Open agd-media opened 9 years ago
lkos
commented
9 years ago Theoretically, you can disassemble firmware from .bin file (I think the firmware begins at offset 0x200) using 8051 disassembler (e.g. MC 8051 IDE, IDA pro). It would be ideal if you could convert assembler code to C (have no idea which program could accomplish that) and then you would combine it with the source provided here.
agd-media
commented
9 years ago Thanks for your answer. It lead to a whole lotta work for me :+1:
Using IDA Pro I was able to scroll through the different firmware files and I found out that my firmware dump made with DriveCom looks quite different compared to the FW03FF01V10353M.BIN file from the russian site. My dump started with a lot of Zeros, while the FW03 file looks like it is full of information with small Zero parts. I am pretty sure, that I followed the instruction for dumping the firmware, but neither the dump file nor the FW03 is working with the 111 Kingston drive when trying to restore to factory settings.
To convert the assembler code to C, I already have an idea how to achieve that: assembler -> executable -> C. Dunno if it will work like that.
dluffy411
commented
9 years ago Your idea sounds great Is there a way to help you?
agd-media
commented
9 years ago When I dump the original firmware without setting BootMode, everything seems to work fine, but the result is a lot of Zeros with some Information at the end of the file.
When I try it with BootMode I get this:
Action specified: GetInfo Gathering information... Reported chip type: 2303 Reported chip ID: 98-DE-98-92-72-D7 Reported firmware version: 1.02.53 Mode: Firmware
Action specified: SetBootMode
Action specified: DumpFirmware FATAL: System.InvalidOperationException: DeviceIoControl failed: 0079 bei DriveCom.PhisonDevice._SendCommand(SafeFileHandle handle, Byte[] cmd, Byt e[] data, Int32 bytesExpected) in e:\BADUSB\Psychson-master\Psychson-master\Driv eCom\DriveCom\PhisonDevice.cs:Zeile 366. bei DriveCom.Startup._DumpFirmware(String fileName) in e:\BADUSB\Psychson-mas ter\Psychson-master\DriveCom\DriveCom\Startup.cs:Zeile 344. bei DriveCom.Startup.Main(String[] args) in e:\BADUSB\Psychson-master\Psychso n-master\DriveCom\DriveCom\Startup.cs:Zeile 100.
I am pretty much stuck here already.
Edit: I will try to flash a new Kingston111 with FW03FF01V10253M.BIN / BN101. If that works I can go to IDA Pro again. I would prefer the custom dump with DriveCom.exe, but this seems not to work.
agd-media
commented
9 years ago E:\00000BADUSB\Psychson-master\Psychson-master\tools>DriveCom.exe /drive=f /acti on=SendFirmware /burner=E:\00000BADUSB\KINGSTON111NEU\BN03V101M.BIN /firmware=E: \00000BADUSB\KINGSTON111NEU\FW03FF01V10253M.BIN Action specified: SendFirmware Gathering information... Reported chip type: 2303 Reported chip ID: 98-DE-98-92-72-D7 Reported firmware version: 1.02.53 Mode: Firmware Switching to boot mode... Rebooting... Sending firmware... Executing... Mode: Firmware
E:\00000BADUSB\Psychson-master\Psychson-master\tools>DriveCom.exe /drive=f /acti on=GetInfo Action specified: GetInfo Gathering information... Reported chip type: 2303 Reported chip ID: 98-DE-98-92-72-D7 Reported firmware version: 1.02.53 Mode: Firmware
Restoring to factory defaults works now on the virgin Kingston DT111 with the above combination.
Next step is to combine HID custom firmware with the original firmware and later combine this with a hidden partition. This will take quite some time...
dklesev
commented
9 years ago @agd-media to get C code you can go on with Hex-Rays decompiler. But of course there is enough work after. If I find any time I will try experimenting with. Please share your work somewhere so we can help you
Bonjour123
commented
8 years ago Hi, it's a bit late, but did you manage to do it ? Thank you very much for responding me :)
agd-media
commented
7 years ago Bricked the sticks and quit the project... You might be interested in this: https://hakshop.com/products/bash-bunny
Hi and thanks for this great project. I am in hold of several supported devices and I am able to flash everything with the custom firmware (HID, hidden partition and password patch). I also killed some of them with dozens of hard resets. Now I was wondering if it is possible to combine both firmwares to keep the normal functionality of a flash drive while using a rubberducky script, that loads files from the same stick. What program is necessary to fiddle with the firmware code from the .bin files?