Difference between revisions of "Xbox 360 BenQ VAD6038 Flash"
(11 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
== DosFlash == | == DosFlash == | ||
Download the DosFlash tool [http://www.xboxhacker.net/index.php?topic=8517.0] and put the DosFlash files from the DosFlash16 folder on a working MS-DOS boot disk. | Download the DosFlash tool [http://www.xboxhacker.net/index.php?topic=8517.0] and put the DosFlash files from the DosFlash16 folder on a working MS-DOS boot disk [http://www.bootdisk.com/]. | ||
== Install Switch == | == Install Switch == | ||
For the DosFlash application to read the BenQ flash memory, the power to the flash memory has to be applied after DosFlash discovered the drive. The purpose of this is to go around the FirmGuard and jump into the flash memory right before the FirmGuard protection is enabled. | For the DosFlash application to read the BenQ flash memory, the power to the flash memory has to be applied after DosFlash discovered the drive. The purpose of this is to go around the FirmGuard and jump into the flash memory right before the FirmGuard protection is enabled. | ||
By | By keeping the the power disconnected from the flash memory after the main power to the drive is connected, the FirmGuard can be circumvented. FirmGuard is not enabled and DosFlash can freely read the content. | ||
=== Cut Traces === | === Cut Traces === | ||
Two traces has to be cut to install | Two traces has to be cut to install a simple switch. The traces are on the bottom side of the circuit board, facing down into the drive. Unmount the circuit board from the drive. | ||
I used a razorblad to cut the traces and a | I used a razorblad to cut the traces and a fiber pen to scratch the coating to expose the copper. | ||
[[Image:Benq flash cut traces tools.jpg]] | [[Image:Benq flash cut traces tools.jpg]] | ||
[[Image:Benq flash traces cut.jpg]] | |||
=== Solder Switch === | === Solder Switch === | ||
Solder two wires to the traces facing away from the cut and | Solder two short wires to the traces facing away from the cut and each other, as seen in the picture below. Connect the ends to a simple on/off switch. | ||
[[Image:Benq flash switch pads.jpg]] | |||
[[Image:Benq flash solder switch.jpg]] | |||
== Read Flash == | == Read Flash == | ||
Line 30: | Line 34: | ||
# In DosFlash, enter the number of the discovered drive, normally '6', press enter. | # In DosFlash, enter the number of the discovered drive, normally '6', press enter. | ||
# To read the firmware, press 'r', and enter a new filename to dump the firmware. | # To read the firmware, press 'r', and enter a new filename to dump the firmware. | ||
# The drive should now be dumping the 4 banks. | # The drive should now be dumping the 4 banks, reboot into Windows when done. | ||
[[Image:Benq flash read.jpg]] | |||
== Write Flash == | == Write Flash == | ||
To flash the drive, replace 'r' with 'w' | To flash the drive, follow in the procedure above but replace 'r' with 'w' to program a new firmware. | ||
[[Image:Benq flash write.jpg]] | |||
== Spoof BenQ == | |||
* [[Xbox 360 BenQ VAD6038 64930C Spoof]] | |||
== References == | == References == | ||
* [http://www.xbox-scene.com/xbox1data/sep/EEllkyFpFyWmXBfbSm.php Dumping and flash BenQ VAD6038 drive] | * [http://www.xbox-scene.com/xbox1data/sep/EEllkyFpFyWmXBfbSm.php Dumping and flash BenQ VAD6038 drive] | ||
* [http://dwl.xbox-scene.com/tutorial/vad6038_tutorial.pdf Team Modfreakz PDF Guide] | * [http://dwl.xbox-scene.com/tutorial/vad6038_tutorial.pdf Team Modfreakz PDF Guide] |
Latest revision as of 18:30, 30 September 2007
For a few months the new BenQ VAD6038 drive for the Xbox 360 couldn't be dumped or flashed. A new DosFlash tool by Schtrom made it possible to access the drive flash memory.
DosFlash
Download the DosFlash tool [1] and put the DosFlash files from the DosFlash16 folder on a working MS-DOS boot disk [2].
Install Switch
For the DosFlash application to read the BenQ flash memory, the power to the flash memory has to be applied after DosFlash discovered the drive. The purpose of this is to go around the FirmGuard and jump into the flash memory right before the FirmGuard protection is enabled.
By keeping the the power disconnected from the flash memory after the main power to the drive is connected, the FirmGuard can be circumvented. FirmGuard is not enabled and DosFlash can freely read the content.
Cut Traces
Two traces has to be cut to install a simple switch. The traces are on the bottom side of the circuit board, facing down into the drive. Unmount the circuit board from the drive.
I used a razorblad to cut the traces and a fiber pen to scratch the coating to expose the copper.
Solder Switch
Solder two short wires to the traces facing away from the cut and each other, as seen in the picture below. Connect the ends to a simple on/off switch.
Read Flash
Disconnect the drive from the computer if it's connected and turn the switch to OFF-position.
- Boot MS-DOS and connect the SATA cable to the computer.
- Execute DosFlash.exe and wait for it to finish searching for drives.
- Connect the power cable to the BenQ drive.
- A second later turn the switch to ON.
- In DosFlash, enter the number of the discovered drive, normally '6', press enter.
- To read the firmware, press 'r', and enter a new filename to dump the firmware.
- The drive should now be dumping the 4 banks, reboot into Windows when done.
Write Flash
To flash the drive, follow in the procedure above but replace 'r' with 'w' to program a new firmware.