360 FW hacked

[burgemaster]

@ Macdennis

Before i waste any more of my time, pls could you tell me, can my Hitachi 3120L drive only be dumped by using a "s-ata to p-ata converter" ??

I dont own one, only have Sata ports on my mobo. 

Cheers

[silverpalm]

so the Hitachi is the lg drive i keep reading about.this is the drive you can dump the firmware with software,

[burgemaster]

yes m8, ive been reading for nearly 2 hours, the mrs is going mad.

heres what ive gathered so far but it could be (and probably will be) way out..
nothing is my own, all extracted from various post on the forum

Reading Hitachi 3120L firmware with XP:

1) Make a ms dos boot disk with windows xp, add the following: plscsi.exe (for dos),  DVRFLASH (for dos)
2) Connect the SATA plug on the DVD Drive to the sata adaptor
3) Connect the power lead of the drive to the 360
4) Earth the Drive/360 chassis with the pc case chassis (croc clips)
5) Load up MS DOS boot disk
6) when in dos run "plscsi -w" to list the drives
7) to dump the firmware run the following commands:

plscsi -p -v -x "E7 48 49 54 01 00 91 00 00 00 D0 00" -i xD000 -t d0.bin
plscsi -p -v -x "E7 48 49 54 01 00 91 00 D0 00 D0 00" -i xD000 -t d1.bin
plscsi -p -v -x "E7 48 49 54 01 00 91 01 A0 00 D0 00" -i xD000 -t d2.bin
plscsi -p -v -x "E7 48 49 54 01 00 91 02 70 00 D0 00" -i xD000 -t d3.bin
plscsi -p -v -x "E7 48 49 54 01 00 91 03 40 00 C0 00" -i xC000 -t d4.bin

copy /b d0.bin+d1.bin+d2.bin+d3.bin+d4.bin 3120L_descrambled.bin


PLEASE NOTE THIS IS UNTESTED BY MYSELF AND MOSTLY GUESSED FROM READING POSTS

pls edit it any1 if ive missed anything or made any huge mistakes !!!!! lol

[Slack3er]

Please Note: I haven't dumped my 360 fw YET, but have used this method on other LG drives. So take my advice, lightly. If I made any misstakes, please tell.

Personally, I think the easyier way is with memdump. Nice summary on how to do it http://www.kev.nu/360/dvdshort.html

If you dump with a hardware programmer, I believe the fw will be encrypted(Use FirmCrypt to Decrypt). But if you dump via software the fw will be decrpted.

1) Make a ms dos boot disk with windows xp, add the following: plscsi.exe (for dos),  DVRFLASH (for dos)

You don't need a boot disk, you can use Linux or Windows.

2) Connect the SATA plug on the DVD Drive to the sata adaptor

The 360 drive has to be detected by either your sata bios or OS to dump your firmware. If your bios detects it and your os don't or reverse, that appears to be ok.

3) Connect the power lead of the drive to the 360

Refer to link above for warning.

4) Earth the Drive/360 chassis with the pc case chassis (croc clips)

Refer to link above.

5) Load up MS DOS boot disk

No Need

6) when in dos run "plscsi -w" to list the drives

It appears you can't list the 360 drive under plscsi. Bug? not sure?
You forgot step 6.5, you need to "set plscsi=?", refer to plscsi website. Look for tutorial.

7) to dump the firmware run the following commands:

plscsi -p -v -x "E7 48 49 54 01 00 91 00 00 00 D0 00" -i xD000 -t d0.bin
plscsi -p -v -x "E7 48 49 54 01 00 91 00 D0 00 D0 00" -i xD000 -t d1.bin
plscsi -p -v -x "E7 48 49 54 01 00 91 01 A0 00 D0 00" -i xD000 -t d2.bin
plscsi -p -v -x "E7 48 49 54 01 00 91 02 70 00 D0 00" -i xD000 -t d3.bin
plscsi -p -v -x "E7 48 49 54 01 00 91 03 40 00 C0 00" -i xC000 -t d4.bin

copy /b d0.bin+d1.bin+d2.bin+d3.bin+d4.bin 3120L_descrambled.bin

Looks fine.

[silverpalm]

so using the memdump program we can dump the firmware then modd it then reflash it back to it the drive.

[Slack3er]

so using the memdump program we can dump the firmware then modd it then reflash it back to it the drive.

Remember I no expert on this. From what I read, memdump can only dump the drives memory. Ex. ROM, RAM, Etc. Includes key, fw.

I don't know any method to reflast the drive(Only HW programmer), so no memdump can't flash your fw.

[Arakon]

no, you can NOT flash it back at this time. not without desoldering the chip.

[burgemaster]

Thx slacker  

1) X
2) X
3) X
4) X
5) X
6) CORRECT !!

not bad 1 / 6 !!

That link is awesome!! wish id found that around dinner time  

Now ive learnt you can use Native SATA and not just the SATA-PATA adaptor, im gonna try and dump the firmware on my drive tmrw

Would really like confirmation that the PLSCSI commands used above, cannot write or damage the firmware on the chip at all, that these command are just for reading etc etc ?

could i ask one last Q     for the people that used the external chip like in the pic below:



Can you simply solder the 32 wires onto the legs of the existing chip and then disable the onboard chip by maybe earthing it or something? or do you have to remve the chip then resolder the 32 wires out to the removable/external chip & socket?

Ive just removed the socket from an old alladin xbox1 chip its wired up and ready to go !

[Motoko]

@TheSpecialist:
I think that you are right, you are a hacker.
 But your you can put a tutorial of how you have made the study of firmware of the DVD. That is to say, your can make a tutorial of how you did it: 
1) What programs you used,
2) How you spied on the communication between DVD and CPU
3) If you used any emulator
4) if you inserted any code or  hardware like a PIC and how they must connect these devices electricamente

That is to say, single the necessary thing so that we know like your hacking the hardware so that we pruned to prove those ideas with other types of machines
Thanks

[Slack3er]

I think you have more right than 1/6 . IMHO, the dos bootdisk is a unnessary step. But I have read people dump there fw under dos.

I don't know anyone yet, who has dumped via native sata. Can someone comment? It seems the sata to pata had the best luck. But that could have changed?

Again I haven't dumped my 360 fw with though commands. But I read there only for reading memory. Its a debug command the someone forgot to remove. But I did use it on another lg drive, it didn't harm that drive. I read it seems ok, but your still taking the chance.

Regards;

[silverpalm]

ok sorry i seem to be writeing wrong thing at times,what would you use to desoldering the chip.

so you would dump the firmware,then desolder the chip. then rewrite to the chip the new firmware sorry if this going over old ground

[burgemaster]

I think that firstly the epoxy has to be removed from around the chip, with some kind of solvent, then ive been told either using heated IC tongs, or 2x hot air guns the chip can be removed.



This is the samsung board

It would then be read using a willem programmer and adaptor to fit that chip

[robinsod]

To read your flash chip from the TS you need to remove it from the main board. It is epoxied in place and You PROBABLY WILL DAMAGE the PCB.

This is another fine rason for not releasing a patch, too many peeps will wreck their drives. Please, there's no hack for you to apply, and all you will do is void your waranty or worse, trash your whole system. For any hack to be viable it would require 'weaponising' such that anyone can use it. Im 100% certain an LG Windoze flasher is possible in the very near future & Im 99.99% certain a TS flasher is do-able too. You can dump your LG key (at a minimum) using software and if you can't do that successfully trying to remove the flash is A REALLY BAD IDEA. Of course it's your 360 and you can do anything you want to it.... Including sell it on EBay as 'faulty'

Its been 2 months since TheSpecs first hack and I dont see any clones yet do you? So why are you trying to wreck your expensive 360s for no reason?

[jse]

you look to have broken a trace at the bottem left of the sst

[ASTRAL]

also could i ask, the dumps from the 2 hitachi drives on the xboxhacker page, are the firmwares decrypted at all? or are they raw just how they would be read from the chip?

If you can find the the plaintext device manufacturer string in the firmware then they are not scrambled. Crypted is not the correct word.

HAHA! Man that's the best mod yet!

[jse]

i think i've figured it out, its not a copy of pg3 its just a dvd video of project gothem 3 getting played back on the 360

[TheSpecialist]

i think i've figured it out, its not a copy of pg3 its just a dvd video of project gothem 3 getting played back on the 360

Try to insert a DVDR video and compare the laser activity and report your findings here, Sherlock

[silverpalm]

what the same way its not a real 360 maybe a dvd player made to look a like a 360 comon please this is the real deal and maybe one day or not it normal people may get to use the beefits of this hack.

[ZenoX]

@TheSpecialist

PLEASE, i beg of you to release this great new discovery to the public. I want it soooooooo bad, when i look at my normal 360 now it looks like an old carboard box thats dated and seems almost useless ........i can hear it whispering to me now......"Hack Me..." 

Anyways now ive got that off my chest.

THANK YOU FOR ALL YOUR HARD WORK!

I have checked both video's and it deffinitly is the real thing. I think sometimes when people look into these things too much its like they are trying to find a fault/start a conspiracy even though they should know already its the real thing.

X

[gusradio]

[
Try to insert a DVDR video and compare the laser activity and report your findings here, Sherlock

TS Why are you only responding to doubters??  There have been a ton of reasonable questions on this and other forums.