Killian's LT+ Flashing Tutorial
Concept 2: Samsung MS25 & MS28
This is the 2nd tutorial in Killian's Concept series.
The 1st tutorial (a must-read) can be found here.
After typing up the first, I took an hour break and completely reanalyzed everything I know about modding the Xbox 360 console. For the most part, I'm going to keep this as simple as I can, but before you continue reading this, please go through Concept 1, and ask yourself if you truly know what I'm talking about. If you can honestly say yes, then I welcome you to proceed with this tutorial. I'm asking any user, noob or not, that if you're stumped: ask questions. I don't mind answering your questions. Add me on MSN. PM or VM me. By any means, please do so. I do not want you to brick your disc drive.
EDIT: I finished this tutorial at about 12:20 AM, Saturday morning. While in the process of typing this up, I realized I wouldn't have enough room to cover BenQ and both Samsung drives. BenQ will be in Concept 2.5, yet to be made.
Now since you're here in Concept 2, I'm going to assume you know what I'm referring to throughout this tutorial.
JungleFlasher (JF) is a tool developed by Team Jungle who brought all the tools and procedures of Xbox 360 drive flashing together in one simple Win32 application. Before JF, the functions were carried out by many different applications, including some in Dos and Win32. For lack of a better description, here's what each tab does, directly from the makers:
The DVDKey32 tab is used to extract info from LiteOn - the undumpable drive. All unique information is extracted: DVD key, unique inquiry and identify strings and drive serial information. This info is stored in one easy to use file,”Dummy.bin”. This is a 256kb file that mimics the approximate structure of a BenQ firmware file and is automatically loaded to the source sub‐tab in the FirmwareTool 32 Tab. Jungle Flasher v0.1.55b also brought the unique feature of dumping “Dummy.bin” from iXtreme flashed LiteOn Drives solely using S‐ATA. There is also a facility to create a “dummy.bin” from previously extracted files, although fresh extractions should be completed where possible. Every effort has been made to make key extraction as reliable as possible. Multiple Dumps are no longer required as a Key verification routine is now in place that verifies the Key against the Drive itself.
The MTKFlash 32 tab is used to unlock Benq and Samsung drives and then dump the current flash for use in the source sub‐tab in FirmwareTool 32 tab. You can also erase a LiteOn in preparation for flashing. All 3 MTK Based drives can be flashed using this tab.
The Hitachi GDR3120 tab is for Hitachi drives which are flashed differently from the MTK based drives mentioned above, therefore have their own dedicated tab. Hitachi’s are flashed as a “Live” drive, on a sector by sector basis and as such needs to be performed in a very controlled way so the process is heavily automated. JungleFlasher will only flash iXtreme to a stock drive and so a restore facility is provided, which allows for a full restore to stock f/w of previously modded drives. Several additional features like setting Mode-B over PortIO, USmodeB and 79Unlock are included for convenience. Dumping and flashing is also possible over PortIO for those who removed VIA drivers to work around Lite-On-Erase lockup issues.
Lucky for you, all you will be using for BenQ and Samsung is the MTKFlash 32 tab. Let's continue, shall we?
This part will cover the Samsung MS25, as shown above. If you have MS28, please skip over this. Before we can do anything to the drive, we must first put it in vendor mode. To do this, select the MTKFlash 32 tab.
Note: Upon selecting the correct port the drive shows up and key is dumped and verified against the drive! (Before doing anything to the drive) – The firmware has NOT yet been dumped! However, if you save the log you now have a known verified key from your drive. unmodified Samsung MS25’s have no FirmGuard. Therefore, do not need an unlock method to be applied, simply click Intro / DeviceID and check flash chip properties for status 0x70.
Before I go on, I'm going to take a pause with Samsung MS25 and catch everyone up on Samsung MS28.
Select correct I/O Port (check for TS-H943 in the Drive Properties) and click Sammy UnLock.
You will be presented with the following warning notifying you that Sammy UnLock only works on stock drives and how to unlock if using (i)Xtreme. NOTE: Even though JF doesn't not show LT+ capabilities, it follows the same procedures for Samsung as flashing the older 1.6 iXtreme.
Select yes and watch the Running Log in JungleFlasher; this is a ‘good’ return message, JungleFlasher will also automatically send the intro command and put the drive in Vendor Mode.
The drive should be in Vendor Mode (0x70) now and return good flash chip properties; you can check under Flash Chip Properties, Drive Properties should show “Drive in Vendor Mode!”
At this point in the tutorial, both MS25 and MS28 follow the same procedure and will do so for the remainder of it. Take care, and follow my instructions precisely.
Reading from the Drive
Firstly, we'd like to read the firmware from the drive, so select "read."
Make sure to keep your attention to the Running Log and make note of any errors. Hopefully, if you've done this correctly, you won't have any.
If everything is successful, JF will then prompt you to save a copy of the stock firmware. I highly suggest doing so.
Once saved, JungleFlasher will then prompt you asking if you would like to auto-load iXtreme for Samsung Drives. You must have installed the JungleFlasher Firmware Pack into the same directory as JungleFlasher.exe if you wish to benefit from this feature.
Click Yes to auto load iXtreme (from the firmware pack) for Samsung into the Target Buffer, JungleFlasher will also load your previously dumped Sam-OFW.bin as Source Firmware. Then, copy data from Source to Target automatically.
Just verify Source data reports as it should, OSIG of TSSTcorpDVD-Rom TS-H943 with a key with no multiple FF / 00 / 77 bytes.
In the picture above,
make sure the data shown in yours matches
with the coordinating boxes.
Your data isn't mine,
but they should match each other.
To save a firmware file based on what’s currently in Target Buffer click, Save to File.
JungleFlasher will ask you where to save the hacked firmware and what you want to name it, and then you can proceed to write the firmware to the drive.
Writing custom firmware to the drive
To write the firmware, as long as drive is still unlocked (Vendor Mode) we just click MTKFlash 32 tab. Make sure you verify that you have good flash chip properties still.
Without further ado, click Write.
The Write command will erase and flash all 4 banks in turn, then read back the flash and verify.
A series of 16 …..’s is JungleFlasher writing the 16 sectors of each bank (4 banks, 0/1/2/3). After writing all 64 sectors, signaled by 64 dots (16 dots across 4 banks) JungleFlasher will verify what it wrote by reading back and comparing against the Target Buffer. So, what we really want to see is Write Verified OK!
CONGRATULATIONS! You've successfully flashed your Samsung drive! Power off your console, and plug your drive back in. Reassemble and go play your backed up games!
Shoutout to the MPGH community. A great big thanks to Team Jungle for providing me with a link to their old manual, which built the base for my entire tutorial.