GENERAL kamikaze/Winbond Hack Guide

Status
Not open for further replies.

mespo365

VIP Member
Dec 4, 2010
389
0
USA
All thanks go to Geremia for discovering this hack, as well as Team Xecuter, Team Jungle, and C4eva for making this possible!!

Disclaimer: This hack should not be attempted by anyone other then a pro modder. I nor anyone here will be held accountable for any damage that may occur with this hack. Proceed with caution!!

Tools needed:

  • Variable speed Dremel
  • Dremel #105 engraving bit (.8mm)
  • 100 ohm resistor
  • Short length of wire
  • Soldering Iron
  • Magnifying glass
  • X360usb pro (very few sata chipsets are compatible, this is the best tool money can buy)
  • A brain (This is not for noobs!)
As you can see this chip is tiny!! There is no room for error whatsoever (we are talking no room for even .1mm)



Step 1:
Solder up the 100ohm resistor. I soldered it in between 2 lengths of wire to give a little more flexibility in the wire. The reason for this was my wire was a little thick.

Note: If you don't know which direction a resistor should point then STOP!! If you have to google it STOP!! :tongue:



Step 2:

Solder one end of the wire to this 3.3v point on the pcb. You could also tap into the power wire itself, but this is easier.



Step 3:

This image is courtesy Geremia. Thanks again! This is by far not 100% accurate. Every chip is slightly different, I have noticed some being as far as .3mm "off". I will explain how to account for this below.

Now take a fine pencil/ruler and mark where you will drill. I found a magnifying glass to be very helpful here, especially because I chose not to remove the epoxy.



Step 4:


Wrap the wire around the Dremel bit several times. This will assure that the wire will come in contact with the bit.



Step 5:

This is when the fun begins! Again if you have any doubt or are nervous about attempting this, I strongly suggest not doing it.

Make sure to open up the most current version Jf. If you dont have your dummy.bin now would be a good time to do that lol. Once you are ready intro the drive, you will be notified the the drive is locked and will ask if you want to attempt to unlock it. Obviously click yes and you should see dots in the log window.

Now read this part carefully!
Make a small dimple at the point which you marked to be drilled. I would set the Dremel on speed setting 1 or 2 to ensure the bit doesn't jump around.

As I mentioned previously there is quite a bit of variance from chip to chip, in terms of trace location. To ensure that you will be drilling in the right location I like to make a wider hole. With this being said that doesn't mean it will be deep enough to do any damage.

Now start to take a little bit of material off in a circular motion. Generally I like to follow the diagonal line, going beyond the dimple on both sides.

Take a little bit of material at a time and I mean a little!! The final hole will be no deeper than .2-.3mm. After making a pass, lift the Dremel and check the status. I have noticed on several occasions that the status will not change for 3-4 seconds after I have lifted the bit. Repeat this process as many times as necessary. IMO the more passes and least amount of material you take at once the better. By drilling slowly you will soon reveal the proper trace. Here is another reason why a magnifying glass is handy. Once you have located the proper trace, focus all drilling on that area.

Important: Currently jf does not beep on every status change of the drive. It will only beep on 0x00 when its officially unlocked. This in no way is jf's fault and may be changed in the future. With this being said when the status change reads 0x3 STOP! Close jf and re-intro the drive, it should be unlocked. If not continue drilling.

Apparently some people have been getting 0x3c which typically has lead to drive issues, including not ejecting, open tray errors, etc. This is because they have drilled to far, or in the wrong location. If you get 0x3c Stop! immediately, then close jf and re-intro.



Step 5:


By now you have re-intro'ed the drive it should be in vendor mode. What I like to do is do a good ol' read to make sure the drive is functioning properly. I also like to eject the drive a couple of times. If everything is all good write the cfw as normal. Don't forget to re-lock the drive by pressing "ctrl+shift+f11". Put your drive back in test an original, then the backup of that original. Hopefully you were successful and playing games now.:smile::smile::smile:

Here is just a picture of the final result. You can faintly see where the trace was located on this chip.




On a side note, some people have been successful without using the 3.3v. I strongly suggest using this wire, as it ensure that the drive is being forced to be unlocked. I have done loads of these with a 100% success rate, so just listen. :tongue:

Also some people have reported using a solder iron. Really?? This will surely do more damage to the chip than any Dremel(if used properly). Heat is not the only concern here, because as you are starting to melt a hole, you would be twisting the iron around pulling the plastic and anything that is attached upward. This is a easy way to pull the wrong trace apart. It is no where near as precise. If you don't have the Dremel skills to do this hack, don't do it!! Just my little rant :tongue:

Feel free to comment with any suggestions to add or questions you have have with this method. Most importantly have fun!!
 
Last edited:

MANUMAN

VIP Member
Jun 11, 2011
591
0
DUBLIN
i wish you had of posted this 1 hour ago. i got my 0225 unlocked wrote the lt 1.91 to relocked it and then i would not open or spin the disks. got the drive tray opening again by soldering a wire to the pout but the disks wont spin :(
 

mespo365

VIP Member
Dec 4, 2010
389
0
USA
i wish you had of posted this 1 hour ago. i got my 0225 unlocked wrote the lt 1.91 to relocked it and then i would not open or spin the disks. got the drive tray opening again by soldering a wire to the pout but the disks wont spin :(
Sorry man!!! I had a busy week and meant to get it up sooner. I guess you'll have to get a new pcb or Tx pcb.
 

conie

VIP Member
Oct 9, 2010
775
0
California

mespo365

VIP Member
Dec 4, 2010
389
0
USA
200:
- 2 speed settings (15000 & 35000 1/min)

300:
- Variable speed 10.000–33.000 RPM

So the 300 series is the right one i think.
Definitely the 300 series has way more control over speed. You want this for any dremel job
 

looney2008

Full Member
Apr 28, 2009
38
0
uk stockton on tees
great tut just a question but can a ohm meter be used to find an alternative point now ie useing the point drilled on chip and testing all the other points on board for a positive connection so no drilling would be required? dont know why but just had to ask keep up the good work guys and all involved.
 

mespo365

VIP Member
Dec 4, 2010
389
0
USA
great tut just a question but can a ohm meter be used to find an alternative point now ie useing the point drilled on chip and testing all the other points on board for a positive connection so no drilling would be required? dont know why but just had to ask keep up the good work guys and all involved.
Thanks!
Its been looked at extensively by Geremia and many others. With the winbond chip the wp and ground are connected internally in the chip itself. So as of now the only way is cutting the trace internally.
 
Status
Not open for further replies.