hacking DVD firmware ?

[dirtysanchez]

cja100... have you tried using a SATA to ATA adapter to connect the XBOX360 drive to a normal ATA port? It's worth a shot.

[amadeus]

Then i ducktaped the entire area : and the game still run

conclusion : this BCA area is not used!

I am not complely convinced yet, as the BCA is only a few square microns, and on this picture are there several uncovered square micron areas, that the laser could pick up.

Could you carefully cut out one piece of ducktape in a circle of diameter 45mm and 15mm hole in the middle? Please 

I think the result of this experiment is of fundamental importance, so we can't be too careful.

[MacDennis]

It's not 'hot swappable' in the technical sense, i.e. electronically safe to plug and unplug while running. Modern OS's however don't need the info in the BIOS to enumerate drives, it's only necessary for the bootdrive.
Other drives can be marked 'Not available' in the BIOS and the OS will still pick it up. The 'Rescan Disks' option in Disk Management (or the "Scan for hardware Changes" Deviate mentioned) usually suffice to let the OS recognize it.

I tried this method with my Philips XBOX1 drive. Couldn't get WindowsXP to recognize it. Only the BIOS recognizes it. Picked up a LG 8163B today to play with. 

That's too bad, the Philips is really my favorite FW Did you try it with Linux ?

I finally had some time to try my Philips drive with Linux. It works!!
I had it connected to my primary controller as a slave. I used the SLAX boot cd, link was posted earlier in this thread.

After boot I tried:
ls -l /dev/hd*
The device hdd (secondary controller, slave) was not listed.
Then I did:
mkdir /mnt/xbox
mount -t iso9660 -o loop /dev/hdd /mnt/xbox
I got a message saying something like 'medium not present'. So, I inserted my Halo XBOX1 original disc then tried it again:
mount -t iso9660 -o loop /dev/hdd /mnt/xbox
cd /mnt/xbox
ls -al
Succes! The video partition was available.
Now we need a linux port of the unlocker, just for fun. 

And whatever I try, I can't get it work under WindowsXP.

[cja100]

cja100... have you tried using a SATA to ATA adapter to connect the XBOX360 drive to a normal ATA port? It's worth a shot.

no, i dont have one

[cja100]

ok now how to a specify filesystem type on this

oot@slax:~# mknod /dev/sda b 1 2
mknod: `/dev/sda': File exists
root@slax:~# mkdir /mnt/xboxx
mkdir: cannot create directory `/mnt/xboxx': File exists
root@slax:~# mount /dev/sda /mnt/xboxx
mount: you must specify the filesystem type

[MacDennis]

ok now how to a specify filesystem type on this

oot@slax:~# mknod /dev/sda b 1 2
mknod: `/dev/sda': File exists
root@slax:~# mkdir /mnt/xboxx
mkdir: cannot create directory `/mnt/xboxx': File exists
root@slax:~# mount /dev/sda /mnt/xboxx
mount: you must specify the filesystem type

The default filesystem is a normal iso9660 filesystem, the 'video partition'. The video which says 'to play this disc, put it in a xbox360 console'.
This is the command I used for a XBOX1 drive in Linux: mount -t iso9660 -o loop /dev/hdd /mnt/xbox 
Your command should be: mount -t iso9660 -o loop /dev/sda /mnt/xboxx

[amadeus]

Succes! The video partition was available.

Great! 

Can you try and run this command before and after you have mounted the device:?

Code:

fdisk -l /dev/hdb

It will print sizes of all partition(s).

[cja100]

ok now im really stuck


root@slax:~# mknod /dev/sda b 1 2
mknod: `/dev/sda': File exists
root@slax:~# mkdir /mnt/xboxx
mkdir: cannot create directory `/mnt/xboxx': File exists
root@slax:~# mount -t iso9660 -o loop /dev/sda /mnt/xboxx
mount: wrong fs type, bad option, bad superblock on /dev/loop9,
       missing codepage or other error
       In some cases useful info is found in syslog - try
       dmesg | tail  or so

has anyone been able to get the 360 running in linux and has anyone else tried these commands?

[Obiwantje]

It seems that finally other sites are picking up on the discoveries in this thread, and the unlocker software that TS released!

PS2NFO and xbox-scene are post posting news on their frontpages about it

This can be good news if some of fellow hackers are joining into this conversation.

TS: Maybe it is a good idea to make a new post which gets edited with the latest status each time there is a new major discovery, so that we don't get to answer all Q's over and over again once new people start reading these 21 pages.

http://www.xbox-scene.com/xbox1data/sep/EEFyppkZuyOeEXGGvX.php
http://www.ps2nfo.com/forums/showthread.php?t=7722&goto=newpost

[MacDennis]

ok now im really stuck

root@slax:~# mknod /dev/sda b 1 2
mknod: `/dev/sda': File exists
root@slax:~# mkdir /mnt/xboxx
mkdir: cannot create directory `/mnt/xboxx': File exists
root@slax:~# mount -t iso9660 -o loop /dev/sda /mnt/xboxx
mount: wrong fs type, bad option, bad superblock on /dev/loop9,
       missing codepage or other error
       In some cases useful info is found in syslog - try
       dmesg | tail  or so

has anyone been able to get the 360 running in linux and has anyone else tried these commands?

Try this ..
- Put XBOX360 disc in drive
- Reboot SLAX
- mkdir /mnt/xboxx
- mount -t iso9660 -o loop /dev/sda /mnt/xboxx

I noticed that this thread has been mentioned on xbox-scene.com, small reminder for the new people: topics in the XBH technical forums are for technical discussion only, not speculation or questions, everything you need to know has already been discussed in this thread.

[MacDennis]

Succes! The video partition was available.

Great! 

Can you try and run this command before and after you have mounted the device:?

Code:

fdisk -l /dev/hdb

It will print sizes of all partition(s).

I had some time to try your request ..
Philips XBOX1 drive was connected to secondary controller as a slave (hdd).

fdisk -l /dev/hdd :
Note: sector size is 2048 (not 512)
Disk /dev/hdd: 14 Mb, 14319616 bytes
255 heads, 63 sectors / track, 0 cylinders
Units: cylinders of 16065 x 2048 = 32901120 bytes
Disk /dev/hdd doesn't contain a valid parition table

Exactly the same output is generated after mounting the XBOX1 drive.
Please note that the error message about the partition is also displayed when you try the command on a normal PC drive with a normal CD-ROM in it.

I also noticed that a device was present in /mnt/hdd_cdrom, but entering this directory gave an empty file listing.
I then simply did: mount /dev/hdd and the XBOX1 disc was accesible under /mnt/hdd_cdrom, I could browse the complete video part, not the game part ofcourse.
So, you don't always need to specify special options when trying to mount a XBOX1 drive. I used the SLAX linux live boot cd by the way.

Right after logging into SLAX, I checked /etc/fstab. The following line was listed:
/dev/hdd /mnt/hdd_cdrom iso9660 noauto,users,exec 0 0

Can anyone compile a linux program for the i386 platform? If so, PM me.

[cja100]

it doesnt work because it isnt in dev until i do " mknod /dev/sda b 1 2" & and maybe "mkdir /mnt/xboxx"


root@slax:~# mknod /dev/sda b 1 2
root@slax:~# mkdir /mnt/xboxx
root@slax:~# mount -t iso9660 -o loop /dev/sda /mnt/xboxx
mount: wrong fs type, bad option, bad superblock on /dev/loop9,
       missing codepage or other error
       In some cases useful info is found in syslog - try
       dmesg | tail  or so

[Disabled]

A made a Error here, by Inserting the disc to early, before the material was dried. But a very strange pattern apeared on my disc afterwarch :
 Each Line you see in this picture starts exactly at a bar code area gate :
 - uploading the picture somewhere-

I guess the lines you are seeing is just the paint you applied pushed away due to the rotation force (I'm no native, I have no idea what it is in english). Imagine, the drive makes some 1000 rounds per sec...

[jumba]

[quote

And whatever I try, I can't get it work under WindowsXP.

Sammy drives are derived from the pc cousins. The 605b has two lasers as the 616f & t models do. Yet 605f drive has only one laser a red one consequently it cannot read cdr's. The philips drives are just cd roms warmed up...... the lasers are infared which is a cd rom characteristic the f/w code is xbox specific. Another drive, is the xbox_one by lg; this one is very similar to gdr 8163b. However, the lg has same problem as the 605f has; it only has a red laser. To make modded gdr 8163b read cdr's resistors are added to the laser circuitry in an attempt to fool the infared to turn on. This is a questionable hardware solution!

[thecheekymonkey]

this is just a thought, and maybe i`m completely way off here (was thinking about it before i went to sleep lol)

if say we unlocked the drive in a PC (xbox1 drive and with it still powered) and then swapped out the ide lead for one connected to an xbox (unmodded) and powered on the xbox, would this not load a backup up??


sorry if this is wrong, just a thought. 

[smo]

Ok, here's a version of the Xbox DVD unlocker for Linux.

You'll need OpenSSL to compile it (for a RPM based distro, that's the openssl-devel package). To compile, run:

Code:

# tar xfvz unlocker.tar.gz
# gcc -o unlocker unlocker.c -lssl

To unlock the DVD drive, run (replace /dev/hdd with the your Xbox DVD device (to find it, use dmesg)):

Code:

# ./unlocker /dev/hdd

To verify the drive unlocked properly, run:

Code:

# dd if=/dev/hdd bs=1 count=20 skip=65536 2>/dev/null
MICROSOFT*XBOX*MEDIA

I placed the code under the GPL. I hope that's ok with you, TheSpecialist? Hopefully it'll become a part of the kernel, so discs will auto unlock (Xboxdvdfs support would be nice too ).

Download from here (to download, scroll down and click Free, then enter the shown code and then you'll have to wait a few secs and then click the download link):
http://rapidshare.de/files/10178113/unlocker.tar.gz.html

Update: Apparently there's still a problem that Linux doesn't like to pick up a "media change" (since that's what it'll seem like) without a UNIT ATTENTION sense key. I'll have to figure out a way to trigger it So the unlocker might not work properly yet. Stay tuned.

[amadeus]

it doesnt work because it isnt in dev until i do " mknod /dev/sda b 1 2" & and maybe "mkdir /mnt/xboxx"

Perhaps the major and minor numbers are wrong, or should be left as default?

Please try:

Code:

mknod /dev/sda b
mkdir /mnt/xboxx
mount -t iso9660 -o loop /dev/sda /mnt/xboxx

[wacko911]

I'm not sure if this has been mentioned before, and I didnt fancy reading 22 pages of posts, but:
If we crack the DVD firmware, then all M$ has to do is install copy protection in the XBX & Disc - Just like you find in a normal retail PC games. The Signed XEX would say look for certain bad sectors on the disc which a normal DVD writer cannot create and if they are not present then the copy protection kicks in, as it knows its a copied disc and not an original.

There would be no way round this as you would have to change the XEX, which is signed. Thus any DVD firmware hacks would be of a very limited life span.

Feel free to correct me if im wrong - its my first post.

[TheSpecialist]

There would be no way round this as you would have to change the XEX, which is signed. Thus any DVD firmware hacks would be of a very limited life span.
Feel free to correct me if im wrong - its my first post.

We are aware of XEX checks that might cause problems. To get a disc authenticated by the kernel is pretty easy, we don't have to deal with bad blocks or the  security data, just let the FW decrypt the challengereponse and let it use that info to come up with the correct responses (that is, if the 360's authentication is done pretty much the same way of course)

However, it is indeed pretty easy to detect this hack and to beat it from within the XEX. Therefore, we need to copy all the security data that's possible and if some block are bad, we just have to save it to a table and let the FW use this so it 'knows' which blocks it should report as 'bad'.  We need to save all info to disc that the FW needs to make a perfect 'representation' to the xbox of an 'original' disc FW modification to do this all is going to be the hardest part in this hacking adventure, but there are a lot of smart people here on XBH, we'll get it done

Happy new year everybody !

[Tiros]

I'm not sure if this has been mentioned before, and I didnt fancy reading 22 pages of posts, but:
If we crack the DVD firmware, then all M$ has to do is install copy protection in the XBX & Disc - Just like you find in a normal retail PC games. The Signed XEX would say look for certain bad sectors on the disc which a normal DVD writer cannot create and if they are not present then the copy protection kicks in, as it knows its a copied disc and not an original.

There would be no way round this as you would have to change the XEX, which is signed. Thus any DVD firmware hacks would be of a very limited life span.

Feel free to correct me if im wrong - its my first post.

An excellent point and that is why I think this avenue will ultimately lead to a dead end. The firmware mods will be RE'd by MS and any "popular" scheme will be quickly defeated. It might not be bad blocks, it could be ANY kind of check to see if the drive reacts differently in ANY way compared to stock. This method will never allow unsigned code to run, and as you said the XEX is signed, so you can't "patch out" new checks. New firmware for different discs is not practical.  Additionaly if the DVD firmware is signed in some way, (and I'll bet it is since we know each drive has different FW), with the secret keys on die, there is little hope of modification. IE: if you need to re-encrypt ANY part (maybe the checksum data?) of the drive rom with the secret keys you are screwed. We know the drives are "married" to the motherboard. Would one really think this marriage occured without the use of the "secret" keys and the firmware checksum?