Post by: Xbox-Scene on November 29, 2009, 09:51:00 PM
Liteon 83850-v2 and Liteon 93450 DVD Key Can Now Be Dumped? Posted by XanTium | November 29 23:51 EST | News Category: Xbox360 |
| From team-xecuter.com: Quote
News-Source: team-xecuter.com | xboxhacker.net |
Post by: Ree1981 on November 29, 2009, 09:57:00 PM
Post by: iateshaggy on November 29, 2009, 09:57:00 PM
nice work all involved.
Post by: damonnomad on November 29, 2009, 10:04:00 PM
The key is then derived from that of course.
It's likely a different (better?) method will be released soon.
Post by: Asskick on November 29, 2009, 10:04:00 PM
And now these method dump the whole firmware? Or just the keys? Would be nice to now have a way to revert back to stock fw.
Thanks for everyone involved on doing all these possible
Post by: Grim187 on November 29, 2009, 10:10:00 PM
QUOTE(Ree1981 @ Nov 29 2009, 08:57 PM) 
Well I'm not doing that, ever. Sounds about as safe and reliable as removing a TSOP.
which is %100 safe and easy...?
nice works, gonna go read up on it and try it later tonight, thanks!
Post by: Rickets06 on November 29, 2009, 10:15:00 PM
Good job men. Cheers
Post by: HipHopHead on November 29, 2009, 10:19:00 PM
Post by: ccfman2004 on November 29, 2009, 10:21:00 PM
On the other site, you apparently can simply put the dump into the source of Jungle Flasher and get the key.
Post by: alwaysonjohn on November 29, 2009, 10:22:00 PM
n/m folks on xboxhacker say that the 83850c firmware works.
This post has been edited by alwaysonjohn: Nov 30 2009, 06:23 AM
Post by: Aldanga on November 29, 2009, 10:30:00 PM
I'm going to keep my eye on this. It's all quite exciting.
Post by: dharrison on November 29, 2009, 10:36:00 PM
Edit: Just trying to understand what pins 100 and 101 do, since I don't have a datasheet on the chip. I assume maybe one is a GND? I have to get a hold of one of these drives now.. It's killing me.
This post has been edited by dharrison: Nov 30 2009, 06:44 AM
Post by: d4rk5ky on November 29, 2009, 10:43:00 PM
Now we just need to wait for some kind of tool to simplify this more and we're all set
Post by: thugnasty101 on November 29, 2009, 10:44:00 PM
Post by: Aldanga on November 29, 2009, 10:51:00 PM
QUOTE(dharrison @ Nov 29 2009, 11:36 PM)
Nice work! Just wish that I had a new Lite-On drive to try this out on... So, if the method of reading the flash is the same for both drive revisions, what are the differences between decrypting the key from the 83850C V2 and the 93450C? Are we talking about a different algorithm or different key location?
Edit: Just trying to understand what pins 100 and 101 do, since I don't have a datasheet on the chip. I assume maybe one is a GND? I have to get a hold of one of these drives now.. It's killing me.
From what I've read the firmware isn't actually encrypted, so there's no decryption needed. You only need to find the location of the key.
100 is 1.8V, 101 is 3.3V and 102 is a GND according to fail's post in the thread on XBH.
Post by: dharrison on November 29, 2009, 11:00:00 PM
QUOTE(Aldanga @ Nov 30 2009, 12:51 AM) 
From what I've read the firmware isn't actually encrypted, so there's no decryption needed. You only need to find the location of the key.
100 is 1.8V, 101 is 3.3V and 102 is a GND according to fail's post in the thread on XBH.
Oh, thanks for the link to that diagram. That helps out a bunch. So, when they say to wire pin 101 to 3.3V, can we use pin 122? Or will it have to be another location thats not on the chip itself?
Post by: pyro42 on November 29, 2009, 11:01:00 PM
Post by: xboxer360 on November 29, 2009, 11:19:00 PM
For those of you complaining, considering this is the dreaded ALL HOLES PATCHED liteon, we should be VERY grateful the solution is so straight forward and easy in comparison. I would not have been surprised if it required removing the whole controller let alone 2 legs.
This post has been edited by xboxer360: Nov 30 2009, 07:20 AM
Post by: eyric101 on November 29, 2009, 11:24:00 PM
Post by: pigbait on November 29, 2009, 11:38:00 PM
Post by: WOlfSaviorZX on November 29, 2009, 11:44:00 PM
edit: pigbait I think M$ knows what we are doing all the time anyway. Microsoft will surly get either a new real unmoddable lite on or switch over to another company (I have never seen a console switch to so many different manufacturers in all my life lol). Im stocking up on new xboxs very soon seems like a safe bet to plan ahead rather then wait until the last minute when there is no moddable xboxs in stores.
And yes I know I am optimistic, I have to be hell I have 5 consoles laying around that could be jtaged if of course I knew of a good reason (which Im sure wont be long).
This post has been edited by WOlfSaviorZX: Nov 30 2009, 07:50 AM
Post by: warbeast on November 29, 2009, 11:45:00 PM
cut track 101 and 122
join pin 100 and 101 with conductive ink
boot dosflash get Status x72
clean off ink
connect 101 to any 3.3v point on board using conductive ink
read flash
remove ink then repair cut tracks with conductive ink
done
Post by: dharrison on November 29, 2009, 11:51:00 PM
QUOTE(warbeast @ Nov 30 2009, 01:45 AM)
how about this for a solderless
cut track 101 and 122
join pin 100 and 101 with conductive ink
boot dosflash get Status x72
clean off ink
connect 101 to any 3.3v point on board using conductive ink
read flash
remove ink then repair cut tracks with conductive ink
done
I could see connecting track 100 to 101 with conductive ink, but how would you connect 101 to 3.3V with it? Only thing I could possibly think of would be to run the trace on top of the chip to another 3.3V pin if that is possible. Maybe there is a different way? I really need to get one of these drives...
This post has been edited by dharrison: Nov 30 2009, 07:56 AM
Post by: stacker69 on November 29, 2009, 11:51:00 PM
Post by: tomgreen99200 on November 29, 2009, 11:54:00 PM
Post by: Toddler on November 29, 2009, 11:54:00 PM
QUOTE(pigbait @ Nov 30 2009, 12:38 AM)
Like Iriez siad in the Xbox hackers site, this is not a good thing germina just showed ms are cards and and M$ is going to win the pot with a royal flush
As if people shipping their drives off to be modded for a fee would have kept Microsoft in the dark?!?
Post by: dharrison on November 29, 2009, 11:58:00 PM
QUOTE(stacker69 @ Nov 30 2009, 01:51 AM)
Just a little confused here. Which 3.3v are we suppose to use? Looking at the diagram there's 7 to choose from not including pins 101 and 122 of course. So it doesn't matter which 3.3v you connect to right?
After reading a little bit more on this method, it seems that any 3.3V source will work. Haven't confirmed if you can use pin 122 or not yet, but probably not.
Post by: xboxer360 on November 30, 2009, 12:02:00 AM
Post by: dharrison on November 30, 2009, 12:02:00 AM
QUOTE(Toddler @ Nov 30 2009, 01:54 AM)
As if people shipping their drives off to be modded for a fee would have kept Microsoft in the dark?!?
It wouldn't leave anyone in the dark, but the whole situation is about the method and information being released, which could potentially lead to Microsoft plugging up a hole in future designs (ie. JTAG exploit).
Post by: amak1131 on November 30, 2009, 12:12:00 AM
QUOTE(pigbait @ Nov 29 2009, 11:38 PM)
Like Iriez siad in the Xbox hackers site, this is not a good thing germina just showed ms are cards and and M$ is going to win the pot with a royal flush
And guess what? Another method is found. That is how modding works: one method is patched, another is found. In the end modders always win, and the "omg we told M$ what to do, we're screwed!!!" is not even worth laughing at because of it's ignorance.
Anywho, GREAT job to those who researched it!
Post by: Toddler on November 30, 2009, 12:13:00 AM
QUOTE(dharrison @ Nov 30 2009, 01:02 AM)
It wouldn't leave anyone in the dark, but the whole situation is about the method and information being released, which could potentially lead to Microsoft plugging up a hole in future designs (ie. JTAG exploit).
That's the game, and you play the hand you're dealt. If the only alternatives are (1) release information publicly or (2) release information to a tiny cabal of professional modders, I'll vote for the first option and let the chips fall where they may. There is no "scene" if information is not shared. Otherwise, it essentially becomes a business.
It's not as if Microsoft would turn a blind eye to that scenario, either. One can make the case that they'd be far more aggressive if they viewed "the scene" as a professional enterprise rather than just a bunch of one-off 360 hackers.
In fact, the most interesting piece of information to come out of all of this may be what Iriez himself revealed, that others have been making progress getting the drive key via another method. If true, that would mean there is another hole to be exploited. Why reveal that, other than to take a shot at Geremia? Surely it would have been better to keep that information away from Microsoft.
This post has been edited by Toddler: Nov 30 2009, 08:30 AM
Post by: stacker69 on November 30, 2009, 12:20:00 AM
QUOTE
any 3.3 source will work danthaman, if you don't like to lift pins then just cut the trace from the capacitor and rejoin it afterwards.
I just found my answer. Cool!
I have mixed emotions about the release of this info. It's like "Damned if you do and Damned if you don't". But surely this sort of info can't be kept hidden forever. Somewhere along the lines it has to be released at some point.
PS:
GOOD JOB TO ALL INVOLVED!!! AND A BIG THANK YOU!!!
This post has been edited by stacker69: Nov 30 2009, 08:23 AM
Post by: slayer902 on November 30, 2009, 12:21:00 AM
but im gonna sit this one out and wait for a software solution, or at least something that doesn't require tampering with the controller chip lol.
Post by: HotKnife420 on November 30, 2009, 12:29:00 AM
Post by: stacker69 on November 30, 2009, 12:32:00 AM
QUOTE(HotKnife420 @ Nov 30 2009, 06:29 PM)
Does this method also work on older liteon drives? Then we could have a stock firmware on hand for older drives.
If it uses the same chip as the newer ones then it should.
Post by: thugnasty101 on November 30, 2009, 12:49:00 AM
Post by: green360 on November 30, 2009, 12:53:00 AM
Post by: ZakMcRofl on November 30, 2009, 01:00:00 AM
Bad for his business, good for the scene.
Yes, this might lead to Lite-On changing the chip/hardware design but this costs money and takes time. And when we're talking about hardware exploits like this one, they are much more expensive to fix than patching a software exploit.
Besides, with the amount of shady upgrading services popping up (see http://xtractoruk.co...;products_id=7) this method seems to have been used already anyways.
Post by: Aldanga on November 30, 2009, 01:01:00 AM
QUOTE(amak1131 @ Nov 30 2009, 01:12 AM)
And guess what? Another method is found. That is how modding works: one method is patched, another is found. In the end modders always win, and the "omg we told M$ what to do, we're screwed!!!" is not even worth laughing at because of it's ignorance.
Anywho, GREAT job to those who researched it!
I couldn't agree more. Look at how many drive revisions we've had so far. The original LiteOns were supposed to be unhackable. Look how that turned out.
QUOTE(Toddler @ Nov 30 2009, 01:13 AM)
*snip*
In fact, the most interesting piece of information to come out of all of this may be what Iriez himself revealed, that others have been making progress getting the drive key via another method. If true, that would mean there is another hole to be exploited. Why reveal that, other than to take a shot at Geremia? Surely it would have been better to keep that information away from Microsoft.
That's what excites me. If you find multiple holes, just tell people about one and hope the rest don't get exposed; and the fact that there are multiple holes just reassures me that MS still hasn't gotten this whole anti-hacking thing down... and never will.
QUOTE(stacker69 @ Nov 30 2009, 01:20 AM)
*snip*
I have mixed emotions about the release of this info. It's like "Damned if you do and Damned if you don't". But surely this sort of info can't be kept hidden forever. Somewhere along the lines it has to be released at some point.
I say honesty is the best policy. Open source software and open source hacking both encourage innovation and improvement. Freedom of information is an extremely powerful tool if you allow it free reign.
Post by: logicwatch on November 30, 2009, 01:08:00 AM
Nice work indeed!
Now we just need to wait for some kind of tool to simplify this more and we're all set (IMG:style_emoticons/default/smile.gif)
[/quote
BIG FANFARE !!!!!!!
ENTER XECUTER !!!!!!! (IMG:style_emoticons/default/wink.gif)
Post by: warbeast on November 30, 2009, 01:28:00 AM
QUOTE(dharrison @ Nov 30 2009, 07:51 AM)
I could see connecting track 100 to 101 with conductive ink, but how would you connect 101 to 3.3V with it? Only thing I could possibly think of would be to run the trace on top of the chip to another 3.3V pin if that is possible. Maybe there is a different way? I really need to get one of these drives...
going back to xbox1 repairs people used a peace of tape over the pcb and then connected a track with conductive ink you could do the same thing here just run a track from the 101 to a 3.3v point
if you cut the 2 tracks from 100 and 122 instead of lifting the legs then one side of the 122 track should be 3.3v so u could use that or any 3.3v point
with the joining 101 and 100 to get status x72 u could just hold somthing like a probe to connect it long enuff to get status x72 then remove probe and connect 101 to 3.3v just run a track from the leg or if there is a point just after it use that run the ink over tape to the 3.3v u wish to use
or you could even solder a probe from a 3.3v source and then probe the 101 leg
This post has been edited by warbeast: Nov 30 2009, 09:37 AM
Post by: K1LLERHORNET on November 30, 2009, 01:56:00 AM
QUOTE
The methods posted so far are not for the beginner
I guess I have to wait a little longer
Didn't think the drive would be hacked so quickly - excellent work to all those involved
Post by: hetster on November 30, 2009, 02:27:00 AM
if geremia can see that the epoxy has been rebuilt on 2 of the legs surely M$ can as well. all this hack will do is bring either a new hardware change or a new drive alltogether and so carries on the cycle.
samsung
1. MS25 - the very first drive and hacked fairly easily
2. MS28 - OMG samsung patched the hole and added firmguard as a way of preventing flashing - along comes the via trick. so M$ gives the drive contract to someone else to be more secure
hitachi
1. 0047 - 0078 - OMG a new drive what are we gunna do. - hacked in windows and doesnt need VIA chipset probably one of te easiest drives to hack
2. 0079 - OMG a new revision thats unhackable - along comes passkey albeit a soldering method its still a method. then a solder free method in the 79unlock cd. all hitachis now easily exploited so M$ give the contract to another company
benq
1. OMG a new drive revision what are we gunna do - hacked with a via chipset or the vcc trick method. now i'm not usre wether they gave contract to liteon or wether the liteon was just a new revision of the benq as they are same company BUT
liteon
1. 74850c OMG a new unhackable drive whats can we do - hackable by using a probe. so liteon patch it up and bring out
2. 83850 OMG a new unhackable revision what are we gunna do - becomes hackable with half open tray and freekey much to the annoyance of groups who have now got a pay service in their sites. "this should NEVER have been released as its gunna kill the scene"
3. 83850-v2 - 93450 - OMG an unhackable drive what are we gunna do everyone was right we killed the scene. step in geremia with another free method "this should never have been released its gunna kill the scene (and also we had a web domain allready set up with a pay service (IMG:style_emoticons/default/mad.gif) )". this hack will work with all current stock and all warehouse stock. this will lead to 1 of 2 scenarios. 1 either liteon will make a new hardware revision and change the entire hardware as the chip would need to different or 2. M$ will give the contract to another drive manufacturer as security has been so badly compromised.
all that being said i do kind of agree this time with iriez. with a FULL firmware dump i think there would have been found a method to retrieve the key another way leaving this dumping backdoor open and secret. had liteon not known about the way the key was found then it MAY and i mean MAY have left the firmware chip as is, leaving the gateway open for other hacks in the future. BUT i have a feeling the reason geremia released this now and why there are a few angry hackers is there was a pay method on the horizon AGAIN. to me it seems like the scene is changing direction. it used to be we do what we do coz we love it and do it for free. now it seems to be lets keep this thing secret and see how much we can screw out of people before someone gives away a free method
either way i am sure the scene will live on because as has allready been proven NOTHING is unhackable
This post has been edited by hetster: Nov 30 2009, 10:40 AM
Post by: pinkerton on November 30, 2009, 02:35:00 AM
My only concern is the fact your cutting pins ETC, will this not be detectable by MS?
Post by: Martinchris23 on November 30, 2009, 02:37:00 AM
QUOTE(HotKnife420 @ Nov 30 2009, 07:29 AM)
Does this method also work on older liteon drives? Then we could have a stock firmware on hand for older drives.
Unless someone beats me to it (or already posted elsewhere), I'll let you know later tonight
Post by: amak1131 on November 30, 2009, 02:45:00 AM
Many PC DRM method were cracked, as with DS and other systems. "OMG, this protection can't be cracked!!!" Next day, it's cracked and well documented.
Can't comment on Xbox, I'm not 100% how it worked...all I know is methods were found, patched and found again.
hetster nailed it right on the head and I agree with him 100%, until the part with agreeing with iriez. Methods will be found and patched, so the only logical reason behind the whining I can see is, as others have mentioned, another pay-for service. I am highly appreciative of geremia for releasing this info. He did the right thing and is will just be another nail in the coffin of "if we reveal our methods, we're screwed".
Post by: UnnA^ on November 30, 2009, 03:02:00 AM
Thanks all
Post by: insanity4all on November 30, 2009, 03:48:00 AM
QUOTE(Martinchris23 @ Nov 30 2009, 03:37 AM)
Unless someone beats me to it (or already posted elsewhere), I'll let you know later tonight
Yes, it works on ALL Lite-ons, as they ALL have the SAME MTK chipset.
Post by: Radament on November 30, 2009, 04:01:00 AM
QUOTE(UnnA^ @ Nov 30 2009, 11:02 AM)
With the abilty to now dump the FULL fw, what about already modded drives such as the 7xxx lite-on's? Is it now theoretically possible to get a blank original firmware and insert your key into it to be flashed back on to make it stock once again? I'm not asking how to do it right here and now but to someone with knowledge of the current situation do you think it's plausable that this will be an option or is it a case of "we have already erased and flashed the drive cannot ever be stock."
Thanks all (IMG:style_emoticons/default/wink.gif)
Yes, you can restore Lite-Ons to stock now.
Post by: micpuk on November 30, 2009, 04:22:00 AM
But; I would like to add my thanks to everyone involved in this!
Post by: caster420 on November 30, 2009, 04:43:00 AM
QUOTE(Aldanga @ Nov 30 2009, 01:51 AM)
From what I've read the firmware isn't actually encrypted, so there's no decryption needed.
Incorrect. The firmware is encrypted. The key and a few other sectors arn't, so decryption isnt required to obtain it.
Caster.
Post by: ccfman2004 on November 30, 2009, 04:46:00 AM
QUOTE(caster420 @ Nov 30 2009, 12:43 PM)
Incorrect. The firmware is encrypted. The key and a few other sectors arn't, so decryption isnt required to obtain it.
Caster.
Which explains why you can simply take the dump and load it up into JungleFlasher and the key will be displayed.
Post by: amak1131 on November 30, 2009, 04:47:00 AM
QUOTE(caster420 @ Nov 30 2009, 04:43 AM)
Incorrect. The firmware is encrypted. The key and a few other sectors arn't, so decryption isnt required to obtain it.
Caster.
And that just proves they'll never get the security right:D
Post by: Syn201 on November 30, 2009, 04:54:00 AM
QUOTE(pigbait @ Nov 30 2009, 08:38 AM)
Like Iriez siad in the Xbox hackers site, this is not a good thing germina just showed ms are cards and and M$ is going to win the pot with a royal flush
lol iriez is a drama queen nothing is unhackable as i have said about 99 million times before
seems mighty strange to me that iriez moaned after the found my site info got released and now since this exploit has become been released moans again amazingly enough after some sites where offering it for a paid fee
so this guy makes money off the likes of me and complains that someone else is killing the scene i thought this stuff was about beating ms not dicking each other out of money it is a sad day in any mod scene when so called hackers charge for there exploits ..
Post by: iglitare on November 30, 2009, 05:03:00 AM
QUOTE(amak1131 @ Nov 30 2009, 08:12 AM)
And guess what? Another method is found. That is how modding works: one method is patched, another is found. In the end modders always win, and the "omg we told M$ what to do, we're screwed!!!" is not even worth laughing at because of it's ignorance.
Anywho, GREAT job to those who researched it!
why are all people sure that every time a new method would be found?
For example i can´t see any old or new method at the PS3.
I can´t see any method at NDS or Nagra2 neither.
There are certain things that are unhackable.
Post by: vb_encryption_vb on November 30, 2009, 05:30:00 AM
QUOTE(iglitare @ Nov 30 2009, 07:03 AM)
why are all people sure that every time a new method would be found?
For example i can´t see any old or new method at the PS3.
I can´t see any method at NDS or Nagra2 neither.
There are certain things that are unhackable.
NDS has plenty of loaders. R4 for example.
To hell with the PS3.
Never heard of Nagra2 and don't really care to see what it is.
Post by: Th3_Burn3r on November 30, 2009, 05:42:00 AM
QUOTE(vb_encryption_vb @ Nov 30 2009, 01:30 PM)
NDS has plenty of loaders. R4 for example.
To hell with the PS3.
Never heard of Nagra2 and don't really care to see what it is.
i think
nds is not meaning nintendo ds
nds and nagra2 are encryption methods for pay tv and they are not hacked yet
Wiki link NDS
Wiki link Nagravision
Post by: deilzfcjk on November 30, 2009, 05:43:00 AM
Post by: staveone on November 30, 2009, 06:15:00 AM
for all this time,why have we never seen a stock liteon firmware which would of been useful during last ban
wave???
Post by: caster420 on November 30, 2009, 06:23:00 AM
QUOTE(staveone @ Nov 30 2009, 09:15 AM)
just wondering if this really was a secret way of dumping liteon firmware, known only to a select few
for all this time,why have we never seen a stock liteon firmware which would of been useful during last ban
wave???
for all this time,why have we never seen a stock liteon firmware which would of been useful during last ban
wave???
The firmware which iXtreme has been based off of and other related dumps of the firmware which were kept private were done by decapping the controller and dumping the flash with a programmer. It was not done by this method and has only just come into existence.
Caster.
Post by: staveone on November 30, 2009, 06:54:00 AM
Post by: xbox360sexual on November 30, 2009, 06:58:00 AM
I'm guessing that as the mtkflash and spi chip share the same 3.3v pin, we're disconnecting it and running it at 1.8v, which is enough for the mtkflash to work, but not enough for the spi chip to function, and thus we get FFF (blank chip), then we force it back to 3.3v and we get a read?
Post by: ccfman2004 on November 30, 2009, 07:02:00 AM
Post by: Aldanga on November 30, 2009, 07:02:00 AM
QUOTE(caster420 @ Nov 30 2009, 05:43 AM)
Incorrect. The firmware is encrypted. The key and a few other sectors arn't, so decryption isnt required to obtain it.
Caster.
It seems I misunderstood. Thanks for correcting me.
QUOTE(caster420 @ Nov 30 2009, 07:23 AM)
The firmware which iXtreme has been based off of and other related dumps of the firmware which were kept private were done by decapping the controller and dumping the flash with a programmer. It was not done by this method and has only just come into existence.
Caster.
Unless I misunderstand, Iriez said in the thread on XBH that decapping was not done and this method was used previously by C4E and company to hack the original LiteOn.
Post by: joeyddr on November 30, 2009, 07:03:00 AM
QUOTE(xbox360sexual @ Nov 30 2009, 08:58 AM)
Surprised noone has explained what's actually happening here.
I'm guessing that as the mtkflash and spi chip share the same 3.3v pin, we're disconnecting it and running it at 1.8v, which is enough for the mtkflash to work, but not enough for the spi chip to function, and thus we get FFF (blank chip), then we force it back to 3.3v and we get a read?
since it thinks the spi is blank it forces it into a vendor mode where we can read it correctly after powering up the spi... so basically yes.
Post by: green360 on November 30, 2009, 07:55:00 AM
but it still a great job
Post by: Celerion on November 30, 2009, 08:03:00 AM
QUOTE(iglitare @ Nov 30 2009, 01:03 PM)
I can´t see any method at NDS or Nagra2 neither.
There are certain things that are unhackable.
OT: Nagra 2 Cards have been fully dumped several times. E.g. Digital+ and Premiere where both open for years. Now they have switched to Nagra 3 and until today there is no known way to dump the card. But well: Both NDS and Nagra 3 can be watched using Cardsharing :-) There is always a way...
In theory everything is hackable, it's just a question of time and resources. But yes sometimes the needed time and resources exceed the possibilities.
Post by: Ranger72 on November 30, 2009, 08:52:00 AM
Great thanks to all involved.
Post by: megamania2004 on November 30, 2009, 08:55:00 AM
QUOTE(Celerion @ Nov 30 2009, 04:03 PM)
OT: Nagra 2 Cards have been fully dumped several times. E.g. Digital+ and Premiere where both open for years. Now they have switched to Nagra 3 and until today there is no known way to dump the card. But well: Both NDS and Nagra 3 can be watched using Cardsharing :-) There is always a way...
In theory everything is hackable, it's just a question of time and resources. But yes sometimes the needed time and resources exceed the possibilities.
QUOTE(Ranger72 @ Nov 30 2009, 04:52 PM)
I dumped a few of the 8xxxx V2 and 9xxxx drives I got laying around here. Going to wait for LT before I actually flash them though.
Great thanks to all involved.
how do you get the keys!
Post by: tul18 on November 30, 2009, 08:56:00 AM
This post has been edited by tul18: Nov 30 2009, 04:56 PM
Post by: ccfman2004 on November 30, 2009, 08:57:00 AM
QUOTE(megamania2004 @ Nov 30 2009, 04:55 PM)
how do you get the keys!
Try opening the firmware dump in JungleFlasher.
Post by: Ranger72 on November 30, 2009, 09:02:00 AM
QUOTE(ccfman2004 @ Nov 30 2009, 10:57 AM)
Try opening the firmware dump in JungleFlasher.
Indeed. Open it as TARGET.
Post by: Toddler on November 30, 2009, 09:12:00 AM
QUOTE(Aldanga @ Nov 30 2009, 08:02 AM)
Unless I misunderstand, Iriez said in the thread on XBH that decapping was not done and this method was used previously by C4E and company to hack the original LiteOn.
That's how I read it as well, that the firmware dump was never the result of decapping and electron scanning, etc. He's the cheerleader for "we've got to keep things secret" and then he goes and drops that info? Why he would reveal that, as well as the progress being made on alternate key extraction methods, is pretty curious.
Latest method from XBH:
QUOTE
No pin lifting or epoxy removing needed anymore! Just solder anything on the back according to this picture.
Also if you got status 0x52 instead of 0x72 with the "1,8V-method" this should do it. I already dumped 4 drives with this method without any issues.
-switch in pos 1
-power drive
-start Dosflash --> SPI should get recognized with status 0x72
-put switch in pos 2
-click "read"
unsolder anything and reconnect the lines that have been cut.
(IMG:http://img413.imageshack.us/img413/5963/loboard.jpg)
Also if you got status 0x52 instead of 0x72 with the "1,8V-method" this should do it. I already dumped 4 drives with this method without any issues.
-switch in pos 1
-power drive
-start Dosflash --> SPI should get recognized with status 0x72
-put switch in pos 2
-click "read"
unsolder anything and reconnect the lines that have been cut.
(IMG:http://img413.imageshack.us/img413/5963/loboard.jpg)
Looks about as complicated as the original BenQ mod, I've still got the switch lying around somewhere. (IMG:style_emoticons/default/smile.gif)
This post has been edited by Toddler: Nov 30 2009, 05:34 PM
Post by: RMF on November 30, 2009, 09:40:00 AM
Post by: BoNg420 on November 30, 2009, 09:56:00 AM
by MRA
QUOTE
No pin lifting or epoxy removing needed anymore! Just solder anything on the back according to this picture.
Also if you got status 0x52 instead of 0x72 with the "1,8V-method" this should do it. I already dumped 4 drives with this method without any issues.
-switch in pos 1
-power drive
-start Dosflash --> SPI should get recognized with status 0x72
-put switch in pos 2
-click "read"
unsolder anything and reconnect the lines that have been cut.
(IMG:http://img413.imageshack.us/img413/5963/loboard.jpg)
Oops didnt see that it was posted already, but I'm sure if everyone waits a simpler process will be shown, or maybe this is as simple as it will get.
This post has been edited by BoNg420: Nov 30 2009, 05:57 PM
Post by: bubbafett4hire on November 30, 2009, 10:53:00 AM
QUOTE(Th3_Burn3r @ Nov 30 2009, 07:42 AM)
i think
nds is not meaning nintendo ds
nds and nagra2 are encryption methods for pay tv and they are not hacked yet
Wiki link NDS
Wiki link Nagravision
I beg to differ getting off topic for I minute Nagra 2 was hacked and blown wide open with cardless solutions for the FTA world , Nagra 3 is still yet publicly unbroken as only IKS solutions are working for Nagra 3 which I am sure you already know
Back to the topic , great news for these drives like the rest will have to try it later
Post by: megamania2004 on November 30, 2009, 11:03:00 AM
Post by: stacker69 on November 30, 2009, 11:26:00 AM
QUOTE(Ranger72 @ Dec 1 2009, 02:52 AM)
I dumped a few of the 8xxxx V2 and 9xxxx drives I got laying around here. Going to wait for LT before I actually flash them though.
Great thanks to all involved.
Hi Ranger72,
So you were able to dump the firmware out of those two drives? I'm assuming that you had to solder right?
Post by: Aldanga on November 30, 2009, 12:09:00 PM
QUOTE(megamania2004 @ Nov 30 2009, 11:45 AM)
can i open in jungle flasher???
ixtreme 1.6 works on it?
9 and 8v2?
QUOTE(megamania2004 @ Nov 30 2009, 12:03 PM)
no one?
If I can be so bold as to say this, I'd recommend a little patience. Your second post was less than twenty minutes after your first. This tends to come across as whiny and annoying. Someone will get around to answering your question if you are respectful and give them time to actually read your posts.
To answer your question: word from those involved is that you can use the firmware from older LiteOn revisions and they're essentially the same drive except for their firmwares. I haven't tested it and you mod it at your own risk, but that's what's going around.
This answer I've just given you has been previously stated on the first page of this thread. You'd do well to read a bit before asking questions. It might save you some time.
Post by: Svantesson666 on November 30, 2009, 12:15:00 PM
From the picture it looks alot easier to dump it this way than go fiddeling with the chip. But am I the only idiot that doesn't quite understand what he means by cut? What and by what should you cut? Should you cut the actual lines and if between what lines should you cut at the upper yellow "cutline"?
I hope we get a much better picture soon. Preferably one with transparent colour lines so you can clearly see which holes it points to.
Post by: Antman1 on November 30, 2009, 12:28:00 PM
Post by: Ranger72 on November 30, 2009, 12:39:00 PM
QUOTE(stacker69 @ Nov 30 2009, 01:26 PM)
Hi Ranger72,
So you were able to dump the firmware out of those two drives? I'm assuming that you had to solder right?
Yes soldering was required.
Post by: SNAAAKE on November 30, 2009, 12:43:00 PM
Post by: rommy667 on November 30, 2009, 12:45:00 PM
Post by: antz1970 on November 30, 2009, 01:13:00 PM
QUOTE(rommy667 @ Nov 30 2009, 09:45 PM)
Wow this is great news indeed,but im pretty much a noob never soldered anything before so could some one plz make a noob proof tut on excatly how to do this and big shout to all who made this happen
with all the respect in the world m8 , all the tutorials in the word will not make you good at soldering ,only experience will , dont try learning to solder on your dvd drive board it will go wrong and you lose the drive , practice on broken motherboards etc , also good tools/materials make the job easier , not having a go at you m8 , just a bit of friendly advice
Post by: rommy667 on November 30, 2009, 01:22:00 PM
Post by: Asphixiate on November 30, 2009, 01:31:00 PM
Post by: caster420 on November 30, 2009, 01:39:00 PM
QUOTE(Toddler @ Nov 30 2009, 12:12 PM)
That's how I read it as well, that the firmware dump was never the result of decapping and electron scanning, etc. He's the cheerleader for "we've got to keep things secret" and then he goes and drops that info? Why he would reveal that, as well as the progress being made on alternate key extraction methods, is pretty curious.
Latest method from XBH:
Looks about as complicated as the original BenQ mod, I've still got the switch lying around somewhere.
I can tell you with all certainty, this is not how the firmware has been retrieved to date. One individual in Team Jungle has spent a tremendous amount of time, money and numerous drives in retrieving multiple decaps of each drive revision. Although he remains anonymous at this time unless he chooses to come forward, we should not detract from the hard work he has done in making lite-on iXtreme possible.
Iriez is not referring to this method of dumping but rather the information the Geremia posted in the initial post of that thread. He discussed when access to the flash is made possible. This information has been known since the original lite-on and was kept private.
As Geremia outlined in his own post, this was initially explored and not pursued further because it seemed to be a dead-end road. Thanks to TMF, we now have a working method for it.
Caster.
Post by: Asphixiate on November 30, 2009, 01:46:00 PM
QUOTE(Iriez)
So eff all of you haters out there. Your barking up the wrong tree. You want to hate on anyone? Hate on the guy who CREATED the encryption on the keys scheme so he could charge you money. c4e
I think I got it....C4E was dumping the firmware then adding encryption and having people send him the files and pay money for him to give them the keys.
To be honest if it were about the money I would think that C4E could just ask for donations and get plenty.
Post by: coedshowers on November 30, 2009, 01:55:00 PM
seems kind of easy to make i would think. just depends on if you could use a socket adaptor ontop of the chip or if you must cut the wires to make it work.. if the chip pins didnt have to be disconnected from the board well.. like i said it wouldnt be too hard to make a chip socket overlay with a switch and a sata male adaptor..
might even be able to make a pass through adaptor for the dvd-power.. im not at home so i dont have my multimeter with me to check the 360 rom power cable. ..
i do hope someone makes a snap on device or some easier way to hack the new ones..
i myself have done a lot of 83850c ( newer ones ) i still think they are a pain in the ass compared to others..
i'm just going to wait for the new firmware to come out before i try any of these newer liteon drives.. its just too much hassle if i'm going to have to re-flash it again in a few weeks.
Post by: amak1131 on November 30, 2009, 01:59:00 PM
QUOTE(iglitare @ Nov 30 2009, 05:03 AM)
why are all people sure that every time a new method would be found?
For example i can´t see any old or new method at the PS3.
I can´t see any method at NDS or Nagra2 neither.
There are certain things that are unhackable.
As stated, I guess these were hackec (I never heard of them before), but "unhackable" and "is it worth my time?" are 2 different matters.
Looks like progress is being made on this:D Great job, everyone involved!
Post by: bonneville1992 on November 30, 2009, 02:16:00 PM
QUOTE(coedshowers @ Nov 30 2009, 09:55 PM)
sounds to me like they will make a chip socket that you push over the chip like they did Wii mod chips in earlier days.. then it will have a connector for a pc sata plug ( for the 3.3v use sata orange wire ) and have a switch ontop of the chip/socket.
seems kind of easy to make i would think. just depends on if you could use a socket adaptor ontop of the chip or if you must cut the wires to make it work.. if the chip pins didnt have to be disconnected from the board well.. like i said it wouldnt be too hard to make a chip socket overlay with a switch and a sata male adaptor..
might even be able to make a pass through adaptor for the dvd-power.. im not at home so i dont have my multimeter with me to check the 360 rom power cable. ..
i do hope someone makes a snap on device or some easier way to hack the new ones..
i myself have done a lot of 83850c ( newer ones ) i still think they are a pain in the ass compared to others..
i'm just going to wait for the new firmware to come out before i try any of these newer liteon drives.. its just too much hassle if i'm going to have to re-flash it again in a few weeks.
Only problem with a snap on device is that you would have to remove all that epoxy stuff for it to go over the controller if that is the idea, would be a tremenous pain in the ass though. but i'm sure someone will make something. These guys are amazing at what they do, just blows me away how they figure this shit out.
Post by: Aldanga on November 30, 2009, 02:38:00 PM
QUOTE(caster420 @ Nov 30 2009, 02:39 PM)
I can tell you with all certainty, this is not how the firmware has been retrieved to date. One individual in Team Jungle has spent a tremendous amount of time, money and numerous drives in retrieving multiple decaps of each drive revision. Although he remains anonymous at this time unless he chooses to come forward, we should not detract from the hard work he has done in making lite-on iXtreme possible.
Iriez is not referring to this method of dumping but rather the information the Geremia posted in the initial post of that thread. He discussed when access to the flash is made possible. This information has been known since the original lite-on and was kept private.
As Geremia outlined in his own post, this was initially explored and not pursued further because it seemed to be a dead-end road. Thanks to TMF, we now have a working method for it.
Caster.
Very interesting. I know it was stated previously that the drive had to be decapped and analyzed, but I wasn't sure what to believe when Iriez seemed to state something completely different. Iriez wasn't very clear in his answer, but his adrenaline was probably pumping at that point--as it seems to have been since this information was made known.
I can't totally fault Iriez for wanting to keep this private and "protect the scene" (whatever that means) but I'm not as worried as he seems to be about drives being unhackable. People thought the LiteOns were the end of 360 modding. I can't count how many times I read or heard people saying, "The LiteOn will never be hacked. It's impossible." As long as humans are designing the chips or the machines that design the chips there will be holes and errors; and those errors will be exploitable in some form or another.
Post by: quantex on November 30, 2009, 02:41:00 PM
Thanks for all involved.
Post by: [email protected] on November 30, 2009, 03:42:00 PM
QUOTE(bonneville1992 @ Nov 30 2009, 11:16 PM)
Only problem with a snap on device is that you would have to remove all that epoxy stuff for it to go over the controller if that is the idea, would be a tremenous pain in the ass though. but i'm sure someone will make something. These guys are amazing at what they do, just blows me away how they figure this shit out.
Not really, there is already a method of doing this mod from the back of motherboard, and so no reason to remove any epoxy. The only problem arises with the tracks that have to be cut in the process, but I'm sure there will be an alternate way to this.
Post by: green360 on November 30, 2009, 04:19:00 PM
QUOTE([email protected] @ Nov 30 2009, 11:42 PM)
Not really, there is already a method of doing this mod from the back of motherboard, and so no reason to remove any epoxy. The only problem arises with the tracks that have to be cut in the process, but I'm sure there will be an alternate way to this.
yes it's very good this alternatives points to dump the whole firmware of liteons , & the tracks to cut still the only problem to make a very easy method to dump the FW like it was with liteon 74 key with needle's method : dump your liteon firmware for free
I hope we will see in the few days coming a made-home tool to dump the firmware without soldering any thing in the PCB using needles
good night
Post by: xboxpirate11 on November 30, 2009, 05:12:00 PM
So from what understand, this is just to dump the original firmware with key included of course.so in the past, we can "erase lite-on" and write with jungle flasher without this new method.
So is it possible for someone with more experience do this method to obtain the stock firmware and share with with others? Then we can just spoof the key from our dummy bin, erase and write back the original firmware?
Post by: gronned on November 30, 2009, 06:16:00 PM
1. Is soldering required, or do you think it will eventually be possible to flash without soldering?
2. Is there anything else that needs consideration before accomplishing this?
Post by: Traviss63 on November 30, 2009, 06:59:00 PM
Mad Kudos to all involved!
Post by: Toddler on November 30, 2009, 07:29:00 PM
QUOTE(caster420 @ Nov 30 2009, 02:39 PM)
I can tell you with all certainty, this is not how the firmware has been retrieved to date.
- snip -
Caster.
Thanks for clearing that up. The verbal sparring over at XBH is interesting, but it reminds me that it's usually best not to ask how the sausage is made.
Post by: kiwimods on November 30, 2009, 07:50:00 PM
QUOTE(rommy667 @ Dec 1 2009, 09:22 AM)
antz1970 thanks for the sound advice m8,guess I will wait it out and hope a simpler method shows up
that method is pretty simply, much easier than removing epoxy or decaping chips.
anyway you can load the dump of your firmware into jungle flasher target and it gives you your keys etc, you can even read the firmware with jungle flasher if you want.
power on drive with switch in pos 1 linking to ground.
send vendor intro device id
once vendor intro has been completed status 72 will exist, then you can flick the switch and then press read button in jungle flasher. save. easy as pie.
works will all drives even 93xxx it will not load as source you will have to use that key and serial number in the 83xx firmware and hex edit a bit.
ps this method has been around for a while, well actually it was slightly more complicated, i found out about it when i found that v2 83 drive, but was told to keep my mouth shut so more drives could hit the market. fair enough. however Microsoft would have know that this drive was hacked as that first 83v2 i found because it got banned from xbox live around 3 weeks ago. they would have know it had the new unmoddable drive in it, also they are aware of the way to exploit these drives before we are so no point getting nickers in a twist.
i can say without mentioning names that some members wanted to keep secret for financial gain with foundmy solution and others wanted to keep it secret so that more drives could hit the market, which was actually most members opinion
as far as im concerned, if someone spends hours trying to hack a drive and they finally figure it out then they should be able to charge a fee or ask a donation for a small time, then release to the public domain. keeping it secret to prevent microsft finding out is bull shit though. the know man they know.
Post by: doop on November 30, 2009, 11:13:00 PM
going to dump mine just for the hell of it.. cant believe its already been simplified to this level..
Post by: playerman on December 01, 2009, 12:12:00 AM
Post by: bananisch on December 01, 2009, 12:26:00 AM
be @ work
Post by: stacker69 on December 01, 2009, 12:41:00 AM
QUOTE(Ranger72 @ Dec 1 2009, 06:39 AM)
Yes soldering was required.
Thanks Ranger72!!!! I'm gonna get a conductive pen and look for a fine point soldering iron this weekend and I'll give it a go!
Post by: UnnA^ on December 01, 2009, 12:45:00 AM
Post by: stacker69 on December 01, 2009, 12:47:00 AM
QUOTE(UnnA^ @ Dec 1 2009, 06:45 PM)
When people say cut the lines, you literally take a sharp knife and cut the lines market then solder them back together when your done?
I think they just use a conductive ink to join the lines that has been cut.
Post by: kiwimods on December 01, 2009, 01:04:00 AM
QUOTE(stacker69 @ Dec 1 2009, 08:47 PM)
I think they just use a conductive ink to join the lines that has been cut.
just take a pin head and scratch the rest of the track to expose it then flux and use a dab of solder to rejoin it.
Post by: kiwimods on December 01, 2009, 03:59:00 AM
QUOTE(stacker69 @ Dec 1 2009, 09:12 PM)
UNREAL!!! Thanks for that. I just found my soldering iron that has a fine tip WOOHOO!!!! I can't wait for the weekend to come!!
One more thing kiwimods, will a conductive pen do the job too?
yeah but let it set/dry
Post by: wes302 on December 01, 2009, 04:50:00 AM
Post by: fatvince on December 01, 2009, 05:46:00 AM
Post by: caster420 on December 01, 2009, 06:34:00 AM
QUOTE(_MRA_ @ Dec 1 2009, 08:22 AM)
I don´t think this is true, although he stated this in detail in his first post, everyone knew already that we can access the SPI, if it is completely erased. This is how we flashed Liteons ever since the Key was dumpable via serial.
But to be fair, of course Geremia gave the initial kick to me to work further on this method. And with TMFs pinout of the MT1319 and the decap pictures it just took a few hours to get first results. Thank again, especially for the pinout, it would have taken hours to measure each pin on my own.
Again, I know the individual, have seen photos of his decaps and know that is how the firmware was retrieved. TMF's pinout has been available for a year now and, as you state, we know the the flash can be accessed once erased. Similar to the pinout, Geremia made his attempts over a year ago, as did others, and was not deemed a possibility. Thus, other methods, such as decapping, were used.
I am not trying to detract from what you, Geremia, TMF or others have done over the last week or so. I was simply refuting the fact that people were stating decapping never happened and that this method was kept private. When TMF discovered it, i dont know, but I can tell you that decaps would have never of been performed.
Caster.
Post by: Exobex on December 01, 2009, 07:16:00 AM
QUOTE(Toddler @ Dec 1 2009, 02:29 AM)
Thanks for clearing that up. The verbal sparring over at XBH is interesting, but it reminds me that it's usually best not to ask how the sausage is made.
What a stupid f***ing noob question, if you don't know how the sausage is made you shouldn't be here, go ask your dumb questions on sausage-scene.com. WE are the sausage hacksaws - sorry, HAX0RZ, you don't deserve sausage. You don't even deserve to LOOK at sausage. Newayz, gotta go, mom says it's bedtime kthxbai
- sorry, been reading too much on XBH!
Post by: caster420 on December 01, 2009, 07:49:00 AM
QUOTE(_MRA_ @ Dec 1 2009, 10:16 AM)
@Caster: I didn't wanna doubt your statement in any way! I just meant that the only thing Iriez and co can blame Geremia for was releasing some more info how to access the flash. And in my oppinion even that could be known by everyone interested in flashing. Maybe not so detailed (that the routine just checks the first 0x200bytes for FF) but that was not even important because with my method the routine reads he whole SPI as FF. So to clarify it was not meant to offend you!
I know and didn't mean to make my post seem as though I took offense. I agree 100% with what you've stated but I still think that is what Iriez was pissed about, although only he can state for sure.
Thanks again for the work and pics.
Caster.
Post by: The Dude Z on December 01, 2009, 02:42:00 PM
QUOTE(amak1131 @ Dec 1 2009, 12:28 AM)
Doesn't mean much. They could have a whole stock of drives and M$ is not going to trash them all because of a mod. They'll simply ban you when they catch you.
Umm MS doesn't have to trash the drives they would simply need to apply a patch to the FW for each drive prior to assembly in a 360.
I think that is prolly part of why Iriez was upset.
Now all MS has to do is patch this much like they did with the 85xxx V2 drive.
As soon as MS was aware of the back door in the 85xxx FW they patched it and you could no longer use the LO83 dump utility and calculate the key.
For those of you thinking MS won't patch this in the new 9xxxx FW you are sadly mistaken !
It took only a couple weeks for MS to change the FW on the 85xxx version back in end of July to Early august.
So really he is right guys.
The longer you could have kept this quiet the better for the community because the market would have become saturated then with mod capable 360's .
Now it will be patched and leave us all in the dark.
However when he says there is only so many holes he is right to an extent but every time they make a patch to it etc. It could open a new hole that wasn't there b4.
Much like the dash update that was vulnerable.
MS spent a lot of time making that update and the hackers found a new hole in it and unfortunately spilled the beans to MS.
MS then patched the hole and forced the update.
But then years later a new hole was found and it worked for the masses.
Point being this should have been kept quiet for the good of the scene.
At some point c4eva and team will get tired of trying to decap or back door their way into FW's for the good of the scene.
And now this easy back door he may have needed will be gone.
As to the foundmy.com solution and charging money back then.
$40 was steep !
Most modders don't even charge that for the entire mod !
Post by: _MRA_ on December 01, 2009, 03:19:00 PM
Post by: Exobex on December 01, 2009, 03:27:00 PM
Link to topic is on page 12 of the original XboxHacker topic.
Post by: ccfman2004 on December 01, 2009, 03:33:00 PM
QUOTE(Exobex @ Dec 1 2009, 11:27 PM)
1.6 for 83850v2 and 93450 have now been released.
Link to topic is on page 12 of the original XboxHacker topic.
What's the point if the firmware can be detected on LIVE. Why not just wait for LT?
Post by: Exobex on December 01, 2009, 03:42:00 PM
QUOTE(ccfman2004 @ Dec 1 2009, 10:33 PM)
What's the point if the firmware can be detected on LIVE. Why not just wait for LT?
Because not everyone's addicted to online gaming?
It's there because people wanted it, nobody's forcing you to install it.
Post by: ccfman2004 on December 01, 2009, 05:56:00 PM
QUOTE(Exobex @ Dec 1 2009, 11:42 PM)
Because not everyone's addicted to online gaming?
It's there because people wanted it, nobody's forcing you to install it.
I just thought is would be safer to wait since MS could theoretically add software to the next on disc update to check the firmware. Not that it will happen, I am just theorizing.
Post by: Exobex on December 01, 2009, 06:25:00 PM
QUOTE(ccfman2004 @ Dec 2 2009, 12:56 AM)
I just thought is would be safer to wait since MS could theoretically add software to the next on disc update to check the firmware. Not that it will happen, I am just theorizing.
Not everyone wants Live. In my experience there seem to be "pockets" of Live players who play with their mates, but loads more who don't give a toss about it. These are the ones who will be nagging their parents (or being nagged by their kids) to get the machine done in time for Christmas. For these, anything's better than nothing.
Looking at the Team Jungle Twitter page, LT's finished. Obviously it needs testing though, in other words letting it loose on a live environment (or in this case, a Live environment) and seeing if MS ban the consoles. Obviously a tough call for Team Jungle, because they've got hordes of people clamouring for the firmware, and sitting up behind those they've got MS, binoculars in one hand, ban hammer in the other. Of course, MS could also be resting their ban hammer because they know it's being put to the test!
I suppose TJ could release soon and note, in big, BIG letters, "CONNECT TO LIVE AT YOUR OWN RISK", but there'd still be arseholes griping when they flash it on release day and three days later get hoofed off. And of course, TJ would then be called the bastards for not testing enough!
Post by: ccfman2004 on December 01, 2009, 06:35:00 PM
Post by: ccfman2004 on December 01, 2009, 07:34:00 PM
QUOTE(iateshaggy @ Dec 2 2009, 03:31 AM)
i'm pretty sure c4 and friends are smart enough to test "unsafe" firmware at the same time they test lt to make sure the hammer isn't turned off.
I hope so.
But this testing has got to cost money since they are using so many xbox's
$200 per console.
Post by: killdanzig on December 03, 2009, 10:41:00 AM
making my debut here, hopefully i don't bring the noob quotient up too much
here is my story:
in sept bought a rrod 360 pro off ebay and got m$oft to repair for free.
as soon as i got the 360 back i flashed it and tried 1 game for 3 minutes time tops,(brutal legend) to make sure that i did it right. *this was only the 2nd 360 that i had flashed.*
the system has NEVER been online since receiving back from m$oft, and has NOT had another game in it since.
actually come to think of it, i'm not sure that the system has even been powered on since mid-october.
ever since my elite got pinched, i've been regretting flashing that pro.
now with this info, as i read it, i should be able to reflash that system back to "factory fresh" and use it like nothing (other than brutal legend) has happened? and hopefully without fear of a ban?
sorry for the long post, just want to make myself clear. hopefully i was able to achieve that...i am typing this instead of working at the moment. heehee.
Post by: iateshaggy on December 03, 2009, 01:49:00 PM
Post by: kcyyk on December 03, 2009, 04:35:00 PM
Post by: iglitare on December 03, 2009, 05:31:00 PM
QUOTE(kcyyk @ Dec 4 2009, 12:35 AM)
method-2. I try to solder the wire on the borad but very hard to stick. Any chemical or method can stick the wire on. Thank you very much!!
yes,of course you should first scratch off the soldering ink
Post by: kcyyk on December 03, 2009, 09:47:00 PM