new unmodable benq drive

[Jman 31]

If you don't need it immediately, hold onto it. Sounds like the crack is not to far off and you could be on the cutting edge on getting into one.

[sadalius]

Well, I don't know about the hack for the lite-on drives being not that far off. They still haven't figured out how to dump the firmware yet and don't know if it will ever happen due to how the circuit boards designed to work. Here is whats going on to date. It's not a good sounding result though so far.

The firmware can go in but does not ever come out. The host needs to verify the programming, so instead of reading it out, and exposing it, a hardware "checksum" is calculated as the device is being programmed inside the device. This value, NOT the code, is returned to the host, and the host also calculates it to determine if the verify was succesfull. Using this method there is no reason for the drive to EVER dump its code back to the host.

So at power up the device checks its rom, if its "blank" or marked as so, the programming "gate" becomes enabled. This allows an entire FW to be injected into the device by the host. The programming verification is performed internally, as the device calcs the xsum of the code, and reports the result to host. The host compares the xsum to expected, and if correct, it knows the device was programmed correctly. This is an effective verify operation, without reading back the code, as is usually done in most mem devices.

So what about reprogramming?
There is also a method for the host to erase or mark the device as erased. When this operation is completed, the device detects the condition and enables the programming "gate". At this point the ENTIRE fw may be once again re written.

So if you had a complete dump, and knew how to mark the device as "erased" you could possibly rewrite the enitre FW.
However, how will you get the dump? Say you got one with a physical attack on the chip, well youd only have the aes keys for that particular unit. IE you still dont have a key to use on another target, so the painfull PHY attack would need to be repeated for each unit. Of course the console can set this key during manufacturing mode, but you have no way of finding out what it set it to as you cant read it back.

Bottom line is what goes in does not come out. No reason for it to ever. The "old" reason was to verify programming of memory, but now a different method is being used to verify, that does not require the host to read back the programming to determine success.

A pdf of mediatek's patent on these chips can be downloaded here: http://www.xbins.org/iriez/mediatekpatent.pdf" onclick="window.open(this.href);return false;
It has some nice diagrams of the chips so you can kind of get an idea of how they work.

[Digital Menace]

so what do You guys think ?

will this new benq ever have ixtreme ?

it doesn't sound all that promising...


i'm considering getting another 360 with the old benq while i still can, i'm not sure just yet.

[sadalius]

I think it will just take some time to figure out how to bypass the verification circuit or something to get around it. I know at this point in time, it does look quite challenging.

[CoFree]

well i would get a different 360 console with a benq if you could.

i think they WILL find a way to mod the dvd drive.
now it maybe more of a pain like the v79,but i think they will get it playing backup games.

[ogameaddict]

Hey fellas just thought I'd drop in and let you know I got another of these drives. This one was a RROD console I bought off Ebay for a whopping 32$ and fixed, so its working but not moddable what a pile of crap anyway I was wondering if I could ship it to someone to help the cause Its just collecting dust anyway. Also I have talked to a dozen people all sent their consoles to m$ for repair and ALL got back lite-on drives with the same hardware code. I live in SLC and am troubled by the increased appearance of these drives, I was just starting to turn a good profit flashing 360 drives On a side note I installed an LCD clock radio into the side of my 360 it looks stock muhahahahahah

[NeoRio]

Do you mean that you bought the RROD 360 off of eBay...then sent it to MS and they changed the mobo for you and put the new Lite-On drive in it? Did the 360 have any signs of being opened (by the previous owner)?--just curious how far MS is willing to go with fixing a RROD...even if you buy it off of eBay or somewhere else...and if they would STILL do the repair if the 360 had been opened or did not have the warranty sticker in tact.

[ogameaddict]

No I ordered it off ebay and fixed it myself, it did have signs that it was opened previously, but nothing crazy, I just put some new thermal paste and lifted the mobo with some washers and it worked just fine, but of course the unmoddable drive made it kinda worthless to me...

[xxTheKingxx]

I've successfully moded 6 benq liteons lol with out a problem.

[technoe]

If you guys remember right, there was an attachment for the samsung drive that would store the cfw on a separate ic and would fool the drives' board into reading the firmware off of the extra ic. There might be something like that for this one. But I want some more info from

I've successfully moded 6 benq liteons lol with out a problem.

[danger sucka]

oh man...unmoddable drive....
hmm probally nothing to worry about
people alway find ways to do it.

[CoFree]

man
look at the date the thread was started.
all 360 dvd drives are flashable now.

[gatorlee]

So does any one else think its a good idea to buy 50 360's and wait?

[NeoRio]

...wait for what?

[gatorlee]

until these new ones aren't hackable and sell em.