All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 41 posts ]  Go to page Previous  1, 2, 3  Next
Author Message
 Post subject: Re: Question about Vendor Specific Commands
PostPosted: April 4th, 2020, 18:52 
Offline

Joined: July 6th, 2013, 15:13
Posts: 327
Location: ISLAMABAD
fzabkar wrote:
waqas_ali766 wrote:
eaxi wrote:
I present small portion of factory log extracted from Seagate HDD SA ...

PROGRAMMING COMPLETE! ---------------------------------------------------------- VERIFYING FLASH IMAGE... Header: 530B00004800000000000000E2B50400 Header plus boot code checksum verified! Offset Length Type ------ ------ ---- 0x00040 0x598E0 DL_CFW 0x598E0 0x00410 IAP 0x59CF0 0x16000 DL_SFW 0x6FCF0 0x01100 DL_SHELL 0x70DF0 0x00210 DL_CAPM 0x71000 0x0A000 DL_RAPM 0x7B000 0x05000 DL_SAPM Flash Byte size : 0x00080000 Entire flash image checksum: 0x44F0 PASS Done

Are you saying that all names , like rap cap sap. Are in side the rom.bin file ?


AIUI, @eaxi is telling you that these names can be found in the factory logs in the SA. The names of these ROM modules are not present in the ROM, only their IDs.




Hi

Friend me to saying the same, that it can be found in Factory log.

Not Available in the ROM.bin file

But some people try to show me in the IDA Pro , that names are in the ROM.bin
because CPRS is available in the ROM.bin file


that's why i said, show RAP CAP SAP names.

then he reply, that its compressed.

i try to say him, that in ROM Image, only the ID is available

like 01, 02, 03, 04

And from that ID we assign the Names By programming.

Same method is done in WD Drives.


in WD hdd, all modules and there address is available in 01 module, but only the ID number and There Location and there Size.

Not the Names of Modules.

Names of Modules we get from Factory logs. and put in the Software ListView Programatically , so a User can understand.

fzabkar, i am wrong kindly tell me, i know you are expert in this.

Kind Regards


Top
 Profile  
 
 Post subject: Re: Question about Vendor Specific Commands
PostPosted: April 4th, 2020, 19:46 
Offline

Joined: October 3rd, 2005, 0:40
Posts: 3080
Location: Hungary
Quote:
then he reply, that its compressed.


who are you refering to?

_________________
Adatmentés - Data recovery
No bitcoin donations :)


Top
 Profile  
 
 Post subject: Re: Question about Vendor Specific Commands
PostPosted: April 4th, 2020, 19:52 
Offline

Joined: July 6th, 2013, 15:13
Posts: 327
Location: ISLAMABAD
pepe wrote:
Quote:
then he reply, that its compressed.


who are you refering to?



Eaxi show in IDA Pro, the name CPRS Only.

Which is available in almost All ROM Files


Top
 Profile  
 
 Post subject: Re: Question about Vendor Specific Commands
PostPosted: April 4th, 2020, 20:11 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 12419
Location: Australia
waqas_ali766 wrote:
But some people try to show me in the IDA Pro , that names are in the ROM.bin
because CPRS is available in the ROM.bin file.

AIUI, the author of F3ROMExplorer (@E123) knows how to decompress the CPRS sections. I don't.

I confess that I have identified various module names by referring to the work of others, not through my own disassembly or SA log dumps.

BTW, newer firmware uses a different compression format, or at least a different signature, "LZMA":

http://www.hddoracle.com/viewtopic.php?f=59&t=2173&p=15641#p15641

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: Question about Vendor Specific Commands
PostPosted: April 4th, 2020, 20:15 
Offline

Joined: October 3rd, 2005, 0:40
Posts: 3080
Location: Hungary
Look, i think you are wrong at several points:
- nobody is able to figure out function and name of firmware objects without help of factory sw/info
- nobody is able to figure out VSCs without sniffing factory sw
- saying the above 2 several times not listening to others who replied to your topic.

In fact, what's the purpose of all those questions? It looks like you think you know the answer for all those and pay shit for other oppinions.
You praise BGman's answer because it seems to be about the same that you think about how things work.

Quote:

BGman wrote:
One can find VSC commands by "sniffing" some demo versions of programs like WDR, SeDiv, SHT, etc....
And the best "sniffing" instrument for this purpose is the HDD itself.
Some commands can be found by "trials and errors". From t13 we know what to put in CR and just remains to figure out what to put in FR...

100% perfect answer regerding that post.

Kind regards
Waqas Ali



But it is simply not true, and if you still want to think that way, it's up to you, but then, again, what is this thread for???
Do you want to find out something about the matter or just tell us your truth?

pepe

(FYI diag ovls are full of names just to name one thing, not even compressed, i wonder if you really never looked at those...)

_________________
Adatmentés - Data recovery
No bitcoin donations :)


Top
 Profile  
 
 Post subject: Re: Question about Vendor Specific Commands
PostPosted: April 4th, 2020, 20:23 
Offline

Joined: July 6th, 2013, 15:13
Posts: 327
Location: ISLAMABAD
pepe wrote:
Look, i think you are wrong at several points:
- nobody is able to figure out function and name of firmware objects without help of factory sw/info
- nobody is able to figure out VSCs without sniffing factory sw
- saying the above 2 several times not listening to others who replied to your topic.

In fact, what's the purpose of all those questions? It looks like you think you know the answer for all those and pay shit for other oppinions.
You praise BGman's answer because it seems to be about the same that you think about how things work.

Quote:

BGman wrote:
One can find VSC commands by "sniffing" some demo versions of programs like WDR, SeDiv, SHT, etc....
And the best "sniffing" instrument for this purpose is the HDD itself.
Some commands can be found by "trials and errors". From t13 we know what to put in CR and just remains to figure out what to put in FR...

100% perfect answer regerding that post.

Kind regards
Waqas Ali



But it is simply not true, and if you still want to think that way, it's up to you, but then, again, what is this thread for???
Do you want to find out something about the matter or just tell us your truth?

pepe

(FYI diag ovls are full of names just to name one thing, not even compressed, i wonder if you really never looked at those...)




Dear Pepe,

i not want to disappoint any one.

If some one says that there is a possibility to get VSC Command without a factory software. kindly show

i am ready to pay him for his effort to show VSC Commands find Method without Using an Analyzer Tool.

But only talk talk talk talk is not good.


i ask a simple question in the post. that from where VSC commands come?
Because as i know we extract them from factory software. May be i was wrong, that's why i ask

I get the answer from the Pro Already, after that post.




I know what names are in the ROM.

My basic question was , From Where people Get ATA Command.

If some one here, who can get VSC command without Factory software.

i am ready to pay him to buy the commands.


Last edited by waqas_ali766 on April 4th, 2020, 20:34, edited 1 time in total.

Top
 Profile  
 
 Post subject: Re: Question about Vendor Specific Commands
PostPosted: April 4th, 2020, 20:30 
Offline

Joined: July 6th, 2013, 15:13
Posts: 327
Location: ISLAMABAD
Did some one here show any thing ?

Every one is talking talking talking, writing long msgs.

where is the Solution for my VSC Command Question ?

if some one know how to get VSC command without Factory software, message me in private.

but i not Get message in my private box, or in the Post. which is use full.


No one show any thing about VSC Commands. Only talk talk talk, Where is solution of Getting VSC Command without Software ?



I showed my software photos here in the post. if i have the VSC, that why i show, and i proof my self that i have VSC, and i already mention that i copy from Factory Softwares



Regarding Names in the ROM.
I already uploaded the picture here in the post, that i know the names, and how to get. it was not in the ROM.bin file

If some one says that rom.bin have names Show with some proof atleast.

Here 1 person show only with CPRS, then i tell him to show RAP CAP SAP Names in the rom, then he says its encrypted.
i not ask him to show method. i just say him to simply show a picture or RAP CAP SAP in the ROM.bin file

Almost every one can Get that CPRS name by using any Hex Editor.




If some one not have the answer, simple is to not reply on the post.

So the post remain to the point.


Kind Regards
Waqas Ali


Top
 Profile  
 
 Post subject: Re: Question about Vendor Specific Commands
PostPosted: April 4th, 2020, 22:54 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 12419
Location: Australia
waqas_ali766 wrote:
Here 1 person show only with CPRS, then i tell him to show RAP CAP SAP Names in the rom, then he says its encrypted.
i not ask him to show method. i just say him to simply show a picture or RAP CAP SAP in the ROM.bin file

AIUI, @pepe is saying that there are no module names in the ROM, even after decompression.
pepe wrote:
you cannot find RAP, CAP etc strings in rom for two reasons: most of the rom code (bootfw) is compressed, and it does not contain such strings even after decompression.

The only reference to encryption is here:
eaxi wrote:
If someone is concerned with Seagate - I can recommend STECON cracking - this is VERY educational. The first and usually the last :) barrier for average user is extracting SeaScripts from these distributions. They are encrypted by proprietary algorithm.

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: Question about Vendor Specific Commands
PostPosted: April 6th, 2020, 9:02 
Offline

Joined: October 24th, 2005, 17:04
Posts: 254
waqas_ali766 wrote:
i not ask him to show method. i just say him to simply show a picture or RAP CAP SAP in the ROM.bin file

RAP strings can be found in ROM. It is used in ^ X
-RELD_RAP
-FIX_RAP
Code:
     00000000 5345 454B 0058 4652 5F41 4C54 0058 4652 SEEK.XFR_ALT.XFR
     00000010 0052 445F 4348 4E4C 0053 5256 5F4D 454D .RD_CHNL.SRV_MEM
     00000020 0053 5256 5F46 4C57 0044 4954 4800 4449 .SRV_FLW.DITH.DI
     00000030 5448 5F57 5200 4341 4C00 4552 415F 5452 TH_WR.CAL.ERA_TR
     00000040 4B00 4644 4200 464D 545F 5452 4B00 464D K.FDB.FMT_TRK.FM
     00000050 545F 5359 5300 464D 545F 554E 5400 4844 T_SYS.FMT_UNT.HD
     00000060 5F52 4553 0048 5452 5F52 4553 0047 4554 _RES.HTR_RES.GET
     00000070 5F52 5646 4600 4143 4646 5F52 4543 414C _RVFF.ACFF_RECAL
     00000080 0054 454D 5000 5457 4B5F 4648 0056 4F4C .TEMP.TWK_FH.VOL
     00000090 5400 4844 5F44 4941 4700 4844 5F53 504B T.HD_DIAG.HD_SPK
     000000A0 0052 4541 4C4C 4F43 004D 524B 5F50 4E44 .REALLOC.MRK_PND
     000000B0 0048 445F 4648 0056 434D 5F54 454D 5000 .HD_FH.VCM_TEMP.
     000000C0 4D45 4D5F 4442 4700 5052 4F43 5F44 4C00 MEM_DBG.PROC_DL.
     000000D0 5343 5242 5F44 4C00 5052 4F43 5F47 444C SCRB_DL.PROC_GDL
     000000E0 0052 4546 5F53 5256 5F4D 454D 0052 454C .REF_SRV_MEM.REL
     000000F0 445F 5241 5000 4552 525F 5241 5445 0044 D_RAP.ERR_RATE.D
     00000100 4C00 5352 565F 4543 0053 434E 5F44 4643 L.SRV_EC.SCN_DFC
     00000110 5400 5345 4C46 5F53 4B00 534B 5F54 554E T.SELF_SK.SK_TUN
     00000120 4500 534E 445F 5352 5600 4649 585F 5241 E.SND_SRV.FIX_RA
     00000130 5000 4445 504F 5000 494E 4954 5F44 4954 P.DEPOP.INIT_DIT
     00000140 4800 5045 5300 5052 4541 4D50 0053 4554 H.PES.PREAMP.SET
     00000150 5F56 4F4C 5400 5A41 5000 5350 4E5F 5550 _VOLT.ZAP.SPN_UP
     00000160 0053 504E 5F44 4E00 5A4C 5200 554E 4D52 .SPN_DN.ZLR.UNMR
     00000170 4B00 5443 4300 414C 545F 544F 4E45 0058 K.TCC.ALT_TONE.X
     00000180 4652 5F54 524B 0058 4652 5F57 4447 0050 FR_TRK.XFR_WDG.P
     00000190 5752 0043 4C52 5F41 4C54 004C 4154 4348 WR.CLR_ALT.LATCH
     000001A0 0053 565F 414C 5400 4D41 544C 4142 0053 .SV_ALT.MATLAB.S
     000001B0 5745 4550 0043 4C52 5F53 4C49 5000 4641 WEEP.CLR_SLIP.FA
     000001C0 5F41 4648 0054 574B 5F57 525F 5057 5200 _AFH.TWK_WR_PWR.
     000001D0 5345 4332 524C 4C00 5357 4400 434C 525F SEC2RLL.SWD.CLR_
     000001E0 414C 545F 454E 5400 4144 4A5F 434C 5200 ALT_ENT.ADJ_CLR.
     000001F0 4641 4C4C 0058 4652 5F53 4543 0044 4953 FALL.XFR_SEC.DIS
     00000200 435F 534C 4950 0052 455F 414C 5400 5253 C_SLIP.RE_ALT.RS
     00000210 545F 5256 4646 004C 4241 2000 5042 4120 T_RVFF.LBA .PBA
     00000220 0053 4543 2000 5452 4B20 0057 4447 2000 .SEC .TRK .WDG .
     00000230 5553 5220 0053 5953 2000 534F 4420 0053 USR .SYS .SOD .S
     00000240 4944 2000 5244 2000 434D 5020 0043 5254 ID .RD .CMP .CRT
     00000250 2000 5752 2000 004D 5831 4100 3134 3234  .WR ..MX1A.1424
     00000260 3037 0045 7874 2054 6573 7420 5365 7276 07.Ext Test Serv
     00000270 6963 6520 5344 4250 2044 4642 0045 7874 ice SDBP DFB.Ext
     00000280 2054 6573 7420 5365 7276 6963 6520 5344  Test Service SD
     00000290 4250 2044 5342                          BP DSB


Top
 Profile  
 
 Post subject: Re: Question about Vendor Specific Commands
PostPosted: April 6th, 2020, 9:52 
Offline

Joined: October 24th, 2005, 17:04
Posts: 254
+ "RAP FW Implementation Key:" ^L


Top
 Profile  
 
 Post subject: Re: Question about Vendor Specific Commands
PostPosted: April 6th, 2020, 11:24 
Offline

Joined: October 3rd, 2005, 0:40
Posts: 3080
Location: Hungary
it does not come from ROM code, i already told where these are.

pepe

_________________
Adatmentés - Data recovery
No bitcoin donations :)


Top
 Profile  
 
 Post subject: Re: Question about Vendor Specific Commands
PostPosted: April 6th, 2020, 12:13 
Offline

Joined: October 24th, 2005, 17:04
Posts: 254
pepe wrote:
it does not come from ROM code, i already told where these are.
pepe

what? :shock:
Code:
F3 C>Q
...
Online ^L: Rev 0013.0000, Flash,   Display Sign On Message
...
Online ^X: Rev 0011.0000, Flash,   Display Native Interface and Read/Write Command
...


Top
 Profile  
 
 Post subject: Re: Question about Vendor Specific Commands
PostPosted: April 6th, 2020, 12:31 
Offline

Joined: October 3rd, 2005, 0:40
Posts: 3080
Location: Hungary
Ok, indeed it depends on the fw being QNR or not, but most of the useful stuff is not in rom even if not QNR.
pepe

_________________
Adatmentés - Data recovery
No bitcoin donations :)


Top
 Profile  
 
 Post subject: Re: Question about Vendor Specific Commands
PostPosted: April 6th, 2020, 15:19 
Offline

Joined: October 24th, 2005, 17:04
Posts: 254
these useful services (T> J, 2> I, ..) interface to rom objects
and what's the difference that the names of these objects are defined outside of ROM?


Top
 Profile  
 
 Post subject: Re: Question about Vendor Specific Commands
PostPosted: April 6th, 2020, 16:05 
Offline

Joined: October 3rd, 2005, 0:40
Posts: 3080
Location: Hungary
nothing, but Ali wanted us to show those strings in ROM. To me it is more than demanding... this WHOEVER KNOWS TELL ME IMMEDIATELY OR KEEP YOUR MOUTH SHUT UP etc.

_________________
Adatmentés - Data recovery
No bitcoin donations :)


Top
 Profile  
 
 Post subject: Re: Question about Vendor Specific Commands
PostPosted: April 6th, 2020, 16:08 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 12419
Location: Australia
I think the question goes beyond the existence of references to RAP, CAP, SAP strings in the ROM. AIUI, there are no references to other sections such as Shell, etc, or am I wrong?

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: Question about Vendor Specific Commands
PostPosted: April 6th, 2020, 16:48 
Offline

Joined: July 6th, 2013, 15:13
Posts: 327
Location: ISLAMABAD
Hi Again

Here is the Brief about the ROM Sections

Here i Decompress ROM and assign the names Manually depends on there ID Number.


Attachment:
ROM Decompress.jpg
ROM Decompress.jpg [ 306.08 KiB | Viewed 1146 times ]



And after that here is the windows, where is ready for user.

Attachment:
ROM Names Refrence.jpg
ROM Names Refrence.jpg [ 388.38 KiB | Viewed 1149 times ]



Attachment:
TPM Picture.jpg
TPM Picture.jpg [ 385.62 KiB | Viewed 1149 times ]




So we Get the RAP CAP SAP ID from the ROM.bin
and by programming we Set the String Names to the ID.

As i do .

I hope now every one know that we cannot get Names without Factory info.

From ROM, we can decompress to get ID only, not the names.

i think eaxi says, that i can get the Names from ROM, and he show by IDA Pro the CPRS names,
But when i ask him RAP CAP SAP Names, he not reply any more.


if i am doing wrong to get those names, please Correct me, so i can do it more good way , and add in my Software.

here is the ROM file which i used to show RAP CAP SAP names and id , for Example only

Attachment:
ROM _Decompress.zip [462.45 KiB]
Downloaded 42 times


Kind Regards


Top
 Profile  
 
 Post subject: Re: Question about Vendor Specific Commands
PostPosted: April 6th, 2020, 18:55 
Offline

Joined: October 24th, 2005, 17:04
Posts: 254
names and even id do not matter.
80h added to each id number
https://yadi.sk/i/FSmK-TgPmruX5A
this is a fully working ROM :)


Top
 Profile  
 
 Post subject: Re: Question about Vendor Specific Commands
PostPosted: April 6th, 2020, 19:16 
Offline

Joined: March 25th, 2018, 16:39
Posts: 25
Location: Europe
Dear Ali,
You have great difficulties with understanding English. This is not my native language also, as readers can easily conclude :), but I hope my posts are understandable, on contrary to yours.
You wrote:
"i think eaxi says, that i can get the Names from ROM"
You are completely wrong. I didnt' say, that there are text "names" of ROM modules in ROM. They arent'. :) ROM modules names can be extracted from p.e. factory logs, but you are unable to do it. You have just copied ROM modules names from public net resources and you didnt' make any your own reversing.
"and he show by IDA Pro the CPRS names"
I didnt' show any "CPRS names". What are "CPRS names" ??? You mean "CPRS" marker in compressed parts of ROM? It's not "CPRS name". It's a marker like "MZ" in exe, "PK" in zip, "Rar!" in rar, etc.
About IDA:
You uploaded an image of module which you extracted from flash-rom using F3ROMExplorer, asking what's its name. It has no name. There is no reason to give public name for part of low-level code, which is unusable apart. It's part of DL_CFW, loaded to [0], present in every ARM embedded code - interrupt table, interrupt service routines, etc.
You uploaded a file "ROM _Decompress.zip". Nothing is "decompressed" by you here. It's normal ROM, including compressed sections also, like DL_SFW. You didnt' decompress anything of it, so dont' call it "ROM _Decompress"... :)
You wrote "here is the Original TPM file"
It's not "TPM file". It's a part of factory log, present on many disks after normal factory disk initialization. It described Seagate's TPM file use, not TPM written or owned by you.
..
I suppose you try to get knowledge from others, p.e. how to download ROM by ATA. You hope people will share knowledge with you FOR FREE, and then you will use it in your "software".. FOR SALE. Really funny :)


Top
 Profile  
 
 Post subject: Re: Question about Vendor Specific Commands
PostPosted: April 6th, 2020, 19:54 
Offline

Joined: July 6th, 2013, 15:13
Posts: 327
Location: ISLAMABAD
eaxi wrote:
Dear Ali,
You have great difficulties with understanding English. This is not my native language also, as readers can easily conclude :), but I hope my posts are understandable, on contrary to yours.
You wrote:
"i think eaxi says, that i can get the Names from ROM"
You are completely wrong. I didnt' say, that there are text "names" of ROM modules in ROM. They arent'. :) ROM modules names can be extracted from p.e. factory logs, but you are unable to do it. You have just copied ROM modules names from public net resources and you didnt' make any your own reversing.
"and he show by IDA Pro the CPRS names"
I didnt' show any "CPRS names". What are "CPRS names" ??? You mean "CPRS" marker in compressed parts of ROM? It's not "CPRS name". It's a marker like "MZ" in exe, "PK" in zip, "Rar!" in rar, etc.
About IDA:
You uploaded an image of module which you extracted from flash-rom using F3ROMExplorer, asking what's its name. It has no name. There is no reason to give public name for part of low-level code, which is unusable apart. It's part of DL_CFW, loaded to [0], present in every ARM embedded code - interrupt table, interrupt service routines, etc.
You uploaded a file "ROM _Decompress.zip". Nothing is "decompressed" by you here. It's normal ROM, including compressed sections also, like DL_SFW. You didnt' decompress anything of it, so dont' call it "ROM _Decompress"... :)
You wrote "here is the Original TPM file"
It's not "TPM file". It's a part of factory log, present on many disks after normal factory disk initialization. It described Seagate's TPM file use, not TPM written or owned by you.
..
I suppose you try to get knowledge from others, p.e. how to download ROM by ATA. You hope people will share knowledge with you FOR FREE, and then you will use it in your "software".. FOR SALE. Really funny :)




ROM _Decompress , this is original rom, which i open i my srs software to show rap cap sap


Are you serious, can't you see my software there, i open in my software SRS, not in F3ROMExplorer


I de-compres the ROM in SRS, to show all things, and in SRS i show in RAP CAP SAP Copy 0

If you don't even know about TPM files please don't say thing about that.

i know that at your point the TPM files looks like this,
Attachment:
TPM Text for ROM Write.txt [12.6 KiB]
Downloaded 57 times




i think you not saw the pictures which i uploaded with that Decompress ROM. you just take the ROM. open and check, Off course its the original rom.

my own research is enough to add in my software.


Small Video for Sir Eaxi

"You uploaded an image of module which you extracted from flash-rom using F3ROMExplorer, asking what's its name."

There is nothing extracted from F3rom Explorer.
I my point of view, you are using F3ROMExplorer too much times. that's why you think that every thing is from F3 ROM Explorer

Kindly Watch the Video.

i hope you will understand.

Kind Regards
Waqas Ali


Attachments:
SRS ROM Explorer.zip [16.59 MiB]
Downloaded 53 times
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 41 posts ]  Go to page Previous  1, 2, 3  Next

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Google [Bot] and 15 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group