Project to dump the new BenQ drive - VAD6038

[Maik315]

Thx to ivc! I will test it tomorrow!

Maik

[Logical1]

Being my first post on this forum, I hope to get a little leniency if I ask or state something a little elementary.  Here's what I’ve done.  I got an Xbox with a BenQ VAD6038 FW Ver. 64930C HW Ver. J-DA1A4 July 2007.  I have successfully followed the Team MODFREAKz VAD6038 Firmware Tutorial - Method 2. It seems that MS of BenQ are catching on to this trick... My drive was loaded with epoxy.  I had to carefully scrape it for a hot minute.  Using DosFlash 1.2 Beta and an Intel ICH8 SATA controller I got a good firmware dump... I think. According to Caster, the drive key should be at a000, b000, c000, etc... I am pretty sure that mine is at b030.... directly after the 00112233445566778899AABBCCDDEEFA at b020 and before before the FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF at b040.  I dumped it 4 times since some of you were getting inconsistent reads.  Mine was the same all 4 times.  What I’d like to ask you guys is what drive should I spoof? It seems to me that the Samsung MS25 is the most popular?  I still have to get the drive, just curious which one I should get... and if possible, get one that is already flashed since I have an Intel SATA controller (not Via).  From what I have read, depending on the drive, the flashing and key spoofing procedures are different.  Is this correct?  I have been studying this thread for a few days now and it blows my mind that you guys were able to figure all of this out.  I hope that wherever you are and whatever you do, you get PAID.  This thread has been a tremendous help.

Thanks again... Mike

[gigabite]

^^ Get a drive from eBay from gameconsolehk (whatever there name is) - buy the ms25 - what you will then have to do is download my package from #xbins on IRC on efnet - open one of the already hacked and correctly spoofed firmwares in firmware toolbox (you choose which hacked firmware you want to use), and paste your key into it and push replace key - now flash that firmware file to your ms25.....you won't find a drive that's already flashed because for the drive to work it needs to have your key and be correctly spoofed Oh and BTW the epoxy is normal

gigabite

[Double_L]

Hi, my 1st post & new member 2day, Id like to say the work done here for dumping the Benq drive amongst others is very impressive & thus you all need a good pat on the back, Except this is why i am here!

I have an elite (2Days Old) with said Benq drive, now i am not new to flashing 360 drives, ive done a lot with my trusty Via 6421 sata pci card, but my benq i simply can not get to dump, i always get MTK Vender failed, every time no matter what i do.  The Switch is correctly soldered, i have tried Dosflash V1 right up to V1.2 both Dos16 & Dos32 & i get said error every time.

Dos 16 freezes every time in auto mode, Manual mode i type: DOSFLASH R C700 1 A0 1 4 C:\FLASH.BIN  THIS GIVES SAID ERROR.

Am i missing something here?

Any advise would be greatly appreciated

[thetig]

I always get the vendor failed error unless i time switching on the drive and hitting return.
First make sure it is being detected and your getting the vendor failed error,
then type in dosflash with the drive off,
then power on and hit return, if you time it correctly it will work.
Should be about 1 sec between power on and hitting return .
This is how i get it to work, i hope it  helps.
All the best,
 :)Tig.

[Nasscar][]

Guys,

I've had problems using dosflash 1.2 in both dos and windows using the Via 6421 sata pci card. The 1 sec. trick my work but I believe in your best interest try another sata controller card.

note: i'm using the nvidia sata with much success. No corrupt dumps and worked the first time with dosflash 1.2.


Hope this helps.


Nas,

[Double_L]

Thanks for the advise ile give it another go, I only get the Vender error when in Dos16 & Manual read cmd, if i try auto it freezes my pc, i dont understand why!

If i try MTKFlash it picks up the drive straight away, but obviously i cant read the FW with that app but on the otherhand i know the 6421 card is doing its job.

[Double_L]

Still no joy, im going to try a new sata card, ile try the Nvidia sata like Nas mentioned. Fingers Crossed

[glaze83]

I still haven't come across one of these drives to test... actually thats not true. I came across a benq about 4 months ago, contacted garyopa and sent it to him under the condition I would have an ms28 with the benq's key returned to me when he dumped it---needless to say I'm still waiting.

In anycase, I'd really like for someone to try this method of dumping without soldering using a Via card.

1. connect drive to via sata

2. turn on 360

3. turn on pc

4. when at dos prompt turn off 360

5. type dosflash and hit enter on the keyboard as you hit power on the 360 (if you've done it right (as with ms28s) the drive will not make a noise as the laser moves---if you hear a noise, hit esc, turn off 360 and try again)

6. Does it show the correct device indentification? I would think it would

7. turn off 360

8. select correct port, hit R for read, type in the input file name orig.bin or whatever you want and hit enter,  it should sit there waiting as mtkflash does for the ms28---then you turn on the 360 and it should read.

Hope this works, or I've just spent a few minutes typin for nothing

[Raptaure]

Hello,
 
The firmware BenQ has has been to announce for the end of October (next bet has day xbox live).
 
Thank you

[Double_L]

yo Glaze ile try your method as i cant get other way to work & thus have nothing to lose 

Ile post results later this evening.

I hope it works

[Double_L]

yo Glaze ile try your method as i cant get other way to work & thus have nothing to lose 

Ile post results later this evening.

I hope it works

Update

Well that didnt work for me, i think my via card is a bit iffy, everytime i try automode "DOSFLASH"  my pc freezes!

new card should be here tomorrow so ile try again then! ( is there anyone localish to me that can do it? UK/Sussex )

[glaze83]

yo Glaze ile try your method as i cant get other way to work & thus have nothing to lose 

Ile post results later this evening.

I hope it works

Update

Well that didnt work for me, i think my via card is a bit iffy, everytime i try automode "DOSFLASH"  my pc freezes!

new card should be here tomorrow so ile try again then! ( is there anyone localish to me that can do it? UK/Sussex )

Keep me posted, and will someone else try this?

[gigabite]

glaze I don't think your method will work correctly mate (if it does it shouldn't and your just lucky) because to be able to correctly dump the flash, it needs to be put into recovery mode: how do you do this?? By cutting the power supply to it (the flash) so it goes into recovery mode, then to dump the flash it needs power so you flick the switch the other way and it gets power and you are able to dump the drive...

gigabite

*I should also note that it won't go into recovery mode without the power cut, which is what you need for the flash to be recognized to dump it - it's not like the Sammy's where they have a very short period where they are in "recover mode" state (so it can display code 70 to mr mtkflash)

[glaze83]

glaze I don't think your method will work correctly mate (if it does it shouldn't and your just lucky) because to be able to correctly dump the flash, it needs to be put into recovery mode: how do you do this?? By cutting the power supply to it (the flash) so it goes into recovery mode, then to dump the flash it needs power so you flick the switch the other way and it gets power and you are able to dump the drive...

gigabite

*I should also note that it won't go into recovery mode without the power cut, which is what you need for the flash to be recognized to dump it - it's not like the Sammy's where they have a very short period where they are in "recover mode" state (so it can display code 70 to mr mtkflash)

You have it all wrong man. We're doing exactly the same thing we do sammy---we cut power to the vcc so the drive thinks it boots with empty firmware and we return power to the drive to dump it.

Everyone talks of the via 10 second trick because it just so happens that the drive displays a status 70 10 seconds after it boots so its all down to timing.

If the computer accesses the flash before the firmware code runs then the drive will think the chip is blank.

Try this method with a sammy. When you turn it on the laser will move. If you time turning it on and hitting enter on mtkflash you wont hear $#!t---thats because the drive didn't initialize.

If you boot the sammy normally and try to dump the error msg you receive from mtkflash is status 51 . If you boot it at the same time as hitting enter on the mtkflash command the status error will be 80.

I may be totally off-base here as well, but you're definitely wrong about the recovery mode state of the sammy.

[DevlshOne]

Since this is a technical discussion, has anyone successfully created a power connector that can be hooked to the PC rather than dragging my 360 back and forth every time I want to dump or flash?  Is there one available commercially or a source for the ODD end of the connector? I'm willing to put some time into this as I have already done the BenQ controller cutting, dumping, received a new MS28 drive for spoofing and just ordered a VIA SATA card from Newegg.
Thanks to all for your great work.

[Redline99]

has anyone successfully created a power connector that can be hooked to the PC rather than dragging my 360 back and forth

Yes on both... Do some searches for posts by Seventhson, he talks about his setup and provides more detail at http://www.kev.nu/360/dvdshort.html

Also Team Xecuter has a product designed for the Hitachi, but also works for powering other models.
"Xecuter 360 Connectivity"

[gigabite]

Well glaze I can agree with you there...I tried "your" method a bunch of times even before you mentioned it and it just didn't work, and i've done sammy's many many times and have no trouble ever - technically code 70 is displayed STRAIGHT on power on not 10 seconds after (you do not need to wait 10 seconds, just power off then straight back on).... meanwhile I am assuming this is all to do with a VIA card (which is what i'm using here) which could make a difference - TMF did try this also and he couldn't get it to dump

gigabite

[Double_L]

I still cant dump the FW, But i worked out why my PC kept freezing!
Once i disabled my on board Sil raid in the bios i was able to run dosflash in auto mode, now i get the Vender error & correct port shows up but device 0x00 & Device ID 0x00, MTK Vender Failed errors, 

Is this a switch timing error?

1. i boot to dos
2. i type DOSFLASH
3. i power on the Drive
4. approx 1 sec later i flip the switch
5. hit return

Then i get the above errors, Am i doing something wrong?

Help im tairing my hair out trying to get this to work, Lol

Sammys no probs & Hitachis No Probs, so why is this any different?

[Ellex80]

keep your eyes on the traces .
i think there is the mistake.
cut deep and wide .