InícioGeremia's Slim 360 DVD Hack
Página 1 de 1
Geremia's Slim 360 DVD Hack
por rfunari Sex 15 Out 2010 - 14:08
O hacker Geremia, está disponibilizando um pacote de ferramentas onde é possível explorar o novo drive do Xbox 360-S. Com esse pacote é possível extrair a área onde está a Key do drive, bem como outras chaves de controle. Não é um destrave propriamente dito, mas é a possibilidade de um spoof clássico, sem segurança e com possibilidade de desbloqueio de um Xbox 360-S. Segue texto em inglês com links para downloads.
>> Geremia has been working on the 360 Slim DVD drive (LiteOn DG16D4S) for some time now and made a lot of progress already. He released his latest version of Tarablinda - a collection of hacks and tricks which he discovered during hw and fw exploration (allows to extract dvdkey and more and since this last version even an experimental way to dump the whole FW):
had no time, no will and no more than 2 drive to test, and i'm not willing to support it too much, it's just a proof of concept. It can contain bugs and it's not an idiot proof app. I spent 2 months of spare night-time on this, from decapping to fullrawdump, passing by descrambling fw, reversing fw, bruteforcing, finding usefull cdb commands, bugs and tricks. This is the result, not the beginning of something else. Since it's my hobby, i'm free to do what i like, just enjoy it or hate it, i dont' care
Slim liteon is well detectable and also lockable to a permanent read-only SPI flash, it's just a matter of MS to push the red button.
>> Geremia has been working on the 360 Slim DVD drive (LiteOn DG16D4S) for some time now and made a lot of progress already. He released his latest version of Tarablinda - a collection of hacks and tricks which he discovered during hw and fw exploration (allows to extract dvdkey and more and since this last version even an experimental way to dump the whole FW):
had no time, no will and no more than 2 drive to test, and i'm not willing to support it too much, it's just a proof of concept. It can contain bugs and it's not an idiot proof app. I spent 2 months of spare night-time on this, from decapping to fullrawdump, passing by descrambling fw, reversing fw, bruteforcing, finding usefull cdb commands, bugs and tricks. This is the result, not the beginning of something else. Since it's my hobby, i'm free to do what i like, just enjoy it or hate it, i dont' care
Slim liteon is well detectable and also lockable to a permanent read-only SPI flash, it's just a matter of MS to push the red button. - Spoiler:
- Tarablinda v0.4b
Usage : Tarablinda [SATA PORT] [dump|erase|rewrite] [file to flash]
Example: Tarablinda E480 dump
Example: Tarablinda E480 rewrite newfw.bin
Special: Tarablinda E480 dump full
Experimental risky fulldump
Tarablinda is a collection of hacks and tricks which i discovered during hw and fw exploration.
It's only a proof of concept, I take no responsibility for any damage it may causes.
I've checked on Via controller (with drivers removed) and Intel ICH7 several time, against 2 different drives with same FW revision.
There could be different FW revision out here, it could not work for several reasons.
dump:
it dumps the dvdkey and checks it with MS drive auth protocol,
like the console does everytime you poweron, so it's good for sure.
It's not a destructive/invasive dump.
It dumps also serials (1FFE0 area)
It also dumps the whole dvdkeyarea, included the latest 0x10 bytes of such area, which are unique per drive too.
It also dumps sectors 3Dxxx 3Exxx
Dummy.bin is nothing else than a blank file with dvdkeyarea, 3D000-3EFFF and serials in place.
//////////experimental-risky//////////////////
dump full:
Like above, then checks if 3D-3E sectors are the known ones, rewrites 3E with patched code to make the fw
send us the full dump.
It's a little risky cause we can't know for sure if the dumped 3D-3E sectors are really that sector numbers.
Since scrambling the same data at different addrress results in different scrambled data, we can be quite sure.
But again, this is beta software and consider you are risking on your own, it's your choice.
Erase and Rewrite(which is an erase write) are mainly for studying purpose Unless you have a full dump of your drive, erase and rewrite are not recommended for the most
Special thanks to Kai Schtrom - Maximus - TeamModFreaks
As usual, use at your own risk
Geremia
Note that is is just a proof of concept and that there is no hacked FW for the DG16D4S (yet). Also note it might not work (yet) with newer versions of the DG16D4S FW. Use at own risk!
Download: http://www.megaupload.com/?d=40NWA8ZZ
Última edição por rfunari em Sex 15 Out 2010 - 21:31, editado 2 vez(es)
rfunari- Administrador
- Posts : 1921
Registrado : 26/06/2010
Idade : 43
Localização : Sorocaba/SP -
rfunari- Administrador
- Posts : 1921
Registrado : 26/06/2010
Idade : 43
Localização : Sorocaba/SP -
Tópicos semelhantes» Xbox 360 Slim de 4GB Substitui Atual Modelo Arcade
» Halo Heach, problemas com os novos slim arcade de 4gb
» Halo Heach, problemas com os novos slim arcade de 4gb
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos