Topic: Xbox360 DVD Firmware Hacked - Video (Read 2611 times)

Xbox-Scene · « **on:** March 18, 2006, 11:03:00 AM »

Xbox360 DVD Firmware Hacked - Video-- Posted by XanTium on March 18 12:27 EST
As you know TheSpecialist and his team were working on a modified firmware for the Xbox 360. He already managed to make one for the original Xbox a while ago, and he announced this method was highly likely possible with the Xbox 360 too. From TheSpecialist on xboxhacker.net:

Quote

Months of hard work have come to an end. The 360 FW security details were posted a few days ago already, so why not make it official :-) It's been done.

Respect to all the people on this board who made it possible with their brilliant contributions:
Anita999, Geremia, Nayr, Bluecop, Interestedhacker, MacDennis, Phantasm, Marvin, Tiros, SpenzerX, Team Modfreakz, Fuzzylogic, Takires, loser, jasper, SMO, Groepaz, Zobyone, Jumba, Amadeus, Tser, DjHuevo, oz_paulb, DaveX, darkfly, evestu, Robinsod, Dark_Neo, Gael360, Seventhson, probutus.

Just for fun, here's a little video:

And no, the team decided not to release a hacked FW. The security details are proof itself. The team advocates hacking, not piracy.

What is this? A bit more info...
The hack is a modified firmware of the Xbox 360 Hitachi-LG GDR-3120L DVD-ROM drive (the security in the Toshiba/Samsung TS-H943 is said to be similar, so it's probably also possible with this drive ... but it does require it's own hacked firmware of course).
As you (should) know, all Xbox 360 executables (XEX files) are signed by Microsoft (with a private key only MS has). This means that if you try to change anything to the XEX file, the signature will be wrong and the file will not boot.
Now ... to protect from booting an exact copy of a game from a DVD-R or other recordable media, microsoft gave each XEX file a 'mediaflag'. This mediaflag tells the Xbox 360 from which media (cd-r, dvd-r, dvd+r, dvd-rw, hdd, dvdxbox, dvdxbox360, ...) the XEX is allowed to boot. Changing this mediaflag in the XEX header is not an option as it'll break the signature of the file (see above), so ... what's done in this firmware hack is 'break' the detection of the disc.
Retail games usually get a mediaflag where they only allow 'dvdxbox360' (Xbox 360 discs - different than a normal DVD because it has some specific bad sectors and special info in lead-in/out that can't be written with a standard dvd burner). The modified firmware will trick the DVD drive into reporting a DVD-R (or other) as a DVDXBOX360 to the Xbox 360.

How can you do this?
Well, right now you can't. The firmware has not been released to the public because it would mostly be used for piracy and that's not what this team wants (unlike the original Xbox hack this can't be used (atleast not directly) for homebrew and linux fun). But the research done by these guys is public as you can read their discussions of the last few months on the xboxhacker.net forums, so people with good assembly experience should be able to duplicate this hack.

If the firmware was released, what would it mean?
Right now the Xbox 360 DVD firmware can't be flashed via PC (and for us, end-users, even less directly by the Xbox 360 itself (Microsoft could probably flash the drive from Xbox360 tho)), because there's no software to do this. Of course, drivers and flashing software for Xbox360 DVD drives could probably be written (and some people have been working on this), but so far this has not been done (atleast not publicly).
So, that means you'd have to open your Xbox 360, open your DVD drive and desolder the chip where the firmware is stored on.
Each Xbox 360 DVD drive has a unique key, if that key doesn't match what your console is expecting your DVD drive will not work.
So next you will need to read your current firmware chip with special hardware (flash programmer), to find your unique DVD 16 byte key (stored at 0x4F00). Then you'll have to insert this key in the modified firmware (or patch your original firmware) and program this modified firmware back on the firmware chip. Then put the firmware chip back in the drive, close DVD drive and Xbox 360 and I guess you're done.
As said above the hack would allow you to run MS-signed and unmodified XEX files only, so that also means the game must be of right region (as changing the regionflag in the XEX header would break the signature). Unsigned, homebrew executables would of course not work, again because signature check would fail.

LIVE and Updates ...
Can you go on LIVE with this hack? Well the firmware isn't released, so noone can try, but I'd guess it would work yes. The Xbox 360 itself is fully in 'normal state', nothing is modified to the Xbox 360 itself, it just gets 'wrong' info from the DVD drive. Of course if you start modifying non-signed files (like textures, ini files, ...) in order to cheat on LIVE or so MS could easily check for that.
Can Microsoft stop this firmware hack with forced LIVE updates? They could probably try detect a basic modified DVD firmware, but anything the Xbox 360 asks to the DVD drive goes via the DVD firmware, and if the firmware is 'open' in the hands of the hackers the firmware can probably each time be modified again to give the reply that the console expects. Microsoft could maybe do more with a HW security update ... but I'll let them analyse that.

(Note that all info above is based on all stuff I read ... if I made any mistakes, let me know)

*UPDATE* A next-day follow-up news post about this hack is available here.

News-Source: xboxhacker.net
Download Firmware: illegal and not released (see above)
Download Video: here[youtube], here[rapidshare.de], here[xbox-scene]

deakphreak · « **Reply #1 on:** March 18, 2006, 11:12:00 AM »

Sweet, i wonder what will come out of this if anyone else can replicate it and get the info out to others.

snowcrash8 · « **Reply #2 on:** March 18, 2006, 11:15:00 AM »

impressive

This post has been edited by snowcrash8: Mar 18 2006, 07:15 PM

jisboss · « **Reply #3 on:** March 18, 2006, 11:17:00 AM »

Very nice.
you guys are impressive.

feflicker · « **Reply #4 on:** March 18, 2006, 10:42:00 AM »

I can't believe anybody would spend months to hack it, just to sit on it. I like hacking as much as the next guy, but that just seems like a waste of life to me... Post some "hints" or something, FTLOG.

Ces2k3 · « **Reply #5 on:** March 18, 2006, 11:21:00 AM »

WHILE IMPRESSIVE, in a sence as we can make back ups, but i think its not worth the trouble to hack it just for this. hopefully this will inspire more people to hack it so we can finally get some homebrew stuff.

OpticNurv · « **Reply #6 on:** March 18, 2006, 11:24:00 AM »

i give it a week or 2 before the hacked firmware hits the net due to a leak or a recompilation from a different team, jst be patient guys, and yes... Congratz

HELLTICK · « **Reply #7 on:** March 18, 2006, 11:27:00 AM »

I believe they want someone else to figure it out and release it.
Thats why they keep saying its ALL in the H/W section of the site.
Someone else gets it out, spec's team dont get in shit, and still get the credit they deserve for doing it first.
Its win,win,win.

OcnewB · « **Reply #8 on:** March 18, 2006, 11:28:00 AM »

This is good news however its still far from homebrew..

Nice to see though!!

prankfurter · « **Reply #9 on:** March 18, 2006, 11:29:00 AM »

That is great news. And I also think its great that he is not releasing it to the public.

snowcrash8 · « **Reply #10 on:** March 18, 2006, 11:30:00 AM »

QUOTE(prankfurter @ Mar 18 2006, 01:00 PM)

That is great news. And I also think its great that he is not releasing it to the public.

someone will release it soon....

JohnnyVegas · « **Reply #11 on:** March 18, 2006, 10:55:00 AM »

Very nice work guys.

Did anyone else notice the nifty little waffer board on the left of the dvd tray?

Happy to see they are doing the right thing.

DaddyO21 · « **Reply #12 on:** March 18, 2006, 10:56:00 AM »

Man boring , anybody want to make a hacking team and release it to the public , power to the people , Open Source forever!!!

mlapaglia · « **Reply #13 on:** March 18, 2006, 11:34:00 AM »

great work guys. im with ya on not releasing it. keep it up!

guvna · « **Reply #14 on:** March 18, 2006, 11:34:00 AM »

I aggree, although there is the unfortunate devide between homebrew and piracy.

I mean, does this mean that the technical ppl who can create such homebrew programs can now start doing them for the 360?
if this is the case, then I'm well up for sticking some modded firmware on my drive. I already have 2 xbox's, and did so for this reason. i can use one for legit xbox live purposes, and the other to hack to bits and run other stuff on.
I'd like to get rid of the xbox 1 if stuff gets ported over like emulators and other great programs that have appeared.
I understand the legal implications about said great ppl releasing this onto the net, and i fully understand that no-matter how good they feel about doing this, they fear for everything if they do so.
I'm not interested in piracy. I've bought every single xbox and 360 game that i own. Purely because I like to go live with most of them.
Yes, i have a chipped xbox1, but that's only because of the things i can do with it. like running media center, or surreal, or mame. fantastic.
I can't wait for these programs to run on the 360.
Thanks for everything "the specialist" and a few others. you've inspired a few ppl to get involved a bit more, and without your help, a lot of things wouldn't have progressed.
The way I'm thinking however, is that I want to get my 360 modded so I can start chucking other stuff on it.
Long live those that are techincal. And short live those that stop them.

Guv.

Author Topic: Xbox360 DVD Firmware Hacked - Video (Read 2611 times)