Topic: A Thought/question... (Read 130 times)

wolrahnaes · « **on:** December 28, 2005, 06:36:00 PM »

I started thinking about this back when we first came across the DVD-ROM based executables for Xbox1 and the subject of booktypes was first brought up. It's still a somewhat half-baked idea, so please don't be an ass and flame me if I overlooked something obvious. At least I'm putting my thoughts down in an organized fashion, spelled correctly, and not making a 37th thread for the same thing, which is more than can be said for quite a few around here.

With that out of the way, here's my question:

What is so different about a pressed Xbox/Xbox360 disc that we can't burn a disc to look just like it?

If we can burn a DVD-R with nothing more than a tweaked booktype which then appears as a DVD-ROM to the Xbox, why can't we copy everything that is shared among Xbox or 360 DVDs (the whole fake DVD-Video portion and whatever) but then burn past that to include XBEs or XEXs?

Basically what I'm looking for is how does the Xbox or the 360 differentiate a DVD-ROM from an XBOXDVD for the purposes of the media flag, and can we somehow duplicate this with a good burner?

I know some are looking in to hacking the DVD-ROM firmware to change the reported media type, so I figured why not attack this from the opposite end?

To me this seems like the easiest attack vector, because it's impossible for any hypervisor or whatever security measures have been implemented to detect it.

Obviously it would only be good for backups and not homebrew, but let's be honest, how many of us actually only use our modchips for homebrew? If it gets us half way, it's still progress.

Anyways, if you've got something useful to add, please reply.

krayzie · « **Reply #1 on:** December 29, 2005, 06:34:00 AM »

the xbox dvd code that is checked is put on the disc from factory. It's not something that can be added in the burning process.

lordvader129 · « **Reply #2 on:** December 29, 2005, 12:28:00 PM »

QUOTE(Wambla @ Dec 29 2005, 09:29 AM)

i don't think it's a just the booktype value on dvdrom...

From my experience on xbox1 ...MS at a certain point (2003?) added some extra bytes to the certificate in the xbe header to trigger a media check on the lead-in area of the dvdrom. Basically at the beginning of the MediaSpecific part of the lead-in area they recorded the time/date 32bits value present in the xbe header plus other data. Also they saved in the last 20bytes the SHA-1 of the lead-in except the lead-in-header and the last 20bytes, obviously.
There wasn't a way to set the MediaSpecific area during the burning of an xbox iso on dvdr.
So the media check was an hashing of the leadin area and a comparing of the result with the 20bytes stored at the end.

I don't have a 360 yet so I can't dig in it...but I have the feeling that it's not just the booktype and patching a firmware to just return a desired type it can be useless.

as krayzie said bitsetting/booktype (which can be changed) is not the same as media type (which cannot be changed)

as for the media checks in 03, im pretty sure those just check the media type, and they are actually a second set of media checks (the first appears in all xbox games, from launch on)

wolrahnaes · « **Reply #3 on:** December 29, 2005, 10:10:00 PM »

QUOTE(krayzie @ Dec 29 2005, 08:41 AM)

the xbox dvd code that is checked is put on the disc from factory. It's not something that can be added in the burning process.

thank you, that's what i needed to know.

i figured it wasn't this simple, otherwise someone would have already done it, but you never know.

time to dig up some specs on the DVD drive and see how feasable a firmware patch would be, since intercepting the signals on the SATA bus (1.5GHz LVDS) isn't all that easy.

Author Topic: A Thought/question... (Read 130 times)