Project to dump the new BenQ drive - VAD6038

[MODFREAKz]

Is there any tutorial on how to dump the firmware and get the right key out of it, that i can spoof my hitachi or samsung to be a benq ?
@Team MODREAKZ
My drive is from June 2007 firmware 64930C
If you could tell me how to dump ... I could send you my dump then ...Would you be able to tell me the key then
I WANT TO START MY XBOX ELITE 

try to write a howto tutorial this weekend, so please wait!!

[zoogderrick2]

i just cracked open my BenQ VAD6038 drive and it looks a little different from the other photos. The drive was made in June 2007.



If anyone could confirm the 3.3v trace cut points on this board, I would appreciate it, I found where pin1 was in the upper right hand corner but its covered with glue and it looks like there is a chip soldered on it.

[caster420]

That is the way it is supposed to look, as the photo above has the flash desoldered. The trace you are looking for is on the backside of the board.  Compare it to the pic TMF posted above and you'll see it.

I would recommend waiting until TMF posts a tutorial or fully tested diagram.

Caster.

[zoogderrick2]

That is the way it is supposed to look, as the photo above has the flash desoldered. The trace you are looking for is on the backside of the board.  Compare it to the pic TMF posted above and you'll see it.

I would recommend waiting until TMF posts a tutorial or fully tested diagram.

Caster.

Thanks for you help i found it, but i just wanted to confirm you cut this (yellow) trace.

[MODFREAKz]

if you can not wait then look here!

method #1 *fixed*



method #2 is more difficult

[xry]

Method 1 seems easy enough, but do I need to remove any glue?
I have a 18w soldering iron, but I got really mad the other day and broke the tip, so I have to see if I can buy a better soldering station this week.

And, TMF, my drive is from June 07, do you have a firmware I can compare it to? Because I need to find the key, so I can inject it to an Samsung while waiting for the new firmware. Spoofing should be safe, or?

[caster420]

There shouldnt be any glue on the back of the board for method #1.  Method #2 will require removing epoxy/resin on most retail drives. 

If you can dump your drive, your key will be easily found. 

Also, i can confirm that this works, as mine functions properly after the revision to Method #1.  However, i could not get it to dump in dos like TMF recommended.  I ended up dumping it in windows and it worked like a charm.  I will post details of my method with pics soon.

Caster.

[xry]

Okey, did you scratch the trace first? Or did you just solder directly on the board?

[MODFREAKz]

Okey, did you scratch the trace first? Or did you just solder directly on the board?

if you have no soldering skills, try to solder on old or broken parts first!!

and look at this pdf file, it will answer all your questions.
http://www.chilliflash.com/stepbystep.zip

[xry]

I have, it's just, I've never tried traces before.
I've done Wii consoles and my own PS2, but haven't tried traces yet

[NEO_X]

modfreaksz this is nice you also have a pic with the switch installed

[caster420]

modfreaksz this is nice you also have a pic with the switch installed

Here is what mine looked like prior to the additional cut trace being added.



Caster.

[MODFREAKz]

ok the Tutorial is completed.

will upload and release it tonight.


Good luck!!

[NEO_X]

hmm this doesnt make really something clear for me can you make a picture of the whole board

[caster420]

hmm this doesnt make really something clear for me can you make a picture of the whole board

Just wait for TMF's tutorial.  I'm sure he'll have more detailed information that you may be looking for.

Caster.

[radsy]

my key was at @B030.   

[xry]

We really have to find out why the key is spread all over the place.
Anybody have suggestions? Different firmware versions?

[MODFREAKz]

firmware 64930C (July 2007) is very new and not supported by maximus ToolBox
the key is stored @E030
now there are three dumps with different key offsets
@B040
@C020
@E030

ops typing error again!

known key offsets atm:
@B030  //64930C firmware
@E030  //64930C firmware
@C020  //62430C firmware

here you can download four different retail dumps.

[NEO_X]

modfreaks when  do you post some pics 

[Ma_junior]

Hi, I have a Benq of the 07/2007 with Flash MX25L2005 and he does not come recognized give DosFLASH, the program recognizes the drive but not the flash. I have used the trick brought back on method 1. How I can make in order to find the flash of the my Benq?