HDD Upgrade

[Alize]

Hey Guys,

I recently read the HDD hacking forums about upgrading the HDD and noticed that Paulzo said his mate bought one, although i was skeptical i decided to get in touch with the dude on ebay, i was hoping he would sell me one then id send it to you guys for diagnosis!

Here is a simplified version what has been said:
Me: I was wondering if you have any more 80GB HDD for sale?
Him: Only a naked 80GB HDD left. You can fix it into the case to use as a normal one.
Me: How would I go about doing that? When i plug in a HDD to my xbox i cant save games to it etc!
Him: How did you connect the xbox 360 console? Used professional HDD case or the third party cable?
Me: Connected external hard drive via USB, so is it possible to connect HDD up so you can save games like you can with the official xbox HDD?
Him: No, this is the same HDD like the official xbox 360 HDD. You should get a official case to cover it and put on the console or buy a third party special cable to connect HDD with the console HDD port. When you build the connection, you will find the official Xbox operating system interface on the TV screen just like the official one.

That did confuse me a bit, first he seems to say "No" you cant save games to it, then he says you can make it the same as official HDD, What do you guys think? BS?

Anything you guys want me to ask him?

Update: I asked him the following:
Sorry i found that a little confusing, so you're saying if i dismantle my xbox 360 HDD and put another larger one in, i can use it as i can the official one? As in put save games on it and downloaded content?

P.S. I tried to play dumb a little so he doesnt think im a smart arse questioning his techniques!

[Arakon]

I think he's an idiot. apparently he thinks that if you see the OS with the 80 gig HD, the HD is working. too bad the OS isn't on the HD in the first place.

[gigabite]

You guys want to see something thats really funny...this (http://cgi.ebay.com.au/4GB-Hard-Drive-for-XBox-360-BRAND-NEW_W0QQitemZ8290227523QQihZ020QQcategoryZ11319QQrdZ1QQssPageNameZWD1VQQcmdZViewItem) absolutely ridiculous.  And im not even talking about the price !!

[Alize]

OMG lol thats just sad, i would say thats the same as SCAMMING! Thats a USB HDD!!

The guy got back to me...he said:
Yes, that's what I mean. This HDD is exactly the same as the official one in your original HDD case.

So i said back to him:
Hmm I am a little skeptical about this as i follow the xbox 360 hacking scene and their are experts who are attempting to do what you say you have done but they fail to succeed in putting in a larger hard drive, if you would go go xbox-scene.com or xboxhacker.net and lookup in the HDD sections, they all say its impossible and they go to extreme lengths attempting to get a larger HDD! If you have done what you say, I assure you, you will become very famous within the hacking scene! ill be honest with you, I wanted to buy 1 so I could send it away for diagnosis to one of the experts working on it!

Hope you get back to me on this.

Thanks.

[Alize]

Update:
Hi, this HDD comes from Mircosoft. I cannot hacking scene like you said. It was said some 80G HDD were produced for Microsoft developer group. I used to have four. Two were sold on ebay and one was given to my friend in China. This is last one of them.


Ah! So he hasnt hacked them at all! Pfft, what a waster lol

Would it still be beneficial to the scene getting hold of this one? To compare the differences between the 20GB and the 80GB one?

[chickenpie]

get it.. but though paypal or something so if it turns out to be a con you should be ok

[Raven]

The retail HDD, contains it's own firmware (external from the HDD itself) which only allows a specific hard disk to be used.

Development Kits, however don't use this same "top loader" system. Instead the top-load access is a lead that connects to a small box (about the size of the HD-DVD expansion) which allows the use of 3.5" SATAII drive(s) that are easily swappable.

In order to use a new hard disk with the 360, you would need to re-flash the firmware being used so that it knows the allocation information. A low-level form of what most of us used to have to do with our old 486 (or previous) before this whole "auto-detect" crap appeared. This is because the 360 doesn't use a traditional "BIOS" as such every device has it's own extended firmware to tell the Southbridge what the heck is going on.

Imagine creating your own PC (again something people actually did about 25years back) and putting an IDE port on the board. Without a BIOS that knew what that port was and how to handle the data on it, there is no way to just plug-in a new device and expect it to just work.

I very much doubt you'll find any real larger xbox 360 hard disks on the market without them comming from Microsoft themselves.

[TheSpecialist]

I very much doubt you'll find any real larger xbox 360 hard disks on the market without them comming from Microsoft themselves.

There are 2 ways to get a bigger HD running:

1. Hack the kernel or:
2. Copy a valid signature from an original bigger MS HD. When MS decides to ship bigger HD's, we could copy the signature, paste it onto another HD and hack its firmware to report the same ID string. So if MS would ship 80 gb HD's, you could just buy any normal PC 80 gb HD, flash its firmware and use it in your 360.

But since MS hasn't shipped bigger HD's (at least not that I know of) and we're still not even close to hacking the kernel/hypervisor, there's no way to get a bigger HD running at the moment.

[a360]

There are 2 ways to get a bigger HD running:
[cut]
2. Copy a valid signature from an original bigger MS HD. When MS decides to ship bigger HD's, we could copy the signature, paste it onto another HD and hack its firmware to report the same ID string. So if MS would ship 80 gb HD's, you could just buy any normal PC 80 gb HD, flash its firmware and use it in your 360.
But since MS hasn't shipped bigger HD's (at least not that I know of) and we're still not even close to hacking the kernel/hypervisor, there's no way to get a bigger HD running at the moment.

Specialist, with all due respect oh mightyone,
Has anyone tried this theory with a 20GB M$ drive and (a smaller) 10GB clone?

[TheSpecialist]

Has anyone tried this theory with a 20GB M$ drive and (a smaller) 10GB clone?

Yes, 'Anita999' from this board has tried it and got it working (a standard 20 gb sata 'PC' HD in his x360). But it's not easy to replicate, since he used special tools to change the HD's ID string and there's no standard flasher you could use to do this. Until now, nobody has bothered to create such tool. It's not easy. The big problem is that the for modern harddrives, firmware doesn't reside completely on chip, but also (or completely) on the disk itself. Which means that if you mess up while experimenting, you can't simply reprogram a chip with hardware like you can do for the DVD's firmware for example.

And apart from that, info on programming the HD's firmware is VERY scarce on the internet. But maybe that's also a good thing, because if it would be more easy, there would probably be viruses out there that would completely wipe your HD's firmware

[exess]

Has anyone tried this theory with a 20GB M$ drive and (a smaller) 10GB clone?

Yes, 'Anita999' from this board has tried it and got it working (a standard 20 gb sata 'PC' HD in his x360).

i higlly doubt that 'Anita999' done it purely changing the HD ID string  as 360s hdd has a few partitions marked as bad by M$, makin`em not readable or even clonable...even  MBR is signed and  those "bads" adresses cannot be seen

[TheSpecialist]

i higlly doubt that 'Anita999' done it purely changing the HD ID string  as 360s hdd has a few partitions marked as bad by M$, makin`em not readable or even clonable...even  MBR is signed and  those "bads" adresses cannot be seen

To get a non standard x360 HD working you'll have to:

1) copy the 7 'security sectors' starting at sector 0x10. These contain the MS copyright logo and the ID hash
2) Mod the HDD's firmware to:
2A) Report the same drive serial number, padded with spaces to be 20 bytes long and
2B) Report the same drive firmware revision number, padded with spaces to be 8 bytes long and
2C) Report the same drive model number, padded with spaces to be 40 bytes long and
2D) Report the same sector count
all this has to match the info in the SS.

You can try this very easily if you have access to a tool like PC3000 (most people won't have this however, since this tool costs over $10,000, but Anita999 has access to it).

I recently (mainly after making my previous post in this thread) started thinking that it might be fun to create a tool to mod a cheap SATA drive (you can buy a new one for under $40) so you can use such a cheap drive in your x360 instead of the relatively very expensive MS HDD. However, info on HDD modding is VERY VERY scarce. The few people that DO know their stuff are not willing to share their info (the ppl behind PC3000 charge over $10,000 for their software, so obviously there's good money to be made here and there's not much interest to help others unfortunately and some other 'guru's' post messages on the HDD forums like "hey i had to invest hundreds of hours myself, why would i give you that info freely so you can learn it within 1 single hour"). In short, the HDD 'scene' is clouded with mist ...

I didn't know ANYTHING about the HDD's firmware, so I started researching, re-ing and analyzing myself and published my work uptill now, if you're interested, you can read it at:

http://forum.hddguru.com/newbie-info.-from-and-for-newbies-..-about-firmware.-sa.-etc-vt6562.html?sid=8ccf3ad59c0e2ad0cd919d91646d2851

[Schtrom]

Thanks for sharing this info, very interesting stuff! I would like to see more such threads, cause I wanna learn how things work and also don't want to spend days of researching the net.

[TheSpecialist]

Thanks for sharing this info, very interesting stuff! I would like to see more such threads, cause I wanna learn how things work and also don't want to spend days of researching the net.

There's just no info at all out there, but I'm working hard on RE-ing stuff, hope to be able to release a tool to up to 120 gb in the 'near' future

[Makalai]

What about the tools from the harddisk itself, f.e. PowerDiag, SeaTools etc. Can't they tell us anything about the possibility of writing info to the disk(firmware)?

I know these tools can defect the disk even if the BIOS doesn't recognize the disk... sometimes it even can 're-certify' the disk, it means it can make a (low-level) connection and that is what we need, don't we?... Maybe it writes back some data to the hdd-firmware?

[Schtrom]

I think the easiest way would be to reverse a tool like PC3000 and look into the vendor specific cdb commands. So we would know what commands have to be send to the drive. I think TS would exactly do that. The prob is that it seems like every harddisk, even the different types of one manufacturer, have other supported commands.

There's just no info at all out there, but I'm working hard on RE-ing stuff, hope to be able to release a tool to up to 120 gb in the 'near' future.

Sorry for the beginner question: Do you have a signature of an 120 GB MS hdd or do you copy the 20 GB signature and only use 20 GB of the 120?

[TheSpecialist]

What about the tools from the harddisk itself, f.e. PowerDiag, SeaTools etc. Can't they tell us anything about the possibility of writing info to the disk(firmware)?

Yes, tools like this contain the needed commands to write to the SA, but like Schtrom notes, these commands vary from drive to drive and you won't find support for the latest 2,5 SATA's at the moment I'm afraid ....

I know these tools can detect the disk even if the BIOS doesn't recognize the disk... sometimes it even can 're-certify' the disk, it means it can make a (low-level) connection and that is what we need, don't we?... Maybe it writes back some data to the hdd-firmware?

Correct. You have to put a drive into 'safe mode'. When it is running in safe mode, it skips its own firmware and waits for the user to upload a temporarily firmware to RAM. And when that one is running, you can send ATA's again of course. However, the problem is that also the procedure to put a drive into that safe mode, varies from drive to drive and again, info is not 'in the open'. Some drives you can put into safe mode by just setting some jumpers, others you have to make a 'serial connection' to the HDD and again others you can put into safe mode by a special ATA with a 'special' device, that PC3000 supplies.

I think the easiest way would be to reverse a tool like PC3000 and look into the vendor specific cdb commands. So we would know what commands have to be send to the drive. I think TS would exactly do that.

It's quite ironic: these guys from PC3000 are hardcore hackers themselves Whenever a new model HDD comes out, they rip its firmware and start analyzing the command handler to see what 'vendor specific' ATA's it can accept. Problem is that the CPU's (so called 'system on chip') are rather exotic (you won't see a 8051 based CPU for example, hehe), my guess is that they've build their own disassemblers. I think that's the mean reason you won't find such company like this in west Europe/USA: it's kinda 'shady' => reversing firmware code to build your own tool to sell for big money, hehe

Do you have a signature of an 120 GB MS hdd or do you copy the 20 GB signature and only use 20 GB of the 120?

MS is said to release a 120 GB HDD soon, so we can use that signature

[drunkn_munky]

All this information is very interesting, and it's great to see some people are working on it.

[Makalai]

I have done some google searching and found some interesting info about the hdd-firmware etc. It's mainly about removing the (ATA)password from the harddisk, but maybe this information can help us get into the drive (safe-mode) to work on the firmware (writing).

it is a bit old... but maybe it can help us. Like I said, it is about unlocking harddisk (Fujitsu, Toshiba, Hitachi) which have become password-protected.

They say about the locking:

"The disk lock is a built-in security feature in the disk. It is part of the ATA specification, and thus not specific to any brand or device.
A disk always has two passwords: A User password and a Master password. Most disks support a Master Password Revision Code, which can tell you if the Master password has been changed, or it it still the factory default. The revision code is word 92 in the IDENTIFY response. A value of 0xFFFE means the Master password is unchanged.
A disk can be locked in two modes: High security mode or Maximum security mode. Bit 8 in word 128 of the IDENTIFY response tell you which mode your disk is in: 0 = High, 1 = Maximum.
In High security mode, you can unlock the disk with either the user or master password, using the "SECURITY UNLOCK DEVICE" ATA command. There is an attempt limit, normally set to 5, after which you must power cycle or hard-reset the disk before you can attempt again.
In Maximum security mode, you cannot unlock the disk! The only way to get the disk back to a usable state is to issue the SECURITY ERASE PREPARE command, immediately followed by SECURITY ERASE UNIT. The SECURITY ERASE UNIT command requires the Master password and will completely erase all data on the disk. The operation is rather slow, expect half an hour or more for big disks. (Word 89 in the IDENTIFY response indicates how long the operation will take.) "

you can find the info and program for unlocking at http://www.rockbox.org/lock.html




another program for unlocking the password (with software and a adapter)
http://www.hdd.profesjonalnie.pl/to.php

[jimmsta]

The 360's hard drive is not locked with a password. What the 360 looks for, upon boot up, is the ModelID of the hard drive, as well as a bootsector (and the microsoft image).

The only way to modify the ModelID is to modify the firmware on the hard drive controller. As far as I can tell, there's no easy way of doing that. HDDGuru's forums are a great resource, and may shed light on this subject a bit better.