Welcome to Doom9's Forum, THE in-place to be for everyone interested in DVD conversion. Before you start posting please read the forum rules. By posting to this forum you agree to abide by the rules. |
8th April 2007, 19:30 | #62 | Link |
Registered User
Join Date: Jan 2007
Location: Tel-Aviv, Israel
Posts: 185
|
Ok, just a small modification
Try compiling and running this, giving it an argument of a filename: Code:
#include <stdio.h> int main(int argc, char **argv) { int foo = 0, bar = 0; FILE *outfid; if (argc > 1) { if ((outfid=fopen(argv[1],"wb"))==NULL) { fprintf(stderr,"Error: cannot write to '%s'\n",argv[1]); return(1); } } if (argc > 1) { fprintf(outfid,"set PLSCSI=\\\\.\\E:\n"); fprintf(outfid,"plscsi.exe -v -p -x \"1D 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00\" -f DFenable.bin -o x8\n"); } else { fprintf(stdout,"set PLSCSI=\\\\.\\E:\n"); fprintf(stdout,"plscsi.exe -v -p -x \"1D 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00\" -f DFenable.bin -o x8\n"); } for (foo = 2097152; foo < 3145728; foo = foo + 2048) { if (argc > 1) { fprintf(outfid,"plscsi.exe -v -p -x \"DF00E20000 %x %x\" -i x800 -t %x.bin\n",foo, (foo+2048-1), foo); } else { fprintf(stdout,"plscsi.exe -v -p -x \"DF00E20000 %x %x\" -i x800 -t %x.bin\n",foo, (foo+2048-1), foo); } } if (argc > 1) { fclose(outfid); } return 0; } Code:
hostname$ gcc -o plscsi_foo plscsi_foo.c hostname$ ./plscsi_foo runme.bat hostname$ head runme.bat set PLSCSI=\\.\E: plscsi.exe -v -p -x "1D 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00" -f DFenable.bin -o x8 plscsi.exe -v -p -x "DF00E20000 200000 2007ff" -i x800 -t 200000.bin plscsi.exe -v -p -x "DF00E20000 200800 200fff" -i x800 -t 200800.bin plscsi.exe -v -p -x "DF00E20000 201000 2017ff" -i x800 -t 201000.bin plscsi.exe -v -p -x "DF00E20000 201800 201fff" -i x800 -t 201800.bin plscsi.exe -v -p -x "DF00E20000 202000 2027ff" -i x800 -t 202000.bin plscsi.exe -v -p -x "DF00E20000 202800 202fff" -i x800 -t 202800.bin plscsi.exe -v -p -x "DF00E20000 203000 2037ff" -i x800 -t 203000.bin plscsi.exe -v -p -x "DF00E20000 203800 203fff" -i x800 -t 203800.bin hostname$ |
8th April 2007, 19:59 | #68 | Link |
Registered User
Join Date: Sep 2006
Posts: 390
|
@Geremia: I know you're busy doing something else. But maybe you can answer this when you have time for it:
This is regarding checksum bytes and where they are stored in the fw: I can find the 16 checksum bytes for 0000-3FFF (starting at 00003FF0) I can find the 16 checksum bytes for 10000-DFFFF (starting at 000DFFF0) I can find the 16 checksum bytes for the bootloader (starting at 000FDBF0). I guess these are the most important areas. But when looking at the region 8000-BFFF there appear to be no valid 16 checksum bytes at the end. And when checking myself (with proggy) they don't validate (while the above three do). Also with E0000-EFFFF. Any idea if these areas really are XOR checksummed (aswell as SUM)? And if so where these 16 bytes should be? I guess this is low priority . arnezami Last edited by arnezami; 8th April 2007 at 20:22. |
8th April 2007, 20:35 | #69 | Link |
Registered User
Join Date: Feb 2007
Posts: 71
|
Thanks awhitehead for the bat creator
i've added the cat stuff http://www.sendspace.com/file/cezdih fwdump.bat driveletter it dumps all the firmware, included unique areas P.S.: byteswapping is only needed if you read the flash by external programmer @ arnezami fwpart4 is unknown for me, but i'll take a look after dinner (10minutes lol) |
8th April 2007, 21:58 | #71 | Link | |
Registered User
Join Date: Sep 2006
Posts: 390
|
Quote:
Here is fwchecksum.exe. It will calculate the (new) 16 bytes checksum and the (new) sum correction value. It ignores the current 16 byte checksum and sum correction values (the old ones still present in the file). It does this for three different areas: In other words: when you change something in any of these areas and run this proggy you can replace the 16 bytes + sum correction value and it should flash without error . I'm a bit sleepy at the moment so I hope I didn't make any mistakes . Fingers crossed... Regards, arnezami PS. Currently I'm not actually doing the scrambling stuff which limits this proggy to this revision atm. [edit] Almost forgot: the flash dumper (+script) works!!! Last edited by arnezami; 8th April 2007 at 22:30. |
|
8th April 2007, 22:45 | #72 | Link |
Registered User
Join Date: Feb 2007
Posts: 71
|
your fwchecksum works!!!!! just flashed a patched and rechecksumed fw great job man! BTW, there is another DF command to dump the flash without unique area, i'll check it, it can be usefull to compare with a modified fw to see if it's safe to flash, or if is another fw revision etc... |
8th April 2007, 22:56 | #73 | Link | |
Registered User
Join Date: Sep 2006
Posts: 390
|
Quote:
Seems we have beaten the Xbox 360 HD DVD hands down. We should be proud. arnezami |
|
8th April 2007, 22:58 | #74 | Link | |
Registered User
Join Date: Feb 2007
Posts: 49
|
Quote:
Also when the HD-DVD recorders become accessible and the media price is lowered, it would be preferable to just record it than to reencode it to x264. EDIT: Great news!!! Last edited by bcrabl; 9th April 2007 at 09:14. |
|
8th April 2007, 23:38 | #76 | Link |
Registered User
Join Date: Mar 2007
Posts: 1
|
I like you all !
AACS must be hacked !
It's an important demonstration who has got the MIGHT ! Can some intelligent guys win the fight against the consortium of five or six gobal companies with billions of money ? It's in a certain sense like a "war". Can the companies build the "walls" that high, that nobody can go over it ? And it's the "second war", after the "first war" the industry lost because of DeCSS....But this time, with AACS, the "weapons" on both sides are even stronger than before... I BELIEVE IN YOU ALL, nothing is more exciting to read the news on doom9... |
9th April 2007, 00:38 | #78 | Link |
Registered User
Join Date: Feb 2007
Posts: 71
|
The volumeID patch is not something usefull, it's just a proof of concept, anyway if anyone interested, here it is (rechecksumed with great arnezami app)
*removed, not needed anymore* Dump your own firmware, store a copy in safe place, apply the ppf on a copy of your firmware, flash it back with WinVUP. If your drive fw is different from the fw the patch was build for (MC08), the patched firmware will have the sum and xors incorrect and will not be flashed, so it's quite safe. to take a look at VolumeID: plscsi.exe -v -x "AD 00 00 00 00 00 00 80 00 24 00 00" -i x24 Last edited by Geremia; 17th April 2007 at 14:58. |
9th April 2007, 00:54 | #79 | Link |
Registered User
Join Date: Feb 2007
Posts: 71
|
member xt5 from xboxhacker provided a tool to automatically enable DF and dump any area space , much appreciated
http://www.xboxhacker.net/index.php?...44556#msg44556 to dump fw: dump.exe driveletter firmware.bin 0x200000 0x100000 |
|
|