i run hello world, but i have question !
after running the payload the thump drive memory appearing in windows explorer, but i can't access the usb memory space ! is it my fault, or in normal condition it is not accessible after payload injection in firmware ?

Hi,

I tried to flash a USB thumb drive with a 2251-03Q controller:

C:\tmp\Psychson-master>tools\DriveCom.exe /drive=D /action
=SendFirmware /burner=BN03V104M.BIN /firmware=fw.bin
Action specified: SendFirmware
Gathering information...
Reported chip type: 2303
Reported chip ID: 98-DE-98-92-72-D7
Reported firmware version: 1.10.53
Mode: Firmware
Switching to boot mode...
Rebooting...
Sending firmware...
Executing...
FATAL: System.InvalidOperationException: DeviceIoControl failed: 0079
at DriveCom.PhisonDevice._SendCommand(SafeFileHandle handle, Byte[] cmd, Byte
[] data, Int32 bytesExpected) in c:\Users\bofh\Desktop\BadUSB\Psychson-master\Dr
iveCom\DriveCom\PhisonDevice.cs:line 366
at DriveCom.Startup._RunFirmware(String fileName) in c:\Users\bofh\Desktop\Ba
dUSB\Psychson-master\DriveCom\DriveCom\Startup.cs:line 443
at DriveCom.Startup.Main(String[] args) in c:\Users\bofh\Desktop\BadUSB\Psych
son-master\DriveCom\DriveCom\Startup.cs:line 115

The drive seems to be bricked: it doesn't show up anymore and is not detectable in any way I'm aware of (drive letter / low level USB monitor etc.).

Do you have any clues about what went wrong and if it's possible to unbrick the device? Thanks!

Cheers,

Jeroen

Anyone experience with "Kingston USB-Stick 3.0 - DataTraveler G4, 8GB", does it work?

This Stick has a Phison 2251-07 (2307)

Hi,

Windows 7 x64 reports an "Unidentified Device" when I tried to run the HID example. I'm connecting to an USB 2.0 port. Steps I've followed:

1 - compiled /firmware/bin/fw.bin.
2 - created keys.txt:

  GUI r
  DELAY 50
  STRING notepad.exe
  ENTER
  DELAY 100
  STRING Hello World!

3 - java -jar encoder.jar -i keys.txt -o inject.bin

  Hak5 Duck Encoder 2.6.3
  Loading File .....              [ OK ]
  Loading Keyboard File .....     [ OK ]
  Loading Language File .....     [ OK ]
  Loading DuckyScript .....       [ OK ]
  DuckyScript Complete.....       [ OK ]

4- copy fw.bin (step 1) to hid.bin and embed inject.bin, EmbedPayload.exe inject.bin hid.bin:

  File updated.

5 - flash the updated hid.bin to the USB stick:

  C:\tmp>tools\DriveCom.exe /drive=D /action=SendFirmware /burner=BN03V104M.BIN /firmware=hid.bin
  Action specified: SendFirmware
  Gathering information...
  Reported chip type: 2303
  Reported chip ID: 98-DE-92-72-14-14
  Reported firmware version: 1.01.10
  Mode: BootMode
  Rebooting...
  Sending firmware...
  Executing...
  Mode: Firmware

  C:\tmp>tools\DriveCom.exe /drive=D /action=GetInfo
  Action specified: GetInfo
  Gathering information...
  Reported chip type: 2303
  Reported chip ID: 98-DE-98-92-72-D7
  Reported firmware version: 0.99.53
  Mode: Firmware

5 - remove and plugin the USB stick, waiting for a notepad, magically typing Hello World!

However, instead of a notepad, a new hardware found windows pops up, telling me that an "Unidentified Device" is found. The result after looking for a driver: "No driver found". So no HID and no notepad :(

I've tried sending hid.bin with all burner images (BN03V1*.BIN). In some cases the uploading fails. In all successful cases the "Unidentified Device" is found.

Am I doing something wrong? Any clues about what the problem is? Thanks!

Has anybody been able to get the payload (Hello World) executed with Windows 8.1 64 bit?

I've successfully sent the firmware with the embedded hello world payload to the drive - replugged it - but the notepad didn't appear. I've tried USB2 and USB3 ports, nothing happened.

On Windows 7 it seems to work.

Docs are missing clarity. I builded everything and almost ready to flash my payload, but I don't get one thing: what is a "custom firmware" wiki talks about?

I have an original FW (downloaded elsewhere, same version, as my drive has now) and a burner for my 2251-67 (2267). I've generated a hello world payload. Next step? ...

I guess I need to rename my FW file, put it somewhere and run the buit.bat - seems it compiles stuff, checks my FW, patches it and then I can inject my payload?

Dumb question:

define NUM_LBAS 0xE6C980UL

Should this be hexadecimal?
I get 01d88000 as GetNumLBAs and I set it to 0x01d87900

I have a Patriot 32GB Supersonic Xpress,can I use it to flash your firmware and source code? thanks

Moving 2307 from #3 to here.

I wish i could open the firmware, patched and/or the stock one with IDA, but the CFW is recognized as binary, where the autoanalysis have to start? what's the address?
Thanks

I tried to flash the custom FW(injected) and the dumped one - everytime resulting in this error:

c:\Users\-\Desktop\Psychson-master\tools>DriveCom.exe /drive=D /action=SendFirmw
are /burner=BN03V117M.BIN /firmware=fw.bin
Action specified: SendFirmware
Gathering information...
Reported chip type: 2303
Reported chip ID: 98-DE-98-92-72-D7
Reported firmware version: 1.07.53
Mode: Firmware
Switching to boot mode...
FATAL: System.InvalidOperationException: DeviceIoControl failed: 0079
   at DriveCom.PhisonDevice._SendCommand(SafeFileHandle handle, Byte[] cmd, Byte
[] data, Int32 bytesExpected) in c:\Users\-\Desktop\Psychson-master\DriveCom\Dri
veCom\PhisonDevice.cs:line 365
   at DriveCom.PhisonDevice.SendCommand(Byte[] cmd, Byte[] data) in c:\Users\-\D
esktop\Psychson-master\DriveCom\DriveCom\PhisonDevice.cs:line 314
   at DriveCom.PhisonDevice.SendCommand(Byte[] cmd) in c:\Users\-\Desktop\Psychs
on-master\DriveCom\DriveCom\PhisonDevice.cs:line 304
   at DriveCom.PhisonDevice.JumpToPRAM() in c:\Users\-\Desktop\Psychson-master\D
riveCom\DriveCom\PhisonDevice.cs:line 228
   at DriveCom.Startup._ExecuteImage(String fileName) in c:\Users\-\Desktop\Psyc
hson-master\DriveCom\DriveCom\Startup.cs:line 404
   at DriveCom.Startup._SendFirmware() in c:\Users\-\Desktop\Psychson-master\Dri
veCom\DriveCom\Startup.cs:line 375
   at DriveCom.Startup.Main(String[] args) in c:\Users\-\Desktop\Psychson-master
\DriveCom\DriveCom\Startup.cs:line 114

After this error, the drive is getting disconnected and needs to be replugged to work again.
Any ideas?

I successfully configured the required environment and got the correct Burner .bin and the supported Supersonic Patriot USB.

After writing the changed firmware, when I connect the USB to Windows, it shows a "USB Composite Device" with an exclamation mark and "This device cannot start. (Code 10)".

I saw some reports of people saying that although a USB 3.0 stick is required, it only works on a USB 2.0 port after the custom firmware is written on the USB Stick. I personally don't have any USB 2.0 port on any of my machines to test. So I just wanted to confirm if anyone is having that problem too.

I can still write new firmwares or the original firmware to the stick, by forcing windows to use a mass storage device driver on that USB device, so it assigns a letter to it (although unusable in the sense of a mass storage device).

In short, is that working as intended (to only work on usb 2.0 ports after flashed)? Anyone experiencing the same/similar problem?

It will be really nice if the build scripts will work on different OS than Win.

Quick and dirty prototype can be found here - https://github.com/korczis/Psychson/blob/master/firmware/build.rb

If there will be demand I can completely rewrite all build scripts to ruby.

I dumped a firmware (1.03.53) and then reflashed it without altering.
I get this error:

Action specified: SendFirmware
Gathering information...
Reported chip type: 2303
Reported chip ID: herebeID
Reported firmware version: 1.03.53
Mode: Firmware
Switching to boot mode...
FATAL: System.InvalidOperationException: DeviceIoControl failed: 0079
at DriveCom.PhisonDevice._SendCommand(SafeFileHandle handle, Byte[] cmd, Byte
[] data, Int32 bytesExpected) in c:\Users\USER\Desktop\Psychson-master\Psyc
hson-master\DriveCom\DriveCom\PhisonDevice.cs:line 365
at DriveCom.PhisonDevice.SendCommand(Byte[] cmd, Byte[] data) in c:\Users\USER\Desktop\Psychson-master\Psychson-master\DriveCom\DriveCom\PhisonDevice.cs
:line 314
at DriveCom.PhisonDevice.SendCommand(Byte[] cmd) in c:\Users\USER\Deskto
p\Psychson-master\Psychson-master\DriveCom\DriveCom\PhisonDevice.cs:line 304
at DriveCom.PhisonDevice.JumpToPRAM() in c:\Users\USER\Desktop\Psychson-
master\Psychson-master\DriveCom\DriveCom\PhisonDevice.cs:line 228
at DriveCom.Startup._ExecuteImage(String fileName) in c:\Users\USER\Desk
top\Psychson-master\Psychson-master\DriveCom\DriveCom\Startup.cs:line 404
at DriveCom.Startup._SendFirmware() in c:\Users\USER\Desktop\Psychson-ma
ster\Psychson-master\DriveCom\DriveCom\Startup.cs:line 375
at DriveCom.Startup.Main(String[] args) in c:\Users\USER\Desktop\Psychso
n-master\Psychson-master\DriveCom\DriveCom\Startup.cs:line 114

Hi all,

Im trying to patch my firm but Im getting this errors all the time:

*** Generating C .h file...
Action: GenerateHFile
Firmware image: fw.bin
WARNING! This firmware version has not been verified to work with t

Output file: equates.h
Generating .h file...
Done.
*** Building base.c...
base.c:69: error 20: Undefined identifier 'scsi_tag'
base.c:69: error 22: Array or pointer required for '[]' operation
base.c:70: error 20: Undefined identifier 'scsi_tag'
base.c:70: error 22: Array or pointer required for '[]' operation
base.c:71: error 20: Undefined identifier 'scsi_tag'
base.c:71: error 22: Array or pointer required for '[]' operation
base.c:72: error 20: Undefined identifier 'scsi_tag'
base.c:72: error 22: Array or pointer required for '[]' operation
base.c:190: error 20: Undefined identifier 'scsi_cdb'
base.c:190: error 22: Array or pointer required for '[]' operation
base.c:194: error 20: Undefined identifier 'scsi_cdb'
base.c:194: error 22: Array or pointer required for '[]' operation
base.c:198: error 20: Undefined identifier 'scsi_cdb'
base.c:198: error 22: Array or pointer required for '[]' operation
base.c:198: error 20: Undefined identifier 'scsi_cdb'
base.c:198: error 22: Array or pointer required for '[]' operation
base.c:198: error 78: incompatible types
from type 'void'
to type 'volatile-unsigned-char xdata* fixed'
base.c:204: error 20: Undefined identifier 'scsi_cdb'
base.c:204: error 22: Array or pointer required for '[]' operation
base.c:204: error 20: Undefined identifier 'scsi_cdb'
base.c:204: error 22: Array or pointer required for '[]' operation
base.c:204: error 78: incompatible types
from type 'void'
to type 'volatile-unsigned-char xdata* fixed'
base.c:204: error 20: Undefined identifier 'scsi_cdb'
base.c:204: error 22: Array or pointer required for '[]' operation
base.c:210: error 20: Undefined identifier 'scsi_cdb'
base.c:210: error 22: Array or pointer required for '[]' operation
base.c:210: error 27: Pointer required
base.c:216: error 20: Undefined identifier 'scsi_cdb'
base.c:216: error 22: Array or pointer required for '[]' operation
base.c:216: error 27: Pointer required
base.c:216: error 20: Undefined identifier 'scsi_cdb'
base.c:216: error 22: Array or pointer required for '[]' operation
base.c:239: error 20: Undefined identifier 'scsi_cdb'
base.c:239: error 22: Array or pointer required for '[]' operation
base.c:239: error 43: invalid operand for shift operator
base.c:239: warning 113: left & right types are
void,const-unsigned-char literal
base.c:239: error 47: indirections to different types assignment
from type 'void'
to type 'unsigned-long-int fixed'

And so on, looks like for some reason the array scsi_cdb is not being set propertly, can somebody give me a hand please? I have tried with all three functions with similar results and the only think I could find was in equates.h:

__xdata __at 0xB000 BYTE EPBUF[1024];

Im not really sure what this does :(

Thanks in advance!

Hello .
I wanna see is it possible to make a firmware for Composite Device; Mass Storage & Keyboard ?
This is needed for running payloads like https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload---copy-file-to-desktop

SO for example i wrote custom payload, which contains only string, and injected it into phison firmware, now i would like to make an app to read this string using deviceiocontrol, how can i do it?

I am trying to test the HID Payload but can’t find the CFW.bin file within any of the directories. Could you please let me know how or where I can obtain this file?
Thank you and kind regards,

Hi when I execute embedpayload.exe inject.bin hid.bin
I get
Signature Not Found!
Is the hid.bin still safe to flash?

For my understanding: what is a burner image and why is it used? If I loop

  tools\DriveCom.exe /drive=D /action=DumpFirmware /burner=BN03Vyyyz.BIN /firmware=fw-original_BN03Vyyyz.bin

with all PS2251-03 burner images, the resulting firmware are all different, checked with md5sum:

  8240ae5e354bfb784e872a5d86620f49 *fw-original_bn03v101.bin
  3cba25880d9f06e6258d205a46aed1bd *fw-original_bn03v101m.bin
  febec9c0cf620cf04d317e512578bad0 *fw-original_bn03v103.bin
  44a7779b3149dbafce300a953dfd82a7 *fw-original_bn03v103m.bin
  a8c03e65ab40ec0641598a9461b9b40a *fw-original_bn03v104m.bin
  078c5ceb3dc7b3f7d9f98e69fd802704 *fw-original_bn03v114m.bin
  608a6b52da7337f51b9ade6815a85f0f *fw-integral_bn03v117m.bin

This is not in accordance with https://github.com/adamcaudill/Psychson/wiki/Obtaining-a-Burner-Image ("version number (irrelevant)"):

  where xx is the controller version (such as 03 for PS2251-03 (2303)), yyy is the version number (irrelevant), and z indicates the page size.

Is it possible to determine which burner image is the correct one for my device since I can imagine that sending firmware will also result in different results in the chip's internals? Or might there be another explanation for the differences? Thanks!

Patriot Supersonic Xpress - PSF16GXPUSB 16GB USB3

will this one work, too?

Thank you for the release and for the documenting on the wiki. tools\DriveCom.exe is mentioned in the wiki but is not exist.

Hi

i just got this error :

C:\Psychson\tools>DriveCom.exe /drive=K /action=SendFirmware /burner=BN03V104M.BIN /firmware=fw.bin

Action specified: SendFirmware
Gathering information...
Reported chip type: 2303
Reported chip ID: 98-DE-84-93-72-57
Reported firmware version: 1.01.10
Mode: BootMode
FATAL: System.InvalidOperationException: Header not accepted
at DriveCom.PhisonDevice.TransferFile(Byte[] data, Byte header, Byte body) in c:\Users\Brandon\Documents\GitHub\PS2251-03\DriveCom\DriveCom\PhisonDevice.cs:line 256
at DriveCom.PhisonDevice.TransferFile(Byte[] data) in c:\Users\Brandon\Documents\GitHub\PS2251-03\DriveCom\DriveCom\PhisonDevice.cs:line 238
at DriveCom.Startup._ExecuteImage(String fileName) in c:\Users\Brandon\Documents\GitHub\PS2251-03\DriveCom\DriveCom\Startup.cs:line 403
at DriveCom.Startup._SendFirmware() in c:\Users\Brandon\Documents\GitHub\PS2251-03\DriveCom\DriveCom\Startup.cs:line 375
at DriveCom.Startup.Main(String[] args) in c:\Users\Brandon\Documents\GitHub\PS2251-03\DriveCom\DriveCom\Startup.cs:line 114

my USB stick is Patriot Supersonic BOOST 8 Gig

thanks

Hi,
I want to buy some USB and i need to know for sure what USB it the cheapest to buy and i check that it work fine with the source code?

Hi.
I've found 8GB Kingston DataTraveler 3.0 T111 in the list of supported devices,
the question is: 16-64GB versions supported?

Hello,

I followed the instructions and "Hello world" is not working on USB 3.0. But it is working on USB 2.0?

Your Wiki says that All Phison-based USB 2.0 devices aren't supported.
Why?

It have anyway to run on it(*nix) witout using wine or smting like this?
Or need to rewrite code for it?

(psSorry for my bad English)

Why the Kingston DT100G3/8GB) is become incompatible?
I saw you write Devices to be confirmed was include dt100 the other day,but today is in Devices known to be incompatible,why?Are you test?thanks

If a USB stick does not work with the firmware file created in firmware/build.bat but with a firmwarefile from the firmware_ps2251-03.rar archive, how can I create a custom firmware (and inject something) from the file from the archive?

Demo 1, to emulate a keyboard (https://github.com/adamcaudill/Psychson#running-demo-1-hid-payload) worked ok. However, since the "keyboard" now has no drive letter, how do I revert the USB stick to normal operation?

hello, first place good job,
I needed a little help, how can I Obtaining the Image Burner
thank you

Hi,
I have usb with a chipset of Phison 2251-03 and i run the command for SendFirmware and after that the usb stop responding and i can not see it when i connect it to my computer.
Does any one familiar with this issue?

The microcontrollers shouldn't be too different... Editing the firmware for 2251-03 in order to support 2251-07 should be a pretty easy job for someone with some knowledge about this kind of stuff.

Most of the USB 3.0 flash drives are using 2251-07 microcontroller. Supporting it would be pretty awesome.

Hi,
I am trying to open the project file for drivecom in visual studio express 2012, and I get several errors:

DriveCom.csproj: Fehler in Zeile 5. "SYSTEM or PUBLIC" erwartet, aber ">" gefunden.
(Error in Line 5, "SYSTEM or PUBLIC" expected but was ">")
and
Cant load Project File, unexpected Token found in Line 33, Position 71. Expected "=" but was ">"

I get those errors in German, so I just translated it.
I would like to compile it, but I even dont get the chance to load the project.

Anyone here who can help?
Thx

Del.

Patriot Supersonic Xpress only ?

Hi, I generated a RubberDucky script via http://www.ducktoolkit.com and downloaded the .bin file. I embedded it on to custom firmware and... nothing. After sendng it to ducky the drive is not doscovered and no matter what's in the script NOTHING gets executed. (embedding and sending firmware both ended "successfully" or so was written in console). Another thing: why is my firmware file exactly the same size after injecting payload? Payload is 9KB in my case so shouldn't it increase size of my fw.bin?

I've got a Kingston DataTraveler 111 8GB which has the 2003 chip. (just to confirm it as supported divice)

I backed the original FW up and tried to reflash it to see if it works. I've got this as output:

C:\Users***\Desktop\BadUSB>tools\DriveCom.exe /drive=L /action=SendFirmware /burner="2251-03\Firmware PS2251-03\BN03V104M.BIN" /firmware=fw.bin
Action specified: SendFirmware
Gathering information...
Reported chip type: 2303
Reported chip ID: 98-DE-98-92-72-D7
Reported firmware version: 1.01.53
Mode: Firmware
Switching to boot mode...
Rebooting...
Sending firmware...
Executing...
FATAL: System.InvalidOperationException: DeviceIoControl failed: 0079
bei DriveCom.PhisonDevice._SendCommand(SafeFileHandle handle, Byte[] cmd, Byt
e[] data, Int32 bytesExpected) in c:\Users\Brandon\Documents\GitHub\PS2251-03\Dr
iveCom\DriveCom\PhisonDevice.cs:Zeile 365.
bei DriveCom.PhisonDevice.SendCommand(Byte[] cmd, Byte[] data) in c:\Users\Br
andon\Documents\GitHub\PS2251-03\DriveCom\DriveCom\PhisonDevice.cs:Zeile 314.
bei DriveCom.PhisonDevice.SendCommand(Byte[] cmd) in c:\Users\Brandon\Documen
ts\GitHub\PS2251-03\DriveCom\DriveCom\PhisonDevice.cs:Zeile 304.
bei DriveCom.PhisonDevice.JumpToPRAM() in c:\Users\Brandon\Documents\GitHub\P
S2251-03\DriveCom\DriveCom\PhisonDevice.cs:Zeile 228.
bei DriveCom.Startup._RunFirmware(String fileName) in c:\Users\Brandon\Docume
nts\GitHub\PS2251-03\DriveCom\DriveCom\Startup.cs:Zeile 439.
bei DriveCom.Startup._SendFirmware() in c:\Users\Brandon\Documents\GitHub\PS2
251-03\DriveCom\DriveCom\Startup.cs:Zeile 378.
bei DriveCom.Startup.Main(String[] args) in c:\Users\Brandon\Documents\GitHub
\PS2251-03\DriveCom\DriveCom\Startup.cs:Zeile 114.

Now the drive wont show up in the explorer even with show empty drives enabled.

I tried GetInfo with this output:

C:\Users***\Desktop\BadUSB>tools\DriveCom.exe /drive=L /action=GetInfo
Action specified: GetInfo
Gathering information...
FATAL: System.InvalidOperationException: DeviceIoControl failed: 0006
bei DriveCom.PhisonDevice._SendCommand(SafeFileHandle handle, Byte[] cmd, Byt
e[] data, Int32 bytesExpected) in c:\Users\Brandon\Documents\GitHub\PS2251-03\Dr
iveCom\DriveCom\PhisonDevice.cs:Zeile 365.
bei DriveCom.PhisonDevice.SendCommand(Byte[] cmd, Int32 bytesExpected) in c:
Users\Brandon\Documents\GitHub\PS2251-03\DriveCom\DriveCom\PhisonDevice.cs:Zeile
295.
bei DriveCom.PhisonDevice.RequestVendorInfo() in c:\Users\Brandon\Documents\G
itHub\PS2251-03\DriveCom\DriveCom\PhisonDevice.cs:Zeile 140.
bei DriveCom.PhisonDevice.GetChipType() in c:\Users\Brandon\Documents\GitHub
PS2251-03\DriveCom\DriveCom\PhisonDevice.cs:Zeile 170.
bei DriveCom.Startup._GetInfo() in c:\Users\Brandon\Documents\GitHub\PS2251-0
3\DriveCom\DriveCom\Startup.cs:Zeile 384.
bei DriveCom.Startup.Main(String[] args) in c:\Users\Brandon\Documents\GitHub
\PS2251-03\DriveCom\DriveCom\Startup.cs:Zeile 104.

At least I tried SendFirmware after set the bootmode manualy (at least I hope so ther isn't light that indicate if its in bootmode) and I've got this:

C:\Users***\Desktop\BadUSB>tools\DriveCom.exe /drive=L /action=SendFirmware f
irmware /fw.bin
FATAL: System.IndexOutOfRangeException: Der Index war außerhalb des Arraybereich
s.
bei DriveCom.Startup.Main(String[] args) in c:\Users\Brandon\Documents\GitHub
\PS2251-03\DriveCom\DriveCom\Startup.cs:Zeile 71.

I there any change to revive the drive or is it foerver gone?

Greetings. I have a Patriot 8GB Supersonic Xpress drive, as recommended.

Output of GetInfo is

$ ./DriveCom/DriveCom/obj/Debug/DriveCom.exe /drive=F /action=GetInfo
Action specified: GetInfo
Gathering information...
Reported chip type: 0000
Reported chip ID: 98-D7-94-32-76-56
Reported firmware version: 1.11.10
Mode: Unknown

As I didn't know that the output of reported chip ID should actually be useful, I opened it up to find the controller version, and the top of the chip says

PHISON
PS2251-01-M
RE1219C
3B1YV81421CB

Armed with the knowledge, I got the file marked Firmware PS2251-01 [BN01*.BIN, FW01*.BIN] off the page in useful links.
It does not adhere to the naming conventions mentioned on the Obtaining a Burner Image page.
I then did the SetBootMode, and then tried to dump the firmware.
I compiled DriveCom in visual studio professional 2013.

mark@Sanguine /cygdrive/c/Users/mark/Desktop/usb shenanagans/Psychson-master
$ ./DriveCom/DriveCom/obj/Debug/DriveCom.exe /drive=F /action=SetBootMode
Action specified: SetBootMode

mark@Sanguine /cygdrive/c/Users/mark/Desktop/usb shenanagans/Psychson-master
$ ./DriveCom/DriveCom/obj/Debug/DriveCom.exe /drive=F /action=SendExecutable /burner=../BN01V_UNK1.BIN
Action specified: SendExecutable
FATAL: System.InvalidOperationException: DeviceIoControl failed: 0079
   at DriveCom.PhisonDevice._SendCommand(SafeFileHandle handle, Byte[] cmd, Byte[] data, Int32 bytesExpected) in c:\Users\mark\Desktop\usb shenanagans\Psychson-master\DriveCom\DriveCom\PhisonDevice.cs:line 365
   at DriveCom.PhisonDevice.SendCommand(Byte[] cmd, Int32 bytesExpected) in c:\Users\mark\Desktop\usb shenanagans\Psychson-master\DriveCom\DriveCom\PhisonDevice.cs:line 295
   at DriveCom.PhisonDevice.TransferFile(Byte[] data, Byte header, Byte body) in c:\Users\mark\Desktop\usb shenanagans\Psychson-master\DriveCom\DriveCom\PhisonDevice.cs:line 249
   at DriveCom.PhisonDevice.TransferFile(Byte[] data) in c:\Users\mark\Desktop\usb shenanagans\Psychson-master\DriveCom\DriveCom\PhisonDevice.cs:line 238
   at DriveCom.Startup._ExecuteImage(String fileName) in c:\Users\mark\Desktop\usb shenanagans\Psychson-master\DriveCom\DriveCom\Startup.cs:line 403
   at DriveCom.Startup.Main(String[] args) in c:\Users\mark\Desktop\usb shenanagans\Psychson-master\DriveCom\DriveCom\Startup.cs:line 109

At this point I went looking for more information.
I tried the reset tool mentioned on the wiki, no difference.

Where is CFW.bin?
In Running Demo 1 (HID Payload),you write the command:
copy CFW.bin hid.bin
tools\EmbedPayload.exe inject.bin hid.bin
but where is the CFW.bin? where can I download it? thanks

Good afternoon,

Using a Toshiba 16GB pen drive with the controller information detailed below I'm trying to get the hidden partition demo to work. The method I used was as follows:

*Ensure boot mode is in effect

• DriveCom.exe /drive=E /action=SendExecutable /burner=BN03V104M.bin
  *DriveCom.exe /drive=E /action=GetNumLBAs which returns value 0x1F005C57
  *modify base.c in patch folder to:

//#define FEATURE_CHANGE_PASSWORD

define FEATURE_EXPOSE_HIDDEN_PARTITION

define NUM_LBAS 0x1F005C56 //this needs to be even! (round down)

This is all I've changed in the base.c file. Do I need to switch LBA in elsewhere?

//Get the passed-in LBA
lba = ((unsigned long)(scsi_cdb[2]) << 24) & 0xFF000000;
lba |= ((unsigned long)(scsi_cdb[3]) << 16) & 0xFF0000;
lba |= (scsi_cdb[4] << 8) & 0xFF00;
lba |= scsi_cdb[5];

        //Shift it if necessary
        if (IsHiddenAreaVisible())
        {
            lba += NUM_LBAS / 2;
        }

        //Save it
        scsi_cdb[2] = (lba >> 24) & 0xFF;
        scsi_cdb[3] = (lba >> 16) & 0xFF;
        scsi_cdb[4] = (lba >> 8) & 0xFF;
        scsi_cdb[5] = lba & 0xFF;

        //Let the firmware do its thing <-- like this section ????

Using FW file 2303FW10110.Bin lifted from USB.dev.ru, changed filename to fw.bin I ran build.bat which produced a fw.bin output. When I tried flashing it to the drive I was presented with the following error:

C:\Users\ajones\Documents\Psychson-master\tools>
DriveCom.exe /drive=E /action=SendFirmware /burner=BN03V104M.BIN /firmware=fw.bin
Action specified: SendFirmware
Gathering information...
Reported chip type: 2302
Reported chip ID: 98-3A-A8-92-76-57
Reported firmware version: 1.01.10
Mode: Burner
Rebooting...
Sending firmware...
FATAL: System.InvalidOperationException: Body not accepted
at DriveCom.PhisonDevice.TransferFile(Byte[] data, Byte header, Byte body) in
c:\Users\ajones\Documents\Psychson-master\DriveCom\DriveCom\PhisonDevice.cs:lin
e 282
at DriveCom.Startup._RunFirmware(String fileName) in c:\Users\ajones\Document
s\Psychson-master\DriveCom\DriveCom\Startup.cs:line 427
at DriveCom.Startup._SendFirmware() in c:\Users\ajones\Documents\Psychson-mas
ter\DriveCom\DriveCom\Startup.cs:line 378
at DriveCom.Startup.Main(String[] args) in c:\Users\ajones\Documents\Psychson
-master\DriveCom\DriveCom\Startup.cs:line 114

Any pointers massively appreciated.

Original tests are performed in the Patriot 8GB Supersonic Xpress. It seems that this type of device is hard to get nowadays. In the issue list I can read a lot about Phison 2251-03 powered devices that DO NOT work as expected. Furthermore there are reports - in different postings - about devices that are working on Windows A but not on Windows B x86 / x64and / or device that are working on USB 2.0 but not on USB 3.0 ports or the other way around. My suggestion would be to post successes - IN ONE THREAD - including:

• Device brand + type (if known) + capacity.
• Successfully tested demos (HID / Hidden Partition Patch / Password Patch) including target OS + architecture + USB port revision.
• DriveCom /drive= /action=GetInfo of the device.

If would be really nice if the first poster can also attach a log of all steps followed since we then know for sure that punching in the wrong commands isn't the reason of a failure. Thanks in advance for sharing!

I tried to flash my Silicon Power B30 32GB, with the following steps:

• GetInfo -> confirmed a 2303:
  Reported chip type: 2303
  Reported chip ID:
  Reported firmware version: 1.04.53
  Mode: Firmware
• Dumped the firmware:
  DriveCom.exe /drive=D /action=DumpFirmware /burner=BN03V104M.BIN /firmware=fw.bin
• Built custom firmware:
  Executing build.bat and renaming the fw.bin to cfw, so there is no confusion with the dumped, original FW
• Creating payload (where keys.txt is the helloWorld from rubberduckey)
  java -jar duckencoder.java -i keys.txt -o inject.bin
• Injecting the payload into custom firmware:
  EmbedPayload.exe inject.bin cfw.bin
• Write everything to drive:
  DriveCom.exe /drive=D /action=SendFirmware /burner=BN03V104M.BIN /firmware=cfw.bin

And now the payload works, but the mass storage is just an inaccessible hidden device (that is normal regarding some other issue). So far so good. But when I now try to execute GetInfo, I get the same error messages as #9 . Actually, a little bit different, since I am not even able to query the device for information.

So, my question: Is the flow, I did correct? Since the device seems to be bricked (somehow), I guess I missed some important step while flashing?

If I flash your firmware,can it used as a USB disk any more?
I have a Kingston Digital 8GB 100 G3 USB 3.0 DataTraveler (DT100G3/8GB). In order to as a HID drive,I want to flash your firmware.When it plug in my computer,it will become a USB disk,or just a HID drive?Is USB disk compatible with HID drive?

I can build fw.bin by executing build.bat. However I can also use CFW.bin, which can be obtained from "release" section.

What is the difference between these 2 firmware? Are they the same?

Hi,
I got a problem. I have Patriot 8GB Supersonic Xpress and I modified it with your script.
I used RubberDucky Hello World payload and it work perfectly, but unfortunately, when I connect my USB drive, the payload executes but the drive won't show up in the Windows Explorer.
So I'm trying to restore factory firmware in the drive, but it won't work.
SetBootMode works (I use command DriveCom.exe /drive=D /action=SetBootMode. The drive letter is the one I used when I flashed the firmware for the first time, since now the drive won't show up), the LED on the drive stays on but I still can't flash the factory firmware.
When I try to execute command DriveCom.exe /drive=D /action=SendFirmware /burner=BN03V104M.BIN /firmware=fw.bin (where the burner image is the image downloaded from USBDEV.ru and which I used to flash my drive for the first time, and the firmware file is the file I dumped before I flashed my drive) I get the error:
Action specified: SendFirmware
Gathering information...
FATAL: System.InvalidOperationException: DeviceIoControl failed: 048F
w DriveCom.PhisonDevice._SendCommand(SafeFileHandle handle, Byte[] cmd, Byte[] data, Int32 bytesExpected)
w DriveCom.PhisonDevice.SendCommand(Byte[] cmd, Int32 bytesExpected)
w DriveCom.PhisonDevice.RequestVendorInfo()
w DriveCom.PhisonDevice.GetChipType()
w DriveCom.Startup._GetInfo()
w DriveCom.Startup._SendFirmware()
w DriveCom.Startup.Main(String[] args)

The same error I get when I try to execute commad GetInfo.

Did I do something wrong? The payload works, so I suppose that flashing process went well but I'm concerned about the fact that the drive won't show up in Windows Explorer.

In addition, I tried to flash the custom firmware but I get the same result.

What can I do to get my USB drive work again?

Thanks in advance for your help.

Kind regards from Poland,
yoyebie

I can't even get it start. Build it and when i type in command as DriveCom.exe /drive=E /action=GetInfo
I get "Invalid command: DriveCom.exe

Hi,

I tried sending a new firmware image to a Silicon Power Blaze 16 GB (with a PS2251-03), but apparently I did something wrong as DriveCom threw an error during the "Executing FIles" phase. Now, when I reinsert the USB, the stick does not light up, and neither the file browser nor Disk Management see a disk there. Is there any way to reflash new firmware to the USB and restore it to working order, or should I just write it off as dead?

I do not understand Hidden Partition Patch help.

I see no usb partition = 0mb

I honestly can't figure out how to perform this.
I was able to get DriveCom.exe built, that was easy but the rest is what i'm struggling with.
I own a kingston datatraveler G4 64GB which is "supported" but GetInfo nor ChipEasy could tell me the firmware or chipset present.
I opened it up but phison was not on the chip, i did try looking the chip up in google but did not find any info on it. I've posted a pic of it here: http://www.photo-host.org/image/HGI