Short answer: MS gave it to us

Long Answer: trios and GliGli gave it to us as a result of a stupid move on MS's part.

Logically thinking, AP2.5 was replay-able for a long time - not great but it worked as you had to rip the new AP2.5 data from each dashboard and reburn to disc to satisfy that new dashboard. This worked and unveiled a bit more each time on how AP2.5 checks were preformed. Basically giving out one egg at a time out of MS's huge basket.

Then MS launched an update to make every consoles DAE.BIN file unique and preform different checks... So, of course, if you use GliGli work and decrypt this DAE.BIN from a new dashboard update you can see what its doing.... Maybe just one is all it took, maybe it took 1000, but compare enough of them and you get a complete overview of how AP2.5 is used to generate the C/R checks. Using this overview, its quite possible we can rip every possible sector the 360 disc looked for using that dae.bin file - put it in a table and make any DAE.BIN requests be handled by the DVD drive in reference to the table instead of to the actual disc.

Granted MS can employ new checks, advanced versions of C/R - but it dont get too much more technical than this. C/R was the most advanced verification of pressed media for 5-6 years now.
If they did indeed force a random and completely individual check on each console it will be impossible for the DAE.BIN file to ever generate any new response as the game discs never change... They gave us their basket to pick the eggs we want when we want.
This is why once LT+3.0 is completed, and all the possible C/R is put into a table, MS don't have a leg to stand on unless they start 'keying' the disc or somehow locking it to a system which pisses off the legitimate user and wouldn't work for those titles already released. Granted this is provided they don't find any holes or bugs in C4e code they can exploit to find those using backups.

this is all speculation, but even so Im sure C4e never figured this out to begin with. The xk3y team announced it working 36hr after the new dash was out.. Before C4e even commented on LT+3.0 or how it was going to be handled. xk3y wrote a drive emulator -I'm assuming they know how AP2.5 works even better than C4e does, as they would have literally had to re-write it into their drive emulator.

C4e never said discs won't need to be reburned, and also never stated this is the 'last' CFW for the 360 line of drives. He just said their AP2.5 C/R will be useless, as we basically have the keygen for all AP2.5 combo's.

Hope this is explained in such a fashion it makes sense without getting overly technical. I cannot say 100% certainty this is how it went down but from previous days of replaying information and calculating it using the original hardware/software - this is how it always worked...
Right now everyone who still tests that stuff is only replaying already known commands, it sucks compared to being able to use your hardware to calculate every result and replay the valid one.

your bug has no basis.
Can you explain a bit more? Type of drive, drive format, drive connection, attempted use of drive, logs of failure??

I have no issue at all with FBbuild or xebuild regarding USB HDD usage afterwards.

It don't work too well in my dark room with a 32", the infrared depth-sensing is OK at best. For optimal accuracy you would want a well-lit room.

Last I heard wal-mart has 90 day return time, since no one can mimic your setup why don't you try it and let us know. You don't need a game to calibrate the kinect, or check its responsiveness.

So.. from what I gather..

drill hole like normal. Instead of sticking your resistor or probe in there, use alcohol. it will conduct. just like the flame that geremia shown in his initial release.

The language barrier is bad though, maybe Im missing something on the part pre-cursor to this video which explains how to make the hole safely in the first place. If not theres nothing new here folks. keep moving.

10.83A can be used on a 9.6A board

9.6A shouldn't even be able to plug into a slim that requires 10.83A

Thats the way every other xbox has been designed to prevent blowing up the PSU.

Wire routing is as important as wire selection and length, especially when dealing with high frequency signals. You seem to have a brain, and you are complaining that stupid people are posting stupid fixes, when you know all along how to actually fix it and seem to have the gear to support it...
If you see a stupid fix why are you even amused by it then? The problem is timing. This is a TIMING hack. we don't have perfect timing resolution, the chip is limited on its DAC when it can do its actions, 100nS pulse means we should have much higher resolution as to when to preform that exact pulse - we don't.. For this, we compensate by using hardware methods to perfect the timing on consoles that need it.

For some slim consoles, modifying the RST wire length did allow for the console to boot quicker. I can attest to that with 5 different slim consoles. I used 50CM length of wire and cut off 3CM intervals, after I had shortened the wire 18CM or so, the console started to boot consistently within 1 minute.  Before it would sometimes take 5 minutes to succeed.. Other slim units I left the 50CM wire in and got the identical result. All wires were identical (came with coolrunners) and installed identical routing.
I also had a jasper that glitched once to get CPU key and never again. I applied a 100nF capacitor between RST and GND and it booted within 10 seconds every boot.

Also think of electronics as plumbing. You claim the largest a wire is needed is the size inside the CPU dye... this isn't true and anyone who has done any electronic design knows different. Once you leave that protected casing, you are exposed to a multitude of noises in the air medium which your unprotected pins are part of.. crystal oscillators on the board radiating, high frequency video signal, motor inductions, magnetic fields, power supplies, For this, you have to ensure your signal propagates and isn't taken over by that stronger signal we dont want. Just because the water is coming from a 2CM large pipe don't mean the flow can't be strong enough to fill a 5CM large pipe... Just the 2CM will have a much higher flow rate than the 5CM will.
Generally electronics can output a lot of power right at the pins of the chip... this degrades over wire length through a noisy environment. using a larger trace or wire you can protect the signal to make it to where its going.

Also for wire lengths, the BEST advice I can give you on length not mattering is finding a computer motherboard of ANYTHING using a processor and RAM that has all straight traces... Im sure any mainboard produced in the last 5 years will have odd traces going to its CPU and RAM, they won't be straight to the point.

3 days to figure this out. Thank You!
I tried bridging BOTH without a go (r3 and slim point). JUST the slim point got a falcon going perfect! just a few seconds and its up and going.

Now to program these - I did it, several times. Verified fine.. I know they won't work without a bridge. but will seem to program fine using R2 or R3 bridge. Is one more correct than the other? Im thinking R2 is to program, C5 is for Phat..

as for slims? did they reverse these points so R3 needs to be bridged? anyone successfully do a slim with them yet?

Here is my redone 'phat' schematic. Unsure about the programming. If anyone wants to chime in on what they did please let me know!


Trying to email the team and see what their response is to the above diagram and slim installs.

I used sammy un-lock on an unmodded drive (least I think it was) and it read the flash fine... now that I think more it could have been a modded drive, would make more sense for the software to 'soft' unlock the firmguard rather than somehow simulate a powercycle on the MS28..

Maybe i will restore a sammy drive and try to dump and see if the power modding thing is still needed.. Probably is.. I would guess iXtreme flashed drives don't need the 0800 disc anymore to unlock.

I am pretty sure the drive will still be seen with no firmare, just like BenQ..
as for half erased firmware I am not sure... would think it would be flashable no matter what the firwmare is, just erase a few more times. you want FF72 I think for 'erased' status.. not FF27.

8 sec was an estimate. it was faster than jungle flasher.. but I didn't fully know how to do it. hit unlock then read and bam it works too.

Umm, I think you are all forgetting these are power supplies for your drive, and can't really do much more than supply power... no rediculous reprogramming. if you could unbrick an hitachi over serial, I am sure years ago a device would have came out that would put the chilifix to shame.

The LiteOn has an RS232 interface built into the chip which is accessable through the power connector port by bridging the open lines to the connector. It would appear they use this interface in factory for verification/programming of LiteOns.. else why would it be fully connected...

No other drive has this connection, or any benefit from this connection as the firmware will spit itself back out at on a whim... if it were that easy, it would have already been done my friends. only way liteon is giving you the required drive information is via this little port.

The files are important, and I doubt you will be able to re-generate them. The drive will work in the xbox most likely with false identity/inquiry, but I wouldn't play it on live...

Yeah, if you have reliable hardware the keys come easy. 8 sec in Xtractor softare got me my 3 files. hope new version merges them to dummy.bin though so it works better with jungle flasher..

Use firmware toolbox 4.6 with the 2nd board. I had v4.8 kill 2 drives in a row on me... froze mid flash. 4.6 never killed any... I swapped mainboards and 4.8 works no problems now...

Your flash has wrong checksum and drive board is in 'dead' mode... have to physically pull TSOP and reprogram.
I can help you at a very low cost depending where you are. PM me.

software works great if you know how to use it, and have compatible hardware. Very versitile and no crazy 'dummy proof' features to make the program automated/slow.


Seen my MS28, my 6038 and my LiteOn powered up from in windows. Flashed and mixed and matched between them all with ease. XP didn't even know they were there, program did.
MS28 easy unlock no power cycling needed. LiteOn erased and flashed perfect, still had to use Xtractor software for ease of dumping key/inquiry/identity.. jungle software a bit confusing to get around.

Took me 1 minute to dump MS28 and flash modded firmware to 6038. took 3 min to mod a LiteOn (including bridging RX/TX points). Havn't touched hitachis yet - but thats what FWTB is for.

I just had same thought. no way to restore a LiteOn drive once flashed. Original firmware would be nice, or a patcher to make the modded firmware restore to original in B.27 of jungle flasher/FWTB, which only has liteon spoofing support for older drives...

Maybe we should look to port a version of MythTV to the 360 rather than XBMC?
I mean XBMC is incredible, but its for xbox. Maybe it should stay that way.
Also PVR is becoming quite a hot item these days... would be nice to have a 360 that could record TV and play it back to you using the internal HDD or an external one, and of course a USB capture device.

yes arakon, you should be able to use a serial from a dead 360 in a banned one without trouble.. your basically 'ressurecting' the dead one.
good thing its the kv serial # getting banned and not the actual gamer account.. see how long it is until MS changes that, along with adding extra security to thwart the downgrader process.

Is it currently possible to change data in the KV and reload to the 360? Or do we need to dump the KV from another console and inject it?

I got an hitachi 0059 which appearred to have a shot laser.. so I replaced unit, taking care to install the correct model laser, remove solder bridge, connect ribbon carefully. Re-installed to 360 and found out the diode isn't turning on so its not picking up the discs. Tried 3 new lasers and old laser.. all the same.. powers on, drive moves correctly, laser bobs up and down, but diode/laser eye don't energize so it will not pickup any disc.

Was flashed with 2.1, removed and restored original firmware to the unit thinking 2.1 could be an issue.. no difference. Any help would be appriciated!

err, isn't 100nf the same as 0.1uF?

The caps on the max232 are for chargepumps.. you don't really need to have a specific voltage/rating there. spec sheets have recommendations for operation, but i have used from 0.1uF to 10uF without any problem - long as each cap is the same around the max. If I recall correctly, you are supposed to use 0.1uF with 232A I think, and 1uF with 232, and 10uF with another revision of it.. The max converts TTL to RS232.. so you would have a 5V signal headed back to the 360 from the RS232.. whats a good way to drop that to LVTTL?