Project to dump the new BenQ drive - VAD6038

[bowser222]

hey tmf did you build your reader/writer for the spi?if got schems?also off topic.i pulled my 360 apart today(not the 1st time) and i looked at the southbride and said holy $#!t tmf must be some good with his rework station
c ya

[MODFREAKz]

MTKFLASH get the error status 73 should be 50. but win update programm works fine (only flashing)

sorry for small typo!

MTKFLASH error report is:

Status 73, should be 70.

[bowser222]

Is their anything out for the VAD6037?where are the keys stored?and tmf are you using a homemade spi eeprom reader?
''Bowser

[jumba]

Thanx, 10 4 gary. Carn't lay my hands on VAD6038 so can someone trace out the connection between SPI mt1359se. Please post or PM me.

[Iriez]

got new SATA PC drive again!!!
this time it is a Philips drive, looks like BenQ VAD6038

same laser, chipset and SPI rom

firmware DD01, OD7I and photos will follow!!

MTKFLASH get the error status 73 should be 50. but win update programm works fine (only flashing)


btw. we have now a SPI programmer to dump the firmware, so if someone could send his SPI rom from VAD6038, that would be great!!

Erm, perhaps im misunderstanding? You said this pc sata dvdrom has the same chipset/spi as the VAD6038...if that is the case, would not the VAD6038 be programmable by this same win software? Just not dumpable, correct?

If that is the case, then the winsoftware has the neccessary instructions to communicate with that specific SPI, just needs to be decompiled to be properly understood, so that the instructions can be used in a dumping.

[garyopa]

Thanx, 10 4 gary. Carn't lay my hands on VAD6038 so can someone trace out the connection between SPI mt1359se. Please post or PM me.

It looks the same as the PM you send me regarding the 943 SPI usage.

I will PM you the details later today.

[garyopa]

got new SATA PC drive again!!!
this time it is a Philips drive, looks like BenQ VAD6038

same laser, chipset and SPI rom

firmware DD01, OD7I and photos will follow!!

MTKFLASH get the error status 73 should be 50. but win update programm works fine (only flashing)


btw. we have now a SPI programmer to dump the firmware, so if someone could send his SPI rom from VAD6038, that would be great!!

Erm, perhaps im misunderstanding? You said this pc sata dvdrom has the same chipset/spi as the VAD6038...if that is the case, would not the VAD6038 be programmable by this same win software? Just not dumpable, correct?

If that is the case, then the winsoftware has the neccessary instructions to communicate with that specific SPI, just needs to be decompiled to be properly understood, so that the instructions can be used in a dumping.

There is about two WIN-based programs which will FLASH the BenQ drive with no problems,
the only problem is both are designed as "Upgraders" or "Updaters" and they only do FLASHing,
and don't have any option to SAVE or BACKUP the firmware, so they have no use since the DVD key would be lost in the process.

There is other WIN-based program which will do both, but only if the drive has a drive letter,
and the BenQ does not add one, but it seems to report the same bad error status like the
Hitachi drives when booting into Slax with a ModeB option, except the ModeB does not of course support BenQ drive.

[bowser222]

hey tmf out of topic but i got a 360 mobo if ya want it.it give error 0003.you just gotta pay shipping
c ya

[BurnOmatic]

got new SATA PC drive again!!!
this time it is a Philips drive, looks like BenQ VAD6038

same laser, chipset and SPI rom

firmware DD01, OD7I and photos will follow!!

MTKFLASH get the error status 73 should be 50. but win update programm works fine (only flashing)


btw. we have now a SPI programmer to dump the firmware, so if someone could send his SPI rom from VAD6038, that would be great!!

Erm, perhaps im misunderstanding? You said this pc sata dvdrom has the same chipset/spi as the VAD6038...if that is the case, would not the VAD6038 be programmable by this same win software? Just not dumpable, correct?

If that is the case, then the winsoftware has the neccessary instructions to communicate with that specific SPI, just needs to be decompiled to be properly understood, so that the instructions can be used in a dumping.

There is about two WIN-based programs which will FLASH the BenQ drive with no problems,
the only problem is both are designed as "Upgraders" or "Updaters" and they only do FLASHing,
and don't have any option to SAVE or BACKUP the firmware, so they have no use since the DVD key would be lost in the process.

There is other WIN-based program which will do both, but only if the drive has a drive letter,
and the BenQ does not add one, but it seems to report the same bad error status like the
Hitachi drives when booting into Slax with a ModeB option, except the ModeB does not of course support BenQ drive.

so which windows program would that be OPA, so i can go hunt it down ?

[MODFREAKz]

ok here is that drive!!

Philips DROM6316
Chipset:  MediaTek MT1359SE
F/W Chip:  Winbond W25B20A SPI
RAM Chip:  AMIC A428316S-25
Firmware:  DD01 and OD7I
H/W:  00  (A03 is also available)

This drive has also a serial port!!
tried program like MTKTool or Hypertrm without success at the moment.

ach and here is the windows flash tool: FlashTool



       

[jumba]

Looks like this rom is available in Dells. Any chance to post link to hi res pix of pcb?

[caster420]

Click on the image(s).

[bowser222]

if anyone here doesnt mind please sned me an spi from your benq as i have a willem with soic adaptor and can dump these chips
C ya

[MODFREAKz]

sorry to say that, but willem programmer does not support 2MBit and 3,3V SPI

[bowser222]

Really?i could have swore.anyways.Tmf when you said about how you enable flashing via 2 points with probes and then rx and tx is routed to the unused pins.does this method "work"?have you gotten a dump yet.and are you using a homemade reader?also where are the keys stored at?
Thanks
c ya
''bowser

[garyopa]

Really?i could have swore.anyways.Tmf when you said about how you enable flashing via 2 points with probes and then rx and tx is routed to the unused pins.does this method "work"?have you gotten a dump yet.and are you using a homemade reader?also where are the keys stored at?
Thanks
c ya
''bowser

So far I have not see a retail BenQ drive, just the pre-production models, and dumping them is if no use as no AES code and no drive key.

Hopefully someday we will see a real retail BenQ drive here in Canada and we can get to work on more information and better tools.

[garyopa]

Thanks to a customer in Vancouver, them mailed me their "Elite" BenQ VAD6038 drive
and I will be dumping this drive ASAP, and suppling the retail firmware needed to the
needed parties.

More news later this week...

[glaze83]

Glad to hear you got it

[jelle2503]

and they only do FLASHing, and don't have any option to SAVE or BACKUP the firmware, so they have no use since the DVD key would be lost in the process.

so if you were to determine the location of the drivekey in the firmware, wouldn't you be able to make the flashprogram flash around the key and version string sectors, just like the hitachi?
i'm stupid aren't i 

[caster420]

and they only do FLASHing, and don't have any option to SAVE or BACKUP the firmware, so they have no use since the DVD key would be lost in the process.

so if you were to determine the location of the drivekey in the firmware, wouldn't you be able to make the flashprogram flash around the key and version string sectors, just like the hitachi?
i'm stupid aren't i 

I would take a stab in the dark and say that the key and version strings are probably in or around the same offsets.  However, this doesnt change the way that the firmware is written to the drive.  The reason hitachi's only flash certain sectors is that it was the only workaround that SeventhSon found, using his peek/poke technique.  Flashing a samsung is done in a different method and so to say that we can flash it a different way and only overwrite certain sectors could only be done if such commands were available through the controller on the drive.  Pretty simple to say, but in reality, may not be feasible at all.

Caster.