360 SLIM has now been HACKED!

[garyopa]

Geremia the famous hacker from xboxhacker.org has now finally released a simple program that can dump the new 360 Slim Lite-On drive info like the much needed 16byte DVDKEY.

Time again for M$ to go back to the drawing board and order up a new drive or firmware code.

I had no time, no will and no more than 2 drive to test, and i'm not willing to support it too much, it's just a proof of concept.
It can contain bugs and it's not an idiot proof app.
I spent 2 months of spare night-time on this, from decapping to fullrawdump, passing by descrambling fw, reversing fw, bruteforcing, finding usefull cdb commands, bugs and tricks. This is the result, not the beginning of something else.
Since it's my hobby, i'm free to do what i like, just enjoy it or hate it, i dont' care
Slim liteon is well detectable and also lockable to a permanent read-only SPI flash, it's just a matter of MS to push the red button.

Tarablinda v0.4b

Usage : Tarablinda [SATA PORT] [dump|erase|rewrite] [file to flash]
Example: Tarablinda E480 dump
Example: Tarablinda E480 rewrite newfw.bin

Special: Tarablinda E480 dump full
Experimental risky fulldump

Tarablinda is a collection of hacks and tricks which i discovered during hw and fw exploration.
It's only a proof of concept, I take no responsibility for any damage it may causes.
I've checked on Via controller (with drivers removed) and Intel ICH7 several time, against 2 different drives with same FW revision.
There could be different FW revision out here, it could not work for several reasons.

dump:
it dumps the dvdkey and checks it with MS drive auth protocol,
like the console does everytime you poweron, so it's good for sure.
It's not a destructive/invasive dump.

It dumps also serials (1FFE0 area)
It also dumps the whole dvdkeyarea, included the latest 0x10 bytes of such area, which are unique per drive too.
It also dumps sectors 3Dxxx 3Exxx

Dummy.bin is nothing else than a blank file with dvdkeyarea, 3D000-3EFFF and serials in place, not jf compatible.

//////////experimental-risky//////////////////
dump full:
Like above, then checks if 3D-3E sectors are the known ones, rewrites 3E with patched code to make the fw
send us the full dump.
It's a little risky cause we can't know for sure if the dumped 3D-3E sectors are really that sector numbers.
Since scrambling the same data at different addrress results in different scrambled data, we can be quite sure.
But again, this is beta software and consider you are risking on your own, it's your choice.

Erase and Rewrite(which is an erase+write) are mainly for studying purpose
Unless you have a full dump of your drive,
erase and rewrite are not recommended for the most

Special thanks to Kai Schtrom - Maximus - TeamModFreaks

As usual, use at your own risk

Geremia

News Source: DG16D4S Drive (360 Slim Drive)

[amp2006]

finally .

[chesh]

Add another DVD-Rom custom firmware to the long list

[hypermetalsonic]

Cool!!! So I'mma totally buy an xbox slim now xD

*edit*.. Oh wait.. beta? Risk? I'll fold off I guess. But wouldn't hurt to purchase mah xbox now. Was holding out for the slim hacking to make some process

[BULB]

hope more information is forth coming

[echibob]

That's nice.