360 FW hacked

[TheSpecialist]

Months of hard work have come to an end. The 360 FW security details were posted a few days ago already, so why not make it official It's been done.

Respect to all the people on this board who made it possible with their brilliant contributions:

Anita999, Geremia, Nayr, Bluecop, Interestedhacker, MacDennis, Phantasm, Marvin, Tiros, SpenzerX, Team Modfreakz, Fuzzylogic, Takires, loser, jasper, SMO, Groepaz, Zobyone, Jumba, Amadeus, Tser, DjHuevo, oz_paulb, DaveX, darkfly, evestu, Robinsod, Dark_Neo, Gael360, Seventhson, probutus.

Just for fun, here's a little video: http://rapidshare.de/files/15810304/360hack.mpg.html. And no, the team decided not to release a hacked FW. The security details are proof itself. The team advocates hacking, not piracy.

*EDIT*
For all sceptical ppl, here the original video: http://rapidshare.de/files/15899907/360hackORG.mpeg.html

[Dzgx216]

TheSpecialist,

     Great job!!  I'm glad to see this vid.  Wonderful choice of music...   I'd like to congratulate the entire team.  You guys did GREAT work!!

Danzig

[Arakon]

Because I just know this will happen:

flames will be deleted, repeated flamers will be banned, and if this gets out of hand, the thread will be locked or deleted.
so believe it or not, but don't turn this into a $#!t throwing fest again.

[Slack3er]

Echoing Dzgx216 reply, I would also like to say, congrat's to the team. Great Job. 

Cheers;
Slack3er

[freesixt]

nice work to the team is this for both firmwares
all involved should give there selfs a big pat on the back

[robinsod]

Thats the LG in the video. The copy protection is all about the CR protocol and it is equally applicable to both drives. I am aware of one TS owner who employed the info I posted a few days ago and got a 'result'.

Unfortunately my TS died a while ago and I only got a new one yesterday so that stopped TS dev for me until today

[rmorris003]

great work, i was looking forward to finally play my purchased copy of wrestle kingdom that i imported from lik-sang but i guess not.

[SeventhSon]

Great Job.

Ditto. It's been fascinating (and enlightening!) to watch you guys work. Thanks for sharing the security details.

[Arakon]

great work, i was looking forward to finally play my purchased copy of wrestle kingdom that i imported from lik-sang but i guess not.

you'll be out of luck with that one for a LONG time. this hack does not in any way circumvent the region protection, only 1:1 copies of games of the same region as the system work with it.

[freesixt]

Thats the LG in the video. The copy protection is all about the CR protocol and it is equally applicable to both drives. I am aware of one TS owner who employed the info I posted a few days ago and got a 'result'.

Unfortunately my TS died a while ago and I only got a new one yesterday so that stopped TS dev for me until today

please let us know of your results, hope your ts went suddenly and did not suffer r.i.p

[cdmania]

Good job guys, Just one question is the firmware hard coded just to boot PG3 , or will the hack work on any copied game?

[TheSpecialist]

Good job guys, Just one question is the firmware hard coded just to boot PG3 , or will the hack work on any copied game?

It reads a saved table from disc, so any game would boot (all you need is the responses for that specific game).
*edit* This particular version you're watching in the video loads from FW But you get the idea

[uberfry]

(all you need is the responses for that specific game).

what do you mean? it won't work with every game? or does the firmware have to be adapted to every game?

[robinsod]

The CR protocol depends on reading bytes from sectors in the place holders as well as making some timing measurements on the place holders. In the movie you'll see the laser reading data from the place holder sectors that can be replicated (response type 1-3). The Type 5 & 7 response handlers are hardcoded since we cannot replicate the bad sectors and these chalenges would fail.

This is an old movie and old firmware, a better solution is under going debugging/testing. It reads all the CR data from a writable sector and no laser movement occurs during the CR exchange. This packages all the boot data with the game on one disk and makes the hack generic

*edit*

what do you mean? it won't work with every game? or does the firmware have to be adapted to every game?

No the newer firmware is capable of booting any properly formatted disk containing matching CR data

[Oen]

Nice work. Most impressive.

[DarkYoda23]

How do you make it?

Please give Details

[TheSpecialist]

How do you make it?

Please give Details

Details are in the HW section of this site. This is a site for hackers, so the details are targeted to that audience. There are no plans to make some kind of tutorial for n00bs. Intention of this site is to get an understanding of how the 360 is protected, not to enable n00bs playing backups.

[burgemaster]

TS - does the Kiosk disk now work? just wondering how they blocked it?

[DarkYoda23]

How do you make it?

Please give Details

Details are in the HW section of this site. This is a site for hackers, so the details are targeted to that audience. There are no plans to make some kind of tutorial for n00bs. Intention of this site is to get an understanding of how the 360 is protected, not to enable piracy for n00bs.

Why piracy???
I dont make illigal copy of game

[TheSpecialist]

Why piracy???
I dont make illigal copy of game

Even then => Like said before, this site is targeted at hackers, it's not a general site like XS.