Hacking a Burner’s Firmware

Following on from yesterday’s post I briefly outlined a problem that I was having with my LG GGW-H20L Super-Multi Blu-ray drive burning to a Shintaro single layer BD-R (Blu-ray disc recordable).

In a nutshell, it seemed that my burner did not know how to handle the Shintaro BD-R discs when it came to burning so I thought I’d have a go at seeing if I could fix this myself after my attempt to upgrade my burner to the latest firmware (being YL07 at the time of writing) didn’t fix the problem

First up, I had to get the media identiciation code of the Shintaro BD-R I was using. I used an application called DVD Identifier to do the job. It’s just a matter of popping in the blank disc, running the application and clicking the Identify button on the BD-R/-RE tab.

DVD Identifier - Shintaro BD-R Results

As we can see, there’s quite a bit of information there including burn speeds supported by the disc, number of layers, capacity and type. However, the details in which I was most interested were the Manufacturer ID (“CMCMAG”) and Media Type ID (“BA5”). We’ll see why later on.

The next step was to extract the firmware from my burner so I could examine its contents. Sounds scary and perhaps rightly so for people who don’t normally poke around in the nether regions of device memory! The utility I used for this is called Flasher (otherwise knows as Devilsclaw’s Flasher). There are versions available for:

  • Linux (32-bit),
  • Mac OS X,
  • Windows (32-bit and 64-bit).

I used the 64-bit Windows version and ran it from an administrative command line to make sure I didn’t run into any problems with being unable to access my burner’s internal memory. I then executed the following commands after navigating to the folder containing the flasher (and note case sensitivity):

  • flasher -D
    • this gives you a list of all optical drives in the computer and their ID numbers.
  • flasher -d x -m main_firmware.bin
    • this contains the Manufacturer ID and Media Type ID data for the drive – replace x in the command with the ID number obtained in the last step corresponding with the drive from which you want to extract firmware.

After a while the utility should have done its job.

Flasher - Extract Burner Firmware

Don’t close the command prompt as you will need it later on.

The next step is to check out the extracted firmware with a hex editor and I used Hex Workshop. Fire it up and open up the main_firmware.bin file that was extracted in the last step. We want to do a text search for the Manufacturer ID (CMCMAG) in the file which you can do as follows:

  • Hit Ctrl + F on the keyboard,
  • On the Criteria tab select Text String from the drop down menu,
  • In the Value box type in “CMCMAG”,
  • Click OK,
  • The first matching value will be highlighted and in its vicinity you should also find something resembling the Media Type ID (something similar to “BA5” that we identified for the Shintaro disc that started this exercise),
  • Hit F3 if you don’t find the exact Media Type ID or something close to it.

In this example, the sixth hit found something of interest:

Hex Workshop - GGW-H20L YL07 Firmware Typo

Eleven characters along from the sixth hit is the text “BB5” which looks like a Media Type ID. This text is odd as the two prior references to the Manufacturer ID of “CMCMAG” had Media Type IDs of “BAx” where x was a number. Potentially, the “BB5” is a typo and was meant to be “BA5” so I am going to try changing it to “BA5” and save the firmware file under a new filename in the same folder like “main_firmware_new.bin”.

So now, we need to flash the firmware to our drive. Needless to say you should bear in mind the following:

  • Updating your burner’s firmware has the potential to really mess up your burner from minor weird behaviour through to complete lack of operation,
  • Uploading unofficial firmware can void your burner’s warranty,
  • Don’t turn off the computer while the firmware is uploading,
  • Updating your burner’s firmware has the potential to really mess up your burner from minor weird behaviour through to complete lack of operation (yes, I’m saying this again).
To upload the firmware, go back to the command prompt window and type in the following command:
  • flasher -d x -f main_firmware_new.bin

Flasher - Upload Updated Burner Firmware

During flashing of the updated firmware, the light on your burner should flash.

However, if the process failed to kick off, then you may need to update the checksum of your modified firmware file by typing the following:

  • flasher –checksum main_firmware_new.bin

You should then be able flash the modified firmware.

After flashing, you may find that the drive may have also ejected the tray and is now unresponsive. Don’t be alarmed, just shut down your computer (i.e. power it off, not just a reboot) and it should come good during the subsequent boot up. The tray should also retract by itself by you can manually retract it yourself at this point by pushing the button on the front of the drive.

Once back up and running, the true test is in burning to our problematic disc. So how did I go?

CDBurnerXP - Successful Burn

Well, my burn actually managed to get out of the starting blocks which made a welcome change and the whole disc managed to burn successfully, In fact, I have now burnt to three of the Shintaro discs without a problem at all – not a bad result!

26 comments

Skip to comment form

    • Merzon on July 9, 2012 at 10:58
    • Reply

    Thanks for the detailed info
    it worked fine on my burner too

    1. No worries and good to hear!

    • manotroll on December 9, 2012 at 22:50
    • Reply

    aqui não esta aindo esta dando falha ao atualizar

    1. Apologies, I had to put your response through Google Translate which gave me:

      “Here is not giving this opening fails to update.”

      I am guessing you edited the firmware and then attempted to flash it then it failed?

    • Dodge on November 7, 2013 at 03:18
    • Reply

    Hello
    I have a problem, my DVD-Rw Optiarc 1D-7561S does not work properly reading DVDs but it still burn Dvds and read CDs, i didn’t found the right firmware update from Hp website or from the Optiarc website, i was looking for a solution how to extract a firmware and to change it and then i find this website and what i need now is to know exactly what prevent my dvd drive to work properl in reading dvds so i can do manualy the update to the firmware but i don’t know how i should proceed.
    Lot of people are posting in several forums about this Optiarc dvd drive problem that have stopped working but no one of them have resolved the problem, they just buy another one so it’s a shame for the HP manifaacturer and the Sony optiarc.

    • Dodge on November 7, 2013 at 03:28
    • Reply

    Can you post the website when we can download all these software ? thanks

    1. All of the software is linked within the article – you just need to click on the links to find the referenced software.

    • Jack on August 1, 2014 at 12:19
    • Reply

    Hello.
    I just bought a large number of Verbatim BD-R X6 of course the burner rejected media. I am not very proficient in cmd prompts, so I misplaced files, but after many tries I finally burned and verified BD-R. Since LG does not post new firmware, I will not buy their products in the future. Thanks for detailed info. JT

    1. Yeah, I was disappointed with the support for the LG Blu-ray burner particularly compared to products from other manufacturers in the past (Lite-On was renowned for its DVD burner firmware updates last decade).

    • Chris on September 25, 2014 at 09:37
    • Reply

    I can confirm this also makes the H20L work with 25GB BD-R from Datastor, which has high ratings on Amazon.
    Didn’t work in the same way and I noticed it is the same media as yours and even the same BA5 error in the firmware.
    Followed your instructions and burns fine.
    thanks a heap!

    1. No worries and glad it worked for you! 🙂

    • devilsclaw on December 31, 2014 at 13:28
    • Reply

    Just letting you know I moved the flasher to https://github.com/devilsclaw/flasher/releases/tag/Current_Release since sourceforge likes to distribute malware with there installer that can be bundled with some projects

    1. Thanks for the update and it is disappointing that Sourceforge has been forcing their installer on everyone.

    • Per Hoffmann Olsen on March 15, 2016 at 00:52
    • Reply

    I have an old cd recorder, a teac rw-h300 hifi component. Inside is a Teac W54E CD-Rom ATAPI computer device.

    Unfortunately the laser is dead and nowhere to be found (Out of Stock)

    Putting another ATAPI drive inside fail as long it’s not a TEAC drive.

    Could I use this guide of yours to out-smart the main board to believe it’s TEAC drive even though it’s like a LG or something else, by changing the device name in the firmware?

    Thanks
    Per

    1. Honestly, I couldn’t say as my adventures only led me as far as getting the Shintaro discs to burn successfully.

      Theoretically, I guess you could try and hack the firmware but it would depend upon what the motherboard is looking for in order to verify that the optical drive it is talking to is in fact a TEAC branded drive.

      If it is as simple as looking for TEAC in an indentification string then that might be simple but it could break future firmware updates if the flashing software relies upon the same strings to verify a drive’s compatibility before making any changes.

      My confidence in hacking the optical drive firmware to do what you want would be low but I’m not an expert in this particular regard.

      Would there be modified firmware for your recorder that would allow the use of other brands of optical drive perhaps?

    • Sebastian on April 26, 2016 at 04:54
    • Reply

    Hi Boyd

    Thank you for the artikel.
    I tried this with my GGW-H20L but flasher gives me an error message every time i change the BB5 to BA5.
    Error message: Failed to Write at 0x001E0000
    Any ide?

    1. You may need to run this command on the adjusted firmware before flashing it:

      flasher --checksum main_firmware_new.bin

      Substitute the name of the bin file for whatever you have called it if different.

    • Patrick on June 20, 2016 at 05:48
    • Reply

    Hi,
    thanks for the great article.
    I got a lg GSA-T40N with JW02 firmware on my amilo Xi2428. This one is deaed because i can´t read DVD anymore.
    I found another same burner but this one has a JP01 firmware.

    Can I put the firmware (by dump) to my actual one ?
    If Yes do I simply need to flash only with main-firmware.bin from jw02 or both (core and main) ?
    Thanks for your help..
    Patrick

    1. Hi Patrick,

      You can try but I’ve not personally done firmware transplant between two different drives before. I don’t see why it would not work if they are identical.

      I would just flash the main firmware unless you have reason to also update the core firmware too.

      However, unless you have a specific reason to update the firmware then there should be no harm in leaving it as it is.

        • Patrick on June 20, 2016 at 20:43
        • Reply

        Hi boyd,

        Thanks for your reply and your suggestions.
        I’ll look if the main firmware JW02 contains more or less definitions of compatible blank medias. I’ll look with Mediacodespeededit to list the medias contained in the JW02 firmware. If the list is the same than for the JP01, there’s effective no need to update the firmware..
        See you..

    • David on February 21, 2019 at 05:05
    • Reply

    YOU ARE AWESOME! Thank you very much. Finally I could burn my BD Verbatim.
    Could you add this reply to Sebastian to the instructions to flashing the firmware? I had the same problem and I was frustrated, but luckily I found that answer. I think that It could be useful.

    1. Done.

    • Sessh on December 31, 2019 at 13:59
    • Reply

    I hope you still read and reply to this old article, Mr. Chan. I have a question for you. I am looking to hack my burner’s firmware to allow it to read GD-ROM discs. Would I go about doing this the same way as you have here or will it be different?

    Second, if someone were to incorrectly hack their firmware and make their burner inoperable, could it be fixed by simply re-flashing the original firmware back into it again?

    Thanks. 🙂

    1. I guess it would be possible but it seems that there are methods to do this with an app, dumping kit, and a compatible drive.

      As for your second question, the best answer I could offer would be “it depends”. Some firmware utilities and drives may enforce a check of version numbers or other methods to prevent flashing back or reflashing the same firmware. If no such checks are in place then reflashing the dumped firmware should work just fine (none of the drives I have owned over the years had these checks but doesn’t mean that others won’t have it).

      Cheers!

    • AppXprt on July 3, 2022 at 20:53
    • Reply

    I’m interested in creating a custom firmware for an experiment, any resources for creating /hacking these types of firmwares?

    1. This is going back ten years for me and my computer hasn’t had an optical drive in it for maybe six years so unfortunately nothing comes to mind aside from what I have covered in the article!

      You would have better luck dumping the firmware of an existing drive and modifying that for your needs but you’d of course need a decompiler to turn the firmware binary back into code (and this is assuming it isn’t encrypted).

      It’s likely going to be very messy – just putting that out there 🙂

Leave a Reply

Your email address will not be published.