Print

[Xbox-Scene]

Xbox 360 DVD Firmware Hack Update: Interview with Robinsod-- Posted by XanTium on March 21 09:00 EST
The guys at xlife.nl did an interview with TheSpecialist back sunday (translated by us to english here), now xboxic.com posted a new interview with Robinsod, one of other hackers that worked on the modified DVD firmware on XBH.
Here's an excerpt:

* Xboxic: Using the current hack the system cannot detect the modification, because the firmware can lie about its authenticity because of the cracked challenge/response protocol. Is it still possible for the system to softflash the drive should it want to? And if so, isn't the hack completely useless should Microsoft decide to simply reflash the drive's firmware every reboot, or every week, or every dashboard update?
* Robinsod: Well there are several parts to the answer. This is a consumer device and really you dont want to have a reflash fail and brick the device. I don't know if the Toshiba-Samsung drive has a fall back position to recover from a bad flash, the Hitachi-LG has a ‘recovery' mode if the main application is corrupted, restoring an empty firmware with only softflashing capabilities. If this feature, or something like it, does not exist then I doubt Microsoft would want to risk it, all those angry customers coming in with bricked 360's. The drive could be softflashed from the kernel, but the firmware controls the process, so it could just say that the flash succeeded any time even though it didn't do anything.

* Xboxic: Is your analysis of the used challenge/response protocols complete or does it just cover a subset of possible challenges? Would Microsoft be able to detect the hack if they send out a dashboard update sending different challenges to trigger erroneous behaviour from the firmware?
* Robinsod: Yes, I believe there's a reponse modifier but I haven't seen it used yet. Sure, then the game becomes how accurate an emulation can the hacker create? It becomes a game of cat and mouse.... The challenges themselves are actually on the game disc: the kernel reads an encrypted table from the disk, decrypts it and issues the challenges contained in it. Malformed challenges from the console could trigger correct responses from the hack and be detected, but we could probably reuse the existing code to factor this into the equations.

* Xboxic: Is there going to be an Xbox 360 revision soon containing a signed firmware in the drive? Ofcourse with the public key embedded in the DVD's ROM to avoid any future tinkering with the firmware?
* Robinsod: No idea, but unless the flash is inaccessable or properly encrypted any signature can be spoofed. I suppose if there was a bootloader in ROM that was packaged with the drives micro, that could check the flash's signature. The problem then is it pushes up costs, the drive uses standard components which don't have security features.

* Xboxic: $5 extra cost per drive to avoid 500k Linux boxes sold at $125 loss seems an easy equation.
* Robinsod: Then perhaps its a good thing the hack came so early and the cost of custom LSI can be spread over a larger number of consoles, and before too many ‘pirate capable' systems were sold.

* Xboxic: In a forumpost TheSpecialist literally said "I doubt you'll see some kind of OTHER hack soon, that lets you boot unsigned code for example. MS did a very good job on the 360 itself this time." Does this mean you guys don't see homebrew or other unsigned code being run anywhere soon, like within the current console's lifecycle?
* Robinsod: Hmmm, well given the complexity of the software (and MS's reputation for secure software) it seems unlikely that there's no way in. The problem is finding it... Another motivation for this hack is to see if there is any possibility of an attack via unsigned modified files (no idea if there are any or if it is - thats the next area of research). But again, any successful attack opens the door to piracy. If MS would sell me a home developers XDK that allows me the opportunity to write code for what is a fantastic piece of kit then I would have no reason or excuse for doing this.

Read the whole interview on xboxic.com.

[flbeserk]

Interesting read, seems like a step into the darkness.  we need the light!  

[redwolf]

QUOTE

Xboxic: Got anything else you want to add that we didn’t specifically ask about?
Robinsod: Unfortunately, there is a good chance some malicious **** will put together a ‘brickware’ package, just like they did for the PSP, and using it will erase the unique key in you drive and destroy your 360. This is also one of the reasons I am probably not continuing work on the hack. Apart from that I think I’m done.

micr0soft employee ?  

[adamscybot]

Interesting. Tell us more!

[Relaxos]

Hot damn i love these kinds of news.
More peeps with The Knowledge popping up every day.
Time to get a second 360 i guess. Just like the good ol days, 1 for live, 1 to hack to bits.
This just made my day, well this and watching the oblivion vid play on loop

[x30n_]

Do each and everyone own the hardware in the 360 we bought and paid for?

If yes, then we should be allowed the right to change the firmware to 'fix' any bugs or issues with said hardware without any action taken.  Also, wouldn’t MS need to advise us of any hardware firmware changes that are made and in turn provide us with the option to update it or not without breaking anything else in the functionality of the 360 if we choose not to update?  

They can update the live software all they want because it is theirs and they wrote it, but the DVD, hard drives, etc are from a 3 party vendor with MS firmware installed.   With that firmware installed it might lock features in it that someone else likes.  Maybe I am OCD and I need my DVD drive door to open and close 5 times in a row before I place a DVD or remove a DVD from it.   Shouldn’t I be allowed to have it do that?

If the answer is NO, then we are all in a world of s*it because I can see a can of worms opening up from other manufactures when we update firmware or bios with ‘modified’ code and not was the manufacture supplies.

[0794]

Another interesting slant - good interview.

And to all those whining that this firmware hack is for nothing but piracy, find something else to complain about...As he says...

"Another motivation for this hack is to see if there is any possibility of an attack via unsigned modified files (no idea if there are any or if it is - thats the next area of research). "

...waiting for the day when the 360 can really be used for more than just games...

[mandrake001]

heh the cheap dutch did it again

[krayzie]

QUOTE(wizardofcov @ Mar 21 2006, 07:13 PM)

So will there be any possible way of replacing the dvd drive with a different drive then hack this drives firmware ?

i assume this would be possible just incase i fry this 360 drive pissing about with it  LOL

Sorry about the pic but hey you like my box?

If you think logically you first dump your unique key before flashing and keep it safe. So in case your dvd gets fried you could get a replacement drive and insert that key to make it work

[Diablohead]

Ah yes, if its possible to use another drive then the one with the 360 with the right flashed firmware and what not (you should know what im meaning) then at least if something goes pair shaped rightfully swapping back to the old drive would be fine... i think.

Might depends what MS does and such with their runtime.

[ikecomp]

QUOTE(krayzie @ Mar 21 2006, 01:37 PM)

If you think logically you first dump your unique key before flashing and keep it safe. So in case your dvd gets fried you could get a replacement drive and insert that key to make it work

 kinda reminds me of backing up your eeprom key before attempting to do a softmod/hard drive upgrade so that you can restore it in the case of an unsuccessful mod attempt. I wonder if MS would let it be that easy though

[frOOt lOOps]

this is all very interesting. know the ball is in M$'s court. I myself am confused because i dont know wether xecuter or someone else will be able to release the 'magic firmware' and all you will need to do is plug it and flash it. But if i go and buy a 360 know and i cant flash it then i wasted my money, but could ms make madatory updates via disk/live that could ruin this. Also i intent on buying xbox live gold and i would hate to be banned from the service. But at the same time i worry that if i wait to see what happens then MS relases a new 360 that can't be flashed with the firmware. This is very annoying, perhaps a might buy a 360 and not open it up incase i need to take it back. Sure MS is going to sell more 360's if this future modified crack can be used but will they allow it. For one if MS doesn't try and stop the hack pirated game could be an issue. MS really need to hink this over.

[JohnnyVegas]

QUOTE(AbRASiON @ Mar 21 2006, 11:56 PM)

Curious, there was a post by a guy called Andy in one of the other threads, a rumour that this particular hack / fix / flash only works on a SINGLE GAME

It's only a rumour but he said that you flash the drive with the PGR3 key, it'll boot a fake PGR3 but NO OTHER GAMES - therefore you'd have to re-flash PER GAME?

Anyone know if that's true??!?

Don't know how true that is but that may be correct and go along with Xecuters comments on the games may need a patch in order to play.

Hum.. Curious to see if this is the case.

[JohnnyVegas]

Found the answer.. It's YES for now..

"that rumor is very true. I double checked with Robinsod and this was his answer:

for sure the thats how the version in the movie worked, some hard coded reponses, some data read from the disk for a particular game. Once that works its a piece of cake to read the correct data from an unused burnable sector on a DVD+R. This is what I meant when I said I would work to finish the hack and then do something else."

[Questioner]

What's sad is so many people don't even understand this hack.