1) rip the firmware modules from the SA of an identical HDD
2) get these modules from a friend (or for example, from the files section on this site)
3) use a firmware updater program from the vendor.
About this last option: firmware updates from vendors are pretty rare, since firmware code almost never needs to be replaced. However, Maxtor for example, had some problems with the firmware code on some Diamondmax HDD models. So, they issued a firmware update. This update consists of 2 files:
1) the executable file that issues the ATA ‘download microcode’ command to upload the firmware files to the HDD
2) The firmware code, consisting of the ‘main’ firmware code and ‘overlay’ code modules.
Firmware ‘overlay’ code are specific code functions. Why not just put all firmware code into one section ? Well, since the RAM in the drive is a limited resource, they’ve put some code into ‘overlay files’, so that this specific code can be swapped into RAM when that specific function is needed. When the fuction is not needed, it can be swapped out of ram and some other function can be swapped into it again.
The firmware update files from maxtor (I think the same goes for the other vendors) are not scrambled/encrypted/packed in anyway. In fact, you can find the exact same code in these files also in the ‘*.RPM’ files that PC3K produces for example.
Maxtor distributes their firmware file in a so called “.DMC” file. This DMC file is a package of 4 files, a ‘.Bxx’ file, a ‘.cxx’ file, a ‘.bbr’ file and a ‘.cbr’ file. Like I mentioned, this DMC container is not packed or scrambled in anyway. You can just cut the files out of it. The first 0×150 bytes of this file is the header. This header contains the four filenames, the offsets at which bytes in the package these files can be found, the length of the files and a checksum (not 100% sure about the checksum though). The ‘.bxx’ file is the biggest file and contains the overlay modules. You can find all code overlay modules by looking for ‘MO’ in the file. Right after this 2 byte string, you’ll find the hexadecimal overlay module ID. The ‘.bbr’ file contains the main firmware code. The last 2 files are very small, not sure what they contain, probably some checksums for the firmware and overlay modules.
Like said, the firmware code and overlay modules can also be found in the ‘*.RPM’ files of course, since this represents the firmware code on disk. So, you can look through these RPM files and scan for the ‘MO’ string to find any specific overlay module.
So in short, to create a tool that can read/write data in the SA, you need to:
A) know (and understand) the (vendor-) specific ATA commands that can be used to access this area and
B) know on which UBA sector the specific modules are stored.
If a drive has damaged data in the SA, for example in the firmware code module, it might become unusable. To repair these disks, the HDD can be switched to a so called ’safe mode’, by setting specific jumpers on the drive. If the drive is operating in safe mode, it bypasses its own firmware. Instead, it wants the user to upload firmware to its ram. If the user uploads a correct ‘temporary’ firmware to RAM, it starts executing that firmware. If this uploaded RAM code (the ‘loader’) starts operating, the user can then start to issue ATA commands to the drive to modify the damaged modules.
Of course, you could also create your own flasher program, instead of using the one supplied by the vendor. However, since vendors use specific versions of the ‘download microcode’ ATA command, you’d have to do research into this.
Furthermore, you could create a program that does EVERYTHING that a tool like PC3000 does. However, like pointed out, you’ll need very detailed information on the vendor specific ATA commands and the structure of the SA for that specific drive type and since this info is not made public by anyone, this means a LOT of work. “But hey, the PC3000 tool features a special hardware PCI card!” Yes, but as you’ll understand by now, you can think of that card as nothing more than a copy protection. They could have perfectly created the tool without it, but I guess they would have sold quite some copies less. So you really can’t blame them for it, in fact, I think it’s quite a smart move to stop piracy.
So, in short, if you want to mess around with the SA, you have 2 options: invest a lot of time and energy into learning or simply empty your pockets and buy a tool like PC3000.
0 Responses to "The basic knowledge about Hard Disk Drive"
Post a Comment