Project to dump the new BenQ drive - VAD6038

[radsy]

no your wrong , in the key area it is not always directly after the


00112233445566778899AABBCCDDEEFA



that signifies the key area. after the FA is the start of the key area but before the bunch of
 
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF



is where your key is , and this one went to @C060
i  tested in a samsung, my first guess was @C060 and i was correct .

[thetig]

I just want to thank Radsy for building the firmware for my ms25 for me.
Works flawlessly, can't thank you enough buddy.
All the best,
 ;DTig.

[gigabite]

Everyone here take a look at this: http://www.xboxhacker.net/index.php?PHPSESSID=40cf96071a65f1d62adcc7f9f7439a01&topic=8546.0

Hitachi package coming soon...more BETA testers needed PM me

gigabite

[bunghoolio]

no your wrong , in the key area it is not always directly after the


00112233445566778899AABBCCDDEEFA



that signifies the key area. after the FA is the start of the key area but before the bunch of
 
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF



is where your key is , and this one went to @C060
i  tested in a samsung, my first guess was @C060 and i was correct .

What was the ROM version for that benq with key at c060?
What was the result for the usual key place after FA? (c030)

[radsy]

@C060 the rom version or spoof info is :



...        PBDS    VAD6038-64930C                  ....................................x.x...x.......................................? .....2....PBDS    VAD6038-64930C          .......................................


i dont know if a new version of toolbox can be made for the benQ drives because so much inconsistency at where the key is at.

[radsy]

here is a link to the firmware . the key i wiped out with

0000000000000000000000000000000


http://rapidshare.com/files/56050946/key__C060.BIN

[oc]

 
Is this a possibility contain 4 sets of key in same DVD drive?

[oc]

Sorry for the dubble post.
I have tryed many times today to post but not success.

I have spoof one Qanq drive to MS28 and success, it now works on a per- MS28 MOBO and read original 360 games.

[mattrix]

Sorry for the dubble post.
I have tryed many times today to post but not success.

I have spoof one Qanq drive to MS28 and success, it now works on a per- MS28 MOBO and read original 360 games.

Hallo oc,i want to ask you about my ms25.i spoof my benq to ms25,but can't play the original,backup no problems.and i buy the new drive hitachi ver.i spoof my benq to hitachi success.backup and original work perfectly.what's the problems??

[caster420]

no your wrong , in the key area it is not always directly after the

Yes but what i posted is the correct key area and will help people in determining where their key is instead of just going to A030 and using the random bytes that may be there, then trying the next one, etc...  My info was based off of the 4 different dumps that i had, which were all at the first key location in that region and thus, my conclusion.

Caster.

[Grim187]

sup guys, I'm having a lot of trouble dumping this benq, after trying to dump it all day yesterday with both of my computers i was finally able to get it to 3x but there all messed up, the onboard via chipset i have doesn't even register in dosflash and only 2 out of 4 ports on my new computer (amd chipset) register which is where i was able to get the dump from but it must have been a fluke because i cant get it to register the flash again, i posted over on xbox scene but i haven't gotten any help yet if someone would take a look and tell me what I'm doing wrong or what chipset i should be looking for i would be grateful.
http://forums.xbox-scene.com/index.php?showtopic=621919

[oxonater]

Hi there what firmware version is yours i had no problem using dosflash 1.2 in real dos mode booting from floppy disk. I would say check the tracks again cut them a bit deeper and wider like someone else posted seems to do the trick. Also check either side of the tracks where the wire is soldered with a multimeter check for Continuity (Beep) as this can tell whether the tracks are cut properly.

via 6421 sata raid card
no switch just touch wires together.

[idog]

no your wrong , in the key area it is not always directly after the

Yes but what i posted is the correct key area and will help people in determining where their key is instead of just going to A030 and using the random bytes that may be there, then trying the next one, etc...  My info was based off of the 4 different dumps that i had, which were all at the first key location in that region and thus, my conclusion.

Caster.

Maybe to interest of someone. I'm building a webpage (java servlet) where you can upload your benq firmware. It will tell you where the key is at and show it. That part already works actually. Have got a few firmwares tested and even the C060 works

next up, getting the spoofinformation and creating a custom MS25/MS28 xtreme 5.3D/iXtreme 1.2revC firmware from your submitted firmware. If only I get this stuff working before the Benq iXtreme comes out

[Grim187]

Hi there what firmware version is yours i had no problem using dosflash 1.2 in real dos mode booting from floppy disk. I would say check the tracks again cut them a bit deeper and wider like someone else posted seems to do the trick. Also check either side of the tracks where the wire is soldered with a multimeter check for Continuity (Beep) as this can tell whether the tracks are cut properly.

via 6421 sata raid card
no switch just touch wires together.

fw: 62430CR

there cut pretty far apart, i would say about 1/8th an inch possibly more, the wires are connected good, I'm sure of that, ill try the multimeter

edit:
here's a pic:

i got 0 at 200ohms and 2000K, no beeps.

[idog]

Update

Damn.. the hex values mess up the message... so, an image it is :



edit : forget to blank out an existing key

[oc]

I can proof RADSY was right. I dump a Banq FW, from A030 has 2 set of keys, and working key is the second set at A040 that just before FFFFFFFF.

mattrix: I changed Banq key to a MS 28 key, and spoof to MS28 (not the other way round), and Banq works on the Per-MS28 motherboard. Of couse it still running on original Banq FW not HACKED FW, so it still only read original 360 game. Your MS25 's problem I think is in your Xtreme FW, because other people seems no have this kind of thing.

[idog]

Hi there what firmware version is yours i had no problem using dosflash 1.2 in real dos mode booting from floppy disk. I would say check the tracks again cut them a bit deeper and wider like someone else posted seems to do the trick. Also check either side of the tracks where the wire is soldered with a multimeter check for Continuity (Beep) as this can tell whether the tracks are cut properly.

via 6421 sata raid card
no switch just touch wires together.

fw: 62430CR

there cut pretty far apart, i would say about 1/8th an inch possibly more, the wires are connected good, I'm sure of that, ill try the multimeter

edit:
here's a pic:

i got 0 at 200ohms and 2000K, no beeps.

I cut it even wider (the dark green bars with my Benq is what I cut too..)

[idog]

I can proof RADSY was right. I dump a Banq FW, from A030 has 2 set of keys, and working key is the second set at A040 that just before FFFFFFFF.

mattrix: I changed Banq key to a MS 28 key, and spoof to MS28 (not the other way round), and Banq works on the Per-MS28 motherboard. Of couse it still running on original Banq FW not HACKED FW, so it still only read original 360 game. Your MS25 's problem I think is in your Xtreme FW, because other people seems no have this kind of thing.

Can you send me your firmware. Would love to run it through my program (see above )

[Grim187]

Hi there what firmware version is yours i had no problem using dosflash 1.2 in real dos mode booting from floppy disk. I would say check the tracks again cut them a bit deeper and wider like someone else posted seems to do the trick. Also check either side of the tracks where the wire is soldered with a multimeter check for Continuity (Beep) as this can tell whether the tracks are cut properly.

via 6421 sata raid card
no switch just touch wires together.

fw: 62430CR

there cut pretty far apart, i would say about 1/8th an inch possibly more, the wires are connected good, I'm sure of that, ill try the multimeter

edit:
here's a pic:

i got 0 at 200ohms and 2000K, no beeps.

I cut it even wider (the dark green bars with my Benq is what I cut too..)

so should i just lift them?, isent the 0ohms a sign?

[idog]

Hi there what firmware version is yours i had no problem using dosflash 1.2 in real dos mode booting from floppy disk. I would say check the tracks again cut them a bit deeper and wider like someone else posted seems to do the trick. Also check either side of the tracks where the wire is soldered with a multimeter check for Continuity (Beep) as this can tell whether the tracks are cut properly.

via 6421 sata raid card
no switch just touch wires together.

fw: 62430CR

there cut pretty far apart, i would say about 1/8th an inch possibly more, the wires are connected good, I'm sure of that, ill try the multimeter

edit:
here's a pic:

i got 0 at 200ohms and 2000K, no beeps.

I cut it even wider (the dark green bars with my Benq is what I cut too..)

so should i just lift them?, isent the 0ohms a sign?

0ohms means the wires connect fine. No guarantee there is absolutely no connection between the cut traces.
I'm just telling what worked for me. Cut wide and deep. Once I did that I could read my benq first try..