|
BlueCop
|
 |
« Reply #60 on: April 13, 2006, 04:52:18 PM » |
|
Also i made a ppf3 patch one can apply to their extracted firmware if anyone is interested. remove the jpg from the file name. you can use any ppf-o-matic 3 or similar to patch. i noticed you metioned you might do this earlier. i hope i am not steping on toes by posting it. if so i can remove
|
|
|
|
|
Logged
|
|
|
|
|
BlueCop
|
|
« Reply #61 on: April 14, 2006, 11:57:05 AM » |
|
robinsod: could you help me for a second? in your code you set bit P1.5 but i don't know what function this serves. i know it will send a high level to a pin on the processor but what is it really doing for us in the code. sorry if this is elementary but any help is appreciated.
is it the write enable pin or something? thanks for the responses. i think i understand the code now that i have commented it and run it through a simulator. I am slow with assembly
I am going to test out my modifications in Simulator2003 because it has a terminal emulation window.
|
|
|
|
|
Logged
|
|
|
|
|
ChaosBoy
|
|
« Reply #62 on: April 19, 2006, 04:30:07 AM » |
|
Also i made a ppf3 patch one can apply to their extracted firmware if anyone is interested. remove the jpg from the file name. you can use any ppf-o-matic 3 or similar to patch. i noticed you metioned you might do this earlier. i hope i am not steping on toes by posting it. if so i can remove
@BlueCop Hi!!! what can i do with this patch?? its only 4 testing??? and what can i test with it? is it a piece from the puzzle who we need to solve to hack the firmware??? Greets ChaosBoy |
|
|
|
« Last Edit: April 19, 2006, 04:31:49 AM by ChaosBoy »
|
Logged
|
Greets
ChaosBoy
P.S: to be or not to be... a hacker!!!
|
|
|
|
MacDennis
|
|
« Reply #63 on: April 19, 2006, 04:53:10 AM » |
|
what can i do with this patch??
I'm guessing but I think it allows you to add the security sector dumper code to your flash. its only 4 testing???
This is xboxhacker, everything is provided as-is and at your own risk. and what can i test with it?
is it a piece from the puzzle who we need to solve to hack the firmware???
You need several pieces. Some of these pieces are the security sector and the cpr_mai bytes. You will need those at least. I think the full raw sector is being dumped, if that's the case then the required cpr_mai bytes can be found in the sector header. |
|
|
|
|
Logged
|
|
|
|
|
k0mpresd
|
|
« Reply #64 on: April 19, 2006, 08:59:02 PM » |
|
not sure if this is any significance or not but i got the SS to dump via mtkflash and the firmware patch that bluecop posted using the hdd/sata hotswap method that he posted as well yesterday
its for pgr3...if anyone wants to take a look @ it let me know...i have perfect dark zero and halo 2 that i can dump as well
|
|
|
|
« Last Edit: April 19, 2006, 09:02:10 PM by k0mpresd »
|
Logged
|
|
|
|
|
k0mpresd
|
|
« Reply #65 on: April 19, 2006, 09:52:59 PM » |
|
all 3 dumped correctly it looks like and all 3 are different
|
|
|
|
|
Logged
|
|
|
|
|
k0mpresd
|
|
« Reply #66 on: April 19, 2006, 10:19:14 PM » |
|
so someone mind telling me what it is im looking @ when i look @ 5000-57ff? i realize its the ss but what is it exactly..?? tia
|
|
|
|
|
Logged
|
|
|
|
|
BlueCop
|
|
« Reply #67 on: April 19, 2006, 10:25:58 PM » |
|
|
|
|
|
|
Logged
|
|
|
|
|
ChaosBoy
|
|
« Reply #68 on: April 20, 2006, 02:29:15 AM » |
|
so someone mind telling me what it is im looking @ when i look @ 5000-57ff? i realize its the ss but what is it exactly..?? tia
u tell that the SS's on all 3 dumps are different...  @BlueCop so it's the fw-hack not universal 4 all the games??? Good stuff... but... we aren't expert hackers... we're on the beginning..  right?? k0mpresd??? |
|
|
|
|
Logged
|
Greets
ChaosBoy
P.S: to be or not to be... a hacker!!!
|
|
|
|
MacDennis
|
|
« Reply #69 on: April 20, 2006, 02:35:48 AM » |
|
so someone mind telling me what it is im looking @ when i look @ 5000-57ff? i realize its the ss but what is it exactly..?? tia
u tell that the SS's on all 3 dumps are different... Ofcourse it is, this has been known for a long time already. @BlueCop
so it's the fw-hack not universal 4 all the games???
Depens on the fw-hack. The latest fw hack is universal but it requires ISO patching, read all about it here: http://www.xboxhacker.net/index.php?option=com_smf&Itemid=33&topic=481.0 |
|
|
|
|
Logged
|
|
|
|
|
Dzgx216
|
|
« Reply #70 on: April 20, 2006, 02:41:01 AM » |
|
so someone mind telling me what it is im looking @ when i look @ 5000-57ff? i realize its the ss but what is it exactly..?? tia
u tell that the SS's on all 3 dumps are different... @BlueCop so it's the fw-hack not universal 4 all the games??? Good stuff... but... we aren't expert hackers... we're on the beginning.. right?? k0mpresd??? Sorry to say it, but yes, the SS is different per game. Dump your ram with a couple of different games in the drive and you'll see some differences. There are some similarities, which may be useful to note.... but only time will tell on that one, eh? |
|
|
|
|
Logged
|
- Danzig -
|
|
|
|
MacDennis
|
|
« Reply #71 on: April 20, 2006, 02:42:40 AM » |
|
so someone mind telling me what it is im looking @ when i look @ 5000-57ff? i realize its the ss but what is it exactly..?? tia
Try to read the original firmware hacking thread again, a lot of stuff about the ss is explained there. Yes I know it's big but we have a nice search button which might be handy.  http://www.xboxhacker.net/index.php?option=com_smf&Itemid=33&topic=76.0The ss dump should be a raw dump. You could verify the dump with the standard way to format a raw sector, I explained the raw sector format here: http://www.xboxhacker.net/index.php?option=com_smf&Itemid=33&topic=359.msg3600#msg3600To descramble the security sector and to read the drive challenge/response table you might want to take a look at the SecurityDecryptor posted by robinsod a while ago. Note that this program expects the security sector data to be in a particular format. Look at the included examples. Note that we aren't able to decrypt the host challenge/response table. This was possible on the xbox1 but not (yet) on the x360. |
|
|
|
|
Logged
|
|
|
|
|
ChaosBoy
|
|
« Reply #72 on: April 20, 2006, 02:47:48 AM » |
|
ok guys... thnxx a lot 4 ur help... i will try to read all the posts and learn learn learn... |
|
|
|
|
Logged
|
Greets
ChaosBoy
P.S: to be or not to be... a hacker!!!
|
|
|
|
MacDennis
|
|
« Reply #73 on: April 20, 2006, 03:03:24 AM » |
|
ok guys... thnxx a lot 4 ur help... i will try to read all the posts and learn learn learn... Why the ? Knowledge is power right? You can't hack this stuff without having a good basic understanding of the security mechanisms. Again, anyone serious about hacking this beast is making the same mistake IMHO. Start with the xbox1, a lot easier and you can use all the knowledge gained on the x360 because it's based on the same principles. Try to replicate TheSpecialist' his hack first, others have done this too and so can anyone else. It will make your life easier in the long run .. |
|
|
|
|
Logged
|
|
|
|
|
evestu
|
|
« Reply #74 on: April 20, 2006, 07:20:12 AM » |
|
so would you say the xb1 8050L drive is best to use since the 3120L drive based on the same firmware layout ??
or would you say start with the phillips or the sammy ?
as far as i take it 8050L or the sammy seems to be the most posted about in the dvd hacking thread?
also to dump the SS with the xb1 drive can you dump the memory the sameway like memdump??
because you can not get the required cpr_mai bytes from useing the plscsi
command?
thanks
|
|
|
|
|
Logged
|
|
|
|
|
MacDennis
|
|
« Reply #75 on: April 20, 2006, 09:35:40 AM » |
|
so would you say the xb1 8050L drive is best to use since the 3120L drive based on the same firmware layout ??
Not all routines are the same but many, many are. or would you say start with the phillips or the sammy ?
Most research has been done for the LG drives .. as far as i take it 8050L or the sammy seems to be the most posted about in the dvd hacking thread?
True, well the LG drives in general are the most popular. also to dump the SS with the xb1 drive can you dump the memory the sameway like memdump??
Yes. because you can not get the required cpr_mai bytes from useing the plscsi command?
Well, you can dump the high memory from the LG drives by using plscsi. The high RAM will have a copy of the full raw security sector which also contains the cpr_mai bytes .. |
|
|
|
|
Logged
|
|
|
|
robinsod
Global Moderator
Xbox Hacker
Posts: 648
Perl packed my shorts during global destruction
|
|
« Reply #76 on: April 21, 2006, 08:54:00 AM » |
|
"robinsod: could you help me for a second? in your code you set bit P1.5 but i don't know what function this serves. i know it will send a high level to a pin on the processor but what is it really doing for us in the code. sorry if this is elementary but any help is appreciated. is it the write enable pin or something? thanks for the responses. i think i understand the code now that i have commented it and run it through a simulator. I am slow with assembly." I think P1.5 is an enable for the WE pin on the flash, I spent fricking hours studying the routines in the drive that write to flash and then tested various combinations until I got it working. I cant tell you exactly what it does Suffice to say that if you use the code 'as is' it will work and it can be used as the start point for logging almost anything you are interested in..... All in all getting that code to work was dull & dificult, I hope it helps someone |
|
|
|
|
Logged
|
|
|
|
|
scmc0011
|
|
« Reply #77 on: April 25, 2006, 03:18:14 PM » |
|
typo
|
|
|
|
|
Logged
|
|
|
|
|
scmc0011
|
|
« Reply #78 on: April 25, 2006, 03:21:03 PM » |
|
|
|
|
|
|
Logged
|
|
|
|
|
Zenofex
|
|
« Reply #79 on: April 26, 2006, 05:58:42 PM » |
|
Sorry if this has been asked before but i tried to browse through the forum for the answer before i asked. Did anyone ever figure out how to dump the memory of a TS h943 from a pc?
|
|
|
|
« Last Edit: April 26, 2006, 06:04:29 PM by Zenofex »
|
Logged
|
|
|
|
|
Dilber MC Theme by HarzeM