Maximus 1.1 Hitachi Firmware Stealth-Maker - ALL VERSIONS !!!

[ranad]

hmm i dont like these STEALTH Versions.
It is ok to run Copies, but it's not ok to manipulate the XBox360 Live Online to make it possible to use Copies with Hacks/Trainers to use cheats at the Online Live System.

i agree with this, it sucks when ppl start hackin/cheating games n using it online, look wat happened to halo 2, that sucks

[kreon]

Yes, there are several ways to still gets catched by M$ but the funny part is trying to cover all of them

Yes, you're absolutely right. Great work btw.

but the big question is, can m$ run this code throught the dashboard to the drive ??

Sure... code can be uploaded and executed as you please even though it wouldn't be practical during gameplay.

I'm glad you are around to tell us what is wrong and right

[bigcat]

Nice work.
I'm impressed.

You guys are staying ahead of the big MS.

[TheSpecialist]

Hehe, nice work, congrats !

However keep in mind that 100% protection is nearly impossible on the Hitachi, since custom code can be uploaded to the drive's memory and executed from there. So MS could always upload a checksum routine 'on the fly' and there's no way this can be stopped beforehand.

I believe that the Sammy can't execute uploaded code, so that drive will always be 'safer'in my opinion. But then again, since one drive can and the other can't, i doubt that MS is going to do this (since they'd have to check what drive is in the 360 and this check forms a big weakness itself of course and could be easily hacked)

Anyway, it will be interesting to see what MS is going to do. But you guys are taking away already quite some options for them

[TheSpecialist]

Also quite ironic how the roles have changed now 180 degrees: hackers working on the 'security' of their hacks and MS who is going to have to 'hack' the security implemented by the hackers, lol Are they even allowed to do that, under DMCA ? Lol 

[[TONE]]

HAHA, TS good to see u chime in on this topic!

*nevermind*

Cant wait for hitachi xtreme3.0

[bourke]

How hard would it be to have the Hitachi-LG drive purport to be the Toshiba-Samsung?

I.e. wouldn't it simply be as easy as changing the device name / firmware version that is returned as a string?!



It is almost certain that Microsoft will plug this hole exactly the same way that they did for the TSOP problem on XBox 1 - they will remove the flashable chip (and replace it with a custom embedded ROM).

The thing is that the XBox-1 007 exploit was discovered in March 2003... and the security hole was plugged in the March 2004 production runs...


So there could be 12 months supply left of these hackable drives (especially since they are made by third party companies)!

[garyopa]

It is almost certain that Microsoft will plug this hole exactly the same way that they did for the TSOP problem on XBox 1 - they will remove the flashable chip (and replace it with a custom embedded ROM).

The thing is that the XBox-1 007 exploit was discovered in March 2003... and the security hole was plugged in the March 2004 production runs...

So there could be 12 months supply left of these hackable drives (especially since they are made by third party companies)!

There is less than 12 month supply left. Back in Feb. when the first details were released by TS, M/S already started to search for a new
company to supply a better DVD drive. Starting after Fall, and in marketing push against the Sony PS3, you will see the x360's being sold
before XMAS and after XMAS, containing a new DVD drive designed by the merger of BenQ and Lite-On. The only problem is
that MS needs to have some type of flash device on the DVD drive, as they need to program it with your "drive key" themselfs,
plus be able to update during the repair process. If they are smart they will use eeprom to store the "drive key" and have all
the code in read-only non-writable memory.

[SFW]

CONGRATS!!!

On yours and those involved in your work....

[Phased]

Very interesting.  MS is going to have a hard time with these first gen drives.

Hopefully I dont eat my words

[carranzafp]

Just to answering some doubts that I have received:  If you dump only 1 sector or even better if you dump only 1 byte  instead of the full content it will return the original sector/byte also. 

I know that sounds pretty obvious for somebody but it is better to bold it

[doobzilla]

Thanks!

[sTix]

Can you run the restore.bat from OPA's 2.1 release to restore the drive back to factory state after applying the stealth firmware?

[garyopa]

Can you run the restore.bat from OPA's 2.1 release to restore the drive back to factory state after applying the stealth firmware?

Nope, you must manually follow the info in the README on Maximus release in returning the firmware back to un-stealth first
before running my Restore.bat

My next release will have an updated Restore to handle this, but at the moment you must manually flash back the two sectors
from Maximus release as per the info in his README, please make careful note of the ORDER in which this must be done to work.

[sTix]

Can you run the restore.bat from OPA's 2.1 release to restore the drive back to factory state after applying the stealth firmware?

Nope, you must manually follow the info in the README on Maximus release in returning the firmware back to un-stealth first
before running my Restore.bat

My next release will have an updated Restore to handle this, but at the moment you must manually flash back the two sectors
from Maximus release as per the info in his README, please make careful note of the ORDER in which this must be done to work.

Thanks Gary.  I thought that but I just wanted to check.

From the readme:

- In case you need to RESTORE to un-stealth version you must restore the
          sectors on inverse order, so first restore 90033000 and then 90005000
     never flash the second sector before flashing sucessfully the first
          one or you will brick the drive (no more windows detection) also ensure
          to restore from a crypted version of your firmware.

Can you give me the commands to run to restore these sectors back before I run your restore.bat?

Keep up the good work and we look forward to your next release.

[carranzafp]

Actually you will not need to restore it, leave with the stealth on !

I am sure garyopa new release will handle the possibility of an "already stealth" image on the drive.

But in case you still want to restore here are the steps

Step 1:
      XXflash <your drive> <your_previous_image_crypted> 90033000 1000
run that again if an error appears, only go to step 2 when 1 sucess

Step 2:
      XXflash <your drive> <your_previous_image_crypted> 90005000 1000
Replace XXflash with the version you need:
  47flash if your drive is 47
  46flash if your drive is 46
  59flash if your drive is 59

also take note that "your_previous_image_crypted" can be your ORIGINAL but make sure is CRYPTED 
if you dont know what is "crypted" dont even try.

Note: STEP 2 is not necesary for RESTORE, it is just in case you are good people who likes "all on its place" and your shoes bright and shinning.
Lol

[sTix]

Actually you will not need to restore it, leave with the stealth on !

I am sure garyopa new release will handle the possibility of an "already stealth" image on the drive.

But in case you still want to restore here are the steps

Step 1:
      XXflash <your drive> <your_previous_image_crypted> 90033000 1000
run that again if an error appears, only go to step 2 when 1 sucess

Step 2:
      XXflash <your drive> <your_previous_image_crypted> 90005000 1000
Replace XXflash with the version you need:
  47flash if your drive is 47
  46flash if your drive is 46
  59flash if your drive is 59

also take note that "your_previous_image_crypted" can be your ORIGINAL but make sure is CRYPTED 
if you dont know what is "crypted" dont even try.

Note: STEP 2 is not necesary for RESTORE, it is just in case you are good people who likes "all on its place" and your shoes bright and shinning.
Lol

So my firmware was read after I hacked and it was named hacked.bin.  I then flashed the stealth sectors (stealth-e.bin)  To restore the sectors for a v47 drive (F: in Windows), would the commands be:

firm e hacked.bin hacked-e.bin
47flash f hacked-e.bin 90033000 1000
47flash f hacked-e.bin 90005000 1000

then from GaryOPA's package, run:

restore.bat


Sound right? 

[The M.A.R.T.]

This is wonderful news. Too bad I have a Samsung..

Probably the first time I regret having a Samsung actually.. lol 

Get the MS28 FW on your Sammy and you're having the same stealth protection

[sTix]

This is wonderful news. Too bad I have a Samsung..

Probably the first time I regret having a Samsung actually.. lol 

Get the MS28 FW on your Sammy and you're having the same stealth protection

I didn't think the stealth maker worked on Samsungs.

[JohnnyVolcano]

Actually you will not need to restore it, leave with the stealth on !

I am sure garyopa new release will handle the possibility of an "already stealth" image on the drive.

But in case you still want to restore here are the steps

Step 1:
      XXflash <your drive> <your_previous_image_crypted> 90033000 1000
run that again if an error appears, only go to step 2 when 1 sucess

Step 2:
      XXflash <your drive> <your_previous_image_crypted> 90005000 1000
Replace XXflash with the version you need:
  47flash if your drive is 47
  46flash if your drive is 46
  59flash if your drive is 59

also take note that "your_previous_image_crypted" can be your ORIGINAL but make sure is CRYPTED 
if you dont know what is "crypted" dont even try.

Note: STEP 2 is not necesary for RESTORE, it is just in case you are good people who likes "all on its place" and your shoes bright and shinning.
Lol

So my firmware was read after I hacked and it was named hacked.bin.  I then flashed the stealth sectors (stealth-e.bin)  To restore the sectors for a v47 drive (F: in Windows), would the commands be:

firm e hacked.bin hacked-e.bin
47flash f hacked-e.bin 90033000 1000
47flash f hacked-e.bin 90005000 1000

then from GaryOPA's package, run:

restore.bat


Sound right? 

I would also like to know this. Since the readme is a bit vague on the restore process to un-stealth firmware, I would like to know if the method described above is the correct one? It seemed to me the most logical one, but I would like to know for sure before attempting this.

Thanks.