Sie sind nicht angemeldet.

Lieber Besucher, herzlich willkommen bei: xboxhacks.de - Deutsches Xbox 360 und One Forum für News, Hacks & Co.. Falls dies Ihr erster Besuch auf dieser Seite ist, lesen Sie sich bitte die Hilfe durch. Dort wird Ihnen die Bedienung dieser Seite näher erläutert. Darüber hinaus sollten Sie sich registrieren, um alle Funktionen dieser Seite nutzen zu können. Benutzen Sie das Registrierungsformular, um sich zu registrieren oder informieren Sie sich ausführlich über den Registrierungsvorgang. Falls Sie sich bereits zu einem früheren Zeitpunkt registriert haben, können Sie sich hier anmelden.

Hoax

Administrator

  • Bestätigter Glitcher

Beiträge: 7 602

Registriert am: 8. Juli 2008

Wohnort: Oldenburg (Oldb)

Xbox One: Day One

Xbox360: Slim

Ich spiele z.Zt.: Xbox One

Danksagungen: 6442

  • Nachricht senden

(permalink) 1

Montag, 2. November 2009, 15:24

Xbox360 LiteOn/Samsung Linux Flashtools

Bei Bedarf umbenennen in .tar.bz2

(Möglicherweise lässt sich diese Methode auch mit der Gentoo LiveCD für die Xbox benutzen ?) Das wäre top! Nich gestestet

Zitat


DISCLAIMER: THESE PROGRAMS ARE RELEASED AS IS. USING THESE TOOLS MAY DAMAGE
YOUR COMPUTER AND/OR XBOX 360 DRIVE. I TAKE NO RESPONSIBILITY WHATSOEVER.

My work is based on the following programs and their authors deserve a lot of
respect.

DVDKey32 v0.8.1: Geremia, C4eva, Podger, Seventhson
Firmtool v1.3.1: Caster420
DosFlash v1.7: Geremia, Modfreakz, Kai Schtrom
JungleFlasher v0.0.43b: Team Jungle
Drive Serial Dummy.Bin Fixer: GiampyXBS, Oggy

... and anyone I might have forgot.


PREREQUISITES
-------------------------------------------------------------------------------

1) Connect the drive to your computer and power it up using your 360 or
a connectivity kit.


2) Find your ATA cmd base.

You can skip this step if you already know the command base for the port you
are using on your SATA controller.

If you boot Linux with your LiteOn drive connected and powered up you should
be able to find the ata cmd base by looking at the 'dmesg' content.

Try executing the two following lines. They _might_ give you a printout of
your ata cmd base (depending on SATA driver).

host:~>ATA_ID=`dmesg | grep ATAPI | grep DG-16D2S | cut -d . -f 1`
host:~>dmesg | grep "$ATA_ID: SATA" | sed -r 's/.*cmd (.*) ctl.*/\1/'
0x170
host:~>

This will only work if the boot messages are still present in the kernel
ring buffer. Booting with an erased drive without firmware won't work either.

lspci -vv as root and looking at your SATA controller might also give you
a hint of which I/O ranges are allocated by that specific hardware.


FLASHING A LITEON DRIVE
-------------------------------------------------------------------------------

1) Extract the drive key.

You might have to eject your drive tray and leave it half way out for this to
work on drives with original firmware.

host:~>./liteon_keyext -h
liteon_keyext v1.1b by ddl.
Key extractor for the Xbox 360 LiteOn drive (PLDS DG-16D2S).

Usage: ./liteon_keyext [options] <ATA command base> <serial device> [output dir]

Options:
-h Displays this text.
-n <times> Times to extract the key. (default: 6)
-d Only save dummy file.


This program needs to be run as root since we are going to do port I/O with
outb(), outw(), inb() and inw().

BE SURE TO ENTER THE CORRECT ATA COMMAND BASE FOR YOUR DRIVE!

host:~>sudo ./liteon_keyext 170 /dev/ttyUSB0 drive1
liteon_keyext v1.1b by ddl.
Key extractor for the Xbox 360 LiteOn drive (PLDS DG-16D2S).

Using ATA command base: 0x0170
Using serial device: /dev/ttyUSB0

Attempting to extract the key 6 times...

Attempt 1: EE B6 XX XX XX XX XX XX XX XX XX XX XX XX C6 C6
Attempt 2: EE B6 XX XX XX XX XX XX XX XX XX XX XX XX C6 C6
Attempt 3: EE B6 XX XX XX XX XX XX XX XX XX XX XX XX C6 C6
Attempt 4: EE B6 XX XX XX XX XX XX XX XX XX XX XX XX C6 C6
Attempt 5: EE B6 XX XX XX XX XX XX XX XX XX XX XX XX C6 C6
Attempt 6: EE B6 XX XX XX XX XX XX XX XX XX XX XX XX C6 C6

Sending identify request to drive...
Sending inquiry request to drive...
Extracting serial information from drive...

DVD Label: D60XXXXXXXXXXXXA1
OPT Label: 8F2XXXXXXXXXX4XX
PCB Label: S4P8XXXXXXXXXXXX82
HW Ver : A0A1

Wrote file: drive1/key.bin
Wrote file: drive1/identify.bin
Wrote file: drive1/inquiry.bin
Wrote file: drive1/dummy.bin

host:~>



2) Patch iXtreme firmware.

host:~>./ixfw_patch -h
ixfw_patch v0.5b by ddl.
iXtreme firmware patcher.

Usage: ./ixfw_patch [options] <ofw/dummy file> <ixtreme file> <output file>

Options:
-h Displays this text.
-t <l|s> Force drive type:
l, LiteOn drive.
s, Samsung drive.


host:~>./ixfw_patch drive1/dummy.bin fw/ix16-liteon-repack.bin drive1/patched_ix16.bin
ixfw_patch v0.5b by ddl.
iXtreme firmware patcher.

Identified firmware: iXtreme v1.6 12x (Lite-On)
Writing patched firmware: drive1/patched_ix16.bin
Success!

host:~>


3) Erase drive firmware.

BEFORE YOU DO THIS YOU HAVE TO BE SURE YOU HAVE YOUR DRIVE KEY SAVED SOMEWHERE.

host:~>./liteon_erase -h
Usage: ./liteon_erase [options] <ATA command base>

Options:
-h Displays this text.

host:~>

host:~>sudo ./liteon_erase 170
liteon_erase v1.0 by ddl.
Firmware eraser for the Xbox 360 LiteOn drive (PLDS DG-16D2S).

Status: 0xD0

host:~>

You should be okay if you get status 0xD0, 0x72, 0x80, 0xD1 or 0xF2.

No matter what status you get you should power cycle your drive and try to
flash it. If mtflash fails to enter vendor mode you should repeat the the
erase procedure.



4) Flash the patched firmware.

host:~>./mtflash -h
mtflash v0.8b by ddl.
Firmware flasher for drives with a MT13x9 chip.

Usage: ./mtflash [options] <r|R> <ATA command base> <output file>
./mtflash [options] <w|W> <ATA command base> <input file>
./mtflash [options] <e|E> <ATA command base>

Options:
-h Displays this text.
-p <0|1> Drive position. 0 for master, 1 for slave.
(default: 0)
-b Brute force MTK vendor intro.
-l List supported flash chip types.

host:~>

host:~>./mtflash -l

Name Vendor ID Device ID Size Type
--------------------------------------------------------------------------------
MXIC/Macronix(MX25L2005) 0xC2 0x11 262144 Serial
Winbond/NEX(W25P20/W25X20/NX25P20) 0xEF 0x11 262144 Serial
SST(39SF020) 0xBF 0xB6 262144 Parallel

host:~>

host:~>sudo ./mtflash w 170 drive1/patched_ix16.bin
mtflash v0.8b by ddl.
Firmware flasher for drives with a MT13x9 chip.

Sending MTK vendor intro... OK!
Reading flash vendor and device ID... OK!

Name: MXIC/Macronix(MX25L2005)
Vendor ID: 0xC2
Device ID: 0x11
Size: 4 banks (262144 bytes)
Type: Serial

Writing bank 0 ................ OK!
Writing bank 1 ................ OK!
Writing bank 2 ................ OK!
Writing bank 3 ................ OK!

Flash read-back checksum (datasum): 0x0B59

Flash write successful!

Sending MTK vendor outro... OK!

host:~>


mtflash will verify that all bytes has been written correctly. This is done
in the writing procedure.

If mtflash fails to enter vendor mode you should try to erase the drive again
and power cycle it.



FLASHING A SAMSUNG DRIVE
-------------------------------------------------------------------------------

1) Reading the original (or previously patched) firmware.

Depending on your firmware version you might have to unlock the drive before
proceeding.

Stock ms25: no unlock needed
Stock ms28: vcc trick (use -b option)
<= iXtreme 1.4: use 0800 DVD (activate.iso)
>= iXtreme 1.5: power up drive with tray half open

host:~>./mtflash -h
mtflash v0.8b by ddl.
Firmware flasher for drives with a MT13x9 chip.

Usage: ./mtflash [options] <r|R> <ATA command base> <output file>
./mtflash [options] <w|W> <ATA command base> <input file>
./mtflash [options] <e|E> <ATA command base>

Options:
-h Displays this text.
-p <0|1> Drive position. 0 for master, 1 for slave.
(default: 0)
-b Brute force MTK vendor intro.
-l List supported flash chip types.

host:~>

host:~>sudo ./mtflash -b r ec00 drive2/ofw.bin
mtflash v0.8b by ddl.
Firmware flasher for drives with a MT13x9 chip.

Power off the drive and turn it back on within 1 second.
Press CTRL-C to abort.

Brute forcing MTK vendor intro... OK!
Reading flash vendor and device ID... OK!

Name: SST(39SF020)
Vendor ID: 0xBF
Device ID: 0xB6
Size: 4 banks (262144 bytes)
Type: Parallel

Reading bank 0 ................ OK!
Reading bank 1 ................ OK!
Reading bank 2 ................ OK!
Reading bank 3 ................ OK!

Wrote flash content to: drive2/ofw.bin

Flash read checksum (datasum): 0xE067

Flash read successful!

Sending MTK vendor outro... OK!

host:~>


2) Patch iXtreme firmware.

host:~>./ixfw_patch -h
ixfw_patch v0.5b by ddl.
iXtreme firmware patcher.

Usage: ./ixfw_patch [options] <ofw/dummy file> <ixtreme file> <output file>

Options:
-h Displays this text.
-t <l|s> Force drive type:
l, LiteOn drive.
s, Samsung drive.

host:~>

host:~>./ixfw_patch drive2/ofw.bin fw/ix16-samsung.bin drive2/patched_ix16.bin
ixfw_patch v0.5b by ddl.
iXtreme firmware patcher.

Identified firmware: iXtreme v1.6 12x (Samsung)
Writing patched firmware: drive2/patched_ix16.bin
Success!

alfons:~/projects/xbox360tools/git>


3) Flash the patched firmware.

host:~>./mtflash -h
mtflash v0.8b by ddl.
Firmware flasher for drives with a MT13x9 chip.

Usage: ./mtflash [options] <r|R> <ATA command base> <output file>
./mtflash [options] <w|W> <ATA command base> <input file>
./mtflash [options] <e|E> <ATA command base>

Options:
-h Displays this text.
-p <0|1> Drive position. 0 for master, 1 for slave.
(default: 0)
-b Brute force MTK vendor intro.
-l List supported flash chip types.

host:~>

host:~>./mtflash -l

Name Vendor ID Device ID Size Type
--------------------------------------------------------------------------------
MXIC/Macronix(MX25L2005) 0xC2 0x11 262144 Serial
Winbond/NEX(W25P20/W25X20/NX25P20) 0xEF 0x11 262144 Serial
SST(39SF020) 0xBF 0xB6 262144 Parallel

host:~>

You do not have to explicitly erase the flash before the write since its done
automatically when you choose write.

host:~>sudo ./mtflash -b w ec00 drive2/patched_ix16.bin
mtflash v0.8b by ddl.
Firmware flasher for drives with a MT13x9 chip.

Power off the drive and turn it back on within 1 second.
Press CTRL-C to abort.

Brute forcing MTK vendor intro... OK!
Reading flash vendor and device ID... OK!

Name: SST(39SF020)
Vendor ID: 0xBF
Device ID: 0xB6
Size: 4 banks (262144 bytes)
Type: Parallel


Sending chip erase... OK!

Writing bank 0 ................ OK!
Writing bank 1 ................ OK!
Writing bank 2 ................ OK!
Writing bank 3 ................ OK!

Flash read-back checksum (datasum): 0x763D

Flash write successful!

Sending MTK vendor outro... OK!

host:~>



WHAT ABOUT OTHER DRIVES?
-------------------------------------------------------------------------------

BenQ
----
mtflash could probably be adapted to support the Xbox 360 BenQ drive quite
easily since it also has an embedded SPI flash chip. Though, I would need a
BenQ drive to do that...

Hitachi
-------
The Hitachi drives would require completely different methods. I think
SeventhSon has done some work in this area...

CONTACT
-------------------------------------------------------------------------------

Feel free to contact me if you have any questions, comments or a spare drive
laying around that you would like to donate to science :) I would really
appreciate if someone has a BENQ drive that they are willing to donate!


--

mail: ddl4321@gmail.com
irc: #xbox360tools @ efnet





Zitat



-------------------------------------------------------------------------------
build_20090520
-------------------------------------------------------------------------------

Included programs:

liteon_keyext 1.1b
ixfw_patch 0.5b
liteon_erase 1.0
mtflash 0.8b


mtflash
-------
* Added support for parallel flash SST(39SF020) (found in Xbox360 Samsung
drives).
* Added -b option that can be used to unlock drive using the quick
power cycle trick on VIA and Nforce chipsets.

ixfw_patch
----------
* The program will now identify the source CFW by MD5. Some sanity checks on
the source OFW has also been added.
* Added support for patching Samsung iXtreme firmware.
* Added -t option to force a specific firmware vendor type. Can be used to
bypass sanity checks.

liteon_keyext
-------------
* Removed redundant call to open() on serial device.
* Added -d option that will omit identify, inquiry and key files. Only the
dummy file will be saved when this option is used.
* Fixed a bug in the key validation routine that made it possible for an
invalid key to pass as valid.
* Serial device is now read to discard all eventual junk on the serial device
before each key extraction attempt.

»Hoax« hat folgendes Bild angehängt:
  • gaokbaabh.jpg
»Hoax« hat folgende Dateien angehängt:
Signatur von »Hoax«
Xbox Live Gold günstig verlängern

KEINE HILFE ZU FRAGEN PER EMAIL/PN - HILFSANFRAGEN WERDEN IGNORIERT

Social Bookmarks

Die hier veröffentlichten Texte stellen die Meinung des jeweiligen Autors dar. xboxhacks.de oder die Betreiber haften nicht! Weiterhin ist eine Nutzung dieser Texte ausschließlich
mit einer schriftlichen Genehmigung des jeweiligen Autors gestattet. Ist diese Genehmigung nicht erteilt, stellt dies einen Urheberrechtsverstoß dar, der u.U. rechtliche Folgen mit sich zieht!