The reason i raised this query originally was because of TheSpecialists query about the need for DL discs in another thread.
Since i though he managed to get a 360 hack working I assumed that it was possible to do the hack with SL discs.
Now im really curious. Is it possible to get a 360 hack working on SL discs? Has anyone managed it?
The very first xbox 1 hack (not 360 hack) that I made, worked on SL. I created it that way, because I didn't had any DL discs at home when I wanted to test it, hehe
Haven't tested it for the 360 but I really can't think of a reason why it wouldn't be possible on the 360 to get it working on SL (as long as the game data fits on SL of course
the image has the correct size, but there's large areas of 00, while in a proper rip of the same game those areas will be filled with (I am guessing) the placeholder "garbage" data.
the reason to do that would be to achieve a higher compression when raring them up.
My best guess would be that this large blocks of 00 are due to a bad rip. The release team couldn't test the ISO at the time they released it
Now, about the placeholders, we are 100% sure that the only reason they CURRENTLY are being used are for retrieval of the responses. One hack we did skipped ALL disk reading (laser showed no movement during disc authentication), we just fed the FW the responses and it worked perfectly.
If someone is interested in making the 360 compatible with SL discs, here's again *ALL* the relevant information: After disc insertion, the drive first checks if the disc is a DL DVD-ROM. If this is not the case, it will skip everything (it won't even bother reading the SS, which is logical, since it's on layer 1 normally
) So, you'd have to kill that check (make it accept SL DVD-ROM too, or even better, make it accept DVD+R, DVD-R too). There are 2 ways to find that check. First one is to trace backwards from the SS reading routine. This is the actual way I did it for the xbox 1. You'll want to find that piece of code that ALWAYS gets executed after disc insertion, regardless of disc type. What I used, was a simple 'jmp to itself' instruction, to see if a part the 'upper routine' gets executed (with 'upper' routine i mean the routine that calls the code you are looking into). If the drive hangs, you know that it executed your instruction
Yes, it's a pretty boring way to figure it out (flash, reboot, flash reboot etc) hehe, but it is also simple. So, tracing it backwards will lead you to that check (and finally the drive will 'hang' after insert of both DL DVD-ROM's and other media, meaning you have found what you were looking for
The second method would be to trace it 'forward'. Find the routine that reads the "real" PFI, since this contains of course the disc type. Trace the mem location where the disc type is stored trough the code and find the part where it checks that info.
After you killed the check, you'll want to kill the 'unlock' routine. Why ? Because if the drive is unlocked, it will use the PFI from the SS and you don't want that (because it is signed and you can't change that PFI).
It goes without saying that you'll need to have the SS on layer 0. First time I patched the disc type check, I hadn't relocated the SS (i had saved it to FW and hadn't killed the SS disc read routine) and man ... The sound that your drive will make when it tries to read the second layer on a disc that only contains 1 layer... That sound is REALLY scary
It sounds like your drive is fighting against a slow and painfull dead and it sounds like it is losing that fight, hehe
Anyway, that's about it ! Happy hacking !