SlimKey + Orig Dump are 2 different keys

[skatermike21988]

I'm having a major issue with a 0225 drive. I did the kamikazee hack and all went well. Drive unlocked and no eject problems. I had done a slimkey prior. After I unlocked the drive I did two full reads of the original firmware.

Now here's my problem, the key retrieved from slimkey is different than the key showed in the orig.bin I've tried both keys but no luck. I tried 0225u as well. I also checked in a hex editor for the calibration line which matches every time.

I can not for the life of me get a cfw to run without showing play dvd.

I know my original dumps are good because if I write them back to the drive the console will then play originals just fine. Also after reflashing stock and doing another slimkey returns the same key that slimkey gave me from the getgo.

I'm using the latest Jungleflasher as well. I've spent the last 2 hours messing with this thing and just can't get it to work. I've flashed my share of consoles without looking for help but this time I'm totally stumped and have been searching for any answers.

I'm using a ck3i to power the drive and a x360usbpro to read it.

JF Log of Slimkey:

Loading firmware file F:\Users\******\Documents\*******\Dummy.bin
MD5 hash: deb3d19c6aaa5ceaac4ef46283a0ea6d
Inquiry string found
Identify string found
Drive key @ 0xA030 7512C709005E8C99E9C**********
Firmware Osig: [PLDS DG-16D4S 0225]
Firmware is: SlimKey Extract

JF Log of stock:

Loading firmware file F:\Users\******\Documents\*******\Dummy.bin
MD5 hash: 71e0b4df7b1e42579e67e210bbb8bfb4
Drive key @ n/a E638AE392AA2EE1E8D27CA**********
Firmware Osig: [PLDS DG-16D4S 0225]
Firmware is: Stock

I'd really appreciate any help with this one. Thanks in advance.

 

[paul.86]

Check your jf key db

 

[maximass]

May I ask what firmware version you are flashing to the drive?

 

[Martin C]

What version of JF are you using?

 

[skatermike21988]

I was flashing LT 2.0 for 0225, I also tried the LT 2.0u for it as well. I am using jungleflasher 1.91 and my Jungleflasher KeyDB shows both keys. I also tried a few older versions of jungleflasher 1.84 and 1.86 and both are doing the same.

 

[frazzeld]

You say that if you revert back to stock it will play retail disc's.....which key?
Have you made a stock fw with both keys?

You've done the kamikazi did you update the dashboard after the kamikazi, "if yes" was the drive unlocked during update?

 

[skatermike21988]

You say that if you revert back to stock it will play retail disc's.....which key?
Have you made a stock fw with both keys?

You've done the kamikazi did you update the dashboard after the kamikazi, "if yes" was the drive unlocked during update?

See that's the thing the stock firmware is just that "stock" I didn't change any keys so it is using the "second Key" but after I return to stock if I run SlimKey again it returns the "First Key"

Also I haven't updated the dashboard on it either.

 

[Martin C]

Hold on - do you have a valid dummy.bin / OFW.bin for this console?

 

[talby71]

you need to use the key that works(first one), any other key is pointless

 

[skatermike21988]

Hold on - do you have a valid dummy.bin / OFW.bin for this console?

Yes I do, If I flash back the stock dump originals work just fine

you need to use the key that works(first one), any other key is pointless

I've tried both keys the one from slimkey and the one that shows up from the stock dump.

 

[Martin C]

Yes I do, If I flash back the stock dump originals work just fine.

Post your JF log from loading your OFW to flashing it to the drive.

 

[skatermike21988]

Post your JF log from loading your OFW to flashing it to the drive.

Here's the log, I just noticed it has a failed authorisation and restore verify failed but once it's hooked up to the console it still works to play originals.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
JungleFlasher 0.1.91 Beta (300)
Session Started Fri Jan 01 09:55:52 2010

This is a Wow 64 process running on 2 x 64 bit CPUs
X360USB PRO detected, Version 0.18

Found 1 I/O Ports.
Found 1 Com Ports.
Found 4 windows drives A: C: D: E:
Found 2 CD/DVD drives D: E:

Sending Vendor Intro to port 0x0000
Status 0x51
Re-sending Vendor Intro:
.
Serial flash found with Status 0x72

Sending Device ID request to port 0x0000
Spi Status: 0x00
Manufacturer ID: 0xEF
Device ID: 0x11
Flash Name: Winbond/NEX(W25P20/NX25P20)
Flash Size: 262144 bytes
Loading firmware file C:\Xbox Mods\Firmware\Backups\*******\Lite-OFW2.bin
MD5 hash: 71e0b4df7b1e42579e67e210bbb8bfb4
Drive key @ n/a E638AE392AA2EE1E************
Firmware Osig: [PLDS DG-16D4S 0225]
Firmware is: Stock

Getting Status from port 0x0000
SPi flash found with Status 0x72

Sending Chip Erase to Port 0x0000
Erasing:
Writing target buffer to flash
Writing Bank 0: ................
Writing Bank 1: ................
Writing Bank 2: ................
Writing Bank 3: ................
............
Flash Verification Test !
Reading Bank 0: ................
Reading Bank 1: ................
Reading Bank 2: ................
Reading Bank 3: ................
Dumped in 11747mS

Write verified OK !

Restoring sector 0x3E000.

Sending Sector Erase to Port 0x0000
Erasing: 0x3E000
Writing: 0x3E000
............
Authorisation Failed!
Restore Verify Failed !

 

[Martin C]

This isn't what I asked for. Read again and supply what I wanted.

 

[skatermike21988]

This isn't what I asked for. Read again and supply what I wanted.

You asked for from "Loading the official FW to flashing it to the drive" that log is just that. I'm loading the official firmware to target and flashing that to the drive. Or do you mean from "reading the official firmware to flashing lt+ to the drive"?

I'll post a log a little later of this: "Slimkey, read OFW, load LT+ to target, to flashing"

 

[Martin C]

Seeing as your OFW works, why would I want to see that?

Load your OFW into source, let JF load your LT+ and flash that instead.

Post the log.

 

[skatermike21988]

Seeing as your OFW works, why would I want to see that?

Load your OFW into source, let JF load your LT+ and flash that instead.

Post the log.

Ok will do, just your original post was a bit confusing. Give me about 10 minutes and I'll do just that.

---------- Post added at 05:14 ---------- Previous post was at 05:07 ----------

Seeing as your OFW works, why would I want to see that?

Load your OFW into source, let JF load your LT+ and flash that instead.

Post the log.

Ok here's loading Lite-OFW.bin as source, JF auto loads LT+ and spoofs key to target, to device intro and flashing:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
JungleFlasher 0.1.91 Beta (300)
Session Started Fri Jan 01 21:40:17 2010

This is a Wow 64 process running on 2 x 64 bit CPUs
X360USB PRO detected, Version 0.18

Found 1 I/O Ports.
Found 1 Com Ports.
Found 5 windows drives A: C: D: E: G:
Found 2 CD/DVD drives D: E:

Loading firmware file C:\Xbox Mods\Firmware\Backups\****\Lite-OFW.bin
MD5 hash: 71e0b4df7b1e42579e67e210bbb8bfb4
Drive key @ n/a E638AE392AA2EE1E8D27CA********
Firmware Osig: [PLDS DG-16D4S 0225]
Firmware is: Stock
Auto-Loading firmware file C:\Xbox Mods\Firmware\Tools\JungleFlasher\firmware\LTPlus-0225-v2.0.bin
MD5 hash: 1012021472620cad9adf1f838497668e
Genuine LT plus v2.0
Drive key @ n/a FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Firmware Osig: [PLDS DG-16D4S 0225]
Firmware is: LT-Plus 2.0
Spoofing Target
DVD Key copied to target
Key Sector copied from Source to Target
Target is LT - ID strings not copied to Target

Sending Vendor Intro to port 0x0000
Status 0x51
Re-sending Vendor Intro:
................
Serial flash found with Status 0x72

Sending Device ID request to port 0x0000
Spi Status: 0x00
Manufacturer ID: 0xEF
Device ID: 0x11
Flash Name: Winbond/NEX(W25P20/NX25P20)
Flash Size: 262144 bytes

Getting Status from port 0x0000
SPi flash found with Status 0x72

Sending Chip Erase to Port 0x0000
Erasing:
Writing target buffer to flash
Writing Bank 0: ................
Writing Bank 1: ................
Writing Bank 2: ................
Writing Bank 3: ................
............
Flash Verification Test !
Reading Bank 0: ................
Reading Bank 1: ................
Reading Bank 2: ................
Reading Bank 3: ................
Dumped in 11960mS

Write verified OK !

Restoring sector 0x3E000.

Sending Sector Erase to Port 0x0000
Erasing: 0x3E000
Writing: 0x3E000
............
Authorised !
................
Restore verified OK !
Drive is Slim Lite-On..

 

[Martin C]

ok - so does this drive work after this?

If not, manually select the 0225u firmware instead, spoof source to target and try again.

 

[skatermike21988]

ok - so does this drive work after this?

If not, manually select the 0225u firmware instead, spoof source to target and try again.

No the drive doesn't work. And as I've said in the OP I already tried manually loading 0225u and tried it using both the key from Slimkey and Lite-OFW.bin and they both don't work.

 

[Martin C]

So Flashing Lite-OFW works ok, yes?

Do you always get a failure in the auth section?

 

[skatermike21988]

Here's a log of Drive at stock, doing a slimkey, then reading the OFW. You can see the difference in the keys:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
JungleFlasher 0.1.91 Beta (300)
Session Started Fri Jan 01 21:45:46 2010

This is a Wow 64 process running on 2 x 64 bit CPUs
X360USB PRO detected, Version 0.18

Found 1 I/O Ports.
Found 1 Com Ports.
Found 5 windows drives A: C: D: E: G:
Found 2 CD/DVD drives D: E:

Drive is Slim Lite-On..

Key found in KeyDB at record (1 - *************)
Key is: 7512C709005E8C99****************
Key has been tested and verified, thanks C4eva !


0000: 05 80 00 32 5B 00 00 00 - 50 4C 44 53 20 20 20 20 ...2[...PLDS
0010: 44 47 2D 31 36 44 34 53 - 20 20 20 20 20 20 20 20 DG-16D4S
0020: 30 32 32 35 00 00 00 00 - 00 00 00 00 00 00 00 00 0225............
0030: 00 00 00 00 FF FF FF FF - 00 00 00 00 00 00 00 00 ................
0040: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0050: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0060: 20 20 20 20 20 20 20 20 - 20 20 20 20 20 20 20 20
0070: 20 20 20 20

Sending Vendor Intro to port 0x0000

Serial flash found with Status 0x72

Sending Device ID request to port 0x0000
Manufacturer ID: 0xEF
Device ID: 0x11
Flash Name: Winbond/NEX(W25P20/NX25P20)
Flash Size: 262144 bytes
............
Key: 7512C709005E8C99E9********** is verified, Thanks C4eva

Grabbing Key sector: ................
Key Sector verified.
Grabbing Serial info: ........

Drive is Slim Lite-On..

Key found in KeyDB at record (1 - **********)
Key is: 7512C709005E8C************
Key has been tested and verified, thanks C4eva !
Key data saved to C:\Xbox Mods\Firmware\Backups\*******\Key.bin

0000: 05 80 00 32 5B 00 00 00 - 50 4C 44 53 20 20 20 20 ...2[...PLDS
0010: 44 47 2D 31 36 44 34 53 - 20 20 20 20 20 20 20 20 DG-16D4S
0020: 30 32 32 35 00 00 00 00 - 00 00 00 00 00 00 00 00 0225............
0030: 00 00 00 00 FF FF FF FF - 00 00 00 00 00 00 00 00 ................
0040: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0050: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0060: 20 20 20 20 20 20 20 20 - 20 20 20 20 20 20 20 20
0070: 20 20 20 20

Inquiry String saved to C:\Xbox Mods\Firmware\Backups\******\Inquiry.bin

0000: C0 85 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0010: 00 00 00 00 20 20 20 20 - 20 20 20 20 20 20 20 20 ....
0020: 20 20 20 20 20 20 20 20 - 00 00 00 00 00 00 32 30 ......20
0030: 35 32 20 20 20 20 4C 50 - 53 44 20 20 20 20 47 44 52 LPSD GD
0040: 31 2D 44 36 53 34 20 20 - 20 20 20 20 20 20 00 00 1-D6S4 ..
0050: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0060: 00 00 00 0F 00 40 00 04 - 00 02 06 00 00 00 00 00 [email protected]
0070: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0080: 03 00 78 00 78 00 78 00 - 78 00 00 00 00 00 00 00 ..x.x.x.x.......
0090: 00 00 F8 00 10 02 00 00 - 02 02 00 00 60 00 40 00 ............`[email protected]
00A0: F8 00 10 02 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00B0: 3F 20 00 00 ? ..

Identify String saved to C:\Xbox Mods\Firmware\Backups\******\Identify.bin

0000: 20 20 20 20 20 20 20 20 - 20 20 20 20 20 20 20 20
0010: 20 20 20 20 FF FF FF FF - 30 46 32 34 30 39 34 32 ....0F240942
0020: 31 36 38 35 31 35 58 58 - FF FF FF FF 53 34 50 30 168515XX....S4P0
0030: 37 30 35 30 30 30 30 30 - 31 33 34 35 30 31 00 00 70500000134501..
0040: 00 00 00 00 00 00 00 00 - 00 00 00 00 FF FF FF FF ................

Serial String saved to C:\Xbox Mods\Firmware\Backups\******\Serial.bin

Hashing Drive: ................

Dummy.bin file saved to Dummy.bin
Loading firmware from buffer
Inquiry string found
Identify string found
Drive key @ 0xA030 7512C709005E8*******
Firmware Osig: [PLDS DG-16D4S 0225]
Firmware is: SlimKey Extract
Key database updated

Sending Vendor Intro to port 0x0000

Serial flash found with Status 0x72

Sending Device ID request to port 0x0000
Spi Status: 0x00
Manufacturer ID: 0xEF
Device ID: 0x11
Flash Name: Winbond/NEX(W25P20/NX25P20)
Flash Size: 262144 bytes

Getting Status from port 0x0000
Serial flash found with Status 0x72
Reading Drive Key.
............
Authorised !
Grabbing sector 0x3E000.
................
Blank 3E000 sector detected!
Known f/w confirmed !
Sending Vendor Intro to port 0x0000

Serial flash found with Status 0x72

Sending Device ID request to port 0x0000
Manufacturer ID: 0xEF
Device ID: 0x11
Flash Name: Winbond/NEX(W25P20/NX25P20)
Flash Size: 262144 bytes

Updating flash for on-line dump.

Sending Sector Erase to Port 0x0000
Erasing: 0x3E000
Writing: 0x3E000
............
Reading Bank 0: ................
Reading Bank 1: ................
Reading Bank 2: ................
Reading Bank 3: ................
Dumped in 11959mS

Restoring sector 0x3E000.

Sending Sector Erase to Port 0x0000
Erasing: 0x3E000
Writing: 0x3E000
............
Authorised !
................
Restore 0x3E000 verified !

Lite-On Dump file saved to Lite-OFW.bin
Loading firmware from buffer
Drive key @ n/a E638AE392AA2EE1E8D*********
Firmware Osig: [PLDS DG-16D4S 0225]
Firmware is: Stock
Key database updated

Drive is Slim Lite-On..

Key found in KeyDB at record (1 - ******)
Key is: 7512C709005E8C99E9*********
Key has been tested and verified, thanks C4eva !

---------- Post added at 05:25 ---------- Previous post was at 05:24 ----------

So Flashing Lite-OFW works ok, yes?

Do you always get a failure in the auth section?

Yes flashing the Lite-OFW that I read from the drive works and I only get the failed authorisation when trying to write the Lite-OFW.bin I didn't get it while trying to flash LT+ to it.