The Challenge Response Protocol

[burgemaster]

6) are my questions stupid and dont deserve answering 

No, not stupid. Way off-topic? Yes they are ..

Sorry meant to post a new thread, dont know how it got in here

Well im going to be patient and wait for some sort or release before i viod my warrenty, i feel i couldnt help any1 even if i dumped my firmware!!!

and thx for the answers guys, seeya

[SuperMario]

The drive is making the timing measurement and returning the result to the console. Im 99% sure this measuring read or seek times across a range of place holders. Timing how long the drive takes to perform this measurement makes no sense IMHO. Whether I read this value from a look up table on a dvdr (slow), from fixed tables in flash (faster) or I copy them to RAM and read them from there (slightly faster) makes no difference if the hardcoded response is correct, the console's happy

Robinsod:

You obviously have a lack of knowledge about low level optical disc systems, if you think timing of such information makes no sense.

Further, you appear to be looking at if from the consoles point of view from the drives responses - I am looking at it from the drives point of view of the disc.

I am looking for a full and fundamental understanding of exactly how the complete authentication system works, not some fudged hack which can be detected/fixed by MS overnight.

SuperMario.

[MacDennis]

You obviously have a lack of knowledge about low level optical disc systems, if you think timing of such information makes no sense.

First, why do you take every opportunity to diss people? It starts to get annoying. This is not a "my ego is bigger than yours" battle.
Second, well, what do you think IS timed then as you seem to know everything better.

Further, you appear to be looking at if from the consoles point of view from the drives responses - I am looking at it from the drives point of view of the disc.

So?
Actually, 99% of the (firmware) hackers are looking at somewhere in between ..
People are targetting the firmware because they don't have the same resources like you do.

I am looking for a full and fundamental understanding of exactly how the complete authentication system works, not some fudged hack which can be detected/fixed by MS overnight.

May I repeat a previous question?
You are determined to make an exact 1:1 replica. Why If I may ask? If we had the hardware which could burn a 1:1 replica down to the physical level, what do we learn from it?

[SuperMario]

MacDennis:

It has nothing to do with ego, and all to do with how information is presented.  When someone posts something and leaves out (or edits out...) pertinent information, then it irks me.  A prime example is in Robinsod's first post in this thread, where he doesn't tell others which vendor command he used to do the timing on the TS drive.  Then he goes on and claims he won't discuss his Mode05/Mode07 captures - he said specifically "don't ask him".  Such things get my goat up and I will always respond in kind.

I'm looking at the disc, because if I can determine exactly how the system works, then I can be sure of what is required to bypass the regional coding.  I have no ulterior motive other than learning what a given security system is doing for that reason.

I'll sum up my position on this, because I have got some mails from people who are obviously pirates/modchip researchers:

I am located in Australia.  Here reverse engineering, for the explicit puropose of interoperability, is expressly allowed for the defeat of technical protection measures to bypass regional coding on movies and/or games.  If a company (such as SCEI) inextricably link their regionality detection to their authentication (anti-piracy) system, then they will get both system compromised in the process.

My goal is to be able to make a 1:1 replica of a given disc, then examine and determine the minimal changes that need to be effected in order to allow a disc from another region to be booted/played on the system.

I agree that there are many ways to skin a cat (I prefer boiling first for 25 minutes...) but the way I am doing it leaves absolutely no doubt and ensures future compatibility.  To each his own.

Edit for spelling only.

[SuperMario]

I just got another email, so let me be absolutely clear on this:

I have an abhorence of piracy.  The reason I am going to the lengths that I am right now, are simply to be able to, if at all possible - preserve the anti-piracy system, whilst still allowing original games/movies from alternate regions to work.  I have no hatred of MicroSoft, in fact, I think the X360 is an awesome bit of kit. 

My life would be far easier if I just killed all of the authentication system off, but that would end up hurting more than helping.

SuperMario.

Edit, again for spelling.

[MacDennis]

*large edit*
Point taken.

My goal is to be able to make a 1:1 replica of a given disc, then examine and determine the minimal changes that need to be effected in order to allow a disc from another region to be booted/played on the system.

If your sole reason is to boot/play games from other regions then I think you are looking in the wrong direction IMHO.
Just being curious now, what makes you believe that you can boot/play discs from another region if the drive firmware is completely hacked and/or if you're able to make an exact replica. To my understanding, you can't ..

[SuperMario]

MacDennis:

The reverse engineering of the drives firmware is an early (and easy, in comparison) step in the process. 

The main thrust of my development right now is to learn the entire operation capacity of the disc authentication and regionality enforcement system. 

Then I need to differentiate between them at a level where the modifications will cause as little disruption (and obviously detectability) to the console itself.

The whole idea is to find where the differences are, the points at where the alterations can be made, be it in firmware, in transmission, by substitution...  I have mechanisms at my disposal to achieve this - the goal is to find something that will not break too much else in doing so.

At the base of it all, however, is the need to know exactly what I have the potential to break, and the only way to be sure of that is to understand the systems involved completely.

I already have discs that have only the region bytes ("J" and "E", in my case) substituted from other valid discs, but I need to be 100% sure if the failure point is due to the anti-piracy or the regionality control systems.  Which is why I need to do what I'm working on now.  Hence, I wish to eliminate the anti-piracy system from the picture (as I would want to leave it unaltered if I can) so that means a working 1:1 disc that I can then modify with the minor alterations.

SuperMario.

[MacDennis]

The main thrust of my development right now is to learn the entire operation capacity of the disc authentication and regionality enforcement system. 

The 'regionality enforcement system' is part of the default.xex file and of the console, I'm sure you already knew.

Then I need to differentiate between them at a level where the modifications will cause as little disruption (and obviously detectability) to the console itself.

As this is part of the xex file and the console, it would require a console kernel hack.

The whole idea is to find where the differences are, the points at where the alterations can be made, be it in firmware, in transmission, by substitution...  I have mechanisms at my disposal to achieve this - the goal is to find something that will not break too much else in doing so.

See above.

At the base of it all, however, is the need to know exactly what I have the potential to break, and the only way to be sure of that is to understand the systems involved completely.

At least the kernel. Well, that would mean the whole security system is compromised, no need for a firmware hack then.

I already have discs that have only the region bytes ("J" and "E", in my case) substituted from other valid discs, but I need to be 100% sure if the failure point is due to the anti-piracy or the regionality control systems.  Which is why I need to do what I'm working on now.  Hence, I wish to eliminate the anti-piracy system from the picture (as I would want to leave it unaltered if I can) so that means a working 1:1 disc that I can then modify with the minor alterations.

About these region bytes you are talking about. Were are these stored on the disc? A file? A (unreadable) sector? Sector header? Or perhaps part of some lower level data?

Perhaps this byte is part of a large block which is signed with M$ their secret key? Did you know that on the xbox1 you can't even use a security sector from another game to boot the disc? This because of the fact that this sector seems to be linked to the default.xex

Yes many questions again. Just wondering why you think you can circumvent the regional system by just swapping a byte?

[monkeychris]

Surely the region-coding is in the executable as it is OPTIONAL for developers to include it
If it was mandatory, it would be more likely to be based on the disc

Also, what hardware do you plan to use; supermario; for burning these 1:1's?

Also if it is a simple to change a byte/bit to swap region code, then..
I would assume that you will be required to bypass the copy-protection to break the region-coding?
because you aim to make a 1:1 copy, and to run it will be bypassing the copy protection?!

To get to the region check, the disc must first be accepted as pressed media (mediaflag)
So you need to burn media that tells the 360 it's pressed, if that was easy there would be
no reason/need for a FW patch.  If you can achieve this, it will be very interesting to read
your work and witness it's application.  Good Luck!

[SuperMario]

MacDennis:  Part of what you say is speculation...  I will offer no further comment on it, but it should be suffice to say, things are in some cases more complex, and others, far less complex on the X360. 

Sadly, I will say no more on this, as Ezekiel and I have come to the conclusion that we will not offer specific information on certain aspects of what we have discovered.  Basically, anything that can be construed as an attack simply for the purposes of allowing mass piracy, will be held back.  If a fear of Microsoft is used by others on this board as an excuse, you can cut and paste that as our reason, too.

MonkeyChris:  To sum up, Ezekiel has access to tools to create 1:1 copies of almost anything.  He also has complete access to a pressing plant with an LBR of his own design.  We have absolutely no problems with disc replication and things like "media flags" are not even an issue.

I have decided to take a break of a week from all this.  The Australian release of the X360 is next Thursday, so I will enjoy a nice week off from this until then.  Finally being able to have a number of machines and different games will remove a lot of constraints I have been up against.

Good luck to all!

SuperMario.

[monkeychris]

@supermario
so basically your solution will not be one that can be implemented mainstream / home-user.
You have some pretty good kit over there, maybe i'll come and make a few discs when im over there

[SuperMario]

MonkeyChris:

Yes, that is basically our goal. 

Just to put things into perspective for people, the reason for this is that in Australia X360 games are slated to sell for between AU$100 and Au$120 per title. 

That works out to between US$73 to US$88 per title (at current exchange rates) where as the average price in the US is US$60. 

Talk about being rorted!

SuperMario.

[chickenpie]

if you break the region code wont the cost kinda be the same after youve bought the game from a different country with the postage and all? come on admit it you want free games too...j/k

[MacDennis]

MacDennis:  Part of what you say is speculation...  I will offer no further comment on it, but it should be suffice to say, things are in some cases more complex, and others, far less complex on the X360. 

Part speculation?! Which part mr know-it-all? Don't talk between the lines! We all know the region code is embedded in the xex file. Yes it might be optional but that's not the point. If it is used then you can ONLY circumvent it by hacking the kernel. But that's not something you would like to hear.

Sadly, I will say no more on this, as Ezekiel and I have come to the conclusion that we will not offer specific information on certain aspects of what we have discovered.  Basically, anything that can be construed as an attack simply for the purposes of allowing mass piracy, will be held back.  If a fear of Microsoft is used by others on this board as an excuse, you can cut and paste that as our reason, too.

No further comment?!

You will say no more?!

Unbelievable! You say something like the following to robinsod who has contributed wayyyy more than you and has been helping out wayyy more than you on this forum and I quote:

It has nothing to do with ego, and all to do with how information is presented.  When someone posts something and leaves out (or edits out...) pertinent information, then it irks me.  A prime example is in Robinsod's first post in this thread, where he doesn't tell others which vendor command he used to do the timing on the TS drive.  Then he goes on and claims he won't discuss his Mode05/Mode07 captures

You are doing the exact same freakin' thing! 
The only difference is, robinsod and many others have actually contributed something valuable ..
You just can't stand it that all the details aren't presented to you on a plate.

MonkeyChris:  To sum up, Ezekiel has access to tools to create 1:1 copies of almost anything.  He also has complete access to a pressing plant with an LBR of his own design.  We have absolutely no problems with disc replication and things like "media flags" are not even an issue.

If it was a 1:1 copy then it would boot straight away in the first place. Well, it doesn't so that makes it a 1:0.75 copy actually. 

"Media flags not even an issue". That's speculation dude .. 

Another interesting quote ..

Just to put things into perspective for people, the reason for this is that in Australia X360 games are slated to sell for between AU$100 and Au$120 per title. 

That works out to between US$73 to US$88 per title (at current exchange rates) where as the average price in the US is US$60.

That nails it. Now I can only agree with chickenpie. You seem to be only interested in free games otherwise you wouldn't need to make such a statement .. 

I have decided to take a break of a week from all this.  The Australian release of the X360 is next Thursday, so I will enjoy a nice week off from this until then.  Finally being able to have a number of machines and different games will remove a lot of constraints I have been up against.

Who cares!? 

[burgemaster]

i check this everyday, was hoping to read more info on "Challenge Response Protocol" but now it seems just a flame war

[bourke]

Yes many questions again. Just wondering why you think you can circumvent the regional system by just swapping a byte?

Are we 100% sure the (DVD) region code of the console is not part of the DVD-ROM firmware or an EEPROM like last time?

For XBox 1 you can modify the region code by changing the region byte on the EEPROM - who has confirmed that it is different for the 360?

[MacDennis]

Are we 100% sure the (DVD) region code of the console is not part of the DVD-ROM firmware or an EEPROM like last time?

If you are talking about movies. I have not seen proof yet if it's either part of the console or the DVD-ROM firmware or both. It's easy to find out though, just log the ATAPI communication. Yes it was in the EEprom last time. There's no reason to believe it's not a part of the console anymore. Speculation: it's most probably stored in the (encrypted) flash this time amongst other settings.

If you are talking about games. The console region was in the EEprom last time. Speculation: it's most probably now also stored in the (encrypted) flash. There's no reason to believe that this setting is stored in the DVD-ROM, that makes no sense.

So, to circumvent both you would need to be able to alter your flash memory. And that would mean a complete compromise of the security of the console.

Back to the topic. The observed challenge / response protocol is only used to authenticate a disc. Give the console the response it expects and it's happy. Afterwards it will read the default.xex / default.xbe and continue the checks. And one of those checks is a regional setting check.

[Divyx]

Are we 100% sure the (DVD) region code of the console is not part of the DVD-ROM firmware or an EEPROM like last time?

IMO region coding exists in firmware, all xex files ( you gotta have standards about what you release to end users right? ) and maybe in some eeprom or other hw ( maybe dash checks it also? ).
Anyway, i just don't see how you can hack it w/o hacking deep into the system itself, altering either hw or xex files. I speculate thats not possible in near future imo.

edit and little off the topic: About flash ( dash's location ), here's the assumed file listing of the xbox360 flash as found in kiosk disc.
http://divyxblog.blogspot.com/2006/03/assumed-file-listing-of-xbox-360-flash.html
Might be from devkit ( 99% accuracy it is from devkit ). Is it similar to retail versions??

[nokaktsawa]

Quick question: are the security sectors and the CPR_MAI fields contained in game disc's interchangeable?
I mean: could you use the same data used to authenticate a particular game disc backup (obtained from SS and CPR_MAI filed of the original disc) to authenticate also any other game disc's backups?

[MacDennis]

Quick question: are the security sectors and the CPR_MAI fields contained in game disc's interchangeable?
I mean: could you use the same data used to authenticate a particular game disc backup (obtained from SS and CPR_MAI filed of the original disc) to authenticate also any other game disc's backups?

It has been observed that they are in general NOT interchangeable on the xbox1. There's no reason to believe that the story is different on the x360.

Back on topic: the challenge/response session DOES succeed correctly on the xbox1 when you use a different security sector. But the game will NOT work. Speculation: it seems that the default.xbe / game is linked to the security sector somehow. Could be because of a signature or something ..