Thread: How To: Removing Memory Hack
View Single Post
  #88 (permalink)  
Old 19th Apr 2010, 3:49 pm
ians1 ians1 is offline
Member
I love my MPx player
  
Join Date: Mar 2010
Posts: 83
Default
Done a little more research and it sounds to me as the hack is in the USB Mass Storage Controller chip in the case of mp3 players and the SDHC interface chip which does much the same job in the SD flash cards that are hacked the same way. The reason why I think this is that to be able to fool DOS/Windows that the maximum available space (before even a partition is made) the fictitious figure MUST come from the Mass Storage Controller as the Flash Chip as manufactured is going to have to have a real figure for the amount of storage to be able to work at all.

The tools detailed on here enable a workaround, ie chkflsh and the mp3 Disk tool along with the H2tst memory test enable a) detection of the real size of Flash chip b) Reformat of the disc and b) Removal of the partition that was set during the hack.

Its interesting that by reformating and repartitioning the units can be set back to the 16GB or whatever they were originally setup as when hacked.

So, to sum up, I think the hack is in 2 parts. Part one is the USB Mass Storage Controller microcontroller program has a fictitious figure blown into it (this seems likely a programmable thing as the same USB controller would be used for many different sizes of flash memory so it would need to be set at manufacturing time but possibly there is a utility (probably originating by the manufacturer of the USB MSD) that can write the desired setting for the flash, eg 2GB 8GB 16GB whatever. Part 2 is the use of such as MP3 Disk Tool to set a partition size that agrees with the reported max size in the USB MSD. The fake is then complete. No matter how much you format it in DOS/Windows it will always be 16GB etc. It reminds me in the old days when Bios settings required you to look at the hard drive and copy the heads/cylinders/sectors etc to the Bios settings and it would then work out what size HD you had. If you set the settings wrong however sometimes it would accept the settings and say you had a much larger hard disc than actually fitted. The problem being when you actually came to read/write data to it!

One of the things I want to try is the old (MSDOS 5.0 onwards) FDISK utility with the /mbr switch to see if re-writing the Master Boot Record on these drives affects this hack or not.

The effects obtained using the HP USB format util are still not explained however. I suspect the operating system on the MP3 player chip is at fault there, it seems to copy its ROM into the flash area at boot time (maybe because it need read/write memory to work and not ROM) I wonder what the size of ROM in the mp3 player ship is? Maybe its 256MB as I suspect because thats approximately the amount of flash memory that seems to be missing.

Any comments/thoughts?

ian
Last edited by ians1; 19th Apr 2010 at 3:53 pm.
Reply With Quote