Cracked Samsung SDG-605B/616T/616F Firmware for Xbox 1 - V2

[Geremia]

@Geremia:

assuming my end sector of the swap DVD is FBA450, then PSN F9FA00 is at 1badc07ff, right?

Consider that a DL disk have a layer breakpoint and it's variable depending of the disk size, so it's more difficult to calculate a layer2 PSN position starting from the beginning of the iso (as i suppose you are doing), that's why it's beter to start backward from the end instead.
Your PSN F9FA00 is at 0xD528000 bytes back from the end of the iso, maybe a more 0x800 bytes backward, don't know exactly, who cares, i've pasted the SS both sectors, now i'm burning and i'll see if it works.

[Arakon]

I went backwards, not forwards, so yeah.. I guess that means I got the right spot. but before I waste another DL blank, I'll see if you get any result with your burn.

[Geremia]

I burned my iso, and for me doesn't work as aspected, anyway doesn't seems a 100% BS, maybe i did something wrong with the iso.

anyway thespecialist unlocker unlocks the drive, then looking at LBA sectors, seems that the first sector is PSN 60000 and not 30000, and this should be correct for xbox1 game disk, right?

anyway with xiso1.1.5 i can't browse the game partition content

on xbox1 console, the drive sounds like he's trying to read an unreadable sector.

Seems my clonecd iso is not correct, i'll check later

BTW: i'm trying 007 AUF pal with the SS supplied with the hacked fw, that differs from the original

[burgemaster]

looks the SS that he posted with the firmware are all legit?

could this mean anything? or could any1 rip the SS from a game?

[Geremia]

hum, seems my iso is not complete, my big dvd was bigger enought in second layer, but not in first layer, i had layerbreak on  1A90AF instead of >= 2033AF (as xbox1 disk "game partition"), i'll try again and let you know

[TheSpecialist]

could this mean anything? or could any1 rip the SS from a game?

Anyone that can dump memory from the drive can do this (and this is pretty easy )

[MacDennis]

Drive response table in his security sector has been rescrambled with the following key: 0x00000000.
This is the 'default' key in a raw sector which could explain why the cpr_mai bytes are not required.

[TheSpecialist]

Drive response table in his security sector has been rescrambled with the following key: 0x00000000.
This is the 'default' key in a raw sector which could explain why the cpr_mai bytes are not required.

This sounds very weird to me. The table itself is $CF bytes long (= 23 entries, each 9 bytes long) and is from byte 0 to byte $CF scrambled with the CPR_MAI. If you rescramble with key 0, then $CF bytes should differ and not $7F bytes .... The Halo 1 SS differs from the 'original' SS from byte $5DF to $65E

[elitedev]

i have not personnally tried a backup yet since i do not have immediate access to a dl burner. i have flashed my drive with this firmware, and original discs do still boot. i tried a backup i had on a regular dvd and it didnt boot, obviously because it was not burned in the proper mannor to work. i actually beleive this one is not a fake as i have looked through the dissassembly and the code path would definatly execute his code, unlike what thespecialist commented earlier in this thread.

[TheSpecialist]

i have not personnally tried a backup yet since i do not have immediate access to a dl burner. i have flashed my drive with this firmware, and original discs do still boot. i tried a backup i had on a regular dvd and it didnt boot, obviously because it was not burned in the proper mannor to work. i actually beleive this one is not a fake as i have looked through the dissassembly and the code path would definatly execute his code, unlike what thespecialist commented earlier in this thread.

I've already said it executes his code. But there are several things weird: first the SS is weird (I can't see why $7F bytes would be changed) and secondly the FW itself is weird (where is the pointer to the new SS location and where did he killl the CPR_MAI check ?). You said you tried it and now you say you didn't.

Anyway, based on the above, I'd say this is a fake ...

[MacDennis]

i have not personnally tried a backup yet since i do not have immediate access to a dl burner.

I thought you confirmed that it was working? 

[elitedev]

well the last one made nothing work on my drive, this time everything i had to put in it worked fine, im assuming this isnt a fake. this guy knows a bunch of stuff and is trying stuff that your hack obviously didnt. just because it seems weird, is only because it is different then yours so it should seem weird. its different. this guy seems to know his stuff so i highly doubt it is a fake. why dont you guys just test it. $#!t u should all be pros at this crap by now.

also note that his securty sectors were all dumped from pal versions of these games, could it differ with an ntsc version?

[MacDennis]

well the last one made nothing work on my drive, this time everything i had to put in it worked fine, im assuming this isnt a fake.

You only tested originals, not backups and you still confirm it to be working?? The logic is beyond me.

The previous statements of the author were proven to be BS so everyone has the right to be sceptic this time around.

[elitedev]

sorry if i was misleading with my previous post. i flashed the drive and i was excited. the last one didnt work worth $#!t, i was dissapointed. this one booted my games no problem. all i wanted to do was experiment i started writing the post and then ended up getting side tracked and i never really finished writing. i didnt fully explain myself, i did mention that i didnt have a dl burner (so i couldnt test backup). once again my apologies.

on the other hand, i am not the only one that had confirmed this to be working.

so far, the author hasnt said any bs this time around. why dont you guys just test this. specialist and you prolly flashed dvd drives a million times now, how bout you tell me if it works or not since you all have the fancy tools to check this.

[TheSpecialist]

sorry if i was misleading with my previous post. i flashed the drive and i was excited. the last one didnt work worth $#!t, i was dissapointed. this one booted my games no problem. all i wanted to do was experiment i started writing the post and then ended up getting side tracked and i never really finished writing. i didnt fully explain myself, i did mention that i didnt have a dl burner (so i couldnt test backup). once again my apologies.

on the other hand, i am not the only one that had confirmed this to be working.

so far, the author hasnt said any bs this time around. why dont you guys just test this. specialist and you prolly flashed dvd drives a million times now, how bout you tell me if it works or not since you all have the fancy tools to check this.

I don't have an empty DL disc at hand and besides, even if I had one: like MacDennis says, why spend a disc at it, I really don't see how this FW could ever work (see my notes)

[uberfry]

try changing the  SS's address in the fw...all security checks have been defeated...right? :X

[evestu]

hum, seems my iso is not complete, my big dvd was bigger enought in second layer, but not in first layer, i had layerbreak on  1A90AF instead of >= 2033AF (as xbox1 disk "game partition"), i'll try again and let you know

did you set the book type ect to DVD-ROM ?

and dvd info pro wont show me the complete dvd media info it said media not support this command?

so i was going do read dvd stucture with a 3120L to see the end sector of the dvd disc useing plscsi commands ? or is there another way to find the end psn of the large dvd disc ?

but are we just wasteing DL discs i thought the author would at least give us the tips on how he made the iso with a bit more detail?

like use clone dvd hotswap / error skipping ,none,software,hardware

why cant you use TS unlocker ,then clone cd ,then use dvdinfo to see end psn,then do sum ,then go to offset with hex editor,add SS,set book type ect to DVD-ROM,burn?

but until a proper test is done no one can tell if it is real or not ??

[TheSpecialist]

Evestu, like Geremia said, use dvdinfo Pro :

In dvdinfopro look a bit under and you'll see something like this:

                           Complete Media Code                           
00000000 08 02 00 00 01 0F 32 10 00 03 00 00 00 FC 94 6F ......2........o
00000010 00 1A 90 AF 00 00 00 52 49 54 45 4B 00 00 00 44 .......RITEK...D
00000020 30 31 01 40 25 25 37 0C 00 28 64 00 28 64 20 1F 01.@%%7..(d.(d .
00000030 0C 0C 14 14 02 01 01 20 00 20 1F 0C 0C 14 14 02 ....... . ......

[TheSpecialist]

but are we just wasteing DL discs

I think this is what the author wants to achieve ...

[evestu]

Evestu, like Geremia said, use dvdinfo Pro :

In dvdinfopro look a bit under and you'll see something like this:

                           Complete Media Code                           
00000000 08 02 00 00 01 0F 32 10 00 03 00 00 00 FC 94 6F ......2........o
00000010 00 1A 90 AF 00 00 00 52 49 54 45 4B 00 00 00 44 .......RITEK...D
00000020 30 31 01 40 25 25 37 0C 00 28 64 00 28 64 20 1F 01.@%%7..(d.(d .
00000030 0C 0C 14 14 02 01 01 20 00 20 1F 0C 0C 14 14 02 ....... . ......

 when i do use dvd info pro  i get (command for media invaild)with big dvd9  but if i put dvd-r in i get the above complete media code