Print

[Keshire]

Out of the numerous threads I've read. It seems no one is truely sure what can and can't be done.

The Firmware Hack plays Backups. This much is known and clear.

But can you modify non-signed content? ei everything but xex/pir

I'm under the impression that you can modify the content. But I have people shooting me down saying the entire disc is signed. Which I happen to think is pure bull, speculation, misinformation on their part.

So can I get someone knowledgable to set this straight for me?

For my knowledge. The firmware Hack sends out a modified Media Flag so the xbox accepts the disc as retail.

[krayzie]

No not the entire disc is signed but som parts could be checksummed. But I think the firmware hack requires a perfect 1 to 1 backup as it contains certain sectors which need to be in the exact place on the disc.

[Keshire]

QUOTE(krayzie @ Apr 5 2006, 12:05 AM)

No not the entire disc is signed but som parts could be checksummed. But I think the firmware hack requires a perfect 1 to 1 backup as it contains certain sectors which need to be in the exact place on the disc.

Ie the security Sector. Which should be able to be placed when the ISO is built. Isn't there an ISO builder/Burner that does this for Xbox 1? Qwix? As for Checksums on the content. Thats going to be per game most likely. And not related to security. Ie standard Zlib or Adler checksums.

[PedrosPad]

QUOTE(Keshire @ Apr 5 2006, 06:01 AM)

Out of the numerous threads I've read. It seems no one is truely sure what can and can't be done.

The Firmware Hack plays Backups. This much is known and clear.

But can you modify non-signed content? ei everything but xex/pir

I'm under the impression that you can modify the content. But I have people shooting me down saying the entire disc is signed. Which I happen to think is pure bull, speculation, misinformation on their part.

So can I get someone knowledgable to set this straight for me?

Your question is fair, but simply premature.

Very few people have the X360 FW hack yet, thus very little experimentation has been done in this area.

Commenting on how the XBOX1 worked and other experience, it was title specific.  Some titles checksumed all support files, others none.  So depended on the whim of the developer.

Since M$ is very aware of the issues this created on XBOX1 (TeamNinja's nude patches, GTA hot coffee, etc.) – they may have provided the developers core routines for this this time, and mandated their use.  It’s just too early to say.

[Keshire]

QUOTE(PedrosPad @ Apr 5 2006, 03:36 AM)

Your question is fair, but simply premature.

Very few people have the X360 FW hack yet, thus very little experimentation has been done in this area.

Commenting on how the XBOX1 worked and other experience, it was title specific.  Some titles checksumed all support files, others none.  So depended on the whim of the developer.

Since M$ is very aware of the issues this created on XBOX1 (TeamNinja's nude patches, GTA hot coffee, etc.) – they may have provided the developers core routines for this this time, and mandated their use.  It’s just too early to say.

That puts it in perspective a little better. Thank you. I'm curious if the few people that flashed their drives have attempted this.

[vegas2times]

QUOTE(JKD @ Apr 5 2006, 05:43 PM)

Just got hold of the hacked firmware, is there a tut anywhere with a complete guide on how to flash the drive.
Thanks !!!!!

No youve not, youve got the fake thats going about. its for the original Xbox

[hitman24]

In the Marth update Microsfot has removed the frimware hack, but they did somthing esle that's super good. You sill need Media Center Endtion but now with help of 3rd party Meida Center only amp It'll now play DIVX and Xivd files. I just though you sound konw.

[MacDennis]

QUOTE(Keshire @ Apr 5 2006, 07:01 AM)

Out of the numerous threads I've read. It seems no one is truely sure what can and can't be done.

The Firmware Hack plays Backups. This much is known and clear.

Correct.

QUOTE(Keshire @ Apr 5 2006, 07:01 AM)

But can you modify non-signed content? ei everything but xex/pir

In general you can. But it depens on the game actually. They might have put a checksum on a data file, the game engine might check this.

QUOTE(Keshire @ Apr 5 2006, 07:01 AM)

I'm under the impression that you can modify the content. But I have people shooting me down saying the entire disc is signed. Which I happen to think is pure bull, speculation, misinformation on their part.

That's pure bull, speculation, misinformation on their part.

QUOTE(Keshire @ Apr 5 2006, 07:01 AM)

So can I get someone knowledgable to set this straight for me?

Sure.

QUOTE(Keshire @ Apr 5 2006, 07:01 AM)

For my knowledge. The firmware Hack sends out a modified Media Flag so the xbox accepts the disc as retail.

It's not a simple as a media flag. Once again, a media flag IS NOT the center of the security scheme. The FW hack fakes a correct challenge / response session actually.

[Schizoid]

But how do we know this Firmware hack is actually tue and not a fake.

I mean come on, the so called video evidence on the net is in no way conclusive.

Although it looks as the the "Modded XBOX 360" is connected to the TV, what is stopping them from having another XBOX 360 running a true copy of PGR3 connected to the rear AV socket

[Keshire]

QUOTE(Schizoid @ Apr 6 2006, 07:38 PM)

But how do we know this Firmware hack is actually tue and not a fake.

I mean come on, the so called video evidence on the net is in no way conclusive.

Although it looks as the the "Modded XBOX 360" is connected to the TV, what is stopping them from having another XBOX 360 running a true copy of PGR3 connected to the rear AV socket

The technical details are well documented. Thats how people know it's not fake. That allows those with the know-how to recreate it themselves.

[TheSpecialist]

QUOTE(Schizoid @ Apr 7 2006, 02:38 AM)

But how do we know this Firmware hack is actually tue and not a fake.

Well, here are a few 'clues'

1. Watch the laser movement in the video, it won't move that way when YOU insert a backup.
2. Read statements from people that actually have a basic understanding of the hack
3. All info on how the hack is done is documented on XBH and can be verified
4. Various respected teams acknowlegded the hack and some are even working on reproduction of it.
5. As far as I know, at least one person already succeeded in doing the hack himself, who was NOT a member of the original team that did it
6. And last but not least: MS released an official statement, acknowledging that the 360 is vulnerable to this hack and that it allows playback of backups.

[asakal]

QUOTE(TheSpecialist @ Apr 7 2006, 08:59 PM)

Well, here are a few 'clues'

1. Watch the laser movement in the video, it won't move that way when YOU insert a backup.
2. Read statements from people that actually have a basic understanding of the hack
3. All info on how the hack is done is documented on XBH and can be verified
4. Various respected teams acknowlegded the hack and some are even working on reproduction of it.
5. As far as I know, at least one person already succeeded in doing the hack himself, who was NOT a member of the original team that did it
6. And last but not least: MS released an official statement, acknowledging that the 360 is vulnerable to this hack and that it allows playback of backups.

would I be a laughable bastard if I just offered you a hundred bucks via paypal for your version of the layman's cliff notes?

But seriously, I do have a ton of studying up to do to get myself to the point were I can replicate your (and the nameless others due credit) work according to the current reference material available. kudos.

Am I correct in assuming that the firmware can be flashed multiple times *safely* if M$ updates via live (or a new game) assuming their countermeasures render the original hack useless?

I have a good firsthand knowledge of how the smartcards DaveTV used were hacked. Opening up these cards made all channels, PPV included, available until Dave sent a handy ECM in the data stream. Each time a hack was prevented, a new code was created to circumvent the security and viola. Problem was Dave got good enough over time to send these ECM's so constantly that the hack was rendered virtually useless. I see a semblance between the firmware hack and the one we fooled Dave with. Juding on the number of interested parties who would love to play their precious "backups" on the 360, I am wanted to ask you if and when enough people have this hack readily available, do you see M$ heading this off quickly? Since you have a working knowledge of how the challenge/response session was coded I though this was a relavent question. Do you see this as a future problem to the firmware hack?

And yeah, first post so flame on...  

[TheSpecialist]

QUOTE(asakal @ Apr 8 2006, 09:50 AM)

would I be a laughable bastard if I just offered you a hundred bucks via paypal for your version of the layman's cliff notes?

Hehe The notes are all on XBH, not in a summarized form, but spread all over several (long) threads.

QUOTE

do you see M$ heading this off quickly? Since you have a working knowledge of how the challenge/response session was coded I though this was a relavent question. Do you see this as a future problem to the firmware hack?

The firmware hack can and will be detected by MS. However, your analogy with satellite TV is very good and I'm guessing we'll see the same here: MS releasing patches and hackers hacking them again etc. It will become a 'cat/mouse' game.

[TheSpecialist]

QUOTE(SharkUW @ Apr 8 2006, 06:31 PM)

No, the notes are not all at the XBH forums. Some posts were removed at the Specialists' request. These were key posts. If you don't have an old copy of the thread then you're sol w/o doing your own work.

Some posts got removed, because ppl got quoted with link to stuff that might give problems, like links to firmware dumps. Once again, ALL info is on XBH. Check the wiki for example:

For xbox 1:

QUOTE

The DVD authentication works like this: After a disc is inserted, the drive checks to see if it is a ‘double layer DVDROM’. If this is the case, it reads sector $FD021E. This sector is called the ‘security sector’ (SS). The drive performs some basic checks on the disc. The xbox sends a first ‘mode sense’ and ‘mode select’ command to the drive, mainly to see if these basic checks on the disc passed. If so, the xbox issues a ‘read DVD structure’ command to the drive, to ask for a part of the security sector. This part contains a challenge/response table for the xbox. The xbox verifies the signature for the table, decrypts the table and starts issueing challenges to the drive. The drive descrambles another table from sector $FD012E (using the ‘challenge’ that is in the sector header of this sector, the ‘CPR_MAI’ field), containing the responses.
The xbox issues the challenges with a ‘mode sense’ and reads the ‘responses’ from the drive with a ‘mode select’. If all responses that the drive sends match the responses in the table that the xbox recevied, the xbox assumes an original DVD is in the drive.

For xbox 360:

QUOTE

Backups have succesfully booted on the 360. The authentication protocol is basically the same as the xbox 1 (see xbox 1 info in this wiki. However, the 360 uses a few different ‘challenge/responses’ types. Some responses are being read from disc. See the ‘challenge and response protocol’ thread by Robinsod.

Details can be found in the HW threads. If you feel that the information is still not complete, please let me know.