Post by: Ranger72 on April 08, 2011, 08:57:00 PM
Tried to read the complete firmware using the same method I used on the last 2 Slims with the USB Pro and after it dumps it wont open it saying "parse failed"
I am able to see the drive key in the command window and the JF log saves it but it wont open the firmware dump.
If I try to dump the key by using the "SlimKey" method I get error unable to get key.
Anyone else come across a Slim 9504 that is showing 0272 in the FW window in JF?
BTW this is a drive from a Slim in the new beta dashboard program.
This post has been edited by Ranger72: Apr 9 2011, 06:14 PM
Post by: Dark Mod on April 08, 2011, 09:24:00 PM
QUOTE(Ranger72 @ Apr 8 2011, 10:57 PM) 
Okay drive label is DG-16D4S FW Ver: 9504 manufactured April 2010 but in Jungle Flasher it shows as FW version 0272?
Tried to read the complete firmware using the same method I used on the last 2 Slims with the USB Pro and after it dumps it wont open it saying "parse failed"
I am able to see the drive key in the command window and the JF log saves it but it wont open the firmware dump.
If I try to dump the key by using the "SlimKey" method I get error unable to get key.
Anyone else come across a Slim 9504 that is showing 0272 in the FW window in JF?
BTW this is a drive from a Slim in the new beta dashboard program.
hmmmmm......this is new
Post by: Ranger72 on April 08, 2011, 09:41:00 PM
QUOTE(Dark Mod @ Apr 8 2011, 11:24 PM)
hmmmmm......this is new
Yea thats why I am trying to see if anyone else got a 9504 Liteon that reports with 0272 firmware in JF.
The only thing different with this drive over the last 2 Slim 9504 is that this one of from a console in the new beta dashboard program.
This drive is dated earlier than the other 2 so maybe it is from an earlier FW build than the official 9504.
Post by: syntaxerror329 on April 08, 2011, 09:45:00 PM
QUOTE(Ranger72 @ Apr 8 2011, 10:57 PM)
BTW this is a drive from a Slim in the new beta dashboard program.
Too bad you had not read the drive before installing the beta. Would be very interesting to see if drive fw got updated. I am sure we will here more about this soon.
Post by: Dark Mod on April 08, 2011, 09:49:00 PM
Post by: Ranger72 on April 08, 2011, 09:57:00 PM
QUOTE(syntaxerror329 @ Apr 8 2011, 11:45 PM)
Too bad you had not read the drive before installing the beta. Would be very interesting to see if drive fw got updated. I am sure we will here more about this soon.
I was not even going to do anything with this consoles drive. I just decided to go ahead and dump the firmware in case I ever decided to then came across this problem.
Yes I should have tried to dump it before the console got into the beta program but too late now.
I am just trying to find out if this is just a fluke drive or if it has something to do with the beta program. I just dont see them being able to or even want to mess with the drive firmware any. Remember this was a stock firmware when the update was applied.
Post by: Aldanga on April 08, 2011, 09:57:00 PM
Post by: BigSteel on April 09, 2011, 02:41:00 AM
[2011-04-09 06:53AM UTC] #maximuslizard <c4eva> beta dash flashes drive!
Post by: alanewake on April 09, 2011, 06:10:00 AM
please can you make-us a screen-shot please for Jungle Flasher with your drive firmware's version???
This post has been edited by alanewake: Apr 9 2011, 02:03 PM
Post by: syntaxerror329 on April 09, 2011, 07:41:00 AM
QUOTE(alanewake @ Apr 9 2011, 08:10 AM)
Hello man it's interesting
please can you make-us a screen-shot please for Jungle Flasher with your drive firmware's version???
What good will that do?
1) C4eva has pretty much confirmed this
2) This is Ranger72 we are talking about, if he says its real it is.
Post by: alanewake on April 09, 2011, 08:14:00 AM
QUOTE(syntaxerror329 @ Apr 9 2011, 02:41 PM) 
What good will that do?
1) C4eva has pretty much confirmed this
2) This is Ranger72 we are talking about, if he says its real it is.
Don't care man..I fully I believe him & I believe you..just want to see this new version of firmware into JF...
Regards
This post has been edited by alanewake: Apr 9 2011, 03:14 PM
Post by: Ranger72 on April 09, 2011, 09:12:00 AM
QUOTE(alanewake @ Apr 9 2011, 10:14 AM)
Don't care man..I fully I believe him & I believe you..just want to see this new version of firmware into JF...
Regards
People in the know is on this. To satisfy peoples interest here is a screen shot.
Post by: syntaxerror329 on April 09, 2011, 09:28:00 AM
Post by: Ranger72 on April 09, 2011, 09:50:00 AM
QUOTE(syntaxerror329 @ Apr 9 2011, 11:28 AM)
Looks photoshopped to me
think i did a good job?
Post by: moh.sakhaii on April 09, 2011, 09:51:00 AM
QUOTE(BigSteel @ Apr 9 2011, 12:11 PM)
According to C4Eva, the beta dash has the ability to flash the drive. When you think about the best protection M$ has is to make a drive that is flashable thru the 360. If it updates the fw with every boot (or something like that), bye bye hacked fw. Could be dangerous though if the flash fails halfway for some reason (ie. console gets powered off). Hope we find out more about this soon...
[2011-04-09 06:53AM UTC] #maximuslizard <c4eva> beta dash flashes drive!
Damn, if they do this, we are screwed for good
Post by: Dark Mod on April 09, 2011, 09:57:00 AM
QUOTE(moh.sakhaii @ Apr 9 2011, 11:51 AM)
Damn, if they do this, we are screwed for good
screwed is an understatement...more like raped without lube
Post by: moh.sakhaii on April 09, 2011, 10:06:00 AM
QUOTE(Dark Mod @ Apr 9 2011, 07:27 PM)
screwed is an understatement...more like raped without lube
Yeah, that would do some justice (IMG:style_emoticons/default/sad.gif)
Post by: Ranger72 on April 09, 2011, 11:11:00 AM
Post by: alanewake on April 09, 2011, 11:13:00 AM
Post by: dave11674 on April 09, 2011, 07:07:00 PM
so when it does flash the drie its with "your" modified firmware
just a thought
would be nice
dave
Post by: mikey63366 on April 09, 2011, 07:20:00 PM
Post by: juggahax0r on April 09, 2011, 09:37:00 PM
Seems like they are updating them to conform to their new disc standard. Whatever it is they are doing , it doesn't appear to be related to stopping mass piracy or unflashing your modded drives , just updating the drives FW to conform.
In another thread we are discussing this same issue , apparently if you have a modified FW on your drive the system update will fail , and if you flash back to stock then run the update it will work and flash your drive and you can then dump it and flash it again. It also appears to fail if you have no drive in at all , or a drive with the wrong key.
@Ranger - if you are unable to dump the FW after it's been updated through the system update then apparently whatever hole was open to get the fw without a hardware hack has been closed , or just another software method will need to be found. It seems the old 360s can just be reflashed so this must be related to the new slim drives.
Post by: arana on April 09, 2011, 09:37:00 PM
anyone knows if previous 9054 slims are also reflashable after update?
I have only read of people flashing back to lt+ with fats, not a single one i have read about doing it with slim, but if 0225 was more difficult to write to, my bet is 0272 would be even harder. i am sure they are already working on this, and i am also sure they wont release nothing before the official dash launch to prevent from MS doing it even harder for the final.
btw did you check the FW was not 0272 before updateing? and does this apply to fats? i would like to know what version the FAT reports after update, if they had OFW and what they report if they had CFW
This post has been edited by arana: Apr 10 2011, 04:43 AM
Post by: juggahax0r on April 09, 2011, 09:53:00 PM
QUOTE(arana @ Apr 9 2011, 11:37 PM)
well guys since its confirmed that after beta update you can reflash FATS back to whatever you had before, that gives me some relief, since drives are still reflashable it would be a matter of time (and i believe not much) before c4eva and team either fix the lt+ fw, modify the rootkit to report the right version (in case of slims), or just create another fw, they have already released 1 slim version so i believe they have the most of the work already done.
anyone knows if previous 9054 slims are also reflashable after update?
I have only read of people flashing back to lt+ with fats, not a single one i have read about doing it with slim, but if 0225 was more difficult to write to, my bet is 0272 would be even harder. i am sure they are already working on this, and i am also sure they wont release nothing before the official dash launch to prevent from MS doing it even harder for the final.
btw did you check the FW was not 0272 before updateing? and does this apply to fats? i would like to know what version the FAT reports after update, if they had OFW and what they report if they had CFW
http://forums.xbox-s...p;#entry4792002
This thread has some people doing some tests also on the update. Most of these are fats no slims.
Post by: -Gadget- on April 10, 2011, 05:16:00 AM
QUOTE(juggahax0r @ Apr 10 2011, 04:37 AM)
I'm pretty sure they are updating it with a file called oddupd.xex in the sys update file , I haven't looked in any other system updates so i don't know if that is a standard file or not , their are 3 of them oddupd1 , 2 ,3 respectably. Xextool reports it as a DLL , I think i saw a reference to it in the install_extender.xex i'll have to take another look.
Seems like they are updating them to conform to their new disc standard. Whatever it is they are doing , it doesn't appear to be related to stopping mass piracy or unflashing your modded drives , just updating the drives FW to conform.
<snip>
its a shame that early tests looks like its not possible to fix those consoles thats lost there key, but hopefully maybe in the future we can alter the sytem update files (with out breaking the signing) to get it to flash a drive with a wrong key (IMG:style_emoticons/default/smile.gif) (maybe having the key of all FFF's, all 000's could work ?)
This post has been edited by -Gadget-: Apr 10 2011, 12:16 PM
Post by: boflc on April 10, 2011, 08:50:00 AM
QUOTE(-Gadget- @ Apr 10 2011, 06:16 AM)
maybe in the future we can alter the sytem update files (with out breaking the signing)
not going to happen, unless you end up jeff-goldblum'ing the mothership in independence day.
Post by: juggahax0r on April 10, 2011, 08:57:00 AM
QUOTE(boflc @ Apr 10 2011, 10:50 AM)
not going to happen, unless you end up jeff-goldblum'ing the mothership in independence day.
Sounds like a plan to me.
Post by: xfxgames on April 10, 2011, 06:56:00 PM
Post by: Ranger72 on April 10, 2011, 07:56:00 PM
QUOTE(xfxgames @ Apr 10 2011, 08:56 PM)
Now for the logic guys! the secret may be easier than you think, why? we have a dashboard or Update 2.0.13141.0 Beta 2.0.13142.0 Beta Update the logic it stores the firmware file to update it can do so if dashboad take this and analyze this file may have an opening to and to update any console via USB drive and modify to update the firmware xxxx.xxxx ...... , which is understood at all get the firmware from microsoft and put the hacked firmware, when the dashboard is modified to install the firmware from microsoft it takes the firmware that was patched on the console and play it, it can be easier than this despair all that's happening. I think the most viable solution at this time. no cricket, only to get the dashboard to change the directory where this firmware, and put the hacked firmware ... if you delete all data from there it will put all that exists can be sure to update it and the stick and gets away with this agony, the dashboard can Flesher by usb! why not a hacked firmware on dashboad clear that for each console should create a program for patching the dashboard with the firmware. this can be a breeze for C4eva ..
Only thing you are forgetting is that if you alter just one bit of code in any of the dashboard update files it breaks the signature rendering the complete dashboard update file useless.
Post by: xfxgames on April 10, 2011, 09:07:00 PM
This post has been edited by xfxgames: Apr 11 2011, 04:11 AM
Post by: moh.sakhaii on April 11, 2011, 03:41:00 AM
QUOTE(xfxgames @ Apr 11 2011, 06:37 AM)
could have a way to update the firmware does not have to open the console, why? become routine! all the time will have to open the console to change the firmware, get the original and put the hacked total discomfort. everyone. I think the solution would be to flash the drive by the usb console would become easier and faster. with the information we have everything on the Internet become easier and faster, sort by flashing stick.
haha, you are high brother (IMG:style_emoticons/default/biggrin.gif) lol You can not change anything in an update, if you do it will be useless, because updates are signed by Microsoft, if we had the private key for signing the update files we would have simply create a custom firmware like what people did for the PS3, but no 360 remained secure in this regard, so no way.
Post by: KaISeR SoZEi on April 11, 2011, 08:52:00 AM
The good thing is microsoft included in this update all necessary routines for flashing Liteon/benq easily, we just have to apply it in a PC based program and we will have an easy way to flash our drives (IMG:style_emoticons/default/smile.gif)
So I hope the problem with CFW based console is a bug from the beta and will be changed in the final ( I prefer to have a machine flashed with OFW than bricked.. )
This post has been edited by KaISeR SoZEi: Apr 11 2011, 03:52 PM
Post by: juggahax0r on April 11, 2011, 12:04:00 PM
You can't upload shit like that here BTW , a mod will just delete your link. I'm also not going to download a random file to see what it is, that's how you get viruses. We can all use Xextool to get the FW files if we want too , it's in the system update.
Post by: moh.sakhaii on April 11, 2011, 12:10:00 PM
QUOTE(juggahax0r @ Apr 11 2011, 09:34 PM)
Yea their is another thread dedicated to "official" information on the drive flashing that is going on. I already posted 3 different times which files are doing the flash it's oddupd1 oddupd2 and oddupd3. Optical Disc Drive , pretty easy to deduce that.
You can't upload shit like that here BTW , a mod will just delete your link. I'm also not going to download a random file to see what it is, that's how you get viruses. We can all use Xextool to get the FW files if we want too , it's in the system update.
Sorry to ask such a noob question (IMG:style_emoticons/default/biggrin.gif) but are these files that you extract with xextool encrypted or not? I do not know much about xbox360 security, but it makes sense that these files should be encrypted ?? (IMG:style_emoticons/default/tongue.gif)
Post by: juggahax0r on April 11, 2011, 12:15:00 PM
QUOTE(moh.sakhaii @ Apr 11 2011, 02:10 PM)
Sorry to ask such a noob question (IMG:style_emoticons/default/biggrin.gif) but are these files that you extract with xextool encrypted or not? I do not know much about xbox360 security, but it makes sense that these files should be encrypted ?? (IMG:style_emoticons/default/tongue.gif)
The FW will disassemble on IDA i know that. The oddupd.xex's are in just the system update folder i believe, the FW file is a normal 256k FW , i would guess that it is blank seeing as how it wouldn't be able to have a DVD key yet , and so no it probably is not encrytped. I know it disassembles on IDA just fine.
xextool -r . oddupd.xex - this will dump the FIRMWARE to the directory you are in with the oddupd ,and if you put xextool in your path you can just jump around all you want and use xextool in any directory.
Post by: moh.sakhaii on April 11, 2011, 12:20:00 PM
QUOTE(juggahax0r @ Apr 11 2011, 09:45 PM) 
The FW will disassemble on IDA i know that. The oddupd.xex's are in just the system update folder i believe, the FW file is a normal 256k FW , i would guess that it is blank seeing as how it wouldn't be able to have a DVD key yet , and so no it probably is not encrytped. I know it disassembles on IDA just fine.
xextool -r . oddupd.xex - this will dump the FIRMWARE to the directory you are in with the oddupd ,and if you put xextool in your path you can just jump around all you want and use xextool in any directory.
Thanks for the info
but I do not understand the shi**y security Microsoft has used here 
they have given their precious system programs to others without any protection whatsoever 
Post by: juggahax0r on April 11, 2011, 12:49:00 PM
QUOTE(moh.sakhaii @ Apr 11 2011, 02:20 PM)
Thanks for the info
but I do not understand the shi**y security Microsoft has used here they have given their precious system programs to others without any protection whatsoever Well the Xex itself is not a normal Xex , you can't do much with it in XeXtool , as it doesn't have a valid PE basefile (so it says) , it also reads as a system file AKA dll. The Firmware file itslef , i would speculate gets encrypted at some point during the update when it adds your DVD key to it etc ... SO I don't think it is necessary for them to try to make it impossible for use to disassemble it , their job is to assume we can and make it work regardless , kinda like the HV.
Felix made this point in his C3 talk on the HV bug , without looking at the video the basic quote was about how even if your secrets are known your security should still work. Obviously having the private key would make that statement moot , but that key isn't anywhere on the system to retrieve it , only a hash to compare and check for validity of the xex signatures etc ... And after updating the 2BL even if you know your CPU key , and have a disassembled HV/Kernel you still can't hack it, so even though the 1bl key is known and we will go ahead and pretend you also have the CPU key , you still can't break the security because of the HV , and the updates made in the 2bl.
Sorry I didn't mean to take it that far off topic ... the point is still valid even when not discussing unsigned code , MS is going to assume their work can be disassembled , instead of assuming their encryption will stop anyone from seeing their code , they in turn make the code harder to exploit instead of making it harder to disassemble. Make Sense? Not saying they don't do both , Just saying they will have to assume at some point someone from the -scene- will reverse it , they need to make sure even when that happens they are still safe.
Post by: k0mpresd on April 11, 2011, 03:14:00 PM
then i dumped the key again using slim key and slim unlock then reflashed with 9504 lt+.
console boots ok and drive plays backups.
0000: 05 80 00 32 5B 00 00 00 - 50 4C 44 53 20 20 20 20 ...2[...PLDS
0010: 44 47 2D 31 36 44 34 53 - 20 20 20 20 20 20 20 20 DG-16D4S
0020: 30 32 37 32 00 00 00 00 - 00 00 00 00 00 00 00 00 0272............
0030: 00 00 00 00 41 30 41 30 - 00 00 00 00 00 00 00 00 ....A0A0........
0040: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0050: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
it seems my drive was updated to 0272 but i was still able to use slim key to get the key and to unlock the drive. and i reflashed the drive no problem with lt+.
This post has been edited by k0mpresd: Apr 11 2011, 10:22 PM
Post by: john2185 on April 11, 2011, 03:18:00 PM
It's confirmed by C4E himself BTW:
[2011-04-09 06:53AM UTC] <VGCrepair> that not possible unless the console is writting to the DVD drive
[2011-04-09 06:53AM UTC] <mib_2ikxl> yup i meant drive
[2011-04-09 06:53AM UTC] <c4eva> beta dash flashes drive!
So far it's confirmed for the slim drive 9504! The Phat ones are still in question and being tested...(04421C is the new fw for BenQ, 02510C for Phat LiteOn)
Oh and yeah you HAVE to keep your drive key saved before updating the dashboard or you'll lose access to your key! (Any Non-stock fw will have its key zeroed).
Another move from M$ I guess..
Edit: Not a security move though, apparently fw update is just to conform to the new XGD3 format... A new XGD3 CFW by C4E will probably follow.
heres the info source
http://team-xecuter.com/forums/showthread.php?t=63569
Post by: Ranger72 on April 11, 2011, 04:05:00 PM
QUOTE(k0mpresd @ Apr 11 2011, 05:14 PM)
i tried to update my slim with the disc and it did not update. so i flashed it back to stock and it updated ok.
then i dumped the key again using slim key and slim unlock then reflashed with 9504 lt+.
console boots ok and drive plays backups.
0000: 05 80 00 32 5B 00 00 00 - 50 4C 44 53 20 20 20 20 ...2[...PLDS
0010: 44 47 2D 31 36 44 34 53 - 20 20 20 20 20 20 20 20 DG-16D4S
0020: 30 32 37 32 00 00 00 00 - 00 00 00 00 00 00 00 00 0272............
0030: 00 00 00 00 41 30 41 30 - 00 00 00 00 00 00 00 00 ....A0A0........
0040: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0050: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
it seems my drive was updated to 0272 but i was still able to use slim key to get the key and to unlock the drive. and i reflashed the drive no problem with lt+.
Yes I figured as such. Only issue will be that when the new disk style comes out you wont be able to play them without ether going back to the stock 272 firmware or wait until something new comes out from C4eva.
Post by: Yamthief on May 29, 2011, 09:44:00 AM
QUOTE(k0mpresd @ Apr 11 2011, 09:14 PM)
i tried to update my slim with the disc and it did not update. so i flashed it back to stock and it updated ok.
then i dumped the key again using slim key and slim unlock then reflashed with 9504 lt+.
console boots ok and drive plays backups.
0000: 05 80 00 32 5B 00 00 00 - 50 4C 44 53 20 20 20 20 ...2[...PLDS
0010: 44 47 2D 31 36 44 34 53 - 20 20 20 20 20 20 20 20 DG-16D4S
0020: 30 32 37 32 00 00 00 00 - 00 00 00 00 00 00 00 00 0272............
0030: 00 00 00 00 41 30 41 30 - 00 00 00 00 00 00 00 00 ....A0A0........
0040: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0050: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
it seems my drive was updated to 0272 but i was still able to use slim key to get the key and to unlock the drive. and i reflashed the drive no problem with lt+.
So let me get this straight; did you spoof the 9504 LT+ 1.1 FW as "0272", with your usual drive key too, using hex editor?
And it boots all but upcoming disc waves? Boots AP2.5 Also?