1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
|
/*
* Firmware flash utility for BTC DRW1008 DVD+/-RW recorder
* Version 2004/04/29
* By David Huang <khym@azeotrope.org>
* This work is dedicated to the public domain
*
* This utility may also work with other BTC DVD recorders, such as
* the DRW1004 and DRW1108, but they have not been tested.
*
* USE AT YOUR OWN RISK!
* btcflash is provided AS IS, with NO WARRANTY, either expressed or implied.
*
* Requires "transport.hxx" from Andy Polyakov's DVD+RW tools:
* http://fy.chalmers.se/~appro/linux/DVD+RW/tools/
* If obtained as part of dvd+rw-tools it can be built with
* 'make +btcflash'.
*
* Firmware files may be obtained by running BTC's Windows flash
* utility, then searching in the WINDOWS\TEMP or WINNT\TEMP directory
* for a *.HEX file. It will probably be in a subdirectory named
* PAC*.tmp.DIR, and the HEX file will be named Vnnnn.HEX, where nnnn
* is the firmware version number. You'll also find IDEFLASH.EXE or
* BTCFLASH.EXE in the same directory.
*
* This utility will also accept firmware files in ".BIN" format.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include "transport.hxx"
const unsigned int FLASHSIZE = 0x100000; /* BTC flash is 1MB */
unsigned char *loadfirmware(const char *);
int getbyte(char *&);
unsigned short calcsum(unsigned char *);
unsigned char *
loadfirmware(const char *firmware)
{
FILE *f;
char line[80], *p;
unsigned char *fwbuf;
int bank, length, offset, type, hexsum;
int i, b;
fwbuf = new unsigned char[FLASHSIZE];
if (!fwbuf) {
fprintf(stderr, "Could not allocate memory for firmware\n");
return NULL;
}
f = fopen(firmware, "r");
if (!f) {
fprintf(stderr, "%s: Unable to open: ", firmware);
perror(NULL);
return NULL;
}
// Get length of file. If it's exactly FLASHSIZE, assume it's a
// .bin file. Otherwise, try to read it as a .hex file.
fseek(f, 0, SEEK_END);
if (ftell(f) == FLASHSIZE) {
rewind(f);
if (fread(fwbuf, 1, FLASHSIZE, f) != FLASHSIZE) {
fprintf(stderr, "%s: Short read\n", firmware);
return NULL;
}
fclose(f);
return fwbuf;
}
rewind(f);
memset(fwbuf, 0xff, FLASHSIZE);
bank = 0;
while (fgets(line, sizeof(line), f)) {
if (line[0] != ':')
continue;
p = line + 1;
length = getbyte(p);
offset = getbyte(p) << 8 | getbyte(p);
type = getbyte(p);
if (length < 0 || offset < 0 || type < 0 ||
(type != 0 && length != 0)) {
fprintf(stderr, "Malformed line: %s", line);
return NULL;
} else if (length == 0) {
if (strncmp(line, ":00000155AA", 11) == 0) {
if (++bank >= 16) {
fprintf(stderr,
"Firmware file larger than 1MB\n");
return NULL;
}
continue;
} else if (strncmp(line, ":00000001FF", 11) == 0)
break;
else {
fprintf(stderr, "Malformed line: %s", line);
return NULL;
}
}
hexsum = (length + (offset >> 8) + (offset & 0xff)) & 0xff;
for (i = 0; i < length; i++, offset++) {
b = getbyte(p);
hexsum = (hexsum + b) & 0xff;
if (b < 0) {
fprintf(stderr, "Short line: %s", line);
return NULL;
}
fwbuf[(bank << 16) | offset] = (char)b;
}
hexsum = (0x100 - hexsum) & 0xff;
if (hexsum != getbyte(p)) {
fprintf(stderr, "Checksum mismatch: %s", line);
return NULL;
}
}
fclose(f);
if (bank != 15) {
fprintf(stderr, "Firmware file too small\n");
return NULL;
}
return fwbuf;
}
int
getbyte(char *&p)
{
int h, l;
h = *p;
if (h >= '0' && h <= '9')
h -= '0';
else if (h >= 'A' && h <= 'F')
h -= 'A' - 10;
else if (h >= 'a' && h <= 'f')
h -= 'a' - 10;
else
return -1;
l = *(p+1);
if (l >= '0' && l <= '9')
l -= '0';
else if (l >= 'A' && l <= 'F')
l -= 'A' - 10;
else if (l >= 'a' && l <= 'f')
l -= 'a' - 10;
else
return -1;
p += 2;
return (h << 4) | l;
}
unsigned short
calcsum(unsigned char *fwbuf)
{
unsigned int flashsum, i;
for(flashsum = 0, i = 0; i < FLASHSIZE; i++)
flashsum += fwbuf[i];
return (flashsum & 0xffff);
}
int main(int argc, char *argv[])
{
const char *fwfile;
char confirm[5];
unsigned char *fwbuf, inq[128], csbuf[32];
unsigned short checksum;
Scsi_Command cmd;
int err;
unsigned int offset;
if (argc < 3) {
fprintf(stderr, "Usage: %s /dev/cdrom firmware\n",
argv[0]);
return 1;
}
printf("BTC DVD+/-RW firmware flash utility 2004/04/29\n");
printf("USE AT YOUR OWN RISK!\n\n");
if (!cmd.associate(argv[1])) {
fprintf(stderr, "%s: unable to open: ", argv[1]);
perror (NULL);
return 1;
}
fwfile = argv[2];
if (!(fwbuf = loadfirmware(fwfile)))
return 1;
checksum = calcsum(fwbuf);
printf("Loaded firmware from %s\nFirmware checksum is %04X\n",
fwfile, checksum);
cmd[0] = 0x12; // INQUIRY
cmd[4] = 36;
cmd[5] = 0;
if (err = cmd.transport(READ, inq, 36)) {
sperror("INQUIRY", err);
return 1;
}
printf("Drive is currently: [%.8s][%.16s][%.4s]\n",
inq+8, inq+16, inq+32);
printf("Firmware appears to be: [%.8s][%.16s][%.4s]\n\n",
fwbuf+0x40bc, fwbuf+0x40c4, fwbuf+0x40d4);
if (strncmp((char*)inq + 8, (char*)fwbuf + 0x40bc, 24) != 0)
printf(
"***********************************************"
"***********\n"
"WARNING! THIS FIRMWARE DOES NOT SEEM TO BE FOR "
"THIS DRIVE!\n"
"***********************************************"
"***********\n");
printf("Type \"YES\" to proceed with flash: ");
fflush(stdout);
fgets(confirm, sizeof(confirm), stdin);
if (strcmp(confirm, "YES\n") != 0) {
printf("\nFlash canceled.\n");
return 0;
}
printf("\nUploading firmware...\n");
// Upload firmware
for (offset = 0; offset < FLASHSIZE; offset += 0x1000) {
cmd[0] = 0x3B; // WRITE BUFFER
cmd[1] = 6; // Download Microcode with Offsets
cmd[2] = 0; // Buffer ID 0
cmd[3] = (offset >> 16) & 0xff;
cmd[4] = (offset >> 8) & 0xff;
cmd[5] = 0x20;
cmd[6] = 0; // Length 0x1000
cmd[7] = 0x10;
cmd[8] = 0;
cmd[9] = 0;
if (err = cmd.transport(WRITE, fwbuf + offset, 0x1000)) {
sperror("WRITE BUFFER[1]", err);
return 1;
}
}
// Upload checksum
memset(csbuf, 0, 32);
csbuf[30] = (checksum >> 8);
csbuf[31] = (checksum & 0xff);
cmd[0] = 0x3B; // WRITE BUFFER
cmd[1] = 6; // Download Microcode with Offsets
cmd[2] = 0; // Buffer ID 0
cmd[3] = 0; // Offset 0
cmd[4] = 0;
cmd[5] = 0;
cmd[6] = 0; // Length 0x20
cmd[7] = 0;
cmd[8] = 0x20;
cmd[9] = 0;
if (err = cmd.transport(WRITE, csbuf, 0x20)) {
sperror("WRITE BUFFER[2]", err);
return 1;
}
printf("Flashing drive...\n");
// Firmware uploaded; now flash it!
cmd[0] = 0x3B; // WRITE BUFFER
cmd[1] = 7; // Download Microcode with Offsets and Save
cmd[2] = 0; // Buffer ID 0
cmd[3] = 0; // Offset 0
cmd[4] = 0;
cmd[5] = 0;
cmd[6] = 0; // Length 0
cmd[7] = 0;
cmd[8] = 0;
cmd[9] = 0;
if (err = cmd.transport()) {
sperror("WRITE BUFFER[3]", err);
return 1;
}
sleep(50); // Let drive sit for a while before bothering it
while (1) {
sleep(1);
cmd[0] = 0; // TEST UNIT READY
cmd[5] = 0;
err = cmd.transport();
// Wait until it returns either ready or
// not ready/medium not present
if ((err == 0) || (SK(err) == 2 && ASC(err) == 0x3A))
break;
}
cmd[0] = 0x12; // INQUIRY
cmd[4] = 36;
cmd[5] = 0;
if (err = cmd.transport(READ, inq, 36)) {
sperror("INQUIRY[2]", err);
return 1;
}
printf("Drive is now: [%.8s][%.16s][%.4s]\n\n",
inq+8, inq+16, inq+32);
printf("Please reboot before using the drive.\n");
return 0;
}
|
