Print

[ausmods]

Well, Ive always been curious about how the DVD drive would behave when a game is installed and played from the hard drive with the NXE dashboard... And so i took the cover off my 360 drive and tried a few different things...

So far ive done a few basic things that i found somewhat interesting...

 - After the DVD is inserted, the drive does a quick authentication (the movement of the laser doesnt seem to be different every time) and after that does nothing more

 - After the disc is authenticated, when i nthe dashboard, the disc keeps spinning, but can be manually stopped and removed, and the game can still be played without problem

 - Even when the game is exited (by pressing the guide button and then pressing Y to go to the dash) even with the disc removed, the game can be started again without having to put the disc back in.

 - THe disc stops spinning all together when the game is launched

So it seems as long as the eject button is not pressed and the console isnt reset at all, the game can be manually removed and played without the disc at all... Once the disc has authenticated just once, it doesnt access the disc at all... And can hence be played without the disc for as long as you want...

Food for thought lol... I found it interesting at least... I wish i knew more about hacking lol (IMG:style_emoticons/default/unsure.gif)

This post has been edited by ausmods: Nov 4 2008, 02:08 PM

[k6kicker]

You know, this isn't bad information man. Don't sell yourself short. Perhaps we might be able to cook up a saturn style swap trick if we can find a way to mask the eject button use. That or perhaps figuge out what sort of authentication algorithm is being used. Interesting info at the very least.

[Robborboy]

Hmmm, I had my ideas about this one.
Good job on checking this out it is nice to know.

On a side note, you said you can go in and out of the game as much as you want, I assume this does not include turning the 360 off all together right?

[ausmods]

Yeah the only catches are that you cant power off or reset the console, and the disc cant be ejected... Otherwise you could play the game as much as you want... Could be handy if you hire a game and want to keep playing it for a while after you have to take the game back lol

Sureley theres something random about the authentication, otherwise whats stopping someone from hooking up a chip to the DVD controller chip and injecting the authentication data, without a disc being in the tray at all...

This post has been edited by ausmods: Nov 4 2008, 10:47 PM

[weeder]

excellent,  possibly onto a swap trick i dunno, OP could you try doing it and ejecting the disc via the emergency hole on the front and report back? (IMG:style_emoticons/default/smile.gif)

[Robborboy]

QUOTE(ausmods @ Nov 4 2008, 05:43 PM)

Yeah the only catches are that you cant power off or reset the console, and the disc cant be ejected... Otherwise you could play the game as much as you want... Could be handy if you hire a game and want to keep playing it for a while after you have to take the game back lol

Sureley theres something random about the authentication, otherwise whats stopping someone from hooking up a chip to the DVD controller chip and injecting the authentication data, without a disc being in the tray at all...

That is what I have been asking about. Perhaps it is just too soon.

[torne]

QUOTE(ausmods @ Nov 4 2008, 09:43 PM)

Sureley theres something random about the authentication, otherwise whats stopping someone from hooking up a chip to the DVD controller chip and injecting the authentication data, without a disc being in the tray at all...

No, there is nothing random about the authentication. Nothing stops you from building a board that plugged into the SATA controller instead of the DVD drive, and emulated enough of the drive to respond to the disc checks. This device would only need to know your DVD key (obviously) and the relevant security info for each disc you wanted to emulate, along with some method of selecting, externally, which disc to emulate. You'd still need the DVD drive to install games, of course.

This previously wasn't a very interesting prospect since the DVD emulator would have had to contain the entire game, but now a relatively small amount of flash would be sufficient to store the security info. Maybe someone will design one.

[Robborboy]

QUOTE(torne @ Nov 5 2008, 03:20 PM)

No, there is nothing random about the authentication. Nothing stops you from building a board that plugged into the SATA controller instead of the DVD drive, and emulated enough of the drive to respond to the disc checks. This device would only need to know your DVD key (obviously) and the relevant security info for each disc you wanted to emulate, along with some method of selecting, externally, which disc to emulate. You'd still need the DVD drive to install games, of course.

This previously wasn't a very interesting prospect since the DVD emulator would have had to contain the entire game, but now a relatively small amount of flash would be sufficient to store the security info. Maybe someone will design one.

If by the time I grab a WD120gb drive to flash to the 360 parameters, that this has been developed, I am going to have a grand ol' time.

[ausmods]

QUOTE

No, there is nothing random about the authentication. Nothing stops you from building a board that plugged into the SATA controller instead of the DVD drive, and emulated enough of the drive to respond to the disc checks. This device would only need to know your DVD key (obviously) and the relevant security info for each disc you wanted to emulate, along with some method of selecting, externally, which disc to emulate. You'd still need the DVD drive to install games, of course.

This previously wasn't a very interesting prospect since the DVD emulator would have had to contain the entire game, but now a relatively small amount of flash would be sufficient to store the security info. Maybe someone will design one.

Hmm, fair enough then... The thing that stops me from beleiving that theory too much is that were dealing with Microsoft here... Sureley they wouldnt do something that is cracked that easily... Though, emulating a SATA controller wouldnt be easy... But couldnt there just be a chip that interfaces with the SATA controller on the DVD drive? Then again, think how many versio of the chip there would have to be... urgh lol... And imagine soldering to those fine pins on sata controllers...

There would have to be constant updates for a device (or chip) like this, to add the security info for each new game that comes out... But that wouldnt be difficult... A simple windows based update program could update the chip via usb or something... Plus flash memory is cheap as these days, so it would be a very viable option to have a large flash storage device with a controller that responds to the security checks...

But surely its not tht easy? But damn it sounds like a good concept...

This kind of thing is the reason why Im starting studying Electrical Engineering next year lol..


EDIT: I didnt even think of how the user would select which game they want to play... Hmm... Though, it could possibly be done so theres no external switch, there is a list of games you can launch that are installed on the hard drive. If you try to start a game without the disc, it says 'Content not found' and asks the user to insert the disc... To get around this, the modchip could be interfaced with the switch that tells the DVD drive if it is closed or not. It could tell the drive its been opened, then closed again (without actually opening the drive). Then the 360 will ask for authentication of whatever was inserted, and if the chip could somehow determine what disc the 360 wanted (so for example, it could determine if the user requested to play guitar hero from the UI), the chip could just respond to the security check with the right info... I hope that makes sense lol

Also, what method would the console use to figure out where the game is stored on the hard drive? It must retreive some part of information from the disc (Game name, hash, or something like that) and then compare it to each game that is stored on the hard drive, and select which one matches... Doesnt sound all that complicated, but there is a few ways it could be done...

Hmmm....

This post has been edited by ausmods: Nov 5 2008, 11:11 PM

[weeder]

set the game name on the thing which acting like a virtual dvd drive when the console is turned on it makes it think that game is in the drive, i was thinking of a way of adding an extra dvd drive to the xbox and have it switchable between the stock and mod drive without opening the console each time you wanted to change, its still a very wip in my mind though,im not sure what the device we use could be  since we are gonna have to have some way to change disc by the device itself  maybe usb controlled?  the pcb off an existing drive with a firmware that makes the 360 think its a full drive  with a disc in,

im not a hacker myself but  ive been around since xbox1 scene and am a pc builder so i somewhat know what im talking about, so no flames please

[torne]

QUOTE(ausmods @ Nov 5 2008, 09:52 PM)

Hmm, fair enough then... The thing that stops me from beleiving that theory too much is that were dealing with Microsoft here... Sureley they wouldnt do something that is cracked that easily... Though, emulating a SATA controller wouldnt be easy... But couldnt there just be a chip that interfaces with the SATA controller on the DVD drive? Then again, think how many versio of the chip there would have to be... urgh lol... And imagine soldering to those fine pins on sata controllers...

MS's security against this is the part we have already cracked: the authentication mechanism between the console and the drive, which has already been broken by the existing firmware replacements. People in the scene already know everything required about the 360's security.

Emulating a SATA target controller is not easy, no, but the specs are out there and you only need to implement some of the functionality: you just need an FPGA that can buffer the incoming data at the relatively fast line speed, so that a slower microcontroller can emulate the actual commands.

The DVD drive's SATA target interface is probably integrated with other components; it's unlikely you can just connect to it as the microcontroller is probably in the same chip. (don't know for sure, though; never had a reason to look). You could write a custom firmware for the DVD drive which would just return the security info from memory, but you'd have no real mechanism to 'switch discs' and there isn't a lot of space. Depending what external interfaces it has, though, you might be able to cobble something together which would download one set of security info at a time? Not sure without investigating the actual devices..

QUOTE

There would have to be constant updates for a device (or chip) like this, to add the security info for each new game that comes out... But that wouldnt be difficult... A simple windows based update program could update the chip via usb or something... Plus flash memory is cheap as these days, so it would be a very viable option to have a large flash storage device with a controller that responds to the security checks...

You wouldn't have "constant updates", you'd just rip the security info from your games and download it into the device flash. You'd only need to update the device itself for changes to the authentication mechanism. It's easy enough to have a USB target interface on such a device.

QUOTE

But surely its not tht easy? But damn it sounds like a good concept...

I never said it was easy: it would be quite difficult. But it's perfectly possible, and without really needing to discover anything new about the 360.

QUOTE

Then the 360 will ask for authentication of whatever was inserted, and if the chip could somehow determine what disc the 360 wanted (so for example, it could determine if the user requested to play guitar hero from the UI), the chip could just respond to the security check with the right info... I hope that makes sense lol

There's no way for the SATA target to know what disc the console is expecting: it doesn't say "please authenticate Guitar Hero", it says "please give me the security info for the disc in the drive". You would need some kind of actual interface on the device itself to select what data to return.

[ausmods]

Awesome, thanks for the info torne... Interesting stuff...

Makes me wish I knew more about how this stuff worked   ... I can think of how something might work, but Ive got no idea about where to look or where to even start...

[Robborboy]

QUOTE(ausmods @ Nov 5 2008, 11:01 PM)

Awesome, thanks for the info torne... Interesting stuff...

Makes me wish I knew more about how this stuff worked   ... I can think of how something might work, but Ive got no idea about where to look or where to even start...

Hah, you're not alone.

[torne]

Best way to learn is to dive right in and try some project

[mopoge]

I tried searching for this, but came up empty: Are the files sizes on the hard drive going to be same for all games like they are when burned to DVD (~7.05GB) or will the dummy/padding files be removed when stored on the hard drive?  It would be very cool if the latter.

Thanks,
Mo

QUOTE(mopoge @ Nov 12 2008, 03:45 PM)

I tried searching for this, but came up empty: Are the files sizes on the hard drive going to be same for all games like they are when burned to DVD (~7.05GB) or will the dummy/padding files be removed when stored on the hard drive?  It would be very cool if the latter.

Thanks,
Mo

Nevermind, I found the answer while browsing around the forums:

http://forums.xbox-s...o...5314&st=15#

Thanks,
Mo