Ok, i know that the topic title is quite long, and might have some of you wondering what it actually means, so let me summarize real quick - I've been working on extracting the .bin firmware from the scrambled protected exe's that liteon has been releasing since they started using XFlash 2.3.x instead of the 2.2.x that XSF can extract the .bin's from. For some of you that have firmware available with the old flasher, (2.2.x) that means you can get your .bin and crossflash without problem, for those of us on later revisions of the iHAS drive, and others with other models, we are unable to get a .bin, and because the C and D revisions of iHAS drive's fail to read properly (scrambled/messed up) with Flash Utility, our only answer is to hope that someone has a dump with DosFlash 2.0, which uses PortIO, or MTKFlash. Not as many people can get those tools working, as they require installing unsigned drivers etc. However its a fairly simple process.

Anyway, i set out to find that data inside the memory/executable. it had to be there right? I mean, i had checked, the flashers weren't contacting any servers or anything. So it had to be contained somewhere, so after fiddling for quite a while in OllyDbg and hex editors and a variety of PE browsing apps, I found what I am sure is the firmware, however i have not tested the firmware's on a drive. From the little comparison i can do to the available .bin's for protected/scrambled XFlasher's by LiteOn (meaning that i dont have firmware dumps to compare what i extract from the flashers) I see minor differences, which i'm not sure matter in the terms of functioning firmware or not. So if anyone out there has a drive that they want to test out a extracted firmware, Feel free to contact me and we can see if this is worth pursuing further (ie: i write a extracting tool, most likely in c++ since thats my most fluent language, for the 2.3.x XFlash tool liteon releases to update firmware) Another route i've thought of is packet sniffing the SmartPack downloads, but i assume they just download the same .exe's we find on firmwarehq, is that right?

Youll need DOSFlash 2.0, PortIO installed/working, EEPROM Utility, and LtnFlash, these tools are all free, and readily available either via google or codeguys rpc1 site.

Some of you might be asking at this point, why doesnt he just test the firmware's himself. well short answer, my eeprom doesnt match and i dont have the option with my revision to use the crossflash/convert eeprom buttons in EEPROM utility, if you do, feel lucky .

Finally, if you guys have a C or D revision drive, and can use DOSFlash, PLEASE dump a copy of your firmware and EEPROM (use EEPROM Utility or LtnFlash on 0x2000) zip it up and post it to help out this process and others who need it to recover their drives etc, you can also email it to me at pinged at gmail....that is if you dont want the entire world to have it for some reason...


for reference to the tools, and what i've been posting/discussing, theres a thread at MyCE you can look at...see it here


this community has been great help so far in me getting to where i am right now, and i hope that we get further with it, if this method does work for extracting the firmware's from the executables, then the only problem we have (iHAS C and D revision clone's looking to crossflash) is finding out if we can flash a dump of some one elses' drives eeprom alongside the new firmware. which is why i need a backup of a iHAS124 firmware AND EEPROM. Currently i have a iHAS324C, which should work on this hardware, but i'm not sure the EEPROM would work. I will test this later on today/tomorrow though.


Thanks guys! Look forward to hearing opinions/comments. Especially from you veterans and other developers!
zak


To contact me about testing the firmware, skype me at zak7950, or email at pinged at gmail