Print

[Toddler]

QUOTE(dharrison @ Nov 30 2009, 01:02 AM)

It wouldn't leave anyone in the dark, but the whole situation is about the method and information being released, which could potentially lead to Microsoft plugging up a hole in future designs (ie. JTAG exploit).

That's the game, and you play the hand you're dealt.  If the only alternatives are (1) release information publicly or (2) release information to a tiny cabal of professional modders, I'll vote for the first option and let the chips fall where they may.  There is no "scene" if information is not shared.  Otherwise, it essentially becomes a business.

It's not as if Microsoft would turn a blind eye to that scenario, either.  One can make the case that they'd be far more aggressive if they viewed "the scene" as a professional enterprise rather than just a bunch of one-off 360 hackers.

In fact, the most interesting piece of information to come out of all of this may be what Iriez himself revealed, that others have been making progress getting the drive key via another method.  If true, that would mean there is another hole to be exploited.  Why reveal that, other than to take a shot at Geremia?  Surely it would have been better to keep that information away from Microsoft.

This post has been edited by Toddler: Nov 30 2009, 08:30 AM

[stacker69]

QUOTE

any 3.3 source will work danthaman, if you don't like to lift pins then just cut the trace from the capacitor and rejoin it afterwards.
 

I just found my answer. Cool!

I have mixed emotions about the release of this info. It's like "Damned if you do and Damned if you don't". But surely this sort of info can't be kept hidden forever. Somewhere along the lines it has to be released at some point.

PS:
GOOD JOB TO ALL INVOLVED!!! AND A BIG THANK YOU!!!

This post has been edited by stacker69: Nov 30 2009, 08:23 AM

[slayer902]

good job by all involved.

but im gonna sit this one out and wait for a software solution, or at least something that doesn't require tampering with the controller chip lol.

[HotKnife420]

Does this method also work on older liteon drives? Then we could have a stock firmware on hand for older drives.

[stacker69]

QUOTE(HotKnife420 @ Nov 30 2009, 06:29 PM)

Does this method also work on older liteon drives? Then we could have a stock firmware on hand for older drives.

If it uses the same chip as the newer ones then it should.

[thugnasty101]

Great job to everone who made the discovery.

[green360]

good job super

[ZakMcRofl]

Iriez is just bitter because he can't turn the new drives into a pay-per-flash cash cow again.
Bad for his business, good for the scene.

Yes, this might lead to Lite-On changing the chip/hardware design but this costs money and takes time. And when we're talking about hardware exploits like this one, they are much more expensive to fix than patching a software exploit.

Besides, with the amount of shady upgrading services popping up (see http://xtractoruk.co...;products_id=7) this method seems to have been used already anyways.

[Aldanga]

QUOTE(amak1131 @ Nov 30 2009, 01:12 AM)

And guess what? Another method is found. That is how modding works: one method is patched, another is found. In the end modders always win, and the "omg we told M$ what to do, we're screwed!!!" is not even worth laughing at because of it's ignorance.

Anywho, GREAT job to those who researched it!

I couldn't agree more. Look at how many drive revisions we've had so far. The original LiteOns were supposed to be unhackable. Look how that turned out.

QUOTE(Toddler @ Nov 30 2009, 01:13 AM)

*snip*
In fact, the most interesting piece of information to come out of all of this may be what Iriez himself revealed, that others have been making progress getting the drive key via another method.  If true, that would mean there is another hole to be exploited.  Why reveal that, other than to take a shot at Geremia?  Surely it would have been better to keep that information away from Microsoft.

That's what excites me. If you find multiple holes, just tell people about one and hope the rest don't get exposed; and the fact that there are multiple holes just reassures me that MS still hasn't gotten this whole anti-hacking thing down... and never will.  

QUOTE(stacker69 @ Nov 30 2009, 01:20 AM)

*snip*
I have mixed emotions about the release of this info. It's like "Damned if you do and Damned if you don't". But surely this sort of info can't be kept hidden forever. Somewhere along the lines it has to be released at some point.

I say honesty is the best policy. Open source software and open source hacking both encourage innovation and improvement. Freedom of information is an extremely powerful tool if you allow it free reign.

[logicwatch]

[quote name='d4rk5ky' date='Nov 30 2009, 05:43 AM' post='4579139']
Nice work indeed!
Now we just need to wait for some kind of tool to simplify this more and we're all set (IMG:style_emoticons/default/smile.gif)
[/quote

  BIG FANFARE !!!!!!!

  ENTER XECUTER !!!!!!!  (IMG:style_emoticons/default/wink.gif)

[warbeast]

QUOTE(dharrison @ Nov 30 2009, 07:51 AM)

I could see connecting track 100 to 101 with conductive ink, but how would you connect 101 to 3.3V with it? Only thing I could possibly think of would be to run the trace on top of the chip to another 3.3V pin if that is possible. Maybe there is a different way? I really need to get one of these drives...

going back to xbox1 repairs people used a peace of tape over the pcb and then connected a track with conductive ink you could do the same thing here just run a track from the 101 to a 3.3v point

if you cut the 2 tracks from 100 and 122 instead of lifting the legs then one side of the 122 track should be 3.3v so u could use that or any 3.3v point

with the joining 101 and 100 to get status x72 u could just hold somthing like a probe to connect it long enuff to get status x72 then remove probe and connect 101 to 3.3v just run a track from the leg or if there is a point just after it use that run the ink over tape to the 3.3v u wish to use

or you could even solder a probe from a 3.3v source and then probe the 101 leg

This post has been edited by warbeast: Nov 30 2009, 09:37 AM

[K1LLERHORNET]

QUOTE

The methods posted so far are not for the beginner

I guess I have to wait a little longer

Didn't think the drive would be hacked so quickly - excellent work to all those involved  

[hetster]

here we go again with the this shouldt have been released debate again. i cant believe people still do this.
if geremia can see that the epoxy has been rebuilt on 2 of the legs surely M$ can as well. all this hack will do is bring either a new hardware change or a new drive alltogether and so carries on the cycle.

samsung
1. MS25 - the very first drive and hacked fairly easily
2. MS28 - OMG samsung patched the hole and added firmguard as a way of preventing flashing - along comes the via trick. so M$ gives the drive contract to someone else to be more secure

hitachi
1. 0047 - 0078 - OMG a new drive what are we gunna do. - hacked in windows and doesnt need VIA chipset probably one of te easiest drives to hack
2. 0079 - OMG a new revision thats unhackable - along comes passkey albeit a soldering method its still a method. then a solder free method in the 79unlock cd. all hitachis now easily exploited so M$ give the contract to another company

benq
1. OMG a new drive revision what are we gunna do - hacked with a via chipset or the vcc trick method. now i'm not usre wether they gave contract to liteon or wether the liteon was just a new revision of the benq as they are same company BUT

liteon
1. 74850c OMG a new unhackable drive whats can we do - hackable by using a probe. so liteon patch it up and bring out
2. 83850 OMG a new unhackable revision what are we gunna do - becomes hackable with half open tray and freekey much to the annoyance of groups who have now got a pay service in their sites. "this should NEVER have been released as its gunna kill the scene"
3. 83850-v2 - 93450 - OMG an unhackable drive what are we gunna do everyone was right we killed the scene. step in geremia with another free method  "this should never have been released its gunna kill the scene (and also we had a web domain allready set up with a pay service  (IMG:style_emoticons/default/mad.gif) )". this hack will work with all current stock and all warehouse stock. this will lead to 1 of 2 scenarios. 1 either liteon will make a new hardware revision and change the entire hardware as the chip would need to different or 2. M$ will give the contract to another drive manufacturer as security has been so badly compromised.

all that being said i do kind of agree this time with iriez. with a FULL firmware dump i think there would have been found a method to retrieve the key another way leaving this dumping backdoor open and secret. had liteon not known about the way the key was found then it MAY and i mean MAY have left the firmware chip as is, leaving the gateway open for other hacks in the future. BUT i have a feeling the reason geremia released this now and why there are a few angry hackers is there was a pay method on the horizon AGAIN. to me it seems like the scene is changing direction. it used to be we do what we do coz we love it and do it for free. now it seems to be lets keep this thing secret and see how much we can screw out of people before someone gives away a free method

either way i am sure the scene will live on because as has allready been proven NOTHING is unhackable

This post has been edited by hetster: Nov 30 2009, 10:40 AM

[pinkerton]

Congrats to all!
My only concern is the fact your cutting pins ETC, will this not be detectable by MS?

[Martinchris23]

QUOTE(HotKnife420 @ Nov 30 2009, 07:29 AM)

Does this method also work on older liteon drives? Then we could have a stock firmware on hand for older drives.

Unless someone beats me to it (or already posted elsewhere), I'll let you know later tonight