You will need to boot slax, yes.

It appears that mediatek has filed patents regarding new securities for console drives.

Please review http://www.xbins.org/iriez/mediatekpatent.pdf for more information.

c4e: someone will need to dump the memory bus on the drive, maybe a d0-d7 on the mediatek chip to get the fw
c4e: then u should be able to trigger an erase to write the fw
c4e: but they have implemented a hardware checksum back to host when host requests
c4e: so should be doable if we first get a dump

So, looks like MS has done a little backend work on getting mediatek to make some security advancements on this one!

Not only that, but how was he getting 1.2 to work on his benq? Did he install a switch? If you want to know your correct port verify it as the first 4 digits/letters displayed in iprep/xtreme boot maker, or the first 4 digits/letters in the first I/O range in device manager properties of the sata controller

The port you listed doesnt sound correct, but if its 40CT its..

dosflash r 40CT 1 a0 1 4 A:\orig.bin

Since someone posted our #fw topic in here, I figure i would clarify before everyone gets their hopes up. So far, the dosflash beta is only functional for dumping benq drives with a nforce chipset. Attempts with via, ich and others have otherwise failed.

More to come after this weekend!

Such methods were tried and tested long ago.

TM - Very very nice! commodore4eva has had ixtreme done on benq for a little while now, I think he was just waiting on obtaining a actual drive to test on. This is fantastic news.

Anyone is free to PM me at any time with the requested images and I will be happy to host them on xbins.

I am very eager to get a hardware list to build this mod after it is refined.

I do however have a 'stupid question' for this 'stupid question' thread

arnezami quoted that this attack will only be essential in downgrading your kernel. However, isnt the entire point of this attack to gain the single thing that we have never gained before....the cpu key? And with this inital key (to my understanding, it is the first key in a line of encryption(s) ), can we not resign the essential parts of the HV, or anything else, with a modified bootloader? Perhaps modified serial stub? Or is it the fact that we are just guessing the HASH and not the key that stops this? I would figure once we guess the correct hash that we could brute force the hash to eventually get the un-encrypted key. (or is it some ridiculous 2048bit RSA key?)

I dont know why, but i always presumed that *this* was the open door into our fully-hackable 360.

I believe everyone already got a warning about bringing their trash talk to a different forum. Incase you didnt realize, this thread is not "uberfry and garyopa jacked me" ....its a Hitachi v79 thread. Stop trashing this forum.

You do realize how easy it is to remove a warranty seal without voiding it right? Any hairdryer and 2 minutes will do the trick. Your 'proof' is not so much proof as it is ignorance to the scheme's out there.

I will paypal you 5 dollars if you post a screenshot of your console, that says its banned, while holding up a note that says "I love spain".

Because i really dont believe you You have 2 hours to complete this task for your reward. Without compliance, you obviously are a fraud .

I find this strange, because there are hundreds of people testing this theory right now, just playing originals, market place content, etc, while on 5.3 and they are not banned.

No offense, we just dont know you, but we know the people testing without problems so far. There is also no evidence to suggest MS is able to detect the fw at this point.

I also imagine by the name of your nickname, that there is a high probability of trolling. Why is your manfacture date so old if this was a brand new console? Im having issues finding samsungs at any of my retailers now.

Yes, im also still not banned, but thats because i only ever play *one* backup, which is stealth. I've played table tennis (which is not stealth) offline, and no ban yet.

Just wanted to say a big thanks to all contributors. We've been thinking over the past few days that it is definitly ss/dmi/pfi/timings related, but had no proof yet ....so big kudos to FuzzyLogic *beer*

There is someone on this thread that stated he has never played a backup, due to his laser being a POS on his hitachi, and only originals, and he is banned.

Well, theoretically its very possible to unban. However, we need a core hack first that is useable on a current dashboard. Changing the serial number should be pretty easy once we have full access to the console, like the HV exploit for older consoles. That would unban the console. Keep in mind its not REALLY unbanning it, its just making it look like a different console to MS.

I would like to see some references for this one guys.

Well, if the new update does give the dash the ability to dump and crc the eeprom of the drive, then the instant the update is applied then the box is flagged. Im sure this flag is sent into a database, and perhaps MS is banning using random algorithm.

Also, i am VERY curious if anyone with a NME360 is having issues. If the dash is indeed now dumping the drive's eeprom and doing crc checks, then NME360 should avoid this update's 'security'.

The change is not what will get you banned. We've been speaking to someone who claim's to have some technical insight into the update. His claim's are that the new update gives the dash the ability to dump the eeprom to do crc checks on area's. He said that the instant the update was ran, it was checked and flagged if data was altered. One of the main reasons I believe him is because he mentioned the fact that the 360 now takes about 3 seconds longer to boot. This would definitly be a result of dumping the eeprom and checking. MS will now start rolling 'waves' of bans over the next few weeks, and not all at once. I think they do this for their support staff, publicity, and image.

So, likely, the console was flagged already, and changing wont do anything at this point. All of the heads are togeather on this one, and we should know more about the routines being passed between the drive and the console in the next two days.

Thats exactly what happened to my friend. It does not give him any errors now, it simply will not let him sign into live. He has no indication he's banned until he goes to the test network settings, and then it gives a error in the corner. Funny, because he did the same combo, GOW to crackdown....ban.

MS28
5.3c no spoof
Not banned
Call of duty 3 (and halo 3 last night)
Not a refurb, and ritek media.

GoodLuck to ya, but I'll believe it when im dumping my v79.