Hey guys, I'm not very active anymore on this board, just was surfing a bit and saw this thread and thought I'd jump in.

What the tool does to check out whether the flash was succesful: it asks the bios to identify itself with a model, bios version and serial number. It then compares this info to the info in sector 16, exactly like the 360 would do. If this info matches it will say that the flash was succesful and that the drive should work in the 360.

Now, if you look at the screenshot, you'll see that it seems that the info matches (e.g. IDENTIFY DEV reply is the same as the info in the hddss.bin file). However, somehow it doesnt match, otherwise the tool wouldn't show this. Now, I encountered this also, some time ago. It is like Arakon states, because of spacing: some versions of the WD BEVS firmware remove spaces in the IDENTIFY DEV reply, hence, if the hddss.bin file contains spaces in the model/serial/bios string, the info won't match. I remember this happening with one model, not sure which one it was, but it seems it was the Fujitsu. So I'd say, see if you can get a hddss.bin from another model (seagate or samsung for example). That should fix your problem.

Hi,

Yes, that's exactly it. If you can find out which vendor (and model !) specific commands to use to read/write the FW, the rest is not that hard (e.g., you then have to find out where the info that needs to be changed is stored in the FW and then write a tool that reads the FW, mods those bytes and writes it back, exactly like the hddhackr does).

However, the hard part of course is finding out what those commands are. Most obvious way to obtain them is to dump the HDD FW and reverse engineer it (e.g. find the routines that process the commands and see what commands make it read/write FW). There are companies out that that make a living out of this, like PC3k: http://www.pc3khrt.com/pc3Kpci.htm  . They sell software (well, actually also hardware, but that's just to circumvent piracy) that implement those commands, to read/write FW's for several HDD models. So, in theory, if you could get your hands on software like that, you could maybe in turn reverse engineer THEIR software to obtain the commands. That is of course, if their software supports the specific model you want to mod. I'm not sure if that would be easier though

TS

Sure, that's easy. You, could simply hexedit sector 16 to show a bigger HDD size. Only problem here is that sector 16 is signed and you can't create a valid signature without the secret MS key. So you can't modify the info. Of course you could just simply copy the whole sector (including bigger size and correct signature) from a 120 gb HDD, so the signature check will pass. But now the sector 16 info won't match the serial info that the HDD's firmware reports to the 360. So, you'll need to hack the HDD's FW, to make it report the same info as is stated in your copied sector 16, instead of the REAL serial info. And that's exactly what my hddhackr tool can do for you.

Unfortunately, this hack can't be quickly transplanted to a Fujitsu drive, completely different firmware and operating system, you'd have to start hacking the Fujitsu all over. So, in short, best thing is to just

BTW, the info is stored on the cylinders, not on a chip, so you can't flash it. I'm not sure if there's a 'safe mode' on the WD (in which you can upload a temp FW to RAM which can flash a new one), but if so, PC3K would probably feature this. However I guess your best bet is to send the drive back for repairment (for WD itself it's a very simple task to reflash it)

From the hddhackr readme.txt:


Sorry, but your drive is dead. Either send it back for repairment or find somebody with access to tools like PC3k (but there are not many people out there with these tools).

The hddhackr uses low level commands, these are really not standard and vary between vendors, so I'm not surprised to hear that it doesn't work on other drives.

Cheers,

TS

Maybe you should (if you can) try a hdd from somebody else and see if that works ... But the thing that puzzles me is that according to you, the info matches and according to the hddhackr (and then, probably/maybe according to the 360 too, so this might be the problem) it doesnt. So, I'm really not sure what goes wrong in your very specific case ... All I know the hddhackr isn't really meant to be used with a Seagate (it's really specifically written for the WD BEVS), so maybe that has something to do with it too ...

In your case, the hddhacker did not flash the seagate, it just wrote back the sectors 16-22, which matched your FW in the first place ... But if you try to use the hddhackr with a hddss.bin from somebody else, that won't work, since it can't alter the FW from the seagate.

The process to accept a HDD is as follows:
1) It compares the info on sector 16 to the info in the FW
2) It checks the data on sector 17-22 (which contain the MS logo)
3) It checks the signatures for these

You've verified 1. If you're 100% sure that you haven't changed anything and sector 17-22 is still original, then all i can think of in this case is that your HDD connector in the 360 is defect.

You can easily check yourself if the info matches; in the winhex dump you've posted you can see the model, bios version and serial number; verify that these are exactly the same as your drive shows in bios or in windows system config.

I created the hddhackr to change a cheap WD BEVS into a 'valid' 360 hdd; it only works for the WD BEVS (every FW is different, I had to pick a brand/model, WD BEVS was the cheapest AND the best available and I still think it is).

As I understand, you're trying to flash a seagate hdd with the hddhackr, that won't work.

If you've lost your original 'security sector' for your Seagate, then you can't use the drive in the 360 anymore and there's no way of fixing it, at least, not without the help of MS (e.g. there's no way to generate a valid signature and there's no tool available to flash the FW of the seagate with new serial info, to match any security sector).

the 'real' firmware in modern HDD's is stored on the disk itself, the chip only contains the loader.

Here's a small essay I wrote, when I started researching HDD stuff (in order to code the hddhackr), it's probably helpful to anyone who wants to do HDD modding:

http://forum.hddguru.com/sticky-important-topics-beginners-please-look-here-first-f16/newbie-info-from-and-for-newbies-about-firmware-sa-etc-t6562.html

Your sector 16 says 'st920217a', which is a Seagate, NOT a Samsung. Therefor it doesn't work (your sector 16 doesn't match the FW).

No. Such tool would have to be written by a hacker (since Samsung obviously isn't going to support modding/copying of serial info etc). It's quite some work. People have asked me to redo the tool for other brands, but it's not that easy: since there's no info at all available on this subject, you have to do a lot of research to get familiar with a specific model HDD. So it's not that the hddhackr tool could easily be modified to support Samsung, quite the contrary, it would be a LOT of work.

Please re-read my post, a dvd-r contains less sectors than a DVD-ROM, so it can NEVER be 'exactly' the same. When they designed the DVD-R standard, they of course held into account that there should always be differences between DVD-R and DVD-ROM, otherwise 100% identical copies would be possible.

Already on xbox1, MS did some things to prevent copying: they inserted custom data into the header of some sectors (the 'security sector') and they inserted data into the 'non data' area's of the disc (the 'security sector' is outside the regular data area). A normal dvd writer could probably be modified to write raw sectors (so insert custom data into the header) and can surely be modified to write custom data to the non data areas (lead-in, lead-out).

When we started with the hacking of the dvd firmware, it of course crossed our minds to just mod a dvd writer's firmware instead of the xbox DVD (read the original dvd hacking thread), but it would probably be just more work and you'd be limited to the specific brand dvd writer you'd have hacked. Besides, an original contains more sectors than a dvd-r, so it wouldn't be too hard to defeat this kind of hack.

So in short, controlling the dvd firmware always makes the hacker come out as the winner in the 'ms-hacker' contest. However, I'm quite sure MS has learned their lesson and will make the next gen xbox have drives that can execute uploaded code to RAM. This way, they don't depend anymore on the security in the drive (at least, not solely) and they can always upload new checks/protections if a hack is released. In combination with xbox live, they'll then always win the battle.

MS wanted the xbox 360 to be the first 'unhackable' console. They failed. I think they will succeed next time.

I know a lot of so called 'sceners' will hate you for saying this, buddy, but I also completely agree with you. MSFT has, untill now, never even threatened any hacker in this scene with legal steps, let alone try to arrest a hacker and I think we should be very thankful for that. But man, messing with their love baby, xbox live ... That's just really ASKING for trouble. It's not even this step ITSELF that is 'threatening' to them, since its impact probably won't be too big: exactly like you said, you'll never be able to generate serials and who wants to give his KV to somebody else, it will be a piece of cake for MS to ban double serials, resulting in 2 banned xboxes instead of 1. But yes, it's really the 'direction' where this is going to that I personally don't like at all either. And man, stuff like messing with gamescores ... THAT would REALLY become a threat to xbox LIVE and I'm 100% sure MS will do EVERYTHING possible to prevent/stop that. And, since preventing is always better than stopping, THIS step into messing with XBL (copying of KV's) MIGHT just be the point that MS feels too that this is all going into the wrong direction and might consider to start taking (legal) actions, in order to stop more progress into this direction and/or make an example out of this to stress that there are lines we just shouldn't cross ...  MS has shown that they're not out to kill hackers, but at some point you'll just leave them with no other options and they'll just HAVE to intervene, everybody can see that coming if you start going down this road ...

The relationship MS/hackers has been pretty good lately, but this really might start changing that and in the end, that will be bad for everybody ...

Yes, that's their statement, they want to support others who want to port it. But it would take others even WAY more time than it would take themselves. To me, it just feels like they're letting us down, us the hacking community. We've come so far, done so much work and now we're more or less ready they still are not interested in doing it. Of course, again, I'm not blaming them, who can blame anyone who has done such great work in the past, without getting paid anything at all. I'm grateful for what they've done in the past. I just had hoped they would change their minds and stop with XBMC Linux, that is just a dead end IMHO, it will never make XBMC as big as a pure x360 would be. That would make the x360 THE best media center available and blow away all commercial products. It would even make MS happy (although there are rumours that MS will support divx and xvid, I seriously doubt that, they would just get into too much 'policital' trouble)

Well, that's the same idea as I had. I hoped that once we had opened everything up (and tools to open up the x360 would be available to everybody, like they are now since the timing attack hack), Team XBMC would change their minds. But they didn't and clearly stated on their forums that they are not going to port XBMC to x360. And what's homebrew without XBMC ? So, I think that's the explanation why there isn't too much motivation in the hacker community to work on hacked kernels... Well, I can't blame team XBMC, it seems like a pretty huge project to port it, but man, XBMC on the original xbox is just a dead end, no support for high resolutions, who wants to see low crappy resolutions on their new plasma HDTV ? And sure, XBMC for Linux on the 360 is nice, but way too much hassle to get that up and running if you want to watch a vid. And therefore, by not porting XBMC to the x360, I think XBMC itself is now slowly going to die.

Anyway, I've pretty much given up the hope on x360 XBMC and I think I'm gonna sell my original xbox and get myself one of these bad boys instead next week:

http://www.tvix.co.kr/Eng/products/5100sh.aspx

That's pretty much all the x360 XBMC should do

Actually I'm a bit surprised that nobody has developed a XEX hdd loader yet. It seems there are not a lot ppl in the hacking community that really care about it. I know I don't...

I'd love to help out to get xbmc 360 running though, but as Team XBMC said they're not interested in developing a pure x360 version, there's not a lot of hope this will ever happen on the 360... of course, we'll be able to run it via Linux at one point but that just plain sucks in my opinion: first load KK, then load linux and then XBMC ? I just want to turn on my x360 and see XBMC pop up after a few seconds. But if Team XBMC doesn't want to port it, I guess we'll never see that on the x360... So, IMHO there's not much really interesting hacking work left to do for the 360 and XBMC x360 will never be ... Too bad ... really too bad...

Again, congratulations to Arnezami for his great idea. I love it when a plan comes together 

Now people can finally get serious about homebrew. hopefully Team XBMC will reconsider their Linux idea and code an XBMC that can be booted directly.