PuTTY, ST_MEM, and Arduino

While I still have not made as much headway as I would have liked to, I am slowly inching towards my original goal.

I have made a decent discovery. As I posted earlier when I try to flash the new firmware onto my hard drive with ST_MEM_SDLD, the flashing usually succeeds, but the but the drive refuses to see that APP code, and I am stuck in Level F. I Recently discovered, however that if I switch back and forth between PuTTY and ST_MEM, it works about 90% of the time. At first, I set the speed, and send the initial preparatory flashing command via PuTTY, then disconnect that terminal and switch to ST_MEM for the actual flashing procedure. (PuTTY doesn’t have the necessary code for the SDLD protocol. If I could find some documentation on this protocol, I would try to put it in myself.)

As it stands, the APP Code flashes successfully most of the time, and I am able to get to Level T, but as yet I still have not been able to get the CERT Code to flash correctly. I’m not sure what I am doing wrong. I keep working, though in hopes that someday soon, it’s secrets will be made know to me. We are making progress!

I have also discovered that by using an Arduino in place of my TTY/R233 adapter, I have gotten a more reliable connection. This has resulted in fewer failed flash attempts. (Prior to using this, sending the APP code would freeze half way through, and I would have to start over about 65% 0f the time)

To set up an Arduino to do this, just put a jumper wire from the Reset Pin to GND. Then your computer will detect the Arduino as a COM port. You can then hook up your hard drive to the Tx and Rx pins on the Arduino.



Tagged , , , ,

19 thoughts on “PuTTY, ST_MEM, and Arduino

  1. Ron Derkis says:

    I bought a arduino uno after reading your excelent artical. I was using a NOKIA DKU-5 but there are no win 7 drivers for it. And I think I kept getting a buffer overruns, that crash the system, from it.
    What I don’t understand after reading your post is “Don’t you have to use 3.3 volts on the tx out line?” I understand it is 5 volts the way it is set up.?

    • darthcircuit says:

      When you power on the hard drive, the voltage you need is supplied by the power supply. The Arduino receives the power it needs from the USB port. As long as the Arduino and HDD have a common ground, you should be ok.

      • Ron Derkis says:

        I bow to your experiance. I have never even heard of a Arduino before today but I am a geek. albut a vary old one 🙂

        2. things I do know.
        1. The USB is 5 volts and the uno is putting out 5 volts on tx line.
        2. The HDD drive’s serial port is designed for 3.3 volts. If you say the fault tolerence of the drive’s serial port is way more than half again that 3.3 volts I won’t argue with you. I have my doubts but your experiance trumps my doubts, therefore I will use my uno without any voltage reducing resistors.

        The problem I am having sounds a lot like yours. I can change my HDD physical serial number by poking it into memory. I check the change to make sure it is there by reading the block a second time and verafying the change. But when I reset drive by restarting the computer the changes are gone. I think, I read somwhere that I have to change the crc checksum of the block or else it will just revert back to the original values. But I can’t find the post. Have you heard anything about this?

  2. darthcircuit says:

    Have you been able to get to the Serial Terminal then? From what you posted earlier, you were not able to get a prompt.

    As for your question about Voltages, if you feel more comfortable reducing the voltages, there is quite a bit of documentation on how to do this. I figured that since I was powering the Hard Drive from USB as well as the Arduino, they both were running around 5 volts. From what I understand from my reading, TTL signals run from 2 Volts to VCC (5 Volts) ±10%.

    Even after losing the firmware on my drive, after recovering at least the APP Code and returning to the T> Prompt, by entering # has always enabled me to change the Serial number on the drive. It makes sense what you are saying about the CRC checksums, and I’m wondering if that is why I am not able to change the Firmware Revision, however the serial number seems to be open to change for me at pretty much any time.

    It may be a different command for your drive. I’m sorry, but I have not been able to find much documentation on the model number you gave me.

    If you look in my dropbox, about which I posted a few days ago, you may try the program SeDiv. It requires Windows XP, and you may need to change the date to like 2007 for it to launch, but it helped me get quite a ways in my attempts. There is an option on the main serial window for changing the Serial Number in there.

    • Ron Derkis says:

      Quote “Have you been able to get to the Serial Terminal then? From what you posted earlier, you were not able to get a prompt”

      Yes, with both me dku-5 and my new Arduino uno.

      Quote “As for your question about Voltages, if you feel more comfortable reducing the voltages, there is quite a bit of documentation on how to do this”.

      Comfort has nothing to do with it. I am a geek 🙂 I want the most stable connection possible. I try to eliminate all possible problems when I don’t get the results from a experament I expect. If there is a chance using 5v on a system designed for 3.3 volts will skew the results, I will go with 3.3v. So far I see no indication of any communication problems.

      Quote “by entering # has always enabled me to change the Serial number on the drive. It makes sense what you are saying about the CRC checksums, and I’m wondering if that is why I am not able to change the Firmware Revision, however the serial number seems to be open to change for me at pretty much any time.”

      I am guessing here but since the # (serial number) command is just that, a specific command for a vary specific purpose, I would guess it automatically changes the check sum also. I think the other text you are changing, are poked in one way or another and you are expected to fix the crc yourself.

      A funny thing happened in my quest 🙂
      I bought the drive model on amazon for $32. I was excited about getting it because then I could easily change the serial number “#”. I was surprised to see it was a laptop drive but getting over that I hooked it up to the ardunio. The # only produced a “command not recognized”. 🙂 upon further investigating I find the updated the firmware does not have the # command. So I am back where I started. 🙂

      I sure appreciate your help, THANK YOU!

    • Ron Derkis says:

      I am sure you have thought of this.
      1. If there is a crc check and that is why your changes don’t stick.
      2. And since your serial number change does stick. It probably changes the crc.
      3. then perhaps if you do a comparison of memory before and after the serial number change, you will be able to spot the crc checksum location. And with a little logic, while systematicly, and selectivly changeing the serial number you will understand exactly how the crc works 🙂
      4. Then you can manipulate the checksum so all your changes will stick. 🙂

      • darthcircuit says:

        That’s a pretty good idea! I will have to see if I can find a way of monitoring the changes it makes in the memory….

        BTW, if you purchased the drive I mentioned in my article, it should be a pretty simple trick for you to get this working. Basically all you would need to do is change the serial number and add the hddss.bin to sector 16 of the drive, create the partitions with hddhackr, and try it out.

      • 02191947 says:

        Sounds to good to be true and it is. 🙂
        That’s exactly what I had in mind when I ordered it.
        But the best laid plans of mice and men 🙂
        They updated the firmware and now there are no stuff or # commands. 😦

  3. Ron Derkis says:

    funny thing happened in my quest
    I bought the drive model YOU MENTIONED HERE on amazon for $32.

  4. Ron Derkis says:

    I found my serial number location in physical memory by dumping memory blocks one ar a time and using a capture log. I wrote a small program that would send the dump command to realterm, incromenting the block displayed everytime. Go to bed and when you get up in morning you have most the memory dumped. In other words you could dump the memory and save it to a file change the serial number then reset drive. Redump the memory and compare the two files. The only changes to the memory dump files should be the serial number and crc storage spot. 🙂 (Of course the best laid plans thing again 🙂

    • darthcircuit says:

      I’m curious then, What happens when you hook up the serial console in putty or SeDiv? Do you get any output at all?

      Mine shows up with:

      Buzz HM SFI




      When it gets to that point, I can press Ctrl-Z to get to the T> prompt.

      What happens when you connect yours?

      • Ronald Derkis says:

        I use realterm. Yes, I get the command prompt with ‘^Z’ at 38,400 baud. Then I went to ‘/c’ and give the command ‘Q’ and get a list of available commands. There is no # or stuff commands. If I type ‘#’ , I get unrecognized command. I did not go any further than that because, the reason I got that drive was for the # command. Without the # command I went back to my original drive. So to answer your original question – I should be able to communicate equally well with any decent terminal program. Date: Fri, 11 Jan 2013 23:57:00 +0000 To: rderkis@hotmail.com

  5. darthcircuit says:

    Are you trying to run the # command from Level C (/C)? As far as I’m aware, it will only work from Level T (/T). It probably won’t show up in the list of commands. Honestly, I’m surprised you even got the Q command to work. It always registered as a bad command on my drive.

    • Ron Derkis says:

      The text file of commands I sent you was just a log file sent from the drive.
      Do you see the Q at the top? That was the command that displayed this list of commands.
      At the vary bottom is tht prompt C>. That is the level the Q was isued at.
      If you search the commands you will find this command
      Level C ‘Q’: Rev 0001.0000, Overlay, DisplayAsciiCmdInfo, Q[CmdLevel],[Cmd]

      You explained it vary well when you said how much the commands vary among drives and revisions.

      • darthcircuit says:

        What level are you trying to run the ‘#’ command from though? I understand that running ‘Q’ from level C will give you the list of available ones, but I do not think it is a complete list.

        Do you still get the unknown command error when you try to run ‘#’ from Level T? I’m pretty sure that is a command that Seagate would not just remove.

        If it doesn’t work from level T for you, Try opening the drive in SeDiv and changing the number in there.

    • Ronald Derkis says:

      Here is a capture file from some commands I just tried. If you think some thing is hidden I can write a program that will send all possible ascii characters after the / command, like this ‘/X’ to see if there are hidden levels. I could probably do the same thing for all the commands but I will have to check first if there are any single character commands that would cause damage to drive. I doubt there are any that will cause unexpected results if no arguments are supplied. Of course I will just set up a capture log and put a delay of 60 sec. between commands. Start it and go to bed. But I think I would just be wasting my time because I doubt anything is hidden. Date: Sat, 12 Jan 2013 05:04:52 +0000 To: rderkis@hotmail.com

  6. darthcircuit says:

    I would not recommend that. That would be a pretty sure fire way of bricking your drive. Again, I would suggest trying Sediv. It is in my dropbox. You don’t have to worry about the console commands as much, as there is a button dedicated in it to change the serial number. Also, if you have been trying to attatch logs to your responses, it does not forward them to me. I will contact you by email when I get more time, and you can try sending them that way.

    • Ron Derkis says:

      The change level command ‘/x’ should not hurt anything. At most it will give a error message. (Which would be logged)
      As far as issuing a single character ascii command, your probably right. How ever issuing a command with a ? after it, just explains the commnd. So I would probably be safe sending all posssable commands with a ? mark after each one.
      Yes, I was sending you text log files which I think you will be vary interested in. You can see my experaments using the commands and not endanger bricking YOUR own drive 🙂

      I tried sediv but it can’t manipulate my new firmware. Those programs use the command sets that they have hard coded in their program databases. There is no provision in any of them I tried, for my new firware. I only tried reading with them never sending. (even reading could be dangerous) They send commands just as if you sent them. If they send a command that said “hi” on the old firmware, that same command could mean “format everything” or perhaps “self destruct” on the new firmware.

      If you find the serial number in the physical memory blocks (not buffers), I am guessing the crc will be close. It probabably does the crc thing for every block. And while it could store it in a table somewhere, it probably stores it at the end of every block.

  7. Alejandro says:

    // Enable receiver and tritmsanter, enable RX interrupt UCSR0B |= _BV(RXEN0) | _BV(TXEN0); UCSR0B |= _BV(RXCIE0); UCSR0B &= ~_BV(TXCIE0); ———————————– // Set frame format: No parity check, 8 Data bits, 1 stop bitUCSR0C |= _BV(UCSZ01) | _BV(UCSZ00);———————————–請問一下,為什麼UCSR0B與UCSR0C這樣設定,就有可以致能的功用,可以講解詳細點嗎?謝謝(第一次學)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: