Xtreme firmware detection

[MacDennis]

Wanted to start a rather technical thread. Let's discuss the ways the Xtreme firmware and/or the backups can be detected by you and/or the console!

For starters, grab a copy of the multi media commands ata/atapi specifications.

I can't verify these claims because I don't own a TS drive, maybe someone else can.

1. Request the physical format data. The physical information data is present in the lead-in of the disc, we can't modify it to our needs. A backup should return different data in comparison to an original disc. DvdInfoPro can be used to grab the data. The console already requests this data from the disc, this was mentioned by Tiros. So perhaps the console is already counting the number of times you have played a backup but keeps quiet about it! Note that both the console kernel/dashboard but also the game can request this data!

2. Request manufacturer information. Same story as the physical format data. The command to retrieve this data is slightly different. Again, you can use DvdInfoPro to retreive the data, simply compare the backup with an original.

3. Check if the video partition (data) is present. If I'm not mistaken, the Xtreme backups do not contain the video partition (data). In this case it's very easy for the console and/or game to detect if the disc is a backup. Every game should have it, if it doesn't then it's a backup. Again, very, very easy to detect. Thing is, this problem can't be fixed with a firmware upgrade. So if your backups are being detected then they will all be useless in one go.

Anyone else can think of more ways?

[Pec]

3. They have a video partition, but its filled with dummy data

4. Maybe the dashboard/xbe can request a specific sector, so its possible to check if theres a SS in a location where none should be

[MacDennis]

3. They have a video partition, but its filled with dummy data

And that's exactly the problem. The video is missing.

[Pec]

To compare the backup, the xbox needs to know how an original should look like. This check could only be implemented in an xbe (the game checks itself), not in the dashboard.

[Pec]

There could be another way. If we could dump the fw, the xbox can also. So it should be easy to checksum the dumped fw, and compare it with known checksums (omit the key location)

[MacDennis]

To compare the backup, the xbox needs to know how an original should look like. This check could only be implemented in an xbe (the game checks itself), not in the dashboard.

No it doesn't need to. The 'size' of the video partition is mentioned in the physical format information. This data is the same for each and every disc. This was also the case for xbox1 discs. The physical format information of a backup is completely different!

And if games start checking this stuff then you still have a problem, there's no way around this.

[MacDennis]

There could be another way. If we could dump the fw, the xbox can also. So it should be easy to checksum the dumped fw, and compare it with known checksums (omit the key location)

Yes, good point. That's another way but I think this is the last thing they will try. I think the disc will be checked first and then maybe the firmware later on.

[MacDennis]

4. Maybe the dashboard/xbe can request a specific sector, so its possible to check if theres a SS in a location where none should be

Not possible. The SS is placed in a location which can't be read by the console or game. It's hidden.

[wildje]

To compare the backup, the xbox needs to know how an original should look like. This check could only be implemented in an xbe (the game checks itself), not in the dashboard.

No it doesn't need to. The 'size' of the video partition is mentioned in the physical format information. This data is the same for each and every disc. This was also the case for xbox1 discs. The physical format information of a backup is completely different!

And if games start checking this stuff then you still have a problem, there's no way around this.

Well, this would be the most logical way to check an inserted disc beeing a original (or not). I personally beleive this is the way MS are going to respond. Just tighten it up in the most simple way. This could all be added to the dashboard prior to executing the xex.

[slider123456]

Just wondering if these checks could be programmed in an xex of a game so it can't be taken out. Then that game and any game with that program can't be run on modified firmware.

[Arakon]

of course, easily in fact.

[MacDennis]

Just wondering if these checks could be programmed in an xex of a game so it can't be taken out. Then that game and any game with that program can't be run on modified firmware.

Yes, xbox1 games already have similar checks.

[slider123456]

The firmware backup ride will probably be a short one  .

[Pec]

It will be a cat-and-mouse game. We have taken over the control of the dvd drive, so we can fake every reply to the console we want to. They want the manufactorer id? No problem, they'll get a faked one, and so on....

[MacDennis]

It will be a cat-and-mouse game. We have taken over the control of the dvd drive, so we can fake every reply to the console we want to. They want the manufactorer id? No problem, they'll get a faked one, and so on....

There's no way to 'fake' the missing video data from the firmware. Same for the manufacturer information, that information is pretty large and is probably tied to each game. Storing such a sector in the firmware makes no sense. But no matter what, all backups will be useless pretty soon I guess. The console already reads the physical format information but doesn't really check it thouroughly yet as it seems. Please note that the physical format information also holds information about disc type, recordable or not recordable besides other things. A recordable disc IS a valid medium but not when it's a game ofcourse.

So, a game could in theory check if it's running from a recordable disc and refuse to run if it detects something like that. Such a check could be included in the standard XDK libraries soon.

[LilaQ]

Just wondering if these checks could be programmed in an xex of a game so it can't be taken out. Then that game and any game with that program can't be run on modified firmware.

Yes, xbox1 games already have similar checks.

So the disc would check itself, instead of the FW doing the checks? That would be pretty annoying, hu?

[MacDennis]

Just wondering if these checks could be programmed in an xex of a game so it can't be taken out. Then that game and any game with that program can't be run on modified firmware.

Yes, xbox1 games already have similar checks.

So the disc would check itself, instead of the FW doing the checks? That would be pretty annoying, hu?

Firmware can and does perform checks but has been hacked ..
Kernel / dashboard can and does perform checks and probably will have more checks in the near future which can't be patched ..
Disc main executable can in theory perform checks and probably will actually have them in the near future which also can't be patched ..

[slider123456]

It will be a cat-and-mouse game. We have taken over the control of the dvd drive, so we can fake every reply to the console we want to. They want the manufactorer id? No problem, they'll get a faked one, and so on....

There's no way to 'fake' the missing video data from the firmware. Same for the manufacturer information, that information is pretty large and is probably tied to each game. Storing such a sector in the firmware makes no sense. But no matter what, all backups will be useless pretty soon I guess. The console already reads the physical format information but doesn't really check it thouroughly yet as it seems. Please note that the physical format information also holds information about disc type, recordable or not recordable besides other things. A recordable disc IS a valid medium but not when it's a game ofcourse.

So, a game could in theory check if it's running from a recordable disc and refuse to run if it detects something like that. Such a check could be included in the standard XDK libraries soon.

 Do you mean all backups or all backups with that check programmed into it?

 If there was a way I think M$ would love to shut down backups of games without those checks, games that are out right know. I don't know if that is possible though.

[fasttrack]

If there was a way I think M$ would love to shut down backups of games without those checks, games that are out right know. I don't know if that is possible though.

If the XDK libraries had been updated with the extra media checks then in theory existing games could just have the XEX recompiled and sent out as an update over Live saying that it's an update for that particular game, they have the infrastructure in place and are already using it for titles such as DOA etc which required updates pretty much immediately as soon as it hit the store shelves!

I think this would be feasible anyway?

[MacDennis]

If the XDK libraries had been updated with the extra media checks then in theory existing games could just have the XEX recompiled and sent out as an update over Live saying that it's an update for that particular game, they have the infrastructure in place and are already using it for titles such as DOA etc which required updates pretty much immediately as soon as it hit the store shelves!

I think this would be feasible anyway?

Very good point! I didn't think of that possibility yet. Yes, VERY feasible.

@Pec, current backups can be shut down by using the various ways which have already been mentioned. For example: checking physical information and existance of video data.