Gaming Tarablinda for XBOX 360 Slim released.

tk_saturn

Well-Known Member
OP
Member
Joined
Jan 26, 2010
Messages
3,325
Trophies
0
Website
Visit site
XP
55
Country
Germania of XBOX Hacker releases Tarablind for the Lite-On DG16D4S Drive (360 Slim Drive).

tarablinda.png

This is a test release, which is being released to further it's developement. It extracts the DVD-Key over Sata, This means you won't have to mess around with Lite-On probes etc to get the DVD-Key. Post the results of the tool along with the DMA or PIO mode used, and Sata controller in used in this thread on xboxhacker if you want to help Germania.

Note: That's an advanced forum and they won't appreciate n00bs asking n00bish questions.

download.gif
Download

This doesn't mean the drive is openly and publicly hacked yet, as there's no replacement firmware for the drive.
 

Fudge

Remember that death is not the end, but only a tra
Banned
Joined
Aug 26, 2009
Messages
2,653
Trophies
0
Age
26
Location
New York
Website
Visit site
XP
642
Country
United States
Dark Langin said:
I have a q.

Uh will this help me to play backups?(I believe it does not but I wan to know) Or will an hack for that will come soon?
This will eventually will allow you to play backups on the 360 Slim.
 

gisel213

Well-Known Member
Member
Joined
Aug 2, 2007
Messages
434
Trophies
1
Age
40
Location
Delaware
XP
456
Country
United States
Would be nice if this worked on the current 83850c v2 and 93450c drives then i could stop soldering and cutting but yet again soldering
is kinda fun.....
 

tk_saturn

Well-Known Member
OP
Member
Joined
Jan 26, 2010
Messages
3,325
Trophies
0
Website
Visit site
XP
55
Country
There's a new version, 0.4b. While it's not capable of flashing the drive, you can now spoof it. ie you can remove the drive from a slim, dump specific data and then spoof an older drive so it pretents to be the slim's drive, if you use the Lt firmware you will then be able play backups using the older drive. I don't have a slim, but you may have to gut swap the drives to fit them into the slim's case. TeamXecuter are meant to have a tutorial somewhere...

It's still WIP, give it a week or two and you'll probably find a new version or an easier to use tool will pop up.

Geremia @ xboxhacker said:
Thanks for running the test app, i figured out nothing interesting from it Smiley but thanks for doing it anyway, ehehheeh

http://www.megaupload.com/?d=40NWA8ZZ

I had no time, no will and no more than 2 drive to test, and i'm not willing to support it too much, it's just a proof of concept.
It can contain bugs and it's not an idiot proof app.
I spent 2 months of spare night-time on this, from decapping to fullrawdump, passing by descrambling fw, reversing fw, bruteforcing, finding usefull cdb commands, bugs and tricks. This is the result, not the beginning of something else.
Since it's my hobby, i'm free to do what i like, just enjoy it or hate it, i dont' care Smiley
Slim liteon is well detectable and also lockable to a permanent read-only SPI flash, it's just a matter of MS to push the red button.


Tarablinda v0.4b

Usage : Tarablinda [SATA PORT] [dump|erase|rewrite] [file to flash]
Example: Tarablinda E480 dump
Example: Tarablinda E480 rewrite newfw.bin

Special: Tarablinda E480 dump full
Experimental risky fulldump

Tarablinda is a collection of hacks and tricks which i discovered during hw and fw exploration.
It's only a proof of concept, I take no responsibility for any damage it may causes.
I've checked on Via controller (with drivers removed) and Intel ICH7 several time, against 2 different drives with same FW revision.
There could be different FW revision out here, it could not work for several reasons.

dump:
it dumps the dvdkey and checks it with MS drive auth protocol,
like the console does everytime you poweron, so it's good for sure.
It's not a destructive/invasive dump.

It dumps also serials (1FFE0 area)
It also dumps the whole dvdkeyarea, included the latest 0x10 bytes of such area, which are unique per drive too.
It also dumps sectors 3Dxxx 3Exxx

Dummy.bin is nothing else than a blank file with dvdkeyarea, 3D000-3EFFF and serials in place, not jf compatible.



//////////experimental-risky//////////////////
dump full:
Like above, then checks if 3D-3E sectors are the known ones, rewrites 3E with patched code to make the fw
send us the full dump.
It's a little risky cause we can't know for sure if the dumped 3D-3E sectors are really that sector numbers.
Since scrambling the same data at different addrress results in different scrambled data, we can be quite sure.
But again, this is beta software and consider you are risking on your own, it's your choice.


Erase and Rewrite(which is an erase+write) are mainly for studying purpose
Unless you have a full dump of your drive,
erase and rewrite are not recommended for the most




Special thanks to Kai Schtrom - Maximus - TeamModFreaks


As usual, use at your own risk


Geremia

Download
 

Blue-K

No right of appeal.
Member
Joined
Jun 21, 2008
Messages
2,572
Trophies
0
Location
Helvetica
XP
189
Country
Swaziland
fudgenuts64 said:
Dark Langin said:
I have a q.

Uh will this help me to play backups?(I believe it does not but I wan to know) Or will an hack for that will come soon?
This will eventually will allow you to play backups on the 360 Slim.

No, this will allow you to play Backups on the 360 Slim. But to flash the firmware when it's out you'll need a tool like this (But I guess Team Jungle will make one too). Though, nothing out yet, so patience...
QUOTE
LT+ for slim is coming with firmguard+ to overcome real-time checks.
Interesting that it's so quiet here about this, on other places people are going bananas
tongue.gif
.
 

dilav

Well-Known Member
Member
Joined
Nov 22, 2006
Messages
1,248
Trophies
0
XP
392
Country
United States
Blue-K said:
Interesting that it's so quiet here about this, on other places people are going bananas
tongue.gif
.

Yeah these forums here are really quiet on these kind of story..
 

You may also like...

General chit-chat
Help Users
    K3N1 @ K3N1: But nah not that one she owes me for construction rearranging :angry: +1