Help to dump original firmware for Lite-on

[HOMiE7]

Ok then. If c4e wouldn't give us original firmware for Lite-on then we try to dump it like he does.
What we need? We need to take of drive's controller from pcb and "undress" it, but which programmator we need to dump spi flash?

P.S. Please do not close this topic.

[.ISO]

It's a very, VERY complicated process, and the only way to get access to the firmware is to decap the controller with acid, and then wire up those hair thin wires connected to the silicon die to your programmer. It's a lot more different than dumping previous drives. Good luck.

[HOMiE7]

Can you tell me more about flash type and programmer that support this flash?

[.ISO]

The embedded flash is a Macronix EEPROM (forgot what model, i'll check later)
And as for the programmer, any should work as long as it supports the eeprom model that is used in the liteon drive, which is the one I was talking about above ^
The procedure? Don't even ask.

[HOMiE7]

As JungleFlasher says there are two different types of flash in Lite-on drives.

First is:
Manufacturer ID: 0xEF
Device ID: 0x11
Flash Name:  Winbond/NEX(W25P20/NX25P20)
Flash Size:  262144 bytes

W25P20 Datasheet
NX25P20 Datasheet

And second is:
Manufacturer ID: 0xC2
Device ID: 0x11
Flash Name:  MXIC(MX25L2005)   -   it seems this is a Macronix EEPROM that you are talking about
Flash Size:  262144 bytes

MX25L2005 Datasheet

Perhaps there is a third type of embedded flash but I found only these two.

---

Next question is about function of wires:

How we can determine which wire is responsible for what?
All possible combinations - 8 factorial i.e. 8!=8*7*6*5*4*3*2*1=40320 - it is pretty much...

[xboxtech]

Did anyone ever read these yet looking on the net I havent found any tuts on the removal of the epoxy,, that picture you have is that removed from the lite on?

[HOMiE7]

Did anyone ever read these yet looking on the net I havent found any tuts on the removal of the epoxy,, that picture you have is that removed from the lite on?

We try to make it like c4eva makes. I haven't found tutorials too, but they are not needed. Steps of actions are obvious I think, but advices of knowledgeable people would be very useful to us.

[.ISO]

@Xboxtech: Use epoxy removal chemical, or our favorite way: heatgun

@HOMiE7
Good luck finding a tutorial, i'll give you $100 if you can.
By the way, did you really decap the chip and plan to do this?

[caster420]

All possible combinations - 8 factorial i.e. 8!=8*7*6*5*4*3*2*1=40320 - it is pretty much...

Think outside the box...  You know that these leads go to and tie into a leg of the controller.  Trace that out and figure out that the potential pinouts are.  This is the easy part.  The hard part is decapping.

Caster.

[.ISO]

Wait wait, Is that picture from C4E, or did he already decap the chip himself?
Also, keep in mind that the flash wires do NOT go on any of the pins

[caster420]

That is the original decap by Team Jungle.

[Intersect]

I thought there was drive specific info other than the key in the firmware that was part of the reason original firmware hasn't been released?

[.ISO]

The main reason was due to copyright protections

[HOMiE7]

We have collected all the basic information (I think so). Now we waiting for the new unflashed Lite-on drive... Thank you guys for your help!

@Xboxtech: Use epoxy removal chemical, or our favorite way: heatgun

@HOMiE7
Good luck finding a tutorial, i'll give you $100 if you can.
By the way, did you really decap the chip and plan to do this?

To be honest, we have not even looked, 'cause we realize that it isn't exists.
When we reach the new unflashed Lite-on drive we'll try to make it.

All possible combinations - 8 factorial i.e. 8!=8*7*6*5*4*3*2*1=40320 - it is pretty much...

Think outside the box...  You know that these leads go to and tie into a leg of the controller.  Trace that out and figure out that the potential pinouts are.  This is the easy part.  The hard part is decapping.

Caster.

Thank you for your answer. We will try.
Also, could you help us to decrypt firmware or key in it at least? I think you can, because your Firmtool 1.3 can work with crypted iXtreme for Lite-on drive...

I thought there was drive specific info other than the key in the firmware that was part of the reason original firmware hasn't been released?

С4E did not give any comments about this, so we can only suspect the reason of keeping original firmware in the team hands...

[idog]

While you're at it, dump the 83850c as well ?

[HOMiE7]

We have all the consoles manufactured in August 2008 in our city. It isn't even Jaspers - it's f***ing Falcons!

[itsfakemon]

All possible combinations - 8 factorial i.e. 8!=8*7*6*5*4*3*2*1=40320 - it is pretty much...

Think outside the box...  You know that these leads go to and tie into a leg of the controller.  Trace that out and figure out that the potential pinouts are.  This is the easy part.  The hard part is decapping.

Caster.

don't forget about the encryption
if you have access to a lab (or really just a titration apparatus) and HNO3, you can decap it easily
the hard part is connecting the bonding wires to real wires
once you have bonded the wires, you can easily find out which is the GND (because of the many GND pads it's connected to) and maybe even find out where VCC is - identifying should be easier from there
but why even bother? what are you going to accomplish? find another sploit?

don't mind me, you go girl!

[HOMiE7]

don't forget about the encryption
if you have access to a lab (or really just a titration apparatus) and HNO3, you can decap it easily
the hard part is connecting the bonding wires to real wires
once you have bonded the wires, you can easily find out which is the GND (because of the many GND pads it's connected to) and maybe even find out where VCC is - identifying should be easier from there

Thanks for the advice!

but why even bother? what are you going to accomplish? find another sploit?

We want to get the original firmware to be able to return drives into stock mode...

don't mind me, you go girl!

Errr, what does this mean?

[.ISO]

To be honest, we have not even looked, 'cause we realize that it isn't exists.

To be honest, just because people think the internet have everything, here is a spoiler. It doesn't.
And what do you mean "we"? You should be only addressing to yourself.

We want to get the original firmware to be able to return drives into stock mode...

No one really cares about it tbh

Honestly, what exactly are you trying to accomplish my dumping the firmware again, it's not going to be a big attraction, and chip decapitation is beyond what most of the users on this forum can accomplish.

[HOMiE7]

And what do you mean "we"? You should be only addressing to yourself.

We = I + my friends from service...