Quote:

---

Geremia at XBoxHacker.org (linked above) reports that Tarablinda v0.4b has arrived and is working with XBox 360 Slim DG16D4S drives.

Tarablinda is a collection of hacks and tricks which he discovered during hw and fw exploration (allows to extract dvdkey and more and since this last version even an experimental way to dump the whole FW).

Download: http://www.megaupload.com/?d=40NWA8ZZ

To quote: Thanks for running the test app, i figured out nothing interesting from it but thanks for doing it anyway, ehehheeh

I had no time, no will and no more than 2 drive to test, and i'm not willing to support it too much, it's just a proof of concept. It can contain bugs and it's not an idiot proof app.

I spent 2 months of spare night-time on this, from decapping to fullrawdump, passing by descrambling fw, reversing fw, bruteforcing, finding usefull cdb commands, bugs and tricks. This is the result, not the beginning of something else.

Since it's my hobby, i'm free to do what i like, just enjoy it or hate it, i dont' care. Slim liteon is well detectable and also lockable to a permanent read-only SPI flash, it's just a matter of MS to push the red button.

Tarablinda v0.4b

Usage : Tarablinda [SATA PORT] [dump|erase|rewrite] [file to flash]
Example: Tarablinda E480 dump
Example: Tarablinda E480 rewrite newfw.bin

Special: Tarablinda E480 dump full
Experimental risky fulldump

Tarablinda is a collection of hacks and tricks which i discovered during hw and fw exploration. It's only a proof of concept, I take no responsibility for any damage it may causes.

I've checked on Via controller (with drivers removed) and Intel ICH7 several time, against 2 different drives with same FW revision.
There could be different FW revision out here, it could not work for several reasons.

dump:

it dumps the dvdkey and checks it with MS drive auth protocol,
like the console does everytime you poweron, so it's good for sure.
It's not a destructive/invasive dump.

It dumps also serials (1FFE0 area)
It also dumps the whole dvdkeyarea, included the latest 0x10 bytes of such area, which are unique per drive too.
It also dumps sectors 3Dxxx 3Exxx

Dummy.bin is nothing else than a blank file with dvdkeyarea, 3D000-3EFFF and serials in place, not jf compatible.

experimental-risky:

dump full:
Like above, then checks if 3D-3E sectors are the known ones, rewrites 3E with patched code to make the fw send us the full dump.
It's a little risky cause we can't know for sure if the dumped 3D-3E sectors are really that sector numbers.
Since scrambling the same data at different addrress results in different scrambled data, we can be quite sure.
But again, this is beta software and consider you are risking on your own, it's your choice.

Erase and Rewrite(which is an erase+write) are mainly for studying purpose
Unless you have a full dump of your drive,
erase and rewrite are not recommended for the most

Special thanks to Kai Schtrom - Maximus - TeamModFreaks

As usual, use at your own risk

Geremia

---

Originally posted by shcklfrd:

---

Old news about the app, sorry.

I meant to ask, is there any updates or if TeamJungle or whoever is close or working on cracking the new Slim's DVD drives?

Since I might have to buy one, since the older models might be hard to find.

---