|
Xumpy
|
 |
« on: August 19, 2012, 08:00:50 AM » |
|
I've seen on the site of c4eva that team xecuter announces a replacement kit for the 16D5S drives.
Sure that's nice to unlock it but you would still need to glitch the console to retrieve the correct keys right?
How does fcrt.bin works with a replacement kit btw. Is it possible to create an original firmware for your drive if you have your fcrt.bin, serial, enquiry and dvd key???
I wouldn't mind to get myself a coolrunner 3 just to glitch a corona and put a replacement board inside the 16D5S drive.
Afterwards I would get my coolrunner out of there and make the xbox retail again.
However if you need to have your console glitched (not retail) for this replacement board to work then it becomes to pricey.
If you would still need a glitch couldn't you use a replacement board for a 16D4S and spoof the drives???
Not that it would matter much, a replacement board is 50$ and a complete new drive is 70$.
So in short what would be the advantages to have a replacement board for a 16D5S drive???
Thnx
Regards
Xump
|
|
|
|
|
Logged
|
Once your mind is running, returning to its original state feels like standing still.
|
|
|
GHR
Newbie
Posts: 7
|
|
« Reply #1 on: August 19, 2012, 09:00:27 AM » |
|
I tell you what: The Xecuter Lite-On 1175 DG-16D5S Unlocked Replacement PCB will soon be in full production and will be released in conjunction with c4eva's iXtreme LT+ v3.0 for Lite-On 1175 DG-16D5S which will move into the team testing stage shortly. Details concerning key dumping and the necessary processes and/or hardware will be announced at a later time, but c4eva himself has revealed that it will NOT require RGH. Source: Team-Xecuter. Anyways, lucky we've got guys like The Artificer & his dev crew. It was them who moved the wheels on this one.. I wonder what Geremia will have to say about these PCB clones..  |
|
|
|
|
Logged
|
|
|
|
xb0b
Newbie
Posts: 6
|
|
« Reply #2 on: August 19, 2012, 12:06:23 PM » |
|
be nice if the IC chip can be replaced like on the d4s drives |
|
|
|
|
Logged
|
|
|
|
|
a5m
|
|
« Reply #3 on: August 19, 2012, 03:57:45 PM » |
|
be nice if the IC chip can be replaced like on the d4s drives would be amazing! the good old 1339E chips + SPI might still work - if same pinout? |
|
|
|
« Last Edit: August 19, 2012, 03:59:16 PM by a5m »
|
Logged
|
|
|
|
|
wmb88
|
|
« Reply #4 on: August 19, 2012, 07:28:23 PM » |
|
how do you read the 1175 drive? will that require decapping the chip in order to read the firmware/key?
|
|
|
|
|
Logged
|
|
|
|
|
MastaG
|
|
« Reply #5 on: August 20, 2012, 03:30:06 AM » |
|
yeah, TX will soon sell a decap-kit for dumping the firmware.
Easy-to-apply acid for the average joe.
|
|
|
|
|
Logged
|
I understand. You found paradise in America, you had a good trade, you made a good living.
The police protected you and there were courts of law.
And you didn't need a friend like me.
But, uh, now you come to me, and you say: "Don Corleone, give me justice."
But you don't ask with respect.
You don't offer friendship.
You don't even think to call me Godfather.
Instead, you come into my house on the day my daughter is to be married, and you ask me to do murder for money.
|
|
|
|
iateshaggy
|
|
« Reply #6 on: August 21, 2012, 06:57:13 PM » |
|
na fool, after u use the home decapping premeasured acid and neutralizer a simple quick solder board does all the work.
|
|
|
|
|
Logged
|
|
|
|
|
a5m
|
|
« Reply #7 on: August 24, 2012, 10:21:32 PM » |
|
be serious - letīs wait for a replacement for MS freaky ROMS  |
|
|
|
|
Logged
|
|
|
|
|
Geremia
|
|
« Reply #8 on: August 27, 2012, 07:02:23 PM » |
|
Sincerely, this time i promised myself to seat and wait, so far here i'm.
If a speculation is permitted, i think this time MS did a good job with drives (fact), you could decap, dump, decrypt,you could get into vendormode, but this time dvdkey is not so easy reachable.
But even if you have dvdkey, what replacement pcb? where the hell do you find an mtk chip with such crypto hw? in the 12euros pc dvdrom? I can't believe they did the same cheap-ass mistake again, an mt1339 is not enought this time.
If i'll see such solution, i'll be glad to clap hands.
|
|
|
|
|
Logged
|
|
|
|
|
glaze83
|
|
« Reply #9 on: August 28, 2012, 01:26:48 PM » |
|
mt1335we were available for $7.50US the same day the winbond hack was released... after it doubled.
|
|
|
|
|
Logged
|
|
|
|
|
nivaldo
|
|
« Reply #10 on: August 31, 2012, 08:20:21 PM » |
|
Excellent observation Geremia as always, I have many pieces 16D5S 1175 for donation to Geremia, if needed for experiments.
|
|
|
|
|
Logged
|
|
|
|
|
mat989
|
|
« Reply #11 on: September 01, 2012, 09:59:01 AM » |
|
Official Video Release of coming Freedom 1175 Board Replacement
Before we begin, some notes regarding the 16D5S drives and why we made the choices that we made :
First of all, the SPI eeprom is locked just like in the old drives and the WP pad is connected to GND, thus making it impossible to erase/rewrite.
Why the old Geremia/kamikaze style method is not feasible in the 16D5S drives :
The area were the WP wire can be cut is less than 1mm in length and the WP bonding wire runs parallel to the DO bonding wire with around 0.1mm of separation between them.
Cutting the WP wire without damaging the DO wire is doable when the chip is decapped and under a good microscope but we can't see any way where someone can do this without some serious lab instruments.
For this reasons we have developed a replacement PCB, similar to our previous Freedom replacement PCB but with some additional hardware needed to cope with the enhanced crypto requirements in the 16D5S firmware. This PCB will replace the original drive PCB and work on any unmodded Xbox360 (including the 4GB V2 coronas and those with dashboard 15572+ ).
The firmware is finished and stable and has all the features you would expect :
stealth, XGD3, all titles work (basically everything iXtreme 3.0 has) plus some additional features that we are testing and considering for inclusion in the final release. source : the Matrix team http://www.infinitymod.com/http://www.youtube.com/watch?v=WTZzt1t-bMA |
|
|
|
« Last Edit: September 01, 2012, 10:01:14 AM by mat989 »
|
Logged
|
|
|
|
|
misterfly
|
|
« Reply #12 on: September 02, 2012, 01:06:13 AM » |
|
Hmmmmm this time not Remember to see WP bonding to go linked GND on mt 1332
|
|
|
|
« Last Edit: October 31, 2012, 08:22:35 AM by misterfly »
|
Logged
|
|
|
|
|
Xumpy
|
|
« Reply #13 on: September 03, 2012, 01:51:20 AM » |
|
They mention that writing and erasing is impossible but not directly reading so they probably found a new way of reading the serial, enquiry and dvd key. Still I wonder. Some time ago Tiros posted a toppic about the Firmware Challenge Response Table (fcrt): http://www.xboxhacker.org/index.php?topic=15490.0To bad it went a flaming toppic before the real info was posted on this file. I tried to search for some more info but couldn't find it directly... On a glitched console we can patch the fcrt.bin so we can run any drive on this console. But what exactly does fcrt.bin hash. The serial and the enquiry?? Is it possible to create a firmware without a complete dump of your drive. I have never used replacement boards. I've always done kamikaze or russian hacks on slims so forgive me if this is a noobish question. I know that you can only make a complete dump when your drive is unlocked. But now it would be impossible to make a complete dump isn't it? I'm missing something cause I've always created ixtreme dumps before and erased the entire board to flash the new hacked firmware. But still I read off people who had there dvd keys but would get play dvd errors because of this fcrt (might be cause of spoofing other drives). So what exactly is hashed by this fcrt.bin file so that these replacement boards would work? Thnx Regards Xump |
|
|
|
|
Logged
|
Once your mind is running, returning to its original state feels like standing still.
|
|
|
|
Xumpy
|
|
« Reply #14 on: September 03, 2012, 02:26:18 AM » |
|
Ok I found more about this in the Software area: http://www.xboxhacker.org/index.php?topic=18051.msg136058#msg136058So it appears that there are 3 types of fwcrt. The first type of fcrt.bin contained just the drive type. Which we could handle once we had a complete dump of one drive. It was always the same. The second type of fcrt.bin contained also the serial, enquiry and dvd key. So now fcrt.bin is always different but the dummy.bin file contained all that information. => It was probably in this period that people would get these play dvd errors but with a new custom firmware you could resolve this? So according to the tread the 16D5S has a simplified version of the second type. I don't know what that means but I would guess that if you have an original dump off any drive and mix this with your serial, enquiry and dvd key you could get a replacement board to work at least if that replacement board works with the original dump off just any drive off the same type? So my conclusion is that fcrt.bin is just so you can not spoof a different drive type but if you have the serial, enquiry, dvd key and a drive off the same type that you can unlock this is no problem. Is this correct? Regards Xump |
|
|
|
« Last Edit: September 03, 2012, 02:29:13 AM by Xumpy »
|
Logged
|
Once your mind is running, returning to its original state feels like standing still.
|
|
|
teknoz
Newbie
Posts: 8
|
|
« Reply #15 on: September 03, 2012, 02:33:14 AM » |
|
Hmmmmm this time not Remember to see WP bonding to go linked GND on mt 1332  It just looks like the eeprom WP is now connected to the main chip instead of going directly to the package pins but that does not mean that it isn't GND. If you notice in the same picture, the pad below WP is the eeprom GND and that is also connected to the main chip, not to a GND pin in the package. Furthermore from what I can see, the pads next to where this wires connect have some bonding going under the resin. It is very likely that they connect to a metal support just under the chip which is usually also used as GND plane (much like in pcb design). So my take on this is that WP is connected to GND but not to a package pin, but the the main chip GND instead (which from MS side also makes sense, since you make old hacks much more difficult). |
|
|
|
|
Logged
|
|
|
|
|
misterfly
|
|
« Reply #16 on: September 14, 2012, 08:25:43 AM » |
|
The spi in not locked  |
|
|
|
|
Logged
|
|
|
|
|
centaur2
|
|
« Reply #17 on: September 14, 2012, 08:41:58 AM » |
|
So, if the SPI is not locked, what else is the reason for the replacement boards.
Only a money making scheme?
|
|
|
|
|
Logged
|
|
|
|
|
rockmetal
|
|
« Reply #18 on: September 18, 2012, 08:53:45 PM » |
|
The spi in not locked what do you mean? So if the spi its not locked, why tx and matrix says is hard locked? you can read the fw? |
|
|
|
|
Logged
|
|
|
|
xb0b
Newbie
Posts: 6
|
|
« Reply #19 on: September 19, 2012, 05:12:02 AM » |
|
The spi in not locked misterfly care to elaborate what you mean its not locked  |
|
|
|
|
Logged
|
|
|
|
|
Dilber MC Theme by HarzeM