360 FW hacked

[MacDennis]

sorry just went through some threads, but couldnt you guys try the flasher since you can reprogram the chip if it F's up you could always reprogram it right?

Which flasher? Which chip?

[Helltick]

The MN10200..(mat$#!ta) is hacked using a chip pictured below...
This chip also attacks the dvd-drive FW of the GC!



You would think once this FW is wild we can use this same approach...perhaps even with the above mentioned chip?
At $15 we might just modify our x360 dvd-drive with a gamecube modchip?
Wouldnt that be fun.

Later.

[INSANE GAME]

Congrats on your hard work and your accomplishments.

Keep up the great work.

[uberfry]

i know this might sound a little stupid, but the fw stores a key, right?
anyone think it's possible to just bypass the key check? (i know, it won't help us play backups, but that way at least we can replace dvd drives in future)

ignore this if it has been accomplished already

[pablot]

no, because the key is sent back to the console where its checked.. but if you have the original key you can just put it in the firmware you want to use

[uberfry]

ah, so the console does the comparing...
i thought the console would send the key to the drive, the drive compares the keys, then send an "OK" signal

[pablot]

form the wiki:

Speculation

It is believed believed the unique 16 bytes key is used in the following procedure:
  * At console start, console creates random data.
  * Console sends the random data to drive by using a mode select command.
  * Drive uses it’s own key and the random data to create a new session key.
  * C Both console and drive now use this session key to encrypt/decrypt further authentication related x360 communication.

[evestu]

also they may have lock the system down to the drive they issue the console with

so bios on the 360 will only pick up the drives they have put on the list of excepted devices for dvd rom

so i dont think just changeing the key would work, you would have to make the drive look the same as the one you replace

other wise you would mabe be able to connect a hdd to the dvd sata port(useing a ide to sata converter) run a emu on the drive or make the drive look like a lg dvd rom  (but this is a thought )

also Speculation

[XsTatiC]

For those not wanting to indulge in technical discussion and are here for 'we want it' ( though there have been fewer lately ) comments, I would suggest the Team Xecutor forum dedicated to the FW hack located here:
http://www.teamxecuter.com/forums/forumdisplay.php?f=69

Although I haven't looked at the forum they seem to be much more lenient towards non-topical questions.  "Please ask any questions you like and give any input that you see fit."  bleh... sounds like a breeding grounds for kiddie critiques imo... but to each their own.

Also, as a side note, their home page has a new post.
"We have made some progress when connecting the Xbox360 DVD ROM to a PC - reading the firmware and then writing back to it. Our goal is to make this plug and play - as simple as possible that anyone could do it with no fuss - and without any great expense.

We have a couple of products lined up to make life incredibly simple for the DVD drive modder - one of which will (in our opinion) be the "tool of choice" in the near future."

I don't really think that's a surprise to anyone.  In fact that's on the same line as "tonight the sun will set", but there you have it.

Later.

[n8thegr8]

Surely someone else has thought of this, but I found a utility on samsung's site that is a universal firmware flasher for toshiba/samsung drive that just reads in a bin file, then flashes it to the drive. If it works for all their other drives, why not for the 360? it's worth a try if no one has already. Here's the link: http://www.samsungodd.com/KorLib/File/sfdnwin.exe. Looked for one from hitachi, but not as hard, cuz the one I have is a Samsung I hope this works! I seriously am gonna open my xbox now and try to get it working. Also, I'm hitting my head against a wall trying to find how to dump the firmware/key from the t/s drive. Do you still use plscsi? If so, do you use the same commands as the hitachi? I'm assuming they would be different, but I can't find them anywhere. Thanx!

[RaNa]

i dont know much about this but if guys can do all of this what is stoping u from maken sign the dvds ur self like MS sign there dvd?

[chaos]

the DVDs are not signed, they are just a special booktype, like a CD-R tells a drive that it's a CD-R, the 360 DVDs tell the drive that they are 360 DVDs (a normal DVD would say it's a "DVDROM", the 360 DVDs say something like "XBOX360DVD") - and that's the problem, all(?) games for the 360 have a special flag which tells the console that they may only be run from such a 360 DVD, and only from that - if you put them on a DVD-R even without changing anything, they obviously won't work anymore

so you could say, hey let's just change that flag to allow the games to be played from DVD-R, too! but that where the signing comes in, you'd have to modify the game and that would break the signature, even i you'd set the media flag to allow the game to be run from any media, it wouldn't work because the signature isn't correct anymore ... so THEN you'd have to sign the game (or rather the .xex) again, and that's something _only_ microsoft can do - period.

[xDREAM]

the DVDs are not signed, they are just a special booktype, like a CD-R tells a drive that it's a CD-R, the 360 DVDs tell the drive that they are 360 DVDs (a normal DVD would say it's a "DVDROM", the 360 DVDs say something like "XBOX360DVD") - and that's the problem, all(?) games for the 360 have a special flag which tells the console that they may only be run from such a 360 DVD, and only from that - if you put them on a DVD-R even without changing anything, they obviously won't work anymore

so you could say, hey let's just change that flag to allow the games to be played from DVD-R, too! but that where the signing comes in, you'd have to modify the game and that would break the signature, even i you'd set the media flag to allow the game to be run from any media, it wouldn't work because the signature isn't correct anymore ... so THEN you'd have to sign the game (or rather the .xex) again, and that's something _only_ microsoft can do - period.

You obviusly dont know what ur talking about, the games are all signed. The "protection" is in the security sector. And you can't resign a game EVER maybe if a miracle happens and someone gets the private key.

[legman]

kind of a pointless hack but congrats anyhow, and kudos for not releasing.

It would only benefit pirateers and ultimately harm the consumer due to lost revenue for developers.. its shocking however from reading some comments that people dont seem to understand this.

just thinking from a ms point of view they obviously must have pre-empted this type of modification in the planning and design stage, it would be intersting to see what course of action they would take if a n00b friendly tool allowed this firmware mod and thus a flood of 'backups' where being used.

im no 'technical' expert but im sure they would have in place some firmware modification detection process via live and possibly reflash to re-enable there account.. a more obvious sign would be the sheer volume of games in the users live profile being used.

more interstingly with a recent spate of legal cases starting to appear against end user piracy ( RIAA etc. ) i wounder what extent they would go to stamp out / discourage piracy on its new console.. with the live profile and billing being tied to a physical postal address it would be easy to identify those end users of 'backups'... thoughts ?

Wrong! If you gamed at all you would know that your own disks get scratched and ruined. Either you do not game or you only steal yourself. There is another valid reason for the copies working. Understanding the technology also helps us to protect ourselves from corporations.

[MacDennis]

ah, so the console does the comparing...
i thought the console would send the key to the drive, the drive compares the keys, then send an "OK" signal

Incorrect. Console AND drive have the same key. This key is used to encrypt communication between console and drive. If you change the the drive then this communication will fail because the console doesn't know that you changed the drive. Consone and drive both 'share' this secret key, used in communcation.

[MacDennis]

the DVDs are not signed, they are just a special booktype, like a CD-R tells a drive that it's a CD-R, the 360 DVDs tell the drive that they are 360 DVDs (a normal DVD would say it's a "DVDROM", the 360 DVDs say something like "XBOX360DVD") - and that's the problem, all(?) games for the 360 have a special flag which tells the console that they may only be run from such a 360 DVD, and only from that - if you put them on a DVD-R even without changing anything, they obviously won't work anymore
so you could say, hey let's just change that flag to allow the games to be played from DVD-R, too! but that where the signing comes in, you'd have to modify the game and that would break the signature, even i you'd set the media flag to allow the game to be run from any media, it wouldn't work because the signature isn't correct anymore ... so THEN you'd have to sign the game (or rather the .xex) again, and that's something _only_ microsoft can do - period.

Once again. Booktype or mediaflags aren't part of the security / authentication system. A challenge / response authentication protocol which can identify a genuine x360 disc is ..

[n8thegr8]

Could anyone point me in the direction of someone who is working on the toshiba/samsung so I can see if maybe they are interested in my idea then?

[darkfly]

Try it yourself and report back.

BTW this thread should probably be closed, its kinda getting off topic dont you think?

[n8thegr8]

I'll try as soon as I can figure out how to dump the firmware from the toshiba without ruining it with my crap soldering skills, lol

[linked]

ah, so the console does the comparing...
i thought the console would send the key to the drive, the drive compares the keys, then send an "OK" signal

Incorrect. Console AND drive have the same key. This key is used to encrypt communication between console and drive. If you change the the drive then this communication will fail because the console doesn't know that you changed the drive. Consone and drive both 'share' this secret key, used in communcation.

just an idea if possible ?

Would it be possible to remove the key locking the drive to the console, making it possible to be able to use the drive on any other console or is this part of the check performed on bootup and needed to run ??
cheers.