I just had a thought that perhaps a virtual machine would be usefull here. there are a few open source virtual machines like bochs. perhaps these could be made to log the commands the program is sending. i don't have a oscilloscope or anything to sniff sata or pata so i was trying to think of something simple.

i just thought that excert from bunnie site might be relevant.
bunnies site: http://www.xenatera.com/bunnie/proj/anatak/xboxmod.html#copyrights
Sony Computer Entertainment, Inc. v. Connectix Corp.: http://www.gcwf.com/articles/ipu/ipu_sum00_9.html

edit: it seems the sony v. connectix link is no longer valid.

here is an internet archive link. http://web.archive.org/web/20021204022633/http://www.gcwf.com/articles/ipu/ipu_sum00_9.html

what if it is for the purpose of interoperability? would that make a difference. like for example the Toshiba-Samsung drive does not work with windows with version ms25 that comes with the drive in the 360 while the version ms07 which is posted works with windows and other operating systems.

This information is from the mediatek site for the MT1328 DVD Controller (http://www.mtk.com.tw/product-lines.htm)
This isn't the MT1359 in our 360 dvd-rom but i am going to assume some of this might be true for it

So to calculate the baud
TH1 = Oscillator speed / Clocks per Oscillator Cycle / 32 / Desired Baud Rate
before i was using 12 clock per machine cycle

TH1 = 40000000 / 4 / 32 / 9600
or
TH1 = 25000000 / 4 / 32 / 9600

I am having trouble geting output with these settings though. I am a little confused. I don't normally use asm. i hope i didn't burn out its serial port because the last few flashes i have tried didn't receive anything from the serial port. That could just be due to the me using incorrect setting or a bug in my code.

here is a interesting pdf with max232 wiring and help testing out the serial port
http://www.8052.com/users/jonled/RS232gd.pdf

no its not the same. I could tell you what flash it is and what package it is but i think its time you learn to read and search. most of the questions you ask can be answered if you took the time to look. it is the teach a man to fish or give a man a fish thing. search and then ask if the information isn't already here then you might get a fish. i perfer tuna

I would like to add that software backup/flashing of the hitachi is possible and the samsung software backup/flashing isn't far off in my opinion.

yea you can do that if you want. i don't understand the point of the post though. do you expect someone to post a guide for you or something? i just used a plcc socket on my orginal board. that way i can pop in and out the flash at will sure. i still have to take it apart but it is far simpler then soldering wires to every pin.

yes my point was that you said
it is the second part with the "but" and about needing a way to get the key without desoldering. that is exactly what the method he is describing is doing so what exactly were you talking about trying if you would still need a way to dump the key. it gives the perception of you trying something else other then dumping your firmware.'

see now?

I know he was looking for confirmation.

what he is describing will backup your firmware on your sammy. your key is located in your firmware.

What were you going to try?

I have had some success outputing data to the serial port. I have been modifying robinsod code to output the Security Sector. I am geting output over the port but i am having a problem configuring the correct baud rate.

i have been reading http://www.8052.com/tutser.phtml

I need the clock frequency of that the core runs at to accurately set the correct baud. I have experimented with various setting without much success in figuring this one out.

so anyone know the clock frequency? i know the ram is 100mhz but i don't think that is waht the core runs at

first off i would use the backup option of mtkflash to store a backup copy of your orginal firmware and key. ms07 will not work with games in your 360 even if you write your key to it.

what is your goal?
in the future there might be a hacked firmware release. so using the method of hot swaping with another drive would be usefull for backing up your firmware to get your key and then you could patch the hacked firmware with your key and use the same method to flash it back.

I think the service they are providing society should be the trumping priority over making money. like a company that puts more polution in the air rather paying for a more costly cleaner solution. I think MS is becoming more responsible by spending the amount they do on security research and trying to improve it. This only happened after a huge amount of worms and viruses that targeted their os though. Like poluting puting out software that is insecure causes problems for society as a whole. So no i don't think companies primary concern should be money but rather the well being of society. Companies externalize problems they cause all the time and its the people who end up having to pay the cost. I realize it is a bit of unfair comparison because the complexity of the software it would be difficult to isolate all the flaws but i don't think they really tried all that hard. If you look at some of the default services that shiped automaticly turned on a orginal windows xp you can see what i mean. Also when MS dominates a market their development or new interesting features becomes stagnent. It is only when they are forced to compete that anything interesting comes out of the company.

If they restrict what one can do with hardware one bought from them then its a motivation for a hacker to open up the hardware for other uses. i think this is many times the goal of hackers using the hardware for a purpose it wasn' intended for or was restricted from doing by the manufactor.

I am looking forward to how the PS3 implements their system

ok sorry.put a on your face

yea when running ms07 your drive will be detected by windows no problem.

I am a very cynical about corporations. I think MS primary interests are money and market share.

I think the reasons they are embracing these hackers are the perception and reality of their Windows product being insecure.

They will have a 2 teir solution. Public Relations and Actually fixing their security holes. to do the second they need these hackers.

what scares me if they will develop promote some secure platform that is incapable of running other operating systems or even your own code. The 360 security model being the base for such a platform. This would be promoted as "TOTALLY SECURE" and it would have a market. The future just scares me because they don't like to play fair with competitors so just what tactics will they use to get what they want.

did you not understand? we are using a different firmware. the ms07. there is a link in the first post of this thread.

no offense but why don't you actually read the thread and then post because you obviously didn't read. perhaps you skimed but thats it.

ok i see now. i had a second Lite-On DVD writer hooked up which mtkflash also recognized.

Great Work Germania. I just tested flashing ms07 to ms25 with mtkflash 183c. worked great. i don't have 2 TS-H943As to test out your method right now.

maybe we coudl try to patch the mtkflash to detect the drive correctly or to have it just issue the commands blindly to the sata port we specify.

Glad to see the ms07 firmware was of some use to someone.

Thanks for the information Geremia.

I was also able to successfully backup the ms07 with mtkflash 1.83c using the /SATA command.

while the drive was running ms07 i flashed my orginal ms25 with my key to the drive using the mtkflash 1.83c. It worked fine but after the update then mtkflash no longer worked with the drive.

So if anyone who ordered a Toshiba-Samsung replacement drive could upgrade back to ms25 with their orginal key without having to desolder the flash. If you just have your key then you can patch the TS-H943a ms25 bin image with your key and then flash this back to the drive and have it work with your 360.

great work Germania.

Now perhaps we could patch the application to recognize the drive running ms25 somehow.

that is what i mean by protected. not a viable attack vector

i am not sure about this but i beleive that the xex would be read into memory and then it signature verified and run directly from ram. i think your thinking is that it would read it once to verify it signature and then read it again for execution. i dont' think this is the way it happens. so you would have to have something to patch ram which still wouldn't work because of hyervisor, ram checksums or encrypted ram. i have heard all these tossed around. i don't think anyone knows the full technical details about these implementations but people all seems to know the ram is protected.

he is refering to this thread.
http://www.xboxhacker.net/index.php?option=com_smf&Itemid=33&topic=659.0

Tiros mentions a command. i haven't had a chance to test it myself because of lack of linux box with sata controller.