Restore factory firmware

[yoyebie]

Hi, I got a problem. I have Patriot 8GB Supersonic Xpress and I modified it with your script. I used RubberDucky Hello World payload and it work perfectly, but unfortunately, when I connect my USB drive, the payload executes but the drive won't show up in the Windows Explorer. So I'm trying to restore factory firmware in the drive, but it won't work. SetBootMode works (I use command DriveCom.exe /drive=D /action=SetBootMode. The drive letter is the one I used when I flashed the firmware for the first time, since now the drive won't show up), the LED on the drive stays on but I still can't flash the factory firmware. When I try to execute command DriveCom.exe /drive=D /action=SendFirmware /burner=BN03V104M.BIN /firmware=fw.bin (where the burner image is the image downloaded from USBDEV.ru and which I used to flash my drive for the first time, and the firmware file is the file I dumped before I flashed my drive) I get the error: Action specified: SendFirmware Gathering information... FATAL: System.InvalidOperationException: DeviceIoControl failed: 048F w DriveCom.PhisonDevice._SendCommand(SafeFileHandle handle, Byte[] cmd, Byte[] data, Int32 bytesExpected) w DriveCom.PhisonDevice.SendCommand(Byte[] cmd, Int32 bytesExpected) w DriveCom.PhisonDevice.RequestVendorInfo() w DriveCom.PhisonDevice.GetChipType() w DriveCom.Startup._GetInfo() w DriveCom.Startup._SendFirmware() w DriveCom.Startup.Main(String[] args)

The same error I get when I try to execute commad GetInfo.

Did I do something wrong? The payload works, so I suppose that flashing process went well but I'm concerned about the fact that the drive won't show up in Windows Explorer.

In addition, I tried to flash the custom firmware but I get the same result.

What can I do to get my USB drive work again?

Thanks in advance for your help.

Kind regards from Poland, yoyebie

[mertsarica]

After I dumped the firmware and restored the dumped firmware, it was bricked. When I plug it, windows does not detect it anymore, any idea how to restore it ?

DriveCom.exe /drive=E /action=SetBootMode Action specified: SetBootMode

DriveCom.exe /drive=E /action=SendExecutable /burner=BN03V104M.BIN Action specified: SendExecutable

DriveCom.exe /drive=E /action=DumpFirmware /firmware=dump.bin Action specified: DumpFirmware

DriveCom.exe /drive=E /action=GetInfo Action specified: GetInfo Gathering information... Reported chip type: 2302 Reported chip ID: 45-4C-A8-92-76-57 Reported firmware version: 1.01.10 Mode: Burner

DriveCom.exe /drive=E /action=SendFirmware /burner=BN03V104M.BIN /firmware=dump.bin Action specified: SendFirmware Gathering information... Reported chip type: 2302 Reported chip ID: 45-4C-A8-92-76-57 Reported firmware version: 1.01.10 Mode: Burner Rebooting... Sending firmware... Executing... FATAL: System.InvalidOperationException: DeviceIoControl failed: 0079 at DriveCom.PhisonDevice._SendCommand(SafeFileHandle handle, Byte[] cmd, Byte [] data, Int32 bytesExpected) at DriveCom.PhisonDevice.SendCommand(Byte[] cmd, Byte[] data) at DriveCom.PhisonDevice.SendCommand(Byte[] cmd) at DriveCom.PhisonDevice.JumpToPRAM() at DriveCom.Startup._RunFirmware(String fileName) at DriveCom.Startup._SendFirmware() at DriveCom.Startup.Main(String[] args)

DriveCom.exe /drive=E /action=GetInfo Action specified: GetInfo Gathering information... FATAL: System.InvalidOperationException: DeviceIoControl failed: 0037 at DriveCom.PhisonDevice._SendCommand(SafeFileHandle handle, Byte[] cmd, Byte [] data, Int32 bytesExpected) at DriveCom.PhisonDevice.SendCommand(Byte[] cmd, Int32 bytesExpected) at DriveCom.PhisonDevice.RequestVendorInfo() at DriveCom.PhisonDevice.GetChipType() at DriveCom.Startup._GetInfo() at DriveCom.Startup.Main(String[] args)

[Foppel81]

@wiederma @mertsarica Please read my HowTo above. You have to bring the stick into Bootmode (Hardware). After that you can flash it to stock with MPALL_v3.63_0D

[mertsarica]

But you have Toshiba and we have Sandisk does it matter ?

[mertsarica]

Hey @wiederma I have the same issue like yours, any news or progress about it ?

[mertsarica]

BadUsb works when I plug it and shows helloword after it opens notepad but the issue is windows and any other format tools cant detect the device.

[wiederma]

Hi @mertsarica, not so far ... I had a look at the source of DriveCom and tried to understand where the error "DeviceIoControl" comes from ... I found that DriveCom also has some kind of interactive terminal (in case you do not provide any action, e.g. "DriveCom.exe /drive=E") but wasn't helpful for me here. I finally took apart my stick. Next step is to shorten the pins and try whether its possible to access it then again. My understanding of @Foppel81 post was, that DriveCom tries to get the chip in BootMode by sending 0x06, 0xBF as command ... but I guess the firmware I flashed has a different command to get the chip into boot mode since I get only error messages after executing "DriveCom.exe /drive=E /action=SetBootMode" @mertsarica: windows has a feature that hides empty drives ... like in your case your flash drive ... its an option in the Explorer ... see second post by @brandonlw Since you changed the firmware of the controller chip on the stick (basically the OS that manages the access to the flash memory) a simple reformat will not fix that. The firmware you flashed on the controller chip is not able to speek to the flash memory ... for your Windows system your flash drive is a keyboard (check your device manager ... there is an additional keyboard listed while the flash drive is plugged in) I recommend to have a look at the work Adam Caudill presented at DerbyCon: http://www.slideshare.net/adam_caudill/derby-con2014presentation to understand the memory layout and to get an idea what is changed by writing a custom firmware to the controller chip of the flash drive. and @mertsarica to answer your previous question about different versions: the firmware of my stick had version 1.09.10 in the very begining after I took it out of its packaging. I then dumped the firmware. But I used the firmware from this git repo to inject my hello world payload in it. Point I don't get: why has the reported chip type changed from 2303 to 2302 after sending the burner to the chip ... Unfortunatelly I didn't check the properties after flashing the injected firmware ... :( maybe I need to get a second of these flash drives :)

[mertsarica]

Well then we need a way to restock the original firmware but how. ...

[wiederma]

this is the flash drive I currently work with: Its a SanDisk Ultra USB 3.0 16GB I had to take it apart (had to destroy the case) in order to bring the chip in Boot Mode by shorten the PIN 2 & 3 as described earlier in this thread. Now the flash drives talks to me again :D

.\DriveCom.exe /drive=E /action=GetInfo Action specified: GetInfo Gathering information... Reported chip type: 2303 Reported chip ID: 45-DE-94-93-76-D7 Reported firmware version: 1.01.10 Mode: BootMode

Next I need to find a way to access Boot Mode without shorting the pins ... :)

[mertsarica]

Yeah it would be great. I dont want to destroy the case :)

[brovar]

Hi,

I have Patriot Stellar 64 Gb Phison (2303 chip type with 1.10.53 firmware) and I successfully loaded "Hello World" Demo to it. Because "World is not enough" (-; I wanted more advanced payload. So I tried several times to restore stock firmware or load any custom firmware. Unfortunately, I received only "0079" (before ./DriveCom.exe /drive=D /action=SetBootMode) and "048F" (after ./DriveCom.exe /drive=D /action=SetBootMode) error codes. I decided to try hardware method, but under the case my device looks like that:

(-;

I connected these two elements in the middle, but without any luck. I cannot apply hardware method without X-Rays :D I tried also @Foppel81 procedure, but MPALL_F2_v363_0D.exe doesn't see my drive - "Start" button is grayed out (and yes, I unchecked a windows setting that hides drive letters for any drive).

I'm using Win8.1 x64 right now. But, I'll try it again tomorrow with Win7.

Any other ideas how to restore this drive without being Superman? (-;

[h3ku]

Anyone can put download link to BN03V104M.BIN.

Thank you.

[brandonlw]

Check the "Useful Links" section of the wiki.

[h3ku]

I see, thank you.

[question123]

Hi, I've just bought the "Toshiba TransMemory-MX USB 3.0 8GB". Is there anyone who has experience with this? Is there anything I have to pay attention to? Thank You

[neheb]

I had a 16GB version that I bricked because I did not back up the stock firmware.

The firmware version that this patch works on(version 1.53 or something) is not compatible with the NAND that was on my toshiba drive. This left me unable to format the drive.

Long story short: uness you have the exact same drive that the authors used, forget about doing this.

[ghost]

How does one go about backing up firmware on the device?

[question123]

Okay sounds crazy

[question123]

And how to backup the firmware if it doesn't works?

[neheb]

It's on the front page under Dumping Firmware.

[question123]

Jeah, and you are shure it'll work? What is different if i use the manual boot mode?

[question123]

Is it possible setting the manual boot mode and using the normal "burn" afterward? Thank you for your answers

[question123]

The USB-stick arrived today. ( Toshiba TransMemory-MX USB 3.0 8GB) Coud I follow the normal tutorial without risks?

[question123]

*Could

[question123]

So I copied the hello world script and flashed it on the usb-stick, but when I plug in the stick now, nothing happens. I need your help. Thank you

[ZhaoTuan]

Hi @CitNils Is it possible for you to send me the firmware for your USB stick as I have the same USB, and unfortunately my backup fireware was broken

[clayissimo]

WARNING!

Using a Toshiba TrasnMemory-MX 8GB USB 3.0 thumbdrive I can confirm that as @mertsarica has confirmed - reflashing the dumped firmware bricks the stick! @ka1ias has already found out that dumping the same drive's firmware five times resulted in five different dumps. Something is not working correctly.

BE AWARE!

Does anyone know how to properly extract/dump the firmware from these drives using a different tool?

[JeanDeho]

Toshiba TransMemory-MX 8GB USB 3.0 thumbdrive:

So far I am not able to inject any "Hello World!" (using /burner=BN03V114M.BIN, after SendFirmware, led is blinking and drive is not available), but I found two ways to enter the BootMode successfully:

(1.) Look at the picture above at "Foppel81 commented on 15 Oct 2014". In my case I must shorten the pins 2+3 (not pin 1+2!) when connecting the stick.

(2.) Just plugging the stick into USB-port, then sending the command action=SetBootMode, THEN shorten the pins 1+2(!), then it works also.

Here is my dump of original FW from Toshiba TransMemory-MX USB 3.0 8GB. After SendFirmware, my stick is a working as a memory stick again. I am using an USB 2.0-port for this.

Just rename to .bin:

About my stick: DriveCom / Action specified: GetInfo

---

Gathering information... Reported chip type: 2303 Reported chip ID: 9x-Dx-9x-9x-7x-5x Reported firmware version: 2.06.53 Mode: Firmware

---

Controller: Phison 2303 (2251-03) Memory Type: TLC Firmware Date: 2013-04-01 ID_BLK Ver.: 1.2.38.0 MP Ver.: MPALL v3.26.0C VID: 0930 PID: 6545 Manufacturer: TOSHIBA Product: TransMemory Mx Query Vendor ID: TOSHIBA Query Product ID: TransMemory Mx Query Product Revision: PMAP Physical Disk Capacity: 7798947840 Bytes

[JeanDeho]

Toshiba TransMemory-MX 8GB USB 3.0 thumbdrive:

The current edition is not working with the modified firmware! (version details: see above)

As already written, I am able to reinstall my original fw anytime, and the stick is working as usual.

When trying the original fw of "linuxFR commented on 14 Oct 2014" (look for that subject), who owns the same stick (he injected Rubber Ducky's "Hello World" successfully), it is not possible to get his unmodified fw working on my stick. Instead, I am getting that error message (and the stick is not working of course):

Action specified: SendFirmware Gathering information... FATAL: System.InvalidOperationException: DeviceIoControl failed: 0006 at DriveCom.PhisonDevice._SendCommand(SafeFileHandle handle, Byte[] cmd, Byt e[] data, Int32 bytesExpected) in c:\fw\Psychson-master\DriveCom\DriveCom\Phison Device.cs:line 362. at DriveCom.PhisonDevice.SendCommand(Byte[] cmd, Int32 bytesExpected) in c:\ fw\Psychson-master\DriveCom\DriveCom\PhisonDevice.cs:line 295. at DriveCom.PhisonDevice.RequestVendorInfo() in c:\fw\Psychson-master\DriveC om\DriveCom\PhisonDevice.cs:line 140. at DriveCom.PhisonDevice.GetChipType() in c:\fw\Psychson-master\DriveCom\Dri veCom\PhisonDevice.cs:line 170. at DriveCom.Startup._GetInfo() in c:\fw\Psychson-master\DriveCom\DriveCom\St artup.cs:line 384. at DriveCom.Startup._SendFirmware() in c:\fw\Psychson-master\DriveCom\DriveC om\Startup.cs:line 365. at DriveCom.Startup.Main(String[] args) in c:\fw\Psychson-master\DriveCom\Dr iveCom\Startup.cs:line 114.

firmware has same size: 205.824 Bytes

[eccentech]

Here is my Phison 2303 (2251-03) everything went smoothly and sent PAYLOAD TO FIRMWARE and its worked well

When I plug back the USB to the computer it won't recognize the drive but I can see the USB in the device manager I'm not sure what went wrong

Please help

Volume: D: Controller: Phison 2303 (2251-03) Possible Memory Chip(s): Toshiba TH58TEG8DDJBASC Toshiba TH58TEG8DDJBA8C Toshiba TH58TEG8CDJBA8C Toshiba TH58TEG7DDJBA4C Toshiba TH58TEG7DDJBAMC Toshiba TH58TEG7CDJBA4C Memory Type: MLC Flash ID: 98DE9493 76D7 Chip F/W: 05.01.10 Firmware Date: 2015-07-15 ID_BLK Ver.: 1.3.7.0 MP Ver.: MPALL v5.1.0B VID: 13FE PID: 5200 Manufacturer: UFD 3.0 Product: Silicon Power32G Query Vendor ID: UFD 3.0 Query Product ID: Silicon Power32G Query Product Revision: PMAP Physical Disk Capacity: 31641829376 Bytes Windows Disk Capacity: 31634063360 Bytes Internal Tags: 2Q6P-S74J File System: FAT32 USB Version: 3.00 in 2.00 port Declared Power: 300 mA ContMeas ID: 3CFE-08-00 Microsoft Windows 7 SP1 x64 Build 7601

[haaha123123123]

Selling 2251-03/2303 chips flash disk,contact me if you want buy I have lots of 2251-03/2302 flsh disk,and it works with badusb,if anyone want to buy,please contact me, my email is haaha123123@126.com

[themisergo]

hello, i want ask if i buy TOSHIBA FLASH DRIVE USB 3.0 8GB SUZAKU from http://www.samosbooks.gr/p/9907/toshiba-flash-drive-usb-3-0-8gb-suzaku-mayro i can turn to badusb??

[darkore0]

@themisergo i bought the exactly the same one four months ago. The vulnerable chip was changed by toshiba to phison 7309. So the short answer is no. I have an alternative for you at darkoreo.xyz I have written an article to achieving bad usb with other hardware!

[themisergo]

@skordonis den to exo agorasei akoma auto to usb,alla prin merikes meres agorasa to datatraveler G4 64 GB kai mou eirthe me 2307,pisteueis oti mporei na metatrapei se badusb???

[darkore0]

@themisergo Δε μπορω να σου απαντησω στα σιγουρα. Μπορει ναι μπορει οχι. Αλλα θελει πολυ κοπο. Για μενα δεν αξιζει.

On Saturday, 9 April 2016, themisergo notifications@github.com wrote:

@skordonis https://github.com/skordonis den to exo agorasei akoma auto to usb,alla prin merikes meres agorasa to datatraveler G4 64 GB kai mou eirthe me 2307,pisteueis oti mporei na metatrapei se badusb???

— You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub https://github.com/adamcaudill/Psychson/issues/14#issuecomment-207772670

[themisergo]

den mporoume na vroume apo kanenan ta usb ??

[darkore0]

@themisergo επειδη το thread εδω ειναι για αλλο λόγο και αμα συνεχισουμε τα comments στα ελληνικα θα μας την πουν στειλε μου ενα mail στο kordonisef@gmail.com γιατι δεν καταλαβα την ερωτηση σου και τα λεμε εκει! Peace!

[dhakx]

@wiederma I am also using the Sandisk USB stick, but I can't make it to work. Could you assist me in the process?

[TotalDay]

V3SZK-016G-WH

TOSHIBA USB3.0 TransMemory-MX

https://goo.gl/NisgFx

[TotalDay]

Description: [F:]Caiiieia?uaa ono?ienoai aey USB(Kingston DataTraveler 3.0) Device Type: Mass Storage Device

Protocal Version: USB 3.00 Current Speed: High Speed Max Current: 504mA

USB Device ID: VID = 0951 PID = 1666 Serial Number: 002618A36B35BD70B34E005E

Device Vendor: Kingston Device Name: DataTraveler 3.0 Device Revision: 0100

Manufacturer: Kingston Product Model: DataTraveler 3.0 Product Revision: PMAP

Controller Vendor: Phison Controller Part-Number: PS2251-03(PS2303) - F/W 01.08.10 [2013-06-10] Flash ID code: 98DE9482 - Toshiba TC58NVG6D2GTA00 [MLC-8K]

Tools on web: http://dl.mydigit.net/special/up/phison.html

Possible Flash Part-Number

[1CE]TC58NVG6D2GTA00(24nm) [2CE]TH58NVG7D2GTA20(24nm)

Flash ID mapping table

[Channel 0] [Channel 1]

[TotalDay]

[TotalDay]

Sandisk SDCZ48-016G

PS2251-03

https://goo.gl/88ASp7

[TotalDay]

Toshiba V3SZK-032G

PS2251-03

https://goo.gl/L0EK7u

[MrDiagnose]

can anybody pls send me the official firmware of Sandisk ultra 16gb SDCZ48-016G pls pls asap i need to flash my pendrive :(

[groverito]

I have not the original firmware. i do not have SDCZ48-016G sorry. look the link tools to ScanDisk http://www.flashdrive-repair.com/search/label/Sandisk%20Flash [http://google.com/help/hc/images/logos/blogger_logo.gif]http://www.flashdrive-repair.com/search/label/Sandisk%20Flash

Flash Drive Repairhttp://www.flashdrive-repair.com/search/label/Sandisk%20Flash www.flashdrive-repair.com

---

De: MrDiagnose notifications@github.com Enviado: sábado, 22 de octubre de 2016 20:46:06 Para: brandonlw/Psychson Cc: groverito; Comment Asunto: Re: [brandonlw/Psychson] Restore factory firmware (#14)

can anybody pls send me the official firmware of Sandisk ultra 16gb SDCZ48-016G pls pls asap i need to flash my pendrive :(

You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/brandonlw/Psychson/issues/14#issuecomment-255552965, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AIqyn52Wh310YptvQAp3rNF-I_4xkaCfks5q2nYOgaJpZM4Cr-L0.

[MrDiagnose]

thanks for reply groverito

[Caseraw]

@MrDiagnose did it work for you? I have exactly the same problem on 3 USB drives (same model as you do). I tried the links, but unable to download the required files, weird site...

[MrDiagnose]

@Caseraw didnt work for me bro im lost :(

[rohankm]

will this pendrive work ? https://www.amazon.com/gp/product/B00ZYP23M4/ref=oh_aui_detailpage_o00_s00?ie=UTF8&th=1

[thatBrian]

@rohankm I think the Verbatim USBs have been updated. your link shows the new repackaged version. Previous examples of working Verbatim USB's use an older packaging, a black on grey version. The new one I believe uses a Phison PS2307 chip which is incompatible.

[rohankm]

@CheerfulButter http://www.amazon.in/SanDisk-Ultra-USB-16GB-Drive/dp/B00DQG9DDU?tag=googinhydr18418-21&tag=googinkenshoo-21&ascsubtag=0fb8fb3a-865a-4e98-8375-d1653dddcb0f WILL THIS WORK BRO?