Post by: Xbox-Scene on February 10, 2007, 09:46:00 PM
Quote
Download the slides of the presentation from root.org |
Post by: MaximusX15 on February 10, 2007, 09:15:00 PM
Post by: Ray2Kay on February 10, 2007, 10:36:00 PM
Post by: SpiderX1016 on February 10, 2007, 11:20:00 PM
Post by: steveju on February 11, 2007, 12:12:00 AM
QUOTE(Ray2Kay @ Feb 11 2007, 05:43 AM) 
man give them a idea..........thats a nice right out.
1. check that responses vary appropriately between challenges of the same type == Let's hope that the DVD drive in the box is in it's theoretical best working condition. Even if the drive isn't hacked, some drives are extremely slow to pull out data off a disc, so should those drives be banned? --> Unhacked & hacked drives are affected
2. use same debug commands to load disc-specific hashing code into drive, check for patched firmware == Let's send some commands to the drive and see what happens; a. The cheap drive isn't working like it should and sends some error code or hangs the system b. The drive is hacked and prevents this from happening --> Unhacked & hacked drives are affected, they could even brick some drives with this.
3. look for SS.bin file via host or code loading into drive == Rename SS.BIN
. I doubt they can spy on the SS -data that is loaded from the disc (where it's located). Is the SS.BIN even stored as SS.BIN in the media when burned? Or is it just plain data. I really don't get how "looking for a file" would help if it's plain data to begin with.I think that "effort/$" is not in m$'s favor.
Post by: Nicroma on February 11, 2007, 12:22:00 AM
Post by: IntestineMan on February 11, 2007, 03:14:00 AM
Then there was Sammy Lightfoot that put a 23-read error on the last sector of track 18! Kevin's Pirate Pack to the rescue! Anyone ever remember a program called "Error Maker", written by Kevin Pickell? It was a utility that made errors on the disk using a 1541 drive. I remember the 27 error maker didn't work and I learned eventually how to code the 1541 and examined his code and disassemblies of the 1541 and as a result was able to make a 27-read error. I was able to program my own utilities and learned quite a bit about it. I also remember GCR (Group Coded Recording) and the reason for it was so would not write many on-bits (FF's) in a row since 1541 was soft-sectored. It converted a sector of 256 8-bit bytes to 256 10-bit bytes. Since it was an 8-bit CPU, it stored these 10-bit bytes as 320 8-bit bytes. A characteristic of GCR was that there would be no more than 2 or 3 (can't remember exactly) consecutive on-bits. The drive It used a stream of FF's, or on-bits, to sync up to the sectors - basically the drive would read data off the disk until it found a whole bunch of FF's and then as soon as it found data it would read until it found a sector header, then use that to read in the 320 bytes of GCR and translate it to 256 real bytes. One protections was to change the gap length and time it, or could rewrite the entire track layout and the whole disk would look like errors. Once could also squeeze an extra sector on certain tracks, and even add extra tracks (track 40).
Post by: ConteZero76 on February 11, 2007, 03:37:00 AM
As for "fooling" something "the easy way" is just a programmed interface capaible of emulating the "real thing", either "some part" or "the whole".
Having a fast digital programmable interface that could be programmed to give certain responses and feeding certain data it's possible to emulate an XBox/XBox360/... DVD, too bad no one followed this way (that's not so comfortable) and there's no such interface on a standard PC (mean you'll need a custom PCI card or some USB2.0 thingie).
Post by: Alkane on February 11, 2007, 07:40:00 AM
QUOTE(ConteZero76 @ Feb 11 2007, 05:44 AM) 
At the end it's clear that the "final solution" is a modified reader (CD/DVD/HD/BD) capaible of carrying out pit & lands instead of cooked sectors (so every "hack" could be found/replicated).
As for "fooling" something "the easy way" is just a programmed interface capaible of emulating the "real thing", either "some part" or "the whole".
Having a fast digital programmable interface that could be programmed to give certain responses and feeding certain data it's possible to emulate an XBox/XBox360/... DVD, too bad no one followed this way (that's not so comfortable) and there's no such interface on a standard PC (mean you'll need a custom PCI card or some USB2.0 thingie).
That idea is brought up often. Its simple an issue of cost. Drive emulators and similar hardware are extremely expensive.
Post by: rrg on February 11, 2007, 07:47:00 AM
Or you never know, there is always a chance that keeping cost down will prevail and continue to make it easier for everyone.
This post has been edited by rrg: Feb 11 2007, 03:49 PM
Post by: ConteZero76 on February 11, 2007, 07:57:00 AM
But programming an ARM to deal with commands (with the proper software) isn't that expensive.
General purpose processors with a good speed are actually used on most home appliances, even an AP is just $50 or so (think about some Texas Instuments IC into most DSL / AP, 150MHz is quite enough to run a program that send repiles to specified commands and "query" the host system (I.E. a PC) when needed).
The difficoult part is making the logic to drive the BUS electronically as it could require an ASIC, and the software to use the whole kit (ARM and host interface).
Anyway, once done the kit is almost universal because if you've used an ASIC to manage the bus you can make adapters for a wide range of "appliances", from ATA to SATA to (most) custom electronics.
What I'm telling is that a SATA host controller is into every $40 hard disk and a powerful enough CPU is into every $50 AP/DSL router... so there's surely a way to obtain an easy (non professional) device emulator with a decent price.
It's probably some sort of industry agreement or the developement cost that keeps people from trying.
This post has been edited by ConteZero76: Feb 11 2007, 04:09 PM
Post by: kneehighspy on February 11, 2007, 08:40:00 AM
ahh, the memories......sniff.
QUOTE(IntestineMan @ Feb 11 2007, 10:21 AM)
I remember "Frantic Freddie" as one of the first C64 games that used error protection. If I remember, it had a 21-read error on one of the first few tracks which it checked for. We used to duplicate it by starting a disk format (initialize disk) and pulling the disk out after hearing the drive head move up a couple tracks.
Then there was Sammy Lightfoot that put a 23-read error on the last sector of track 18! Kevin's Pirate Pack to the rescue! Anyone ever remember a program called "Error Maker", written by Kevin Pickell? It was a utility that made errors on the disk using a 1541 drive. I remember the 27 error maker didn't work and I learned eventually how to code the 1541 and examined his code and disassemblies of the 1541 and as a result was able to make a 27-read error. I was able to program my own utilities and learned quite a bit about it. I also remember GCR (Group Coded Recording) and the reason for it was so would not write many on-bits (FF's) in a row since 1541 was soft-sectored. It converted a sector of 256 8-bit bytes to 256 10-bit bytes. Since it was an 8-bit CPU, it stored these 10-bit bytes as 320 8-bit bytes. A characteristic of GCR was that there would be no more than 2 or 3 (can't remember exactly) consecutive on-bits. The drive It used a stream of FF's, or on-bits, to sync up to the sectors - basically the drive would read data off the disk until it found a whole bunch of FF's and then as soon as it found data it would read until it found a sector header, then use that to read in the 320 bytes of GCR and translate it to 256 real bytes. One protections was to change the gap length and time it, or could rewrite the entire track layout and the whole disk would look like errors. Once could also squeeze an extra sector on certain tracks, and even add extra tracks (track 40).
Post by: kungpaomaster on February 11, 2007, 10:00:00 AM
Load "$",8
Post by: bucko on February 11, 2007, 12:00:00 PM
Ah old school rocks.
CODE
LOAD
Press Play on Tape.
Post by: kungpaomaster on February 11, 2007, 12:54:00 PM
I would bet money at least 1/2 of those guys are in the xbox hacking scene.
It's amazing what was able to be done on such meager resources.
64K? This webpage (just this page) is probably more than 64K. Sheeeesh!
664 Blocks free! Oh yeah!
Post by: Master Reefed on February 11, 2007, 05:55:00 PM
the problem for me with the old systems, were the systems themselves were the ones that needed backed up.
anyone who ever owned/played a NES had to blow on the game, then in the console, then put a wedge on the left/right side of the cartridge so all the contacts made contact. lol
my cousin always put a second game above the other game to hold it down tight enough to play.
sorry to waste the space, but man I didnt even realise there was a "scene" back then. rofl