Basic Information of Hard Disk Drive (Part III)

Firmware ‘overlay’ code are specific code functions. Why not just put all firmware code into one section? Well, since the RAM in the drive is a limited resource, they’ve put some code into ‘overlay files’, so that this specific code can be swapped into RAM when that specific function is needed. When the function is not needed, it can be swapped out of ram and some other function can be swapped into it again.

The firmware update files from Maxtor (I think the same goes for the other vendors) are not scrambled/encrypted/packed in anyway. In fact, you can find the exact same code in these files also in the ‘*.RPM’ files that PC3K produces for example.

Maxtor distributes their firmware file in a so called “.DMC” file. This DMC file is a package of 4 files, a ‘.Bxx’ file, a ‘.cxx’ file, a ‘.bbr’ file and a ‘.cbr’ file. Like I mentioned, this DMC container is not packed or scrambled in anyway. You can just cut the files out of it. The first 0x150 bytes of this file is the header. This header contains the four filenames, the offsets at which bytes in the package these files can be found, the length of the files and a checksum (not 100% sure about the checksum though). The ‘.bxx’ file is the biggest file and contains the overlay modules. You can find all code overlay modules by looking for ‘MO’ in the file. Right after this 2 byte string, you’ll find the hexadecimal overlay module ID. The ‘.bbr’ file contains the main firmware code. The last 2 files are very small, not sure what they contain, probably some checksums for the firmware and overlay modules.

Like said, the firmware code and overlay modules can also be found in the ‘*.RPM’ files of course, since this represents the firmware code on disk. So, you can look through these RPM files and scan for the ‘MO’ string to find any specific overlay module.

So, in short, if a vendor has released a firmware upload tool (most vendors have), BUT haven’t released a firmware file for your specific drive type, you could create your firmware, if you have the dumped modules (for example, obtained from this site). You could rip the main code and overlay modules and paste them into an existing DMC package. However, since I don’t know the checksum calculation and the meaning of these .cxx and .cbr files (probably checksums), you’d have to do more research, but in theory, it would be possible to create your own firmware files and flash them with such standard Vendor program to disk, so you wouldn’t need to buy an expensive tool like PC3000 (at least not if your sole goal was to upload a new firmware).

Of course, you could also create your own flasher program, instead of using the one supplied by the vendor. However, since vendors use specific versions of the ‘download microcode’ ATA command, you’d have to do research into this.

Furthermore, you could create a program that does EVERYTHING that a tool like PC3000 does. However, like pointed out, you’ll need very detailed information on the vendor specific ATA commands and the structure of the SA for that specific drive type and since this info is not made public by anyone, this means a LOT of work. “But hey, the PC3000 tool features a special hardware PCI card!” Yes, but as you’ll understand by now, you can think of that card as nothing more than a copy protection. They could have perfectly created the tool without it, but I guess they would have sold quite some copies less So you really can’t blame them for it, in fact, I think it’s quite a smart move to stop piracy.