LinkBack URL
About LinkBacks
Reply With QuoteI'd expect a tut soon considering C4eva has been discussing this new LT + protection against the new checks.
Xbox 360 Slim Hacking Anyone had a play yet?
Tarablinda was released by Germia a few days back, its possible to swap over the old liteon driveboards to the new drive and flash it with iextreme lt.
No specific slim firmware has been released yet though.
I still havnt gotten around to it yet, feeling a bit lazyGeremia's Slim 360 DVD Proof of Concept Hack: Tarablinda v0.4b
>> Geremia has been working on the 360 Slim DVD drive (LiteOn DG16D4S) for some time now and made a lot of progress already. He released his latest version of Tarablinda - a collection of hacks and tricks which he discovered during hw and fw exploration (allows to extract dvdkey and more and since this last version even an experimental way to dump the whole FW):
Note that is is just a proof of concept and that there is no hacked FW for the DG16D4S (yet). Also note it might not work (yet) with newer versions of the DG16D4S FW. Use at own risk!I had no time, no will and no more than 2 drive to test, and i'm not willing to support it too much, it's just a proof of concept.
It can contain bugs and it's not an idiot proof app.
I spent 2 months of spare night-time on this, from decapping to fullrawdump, passing by descrambling fw, reversing fw, bruteforcing, finding usefull cdb commands, bugs and tricks. This is the result, not the beginning of something else.
Since it's my hobby, i'm free to do what i like, just enjoy it or hate it, i dont' care
Slim liteon is well detectable and also lockable to a permanent read-only SPI flash, it's just a matter of MS to push the red button.
Tarablinda v0.4b
Usage : Tarablinda [SATA PORT] [dump|erase|rewrite] [file to flash]
Example: Tarablinda E480 dump
Example: Tarablinda E480 rewrite newfw.bin
Special: Tarablinda E480 dump full
Experimental risky fulldump
Tarablinda is a collection of hacks and tricks which i discovered during hw and fw exploration.
It's only a proof of concept, I take no responsibility for any damage it may causes.
I've checked on Via controller (with drivers removed) and Intel ICH7 several time, against 2 different drives with same FW revision.
There could be different FW revision out here, it could not work for several reasons.
dump:
it dumps the dvdkey and checks it with MS drive auth protocol,
like the console does everytime you poweron, so it's good for sure.
It's not a destructive/invasive dump.
It dumps also serials (1FFE0 area)
It also dumps the whole dvdkeyarea, included the latest 0x10 bytes of such area, which are unique per drive too.
It also dumps sectors 3Dxxx 3Exxx
Dummy.bin is nothing else than a blank file with dvdkeyarea, 3D000-3EFFF and serials in place, not jf compatible.
//////////experimental-risky//////////////////
dump full:
Like above, then checks if 3D-3E sectors are the known ones, rewrites 3E with patched code to make the fw send us the full dump.
It's a little risky cause we can't know for sure if the dumped 3D-3E sectors are really that sector numbers.
Since scrambling the same data at different addrress results in different scrambled data, we can be quite sure.
But again, this is beta software and consider you are risking on your own, it's your choice.
Erase and Rewrite(which is an erase+write) are mainly for studying purpose
Unless you have a full dump of your drive, erase and rewrite are not recommended for the most
I'd expect a tut soon considering C4eva has been discussing this new LT + protection against the new checks.
__________________
Don't expect any tuts for a while as we have decided not to spoon-feed ppl this time for a number of reasons, Sorry. When I get around to it and after LT+ is out then I will do a tu (maybe I'l post it here exclusively 1st instead of spamming it worldwide on XS)Originally Posted by A7MAD
Brgds/Dan
Who's we? You come across like you're part of Team Jungle or something, well are you?
What's the odds someone pulls another Iriez with this?
__________________
i just lol'd........
Someones had too much red cordial.
I found it difficult to believe a poster who made an account in 2009 and probably never posted until today or a day ago (and began advertising his site) comes here trying to pass off like one of the top scene gurus...
If he is, the more power to him, but he doesn't sell it well.
__________________
No I'm not a member of TeamJungle. I/we(AGM) participate in development and have contributed to some major 'developments' (don't ask for specifics as we don't want to incur anymore wrath from large corporations than we already receive) Suffice to say that our tech is behind a couple of products that are being sold by larger 'modding' corporations and lots of other stuff in the realm of 360 modding eg; JTAG, Drive FW we have sponsored and developed one of the biggest JTAG apps and lots more...
As for the 2009 thing, Yes I only signed-up for this site in 2009 (I can't remember what for) and have only decided to support this site in response to an email from admin asking for ppl to do just that (And the fact it's Aussy) We have been around a lot longer and only formalised a name/website about 3 years ago in response to the poor standard of modders in our area (SA) and product/service availability in Australia in general (Although the latter has improved in the last year or so)
So here I am trying to support the Aussy end of the scene. We played with the Idea of starting a 'full-blown' Aussy 360 or Console hacking website but decided against it because I'm a lazy lazy man(Just kidding, I'm only slightly lazy, but I know I would be the one doing all the work) and it's a huge amount of work involved in such an endeavor for little benefit as much of the info would just be being mirrored. Supporting the 360 end of things here(at Austech) is a better Idea. Had I remembered it earlier, we would have had more involvement by now.
Brgds/Dan
Last edited by Danthaman; 22-11-10 at 03:11 PM.
Sounds interesting !
Interesting, not long til LT+ comes out anyway for phat xbox's, should come out between 1-2weeks, slim = later. Hopefully won't be to long.
hope it's gonna be easy to mod the slims
you don't want it too easy.
I was asking C4eva only about 28 hours ago, but he never answered the question.
I asked twice wording myself differently but rightly so he remained silent on that matter (manner in flashing slims).
__________________
LT Plus released
hXXp://www.mediafire.com/?hgrqhve5ohk6vd9
From the NFO:
Official release of C4E's iXtreme LT+
- Supports Benq and Liteon Drives (74850, 83850V1, 83850V2, 93450)
- Optimized PFI code to accommodate AP25 SS data
- Defeats current AP25 protection
- Protects console from logging AP25 violation
- Full disc stealth used by default
- Waveless booting, disc images are assumed to be correct!
- Split-Vid used as default
If booting an AP25 title without AP25 SS game will not boot but will still be protected from logging AP25 violation on current dash 2.0.12611.0
If LT+ encounters an unknown AP25 challenge, game will not boot but console will still be protected from logging AP25 violation on current dash 2.0.12611.0
AP25 SS are region specific for region locked games (Current Example NFS: Hot Pursuit is both PAL and NTSC – 2 different AP25 Patches)
If you boot the AP25 titles without LT+ you will probably be flagged for a ban.
You cannot spoof a different model drive as that can now be detected. With this release of LT+ you HAVE to have an original Benq or Liteon.
LT+ for slim 9504 is next followed by LT+ for slim 0225
Thanks go to Team Jungle for their hard work and efforts in the development process.
Thanks go to Team Xecuter for their generous support and input to this project.
You can download the current batch of AP25 Patches from hXXp://www.team-xecuter.com/forums/showthread.php?t=58118
Mgoldbe1 (24-11-10)
yep definitely need the original drive ,tried it with a xbox the originally came with a liteon the replacement benq does not work as it gives you a black screen
I've had a 360 DVD drive fail to which I switched the drives, I went ahead and instead of spoofing all I ever did was write the dvd key to the other drive (LT 1.1) and got no error messages on that 360, all games booted and ironically even Fable 3 boots and plays 'til this day with the beta 12416 dash.
Now this was for my nephews banned 360, I'll be picking up his 360 after he gets home from school and testing it out but has anyone considered trying this method?
__________________
Well I flashed my nephews 360 with LT+ on a BenQ drive which is not the original drive...
Fable 3 has booted
Backing up Assassins Creed: Brotherhood as I type this to test.
He is currently using the 2.0.12416.0 dashboard (beta Kinect).
Will update this post with findings from AC:B.
__________________
I understand not being able to spoof different brands but what about different models of Liteon's? ie replace a 934 with a 748.
Yes you can do that because the drives are physically the same down to the last resistor.
Only difference is the firmware on them.
Just make sure if you have a 934 drive, you load the 934 firmware on it.
Do not load 748 firmware on a 934 and vice versa.
smithster (24-11-10)
Well I can confirm that my nephews banned XBOX 360 with 2.0.12416.0 dashboard is now running Fable 3 and Assassins Creed: Brotherhood with a non original BenQ drive.
__________________
Yeah apparently they took-out the OSIG to make all the RROD repairs easier, but now it's been re-integrated (as an online check as I recall - don't quote me on that as I"m just going off the top of my head)
Wish there was a good way to rip AP 2.5 especially as they drag their heals on PAL releases.
Modding slims at the moment is quite do-able but there's an obvious lack of FW. The other thing that sux is the real-time FW memory-check incorporated into slim's architecture that I keep hearing about.. I wonder how C4eva will get around it, if it is indeed as it sounds...... Might take a while ? U never know, I thought LT+ would be another week so there you go ....
Last edited by Danthaman; 27-11-10 at 05:37 AM. Reason: Im a tool who carnt spell
Posting Permissions
Bookmarks