Liteon secrets? I'll share something with you

[kainy]

Good mornin'

I've just tried the second method ( that on the back of the pcb ) on a 74850c drive ( the only one I have, but perfect for testing ).

I'm using dosflash, trough a iPrep boot usb.

So when I finished soldering, I've started the procedure. The flash got recognized but with status 0x11. Anyway I've dumped it. Try to load it in JungleFlasher ( 1.67 on Windows 7 32 bit ) in Target but i crashed ( just turned off ). I though the 0x11 status wasn't lieing so I've checked the soldering and tried again. It was 0x11 again wiht fully recognizing the spi. So I dumped it again. This time i created a new dir in the usb and put there the new dump, firmtool.exe and the l74cfw.bin. Firmtool did everything perfectly and updated the ixtreme with the correct key. Loading it in JF still crashed so I got frustrated. But when I tried opening the firm on my laptop ( Vista 32 bit ) it opened correctly and appeared alright.

So my question is if this dump is good even if the status is 0x11 not 0x72. And if this status is normal for 74850c.

I'm now going to try and spoof the new firm to a Hitachi drive and try it out, but I'll appreatiate a little more info

[glaze83]

I never did make it to pick up a resistor but I happened to have a customer today that used to design pcbs, has an electronics degree, etc, etc. I asked him about pulling a pin down to logic zero and he said the best option would be to mute it with a capacitor.

Somebody please take this and run with it

[DizzyThermal]

Wait..  in order to flash it, do you need to keep it soldered?

Awww cause that would reallyyy really suck..

[n00bpwner360]

I never did make it to pick up a resistor but I happened to have a customer today that used to design pcbs, has an electronics degree, etc, etc. I asked him about pulling a pin down to logic zero and he said the best option would be to mute it with a capacitor.

Somebody please take this and run with it

Question, what were you doing for a customer with an electronics degree? Certainly someone with an electronics degree can follow online instructions to hack a DVD drive, or solder 7 wires and do the JTAG hack...

[SuperK]

Wait..  in order to flash it, do you need to keep it soldered?

Awww cause that would reallyyy really suck..

1. cut traces
2. solder wires/use my solderfree method
3. make sure you have your switch/jumper shorted so the switch has current through it, or grounded through it rather
4. open dosflash and find 0x72
5. disconnect jumper/disable switch so the grounding is gone
6. read flash
7. spoof dumped files
8. lite-on erase
9. write flash
10. mtk outro/reset (close dosflash)
11. turn off pc
12. disconnect soldered wires/remove solder-free wires
13. reconnect cut traces using solder
14. re-assemble drive
15. enjoy.
16. read the thread, and give thanks where its due.

Obviously obtain the head on your shoulders and assume you dont do any soldering/unsoldering while the drive and/or computer are powered on. Only power on the computer before the dosflash read and after all pcb modifications are completed.

[glaze83]

Question, what were you doing for a customer with an electronics degree? Certainly someone with an electronics degree can follow online instructions to hack a DVD drive, or solder 7 wires and do the JTAG hack...

I asked the same thing; he said of course he could do it, but unless he were to do a bunch of them its not worth his time to spend the time researching and doing. I was actually replacing an unmoddable wii drive for him and installing a chip.

[DizzyThermal]

@SuperK

I have the orig.bin (the dump, I loaded it as target, got the drive key, made a dummy.bin and loaded that into Source to make the ix1.6_liteon835.bin have my key in it, I have that already..

I thought you only needed the solder/trace cutting for the key..  You can't write the ix1.6_liteon835.bin to the drive with it being unsoldered?  In "normal" mode (if you will)

Because DosFlash and JF say they don't recognize the chipset..

[calimba]

dump and flash perfect, thank you very much MRA and carranzafp for the ixtreme

[andifx@gmail.com]

thanks..

[andifx@gmail.com]

i got 93450c-2 firmware version, i used dosflash and it did not get x72 status ?
what should i do to dump it ?

thanks before mate ...

[Cpx]

Here my situation;
My dvd-rom has two sticker, top of it says it is 93450c and under the sticker it says 83850c. Inside of the dvd rom board, sticker says fw is 83850c2, its date august 2009. I soldered my dvd's pcb with two wires and cut one line and one via path as given and also add 22ohm res and switch. when try to read from dosflash32 v1.8, it says board fw is 93450 and gives status 0x51 (not 0x52) . Now I removed wires and re-connect the lines and I can play games with original game dvd. (that shows driver still working properly).  What should I do to read fw from dvd-rom. I just want to learn my dvd key because I will swap my dvd rom with benq. By the way, is just dvd-key enough for me?

[asapreta]

So here is some advice for all who are still having problems and especially for all of you who think the might have a board with Winbond SPI flash:

You should check your soldering again and again before trying one of these things!

-If you get status 0x52 instead of 0x72 it is very likely that the voltage for the SPI isn´t pulled down strong enough. Maybe your resistor is a little bigger than 22 Ohm? If it´s not try a slightly (!) smaller one, about 20 Ohm should be OK for you.


-If you have a Winbond SPI Flash inside (i know, you can´t be sure about this from the outside) you will probably get status 0x72 but instead of recognizing the Winbond flash it will be recognized as unknown flash chip (manufacturer and device ID 0xFF). If that is the case you can´t use Dosflash anymore, you have to use JF!

-start JF
-put the switch in position 1
-power drive
-in the MTKFlash Tab click "intro"
-it shoudl get "recognized" as unknown flash chip with status 0x72 like it was in Dosflash
-put switch in position 2
-click onto "intro" again
-now JF should recognize the Winbond SPI with status 0x72 and you can dump the whole drive

IMPORTANT: Don´t power the drive down between the 2 intros!

Hi,

my friend played with the resistors and got voltages from 1.92 to 1.74. He can manage them to correctly get 1.80 but even on this voltage it won't get 0x72. Only 0x52 when drive is on or 0xD2 when drive is off.

Any hints?

best regards

[DizzyThermal]

I guess my question from a few posts back becomes this: Will JungleFlasher be able to "Erase/Write" the Lite-ON 83580c v2 in the next update, because it recognizes it as an unknown chip or whatever..

I read the orig.bin off the drive, but didn't flash it, I took all the solder connections apart and bridged the cut traces..  It plays originals again, but I can't flash the new firmware

Shall I wait for the new JF/DosFlash, or do I HAVE to solder it back up?

[n00bpwner360]

Waiting can't hurt...seriously one of the problem with the scene is that the end users are way too impatient...I'm not just harping on you DizzyThermal I'm harping on end users as a whole. OMFG LIEK WEN TEH FUXX0RZ IZ TEH IX LT COMING OUT I N33DZ T0 PL4YZ MY GAMEZ. Like seriously guys...

[n00bpwner360]

Question, what were you doing for a customer with an electronics degree? Certainly someone with an electronics degree can follow online instructions to hack a DVD drive, or solder 7 wires and do the JTAG hack...

I asked the same thing; he said of course he could do it, but unless he were to do a bunch of them its not worth his time to spend the time researching and doing. I was actually replacing an unmoddable wii drive for him and installing a chip.

OK, that makes sense. Thanks for the response!

[Geremia]

Sincerely i've not tryed any of the TMF or MRA tricks, but there is no need to start dosflash with the SPI messed up, cause it's not dosflash that needs to see the flash emty, but rather the internal flash controller, and it does it at powerup indipendently of what you are doing on the sata side.
Have you tried this?
just make the spi vcc be 1,8-2v, connect sata cable, powerup the drive, the flash controller reads from the spi bus, all FF is returned back, so it thinks flash is empty and then does not lock vendormode.
Now, turn SPI vcc to normal 3,3v wihtout repowering the drive, the flash controller should remain in the previus status ("flash was empty so vendormode not lcked"), fire up dosflash which will enter vendormode and if status 72, it automatically sends the spi read_id cmd and now the spi falsh will respond correctly.

I think this is the way it should go, if not, maybe i could take a look myself.

There are also some strange stuff goin on with some sata controllers, like cmd queueing, which can do unexpected stuff

[tul]

Sincerely i've not tryed any of the TMF or MRA tricks, but there is no need to start dosflash with the SPI messed up, cause it's not dosflash that needs to see the flash emty, but rather the internal flash controller, and it does it at powerup indipendently of what you are doing on the sata side.
Have you tried this?
just make the spi vcc be 1,8-2v, connect sata cable, powerup the drive, the flash controller reads from the spi bus, all FF is returned back, so it thinks flash is empty and then does not lock vendormode.
Now, turn SPI vcc to normal 3,3v wihtout repowering the drive, the flash controller should remain in the previus status ("flash was empty so vendormode not lcked"), fire up dosflash which will enter vendormode and if status 72, it automatically sends the spi read_id cmd and now the spi falsh will respond correctly.

I think this is the way it should go, if not, maybe i could take a look myself.

There are also some strange stuff goin on with some sata controllers, like cmd queueing, which can do unexpected stuff

maybe you could have a solution to read without soldering or cuting tracks

anyway im really glad that everyone is trying to help and making conclusions for the goal that we all have.

[The M.A.R.T.]

"Issues with non-verb media, more performance data, more code, more testing."

Little bit more waiting for LT to flash the new drives...

[SuperK]

I guess my question from a few posts back becomes this: Will JungleFlasher be able to "Erase/Write" the Lite-ON 83580c v2 in the next update, because it recognizes it as an unknown chip or whatever..

I read the orig.bin off the drive, but didn't flash it, I took all the solder connections apart and bridged the cut traces..  It plays originals again, but I can't flash the new firmware

Shall I wait for the new JF/DosFlash, or do I HAVE to solder it back up?

in order to access the firmware for ANY operation (read or write) you MUST leave the traces cut and the soldered connections intact, otherwise the drive isnt in zero logic mode and its protections are up.

[BoXXDr]

in order to access the firmware for ANY operation (read or write) you MUST leave the traces cut and the soldered connections intact, otherwise the drive isnt in zero logic mode and its protections are up.

Not true.
With traces cut Read the firmware.
Patch the traces
Erase
Write

Thats what worked for me.