DG16D4S Drive (360 Slim Drive)

[xstationbr]

I've only 2 pc and 1 slim drive here, can someone run this test and PM me the result? DMA or PIO, and sata controller in use.
Thanks in advance

http://www.megaupload.com/?d=NB14CJ7S

I forgot to save the results, but i gonna try again later and go post for you under PM and Image Shack here for everybody see the results too.

And sorry for my bad english but i dont speak english im Brasilian and Portugueses is my language.
Well See yah.

[HKFenixgamesDD]

Is ben dumped Jungle

[bonzo pl]

[HKFenixgamesDD]

this is the file I got by jungleflash after using the program Geremia

[HOMiE7]

Just took my Xbox 360 Slim apart and found that I have different FW Ver in my Philips & Lite-on DG-16D4S drive. It's 0225.

[Sleepy]

this is the file I got by jungleflash after using the program Geremia

do you have valid key? or 0000?

[lugi]

How about you f***ing read the thread before asking a question like that? Just THREE postings above your insanely stupid question it was clearly stated that you can NOT get the key with this.

Again,.. don't you ppl even read!?

[mprenditore]

1. you CAN'T dump the firmware becouse you can do this only if the flash is empty (like all LITE-ON)

So you're saying you can dump a firmware from an empty flash? How is their firmware on an empty flash? If there's nothing you can "add" on this thread, just shut up like I tend to do now. Makes this place have some use.

I probably expressed myself badly in my post. I just wanted to express my opinion to clarify what was the operation of the program.
If I remember correctly all LITEON have a system of protection of the reading of the flash, in fact the method of cross cutting "has been specifically designed to bypass this protection.

From what I understood, the memory area containing the KEY DATA and CALIBRATION is readable, but not the entire firmware, because there is a protection of the reading.
Once the flash has been erased, is also removed the block of reading, so if you write new code, you can then read it without problems.

Can someone tell me what did I do wrong?

Thanks, and sorry for my English

[dallebull]

I get that same screen as HKFenixgamesDD,  Jungleflasher tells me that "Drive is in vendor mode" afterwards but i don't get any log :/
Using NF4 chipset with drivers removed, with em, JF doesn't find any drive at all.

Offt:
Would it be even remotely possible to use like a Benq/Sammy to play backups on the slim?
I don't really see why the liteon should work better just course it's allready an Lite-On in it, as long as the key is correct it should works anyway, or am i wrong?
If we could get the key that is... My god damn Launch Xenon died on me a couple of days ago, for real this time.... no power at all and the god damn oven didn't help So i need my Slim flashed asap before i get the shakes


 

[xstationbr]

I dont post not here yet because i take same results like " HKFenixgamesDD " and a " 16D4Stest.bin "and in this .bin i hasn't apearly be a empty Firmware made by the " 16D4Stest.exe " well i wait for any result in here and Ready to make tests.

É isso ae galera Brazil na Veia hahaha

[dpacro]

Just to say , i remember that some controllers can be force to overclock so that they can reinitialize themselves. By the time they get reinitialize we can inject some code. Maybe there is a work around with this new controller...

Anyway i'm not an expert on the subject.

[Geremia]

Thanks for running the test app, i figured out nothing interesting from it but thanks for doing it anyway, ehehheeh

http://www.megaupload.com/?d=40NWA8ZZ

I had no time, no will and no more than 2 drive to test, and i'm not willing to support it too much, it's just a proof of concept.
It can contain bugs and it's not an idiot proof app.
I spent 2 months of spare night-time on this, from decapping to fullrawdump, passing by descrambling fw, reversing fw, bruteforcing, finding usefull cdb commands, bugs and tricks. This is the result, not the beginning of something else.
Since it's my hobby, i'm free to do what i like, just enjoy it or hate it, i dont' care
Slim liteon is well detectable and also lockable to a permanent read-only SPI flash, it's just a matter of MS to push the red button.


Tarablinda  v0.4b

Usage  : Tarablinda [SATA PORT] [dump|erase|rewrite] [file to flash]
Example: Tarablinda E480 dump
Example: Tarablinda E480 rewrite newfw.bin

Special: Tarablinda E480 dump full
         Experimental risky fulldump

Tarablinda is a collection of hacks and tricks which i discovered during hw and fw exploration.
It's only a proof of concept, I take no responsibility for any damage it may causes.
I've checked on Via controller (with drivers removed) and Intel ICH7 several time, against 2 different drives with same FW revision.
There could be different FW revision out here, it could not work for several reasons.

dump:
   it dumps the dvdkey and checks it with MS drive auth protocol,
   like the console does everytime you poweron, so it's good for sure.
   It's not a destructive/invasive dump.

   It dumps also serials (1FFE0 area)
   It also dumps the whole dvdkeyarea, included the latest 0x10 bytes of such area, which are unique per drive too.
   It also dumps sectors 3Dxxx 3Exxx

   Dummy.bin is nothing else than a blank file with dvdkeyarea, 3D000-3EFFF and serials in place, not jf compatible.



//////////experimental-risky//////////////////
dump full:
   Like above, then checks if 3D-3E sectors are the known ones, rewrites 3E with patched code to make the fw
   send us the full dump.
   It's a little risky cause we can't know for sure if the dumped 3D-3E sectors are really that sector numbers.
   Since scrambling the same data at different addrress results in different scrambled data, we can be quite sure.
   But again, this is beta software and consider you are risking on your own, it's your choice.
   

Erase and Rewrite(which is an erase+write) are mainly for studying purpose
   Unless you have a full dump of your drive,
   erase and rewrite are not recommended for the most
   



Special thanks to Kai Schtrom - Maximus - TeamModFreaks


As usual, use at your own risk


Geremia

[dangal]

Thanks man for your time!!!!!

[morenomdz]

Thank you very much, gonna spend some time on it right now!

Thanks again!

[loggio]

I opened my xbox and realised my phillips drive has a different firmware than what other people are stating they have - FW VERSION: 0225
Having said that, i still tried your program, but had no luckl.
I'm convinced it's the Firmware Version, but it could also be something i'm not doing correctly.

here's what i did.. Please inform me if i've done wrong.

1. Downloaded and unpacked your program to a folder on my desktop called "XBOX SLIM"

2. Connected my Xbox 360 slim drive to my computer via SATA and used the xbox to power the drive.

3. Ran iPrep to find the 4 digit address of the DVD drive.

4. ran command prompt and cd into my XBOX SLIM folder

5. Typed the command: "Tarablinda_v04b.exe 0170 dump" and hit enter

I then get an error stating it's "unable to unlock drive" and failed.

If i've done nothing wrong, and this is purely a firmware thing, what can be done about it?

Thanks in advance

[the-green]

Hello fiends & Geremia you're a good man brother it's super from you to do all this work for the 360 slim possessor's Now we can get the key ....
Thank you thank you thank you very very very much & thanks also to Kai Schtrom - Maximus - TeamModFreaks for their work....

[Vampirtc]

Thank you very much.

[mat989]

where is that guy?! I forgot his name... oggysomething?!


Thnx Geremia, you always help w/o asking for anything in return....

[TheTechnician]

where is that guy?! I forgot his name... oggysomething?!


Thnx Geremia, you always help w/o asking for anything in return....

you have to add wheres is that guy named like butterfly too.



Good job Geremia, one question, you was able to put that key in a hackable drive ? spoof it and get it working ?
or this still a "proof of concept" to those guys ?
Im asking because i dont have a slim right now to be able to test this

[marcel2552]

I opened my xbox and realised my phillips drive has a different firmware than what other people are stating they have - FW VERSION: 0225
Having said that, i still tried your program, but had no luckl.
I'm convinced it's the Firmware Version, but it could also be something i'm not doing correctly.

here's what i did.. Please inform me if i've done wrong.

1. Downloaded and unpacked your program to a folder on my desktop called "XBOX SLIM"

2. Connected my Xbox 360 slim drive to my computer via SATA and used the xbox to power the drive.

3. Ran iPrep to find the 4 digit address of the DVD drive.

4. ran command prompt and cd into my XBOX SLIM folder

5. Typed the command: "Tarablinda_v04b.exe 0170 dump" and hit enter

I then get an error stating it's "unable to unlock drive" and failed.

If i've done nothing wrong, and this is purely a firmware thing, what can be done about it?

Thanks in advance

i think it would be helpfull to know the production date of your xbox for Geremia.



Its on the back above the HDMI/usb port.

(the date behind: MFR DATE).