Xtreme firmware detection

[Pec]

Maybe i havent understood something, but i thought that the dashboard, kernel, xbe ... always rely on information given by the dvd drive. Is that correct?

[ghost]

"""1. Request the physical format data. The physical information data is present in the lead-in of the disc, we can't modify it to our needs. A backup should return different data in comparison to an original disc. DvdInfoPro can be used to grab the data. The console already requests this data from the disc, this was mentioned by Tiros. So perhaps the console is already counting the number of times you have played a backup but keeps quiet about it! Note that both the console kernel/dashboard but also the game can request this data!"""



If the above is true (And i see no reason for it not being) then there "could" be lots of people being summonzed to court backed with hard prosicution evidance!!
But as so far the only people being hammerd by M$ are the guys modding the boxes and not the people using the backups i think its something not worth worrying about, I think more`s the case that any warrenty will be gone and the possibilty of a ban from live.

M$ could also gather ilegal Keys and issue a "key" ban like sat/cable did, Turning your Xbox 360 into a useless pile of junk

[slider123456]

If the XDK libraries had been updated with the extra media checks then in theory existing games could just have the XEX recompiled and sent out as an update over Live saying that it's an update for that particular game, they have the infrastructure in place and are already using it for titles such as DOA etc which required updates pretty much immediately as soon as it hit the store shelves!

I think this would be feasible anyway?

Very good point! I didn't think of that possibility yet. Yes, VERY feasible.

@Pec, current backups can be shut down by using the various ways which have already been mentioned. For example: checking physical information and existance of video data.

 If you did not go on Xbox live I do not think there is anyway they could shut down existing backups.But pretty soon they should be able to make games that will not run on modified firmware unless there is a modchip or some other exploit.

[creatox]

I think new games will need and force a dash-update. With this updated dashboard, the console could check the FW... oops problem.

I think this FW hack will not live long 

[LilaQ]

Yeah, looks like there won't be any Cat & Mouse - Game, at least not with the FW hack...

But let's hope it'll last until the release date for an hopefully upcoming modchip, (devil360? who knows?)

[MacDennis]

I think new games will need and force a dash-update. With this updated dashboard, the console could check the FW... oops problem.

Correct. Such games already exist. Well, they already did that a long time ago with xbox1 games, forcing a dashboard update.

I think this FW hack will not live long 

The current FW hack can and will be detected very easily rendering your 'expensive' backups useless.

[Geremia]

original leadin of 360 disk can be reburned into a burnable area, a probably simple modify to current hacked fw could look to this.
MS can implement CSS key or BCA, this is not burnable.

[Tiros]

4. Maybe the dashboard/xbe can request a specific sector, so its possible to check if theres a SS in a location where none should be

Not possible. The SS is placed in a location which can't be read by the console or game. It's hidden.

You sure about that?
I thought that the C4E redirected the SS to PSN 04fb1f. Wont simply a read to LBA 07fb1f return the C4E SS?

[MacDennis]

4. Maybe the dashboard/xbe can request a specific sector, so its possible to check if theres a SS in a location where none should be

Not possible. The SS is placed in a location which can't be read by the console or game. It's hidden.

You sure about that?
I thought that the C4E redirected the SS to PSN 04fb1f. Wont simply a read to LBA 07fb1f return the C4E SS?

Ahhhh yes, you are right and I'm wrong. PSN 0x04FB1F can't be read when using an original disc (it's hidden) but CAN be read when using a backup disc because of the physical format data. Sorry for the confusion. So yes, reading that sector should normally return an error but if the sector can be read, then it's a backup.

[elitedev]

we can just spoof the call for the physical format data so it returns the correct data. how else can microsoft detect this hack?

[MacDennis]

we can just spoof the call for the physical format data

Ofcourse many things can be faked but that isn't the point of this topic.

so it returns the correct data. how else can microsoft detect this hack?

Read the first page of this thread, there are various ways besides a check of the physical format data.

[Pec]

That was my initially question. Tell me one call to the dvd drive, which cant (at least theoreticly) be faked by a modified firmware.... BTW, if one dump the fw, is the dump routine invoked "hard-coded" in the drive controller or is it just a call to a function within the firmware (the fw dumps itself  )?

[elitedev]

thats exactally the point i was trying to get as well. it pains me to hear everyone saying this hack is going to be short lived... sure the video is missing from some peoples back-ups, we can burn the video from now on. as well, we can spoof the physical format info and everything else microsoft wants (heck im sure we can even embed a completly original firmware in the iso and then it would be possible to return a perfectly original firmware... there would be no way for microsoft to detect this whatsoever, as the system was not designed to do this, we know this from reversing the firmware in the first place. im sick of the negitive attitudes ive been hearing all over this forum, we should be fixing these problems now not just talking about them. i dont think microsoft can do anything, how much could you modify that firmware without damaging compatibilty of older pre hack titles? ... not much. it would be useless for microsoft to combat it like this as it would be a constant loss for them (they pay there people... we dont have to pay our people). im sure they will just switch to a new dvd drive (i heard rumor of a lite-on drive coming) that will solve there problems im sure. ultimately i think we will have the hack for a long time to come =)

pec: the firmware has a function embedded that accepts the flash.. that function is completly modifiable in the firmware.

[fazered]

thats exactally the point i was trying to get as well. it pains me to hear everyone saying this hack is going to be short lived... sure the video is missing from some peoples back-ups, we can burn the video from now on. as well, we can spoof the physical format info and everything else microsoft wants (heck im sure we can even embed a completly original firmware in the iso and then it would be possible to return a perfectly original firmware... there would be no way for microsoft to detect this whatsoever, as the system was not designed to do this, we know this from reversing the firmware in the first place. im sick of the negitive attitudes ive been hearing all over this forum, we should be fixing these problems now not just talking about them. i dont think microsoft can do anything, how much could you modify that firmware without damaging compatibilty of older pre hack titles? ... not much. it would be useless for microsoft to combat it like this as it would be a constant loss for them (they pay there people... we dont have to pay our people). im sure they will just switch to a new dvd drive (i heard rumor of a lite-on drive coming) that will solve there problems im sure. ultimately i think we will have the hack for a long time to come =)

pec: the firmware has a function embedded that accepts the flash.. that function is completly modifiable in the firmware.

With the new drive coming and the relatively small (compared to the life of the console) userbase they might not throw too much into fighting the hack, especially over time. Once they have tightened up the hardware and there are 20-30million units out there with only 5million or so hackable, with most of those in the hands of people not willing or able to hack them. It's not a major set back for them. Anyway by then there will be a modchip to deal with!


PS. Would the other method used by TheSpecialist have been harder for MS to detect?

[82ross]

thats exactally the point i was trying to get as well. it pains me to hear everyone saying this hack is going to be short lived... sure the video is missing from some peoples back-ups, we can burn the video from now on. as well, we can spoof the physical format info and everything else microsoft wants (heck im sure we can even embed a completly original firmware in the iso and then it would be possible to return a perfectly original firmware... there would be no way for microsoft to detect this whatsoever, as the system was not designed to do this, we know this from reversing the firmware in the first place. im sick of the negitive attitudes ive been hearing all over this forum, we should be fixing these problems now not just talking about them. i dont think microsoft can do anything, how much could you modify that firmware without damaging compatibilty of older pre hack titles? ... not much. it would be useless for microsoft to combat it like this as it would be a constant loss for them (they pay there people... we dont have to pay our people). im sure they will just switch to a new dvd drive (i heard rumor of a lite-on drive coming) that will solve there problems im sure. ultimately i think we will have the hack for a long time to come =)

pec: the firmware has a function embedded that accepts the flash.. that function is completly modifiable in the firmware.

This was exactly my trail of thought. This thread made me second guess myself but you just reassured me I think all the methods described previous are vaild methods of detection but all rely on the firmware to give the answer at some point. The game xex can request information? It has to be loaded into memory first and then communicate with the dvdrom => firmware. Theres only so many ways MS can request info from the firmware. Once they are all identifyed and routines added to return spoofed data I cant see how MS can combat it. But i must confess, MS have got smarter people than me (?) maybe theres something they know that i dont.

Ill say it again, Its like asking a liar if hes telling the truth then believing him when he says yes!

[angerwound]

If the XDK libraries had been updated with the extra media checks then in theory existing games could just have the XEX recompiled and sent out as an update over Live saying that it's an update for that particular game, they have the infrastructure in place and are already using it for titles such as DOA etc which required updates pretty much immediately as soon as it hit the store shelves!

I think this would be feasible anyway?

Very good point! I didn't think of that possibility yet. Yes, VERY feasible.

@Pec, current backups can be shut down by using the various ways which have already been mentioned. For example: checking physical information and existance of video data.

MacDennis: XEX Updates for games are simply PIRS archives stored in the /partition3/cache directory of the console. Game updates can easily be removed, therefore updating their executable to check can be worked around. Simply removing them asks you to update again.

However, without the update; users wouldn't be able to login to the live service while using that title.

[Tiros]

thats exactally the point i was trying to get as well. it pains me to hear everyone saying this hack is going to be short lived... sure the video is missing from some peoples back-ups, we can burn the video from now on. as well, we can spoof the physical format info and everything else microsoft wants (heck im sure we can even embed a completly original firmware in the iso and then it would be possible to return a perfectly original firmware...

Not specifically @elitedev

The topic of the thread is EXTREME FW detection, I believe McD was looking to address issues with the Extreme FW, since that is all that exists publicly.
It pains me to here all the WE can do this and WE can do that when in fact only C4E has proven his ability to address problems like this, and share the results. This board is now riddled with babies looking for a handout and mindless speculation about what's coming next. After TS proved the results he had, it wasn't like there were tons of guys stepping up to complete the project. In fact, I question if anyone here who is capable of overcoming these obstacles will be willing to share at all. There just doesn't seem to be enough talent (that is willing to take a chance pissing on Bills shoe). Witness the thousands, begging for the hitachi firmware, and threads about when it MIGHT be released. PLENTY of info to do it, but no one stepping up. I'm sure there will tons of threads begging C4E to fix the problems down the road as well.

AS IS, the hack is soooo easily detectable, it's like giving a loaded gun to a baby to play with.
Yeah, I know, all we have to do is this and that.....
But who are WE?
If it wasn't for C4E, "WE" would STILL be waiting.

[spanky34]

Dont mean to be rude, but is ms was watching this thread, they would know exactly how to stop us lol.  seems like we are doing some work for em.

[MacDennis]

That was my initially question. Tell me one call to the dvd drive, which cant (at least theoreticly) be faked by a modified firmware....

This topic is about the current Xtreme firmware, not some hypothetical modchip / firmware. In theory any call can be faked, a dvd-rom is just a static data store.

BTW, if one dump the fw, is the dump routine invoked "hard-coded" in the drive controller or is it just a call to a function within the firmware (the fw dumps itself  )?

I don't know much about the TS but in the LG firmware read routines are stored in the firmware and they don't even need to be in the firmware, they can be uploaded to RAM and executed from there.

[geebee]

Dont mean to be rude, but is ms was watching this thread, they would know exactly how to stop us lol.  seems like we are doing some work for em.

well as this is a hacker forum, its better if MS patch it, so the geniuses can do some MORE hacking.

Its the fun of the hack, not the end result :-)