer needed. Just download and use the (modified) ASUS Flasher.