DG16D4S Drive (360 Slim Drive)

[jelle2503]

get rich quick scheme

take 3

get ready geremia 

[Oggy]

get rich quick scheme

take 3

get ready geremia  

HAHAHAHAHAHAHAHAHA ! the irony....

You're at the very top of that "$#!t post list".........

[jelle2503]

thanks for that ego boost, I knew you'd reply to me

[Geremia]

Does anyone knows a cheap decapping service in europe?

If only they still used the MT1319L, eh?

What's exactly the problem you have with me?

About the video, at least it proves the dvdkey displacement was found inside the dump, obtained by decapping.
I will not be surprised if a spoofed DG-16D2S is running inside that slim, anyway i don't care too much.
 

[Oggy]

I do not have a problem with you, you just assume I do. If I had a problem, I wouldnt have shared my dumps for blank 3c000 data, with you, would I.

I just find it ironic you need it decapped and you were the author of the thread that led to MRA .....

[sweet_hemp]

that video doesn't prove anything! ok it's C4E, but until a reproducible method to dump the dvdkey is found and released, fake or not this video is just a hype generator. hopefully they'll share some more details about dumping this drive.

best regards

[q36]

The issue comes down to the new authentication, which is not really implemented yet.

[MODFREAKz]

Hey!

Here is some information about MediaTek and updated pinouts!!





Example:

MediaTek
MT1339E
0942-BLSL
CUF31056

1. Model:	MT1339E
2. Manufacturing Date:	0942 (Oktober 2009)	// (Format Year/Week, two digits for each)
3. Series:	B
4. Unknown:	L
5. Unknown:	S
6. Product Information:	L (Si)	// (ROHS/Lead-free product)
7. Lot Number:	CUF31056
8. Unknown/Serialnumber:	none

   

[misterfly]

strange this i think is little different 

[Usuario-X]

Here We go!

[oc]

feel like MRA method will work.

[asapreta]

We only can wait and especulate.

Bets on a device permanently attached to drive/console.

[BoNg420]

We only can wait and especulate.

Bets on a device permanently attached to drive/console.

It will probably be something along the lines of the MRA method with the 93450c.  I don't imagine them producing a chip for it, but something like they did for the 93450 and other liteons that LT Clip piece of $#!t thing that more noobs f*** up then the Boxxdr method.  I can't believe that so many people mess up a solution that is supposed to be noob friendly, but they are always ripping pads and traces or bad cuts.

I don't know whats so hard about cutting a few traces and exposing some traces/pads.  If you never have picked up a solder iron before, then you should stay clear of one.  Guess I can't detour everyone from soldering, as I am self taught thanks to xbox1 modchips, but some people should not touch electronics or they should practice on broken stuff first. I've successfully recovered about 4-5 drives now from ripped up pads/traces.  There was one I could not get though, every pad for the LT clip was ripped up, the traces were overcut to the trace below for one of the cuts.  Dunno what the hell was up with that one, just had no luck.

[Pacote-san]

We only can wait and especulate.

Bets on a device permanently attached to drive/console.

It will probably be something along the lines of the MRA method with the 93450c.  I don't imagine them producing a chip for it, but something like they did for the 93450 and other liteons that LT Clip piece of $#!t thing that more noobs f*** up then the Boxxdr method.  I can't believe that so many people mess up a solution that is supposed to be noob friendly, but they are always ripping pads and traces or bad cuts.

I don't know whats so hard about cutting a few traces and exposing some traces/pads.  If you never have picked up a solder iron before, then you should stay clear of one.  Guess I can't detour everyone from soldering, as I am self taught thanks to xbox1 modchips, but some people should not touch electronics or they should practice on broken stuff first. I've successfully recovered about 4-5 drives now from ripped up pads/traces.  There was one I could not get though, every pad for the LT clip was ripped up, the traces were overcut to the trace below for one of the cuts.  Dunno what the hell was up with that one, just had no luck.

OggyUK already stated on X-S that the way they did is out of reach for 99,9% of the modders so my guess is that they used professional industrial skills to get the dump, but now are researching a way to make easier (and profitable to them) to the end user and modders...

My guess is some kind of modchip too....

[mat989]

OggyUK already stated on X-S that the way they did is out of reach for 99,9% of the modders so my guess is that they used professional industrial skills to get the dump, but now are researching a way to make easier (and profitable to them) to the end user and modders...
My guess is some kind of modchip too....

When Geremia made a thread asking for beta LT to test, OggyUK was making fun of him in #fw, days later Geremia decrypted the LT....So dont worry much about what OggyUK says...

[Oggy]

Just take solace in knowing I know how it was done, so I can comment on the difficulty level.

[Geremia]

..but, from what misterfly told to be doing, can be easily guessed

-find 3-4 drops of fuming nitric acid, > 90%, difficulty= depends on money and black market
-apply on top of the IC, difficulty=depends on how much you take care of your life, better to find a chemical laboratory that does it for you
- disconnect the bonding wires and connect to an external programmer, difficulty=hight, you need a very steady hand, a microscope, some conductive silver/gold paste
-dump the spi flash
-take a pc dvdrom with MT1339, see if it uses the same scrambling algo, if yes, no more need of the mt1335
-if different scrambling algo, you have to reuse the mt1335, reconnect wires, resolder the IC on the pcb, very difficult
-if the drive is still alive, rewrite dvdkey (with the kown MS-standard atapi cmd) with your own dvdkey, something like 010203040506....., redump flash back.
on old liteon ,the dvdkeyarea was not scrambled and probably is still not for security measure (fw has to be able to reflash it without exposing the mediatek scrambling algo), it was semirandom data created by the fw during dvdkey reflashing, based on (if i remember well) the only first dvdkey byte, so, hope it's the same, and change 1 bit in the first dvdkey byte and rewrite it, dump back, compare with other dump. If things are changed, needs more flash and redump, difficulty=hight if you have to use the MT1335, low if you can use the MT1339

if you have the fw descrambled, there is no need to tell misterfly to get mad to find dvdkey displacement, it's all explained inside fw.
So, my best guess is that the slim drive is not hacked at all, you found the dvdkey of that damn drive and inserted into a spoofed old liteon, but there is still the need of:

-find the fw scrambling algo
-find a way to easily dump at least dvdkey
-find a way to easily erase the spi
-find a way to easily write the spi

Hat off to the steady hand, the slim console booted a backup, but the slim liteon is not hacked yet.

[Rogero]

Thanks Geremia for the most logical explanation exactly what I thought when I first saw the video
keep it up man and good luck with your new research.

[mat989]

..but, from what misterfly told to be doing, can be easily guessed

-find 3-4 drops of fuming nitric acid, > 90%, difficulty= depends on money and black market
-apply on top of the IC, difficulty=depends on how much you take care of your life, better to find a chemical laboratory that does it for you
- disconnect the bonding wires and connect to an external programmer, difficulty=hight, you need a very steady hand, a microscope, some conductive silver/gold paste
-dump the spi flash
-take a pc dvdrom with MT1339, see if it uses the same scrambling algo, if yes, no more need of the mt1335
-if different scrambling algo, you have to reuse the mt1335, reconnect wires, resolder the IC on the pcb, very difficult
-if the drive is still alive, rewrite dvdkey (with the kown MS-standard atapi cmd) with your own dvdkey, something like 010203040506....., redump flash back.
on old liteon ,the dvdkeyarea was not scrambled and probably is still not for security measure (fw has to be able to reflash it without exposing the mediatek scrambling algo), it was semirandom data created by the fw during dvdkey reflashing, based on (if i remember well) the only first dvdkey byte, so, hope it's the same, and change 1 bit in the first dvdkey byte and rewrite it, dump back, compare with other dump. If things are changed, needs more flash and redump, difficulty=hight if you have to use the MT1335, low if you can use the MT1339

if you have the fw descrambled, there is no need to tell misterfly to get mad to find dvdkey displacement, it's all explained inside fw.
So, my best guess is that the slim drive is not hacked at all, you found the dvdkey of that damn drive and inserted into a spoofed old liteon, but there is still the need of:

-find the fw scrambling algo
-find a way to easily dump at least dvdkey
-find a way to easily erase the spi
-find a way to easily write the spi

Hat off to the steady hand, the slim console booted a backup, but the slim liteon is not hacked yet.

If you needed paypal donations that will help you in your research -paying for hardware/services-...make sure to PM pls....

thnx,

[misterfly]

..but, from what misterfly told to be doing, can be easily guessed

-find 3-4 drops of fuming nitric acid, > 90%, difficulty= depends on money and black market
-apply on top of the IC, difficulty=depends on how much you take care of your life, better to find a chemical laboratory that does it for you
- disconnect the bonding wires and connect to an external programmer, difficulty=hight, you need a very steady hand, a microscope, some conductive silver/gold paste
-dump the spi flash
-take a pc dvdrom with MT1339, see if it uses the same scrambling algo, if yes, no more need of the mt1335
-if different scrambling algo, you have to reuse the mt1335, reconnect wires, resolder the IC on the pcb, very difficult
-if the drive is still alive, rewrite dvdkey (with the kown MS-standard atapi cmd) with your own dvdkey, something like 010203040506....., redump flash back.
on old liteon ,the dvdkeyarea was not scrambled and probably is still not for security measure (fw has to be able to reflash it without exposing the mediatek scrambling algo), it was semirandom data created by the fw during dvdkey reflashing, based on (if i remember well) the only first dvdkey byte, so, hope it's the same, and change 1 bit in the first dvdkey byte and rewrite it, dump back, compare with other dump. If things are changed, needs more flash and redump, difficulty=hight if you have to use the MT1335, low if you can use the MT1339

if you have the fw descrambled, there is no need to tell misterfly to get mad to find dvdkey displacement, it's all explained inside fw.
So, my best guess is that the slim drive is not hacked at all, you found the dvdkey of that damn drive and inserted into a spoofed old liteon, but there is still the need of:

-find the fw scrambling algo
-find a way to easily dump at least dvdkey
-find a way to easily erase the spi
-find a way to easily write the spi

Hat off to the steady hand, the slim console booted a backup, but the slim liteon is not hacked yet.

lol but, and perhaps have a dream? stop dreaming