Using a modified unlocker to retrive a 360 dvdrom drive's key?

[nokaktsawa]

Well, I'm not much of a technical guy yet, but I have a suggestion: I would like to know if it could be done.

Could there be any way to build a xbox360 unlocker that could retrieve the drive's key based upon the data sent by the drive?
I mean: I know that most of the communication during the disc authentication process in xbox360 is encrypted, but we know the algorytm it uses to encrypt the data, right? Well, then couldn't we retrieve the drive's key using the same algorytm on the encrypted data?
This solution could be very useful, especially for those who have a Toshiba-Samsung drive and can't softdump its FW.
Sorry if I wasn't clear enough, but as I said, I'm not much of a tech guy (and I'm NOT posting on the tech fourm, BTW)...

[BlueCop]

The Hitachi drives key is dumpable via software already. It uses some debug commands that were left in by the manufactorer

edit: sorry ethier i missed part of your post or you edited or somethign because now you posted about the TS and stuff. sorry if im repeating

[MacDennis]

Well, I'm not much of a technical guy yet, but I have a suggestion: I would like to know if it could be done.

Short answer: perhaps. Perhaps a TS debug command exists in the firmware which will transmit this key. Perhaps a TS debug command exists which allows you to dump the firmware. Problem is, not much is known about the TS firmware. People will have to do more research first on this drive. No, the key isn't transmitted during normal operation. No, you can't 'generate' the key from the encrypted communication. Most research has been going to the LG drive which is much more hack friendly.

[nokaktsawa]

No, you can't 'generate' the key from the encrypted communication.

That's exactly the answer I was looking for. I thought that knowing the data sent to the drive and knowing the encrypted "answer" it returns to the kernel, there would be a way to "elaborate" the key the drive used to encrypt that "answer".

And yes, my idea was to let the TS drive owners have a way to know their key without risking to damage the drive.

Thanks for your help, MacDennis

[Tiros]

Well, I'm not much of a technical guy yet, but I have a suggestion: I would like to know if it could be done.

Short answer: perhaps. Perhaps a TS debug command exists in the firmware which will transmit this key. Perhaps a TS debug command exists which allows you to dump the firmware. Problem is, not much is known about the TS firmware. People will have to do more research first on this drive. No, the key isn't transmitted during normal operation. No, you can't 'generate' the key from the encrypted communication. Most research has been going to the LG drive which is much more hack friendly.

Perhaps such a command is:
plscsi -vx "ff 08 05 00 05 01 03 00 04 07 01" -i x10 --please

[BlueCop]

Thanks Tiros looking forward to trying out the commad when i get home.

[dc_away]

any luck with this? its about time to read all of the plscsi thread... if i knew my key, i would confirm... i just dont want to pull my flash til i have the key