Cracked Samsung SDG-605B/616T/616F Firmware for Xbox 1 - V2

[commodore4eva]

------------------------------------------------------
Cracked Samsung SDG-605B/616T/616F Firmware for Xbox 1
------------------------------------------------------

22 April 2006

Whats New
-----------------
Totaly re-done to read security sector from image, will now work with all games and xbox live.
Security sector moved to image
Security sector now read from  PSN $fd021e (originals) AND  PSN $f9fa00 (backups. This is the next sector after end of xbox game data.)
Patched read sector routine to work with originals and backups
Patched debug cdb command (FF 66 05 or FF 06 05) for bank 0 rom checksum check to return original bank 0 rom checksum. Possible xbox live checker
Extra debug cdb command found to unlock drive without any challenge response (FF 08 01)

Tested with unmodified xbox with copy of Halo 2 made using hot swap technique, clonecd, original dvd size was psn 30000-FCxxxxx. Added security secotr to image with hex editor at psn f9fa00

Also included security sectors from games

[edit SiliconIce: please, do not post links to this material - BIOS and Firmware images contain copyrighted code]



Dont forget to include per game security sector into image. If need be, will post firmware to easily return security sector data


This will be similar to our soon to be released xbox 360 firmware.

Steps to flash drive:
---------------------


1. Plug Samsung DVD drive into PC IDE port with power still from XBOX.

2. Use included MTK Win flash program and firmware file "SDG605b.bin" and flash the drive (I used ATAPI mode).

3. Plug back into XBOX and enjoy:)


Commodore4Eva

Commodore4Eva@hotmail.com

[BlueCop]

Excellent work. i looked forward to analyzing your patches and trying out the firmware.

[Arakon]

let's see if this one actually does something.. for everyone wanting to test: you will need a DL blank, the security sector location is on the second layer.

[Dzgx216]

Great show, Downloading the FW image tonight to Diff with the original!

[pash]

I hope this one is better then your first try @: http://www.xboxhacker.net/forums/index.php?topic=562.msg5339#msg5339 

Quote to first try from Speci:

Just like I expected, it's fake and a bad one too  Try to make it more real next time by including the CPR_MAI 
 
« Last Edit: March 28, 2006, 03:10:54 PM by TheSpecialist » 
 

PS: MTK Win flash IS NOT INCLUDED!

[uberfry]

anyone tried it yet???

edit:

This will be similar to our soon to be released xbox 360 firmware.

btw, weren't you the one who was saying that you decapped the x360 chips and found the security holes? (thread had been deleted within the same day it had been created i think)

[twizter]

question 1: is there a possibility of placing the SS location on Single Layer discs?
question 2: is a PPF patch a possible method for adding the SS to game images?

[commodore4eva]

Make sure you use dvd+r DL bit set to dvd-rom.
Security sector was put on second layer in preperation for xbox 360 disks.

[Arakon]

if you could post a firmware with the SS being on the first layer, I'd appreciate it. I'm not gonna waste an expensive DL disk just for testing, but I'm willing to try it if I can just use a normal dvd-r and could confirm wether this is valid or not.

[burgemaster]

Good work

Glad people are trying hard still

[pizzaman]

anyone got a diff link for it as cannot get from there

[twizter]

i mirrored the rar file at this url.

[edit SiliconIce: please do not post links to copyrighted materials. Firmware images contain copyrighted code]

[xDREAM]

if you could post a firmware with the SS being on the first layer, I'd appreciate it. I'm not gonna waste an expensive DL disk just for testing, but I'm willing to try it if I can just use a normal dvd-r and could confirm wether this is valid or not.

The SS adress is @ FDB5h in sdg605b.bin, you can change it yourself dunno if this will corrupt the crack or not.

[twizter]

xDREAM: could you describe the method you took to open the .bin and find out the address, if its too long, could you point me in the right direction?

[xDREAM]

xDREAM: could you describe the method you took to open the .bin and find out the address, if its too long, could you point me in the right direction?

Just search for bytes F9FA00 and there is only one location in the file that has those bytes. Altho im not 100% sure this is the right address to patch since i didnt look at the disasm

[Arakon]

problem is that this would likely break the checksum, and if it's the wrong adress, it could very well kill the drive for good.

[xDREAM]

problem is that this would likely break the checksum, and if it's the wrong adress, it could very well kill the drive for good.

Yup your right.. does the samsung have a checksum? Which is prolly disabled in this firmware anyways

[uberfry]

Extra debug cdb command found to unlock drive without any challenge response (FF 08 01)

could you please release the fw with that?

[TheSpecialist]

Took a quick look at it and I really don't see how this crack could ever work. What I do see is that the zip contains MS copyrighted stuff ...

[uberfry]

TS: nothing at all in it? or just the fact that it will never read sector fd021e?
im currently modding my 616, going to try this right after