Zeus
04-26-2006, 08:19 AM
A while ago we reported on <A href="http://www.maxconsole.net/?mode=news&newsid=6787" target="_blank">the Cracked Samsung SDG-605B/616T/616F Firmware for Xbox 1 - V2</a>. The v2 release, now looks like its officially confirmed working - it took some time to confirm this hack as it required raw dumps, patching and DVD-DL discs.
Whats New
Totaly re-done to read security sector from image, will now work with all games and xbox live.
- Security sector moved to image
Security sector now read from PSN $fd021e (originals) AND PSN $f9fa00 (backups. This is the next sector after end of xbox game data.)
- Patched read sector routine to work with originals and backups
- Patched debug cdb command (FF 66 05 or FF 06 05) for bank 0 rom checksum check to return original bank 0 rom checksum. Possible xbox live checker
- Extra debug cdb command found to unlock drive without any challenge response (FF 08 01)
- Tested with unmodified xbox with copy of Halo 2 made using hot swap technique, clonecd, original dvd size was psn 30000-FCxxxxx. Added security secotr to image with hex editor at psn f9fa00
- Also included security sectors from games
- Dont forget to include per game security sector into image. If need be, will post firmware to easily return security sector data
- This will be similar to our soon to be released xbox 360 firmware.
Steps to flash drive:
1. Plug Samsung DVD drive into PC IDE port with power still from XBOX.
2. Use included MTK Win flash program and firmware file "SDG605b.bin" and flash the drive (I used ATAPI mode).
3. Plug back into XBOX and enjoy:)
Just a quick note to the specialist and others
1 - No cpr mai - not required in this firmware, backups boot fine on unmodified xbox
2 - No call to $fda0 - a simple disassemble at patch point $8ffd shows the ljmp $fda0, to say this is never caled is saying the security sector is never read - is there another motive here - M$
A lot of timea nd effort has been put into this firmware release to get familiar with this chipset for the next challenge (Xbox 360) and for the benefit of all being a public release. This firmware works 100% if you test it, please dont comment if you havent tried it.
Will release the firmware for the now software flashable 360 (Toshiba/Samsung drive) very soon, ill keep you all posted.
Things are moving quickly, patched security sector routine. Security sector now also read from $FB04E0, this is the next sector after xbox 360 game data.
Many debug cdb commands found including the firmware checksum routine which will be patched for xbox live checker, other debug commands will be patched as they return values from disk.
Interesting that the firmware checks for version of security sector data at $065f in SS data, being 01 (xbox) or 02 (360). Read sector routine patched to read from originals and copies. I am working on it and it should be completed soon.
News Source: <A href="http://www.xboxhacker.net/index.php?option=com_smf&Itemid=33&topic=684.0" target="_blank">XboxHacker.net</a> (Official confirmation in this thread of the original Xbox firmware hack working and technical information.)
Whats New
Totaly re-done to read security sector from image, will now work with all games and xbox live.
- Security sector moved to image
Security sector now read from PSN $fd021e (originals) AND PSN $f9fa00 (backups. This is the next sector after end of xbox game data.)
- Patched read sector routine to work with originals and backups
- Patched debug cdb command (FF 66 05 or FF 06 05) for bank 0 rom checksum check to return original bank 0 rom checksum. Possible xbox live checker
- Extra debug cdb command found to unlock drive without any challenge response (FF 08 01)
- Tested with unmodified xbox with copy of Halo 2 made using hot swap technique, clonecd, original dvd size was psn 30000-FCxxxxx. Added security secotr to image with hex editor at psn f9fa00
- Also included security sectors from games
- Dont forget to include per game security sector into image. If need be, will post firmware to easily return security sector data
- This will be similar to our soon to be released xbox 360 firmware.
Steps to flash drive:
1. Plug Samsung DVD drive into PC IDE port with power still from XBOX.
2. Use included MTK Win flash program and firmware file "SDG605b.bin" and flash the drive (I used ATAPI mode).
3. Plug back into XBOX and enjoy:)
Just a quick note to the specialist and others
1 - No cpr mai - not required in this firmware, backups boot fine on unmodified xbox
2 - No call to $fda0 - a simple disassemble at patch point $8ffd shows the ljmp $fda0, to say this is never caled is saying the security sector is never read - is there another motive here - M$
A lot of timea nd effort has been put into this firmware release to get familiar with this chipset for the next challenge (Xbox 360) and for the benefit of all being a public release. This firmware works 100% if you test it, please dont comment if you havent tried it.
Will release the firmware for the now software flashable 360 (Toshiba/Samsung drive) very soon, ill keep you all posted.
Things are moving quickly, patched security sector routine. Security sector now also read from $FB04E0, this is the next sector after xbox 360 game data.
Many debug cdb commands found including the firmware checksum routine which will be patched for xbox live checker, other debug commands will be patched as they return values from disk.
Interesting that the firmware checks for version of security sector data at $065f in SS data, being 01 (xbox) or 02 (360). Read sector routine patched to read from originals and copies. I am working on it and it should be completed soon.
News Source: <A href="http://www.xboxhacker.net/index.php?option=com_smf&Itemid=33&topic=684.0" target="_blank">XboxHacker.net</a> (Official confirmation in this thread of the original Xbox firmware hack working and technical information.)