Hello All,
I just have made a tutorial for extraction and spoofing a liteon.
You can find it here :
http://gueux-forum.net/index.php?showtopic=195833&hl=But sorry, it's in french for the moment. If you're interested by it, I could translate it when I have little time.
For the moment, I finalize the update of my software 360 Drive Switcher, in order to spoof automaticly a replacement dvd drive.
See you soon
here you go in english
Hello with all,
The goal of this tuto is to recapitulate the whole of the material and handling necessary for the extraction of clée and the line of identification of the lite one.
With that, that will enable you to still replace this reader inflashable to date, by a hitachi/samsung/benq that one can flasher.
Gone it left.
I. Summary of the material and software necessary.
To do that you will need:
Software dvdKey by Geremia: To download here
Of a cable RS232 based on a chip MAX3232 for a conversion TTL: To buy here
Of a decimal editor hexa: A freeware to be downloaded here
Optional:
A connectivity kit v2: To buy here
My software 360 Drive Switcher v1.1.1256.0: To download here
II. Preparation of the material.
A. Preparation of the reader
The software dvdkey allows the extraction of clée the dvd and the line of identification. And this is possible on the benqs as on the lite one. With the only difference that for the lite one that requires a little bit of welding on the reader.
If you have a reader benq pass directly at the stage B
Open your reader lite one, and look at the PCB of this one on the level of the connector of food. There are two small tracks to remake so that the bond Tx, X-ray of the electric cable is connected to the chipset him even. (Not need to touch with epoxy).
Taille de l'image r�duite: 78% de la taille originale [ 653 x 571 ]
Thus made two small points of welding indicated by the arrow “Reconnect both to balance points”. Do not pay attention to the other indications.
You can close again your reader. Useless to demolish these points at the end of the tuto, the reader can remain like that.
B1. Preparation of the connectivity Kit v2 [Optional]
This stage is optional, but advised because with the weldings on the lite one allows you not to still touch. And that makes it possible to use the connectivity kit several times for the same manipulation. If you do not have any, return at the B2 stage.
Here, it is necessary for us to connect the exits of cable RS232 to the connectivity kit. There are 4 cables to weld.
Your cable RS232 must respect the following diagram:
Taille de l'image r�duite: 96% de la taille originale [ 533 x 626 ]
More concretely, it resembles that:
We thus will connect the exit points: Tx, X-ray, Gnd, and V+
Connect the points as follows:
Cable RS232 --------------> Connectivity Kit
Gnd ===================> 1
V+ ====================> 10
Taille de l'image r�duite: 50% de la taille originale [ 1024 x 768 ]
You will note that basic, the connectivity kit does not embark the connectors for points Tx and X-ray. They should be even taken on the cable him:
Taille de l'image r�duite: 50% de la taille originale [ 1024 x 768 ]
I have thus to add two new cables to the connector industry on which I connect well the exits of cable RS232:
Cable RS232 --------------> Connectivity Kit
Tx ====================> 6
X-ray ====================> 12
Taille de l'image r�duite: 50% de la taille originale [ 1024 x 768 ]
With final should obtain this to you:
I will add here a photograph of Connectivity Kit Welded with cable RS232
B2. Preparation of the reader stage 2 [Only if you do not have a connectivity kit]
If you do not have a connectivity kit v2, you can weld wire of cable RS232 directly onto the reader.
While basing itself on these two photographs:
Taille de l'image r�duite: 78% de la taille originale [ 653 x 571 ]
Weld the points like that:
Cable RS232 --------------> Reader dvd
Tx ====================> TxD
X-ray ====================> RxD
Gnd ===================> Gnd
V+ ====================> 3.3v
With final should obtain this to you:
I will add a photograph of Lite here one with welded cable RS232
C. Preparation of the connections
One is there, now one will prepare the connections.
1. Extinguish your PC.
2. Connect your lite one with the connectivity Kit (Only food/Pas of connected cable RS232/Pas of cable SATA Branché)
3. Light the PC, and light the connectivity Kit. Use the Eject button to open your reader, once opened, again use the button to close the reader, but just cut the connectivity kit (or the food of the reader) before the drawer is completely closed, and extinguish the PC.
4. Close again with the hand (Without forcing too much) the drawer of your lite one but that with half.
/! \ Attention/! \ stages 3 and 4 are very important, because it is necessary that the reader is open but in closed statute. In other term, it must be physically with half opened, but the last known statute of the reader must be closed. It must be believed closed. Thus respect well stage 3, while cutting off the supply only when the drawer is spirit to close itself.
An alternative also consists with, closed reader, use a trombone to manually free the drawer of the reader to open it with half.
5. Connect cable RS232 in Port COM1 of your mother chart. Always leave disconnected cable SATA.
Appointment at the following stage
III. Dump of Clée and the line of identification.
With this stage there, should have to you:
- Cable RS232 (connected to your connectivity kit) connected on port COM1 of your PC
- The reader lite one with his drawer with half opened, and food connected on the connectivity kit.
- Disconnected cable SATA.
1. Light your PC, and bootez on DOS.
2. Once under DOS, connect the SATA of your reader lite one to a port SATA of your mother chart, or chart VIA 6421.
3. Light the connectivity kit in order to feed your reader lite one.
4. Under back Type “dvdkey xxxx” where xxxx must be the address of your port SATA. If you do not know it, launch dosflash in Auto mode to find it (You refer to the tutos on the benq for this manipulation). Here in the example the port is the EFE0.
After a 20aines of seconds, should obtain this to you:
Taille de l'image r�duite: 42% de la taille originale [ 1200 x 1600 ]
Well preciously preserve the files generated namely:
Key.bin
Inquiry.bin
Identify.bin
These files will be then used to prepare a reader of replacement.
You can all extinguish and all to disconnect. The dump of clée and the line of identification is finished.
IV. The spoof of another reader [manual Method].
Now, that we have all the infos lite one, we will see how to prepare a reader of replacement.
A.Hack of the firmware and injection of clée
To start, Apply the ixtreme patch to your firmware (Attention this one must be of origin). The method differs according to the reader, defer to the tutos corresponding.
Then open your firmware of the reader of replacement in fwtoolbox v4.6, and open in the hexadecimal editor the Key.bin file of your lite one.
Repair your clée in the hacké firmware of your reader of replacement.
Taille de l'image r�duite: 82% de la taille originale [ 622 x 725 ]
Click on “Replaces the key” and close the two windows.
B. Spoof of the firmware in lite one
This stage is the same one some is the firmware of the reader of replacement. Hitachi/Samsung/Benq
Open your firmware of the reader of replacement in the hexadecimal editor.
Also open the Inquery.bin file of your lite one.
You should obtain this:
Taille de l'image r�duite: 72% de la taille originale [ 707 x 733 ]
Maintain the mitre of the firmware of the reader of active replacement, then select the option of research (Find) in small Search, then select Hex Values in the drop-down list. Type then the following value: 000005800032
Taille de l'image r�duite: 72% de la taille originale [ 705 x 730 ]
Research should lead you to the place of the firmware where is to store the line of identification. In the Inquery.bin mitre, select the whole of the data (6 lines), and made a CTRL+C.
Taille de l'image r�duite: 72% de la taille originale [ 705 x 730 ]
Place being maintained on the mitre of the firmware of the reader of replacement, on the level from the “05 80”, and select the option of small “Paste Write”.
Taille de l'image r�duite: 72% de la taille originale [ 708 x 733 ]
With final should obtain this to you:
Taille de l'image r�duite: 72% de la taille originale [ 705 x 729 ]
It any more but does not remain you to save your firmware and flasher your reader of replacement with this one, in a usual way. Thank you to defer you to the tutos corresponding.
V. the spoof of another reader [Method car].
With the last update of my software, all does without the world most simply.
Launch the software, then click on “Traversing” to choose the firmware source, and select the file INQUERY.BIN which you dumpé previously your lite one:
Taille de l'image r�duite: 52% de la taille originale [ 967 x 747 ]
If file KEY.BIN is placed in the same file as file INQUERY.BIN that you have just selected, this one takes care all alone, if not the application invites you to select it.
Select then the firmware of destination. Here it is about a firmware of Samsung MS25, should obtain this to you:
Taille de l'image r�duite: 96% de la taille originale [ 533 x 467 ]
It any more but does not remain you to click on Generate the firmware. Choose the site of destination of your new firmware and validate.
Taille de l'image r�duite: 95% de la taille originale [ 535 x 469 ]
It does not remain you any more but with flasher your new reader with this firmware.
Thanks: Geremia, C4eva, Tiros, Schtrom, TMF, Redline99. XboxHacker.net for initial information.
