DosFlash V1.3 Beta (soft flashing with NForce and VIA supported)

[Schtrom]

Download at www.xbins.org or http://rapidshare.com/files/64088130/DosFlash_V1.3Beta.exe.html


DosFlash and DosFlash32 V1.3 Beta
-----------------------------------
- BenQ optimization in unlocking the flash chip, it should now be possible to read/write/erase
  the flash without any soldering or wire tricks, the drive is polled for the correct mtk
  unlocking status after power on, this only works for VIA cards and NForce boards atm
- DosFlash32 has one additional parameter, if you start it with the parameter "EnableDrives"
  all the DVD-ROMs are enabled in device manager after flashing, this could give BSOD on some
  systems, therefor you need to create a DosFlash32 link and add that parameter manual to use it
- DosFlash16 has one additional parameter "Send ATAPI Device Reset" in manual mode, this could
  give better chances for soft flashing on some VIA - motherboard combinations
- better support of Intel chipsets, drives can now be flashed if the controller is not set to
  native mode in the BIOS
- the following controller list includes vendor and device IDs that are hardcoded to identify
  the controller type (IDE or SATA), this is needed if the BIOS uses IDE ports like 0x01F0 or
  0x0170 as SATA and not as IDE channels, this list is NOT related to soft flashing
- the following chipset support is added
  - VIA cards
    - all VIA cards with a 6420 chipset
  - IDE Controllers
    - NVIDIA nForce 2 IDE Controller
    - NVIDIA nForce 4 IDE Controller
    - Intel ICH9
    - Intel ICH (i810,i815,i840)
    - Intel ICH0
    - Intel ICH2M
    - Intel ICH2 (i810E2,i845,850,860)
    - Intel C-ICH (i810E2)
    - Intel ICH3M
    - Intel ICH3 (E7500/1)
    - Intel ICH4 (i845GV,i845E,i852,i855)
    - Intel ICH5
    - Intel ESB (855GME/875P + 6300ESB)
    - Intel ICH6 (and 6) (i915)
    - Intel ICH7/7-R (i945, i975)
    - Intel PIIX3 for the 430HX etc
    - Intel PIIX4
    - Intel PIIX4 for the 430TX/440BX/MX chipset
    - Intel PIIX
  - SATA Controllers
    - NVIDIA nForce 4 SATA Controller
    - NVIDIA nForce 2 SATA Controller
    - NVIDIA nForce 3 SATA Controller
    - NVIDIA nForce MCP04 SATA Controller
    - NVIDIA nForce MCP51 SATA Controller
    - NVIDIA nForce MCP55 SATA Controller
    - NVIDIA nForce MCP61 SATA Controller
    - Intel 82801EB (ICH5)
    - Intel 6300ESB (ICH5)
    - Intel 82801FB/FW (ICH6/ICH6W)
    - Intel 82801FR/FRW (ICH6R/ICH6RW)
    - Intel 82801FBM ICH6M
    - Intel Enterprise Southbridge 2 (631xESB/632xESB)
    - Intel 82801GB/GR/GH (ICH7, identical to ICH6)
    - Intel 2801GBM/GHM (ICH7M, identical to ICH6M)
    - Intel SATA Controller IDE (ICH8)
    - Intel Mobile SATA Controller IDE (ICH8M)
    - Intel SATA Controller IDE (ICH9)
    - Intel SATA Controller IDE (ICH9M)


The following only applies to a software flash on a locked flash. The methods have been tested
with the BenQ and the Sammy. The VCC trick will work on any motherboard, but you need to do
some soldering and cut traces.


Soft Flashing the BenQ in DOS with a VIA card and DosFlash16 in manual mode
-----------------------------------------------------------------------------
- first you need to know the port addresses of your VIA card, you can get these by starting
  msinfo32 on Windows XP and looking at the port listing for SCSI devices
- for the 6421 the 1st port is internal SATA, 2nd is external SATA and 3rd is internal IDE
- for the 6420 the 1st and 3rd port are internal SATA
- you need the starting address e.g. 0xD000 or 0x7000
- be warned that these addresses can change from computer to computer, they are assigned
  at bootup, but Windows XP should display the ones you need for flashing in DOS
- connect a separate power supply unit to the BenQ, don't turn it on yet (can be XBOX360 or
  Xecuter Connectivity Kit)
- don't use the Xecuter Kit to power the drive with the same psu as your computer, cause we
  need to power the drive off and on during soft flashing
- cold reboot or reset the computer
- boot from a DOS disk, I used a Windows XP MS-DOS startup disk
- at the prompt type:
  DosFlash r 7000 1 a0 1 4 a:\orig.bin 0
  - instead of port 7000 use the starting address your VIA card uses
- press return
- DosFlash16 will ask you if you wanna resend the mtk vendor intro cmd, press Yes
- after you pressed Yes the drive status is shown on the screen, it's something like 0x7F,
  this will change during the next few steps
- turn on the BenQ psu and wait 2 or more seconds, status changes between 0x51 and 0xD1
- turn off the BenQ psu and wait 2 or more seconds, status will stay at 0xD1
- turn on the BenQ psu, you should get a good drive status 0x73 and flashing should start
- this worked only one time after the computer is powered on or resetted for me
- writing and erasing works the same way
- for writing type:
  DosFlash w 7000 1 a0 1 4 a:\ixtreme.bin 0
- for erasing type:
  DosFlash e 7000 1 a0 1 4 D8 0 (D8 is the sector erase opcode for the BenQ flash, if you need
  to erase another drive, lookup the value in the datasheet or DosFlash.typ)
- if you experience any problems try to use 1 as the parameter to the ATAPI Device Reset, cause
  the same VIA card will react differently on another motherboard sometimes


Soft Flashing the BenQ in DOS with a NForce motherboard and DosFlash16 in manuel mode
---------------------------------------------------------------------------------------
- first you need to know the port addresses of your NForce motherboard, you can get these by
  starting msinfo32 on Windows XP and looking at the port listing for IDE devices
- on most motherboards the 1st and 3rd ports are used for SATA
- you need the starting address e.g. 0x0970 or 0xE900
- connect a separate power supply unit to the BenQ, don't turn it on yet (can be XBOX360 or
  Xecuter Connectivity Kit)
- don't use the Xecuter Kit to power the drive with the same psu as your computer, cause we
  need to power the drive off and on during soft flashing
- cold reboot or reset the computer
- boot from a DOS disk, I used a Windows XP MS-DOS startup disk
- at the prompt type:
  DosFlash r 0970 1 a0 1 4 a:\orig.bin 1
  - instead of port 0970 use the starting address your NForce motherboard uses
- press return
- DosFlash16 will ask you if you wanna resend the mtk vendor intro cmd, press Yes
- after you pressed Yes the drive status is shown on the screen, it's something like 0xD1,
  this will change during the next few steps
- turn on the BenQ psu, you should get a good drive status 0x73 and flashing should start
- writing and erasing works the same way
- for writing type:
  DosFlash w 0970 1 a0 1 4 a:\ixtreme.bin 1
- for erasing type:
  DosFlash e 0970 1 a0 1 4 D8 1 (D8 is the sector erase opcode for the BenQ flash, if you need
  to erase another drive, lookup the value in the datasheet or DosFlash.typ)


Soft Flashing the BenQ in DOS with a NForce motherboard and DosFlash16 in auto mode
-------------------------------------------------------------------------------------
- connect a separate power supply unit to the BenQ, don't turn it on yet (can be XBOX360 or
  Xecuter Connectivity Kit)
- don't use the Xecuter Kit to power the drive with the same psu as your computer, cause we
  need to power the drive off and on during soft flashing
- cold reboot or reset the computer
- boot from a DOS disk, I used a Windows XP MS-DOS startup disk
- wait until you are at the cmd prompt
- turn on the BenQ psu
- at the prompt type:
  DosFlash
- press return
- during scann of the BenQ's port DosFlash16 will ask you if you wanna resend the mtk vendor
  intro cmd, press Yes
- after you pressed Yes the drive status is shown on the screen, it's something like 0xD1,
  this will change during the next few steps
- turn off the BenQ psu and wait 2 or more seconds, status will stay at 0xD1
- turn on the BenQ psu, you should get a good drive status 0x73 and flash access is granted
- you can now continue as usual using DosFlash
- writing and erasing works the same way
- if the ports are scanned there is the possibility that you'll get the resend question for
  other drives like a NEC, this is because the NEC has no MTK chip and returns a bad status,
  if you know the NEC is at that port you should press No and press Yes only if the port of
  the BenQ is shown or simply disconnect the NEC


Soft Flashing the BenQ in Windows XP with a VIA card or NForce motherboard and DosFlash32
-------------------------------------------------------------------------------------------
- connect a separate power supply unit to the BenQ, don't turn it on yet (can be XBOX360 or
  Xecuter Connectivity Kit)
- don't use the Xecuter Kit to power the drive with the same psu as your computer, cause we
  need to power the drive off and on during soft flashing
- cold reboot or reset the computer
- turn on the BenQ psu when you are in Windows XP
- start DosFlash32
- DosFlash32 will ask you if you wanna resend the mtk vendor intro cmd, press Yes
- turn off the BenQ psu and wait 2 or more seconds
- turn on the BenQ psu, the DosFlash32 dialog should show up
- the flash should be recognized by DosFlash32
- you can now read, write or erase the flash
- you should be able to do the flashing more than one time in Windows, only do the power
  off/on trick again
- if the ports are scanned there is the possibility that you'll get the resend question for
  other drives like a NEC, this is because the NEC has no MTK chip and returns a bad status,
  if you know the NEC is at that port you should press No and press Yes only if the port of
  the BenQ is shown or simply disconnect the NEC


Many thanks to jumba for the great idea of BenQ polling!
Thanks to Iriez, Jumba, Redline99, TeamModfreakz, Tiros and all the IRC people for testing
and support.

Join us on IRC efnet at the channel #dosflash for support.

Don't brick your BenQ!
Kai Schtrom

[gigabite]

yayaya !!! thanks...one question - why does it work with a 6420 chipset and not a 6421? - when will support for 6421 be added??  if there is support i'm sorry just reading this read me is like reading a life story :p !! anyway good work...someone thinks BenQ iXtreme is commming soon 

gigabite

[Millhouse]

Many thanks. Great new options.

[The M.A.R.T.]

yayaya !!! thanks...one question - why does it work with a 6420 chipset and not a 6421? - when will support for 6421 be added??  if there is support i'm sorry just reading this read me is like reading a life story :p !! anyway good work...someone thinks BenQ iXtreme is commming soon 

gigabite

Dude, if I am reading it right:

"- BenQ optimization in unlocking the flash chip, it should now be possible to read/write/erase
  the flash without any soldering or wire tricks, the drive is polled for the correct mtk
  unlocking status after power on, this only works for VIA cards and NForce boards atm"

It works with VIA cards, 6421 already did in v1.2, he added 6420 in v1.3. If I am reading it right though.

Only thing I need now is my 360 back from repair with the BenQ drive and C4E's iXtreme for BenQ

[gigabite]

oh so I know it already worked with 6421's...but that was with the switch, your saying it works, with 6421's [and Nforce] without the need for a switch (sorry it's late and i'm tired - I actually wrote it backwards before re reading it...sounded a little strange : p)??  cheers

gigabite

[icuithink]

Is there a way to Install some sort of Switch so that i can use the same power switch, with the xecuter kit .

[Spider85]

Is there a way to Install some sort of Switch so that i can use the same power switch, with the xecuter kit .

You can put a switch on the molex cable, black is GNd so its about red/yellow

[fuch]

Congrats and thanks for the tool!

[glaze83]

"DosFlash32 has one additional parameter, if you start it with the parameter "EnableDrives"
  all the DVD-ROMs are enabled in device manager after flashing, this could give BSOD on some
  systems, therefor you need to create a DosFlash32 link and add that parameter manual to use it"

I ran the enable drives and now it takes a ridiculously long time to boot into windows --- hdd led remains active for about 45 secs, then finally goes into windows

How do I reverse what thats done?

On a side note I was able to software flash using dos Nice Work

[digifred]

Thks Great news
But is there a IX firmware for the benq drives ?
Or can you use the samsung IX fw for it ?
Read the key out and put it into the samsung IX
Greetz
Fred

[gigabite]

FFS there is no BenQ iXtreme, this tool is useful for obtaining a dump of your firmware !!!

gigabite

[The M.A.R.T.]

Thks Great news
But is there a IX firmware for the benq drives ?
Or can you use the samsung IX fw for it ?
Read the key out and put it into the samsung IX
Greetz
Fred

If you have read above... You would have known the iXtreme FW isn't there YET.

C4E was working on the BenQ before the bans in May/June, but paused his work on that one to get the T/S and Hitachi iXtreme 1.2 done. After that he picked up BenQ again. Word is it will release soonish after the beta.

[Spidy]

Well, i Have The BENQ Too And The 1.2 Beta Works On Windows for Me, i Have Intel MotherBoard and i Can Read the Firm Well, But I Use the 1.3 And Freeze My Pc. Then I Use The 1.2 Beta Again but i erase the Firm And is Ok, Then a Write the Firm and it Writes Only 3 BANKs And For the Last One Fail. And Now i Dont Have DVD For My Console and i Can Not Detect it Again, and When It's Detected My Computer Freeze. What Can i Do?..

1.- Wait Another Version Works For Me..
2.- I Have Original Firm Benq (change for Samsung)
3.- i Dont Know Use DosFlash 16 My Port Is cx40CT How i Put the Command with Write the Firm.

HELP !!!! and Thank You.

[The M.A.R.T.]

Well, i Have The BENQ Too And The 1.2 Beta Works On Windows for Me, i Have Intel MotherBoard and i Can Read the Firm Well, But I Use the 1.3 And Freeze My Pc. Then I Use The 1.2 Beta Again but i erase the Firm And is Ok, Then a Write the Firm and it Writes Only 3 BANKs And For the Last One Fail. And Now i Dont Have DVD For My Console and i Can Not Detect it Again, and When It's Detected My Computer Freeze. What Can i Do?..

1.- Wait Another Version Works For Me..
2.- I Have Original Firm Benq (change for Samsung)
3.- i Dont Know Use DosFlash 16 My Port Is cx40CT How i Put the Command with Write the Firm.

HELP !!!! and Thank You.

Which firmware are you writing on the BenQ? There is NO iXtreme firmware yet to flash it with... You can only use a Toshiba/Samsung drive to spoof as a BenQ.

[Iriez]

Not only that, but how was he getting 1.2 to work on his benq? Did he install a switch? If you want to know your correct port verify it as the first 4 digits/letters displayed in iprep/xtreme boot maker, or the first 4 digits/letters in the first I/O range in device manager properties of the sata controller

The port you listed doesnt sound correct, but if its 40CT its..

dosflash r 40CT 1 a0 1 4 A:\orig.bin

[Arakon]

that port can't be correct, there's no T in hex.

[kleeenerprinz]

that's right, hex is 0-9 and A-F

[NDT]

Hi Schtrom, thanks for the tool but I have a problem with DosFlash 1.3 that would be nice you to fix in the next version:
when it starts in auto mode (both 32 than 16 one) it try to send the mtk vendor intro cmd to a port that is a IDE port of my NFORCE4 motherboard (0x01F0), while it should check the SATA ports.

I know the manual mode in dos allow me to select the port i wants but i'm scared to use the dos version cause of the fact it have hard settings to set if you aren't a pro-user, so i'd like a manual mode in the windows version of DosFlash (at least to send the mtk vendor cmd after the program is already loaded) because it would fix the problem, allowing me to select the right port, that should be AC00 of my VIA RAID CARD:

Name   VIA VT6421 RAID Controller
Manufacturer   VIA Technologies, Inc.
Status   OK
PNP Device ID   PCI\VEN_1106&DEV_3249&SUBSYS_32491106&REV_50\4&13699180&0&3848
I/O Port   0x0000AC00-0x0000AC0F
I/O Port   0x0000A800-0x0000A80F
I/O Port   0x0000A400-0x0000A40F
I/O Port   0x0000A000-0x0000A00F
I/O Port   0x00009C00-0x00009C1F
I/O Port   0x00009800-0x000098FF
IRQ Channel   IRQ 19
Driver   c:\windows\system32\drivers\viamrx64.sys (5.2.3790.530, 160,00 KB (163.840 bytes), 21/04/2007 14.44)

-------------------------------------------------------------------------------------------------------------------------

This is the port that the tool try to check in auto mode:

Name   Primary IDE Channel
Manufacturer   (Standard IDE ATA/ATAPI controllers)
Status   OK
PNP Device ID   PCIIDE\IDECHANNEL\4&2AC9542A&0&0
I/O Port   0x000001F0-0x000001F7
I/O Port   0x000003F6-0x000003F6
IRQ Channel   IRQ 14
Driver   c:\windows\system32\drivers\atapi.sys (5.2.3790.3959 (srv03_sp2_rtm.070216-1710), 146,50 KB (150.016 bytes), 25/03/2005 13.00)

-------------------------------------------------------------------------------------------------------------------------

Thanks in advance!
NDT.

[Schtrom]

You should simply click on "No" the first time it wants to send the cmd to port 0x01F0. For every other port that fails on the mtk vendor intro it will ask you again to resend. You only choose "Yes" if your target port 0xAC00 is displayed, on all other ports press "No". It should work without a prob like this. Report back if you can get it to work this way.

[NDT]

Ah!!

I read this too later, i just decided to use the dos version with the command:

DosFlash r AC00 1 a0 1 4 orig.bin 0

and it worked like a charme with my VIA card even without cutting the tracks, thanks for your help (i'll try the windows version as soon as you can just to try if it's all ok).

The readed firmware is recognized under toolbox 4.5 and i see: BENQ-VAD6038-62430C firmware type with the relative key.

I copied the key in order to use it in the upcoming ixtreme benq fw (as soon it will be released), i have 2 questions:


Q1) Is this command right to flash the firmware?:     DosFlash w AC00 1 a0 1 4 a:\ixtreme.bin 0

Q2) Is it right the use of 0 at the end of the command or should i use 1? (Send reset command, what it does? Is it necessary?)


Thanks a lot for your effort on this!

NDT.