Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Forum for discussions about UHD-capable dives
Post Reply
mike admin
Posts: 3579
Joined: Wed Nov 26, 2008 2:26 am
Contact:

Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Post by mike admin » Tue Feb 05, 2019 10:35 pm

As mentioned many times earlier, I personally do not recommend downgrading your drive firmware without understanding the possible consequences.
However recently the firmware downgrade method using SPI access via vendor ATA commands (a.k.a. dosflash method, a.k.a. DVDFab tool method) became more and more popular. Live flash update in raw mode became a commodity. Guides on our forum written by fellow members are also based on this method. This method is highly dangerous ( please see viewtopic.php?f=16&t=18857 ) but is used widely because this is the only method that is publicly available.

To stop the painful drive abuse I have to divulge some information. Normally I avoid doing so, but the current insanity has to be stopped.
Here is my "guide" how to downgrade any MTK firmware using only official flashing app. No dosflash, no direct flash write, no meddling with IDE controller settings.

What we would need:
A patched official MTK flasher. Can be downloaded from https://forum.cdrinfo.pl/f29/crossflash ... s58-96313/ This flasher operates using drive self-update mode.
An unpacked official update image (bin file). The archive at link above contains some images already. This is important step - the official update BIN is needed, not a dump of any sort or "cleaned" dump. These are easy to come by.

Normally official flasher would refuse to downgrade firmware from latest versions - the so-called "Write DRAM NG 05/24/00" error. For example ASUS drive with 3.03 firmware would refuse to flash firmware 3.0 (present in archive from link above). A custom step is required to make the old firmware flash-able on a latest-firmware drive. Any old firmware can be patched this way.

Here are instructions for the super-duper-secret-mega hack that would allow flashing the old firmware into drives with latest firmware:
Open the firmware BIN file with a hex editor.
Navigate to the offset 0x1ec056 . The byte at this location should be FF . In fact on all (old) firmwares the bytes just before this byte have some distinct values, and all bytes after this byte are FFs.
Change just this single byte (at location 0x1ec056) from 0xFF to 0xDE ("downgrade enable").

Congratulations! You are an elite hacker now. With this byte changed, the firmware will be accepted by drives with latest firmware, allowing downgrade using official flasher. No checksums, no digital signatures, nothing. Just. One. Byte.

If anyone wants to make a community service and post official firmware images with this byte patched, you are welcome to do so in this thread.

p.s. There is no doubt that as with UHD support, in a few days the respectable commercial firmware downgrade utilities would stop requiring changing the setting of IDE controller and would start working with USB drives.

p.p.s. SPI bus access via vendor ATA is a firmware-controlled feature, not a hardware interface. There is no doubt that in response to mainstream usage of this interface, it will be disabled in upcoming firmware versions, making life significanty difficult for everyone. Just because greed is greed and $109 is still $109... :(

MartyMcNuts
Posts: 326
Joined: Wed Nov 22, 2017 11:45 pm

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Post by MartyMcNuts » Tue Feb 05, 2019 11:37 pm

It's a good thing I kept the official ASUS BW-16D1HT 3.02 Flasher. Here is the 3.02 firmware patched as per Mike's Instructions.
ASUS_BW-16D1HT_3.02_OFFICIAL_(BYTE_PATCHED).bin.zip
(1.29 MiB) Downloaded 1027 times

Billycar11
Posts: 367
Joined: Sun Aug 24, 2014 5:49 am

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Post by Billycar11 » Wed Feb 06, 2019 12:37 am

nice thank you so much for this
How to video: https://www.youtube.com/watch?v=Yfpf6HoMMis

Included in this zip is the following firmware:
ASUS_BW-16D1HT_302
BE16NU50_1.01
BH14NS50_1.01
BH14NS58_1.00
BH16NS40_1.02_NS50
BH16NS50_1.01
BH16NS55_1.02
WH14NS40_1.02_NS50
WH16NS40_1.02_NS50
BU40N_1.00
WH16NS60_1.00
Buffalo BRUHD-PU3 BU10 Thanks to
flashback8 wrote:
for the Buffalo BRUHD-PU3 BU10 Dump This is the firmware file name DE_flash_HL-DT-ST_BD-RE_BU40N_BU10.bin



they all have the downgrade enabled so all you need to do is download this and the unlocked flasher and then choose the file for your drive. This works with SATA AHCI/RAID, IDE, and over USB!!

Big thanks to
mike admin wrote:
Wed Feb 06, 2019 12:17 pm
for letting us know where to edit
And Big thanks to
Blackened2687 wrote:
Wed Feb 06, 2019 6:53 am
for the Unlocked Flasher :D :D

Downgrade Enabled Firmware V.2
https://drive.google.com/file/d/102V7DU ... sp=sharing
MD5: D9166F375D82D808411549BF615EE70E
SHA-256: 64084863829C3C8EFABF6ED786DAC426AC70C23AE02D7525C36C369841C869B0
Last edited by Billycar11 on Wed Apr 24, 2019 11:01 pm, edited 13 times in total.

st4evr
Posts: 400
Joined: Tue Mar 06, 2018 11:38 pm

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Post by st4evr » Wed Feb 06, 2019 1:06 am

Thanks Mike and to the members providing the firmwares! :D

This will be very, very useful to many.

MartyMcNuts
Posts: 326
Joined: Wed Nov 22, 2017 11:45 pm

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Post by MartyMcNuts » Wed Feb 06, 2019 1:20 am

Billycar11 wrote:
Wed Feb 06, 2019 12:37 am
nice thank you so much for this i will make a new video later but it might be a few days here is
LG WH16NS60 1.00
LG WH16NS40 1.02
LG WH14NS40 1.02
LG BU40N 1.00
Asus BW-161HT 3.02

https://drive.google.com/file/d/1cZo3iv ... sp=sharing
@Billycar11,

Are these bin files extracted from the official LG Firmware Update tools? As Mike said, dumps or cleaned dumps of any sort are not suitable. If you have the official LG firmware updaters could you please upload them.

Thanks

Billycar11
Posts: 367
Joined: Sun Aug 24, 2014 5:49 am

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Post by Billycar11 » Wed Feb 06, 2019 1:38 am

MartyMcNuts wrote:
Wed Feb 06, 2019 1:20 am

@Billycar11,

Are these bin files extracted from the official LG Firmware Update tools? As Mike said, dumps or cleaned dumps of any sort are not suitable. If you have the official LG firmware updaters could you please upload them.

Thanks
its fixed now
Last edited by Billycar11 on Wed Feb 06, 2019 4:03 am, edited 2 times in total.

SamuriHL
Posts: 780
Joined: Mon Jun 14, 2010 5:32 pm

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Post by SamuriHL » Wed Feb 06, 2019 1:51 am

WOA! First off, THANK YOU VERY MUCH, Mike, for posting this information. This is fantastic...well, for now. :)

Does anyone happen to have a bin file for the NS60 1.00 firmware?

Amazing!

Billycar11
Posts: 367
Joined: Sun Aug 24, 2014 5:49 am

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Post by Billycar11 » Wed Feb 06, 2019 2:56 am

SamuriHL wrote:
Wed Feb 06, 2019 1:51 am
WOA! First off, THANK YOU VERY MUCH, Mike, for posting this information. This is fantastic...well, for now. :)

Does anyone happen to have a bin file for the NS60 1.00 firmware?

Amazing!
ns60 1.00 bu40n 1.00 if we get the official of those 2 everything will be perfect all the others can crossflash to each other fine

but they are probably really hard to come by since there was probably no fw update tool with them since they were initial release firmware's.

SamuriHL
Posts: 780
Joined: Mon Jun 14, 2010 5:32 pm

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Post by SamuriHL » Wed Feb 06, 2019 2:58 am

Ahhhh, hell that's a really good point. Not that it REALLY matters since Mike is going to support the latest firmware versions soon. Once that happens, game is done. :)

SamuriHL
Posts: 780
Joined: Mon Jun 14, 2010 5:32 pm

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Post by SamuriHL » Wed Feb 06, 2019 4:33 am

I'm probably getting to be annoying at this point so I do apologize, however...the flash tool that's linked to in the first post here comes with supposedly good bin files. However, they appear to just be bin files that were extracted and cleaned. Am I missing something or are those not extracted from LG firmware flashers? Sorry if this is a stupid question but I want to be very sure we know what it is we're flashing.

Billycar11
Posts: 367
Joined: Sun Aug 24, 2014 5:49 am

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Post by Billycar11 » Wed Feb 06, 2019 4:42 am

mike admin wrote:
Tue Feb 05, 2019 10:35 pm
Can be downloaded from https://forum.cdrinfo.pl/f29/crossflash ... s58-96313/ This flasher operates using drive self-update mode.
An unpacked official update image (bin file). The archive at link above contains some images already. This is important step - the official update BIN is needed, not a dump of any sort or "cleaned" dump. These are easy to come by.

SamuriHL wrote:
Wed Feb 06, 2019 4:33 am
I'm probably getting to be annoying at this point so I do apologize, however...the flash tool that's linked to in the first post here comes with supposedly good bin files. However, they appear to just be bin files that were extracted and cleaned. Am I missing something or are those not extracted from LG firmware flashers? Sorry if this is a stupid question but I want to be very sure we know what it is we're flashing.
judging by that quote i would say yes they are from lgs fw tool i did also compare the WH14NS40 1.02 from there to the Clean WH14NS40 1.02 and they had a lot of differences outside of the calibration data so i would say that they are extracted from lgs fw tools but if not i need to take my edited ones down.

SamuriHL
Posts: 780
Joined: Mon Jun 14, 2010 5:32 pm

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Post by SamuriHL » Wed Feb 06, 2019 4:51 am

The reason I ask is that I did a binary compare of some that are supposedly cleaned vs what's shipped with that tool and they are bit exact. For example:

flash_HL-DT-ST_BD-RE_WH14NS40_1.00_NS50.bin

Note also we discussed the unlikely scenario of getting a 1.00 firmware flasher....right? So if this wasn't extracted and cleaned, is there an LG flasher out there that this was extracted from? I'm not trying to be a pain in the ass. I'm genuinely trying to make sure we are flashing the right things since Mike is very concerned about that.

EDIT:

Also from the link to the modified firmware flashing tool, this line in particular is what I'm wondering about:

"Sincere thanks to everyone who shared the firmwares dumped from their own drives - without your help it wouldn't be possible to collect all these firmwares!"

Billycar11
Posts: 367
Joined: Sun Aug 24, 2014 5:49 am

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Post by Billycar11 » Wed Feb 06, 2019 4:54 am

SamuriHL wrote:
Wed Feb 06, 2019 4:51 am
The reason I ask is that I did a binary compare of some that are supposedly cleaned vs what's shipped with that tool and they are bit exact. For example:

flash_HL-DT-ST_BD-RE_WH14NS40_1.00_NS50.bin

Note also we discussed the unlikely scenario of getting a 1.00 firmware flasher....right? So if this wasn't extracted and cleaned, is there an LG flasher out there that this was extracted from? I'm not trying to be a pain in the ass. I'm genuinely trying to make sure we are flashing the right things since Mike is very concerned about that.
you are right i just recompared i had selected the non ns50 version they are the same as a clean version

we should make a questions thread and stop cluttering this i think

Blackened2687
Posts: 2
Joined: Fri Jan 25, 2019 5:21 pm

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Post by Blackened2687 » Wed Feb 06, 2019 6:53 am

Mike, thank you very much for that info! Awesome as always!
SamuriHL wrote:
Wed Feb 06, 2019 4:51 am
"Sincere thanks to everyone who shared the firmwares dumped from their own drives - without your help it wouldn't be possible to collect all these firmwares!"
That's right, some of these firmwares were dumped from drives and cleaned by me. Of course they will match firmware images bundled with official flashers, since locations of EEPROM data are same for all firmwares.

By the way, if you use "EEPROM data mover" with your raw dump (containing all the calibration data, serial number and so on) and a clean firmware image (as supplied with official flasher) vice-versa, you will get a clean firmware image made of your dump. :)

MartyMcNuts
Posts: 326
Joined: Wed Nov 22, 2017 11:45 pm

Re: Firmware downgrade using official (patched) flasher, the "Ultra hax0r guide"

Post by MartyMcNuts » Wed Feb 06, 2019 6:55 am

Even Better!!!

I have patched the official ASUS BW-16D1HT 3.02 Firmware Updater using Mike's instruction and used this to downgrade a BW-16D1HT-PRO with 3.03 to a BW-16D1HT with 3.02 by using just this exe.

The drive was connected via USB and firmware update (downgrade!) worked flawlessly!!!!

Here is the before & after:
before.jpg
before.jpg (66.44 KiB) Viewed 15282 times
after.jpg
after.jpg (76.98 KiB) Viewed 15282 times
Here is the file:
ASUS ODD FW 3.02 Updater for BW-16D1HT (Patched).zip
(1.43 MiB) Downloaded 1517 times
This is a patched version of the official ASUS Firmware Updater, so I am pretty sure it can only be used to downgrade a BW-16D1HT with 3.03 to 3.02 (not for cross-flashing other drives).

Post Reply