Speculation: Liteon keys without additional reader?

[doyet]

Well, the 360 seems to verify the drive which is "married" to the console via the keys. It sure doesn't have to stick a probe on the 707 point. Since an already modded Liteon gives up the keys to jungleflasher through SATA only.. I'm wondering what's the difference?

[technoe]

That's what we don't know yet. The lite-on drive seems to recognize what it's hooked up to. Whether that be the correct 360 or the Connectivity kit. And since we haven't pulled an exact copy of a 360's BIOS we don't really know what the comparisons are. That's why we do the R707 probe. Cool?

[sadalius]

Actually, the difference is the firmware. The stock lite-on firmware is not coded to give that information except through the parser chip, which the only method of communication is through serial. The ixtreme firmware is coded to recognize requests through the sata port. When you insert a game into a stock lite-on, it has the ability to read the required information and couple that with the drive key to pass encrypted to the 360 for authentication. This isn't just any encryption, it is also digitally signed by a private key that we have no idea what is in order for us to decipher it. This is why we must dump the drives to get that all illusive drive key.

[doyet]

Sadalius, ahhh so I see. So the probe accesses the drive key before it is encrypted. Pretty slick, M$.

[sadalius]

Actually no. With the liteon, there are actually two chips inside of one chip. One is the controller chip and the other is the flash chip. The controller chips only purpose in life is allowing or disallowing flash attempts. It's only method of communication is through an rs232 interface. The liteon will never dump the firmware as a whole. It will only allow the key, inquiry and identify information to be dumped. This is why we don't have an original firmware to restore the drive back to original. In fact, the way the firmware was dumped was through a flashchip decap.

Basically, imagine two people standing together. You want to talk to person 2, but you can't because your not speaking the right language. So you find that you can speak the language of person one who also speaks the language of person 2, so you go through person 1 to get to person 2. You say hey person 1, ask person 2 for this information. Person 1 gets it and gives it to you. No decryption necessary.

I know that is very vague analogy, but it works. Still a pretty slick trick though.

[Backslash]

Basically, imagine two people standing together. You want to talk to person 2, but you can't because your not speaking the right language. So you find that you can speak the language of person one who also speaks the language of person 2, so you go through person 1 to get to person 2. You say hey person 1, ask person 2 for this information. Person 1 gets it and gives it to you. No decryption necessary.

You have a way with words.

Haha wow i never understood the lite-on completely, until you explained that, thanks.

[technoe]

I found an older eeprom reader the other day at work, I'm going to see if it still works, I'd like to pull the lite-on chip off and try to dump the entire thing onto my pc. If it doesn't work I found a relatively cheap one for sale.

[CoFree]

I'd like to pull the lite-on chip off and try to dump the entire thing onto my pc

its not going to work
no way, no how.

This chip was build from the ground up to not dump the firmware.
but
the key and other info did need at some odd time to be dumped
and so the crack was found.
have a lite read over this.

mediatekpatent.pdf