Progress: Dumping SS.bin With Hitachi

[TSS]

Some people @ xbox scene gave me the advice to post this here, so i'll give it a try and hope someone can help ...

It's nearly a perfect dump you can do with the hitachi, only very few bytes are missing ...
Here is how:

1. Do a memdump in DOS:

memdump_win [Drive Letter] 10200 8 8000 SS.bin

2. Combine following file areas of SS.bin together as shown:

offset 00035CEC (size: 2d0 byte)
+
offset 00035CE7 (size: 4 byte)
+
offset 00035FC0 (size: 38d byte)
+
offset 00036E00 (size: cf byte)
+
offset 00036E00 (size: cf byte) >Yes, thats right, we need it two times
+
00 (Add NOP)

I used Hex Workshop for combining the parts ...

What's missing (marked as red FF)


As you can see, the security sector is nearly perfectly dumped using a hacked Hitachi drive, it's only missing very very few bytes @ the beginning of the file (about 45 bytes). The problem is: It won't boot without those 45 bytes 

If anyone has ideas or suggestions where to look for a dump of those 45 missing bytes, please give hint/ inspiration/ whatever ...

Thanks

[stonersmurf]

The hitachi will only dump a raw SS. Those 45 bytes can not be dumped with the current firmware, for the samsung they are created in 0800 firmware.
So it would take some real knowledge of the hack to make the hitachi create these extra bytes.

[TSS]

Thank you for the answer ...
I won't give up just yet, there's gotta be a way to do it ...

[stonersmurf]

Thank you for the answer ...
I won't give up just yet, there's gotta be a way to do it ...

Yes theres a way, but it would require making your own firmware like the samsung's 0800. Like I said before it would require quite abit of knowledge of the hack.

[TSS]

Hmm ... what about using "bus hound" ? ...
or are the missing bytes firmware specific and have nothing to do at all with drive an media ?

[stonersmurf]

Check out this thread: http://www.xboxhacker.net/index.php?option=com_smf&Itemid=33&topic=1620.msg16675#msg16675

[TSS]

Thanks mate

SeventhSon wrote:

You'd need a patched Hitachi FW that would capture these values in realtime

So my question is: Would a software as powerfull and expensive as "bus hound" capture these values aswell ?
I know some people were doing lots of crazy s**t with their dvd drives using "bus hound"
so i can't imagine chances for getting the missing bytes are low ...

Do you think it's a waste of time playing around with "bus hound" and my Hitachi ?

[stonersmurf]

I would say its a waste of time. Your better off spending that time learning assembly and patching the firmware to store the timing values into the ram. And like SeventhSon said that might not be all the data thats needed.

[TSS]

Well stonersmurf, to be honest, it's been a long time since I've been messing around with assembly code (how could you know that btw. ?)
It'd take me a really many hours to complete such tasks and I'm defenitely not the right guy for such things. To be honest, I doubt I'll be able to successfully do this, next thing is, I doubt I could do it in any decent time. I'm not a professinal programmer - but I never said I was *gg*

About 5 years ago, I fell in love with some more user friendly and - of course - easier to understand programming languages and I sticked to it till today.
I actually never needed to code anything in assembly that my friendly programming languages wouldn't do aswell (maybe even better) for me.

I did some very, very basic assembly stuff in the good old dos days, using SoftIce etc. - but thats all about it ... nothing worth to be mentioned anyway.
I thought I'd just let you know, since you seem to be a very friendly person.

What i did was creating some nice little tool, which runs under windows xp, based on the discoveries I posted in this thread.

Don't know if I'm the first one who discovered those things, but most important: I don't even care if I was or not . I never spent much time in your forums until last week, but what I discoverd, I discovered solely on my own, with some ideas taken from that excellent PDF tutorial which you are hosting here.

What I made out of my - not enormously great knowledge and skills in programming - was that tool I mentioned above, which has the function to search for individual, significant bytes within a raw dump (made by a hacked Hitachi) then compares those byte strings with the corresponding ones in a true "xtreme way" dumped security sector and tells you, if you can use it for burning or not ... sounds pretty easy, I know, but it might save you lots of coasters.

It can also rebuild security sectors "the xtreme way" from a raw dump (without the few missing bytes of course)

Want me to upload it here ?

I read C4E's gonna iclude the possibility to dump security sectors in the next release of his hacked firmware, so i guess we'll all be lucky and I don't have to mess around with assemby

Have a nice weekend mate

[MacDennis]

So my question is: Would a software as powerfull and expensive as "bus hound" capture these values aswell ?

You mean something like a bus (logic) analyser? The answer is still and remains no. The data bus is encryped.

[TSS]

Yes, that's the right word ... The data bus is encrypted ... Oh dear, alright, then let's wait for C4Es next firmware