Méthode Unlook Package par Geremia

[codroc]

Moi j'ai une via6421 et impossible dextraire la clé avec

Ça me donne slimkey failed comme toi

Je pense que ça viens de ça moi perso

[amivince]

Moi j'ai une via6421 et impossible dextraire la clé avec

Ça me donne slimkey failed comme toi

Je pense que ça viens de ça moi perso

oui peux etre.a tu essayer de le faire avec le sata de la carte mere?si quelqun pourrai m aider svp a avoir la clef car la je suis bloquer des le debu merci!!

[azurtech]

Je suis en train de tenter de flasher un 0272 Winbond avec le lizard, j'obtiens bien le message "Unlocked...00" mais par le suite au lieu d'obtenir le message "spi unlock success!" j'ai un message d'erreur "spi unlock fail!"

D'ou pourrai venir mon soucis ?

[foxtoto2000]

tu as bien un chipset winbond et tu as bien mis une resistance de 100Ohms?

[azurtech]

oui tout était bon, il a fallu que j'insiste un peu + pour que cela fonctionne. J'ai une perceuse de précision velleman, j'ai réglé la vitesse de rotation au minimum, c'est peut etre pour cela que j'ai du appuyer un peu +.

Merci pour ton aide

Sinon vous rebouchez le trou apres le flash? Si oui avec quoi ?

Modifié 7 août 2011 par azurtech

[ludixman76]

Moi j'ai la perceuse a manucure de ma copine ça marche nikel parce que le dremel, va trop vite a mon goût.

Sinon pour ma part, pas de problème d'éject ou quoi que ce soit

[foxtoto2000]

dans la mesure ou on ne coupe qu'une seule piste dans le trou, il n'y a pas besoin de reboucher

certains parlent de reboucher par peur d'oxydation mais vu que la piste ne sert pas, cela n'a pas d'importance.

si tu veux le relocker en hard, il faut avoir accès a la piste

[ludixman76]

vous etes sur que la piste est coupée ? dans ce cas pourquoi un fil de 3.3v si il faut la coupé, je pense qu'il faut juste faire le contact, enfin c'est bizard

[deaphroat]

Couper pour couper le circuit et après on le réalimente de l'interieur, les pins n'aurait pas de sorti vers l’extérieur c'est pour ca qu'on doit passer par l'interieur....

[nvg]

Salut ! J'ai vu sur le forum xboxhacker.org une solution aux personnes qui ont un problème d'éjection du dvd lors du hack Kamikaz de Geremia... A ce que j'ai lu sa marche très bien

Le post en question ICI

Modifié 9 août 2011 par nvg

[nono85]

Déjà citer quelque pages plus haut , merci a toi quand même.

[the-green]

tu as bien un chipset winbond et tu as bien mis une resistance de 100Ohms?

foxtoto, stp vous sur fox-chip quand vous aurez l'erreur lire DVD à la suite du flash de lecteur slim MXIC, c'était quoi la solution ??? puisque je viens d'avoir ce soucis avec un liteon 0225 MXIC

[seb_62500]

@ the green peux etre ta piste est mal reconstruite , tu as teste les points au multimetres ?

[the-green]

le problème c'est que le lecteur marche avec la piste re-soudée ou non !!

mnt il marche très bien

si j'éteins la console, il ne va pas marcher après !! c'est aléatoire et surtout bizarre

sinon merci de ton conseil seb 62500 ^^ je vais refaire proprement la soudure, je vous tiens au courant

[seb_62500]

le problème c'est que le lecteur marche avec la piste re-soudée ou non !!

mnt il marche très bien

si j'éteins la console, il ne va pas marcher après !! c'est aléatoire et surtout bizarre

sinon merci de ton conseil seb 62500 je vais refaire proprement la soudure, je vous tiens au courant

Quand tu dis marche piste ressoudé ou non tu veux dire par rapport a l eject ?

Si tels est le cas c est normal....

[the-green]

Non même en lecture des jeux, ça marche parfois sans problème avec les originaire et backups mais cette erreur lire DVD reste aléatoire

[seb_62500]

Puree ca le fait pas ca , j espere que mes clients auront pas ce soucis, apres tu as essayé de relier les 2 points au lieu de ressouder en direct sur la piste ?

Style pcb spoutnik ?

en gros regarde une photo du pcb spountik tu te rendra compte que celui relie 2 points precis pres du cut , ca evite la reconstruction de piste... L idée serait de les relier avec du kynar.

http://www.google.fr/imgres?q=pcb+sputnik&...t:429,r:17,s:16

Apres autre chose qui me vient a l esprit, le fait que tu aurais abimé la nappe qui relie la lentille au pcb.. Si tu as de quoi testé

Modifié 9 août 2011 par seb_62500

[the-green]

merci seb, pour le moment ça marche bien selon le propriétaire, j'ai lu pas mal de sujets semblables, surement ça vient du firmware et non pas d'autre chose !!!

ça n'a pas marché du tous avec le LT plus 1.91 et ça marche avec le 1.9 !!! je ne sais pas coup de chance. J'aurais du faire le full-dump au lieu du dump dummy, j'ai lu hier soir que c'est faisable avec Jungle Flasher à la différence de ce que je pensais !!!

[yvan.17]

the-green il verrouille de plus en plus leur affaire, et pour moi c'est pas fait par hasard $ $ $ ...

[the-green]

Salut ! J'ai vu sur le forum xboxhacker.org une solution aux personnes qui ont un problème d'éjection du dvd lors du hack Kamikaz de Geremia... A ce que j'ai lu sa marche très bien

Le post en question ICI

Juste une question par curiosité nvg, cette erreur d’éjection sur les winbond, ça vient du fait de toucher d'autres fils lors de l'utilisation du dremler, non ???

[tornad63]

the-green il verrouille de plus en plus leur affaire, et pour moi c'est pas fait par hasard $ $ $ ...

oui,comme le coup de JF avec le cfw 0225 1.91.....

[the-green]

lisez ça les gars:

Made five Winbonds with this method, tried also on already hacked Macronix with Russian Method locked before drilling by UnlockSpi.exe, now the 9504/0272 board is hacked in two flavours;). I don't have any equipment from TX or Maximus, and never bought any;) So i was glad that there is DIY solution to unlock Slim Liteons.

What I have used:

1.VIA 6421A Sata Card

2.Some cheap IDE to SATA adapter (i can check the chipset if you wish;)

3.For the russian hack - multitool to cut traces and diamond glaze file to polish traces for better soldering, classical resin, and AYOUE Hotair Station with soldering iron, Kynar 0,2mm precision soldering wire, 4W/25R Trimpot for resistance regulation, probe from multimeter or soldered switch wired to point and ground with resistor between, tried both;), an cheap multimeter for mesuring Pot's resistance. You CAN use just one simple 10 Ohm resitor instead.

4.For Kamikaze - cheap drill with smallest conical tip drill bit, about 0,5mm size bought in pack, mesured with school plastic ruler. Made it more sharp with polishing stone also included with drill. Also 4x22,5 Ohm resistors in series, beacasue I didn't have an single 100 Ohm and the curiosity didn't allowed me to make a trip to Electronics Shop;). Ring around drill made with Kynar wire. (look out to not hang the ring too tight on a drill bit, it will become devilish copter-like slashing machine when It will start rotating;)

5.Everything connected in all-in-one Pogo-Mo-THOIN, made from used Sammy power cable, ie. Trim with resistor connected to ground in cable terminated with red probe from multimeter, and clear Pogo ground to other black probe. Made two splits on the ground. Switch on 3v Pin, splitted to another wire and terminated with 4 resistors and a ring for drill bit.

6. An PCB handle to hold the unsoldered drive PCB in place while drilling and marking chip for drilling, dentistic magnifying glass with white light to check chip-pin marking, I didn't remove the epoxy but the pins were well visible and I think that light isn't bended much by epoxy. I don't know if the white light or sunlight is better for marking IC without removing epoxy but it gave me 100% success results. Just check markings 3 times and in different angles;) I've marked point with needle and plastic credit card, counted every single pin from up, side etc. moving credit card every single pin and checking both sides if the line isn't crooked. Marking of the chip is very important, you should not take writings on a chip to mesure your drilling point! In the point of three lines crossing, i schratched a little amount of plastic to let the drill bit tip lay well in it and not to shake.

7. Diazempam for the first JOB do not use weed, It will make you more scarier/ make you forget each steps in good order;). Maybe one bear will do the trick too;) didnt't check but it should remove the shaking hands effect (or let you don't feel it:D). Later on when you get the experience, you can use those three at the same time:D.

8.Broken RROD console for power, removed from metal case, only rf module and power connected. Look out for 5 min timer with Video not connected, and to overheating, because when it gets the 2RLOD it turns off 3v on drive (I've put stock ventilators on a cpu). Of course you can power all from molex, just check the pinout documentation.

9. WinXP Pro, removed via drivers, first used JF 1.84 (JF 1.85 has a SATA connection bug), when LT 1.91 came out I've used JF 1.86 and geremias unlock tools. For the first Russian Hack i've used russian tool.

11.Oh did i forget something?biggrin.gif

The steps I've made after some trial/error:

1.Desolder and remove PCB from drive, check if the last line of label is 05 or 03, if its 03 you are lucky, you can use an Russian Hack. If not, read on.

2.Put in in some handle to mark the chip, use sunlight or white light for pin counting. You can remove epoxy if you want.

3.Check the markings under magnifying glass if they are parrelel, always make an 3 marks including slopy one.

4.COUNT PINS THREE TIMES!! people with astigmatism shouldn't mark the chips beacause of disortion and can miscount pins.

5.Check if the marking lines crosses in one point and scratch little hole in plastic to place the drill bit tip well on a chip.

6. Solder resistor/s to 3v pin on drive or take 3v from pogo switch. Solder a wire and make an ring around drill bit, NOT TOO TIGHT!!

7.Run JF 1.86, connect the pcb trough sata and let it get the drive recongnized. You can click (...) button to search an drive next to port number. Copy the port number of sata which recongnized your drive to clipboard.

8.Now turn off the console, and connect drive to VIA's IDE trough an adapter. Change the port in JF to PRIMARY IDE, it should be next to second sata port of via. If it not gets recongnized, I have a little switch on a adapter, when i click it it resets connection to drive and jf gets the drive recongnized.

9.After seeing drive properites in MTK tab, select DVDkey32 and click Slimkey, when it asks to send intro, click no.

10. Now you have a dump of your drive, so save the key and inquiry/serial info somwhere safe (as always), if it asks to automatic load firmware, click yes.

11.Turn off power, Connect the drive to sata port of VIA, probe MX01 point wiht ground/ Use pogo (MX01 near the left corner of the chip, CIRLED WHITE). Turn on the power with point grounded. (POGO method with turning off just 3v isn't working, you must turn off and on the whole power).

12.It should get 0x72 and jump in vendor mode, get spi status recongnized etc. you can use chip unlock functionality of JF 1.86, but I've used still UnlockSpi after the release.

13. Run unlockSPI from command line, like C:\geremia_unlock_tools\Unlockspi.exe PORT NUMBER TO SEND UNLOCK, ie. C:\geremia_unlock_tools\UnlockSpi.exe ec00

14. It should get the SPI lock status 0x8c, and ask if you want to continue unlocking, REMEMBER TO CLICK Y/YES BEFORE DRILLING!! in nerves one time i just mechanicaly turned on UnlockSPI, and forgot about prompt and started drilling, thinking its sending unlock command already. Thank god I've seen an little spark when touched the wire and stopped drilling. Just clicked Y and touched chip wire/hole again with drill and it unlocked.

15.Put the Headphones on head and connect them to line-out.

16.Make sure the sound is working.

17.Double check the value of rotation regulator of drill;) make it lowest possible. Just another experience i've had;)

18.Put the drill tip EXACTLY to the point scracthed with needle on a chip, do not push the drill down, let the gravity do it for you.

19.Drill until you hear an siren sound, and qiuckly remove the drill from chip, turning the drill off at the same time.

20.It should say !! Unlocked !! in UnlockSpi terminal

Ok, congrats, so u have unlocked chip, now lets return to flashing.

1. Load dummy.bin from IDE adapter dump, autoload 1.91 for your drive.

2. Put the drive in vendor mode using pogo on mx01 and turning on and off WHOLE power of PCB.

3. Now the tricky part - drive is not in full vendor mode, with VIA you can only write flash but it fails reading/verification/authorisation. I've found that only after Slim Unlock it works right.

So the steps are:

a)vendor trough pogo

b)click Erase

c)click Write, let it hang and fail reading flash

d)power cycle the PCB without pogo/vendor mode, let jf recongnise it

e)click Slim Unlock - now it works like a charm!!

f)click Write again, now it should read and authorize;). Power cycle the drive, and try sending Slim Unlock, if it fails youre good.

Congrats, its finished!!

Sumarising - always check everything two times, remember the devil is in the details;) The costs excluding some specialistic equipment that i bought because of my hobby, are 10 to 20$ in Poland for whole operation;)

You can use conical diamond glaze file to manualy drill the chip instead of electrotool. It can be even more safe;) On hackfaq guys were using small screwdriver too;)

Will update the instructions with photos when i get next box to DRILLL muhaha.gif

Cheers from Poland;)

Source:

http://forums.xbox-scene.com/index.php?sho...34170&st=45

[cloka]

ça dit quoi concrètement ?

[nvg]

Juste une question par curiosité nvg, cette erreur d’éjection sur les winbond, ça vient du fait de toucher d'autres fils lors de l'utilisation du dremler, non ???

Oui en plein ça @the-green

[nvg]

lisez ça les gars:

Made five Winbonds with this method, tried also on already hacked Macronix with Russian Method locked before drilling by UnlockSpi.exe, now the 9504/0272 board is hacked in two flavours;). I don't have any equipment from TX or Maximus, and never bought any;) So i was glad that there is DIY solution to unlock Slim Liteons.

What I have used:

1.VIA 6421A Sata Card

2.Some cheap IDE to SATA adapter (i can check the chipset if you wish;)

3.For the russian hack - multitool to cut traces and diamond glaze file to polish traces for better soldering, classical resin, and AYOUE Hotair Station with soldering iron, Kynar 0,2mm precision soldering wire, 4W/25R Trimpot for resistance regulation, probe from multimeter or soldered switch wired to point and ground with resistor between, tried both;), an cheap multimeter for mesuring Pot's resistance. You CAN use just one simple 10 Ohm resitor instead.

4.For Kamikaze - cheap drill with smallest conical tip drill bit, about 0,5mm size bought in pack, mesured with school plastic ruler. Made it more sharp with polishing stone also included with drill. Also 4x22,5 Ohm resistors in series, beacasue I didn't have an single 100 Ohm and the curiosity didn't allowed me to make a trip to Electronics Shop;). Ring around drill made with Kynar wire. (look out to not hang the ring too tight on a drill bit, it will become devilish copter-like slashing machine when It will start rotating;)

5.Everything connected in all-in-one Pogo-Mo-THOIN, made from used Sammy power cable, ie. Trim with resistor connected to ground in cable terminated with red probe from multimeter, and clear Pogo ground to other black probe. Made two splits on the ground. Switch on 3v Pin, splitted to another wire and terminated with 4 resistors and a ring for drill bit.

6. An PCB handle to hold the unsoldered drive PCB in place while drilling and marking chip for drilling, dentistic magnifying glass with white light to check chip-pin marking, I didn't remove the epoxy but the pins were well visible and I think that light isn't bended much by epoxy. I don't know if the white light or sunlight is better for marking IC without removing epoxy but it gave me 100% success results. Just check markings 3 times and in different angles;) I've marked point with needle and plastic credit card, counted every single pin from up, side etc. moving credit card every single pin and checking both sides if the line isn't crooked. Marking of the chip is very important, you should not take writings on a chip to mesure your drilling point! In the point of three lines crossing, i schratched a little amount of plastic to let the drill bit tip lay well in it and not to shake.

7. Diazempam for the first JOB do not use weed, It will make you more scarier/ make you forget each steps in good order;). Maybe one bear will do the trick too;) didnt't check but it should remove the shaking hands effect (or let you don't feel it:D). Later on when you get the experience, you can use those three at the same time:D.

8.Broken RROD console for power, removed from metal case, only rf module and power connected. Look out for 5 min timer with Video not connected, and to overheating, because when it gets the 2RLOD it turns off 3v on drive (I've put stock ventilators on a cpu). Of course you can power all from molex, just check the pinout documentation.

9. WinXP Pro, removed via drivers, first used JF 1.84 (JF 1.85 has a SATA connection bug), when LT 1.91 came out I've used JF 1.86 and geremias unlock tools. For the first Russian Hack i've used russian tool.

11.Oh did i forget something?biggrin.gif

The steps I've made after some trial/error:

1.Desolder and remove PCB from drive, check if the last line of label is 05 or 03, if its 03 you are lucky, you can use an Russian Hack. If not, read on.

2.Put in in some handle to mark the chip, use sunlight or white light for pin counting. You can remove epoxy if you want.

3.Check the markings under magnifying glass if they are parrelel, always make an 3 marks including slopy one.

4.COUNT PINS THREE TIMES!! people with astigmatism shouldn't mark the chips beacause of disortion and can miscount pins.

5.Check if the marking lines crosses in one point and scratch little hole in plastic to place the drill bit tip well on a chip.

6. Solder resistor/s to 3v pin on drive or take 3v from pogo switch. Solder a wire and make an ring around drill bit, NOT TOO TIGHT!!

7.Run JF 1.86, connect the pcb trough sata and let it get the drive recongnized. You can click (...) button to search an drive next to port number. Copy the port number of sata which recongnized your drive to clipboard.

8.Now turn off the console, and connect drive to VIA's IDE trough an adapter. Change the port in JF to PRIMARY IDE, it should be next to second sata port of via. If it not gets recongnized, I have a little switch on a adapter, when i click it it resets connection to drive and jf gets the drive recongnized.

9.After seeing drive properites in MTK tab, select DVDkey32 and click Slimkey, when it asks to send intro, click no.

10. Now you have a dump of your drive, so save the key and inquiry/serial info somwhere safe (as always), if it asks to automatic load firmware, click yes.

11.Turn off power, Connect the drive to sata port of VIA, probe MX01 point wiht ground/ Use pogo (MX01 near the left corner of the chip, CIRLED WHITE). Turn on the power with point grounded. (POGO method with turning off just 3v isn't working, you must turn off and on the whole power).

12.It should get 0x72 and jump in vendor mode, get spi status recongnized etc. you can use chip unlock functionality of JF 1.86, but I've used still UnlockSpi after the release.

13. Run unlockSPI from command line, like C:\geremia_unlock_tools\Unlockspi.exe PORT NUMBER TO SEND UNLOCK, ie. C:\geremia_unlock_tools\UnlockSpi.exe ec00

14. It should get the SPI lock status 0x8c, and ask if you want to continue unlocking, REMEMBER TO CLICK Y/YES BEFORE DRILLING!! in nerves one time i just mechanicaly turned on UnlockSPI, and forgot about prompt and started drilling, thinking its sending unlock command already. Thank god I've seen an little spark when touched the wire and stopped drilling. Just clicked Y and touched chip wire/hole again with drill and it unlocked.

15.Put the Headphones on head and connect them to line-out.

16.Make sure the sound is working.

17.Double check the value of rotation regulator of drill;) make it lowest possible. Just another experience i've had;)

18.Put the drill tip EXACTLY to the point scracthed with needle on a chip, do not push the drill down, let the gravity do it for you.

19.Drill until you hear an siren sound, and qiuckly remove the drill from chip, turning the drill off at the same time.

20.It should say !! Unlocked !! in UnlockSpi terminal

Ok, congrats, so u have unlocked chip, now lets return to flashing.

1. Load dummy.bin from IDE adapter dump, autoload 1.91 for your drive.

2. Put the drive in vendor mode using pogo on mx01 and turning on and off WHOLE power of PCB.

3. Now the tricky part - drive is not in full vendor mode, with VIA you can only write flash but it fails reading/verification/authorisation. I've found that only after Slim Unlock it works right.

So the steps are:

a)vendor trough pogo

b)click Erase

c)click Write, let it hang and fail reading flash

d)power cycle the PCB without pogo/vendor mode, let jf recongnise it

e)click Slim Unlock - now it works like a charm!!

f)click Write again, now it should read and authorize;). Power cycle the drive, and try sending Slim Unlock, if it fails youre good.

Congrats, its finished!!

Sumarising - always check everything two times, remember the devil is in the details;) The costs excluding some specialistic equipment that i bought because of my hobby, are 10 to 20$ in Poland for whole operation;)

You can use conical diamond glaze file to manualy drill the chip instead of electrotool. It can be even more safe;) On hackfaq guys were using small screwdriver too;)

Will update the instructions with photos when i get next box to DRILLL muhaha.gif

Cheers from Poland;)

Source:

http://forums.xbox-scene.com/index.php?sho...34170&st=45

! Il y a personne pour mettre sa dans un bon français ? (Pas de google-translate SVP)