AISI, there is no password in the client's flash memory. The differences in your firmware dumps are only in the serial number.
Code:
D:\Temp\HDD\Firmware\Buffalo>dir
BUFFO-~1 131,072 03-26-11 6:04p buffo-Org-Chip--Encrypted
BUFFO-~2 131,072 03-27-11 7:05p buffo-Org-Chip--Mine
D:\Temp\HDD\Firmware\Buffalo>fc /b buffo-~1 buffo-~2
Comparing files buffo-Org-Chip--Encrypted and buffo-~2
0000100B: 02 05
0000100C: F7 D2
0000100D: 56 BB
If there is any password, are you sure it isn't just an ordinary ATA password that is written to the drive?
BTW, when you say "cannot access data", do you mean that the data are encrypted, or do you mean that the user LBAs cannot be accessed at all?
Although the INIC-1615 datasheet doesn't mention it, is it possible that each Initio bridge chip has some customised ROM data??? BTW, is it an INIC-1607E or INIC-1615?
Could it be that the unique serial number in the flash memory is somehow linked to a particular HDD? Is it possible that the HDD has a copy of the bridge serial number in its VCD area or in the user LBAs beyond the VCD???
The LinkStation thread indicates that the visible user area consists of "623872560 512-byte logical blocks". I would dump the LBAs between sector 623872560 and the end of the drive. Do this for both drives and compare them.
If there is no difference, then is there a small HPA? Could the drive have a password or key that is derived from the serial number in the flash? Did you try your client's bridge with your new HDD, after writing your own flash code to it?
FAQ
Search
Login
Register
HDDGURU FILES
