Liteon secrets? I'll share something with you

[xbox360sexual]

@All of you who are obviously to lazy to read the whole thread: FORGET THE 1,8V METHOD!

Is this aimed at me? I was merely interested in how this hack works.

[NEO_X]

i did read the whole  thread but i dont understand it anymore is there someone who can make pictures of the installation include the materials used like switches and so on

would be appriciated

greets

[JungleJim]

Hi Folks
  you can use Jf ver 1.67 to read dumped stock f/w files. But please bear in mind that as of 1.67 there was no reason to support 83v2 and v92. Also, 1.67 was released early in reaction to sammy/benq 1.61 leak. At that time a large overhaul was ongoing to the firmtools engine to accommodate encrypted lite-on f/w natively .

1. Open the dump in the target
  note** i. liteon encrypted f/w will not open on the source tab.
              ii. 93 f/w will show as 74 as they are very similar...
              iii. 83 v2 will look like 83 again very similar
2. right click in the target tab and select "Save Dummy"
3. now reopen this dummy on the source side.
4. open which ever Lite-on f/w YOU think is best in the target side
  note** 1.67 will NOT spoof a 93 correctly to non-encrypted types
  however, 167 will not alter the inquiry between lite-on revs
  so if you use the f/w Carranzafp posted the inquiry strings will be unaltered,
  but the key and serial info WILL be transferred.... and there will be no e66....
  Read his warnings
  http://www.xboxhacker.net/index.php?topic=12990.0
5. if you are feeling lucky flash it

We will endevour to release a fully functional version in the coming days.
Again we are under pressure due to unforseen circumstances.
I refuse to release half baked code. no ETA... ready when its ready....

C4 has mentioned f/w.... but we'll wait and see...

/JJ

[The M.A.R.T.]

i did read the whole  thread but i dont understand it anymore is there someone who can make pictures of the installation include the materials used like switches and so on

would be appriciated

greets

A simple guide will turn up soon enough. But if you lost track already you might want to wait a bit longer untill there might be found an easier way, like the BenQ first also needed a switch and soldering but shortly after it could be done without opening the drive.

[xbox360sexual]

The problem is that the embedded spi flash pins are not present outside of the mtk chip, except vcc and ground which are shared with other internal stuff).

Use some imagination, and feel free to do what you want with your discovery.

I don't understand, so if we're now able to simply pull that 3.3v pin to GND and extract the f/w, then the fact the pin is shared with other internal stuff was never actually an issue?

[princewassim]

Hey guys, I have a Lite-ON 83850c v2 and have already done all the soldering and have set up a switch with a 22 Ohm resistor..  I can get DosFlash to work and run with a 72 status, but the read either hangs at Bank 0 or Bank 1..

Somethings wrong..

My setup:  VIA VT6421 RAID Controller [installed/uninstalled]
Windows 7 Ultimate 64-bit
DosFlash64 (portio64.sys)
Xecuter CK3 Pro Powering the Drive

Any other information I'm happy to help..

Thanks in advance guys
==========================================

Alright anything I try I'll post back for my progress..

I've tried Standard (Xecuter CK3 Pro) - Reading Bank 0..Reading Bank 1 [HANG]
I've tried Mode B (Xecuter CK3 Pro) - Reading Bank 0 [HANG]
I've tried Xbox for power source - Reading Bank 0 [HANG]

This is all of course using MRA's Method
===========================================

I got a dump!  "Reading finished! DataSum: E98D"

What I did:
After switching to position 2, I waited 8 seconds (figuring the drive had to refresh) and I got a dump..

Now.... How are you suppose to validate this dump?
===========================================

I dumped it 4 times in a row and got the same DataSum each time..  Using HexCmp I hex compared each one and got no differences..

Now, the tricky part I guess, finding the key, and importing that key into an iXtreme 1.6 83850c firmware, right?

can you tell me how you flash it ?? like  83850 v1 ?
do  you the dvd room half open ?

[Fitsman]

The new liteon fw-83850c after august 09 must be soldering to get the key or there is an easyiest way without soldering at all(Like first 83850c).

A lot of thanks.

[jelle2503]

Hi Junglejim glad you signed up, thanks for the work on JF.. its much appreciated maybe not by most but im looking forward to it even tho i have no use for it, i like reading changelogs on good apps

@ fitsman really? did you  have to ask lol.. in the topic your answer is in ?

[NEO_X]

i did read the whole  thread but i dont understand it anymore is there someone who can make pictures of the installation include the materials used like switches and so on

would be appriciated

greets

A simple guide will turn up soon enough. But if you lost track already you might want to wait a bit longer untill there might be found an easier way, like the BenQ first also needed a switch and soldering but shortly after it could be done without opening the drive.

soldering skills are fine  i am also be able to solder a d2ckey onto a wii but its just confusing so if you have pics to show and what to do i can hack my august drive

[MRA]

i did read the whole  thread but i dont understand it anymore is there someone who can make pictures of the installation include the materials used like switches and so on

I thought this was not necessary because it is definately no mod for noobs and all other should know what they´re doing, but here is a pic of the cable and the switch (jumper) installed at the backside of the board. Don´t forget to make the 2 cuts!

[Blackaddr]

There has to be one badass pullup on pin 101 and/or 122 because even a 100ohm pulldown didnt even affect the voltage -- thats with both pins connected to 3.3 and both pins lifted.

Another interesting fact; with both pins lifted the drive amazingly enough works as the voltage floats at around 2.5

The fact that you need such a strong pull down means you are fighting a against a power rail or strong driver which is probably not a good idea.

An SPI interface is an open drain/collector design.  When a SPI device is not accessing the data line, or it wants to drive LOGIC 1, it puts the line driver in HI-Z, and a pullup on the line somewhere will pull the line high.  When the device wants to drive LOGIC 0, it actively drives the line low (grounds the line).  

The whole point of this trick is to get the SPI to read as all 0xFF.  Has anyone tried disconnecting the ground pin(s) instead?  If you can find the ground pin that provides references to the internal SPI data line driver, but keep all other grounds connected so all other logic is unaffected, then you should get the intended result with out fighting internal power rails or other drivers.

I would try this myself but I do not have any Lite-ons.

In order for this to work the ground pin for the SPI driver in question cannot be shared with any other circuitry needed to get into vendor mode, which also assumes all ground pins are not internally tied together in the package (unlikely since bonding wires cost money and they will all be grounded to a plane on the board).

- Blackadder.

[MRA]

You don´t understand how the hack is working! It not enough to remove VCC or GND from the SPI, because without power supply the SPI wouldn´t get recognized by Dosflash, so that would lead to "unknown flash chip". We need to get the SPI into Write Inhibit mode:

To quote the datasheet:

"When VCC is lower than VWI, the internal logic is reset and the flash device has no response to any command."

And because VWI is at about 2V we need to pull it down quite hard. And to calm you, in the last 2 days this has been made on at least 15 drives, and not one died (at least when people did it who have some soldering experience), so everything shoud be OK!

[Blackaddr]

@MRA:

No I didn't understand.  The details were not discussed in this thread and I don't have the datasheet.  Before I recommend to my friends they try a method I like to understand what the theory behind it is, not just the black magic.

Thanks for explaining.

- Blackaddr

[Ghaladan]

MRA, that image you posted appears to be using different solder points than the diagram you posted a few pages back. Are those simply alternate points?

[MRA]

You´re right, til now I was just to lazy to describe everything in detail.

And yes, I just used alternative points. I just soldered it directly to the lines instead to the vias, the solder resist has to be scratched away at these places anyway to bridge the cuts after dumping.

[xbox360sexual]

@MRA:

No I didn't understand.  The details were not discussed in this thread and I don't have the datasheet.  Before I recommend to my friends they try a method I like to understand what the theory behind it is, not just the black magic.

Thanks for explaining.

- Blackaddr

Indeed. I asked politely for an explanation earlier and was rudely put down. Meh.

[legueux]

You´re right, til now I was just to lazy to describe everything in detail.

And yes, I just used alternative points. I just soldered it directly to the lines instead to the vias, the solder resist has to be scratched away at these places anyway to bridge the cuts after dumping.

MRA, sorry to annoy you with this but could you put a larger picture of the board to have a better view of the cut line near 101 pin, lot of people from my forum don't understant very well how to cut this line (what larger, from where to where...etc).

Sorry again for my request, it's just for everything to be clear.

Thanks a lot.

[needhelpask]

Can i use this switch?

Is this "22 OHM 2W" Ok ?

[princewassim]

i did read the whole  thread but i dont understand it anymore is there someone who can make pictures of the installation include the materials used like switches and so on

I thought this was not necessary because it is definately no mod for noobs and all other should know what they´re doing, but here is a pic of the cable and the switch (jumper) installed at the backside of the board. Don´t forget to make the 2 cuts!

put a big photo ,i can `nt see nothing here

[MRA]

This is the last picture I´m going to take. Everything is in this thread. If you want to know where to cut and solder --> Take a look at the diagram



Here you see one of the cuts a little bit better.



and @princewassim: There is nothing to see on the photo it is just an example of how it could look like.