Liteon secrets? I'll share something with you

[thuanz]

just use jungleflasher mate.. mtkflash works fine.

[joe90]

When you release hacks to the public they get PATCHED. When they get PATCHED.....WE ALL LOSE. The "scene" Loses.

before Geremia posted here in italy someone was selling modified 93850.....why you talk about Geremia ruins the scene and not about that people?
please answer to this simple question? or you think that "is not public" so M$ don't understand that someone hacked the drive? LOL

How does selling a modified drive disclose the method?

Logic people. use it.

And that 'person' doing it was one of the people responsible for the hacks in the first place. If anyone has a right to modify systems its probably him.

1) If you sell (just to make money) a drive, then MS just need to buy one, and work out what you did, it will not take them long.
2) Just answer this question, are you in this for the money or the love?
3) Its a game of cat and mouse, if you sell drives that ms cannot get (somehow) or work out what you did, then the game is over.. real hackers love  the cat and mouse games, not making money, or playing 'backups'
4) Do you think that if you (solely?) start selling modified drives, that the method is never going to leak out in the end? It what always happens look at the history of hacking every console. Its the same every single time.
5) Explain to me how c4e has made truck loads of cash.. to 99.99% of people that hack the drives it costs 0% People who offer services do not have a business model that requires them to pay c4e a sum everytime they use the fw or jf? Or am i mistaken?
6) Do you get you are sounding a bit money grabbing and whiney?

Cheers

[DizzyThermal]

Hey guys, I have a Lite-ON 83850c v2 and have already done all the soldering and have set up a switch with a 22 Ohm resistor..  I can get DosFlash to work and run with a 72 status, but the read either hangs at Bank 0 or Bank 1..

Somethings wrong..

My setup:  VIA VT6421 RAID Controller [installed/uninstalled]
Windows 7 Ultimate 64-bit
DosFlash64 (portio64.sys)
Xecuter CK3 Pro Powering the Drive

Any other information I'm happy to help..

Thanks in advance guys
==========================================

Alright anything I try I'll post back for my progress..

I've tried Standard (Xecuter CK3 Pro) - Reading Bank 0..Reading Bank 1 [HANG]
I've tried Mode B (Xecuter CK3 Pro) - Reading Bank 0 [HANG]
I've tried Xbox for power source - Reading Bank 0 [HANG]

This is all of course using MRA's Method
===========================================

I got a dump!  "Reading finished! DataSum: E98D"

What I did:
After switching to position 2, I waited 8 seconds (figuring the drive had to refresh) and I got a dump..

Now.... How are you suppose to validate this dump?
===========================================

I dumped it 4 times in a row and got the same DataSum each time..  Using HexCmp I hex compared each one and got no differences..

Now, the tricky part I guess, finding the key, and importing that key into an iXtreme 1.6 83850c firmware, right?

[JoelB]

Wow this post has turned sh*t cheers irez. Who cares if microsoft patches the hack then people will have to work out how to hack that patch then. If m$ didnt patch the hack then there would be no more hacking. Isnt working out how to hack the patches the best part of hacking.

[stacker69]

Well, Geremia told the public HOW we disable the sensor. He released the method.

Now that the method is 'out in the public' the maker of the car/sensor can now FIX this lack of security in the sensor and can make the car NOT go over 120 (prevent us from dumping the drive).

Hi Iriez, first of all I'm not going on anyone's side. I can see where you're coming from. But please let me try and understand what's going on. So what you mean was Geremia should have just released the firmware instead of how to get the firmware? Kindly excuse me Iriez I don't know anything about hacking. I'm just here because this is very interesting to me.

[Radament]

Could the dramawhores finally shut the hell up?
Seriously, this thread needs some heavy moderation.

Who cares about your blabbering, its public now, most people are happy, some aren't. Cool story.

[CellToolz]

I dumped it 4 times in a row and got the same DataSum each time..  Using HexCmp I hex compared each one and got no differences..

Now, the tricky part I guess, finding the key, and importing that key into an iXtreme 1.6 83850c firmware, right?

If i remember right (it's kinda hard to sift through all the BS in here) i believe that you just need to open the firmware in JF as target and it reads out the key (not sure if its the proper key though)....  Here's a quote from earlier in the thread.

Hi man, i'll share something too... I dumped my 83850 with MRA method ... Work like a charm ...

JF opens the original firmware in Destination Firmware and I can clearly see the key ^_^

We can mod all liteon drive now.

Cheers to Microsoft, Liteon and MT ^_^

Wow, that was quick. Off course, I didn´t think that getting the key was sooooo simple. Just tried it myself, loading the OFW as Destination(!) FW works, and we can see the key! Thanks mate for that brilliant idea

Just passing on some (hopefully) useful info...

-Cell

[aichunyu]

great job. seems that new fw will be released nearly. looool.

[MRA]

...I've tried using an older one pre-liteon and JF but the best I get is 0x52 ...

I´m pretty sure you are still trying the first method with 1,8V! Please JUST use the 2nd one with the resistor. It is much more reliable!

Guys, stay on topic please...
Either take your arguments in a non technical section, or take it back to XB-S

Totally my point! I´m not going to comment on anything about the benefit or the harm to the scene which is done by publishing my idea. I just want to clarify, noone (!) gave out information that wasn´t already available to everyone. I just used the pinout from TMF, the decap pictures and the datasheets of the SPI. Even how to get in Vendormode with status 0x72 was known before because that is exactly why we can write the liteon after erasing the flash completely.

Finally just let me thank Geremia, ModFreakz and the unknown donor of the decap Pictures!!
Greetz from Germany

[idog]

Just for my understanding and so I buy the correct 22ohms resistor : http://nl.rs-online.com/web/search/searchBrowseAction.html?method=getProduct&R=0386666

Thanks for your brilliant alternative schematic, really beats the epoxy/lifting pins method

And of course thanks to Geremia and ModFreakz as well !

[danthaman]

Me again guys, After a great deal of frustration I've been able only to get 0x80 in either of the configurations MRA 1(1.8v to 3.3v bridge) and the MRA2(22r resistor to ground on pin 101 switched) and I'll be dammed if I can get the sucker to work. Has anyone else dumped an 83850c V2 yet?? Perhaps there is a subtle difference (or have I just cooked the chip during my earlier efforts)

Thanx in advance all, Dan

[DizzyThermal]

I dumped it 4 times in a row and got the same DataSum each time..  Using HexCmp I hex compared each one and got no differences..

Now, the tricky part I guess, finding the key, and importing that key into an iXtreme 1.6 83850c firmware, right?

If i remember right (it's kinda hard to sift through all the BS in here) i believe that you just need to open the firmware in JF as target and it reads out the key (not sure if its the proper key though)....  Here's a quote from earlier in the thread.

Hi man, i'll share something too... I dumped my 83850 with MRA method ... Work like a charm ...

JF opens the original firmware in Destination Firmware and I can clearly see the key ^_^

We can mod all liteon drive now.

Cheers to Microsoft, Liteon and MT ^_^

Wow, that was quick. Off course, I didn´t think that getting the key was sooooo simple. Just tried it myself, loading the OFW as Destination(!) FW works, and we can see the key! Thanks mate for that brilliant idea

Just passing on some (hopefully) useful info...

-Cell

This works great!  Now, is there any reason I should not trust this key?  Or be cautious before erasing the firmware?  Thanks in advance!

[Rogero]

Now, is there any reason I should not trust this key?  Or be cautious before erasing the firmware?  Thanks in advance!

I suggest you take the Key, insert it into a spare drive with the Ixtreme firmware, spoof the firmware to your LiteOn drive Model and try it on your 360, this way you keep the original Drive safe with it's stock firmware, unless you don't have a spare drive then it's better to wait till someone with spare drives can confirm this is safe, I will do this as soon I can find some free time to work on it,I will post my results when done.
Good luck

Rogero

[YD]

A question for MRA really, after undertaking the PCB modificatons to get a full dump, will the drive function correctly in XBOX360 with just the switch wire removed between "PIN 101 & GRD", basically leaving the 3.3 volt wire in place and without rebridging the "cuts" on the PCB.


Thanks in anticipation.

[MRA]

Me again guys, After a great deal of frustration I've been able only to get 0x80 in either of the configurations MRA 1(1.8v to 3.3v bridge) and the MRA2(22r resistor to ground on pin 101 switched) and I'll be dammed if I can get the sucker to work. Has anyone else dumped an 83850c V2 yet?? Perhaps there is a subtle difference (or have I just cooked the chip during my earlier efforts)

Thanx in advance all, Dan

First remove everything and try if he drive is still ok!

And As mentioned at least once before the cuts should be bridged aftr dumping! Although the drive seems to work, i'm not sure if it still will work if laser or spindle motor need more current!

[legueux]

Now, is there any reason I should not trust this key?  Or be cautious before erasing the firmware?  Thanks in advance!

I suggest you take the Key, insert it into a spare drive with the Ixtreme firmware, spoof the firmware to your LiteOn drive Model and try it on your 360, this way you keep the original Drive safe with it's stock firmware, unless you don't have a spare drive then it's better to wait till someone with spare drives can confirm this is safe, I will do this as soon I can find some free time to work on it,I will post my results when done.
Good luck

Rogero

It has been tested with successfull on my forum :

J'ai spoofé un ixtrem 1.61 benq en lite on 74850 avec cette clé et ca fonctionne.

In english

I spoofed an ixtrem 1.61 Benq in liteon 74850 with this key (which is displayed by JF) and it's work.

[xbox360sexual]

It is NOT a short between 1,8V and 3,3V, thats why you have to lift pin 122 as well. Because just 101 and 122 are internally connected. I lifted all 3,3V pins to make sure that this is correct! But I already considered to use a resistor to make it more secure, but more on that tomorrow, at least I hope to find time to improve the whole thing.

As I already said: for now this method need some nuts!

How does this hack work then? I'm guessing putting 1.8v through to the 3.3v pin, which is shared with the mtk and spi controller, is enough voltage to power the mtk but not enough for the spi? So the mtk sees a "dead" spi flash, you put 3.3v back in and then you can read the "live" spi?

Thing is, how does the mtk keep its status when you flip the switch from 1.8v to 3.3? Because somewhere along that line, you'll be going from 1.8v to 0v to 3.3v, switching the mtk off and resetting its status?

[MRA]

@All of you who are obviously to lazy to read the whole thread: FORGET THE 1,8V METHOD!

[megamania2004]

i have dumped the firmware 93450c
256kb
but dont find the KEYS
Jungle Flasher wont open the dump
how i get que keys?

[caster420]

i have dumped the firmware 93450c
256kb
but dont find the KEYS
Jungle Flasher wont open the dump
how i get que keys?

Locations were outlined earlier in this thread.

Caster.