|
TheSpecialist
|
 |
« Reply #160 on: May 10, 2006, 09:25:46 PM » |
|
@ John: A normal dvd-rom starts at PSN $30000. The xbox1 partition starts at PSN $60600. That's why you have to insert the filler bytes: to make the game partition start at $60600. So the correct calculation is: ($60600-$30000) * $800 bytes per sector = $18300000 = 405798912 bytes to insert at byte 0 of your iso.
After you have burned the disc, there are 3 things to verify:
1. Did it burn with bitsetting DVD-ROM ?(check with dvdinfopro for example)
2. Does the game partition really start at $60600 ? To check this, read LBA sector $30620 (with dvdinfopro again), it should start with "MICROSOFT*XBOX*MEDIA”
3. Did the SS burn to the correct sector ? Again verify with dvdinfopro for example
Hope that helps.
|
|
|
|
« Last Edit: May 10, 2006, 10:01:42 PM by TheSpecialist »
|
Logged
|
|
|
|
|
dom0012
|
|
« Reply #161 on: May 10, 2006, 11:55:13 PM » |
|
Bluecops method is the fastest and easiest agreed  some tips for people not getting it to work, follow the method above and remember to : 1. use the 8080.bin to get the ss (not the hacked firmware) 2. set booktype to dvdrom 3. use dual layer +r (ridata is what i used) 4. when using isobuster put retry's to 1!!!! (it took 14 hours when i did it without this step lol) The problem i had at first is my games ss was totally wrong cuz i missed the part where you use the 8080.bin to retrieve the security sector off the game disc. I hope this helps some people out there... |
|
|
|
|
Logged
|
|
|
|
|
uberfry
|
|
« Reply #162 on: May 11, 2006, 01:36:29 AM » |
|
I don't know if this has been spoken about...but I analysed the b800 fw...compared it with the original fw and in the b800 fw there is a code segment at $fda0
I noticed that it is never actually called/jumped to. $fd9f has is 22 (which returns from a call) so no way it is really actually called.
So I tried modifying the hacked fw to unlock (with $78A2 patched I think; don't have them here...)
Is $fda0 in the b800 fw really needed?
|
|
|
|
|
Logged
|
|
|
|
|
uberfry
|
|
« Reply #163 on: May 11, 2006, 07:28:38 AM » |
|
ok now i messed something up... SS fw ($72A8): 00746400E40000D3788CE6946418E6940600007608087600 original ($72A8): F07464F0E4F0F0D3788CE6946418E6940640057606087664 and also, in the SS fw you have at fda0: 7E2A7F0012A801EFB4D11D7E2D7F0012A801EFB401127E2
D7F0112A801EFB41707000000000000007E2A7F0012A801EF64EA
601B7DEA7E2A7F0012A7BF7D007E2A7F0112A7BF7D007E2A7F02
12A7BF7E2A7F0112A801EFF97E2A7F0212A801EFFA908003F0E9A
3F07E007F001279A4E9240470010AF99080037407F0A374BDF0E9
FD7E2A7F0112A7BFEAFD7E2A7F0202A7BF I thought - ok, replace that in the hacked fw (without $fda0), it wouldn't work then I tried putting the data from the SS fw ($fda0) onto the hacked fw, moving the previously stored code to $fe40, then modifying $8FFE from "fda0" to "fe40" Now it's not showing any sign of life anymore ^_^ Can someone tell me where the checksum is stored please? |
|
|
|
|
Logged
|
|
|
|
|
BlueCop
|
|
« Reply #164 on: May 11, 2006, 08:17:27 AM » |
|
uberfry: you didn't patch the locations that call Xfe1d and Xfe09 since you moved code being called. you need to patch the following fe09 and fe0d values to their new location. lcall Xfe09 ; c24e 12 fe 09
lcall Xfe1d ; c26d 12 fe 1d
lcall Xfe1d ; c7d0 12 fe 1d
lcall Xfe1d ; d26e 12 fe 1d
lcall Xfe09 ; d3e3 12 fe 09
lcall Xfe1d ; d41c 12 fe 1d
also the checksum calculation is trigger by a debug command. the patched locations 7C40 and 7C43 set the returned value to a constant(147E). at least i think thats whats happening. It is weird that the F9A0 is never called in the SS dumping firmware. have you tried 00ing out this code and then trying to dump your SS? i would like to see if that works. i would try but my drive is broken. |
|
|
|
« Last Edit: May 11, 2006, 08:27:04 AM by BlueCop »
|
Logged
|
|
|
|
|
Master-Chief
|
|
« Reply #165 on: May 11, 2006, 09:19:56 AM » |
|
Ok, after doing the concantened (spelling?) partition trick, I burned the disc and it doesn't even detect a disc in the drive. Before when I did it wrong it at least said unknown. Any ideas? I'm going to try reflashing the drive again.
|
|
|
|
|
Logged
|
|
|
|
|
blakcat
|
|
« Reply #166 on: May 11, 2006, 11:34:40 AM » |
|
this is for textbook,
i'm like you in Attempt 5 point:
Burn the concatenated image . Throw it in my Xbox and it starts playing the Video which tells me to put the disc in the Xbox.
i've used pioner110 and i think it has automatic bitsetting.
any idea?
thx.
|
|
|
|
|
Logged
|
|
|
|
|
uberfry
|
|
« Reply #167 on: May 11, 2006, 12:02:32 PM » |
|
haha drive is f***ed now ^_^ gotta reflash the eprom externally now lol ohwell, was worth a try  |
|
|
|
|
Logged
|
|
|
|
Textbook
Member
Posts: 46
Future Hacker
|
|
« Reply #168 on: May 11, 2006, 01:21:11 PM » |
|
this is for textbook,
i'm like you in Attempt 5 point:
Burn the concatenated image . Throw it in my Xbox and it starts playing the Video which tells me to put the disc in the Xbox.
i've used pioner110 and i think it has automatic bitsetting.
any idea?
thx.
Double/Triple Check to make sure you flashed the hacked firmware back to the drive. If you did it correctly, it will show VIDEO_TS with original firmware or an unhacked drive. Flash the hacked firmware back to the drive and try again. My discs (which I found were correct) showed up as VIDEO_TS without hacked firmware then played fine with hacked firmware. |
|
|
|
|
Logged
|
|
|
|
|
blakcat
|
|
« Reply #169 on: May 11, 2006, 04:57:12 PM » |
|
thx textbook my mistake was to forget reflashing my samsung  works perfectly now. thanks to everyone |
|
|
|
|
Logged
|
|
|
|
|
Master-Chief
|
|
« Reply #170 on: May 11, 2006, 05:13:17 PM » |
|
Well, my 3rd burn didn't work. I'm burning a 4th one now and hopefully I've done everything correct. I think my problem was the Booktype. It wasn't set to DVD-ROM. Now it is (I used imgburn). Hopefully this burn will be successful. My first burn was the hotswap, but I thought that the DVD Drive crapped out on me because it finished quickly after it hit 71%. I burned a 2nd copy after that with no modifications just to see if it would do it again. I burned a third copy with the Arakon Package method.. now the disc doesn't get recognized. I set the booktype to DVD-ROM now and the fourth copy is burning. Hopefully this will work!  |
|
|
|
|
Logged
|
|
|
|
|
Master-Chief
|
|
« Reply #171 on: May 11, 2006, 07:19:49 PM » |
|
Well, I get the same result... no disc is detected. It seems as if I'm doing everything right. I dumped it, had blank.iso, game.iso, the IMAGE.dvd (all these came with Arakon's package) and it made an IMAGE.000. I burned the IMAGE.000 using the IMAGE.dvd and it doesn't work. And yes, the IMAGE.dvd has the IMAGE.000 line in it.
|
|
|
|
|
Logged
|
|
|
|
|
BlueCop
|
|
« Reply #172 on: May 11, 2006, 08:29:55 PM » |
|
haha drive is f***ed now ^_^ gotta reflash the eprom externally now lol ohwell, was worth a try i think mtkflash in dos should be able to flash this drive even if the flash is currupt. My computer hangs at detecting IDE devices now after my drive was misflashed (contains incomplete or incorrect firmware). How can I fix the drive if I cannot get into DOS? Your computer isn't sure what it sees when looking at your misflashed drive, you'll need to either disable the IDE channel that the drive is connected to in BIOS Setup or you can unplug the drive's power connection until you're at the command line in DOS at which point you may re-connect the drive's power and flash the drive. Some people recommend attaching a working drive in the place of the misflashed drive while your computer boots, but this step adds unnecessary risk. Hot-plugging IDE devices is not a good idea, except in this case where your drive is already dead. Mtkflash only needs the drive to be plugged in properly at a known location to recover it. quote from http://dhc014.rpc1.org/howto.htm . the link also has several versions of mtkflash for dos. |
|
|
|
|
Logged
|
|
|
|
|
dom0012
|
|
« Reply #173 on: May 11, 2006, 09:03:46 PM » |
|
Well, I get the same result... no disc is detected. It seems as if I'm doing everything right. I dumped it, had blank.iso, game.iso, the IMAGE.dvd (all these came with Arakon's package) and it made an IMAGE.000. I burned the IMAGE.000 using the IMAGE.dvd and it doesn't work. And yes, the IMAGE.dvd has the IMAGE.000 line in it.
your really making this more complicated then it has to be, follow bluecops tutorial and use bluecops package damnit! |
|
|
|
|
Logged
|
|
|
|
|
Interloper
|
|
« Reply #174 on: May 11, 2006, 09:53:52 PM » |
|
I tried reflashing a failed fw from dos.. No go here
|
|
|
|
|
Logged
|
My hand writing is too bad for a signature.
|
|
|
|
BlueCop
|
|
« Reply #175 on: May 11, 2006, 10:12:15 PM » |
|
I tried reflashing a failed fw from dos.. No go here
what version did you attempt? Secondary Slave seems to be the position that works best. Also remember that the xbox drive always want to be slave. try "MTKFLASH 4 W /B /M firmware.bin" with version each version on the site. i would start with 1.55 and move up. did you try disabling these the channel the currupted drive is on in the bios? i would do that as well. |
|
|
|
« Last Edit: May 11, 2006, 10:14:14 PM by BlueCop »
|
Logged
|
|
|
|
|
gerzand
|
|
« Reply #176 on: May 12, 2006, 10:42:13 AM » |
|
I followed Bluecops method using the Xbox 605B with the 605b0800 Firmware to rip Halo2 and to obtain the SS.bin. However,with both my PC and 605B drives, I still get "missing data" error in cloneCD which I then select the "replace with dummy data" option. Is this normal for the both PC drives and the 605b to throw this error? Also, when the cloneCD raw dump finishes, it tells me there was an error, and asks if I would i like to keep the files. I havent seen this error mentioned in Bluecop's or Arakon's tutorials. Is this also normal? Thanks to anyone who can help.
-Gerzand-
|
|
|
|
|
Logged
|
|
|
|
|
uberfry
|
|
« Reply #177 on: May 12, 2006, 12:44:43 PM » |
|
I tried reflashing a failed fw from dos.. No go here
what version did you attempt? Secondary Slave seems to be the position that works best. Also remember that the xbox drive always want to be slave. try "MTKFLASH 4 W /B /M firmware.bin" with version each version on the site. i would start with 1.55 and move up. did you try disabling these the channel the currupted drive is on in the bios? i would do that as well. takes a long time to start, then it shows an error, saying that the secondary slave is not in working condition think i'll make me a lpt programmer for the eprom |
|
|
|
|
Logged
|
|
|
|
|
Interloper
|
|
« Reply #178 on: May 12, 2006, 02:21:10 PM » |
|
I tried reflashing a failed fw from dos.. No go here
what version did you attempt? Secondary Slave seems to be the position that works best. Also remember that the xbox drive always want to be slave. try "MTKFLASH 4 W /B /M firmware.bin" with version each version on the site. i would start with 1.55 and move up. did you try disabling these the channel the currupted drive is on in the bios? i would do that as well. Latest version. used same syntax. did disable. no jala. Right after executing the command, the 'MTKflash ver blah by blah' stays there.. at least for a few hours. |
|
|
|
|
Logged
|
My hand writing is too bad for a signature.
|
|
|
|
dom0012
|
|
« Reply #179 on: May 12, 2006, 03:52:08 PM » |
|
I followed Bluecops method using the Xbox 605B with the 605b0800 Firmware to rip Halo2 and to obtain the SS.bin. However,with both my PC and 605B drives, I still get "missing data" error in cloneCD which I then select the "replace with dummy data" option. Is this normal for the both PC drives and the 605b to throw this error? Also, when the cloneCD raw dump finishes, it tells me there was an error, and asks if I would i like to keep the files. I havent seen this error mentioned in Bluecop's or Arakon's tutorials. Is this also normal? Thanks to anyone who can help.
-Gerzand-
yes this is normal. there is unreadable sectors on the disc that you need to select "replace with dummy data" |
|
|
|
|
Logged
|
|
|
|
|
