Extracting key, spoofing firmware and flashing XBOX 360 Lite-on DVD drive using JungleFlasher in Windows (No PC Freezing)

From TIAO's Wiki
Jump to: navigation, search

10 PCS, 10cm x 10cm, 2 layers prototype for $38.80 shipped!









Buy Game Console Adapters from http://www.easymg.com or http://www.diygadget.com

Why you need to extract the key?

The newer XBOX 360 comes with lite-on DVD drive. It is impossible do dump the firmware from these lite-on DVD drives. However, a new method was developed so you can at least extract the DVD key / identification from these lite-ons. You can then use the key/identification to spoof iXtreme and flash the spoofed iXtreme to a SAMSUNG/LG/BENQ or even the original Lite-on (after Dec 24/2008).

If you have a new liteon DVD drive FW version 83850c:

How to check you have a 83850C liteon

You do not need to use the key extractor (USB or Serial version), you can get the key w/o this probes. Please check this tutorial for details: Extract Liteon 83850C Key


Lite-On DG16D2S

This drive started to appear in machines manufactured after 20th April 2008 (2008-04-20).

Here is how to figure out whether you have a lite-on or not:

  1. Remove XBOX 360 front Faceplate
  2. See which colour the wires are in the hole under the DVD Tray
  3. Yellow wires: you have lite-on DVD drive
  4. White wires: you have BENQ drive

Lite on DVD has yellow wire

You can also search on [XBOX 360 DVD Drive Database] for more information.

Executive Summary

These are the steps you need to perform:

  • Install required drivers
  • Run JungleFlasher to get the key and dummy.bin file
  • Replace the driver with [uniATA driver] so it won't freeze your PC after you erase the firmware
  • Launch JungleFlasher to erase the firmware
  • Use JungleFlasher to write the hacked firmware

You can do all these in Windows, and you don't need to reboot your machine and your PC won't freeze up. Thanks to uni-ATA driver!

Tools required

In order to get the key and flash the DVD drive to a spoofed iXtreme firmware, you will need the following tools or components:

  1. XBOX 360 case opening tool with TORX bit. Buy from [here] or [here]
  2. Access to your PC's native SATA port, or a PCI to SATA card. A VT6421A powered PCI to SATA card works best. USB to SATA convert does NOT work. Buy VT6421A PCI to SATA controller card from [here] or [here]
  3. A XBOX DVD power adapter. Buy from [here], [here],[here, [here], [here]
  4. A USB version of TIAO's Lite-on DVD key extractor. Buy from [here] or [here] or serial version of TIAO's Liteon DVD key extractor. Buy from [here], [here], [here] or [here]
  5. JungleFlasher, a software used for extracting the key, spoof the firmware and flash the DVD drive. Download from [here]
  6. PortIO32, a library for accessing COM/LPT ports in Windows. This is part of the JungleFlasher above.

To make your life easier, we have created a package, contains the XBOX 360 Connectivity Kit V3 and USB version of lite-on DVD drive key extractor [here]

We also have a Connectivity Kit with Serial Key extractor as a package, it's available at [here] and [here]

OK. Let's get started!

Install required hardware and software

Driver installation

This step is for USB version of the key extractor. If you are using serial version of the key extractor, you can skip this step.

Before you plug TIAO's liteon key extractor to you PC, you will first need to install the driver on your PC. Of course, once it is installed, you don't need to install it again. Please don't plug the key extractor to your USB port before you have the driver installed. The driver can be downloaded at [here]. UnRAR the file and run the install program to install the driver.

Please remember to restart your PC once the driver is installed.

PCI to SATA card installation

If you need to install VT6421 PCI to SATA card to your PC, please following the instructions [here].

Prepare Liteon DVD drive

Now you should have drivers installed and have access to you SATA card.

First, following the instructions [here] and [here] to get the Liteon DVD drive from your xbox 360.

Then, download required JungleFlasher and unzip it to a empty directory.

Run PORTIO32.exe, you will see the following screen:

PortIO32.jpg

Once you have everying ready, turn off your PC.


Get the key, dummy.bin and other files

Connect everything together

Cconnect one end of TIAO's DVD power adapter to one of your free Molex 4P connector, and another end to your Liteon DVD drive. Make sure the power cable is plugged in the right direction. Now connect your liteon DVD drive to your SATA card via the supplied SATA cable. Slide the DVD power button to the OFF position. Double check the connections and make sure the DVD adapter does NOT touch any part of your PC, especially the metal case. Double check again to make sure everything is correct as pic showed below:

Connect everything together
Connect everything together closeup

Tray half way in

Now, power on your PC.

Plug the TIAO's USB key extractor to your PC's free USB port if it is not already done:

Plug TIAO's USB Key extractor to the USB port

Or if you have a serial key extractor, plug it to one or your free serial port:

Plug DB9 version addon to your native COM port

Power on the DVD adapter by sliding the power button to ON position then hit the eject button on the DVD adapter, the DVD tray will eject. If you have a DVD adapter without power switch, just simply plug the molex plug to the dvd power adapter. Then hit the eject button, the DVD tray will eject:

Eject the tray

Once the tray is out, turn off the DVD driver by sliding the power button to OFF position, or unplug the Molex cable to the adapter:

Eject the tray then power off

Now, manually push the tray half way in:

Manually push the tray half way in

Then power on the driver again by sliding the power button to the ON position, or plug the Molex cable back to the DVD adapter:

Power on liteon again

Now bring up Jungleflash. Click on the DVDKey32 tab, JungleFlash should automatically detect your SATA port and COM port. If you don't see they are listed, scroll down the IO Port drop down, select one by one, eventually it will detect your VIA SATA card. For COM port, since you already know the port number, if JungleFlasher doesn't detect it for you, you can just manually select it. If you have native serial port, most likely the port will be COM1 or COM2. If you use our USB version of the extractor, the port will be COM3 or COM4, really depending on you machine. But you can go to device manager to check it out.

launch JunfleFlasher, go to DVDKey32 Tab


Then place the probe on the bottom pad of R707, there is a little spring inside the probe, you will feel it:

Hold the probe on top of bottom pad of R707

Now use you other hand to click the "Get Key, create dummy.bin, open as source" button on JungleFlasher:

Get key and dummy

Providing serial connection was good, DVDKey32 will dump the key 6 times and compare each dump –then prompt you to save key.bin, inquiry.bin, identify.bin and dummy.bin. Of course, should you have enabled the ‘ Dummy.bin Only’ option you will only be prompted to save Dummy.bin.

Save files

Files are saved:

Files are saved

Now if jungleFlasher ask your to whether load the ixtreme bin file, answer no, and quit JungleFlashe. But remember where you saved your dummy.bin and key files. You will need them later on for sure.

Replace SATA driver with [uniata driver] so it won't freeze your PC

This part is critical. This step is to make sure your PC won't freeze up after you erased your DVD's firmware.

Disable your VIA SATA card

Go to the control panel of PC, double click on System, click on Hardware tab then click on Device Manager. In Device manage, find the VIA SATA card, right mouse click on it, and select properties:

Right mouse click to check the SATA card proterties

Then click Driver tab and click on Driver Details button:

Driver Details

In the following dialog, you will see the location for your via SATA driver. Write down the directory path to that file, you will need it later on. In my example, it is C:\windows\system32\drivers\viamaid.sys:

Location to the VIA SATA driver

Now close that dialog. The next step is to disable the VIA SATA card so you can swap the driver. Select the via sata card, right mouse click and select disable:

disable VIA SATA card

Windows will ask you to confirm, answer yes. Then you pc will freeze for a second or two, after that you PC will be back to normal and you will see the card is disabled:

The card is disabled

Swap the driver

You need to replace the original driver with the [uniata] driver. To make your life easier, we have uploaded the driver file only to our download sever. It's [http://www.tiaowiki.com/download//file.php?id=8], the file name is viamraid.sys.no_freeze.sys. Save this file to the directory contains the original via driver, in my case, it is in c:\windows\system32\drivers directory. I renamed it as viamraid.sys.new when I saved it. The size of the new driver is 129K:

Driver directory

Then, rename the original driver to viamaid.sys.old (73K) and rename the downloaded driver to viamraid.sys (129K):

After rename


Re-enable the VIA SATA card

Now you need to go back to Device Manager to re-enable the VIA sata card. Your PC may freeze for one second or two but it will be back to normal:

Re-enable the VIA SATA card

Once the card is re-enabled, your PC may bring up a window, ask you if you want to install a new driver, click on Cancel button:

Cancel new driver install, it is not needed

Now you have swapped the driver for your VIA card.

Spoofing the firmware, erase the flash and write the new firmware

This is the final step :-) keep up the good work!

Spoofing the firmware

Now, in File Explore, locate the directory of JungleFlasher, copy the ixtreme firmware to "firmware" directory, see pic below:

Copy ixtreme to firmware directory inside JungleFlasher

Now, bring up JungleFlasher, click "Load Source Firmware" button, then select the dummy.bin you just saved in the previous step, then it will ask you whether you want it to automatically spoof the target firmware, you answer yes. Because you have already copied ixtreme to the firmware directory in the previous step. Now you have your firmware spoofed. Double check everything, make sure it is correct:

firmware spoofed


Erase firmware

OK, you have firmware ready, you can erase the firmware now. Click on "MTK Flash 32" tab, make sure the SATA port is correct and all other information is correct, then click "Lite-On Erase" button. JungleFlasher recommend to power cycle when you see dots on the screen to preventing your computer from freezing. You don't need to do it here. Since the VIA SATA card's driver is replaced already, you don't need to power cycle it in the middle and your PC won't freeze up. Wait when the dots finishes, you will see something similar to this:

First erase

You notice that erase failed. No worries, now you need to power cycle the drive. Either power it off by sliding the power button to OFF position then ON position, or unplug the molex cable and re-plug the molex plug, then click "Lite-On Erase" button again, you may see something similar to this:

Second erase

Getting better, but still not good, because the flash chip is not identified yet. Again, power cycle the drive again, click on "Lite-On Erase" again:

Finally it's ok!

Wow, now we see the chip is being identified and the return code is 0x72! This is what we need! You have now successfully erased the firmware. I usually get a good erase after 3 attempts, you may need more or less. The key here is, don't power cycle in the middle, but power cycle after the erase command finishes, eventually you will get there and your PC won't freeze!

Write the firmware

OK, this step is easy, just click on "Write" button:

Write the firmware

It will take a few seconds, and make sure all banks have no errors and the verification is OK. (See pic above). Now you have finally flashed your liteon with ixtreme!

You now can reset the drive by clicking "Outro/ATA reset" button, JungleFlasher will send a reset command to the dvd drive, so you don't have to power cycle it:

Reset drive

After the drive is reset, you will notice the driver properties is not in vendor mode anymore. You are all set!

Finish it up

You have done with your Liteon DVD drive, but your PC is not done yet :-) remember the swapped VIA driver? You need set it back. So go to Device manager, disable the SATA card, then go to c:\windows\system32\drivers directory, rename viamraid.sys (129K) to viamraid.sys.nofreeze, then rename viamraid.sys.old back to viamraid.sys. Last step is go to Device manager again to enable the SATA card.

Summary

Credit should go to [UNIATA SATA driver]. This driver makes our life so easy!

By following the method above, you can flash your Liteon dvd drive in Windows, and you don't need to restart your PC and the good thing is, you PC won't freeze!

We have flash many drivers with is method in windows, no single freeze up!

We hope to hear from your feedback on the tutorial, so if there is anything you want to mention, please open a ticket at http://www.csbooth.com

Thank you for reading this tutorial. Have fun with your toy!



Buy Game Console Adapters from http://www.easymg.com or http://www.diygadget.com



10 PCS, 10cm x 10cm, 2 layers prototype for $38.80 shipped!