Project to dump the new BenQ drive - VAD6038

[mattrix]

mattrix , as far as I know, Tool Box 4.0 does not read Banq FW, you need to use Hex editer to manualy find out key, Then open MS25 original.bin in Tool Box 4.0 and insert the key, then spoof to Banq.

thank's oc,but do you know,where i can find the key location for benq?my benq 62430CR  firmware.can you show me the offset is possible for benq key?thank's for the answer.

[oc]

mattrix , I hasn't come across any Banq FW. If you read pervious of post, you may find other person's key location.

[oxonater]

Hey peops anyone know if there is a way to find out if the dumped firmware file is correct. I followed the method in one of the posts using just wires and it dumped ok forgot to look at the generated Data sum does this matter is this where the key is too spoof to another drive cheers oxonater
Benq& Philips
model no: VAD6038
Manufactured August 2007
H/W Ver J-DA1A4
f/w Ver  64930c

[Pacote-san]

Strange.. couldnt get it to work here with DOSFLASH32 (using via 6421 here)

tried several times and nothing....

Tried with dosflash16 on dos and got it perfect on the first try

 

[accessdenied]

Hi there, so far I've see only people spoofing the Samsungs MS 25s & 28s as a Benq VAD6038.

Has anyone got this spoofing working on a Hitachi instead?

I've got the Benq (62430CR) on my elite and tried spoofing on my Hitachi 47.
When I loaded it back on the elite and put an original game in, it failed.
And after that it even bricked on running restore.bat

So I'm thinking you can't spoof this Hitachi 47 as a Benq VAD6038?

Also, exactly where is the key on the  Benq with 62430CR?
FW toolbox says C020.
I see some people saying C020 and C030?
Which one is it?

Is it precisely from C020->C02F ?

[mattrix]

you must check using hex edit,because toolbox can't initial the key correctly.thanks to oc.my problem now,i can play backup perfectly,but can,t play the original.someone help me please??

[accessdenied]

And what is the offet range for the key in the 62430CR?
Is it from C020->C02F ?

Thanks

[idog]

Anyone got an idea of how to spoof a Hitachi 46 as a Benq ?

I'm doing it with Hex Workshop, used the binary file 46_23s.bin from the fwpack.rar as a basis and have got this right now :

Original hitachi46 firmware :



Spoofed hitachi46 as Benq :



I have put in the key using the Firmware Toolbox.

Two questions :

1. Is the spoofing correct? Am I missing something ?
2. I am planning of using the spoofed binary to flash my hitachi 46 drive with flash24s.bat (at least the writing part of that file). Do I need to do anything with the Generated encrypted file button in FWTB ?

FWTB now shows this :



Anything I miss ?

Thanks,

idog

[oxonater]

Hi again i need to know how i can locate my dvd key from the benq firmware file so i can spoof to either a hitachi or samsung anyone know how to go about this please. My method of extraction was same as another guy in one of the previous posts only worked using Dosflash 16 and not the windows version kept hanging and i have a Via VT 6421 PCI SATA card cheers oxonater :'p
 
Benq& Philips
model no: VAD6038
Manufactured August 2007
H/W Ver J-DA1A4
f/w Ver  64930c

[oc]

oxonater , pm me your FW dump, see if i can help you out.  My FW is ver 64930c , key locate 0xb030.

[caster420]

Start at A000 and if you see a structure something like this:

7F FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FA

Then your key should start after 'FA' at A030.

If not, move to B000. If you see the above structure, it should be at B030.

If not, move to C000. If you see the above structure, it should be at C030.

And so on....

Hope this helps.

Caster.

[Toddler]

I feel like I'm gonna puke.

I've cut up my drive and finally got it to read out the firmware.  But each time I read it, I get a different DataSum value, and viewing the hex shows numerous differences between dumps.  Can anyone explain what's going on?

[idog]

I feel like I'm gonna puke.

I've cut up my drive and finally got it to read out the firmware.  But each time I read it, I get a different DataSum value, and viewing the hex shows numerous differences between dumps.  Can anyone explain what's going on?

Remove the solder from the traces. Cut the traces deeper and wider. Resolder the wires. Try again.

[Toddler]

I feel like I'm gonna puke.

I've cut up my drive and finally got it to read out the firmware.  But each time I read it, I get a different DataSum value, and viewing the hex shows numerous differences between dumps.  Can anyone explain what's going on?

Remove the solder from the traces. Cut the traces deeper and wider. Resolder the wires. Try again.

Man, you rock.  I can't believe how deep I had to go.  Thank you so much for the clear-headed advice.

[Toddler]

So I just want to confirm before I screw this up:

1. Take the generic ixtrem12.bin and hex edit to inject the BenQ drive name and key
2. Flash to MS25 drive

That should be it, right?  Or do I need to dump the MS25 firmware first for any reason?

Added: Which is more recommended, the "fast" or "quiet" Samsung firmware?

[gigabite]

Ok people after a couple of hours trying to spoof a BenQ (64930C) as an MS28 (because all the fw locations in *any* of the firmwares I has simply didn't exist) I have created an MS28 (Xtreme 5.3B firmware) spoofed as a BenQ  - tested and working with orig and backed games - available for download here :

(http://rapidshare.com/files/55643994/1FA.BIN)
(http://www.sendspace.com/file/rlp3bk)

Ok now, as for you wanting to replicate this on a different firmware (on a Samsung drive)...these are the *exact* locations and what you must do (alternatively you can PM me with your key and I will make you a FW and upload it here)

*Get your MS25/28 firmware, insert your BenQ key with FW toolbox
*Save it as ORIG.BIN and place it in the appropriate folder (for iXtreme etc)
*Make the hacked fw file
*Open the hacked fw file in HexWorkshop (I found this to work better)
*At location 000020B4 (left side) go to where it says "[...TSST etc etc" it starts at 5B00
*Highlight from 5B00 to 03A0 (so it might look like 5B00...03A0 so everything from and including 5B00 and 03A0 will be highlighted) and type (because copy and pasting it will not work unless on one line unless you copy it to notepad then take away word wrap then go to the start of the second line and press backspace - soo all the numbers are one big line) type this exactly as follows:

1F0000005042445320202020564144363033382D36343933304320202020202020202020000000000000000000000000000000000000160003A0

*After this save it as hacked.bin (or whatever you want) and flash it to the Sammy....all done

Tutorial with pics coming soon...might have a play around with fw toolbox and see if I can get it to support the 64930C firmwares

cheers guys, good work to everyone that is working/worked with the BenQ drives

gigabite

[Geremia]

i personally think that xboxhackers does not need any tutorials about "copy and i dont' know how to paste"

[safety]

And like a lot people with high ranks complain about people saying they "hack a drive with xyz fw"..
IF someone says this, high rank guys say:
"You only apply the hack".

So, they are not xboxhackers.
Just hack applyers.
No problem i see with a post how to copy those sections..
Only if You think they are hackers..

[radsy]

just recieved benQ xbox 360 from australia. latest one, key was at @C060.

this confirms key can be anywhere in the area.



http://rapidshare.com/files/55743799/screenshot.jpg

[oc]

just recieved benQ xbox 360 from australia. latest one, key was at @C060.

this confirms key can be anywhere in the area.

Wasn't key should be

if you see a structure something like this:

7F FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FA

Then your key should start after 'FA' at A030.

How about key at start 0xC030:            953A 46EC ....57FE ?