I been reading the patent and it seems to me that it would be impossible to hack the new drive if mediatek implemented their invention correctly (and they most likely did!!).
I recall that in fact the new controller has an "update routine" integrated to it, so it must be possible to erase the flash rom and write a hacked firmware. BUT the patent says that, in the upload routine, the host uploads the new firmware to an internal buffer and if some "pattern" checks against the internal memory then the update continues. Just what if the "pattern" is the drive key??!!!
The patent says that at least some fragment of the memory CANT be read. Just imagine what part it is. Obviously it would be the key for starters. So even if we are able to dump the "body" of the firmware we would never be able to dump the key.
This would render the drive "almost" unhackeable as there is no bus to trace because the bus between the pattern comparison, the update buffer and the flash memory, everything is inside the same physical chip!!! Thus you would never be able to know the drive key. You may attempt random keys and if, by luck, you inject the right one on the update firmware then you may hack it. But it is highly unlikely.
Obviously this would impose no problem for MShit as they should have a relation of each S/N and its corresponding drive key. In the case the need for update should arise they could easily inject the correct key and update it.
As soon as I saw the patent I went to get me a LOT 811 Arcade (It appears to be the good old Benq, white wires in the hole
. I really think that MS got us now, that is if they did what I think :b LOL
My recommendation: Get a LOT<813 and if you send your box to repair for gods sake dump your key!!!
QUOTE(Iriez @ Jun 9 2008, 07:20 AM)
It appears that mediatek has filed patents regarding new securities for console drives.
Please review mediatekpatent.pdf
for more information.
c4e: someone will need to dump the memory bus on the drive, maybe a d0-d7 on the mediatek chip to get the fw
c4e: then u should be able to trigger an erase to write the fw
c4e: but they have implemented a hardware checksum back to host when host requests
c4e: so should be doable if we first get a dump
So, looks like MS has done a little backend work on getting mediatek to make some security advancements on this one!