Post by: xodus_xodus on December 25, 2005, 07:32:00 AM
This video shows the swap of a xbox 360 game with a dump of it on a cdr..
From this, we can deduce some information..
Take a look at it.
The video is there :
http://adn.nihlium.be/bob/HotSwap_by_sliders58.rar
many thanks to sliders58 from a famous belgium forum for this trial..
---
EDIT MODERATOR: ... above link is down, here's another mirror and also 2nd video (much longer, more details) and 3rd video (showing that if you slowly swap the disc it doesn't work)
video1: http://www.youtube.com/?v=l0fkXld5Tqc
video2: http://media.putfile.com/x360gueuxbe_swap_methode ; http://media.putfile.com/x360gueuxbe_swap_methode
video3: http://media.putfile.com/x360gueuxbe_swap_slow ; http://media.putfile.com/x360gueuxbe_swap_methode
Post by: Druggedpolak on December 25, 2005, 09:14:00 AM
whats everyone elses thoughts? Also when he stops the disk to show us that it is a backup the game is still going... tell him to remove the disk but then not replace it with anything and see what happens..
i dont believe it though
Post by: Tobb555 on December 25, 2005, 09:28:00 AM
Post by: modthebox.tk on December 25, 2005, 10:06:00 AM
it can't be that simple; it just can't..
Post by: t_mac_ca on December 25, 2005, 10:34:00 AM
Post by: OpticNurv on December 25, 2005, 11:05:00 AM
Post by: Anubis-MG on December 25, 2005, 11:08:00 AM
Or it does work but only till the dvd drive has to read the disc to load a new area.
It would really be nice if these people would read the posts before doing things that others have already
done!!
Post by: cyberg4 on December 25, 2005, 11:12:00 AM
oh well it looks like a start.Edit: Just saw Anubis' post. Looks like it may not work after all. but it may be a start.
Post by: crosseye on December 25, 2005, 01:18:00 PM
Post by: rootofallevil on December 25, 2005, 02:07:00 PM
Post by: xodus_xodus on December 25, 2005, 02:46:00 PM
take a blank cdrw of 700MB..
copy an xex file from a backup into this cdrw + as many files as you can...
burn and finalize the cdrw..
switch the xbox on..
once on the menu, put the cdrw in..
the game will start but the xbox will say that there is a read error with this cdrw.. because files are missing..
won't work with a dvdrw..
therefore, the X2 can execute cdrws.. and there is a media check..
Post by: t_mac_ca on December 25, 2005, 02:53:00 PM
QUOTE(xodus_xodus @ Dec 25 2005, 05:53 PM) 
Here is an other intesting trial..
take a blank cdrw of 700MB..
copy an xex file from a backup into this cdrw + as many files as you can...
burn and finalize the cdrw..
switch the xbox on..
once on the menu, put the cdrw in..
the game will start but the xbox will say that there is a read error with this cdrw.. because files are missing..
won't work with a dvdrw..
therefore, the X2 can execute cdrws.. and there is a media check..
So in theory i could burn the multiplayer part of halo2(which is less than 700mb) and burn it to a cd-rw and it should play?
Post by: Druggedpolak on December 25, 2005, 04:10:00 PM
i think there should be a test to see who gets into the hacking portion of the forum.
Why do all of you believe when a person says that they did something that they actually did it?
I bet the people that saw the video and said yeah it must work, wont even try doing it
also wouldnt you see this posted EVERYWHERE if it did work?
Post by: Arakon on December 25, 2005, 05:14:00 PM
that can not and never will work with exectuable files, however.
Post by: ravenslayer on December 25, 2005, 05:56:00 PM
can someone please translate
it seems this guy is an active member over there so wy would he post a fake video
maybe he did find out something ?
Post by: bucko on December 25, 2005, 06:05:00 PM
QUOTE(xodus_xodus @ Dec 25 2005, 09:53 PM)
Here is an other intesting trial..
take a blank cdrw of 700MB..
copy an xex file from a backup into this cdrw + as many files as you can...
burn and finalize the cdrw..
switch the xbox on..
once on the menu, put the cdrw in..
the game will start but the xbox will say that there is a read error with this cdrw.. because files are missing..
won't work with a dvdrw..
therefore, the X2 can execute cdrws.. and there is a media check..
Lo, also the video download link is now a bad link.
Post by: crosseye on December 25, 2005, 08:24:00 PM
If you don't believe me, try it yourself. Take a Halo 2 backup, set your 360 up the same way with the DVD drive open on top. Start the game, stop moving for a while and let the disc spin down. Switch to your backup and resume playing. The game will only run until the cache is out, and then you get a dirty disc. If you really wanna be funny, just take the disc out and watch it play.
So, like I said, anyone could make a video. Show me a game and give some proof, not these dark videos trying to hide what's really going on. You don't have to have darkness EVERYWHERE if you just stay off the camera. Not like the CIA is looking for you.
Post by: Gael360 on December 26, 2005, 01:07:00 AM
QUOTE(Anubis-MG @ Dec 25 2005, 07:15 PM)
Yep I already tried this method 3 weeks ago and I am the one that posted that is did not work.
Or it does work but only till the dvd drive has to read the disc to load a new area.
It would really be nice if these people would read the posts before doing things that others have already
done!!
Just tell me something : you tried with an ISO from Team PI ?
So please try to make the ISO with the hotswap method. You will have a full backup, with the Video DVD session, instead of the Team PI backups which have only the XDVDFS session.
And to finish, if someone does something you already said it do not work, it's also because you can have made a mistake while testing !
Post by: tom15 on December 26, 2005, 02:07:00 AM
QUOTE(b0utmym0ney @ Dec 26 2005, 05:01 AM)
anyone got a link to this video the link is not workin no more i wanna see this for my self...
Since the link was posted on xbox-scene forum, adn_ftp who hosted the file just saw his server down (too much upload).
He hopes someone will host the file, because it was a hundred times downloaded. (see http://gueux-forum.n...ic=85594&st=220
Gael360 could you post the video from sliders58?
PS: gueux.be comes from France, not Belgium.
Post by: Gael360 on December 26, 2005, 03:10:00 AM
QUOTE(tom15 @ Dec 26 2005, 10:14 AM)
Gael360 could you post the video from sliders58?
Sorry I didn't keep it, but if someone send it to me, I can put it on my web site
Post by: Arakon on December 26, 2005, 04:04:00 AM
Post by: Gael360 on December 26, 2005, 04:15:00 AM
QUOTE(Arakon @ Dec 26 2005, 12:11 PM)
stop getting worked up over this, think about the facts.. it may work for a video, but it can never work for executables, since the signature check is done before launching the executable, you get NANOSECONDS to swap after that, and guess what happens when the disk is stopped and the dataflow is interrupted after the sig check? yep.. it rechecks the sig and/or considers it invalid for the data it is now getting.
I really think you do not understand what we are talking about : running a backup is not a problem of checking the signature of the executable, but the media type of the DVD. This is why we have to do this hotswap.
Post by: sick_mate_xbox on December 26, 2005, 05:10:00 AM
QUOTE(Arakon @ Dec 26 2005, 08:41 PM)
stop getting worked up over this, think about the facts.. it may work for a video, but it can never work for executables, since the signature check is done before launching the executable, you get NANOSECONDS to swap after that, and guess what happens when the disk is stopped and the dataflow is interrupted after the sig check? yep.. it rechecks the sig and/or considers it invalid for the data it is now getting.
yeah, i agree. i dont think its worth getting excited. MS would of thought of this before the 360 was even an idea..
Post by: Lukenatme on December 26, 2005, 05:43:00 AM
Post by: Arakon on December 26, 2005, 07:54:00 AM
QUOTE
I really think you do not understand what we are talking about : running a backup is not a problem of checking the signature of the executable, but the media type of the DVD. This is why we have to do this hotswap.
yes, it IS a problem of the signature check. even if you swap around the media check, the signature will be invalid and the executable isn't launched. if this would work, it would've worked for the xbox 1 already.
Post by: Gael360 on December 26, 2005, 08:48:00 AM
QUOTE(Arakon @ Dec 26 2005, 04:01 PM)
yes, it IS a problem of the signature check. even if you swap around the media check, the signature will be invalid and the executable isn't launched. if this would work, it would've worked for the xbox 1 already.
Ok, for you something YOU are not able to do is impossible ... So can you explain me what is the problem with this signature check, I mean a technical explanation, not something like 'I heard someone saying we can't'.
For me, the signature is a part of the default.xex file, it proves that the xex file hasn't been modified since MS signed it. But for playing backup, we're doing an exact copy of the xex file, with its signature... So I can't see where is the signature check problem.
Post by: jamie123 on December 26, 2005, 09:31:00 AM
and if it is, can someone post instructions on how to do this? what does this do? the translated forums are too hard to read?
Post by: pez2k on December 26, 2005, 10:02:00 AM
QUOTE(Gael360 @ Dec 26 2005, 03:55 PM)
For me, the signature is a part of the default.xex file, it proves that the xex file hasn't been modified since MS signed it. But for playing backup, we're doing an exact copy of the xex file, with its signature... So I can't see where is the signature check problem.
There's also a media check. Each executable has a flag saying what sort of media it can be run from, for example a game is flagged to run only from a pressed Xbox DVD, the emulator updates are flagged to run from HDD or rewritable media, etc. If you copy the game from the original pressed DVD to a writable disc, as it tries to boot the console will check the media flag (pressed disc) against the media (writable disc). The media check will fail, and the console will give an error. Now why not change the media flag of the executable? That would break the MS signature of the file, and thus it wouldn't boot. The only way to fix that is to know the key to resign the executable with, and cracking 2048-bit RSA encryption isn't going to happen any time soon.
Post by: b0utmym0ney on December 26, 2005, 12:25:00 PM
Post by: crosseye on December 26, 2005, 12:30:00 PM
Regardless, this little trick of theirs didn't even show a freakin game playing. I'm pretty sure it showed a stupid video they made.
Post by: Gael360 on December 26, 2005, 01:13:00 PM
QUOTE(Arakon @ Dec 26 2005, 09:00 PM)
the entire disk is part of the signature. you change anything on the disk, the signature becomes invalid.
Ahahaha you are too funny !
Ok you don't know anything about the security system. Can someone explain to this funny guy how works the xex signature?
Have a look to the 'strong name' concept in .NET, it's the same idea.
And please, before saying I'm wrong, ask yourself how is it possible to run the backward compatibility upgrade from a burned CD, and also think that sometimes you can be wrong...
Post by: pez2k on December 26, 2005, 01:46:00 PM
Post by: enixn on December 26, 2005, 02:30:00 PM
1. why does the cd say star fox?...maybe its an RW, but otherwise kinda weird it wouldnt say pgr3
2. what is that flickering at the bottom of the tv screen?...dunno if its a reflection or bad record..Im guessing he cant do this in good lighting because it might interfere with the dvd?....but tehn theres the handheld light, just why is it always so dark?...
3. (this is in support of the video) Would a burned (rejected!) dvd/cd continue spinning after the media check failed?, unless it is a video (dvd) in which case when he stopped it, the movie just quits playing... Also, can you play a movie on a dvd from clicking on the dvd tray pic in the dash?...or do you have to go to "media" and videos.....
Post by: InterestedHacker on December 26, 2005, 03:38:00 PM
QUOTE(theone31 @ Dec 27 2005, 12:29 AM)
ok if and this is a big if this works,where the hell does it get us ,as u have to have the original to play the back up
Yeah, that's the bottom line. What fat lot of good is it if you have to boot from the original game, to load a copy of it??? In theory, as long as the media check doesn't happen again (which it may NOT), then you can't load another game using any original? UNLESS, there is a 'file manager' type original disc that lets you launch other .xbe files, but that would still run the media check....
It's a no win situation.
Unless you can boot a different game, by hot swapping, you are just wasting everyones time, and forums space. The only thing is is good for is running a backup copy of your game, but it's a bit of a waste of time if you have to boot from the original, and risk damaging the disc during hot swapping.
Also, do you know just how much damage a shattered DVD can do when it's wizzing around at 10,000 rpm?? There's an episode of Myth Busters I think you should watch...
Post by: theone31 on December 26, 2005, 03:41:00 PM
QUOTE(InterestedHacker @ Dec 26 2005, 10:45 PM)
Yeah, that's the bottom line. What fat lot of good is it if you have to boot from the original game, to load a copy of it??? In theory, as long as the media check doesn't happen again (which it may NOT), then you can't load another game using any original? UNLESS, there is a 'file manager' type original disc that lets you launch other .xbe files, but that would still run the media check....
It's a no win situation.
Unless you can boot a different game, by hot swapping, you are just wasting everyones time, and forums space. The only thing is is good for is running a backup copy of your game, but it's a bit of a waste of time if you have to boot from the original, and risk damaging the disc during hot swapping.
Also, do you know just how much damage a shattered DVD can do when it's wizzing around at 10,000 rpm?? There's an episode of Myth Busters I think you should watch...
ha i see that it was pritty damn cool
Post by: legueux on December 26, 2005, 04:10:00 PM
QUOTE(InterestedHacker @ Dec 26 2005, 11:45 PM)
Yeah, that's the bottom line. What fat lot of good is it if you have to boot from the original game, to load a copy of it??? In theory, as long as the media check doesn't happen again (which it may NOT), then you can't load another game using any original? UNLESS, there is a 'file manager' type original disc that lets you launch other .xbe files, but that would still run the media check....
It's a no win situation.
Unless you can boot a different game, by hot swapping, you are just wasting everyones time, and forums space. The only thing is is good for is running a backup copy of your game, but it's a bit of a waste of time if you have to boot from the original, and risk damaging the disc during hot swapping.
Also, do you know just how much damage a shattered DVD can do when it's wizzing around at 10,000 rpm?? There's an episode of Myth Busters I think you should watch...
Hi,
You're saying that these peoples are juste wasting everyones times and forums space.
The goal is not it to test the various possible ways and to test them until the end in order to be certain not to pass beside something of interesting.
Other things will be tested starting from this method and even if that does not lead to nothing at least they will have tested instead of awaiting hypotetic exploit from a team. At least they have the merit to share their experiments and they are not there to wait, like much, to just be able to download games illegally.
My 2 cents
Post by: unspoiledpuma on December 26, 2005, 05:00:00 PM
Post by: crosseye on December 26, 2005, 05:09:00 PM
Post by: unspoiledpuma on December 26, 2005, 05:26:00 PM
QUOTE(crosseye @ Dec 27 2005, 01:16 AM)
If the guy wants to really prove he's not doing something fake. Tell him to turn on the damn lights in his room. I've never seen such utter BS for a reason the lights aren't on. Something about getting a better picture from the camcorder??? Yeah right. Turn on the lights and let us see what's going on. If he can do that, maybe we'll believe it.
Why to be such sceptible?? This guys have made many different version of is video to proove that this is not a fake, the bad light is caused by his camera (it's not a real camcorder, it's a digital camera that takes small movie) i dont understand why you dont beleive this, why you dont help this method to be improve with all the knowledge you have??? BTW do you think that this method and a "future" modify frimware for the dvd drive is a good solution to play backup games???
Post by: crosseye on December 26, 2005, 07:29:00 PM
QUOTE(Gael360 @ Dec 26 2005, 02:20 PM)
And please, before saying I'm wrong, ask yourself how is it possible to run the backward compatibility upgrade from a burned CD, and also think that sometimes you can be wrong...
The MEDIA FLAG decides how a signed file runs. The media flag for the backwards compatibility is set to run from almost anything. Pointing out how that works from a CD is absolute stupidity. I hope to god you just made a serious mistake in what you're trying to say. If not, this just shows you know nothing about them, and further goes to say since you know nothing, this idea probably does not work.
EDIT: I would not say this idea is impossible, but based on what you guys have shown, highly unlikely. Show something real= Lights on, show both discs, the original as it's started, the backup, finish a race, start a new one. If you can do all this I'd be more likely to believe it's working. I will continue to say it does not based on trying it already with a Halo2 backup.
Post by: slader99 on December 26, 2005, 08:29:00 PM
QUOTE
Complete a race on PGR 3 and start another. This way it could easily show it's not just the cache playing out.
are you telling me that video footage we observed of him joining a race on XBOX live, and then racing for a full 4 minutes was all from the cache? Why the hell did the game stop then when he stopped the disk from spinning?
Nice to see your not compleltly pig headed tho. You went from saying this was complete bullshit at the start of the thread, to "not impossible". Is it not possible that whoever performed this experiment with the HALO2 backup screwed up?????
And yes I would be far less sceptical if the lights are on, but honestly do you blame the guy? My face and the contents of my room are the last thing I would want to post on the internet when performing anything to do with the disasembly / modification of my xbox 360. "They spent billions securing it" what makes you think they wont spend anytime or money tracking down those that break or aviod that security?
slayed
Post by: crosseye on December 26, 2005, 08:42:00 PM
QUOTE(slader99 @ Dec 26 2005, 09:36 PM)
are you telling me that video footage we observed of him joining a race on XBOX live, and then racing for a full 4 minutes was all from the cache? Why the hell did the game stop then when he stopped the disk from spinning?
I'm not sure WHAT was going on in that video. It's so freaking dark it's impossible to see. I can see the screen and that's it. YES, I do blame the guy. You have some serious conspiracy theory problems if you think turning on the lights and showing what's going on around your tv is gonna bring MS down on you. LOL, it's not like they're the CIA. They aren't coming after you and you've done NOTHING wrong. You didn't steal anything of theirs and they hold NO grounds in court. So, turn on the lights! Hell, if you wanna be as paranoid as you are, having the lights off means nothing. They could already find out who this guy is by his screen name. They're probably at your door now
Post by: grillo2k3 on December 26, 2005, 09:37:00 PM
Post by: US Nationalist on December 26, 2005, 10:17:00 PM
Post by: Cyphix on December 26, 2005, 10:33:00 PM
Post by: xcollection on December 26, 2005, 11:11:00 PM
QUOTE(sebaliseb @ Dec 27 2005, 06:54 AM)
pfff... i see spidergx promoted by xbox scene, so i shouldn't be surprised by seeing all those crap post there.
the site you like so much also promotes the spidergx
http://gueux.be/modu...index.php?id=18
Post by: Gael360 on December 27, 2005, 01:22:00 AM
QUOTE(crosseye @ Dec 27 2005, 03:36 AM)
Another note, you stated this earlier which shows how little you must really know;
Yesterday I found a post where everyone was saying you're a fucking idiot, just because you said it should take one year or more to crack the xex signature/private key. You answered that this quote was out of context.
I think you took one line from my post to have something to say... If you read the entire post, you should understand that I was answering someone saying 'the signature is on the entire disc', which is wrong.
To be honest we, at gueux.be, are tired of trying to explain here what we are doing. We started posting here just to let you know what we discovered. But I realized that we made a mistake, we do not want anymore to share anything with dumbass like you crosseye.
Crosseye, just a question : what did you find ? Did you do any test of hotswap ? Do you even have a Xbox360?!?
And stop boring me with 'Someone said Halo2 doesn't work', because it's not a Xbox360 game, and this guy made a mistake : I'm pretty sure he made a copy of his game by inserting it on his modded Xbox1, downloaded every files by FTP, made an XISO with gdfimage or another XDVDFS iso creation tool, burned to a DVD and tried the hotswap with.
It can't work, because the entries of the XDVDFS session are not the same between the original and the burned DVD, just because he rebuild the XDVDFS iso.
We find that the hotswap doesn't work if the orignal game is not the samez than the backup, for example using PDZ as original and PGR3 as backup. We assume that the Xbox read the XDVDFS entries in the same time it read the media flag, and keep it in cache.
So remember crosseye : if you don't know, don't speak. Try some tests yourself before telling you know something. The only thing you know is information other people give to you.
Post by: SMC on December 27, 2005, 02:08:00 AM
QUOTE(jizmo @ Dec 26 2005, 10:58 PM)
Saying this doesn't get us anywhere is pretty short sighted; first of all it gives us some valuable information about media checks in x360. Secondly, who's to say a system can't be exploited just by adding things to data files and causing unexpected behaviour to the games - it's done before on computers and consoles.
Some people here are all over the obviously fake PSP hack and others are one-wire modding their x360's and when someone posts first plausible hack-like thing, the bashing begins.
Taking things with a grain of salt isn't a bad thing, but don't OD it.
Good example, the stupid acts of some have ruined it for others
Post by: krayzie on December 27, 2005, 02:52:00 AM
This is rather useless though IMO. Why would you risk destroying your disc/drive just to run a backup of a game which you should have on you all the time. This trick has nothing to do with breaking media checks or signatures. It's just cuz the checks are done in the xbe/xex and everything after that can be run from any kind of disc. So you can swap discs anytime after the game has loaded (taken the fact that there are no further executables loaded after that like some games and demo discs).
Post by: InterestedHacker on December 27, 2005, 04:14:00 AM
I have explained, and others have, as to why this will lead no where. It HAS already been tested by several of the top guys on here, as it was on the original XBOX. There are some very professional people posting on here, and they aren't posting crap about hot swapping, they are off hacking the drive firmware because this crap is not going to work and is a futile noob attempt at trying to make out this is a quick hack.
Let's just look at the XBOX security and you will understand why this is a useless procedure.
When the XBOX boots, the first thing that happens is the there is a challenge response to the DVD-ROM from the XBOX Kernel. This 'unlocks' the disc so the drive can read it. At this stage, unless you have an EXACT copy of the original disc the 360 won't unlock the drive, and will refuse to boot it. (copying the discs like people have been doing will NOT work for this challenge response). The other part of this unlocking process is the signature check and media check. The signature of the files loaded are check everytime, and any modifications will halt execution. The media check is hardcoded into the executable(s) on the DVD. This bit of code says whether the game can run off an original pressed DVD, or a DVD-R. You cannot change this media flag, it's on part of the disc that cannot be written to. You cannot disable the media check by modifiying the executable, as it's signed, and any single bit changed makes it invalid. You cannot sign code yourself, we cannot and will not ever have the key (read about the other threads about bruteforcing the key and you will see why it will take an eternity). The final part, IF the media check passed and the DVD was unlocked, is then to boot the executable on that disc. At this point, the game will boot and stay in memory, whilst 'data files' are loaded.
Now, if you swap discs, for the SAME game, the 'data files' (ie. sounds, models, bitmaps) WILL be loaded from the copy disc, AS LONG AS THE DRIVE REMAINS UNLOCKED AND THE MEDIA CHECK DOES NOT RE-OCCUR, AND THE DISC LAYOUT IS IDENTICAL TO THE ORIGINAL. The media check may or may not re-occur, this is the only area I am not sure about, any in any case all you are doing is loading the exe from the original, and then loading the content / data files from the copy, which is of course signed (or most likely the cache, which has been mentioned in earlier posts). You cannot boot a different game, if you understand the above. If you boot PGR3 exe, and then swap for Kong, it will give you a dirty disc error because the files it needs aren't on the disc. You cannot launch another XBE file, and if you could, it would invoke the media check again and fail because it's on a DVD-R. This HAS all been proven dozens of times.
So, to sum up, this IS a pointless excercise.
Post by: InterestedHacker on December 27, 2005, 04:20:00 AM
QUOTE(xodus_xodus @ Dec 27 2005, 01:24 PM)
This last comment is stupid and finally uses the conclusion of the trial.
This trial had to be done to confim or not confirm some facts.
A good thing, it has been done.
More that that, it has never been written that this method is valid for massive usage..
You comments looks like "too bad I haven't done it first" !
...
It had already been done!! It's a pointless pile of crap that someone has tried to make out is 'amazing news', when it's useless news that the 'real hackers' out here already knew.
Post by: InterestedHacker on December 27, 2005, 04:54:00 AM
QUOTE(Gael360 @ Dec 27 2005, 01:48 PM)
Bien messieurs je pense que ce dernier post prouve bien que ce forum, bien que décrit comme technique, est rempli uniquement d'idiots qui n'ont qu'à perdre du temps à râler, n'ayant pas eux-même de console ni une quelconque connaissance technique.
Ils sont juste bons à se masturber sur l'idée qu'un
'real hacker' leur apportera la solution toute faite sans qu'ils aient à réfléchir un seul instant.Plutôt que de perdre mon temps à essayer de leur faire comprendre quelque chose, je m'en retourne bien vite chez Gueux où je serais avec des gens de meilleurs compagnie.
Messieurs les angliches ... allez vous faire foutre.
Si vous voulez en savoir plus ... ben vous n'avez qu'à apprendre à parler français
et venir sur gueux :http://gueux-forum.net/
I suggest you take your masturbation comments and practice them yourself, over your amazing theory of XBOX security, and shove them up your french forum >.< I won't post on here again, because all it does is invoke childish remarks from people who haven't really got a clue.
Post by: InterestedHacker on December 27, 2005, 05:05:00 AM
QUOTE(Gael360 @ Dec 27 2005, 02:05 PM)
Good news, many thanks !
You're welcome
You have a good sense of humour, which at least adds something to this thread that's worth reading.Sorry, I couldn't resist one more reply...
Post by: krayzie on December 27, 2005, 05:18:00 AM
QUOTE(xodus_xodus @ Dec 27 2005, 12:24 PM)
This last comment is stupid and finally uses the conclusion of the trial.
This trial had to be done to confim or not confirm some facts.
A good thing, it has been done.
More that that, it has never been written that this method is valid for massive usage..
You comments looks like "too bad I haven't done it first" !
...
right.. I am glad some people like that some allready existing facts were confirmed. Hooray for you and them.
Yet I don't see any relation of this opening any doors into modding the 360 and I certainly don't understand the use for all this pointless hyping and arguing in the thread that is filled with 99% of people that don't even understand what they type.
oh and your comment looks like "I will defend my right to have an opinion and others who do not share mine i will treat with some sorry, based on nothing kinda statement about them just being jalous"
Post by: dstealth on December 27, 2005, 05:51:00 AM
QUOTE
Bien messieurs je pense que ce dernier post prouve bien que ce forum, bien que décrit comme technique, est rempli uniquement d'idiots qui n'ont qu'à perdre du temps à râler, n'ayant pas eux-même de console ni une quelconque connaissance technique.
Ils sont juste bons à se masturber sur l'idée qu'un 'real hacker' leur apportera la solution toute faite sans qu'ils aient à réfléchir un seul instant.
Plutôt que de perdre mon temps à essayer de leur faire comprendre quelque chose, je m'en retourne bien vite chez Gueux où je serais avec des gens de meilleurs compagnie.
Messieurs les angliches ... allez vous faire foutre.
Si vous voulez en savoir plus ... ben vous n'avez qu'à apprendre à parler français et venir sur gueux :
http://gueux-forum.net/
Ils sont juste bons à se masturber sur l'idée qu'un 'real hacker' leur apportera la solution toute faite sans qu'ils aient à réfléchir un seul instant.
Plutôt que de perdre mon temps à essayer de leur faire comprendre quelque chose, je m'en retourne bien vite chez Gueux où je serais avec des gens de meilleurs compagnie.
Messieurs les angliches ... allez vous faire foutre.
Si vous voulez en savoir plus ... ben vous n'avez qu'à apprendre à parler français et venir sur gueux :
http://gueux-forum.net/
lol
Post by: quall on December 27, 2005, 06:35:00 AM
Post by: mkjones on December 27, 2005, 12:56:00 PM
Come back with some hard as concreate proof and I may belive it
Post by: krayzie on December 27, 2005, 01:47:00 PM
Post by: enixn on December 27, 2005, 02:20:00 PM
Post by: krayzie on December 27, 2005, 02:27:00 PM
Post by: spinr34 on December 28, 2005, 02:58:00 PM
stopping the disc gives the video more credibility but i'm not home to test some theories i have and that still doesn't eliminate the idea of someone else doing the same thing on another 360. if they opened one i'm sure they more than likely have opened another...
Post by: chilin_dude on December 28, 2005, 03:56:00 PM
QUOTE(krayzie @ Dec 27 2005, 09:59 AM)
Why is there so much fuzz about this. There is absolutely nothing new here. This method would also work on a xbox 1 (in fact there were methods like this used to get backups on live that didn't even require swapping discs.)
I always read about these, but never actually believed they existed, did you merely here about them or witness them>
Post by: tekn0 on December 28, 2005, 09:19:00 PM
i may be way off on this though
Post by: crosseye on December 28, 2005, 09:26:00 PM
Post by: jameswalter on December 28, 2005, 10:48:00 PM
QUOTE(crosseye @ Dec 28 2005, 08:33 PM)
It will work. Now, you tell me what the hell you're gonna do with it. Is it really feasible to hotswap the original just so you can play the SAME backup?
Exactly...you will do more damage to the original in the swap process than just playing the game.
Post by: mitch2025 on December 28, 2005, 10:54:00 PM
Post by: krayzie on December 28, 2005, 10:59:00 PM
Post by: fornorst on December 29, 2005, 03:13:00 AM
QUOTE(InterestedHacker @ Dec 27 2005, 12:21 PM)
The media check may or may not re-occur, this is the only area I am not sure about, any in any case all you are doing is loading the exe from the original, and then loading the content / data files from the copy, which is of course signed (or most likely the cache, which has been mentioned in earlier posts). You cannot boot a different game, if you understand the above. If you boot PGR3 exe, and then swap for Kong, it will give you a dirty disc error because the files it needs aren't on the disc. You cannot launch another XBE file, and if you could, it would invoke the media check again and fail because it's on a DVD-R. This HAS all been proven dozens of times.
So, to sum up, this IS a pointless excercise.
With the sliders58's test, you have your answer : the media check and the signature check do not occured again. Those checks are done one time and only one. The next check will occured when the 360 will reboot or when the DVD drive will be opened.
If that hotswap can gives this answer, I can't understand why you thinlk is useless. Now, do your own test and comme to gueux to share your results as we do.... I'm not sure to see anybody from Xbox-Scene into Gueux... Proves me I'm wrong....
Post by: krayzie on December 29, 2005, 04:19:00 AM
QUOTE(fornorst @ Dec 29 2005, 11:20 AM)
With the sliders58's test, you have your answer : the media check and the signature check do not occured again. Those checks are done one time and only one. The next check will occured when the 360 will reboot or when the DVD drive will be opened.
If that hotswap can gives this answer, I can't understand why you thinlk is useless. Now, do your own test and comme to gueux to share your results as we do.... I'm not sure to see anybody from Xbox-Scene into Gueux... Proves me I'm wrong....
Sure why don't we all take a speed course in French and go to Gueux to celebrate this wonderfull discovery you guys made.
Post by: grimdeath on December 29, 2005, 05:42:00 AM
Post by: chilin_dude on December 29, 2005, 05:44:00 AM
QUOTE(krayzie @ Dec 29 2005, 06:06 AM)
I understood the technique (before they fixed the hole) and even saw video's from another technique (that is fixed now too) so I know for a fact that it WAS possible.
And here was me thinking it was merely an urban legend all this time!
Good to know.
Post by: Chancer on December 29, 2005, 05:57:00 AM
QUOTE
I'm not telling that Gueux is better than XS or XS better tah gueux or anything else, but I think your attitude is not helpful.
What do you consider worse.
Nothing hacked or cracked at the moment so keeping quiet or
Nothing Hacked or Cracked at the moment so invent some theories and spout about what you are going to be able to do with this or anything else.
I feel its better to be a realist and unless you have a real breakthrough you bide your time and you keep quiet.
When that moment arrives say your piece and back it up with something that is actually useful to other people.
False hope and Stories only create confusion.
Post by: krayzie on December 29, 2005, 06:12:00 AM
QUOTE(Chancer @ Dec 29 2005, 02:04 PM)
False hope and Stories only create confusion.
Exactly....was this news really worth 6 pages of random useless speculation and other bullshit? People only see some backup being played and getting all hyped up about it and they forget or don't understand anything on the subject of security itself.
And in the end all contibutions are offcourse welcome. It really doesn't mather if it's from X-S Gueux or some other hacking site.
Just making some progress is one thing, hyping stuff up and make it look like it's one big deal is another thing.
Post by: krayzie on December 29, 2005, 06:47:00 AM
You can't ever make original game A load backup game B.
Post by: Spark on December 29, 2005, 07:16:00 AM
If some people do not understand that work, then fuck them, they were probably never meant to anyway, but I don't agree that those doing things such as this should keep quiet, it's the speculators that need to be silenced, not those working to push things further.
Post by: krayzie on December 29, 2005, 07:17:00 AM
Post by: fornorst on December 29, 2005, 07:36:00 AM
Concerning the method we are trying to set up, it can work. I explain you :
. boot with an original disk (PGR3 for example)
. wait to be in the game
. return to the dash with the central button (not with opening the DVD Drive!!)
. once on the Dash, changes your original disk with a backup one. The difference between the original and the backup is simple : the default.xex is not the same. It is at the same place on the disk but is totally different (hello world, ...)
With our previous test, we show that the hypervisor do not check the media flag again when returning to the dash without opening the DVD tray. So, this first protection is passed away. The second protection concern the xex's signature. Will that signature be read by the hypervisor or not in that particular case ? Actually, I can't say "yes" or "no". Do you ? Have you test that ?
Post by: loop2047 on December 29, 2005, 07:52:00 AM
QUOTE(krayzie @ Dec 29 2005, 02:54 PM)
the point is that the backup needs to be a 1 to 1 copy of the original. So how could this ever be usefull into loading backup discs.
You can't ever make original game A load backup game B.
not 100% true from my understanding and research.
what happens when you insert an original game is the drive reads data to validate the media and to be able to read the actual content.
it reads the size and section structure and alot of other stuff once you insert the media.
now all your copied media has to have is the actual game data on the same offset since no ingame checks can be done.
if you mean with 1:1 copy, that every bit of data of the copy needs to be the same as the original, this is wrong and you can check it out with this current(working and unuseful) hotswap method.
however, if a virtual disk image is kept in memory that tells the system what files are on the disk (TOC) and it does not do a new lookup then its going to fail.
I have yet to see a media where this conditions fit.
however hotswap is in no way useful here.
so better we find a kernel vulnerability that we could somehow trigger
//edit
yes the signature check is performed whenever a xex gets executed.
this is build into ring0 at low level and you dont have a chance to bypass it.
Post by: Chancer on December 29, 2005, 07:57:00 AM
QUOTE
it's the speculators that need to be silenced
In which case most of the posts in this thread need trashing along with yours. this whole thread is built on speculation of what will be achievable suing this method. There is no point me repeating what will come of it as it has been stated quite clearly.
Post by: krayzie on December 29, 2005, 08:03:00 AM
Also I am not agains sharing information. I just dislike the thousands of posts that arise of people that don't understand it and start asuming they can play backups (a lá kiosks disc). A nice line in the first post to mention that it is NOT meant for playing backups would be sufficient IMO.
Post by: Chancer on December 29, 2005, 08:13:00 AM
QUOTE
Also I am not agains sharing information. I just dislike the thousands of posts that arise of people that don't understand it and start asuming they can play backups (a lá kiosks disc). A nice line in the first post to mention that it is NOT meant for playing backups would be sufficient IMO.
This is my exact point. I am in agreement totally.
Something groundbreaking yes announce with a bang but don't allow people to believe this is THE hack for the 360
Post by: krayzie on December 29, 2005, 09:38:00 AM
Unfortunately we do not know anything about the 360's encryptions and the 360's security is far more advanced making the chance to create a buffer overflow hack extremely small.
And I'm sorry if some people don't like some critisism about subjects. This should be a discussion site. Is it only intended for positive discussion or something? Can I not critisize an idea if I feel it makes no sense?
If someone says he can fly can I not help him out of that dream? If too much ideas in here are so similar (people seem to not read a single post before creating a new thread themselves) can I not say it won't work or that their idea is not original?
If people feel that confident that it will work (people that actually test things themselves instead of the usual "what if or could this....." posters) then I'm sure they can defend themselves and their ideas.
Post by: crosseye on December 29, 2005, 12:59:00 PM
Post by: PedrosPad on December 29, 2005, 03:22:00 PM
QUOTE(crosseye @ Dec 29 2005, 10:06 PM)
The problem we have krayzie is children nowadays are brought up not knowing what criticism is. Parents are told only to encourage their children, but never tell them they are wrong, or something is not possible. You see, they have never experienced someone explaining to them why they are wrong. All they've ever heard is just keep trying, you're doing good. While I don't disagree with encouragement, sometime Johnny needs to be told he's a flippin moron. LOL
lol - OT, but so, so true.
Post by: TheRandomDude on December 29, 2005, 10:40:00 PM
oh well, have fun
Post by: musclecarman1 on December 30, 2005, 01:42:00 AM
Post by: mod7 on December 30, 2005, 10:09:00 AM
Post by: deakphreak on December 30, 2005, 10:12:00 AM
QUOTE(musclecarman1 @ Dec 30 2005, 09:49 AM)
Are all of you guys that believe this is true, morons? I seen this done many times. It is called slight of hand. You see that the guy in the video covers the camera with the DL DVD+R, then when he swaps the game out he places the DVD+R on top of another DVD, probably another copy of the game. It's called a magic trick! Whats next, you guys are going to have a shiny quarter come out of your ear!
Do you know what happens when you double up dvd's in a drive? Try it in your pc and tell me the results.
Post by: deakphreak on December 30, 2005, 11:04:00 AM
QUOTE(Spark @ Dec 30 2005, 07:01 PM)
If the laser is exposed ala Dreamcast/PSone then the top disc will usually fly off. If they're inserted into a covered drive like a PC/Xbox then its bye bye drive.
Yea it could very well ruin the drive but definately will ruin your disk. It will spin the top disk and really scratch up the underside from spinning on the 2nd disk. A few of my dumb friends have done this in my drive, i hear it and i run in there and tell them to take it out. RETARDS!!!! Im talking about my PC not xbox FYI
Post by: deakphreak on December 30, 2005, 11:59:00 AM
QUOTE(Spark @ Dec 30 2005, 07:52 PM)
In additon, the effects would be worse on a DVD than it would a CD, as 1x DVD is the equivalent of approximately 52x CD.
And if I were you deak, I would kick your friends out of your house before they do some real damage.
They werent disks i care about but yes i do care about my drive. It seems like the only time my friends come around is when they want something
Its very annoying, its either to help with a website, help them with a computer or some other various thing.
Post by: TheRandomDude on December 31, 2005, 10:29:00 AM
lasers = bad
plz don't do anything stupid and sue the person who told you about it. Then again, if you are stupid enough to let the laser refect into your retina, I consider that natural selection.
Post by: viper_8548 on December 31, 2005, 12:14:00 PM
QUOTE(TheRandomDude @ Dec 30 2005, 05:47 AM)
um, I also hate to bring this up but isn't there some dangerous rays comming from the laser that are invisible to the human eye and can blind you permanently?
oh well, have fun
If you check the laser classifications they range from Class 1 to Class 4, from harmless to most dangerous.
DVD/CD drive's lasers are usually Class 1, which are harmless to the eye and require no controls.
QUOTE(deakphreak @ Dec 30 2005, 05:19 PM)
Do you know what happens when you double up dvd's in a drive? Try it in your pc and tell me the results.
I did that once in my Pioneer 106, I was wondering why my drive was so noisy until I found out I accidently put 2 disc in. Didnt check if the disc was readable with another stacked on top, but no damage was done to the drive.
Post by: InterestedHacker on January 20, 2006, 05:14:00 AM
QUOTE(TheRandomDude @ Dec 31 2005, 07:36 PM)
did anyone hear my warning?
lasers = bad
plz don't do anything stupid and sue the person who told you about it. Then again, if you are stupid enough to let the laser refect into your retina, I consider that natural selection.
LOL @ natural selection
Post by: shakaru on January 20, 2006, 06:10:00 PM
QUOTE(Spark @ Dec 30 2005, 07:52 PM)
In additon, the effects would be worse on a DVD than it would a CD, as 1x DVD is the equivalent of approximately 52x CD.
And if I were you deak, I would kick your friends out of your house before they do some real damage.
Actually, the speed is the same. Its kinda like playing a 45rpm record at 72rpms. Same speed, more data.
@Deakphreak
All I can say best modchip video ever! How can you dispute that video. And lets not forget to mention that sexy piece of eye candy working the disk.
Post by: deakphreak on January 20, 2006, 07:34:00 PM
QUOTE(shakaru @ Jan 21 2006, 02:17 AM)
@Deakphreak
All I can say best modchip video ever! How can you dispute that video. And lets not forget to mention that sexy piece of eye candy working the disk.
ha ha ha thanks. You see it shows the backside of the disc and everything, i got nothing to hide. That was my wife, she was wearing a hoodie because we keep our temp down to like 50 - 60 so we can save money. We dont make a whole lot
Post by: PirateElf on January 29, 2006, 02:56:00 AM
QUOTE(quall @ Dec 27 2005, 02:42 PM)
^^I'm with you. I can't believe that I read through 5 pages of pointless argumenting between members.
You got off easy... I had to go through 9 pages.. Terrible...
Now on to the actual topic. I take a few things away from this whole conversation.
1: If this works (which I am not willing to try or even attempt) then cool. It's nothing really big but then again most things start out that way. You have one neat idea and that spawns a whole lot of other great ideas. It's a neat start but the focus of this exploit cannot soley be running a backup from an original.
2: If this is a fake.. Accept this person feels better about themselves and at least had a good laugh. It might have been at your expense for believing them but at least they laughed? Nothing said/viewed/ or done in this thread will stop the scene from attempting more unique ways to bypass M$
3: What are the actual uses and benefits of this method? At this point in time? Not many. In fact it is very limited (At least at this point) in what it can do. But if this method is proved legit and it is the spring board for another idea that actually gets us one step closer then so be it.
4: All security (in theory) is hackable/crackable/whatever phrase you want to throw out there. The problem is the sheer numbers and time. Is it plausible to do X in a given amount of time? I have no doubts the xbox360 can be cracked HOWEVER if said cracking takes a few decades (or longer if you read some articles) then what is the purpose? As was pointed out earlier in this thread, you would be amazed at some of the stupidity/laziness of some security systems. Good ideas but bad implementation.
5: And finally to, at least a handful of people on both sides of this conversation. Does it make you sleep better at night to bash an idea on a public forum? There is constructive criticism, encouragement, and then there is just plain rudeness. If you feel in your mind/heart that this method is complete BS then don't read it, let the simple sheep run around with heads full of grandeur that they overcame a multi-billion dollar company. Like all things on the internet eventually we learn that it's truth or we realize someone out there is really bored with their life and have nothing better to do than f@$# with other people. A personality flaw to be sure but nothing I am really going to lose sleep over.
Post by: crsnwby on February 21, 2006, 04:23:00 PM
On the video, its not fake it just doesnt work, the game crashes at the menu cos it will not read data from the cdr.
The reason it continues to boot is because its buffered on the xbox.
Thats why if you play say fifa then put in PGR you have to watch the intro vid, its buffering the info on the box, if you reboot and play pgr again you can skip the vid cos the xbox keeps the cache of the last game played to speed up loading times.. IE the xbox is loading from cache not the cdr when it does try the cdr it crashes thats why the clown stops the disk instead of playig the game....
the vid is pointless and does not work
SOMEONE CLOSE THIS TOPIC.......
Post by: krayzie on February 22, 2006, 11:55:00 AM
Post by: lordvader129 on February 22, 2006, 04:38:00 PM
QUOTE(Mr_Mo @ Feb 22 2006, 03:37 PM)
Don't say it is impossible. How is the media stamp protected?
If it can be read by a DVD-drive, then shouldn't be able to reporduce one?
the media ID is put on the disc at the factory (this includes dvd-r discs) and no dvd burner is capable of writing this on a disc (theres no need, its always set ont eh disc at the factory)
so you would have to produce your own dvd-r discs and burn them in your homebrew dvd burner, and hope they somehow still conform to the dvd spec enough for the xbox/360 to even read them
Post by: lordvader129 on February 23, 2006, 11:56:00 AM
QUOTE
About the disc swapping issue: yes, this will be possible, since disc authentication is only executed directly after disc insert. But as said, it will only work for a single game, e.g., you can't swap game disc B in after disc A got authenticated (since the TOC got read).
i think it would also fail to work for games that us multiple xbes/xexs, since when a newexecutable is laoded the media check will run again
Post by: krayzie on February 23, 2006, 12:31:00 PM
QUOTE(lordvader129 @ Feb 23 2006, 08:03 PM)
i think it would also fail to work for games that us multiple xbes/xexs, since when a newexecutable is laoded the media check will run again
everytime a (new) xbe/xex is pushed into ram it needs to get verified first. most games however have only one executable. this swap trick was just as useless as the kiosk disc anyway and I really don't understand how this can grow 10 pages. I guess most people try to grasp every single spark of hope they can
Post by: crsnwby on February 23, 2006, 03:53:00 PM
CLOSE THIS SHITE PLEASE
Post by: TheSpecialist on February 23, 2006, 05:45:00 PM
Post by: krayzie on February 23, 2006, 10:32:00 PM
QUOTE(TheSpecialist @ Feb 24 2006, 01:05 AM)
I haven't tested it, but I am quite sure it won't be a problem. The kernel sets a flag that a disc is 'authenticated' after succesful authentication (executed after disc insertion). Only thing that resets this flag is a drive eject.
So, if another executable is booted from the same game, kernel will check its mediaflag, will see that it's only allowed to boot from an 'authentic XBOX dvd', will then check that 'authentication bit' it has set, will see it has been set and will then boot the executable.
I remember in the old days before pbl and the days where pbl wouldn't work on a 5530 or higher kernel we needed to sign our xbe's manually to work with the exploit. in that situation we needed to sign all xbe's on the disc to ensure not to get an error 21 after loading the 2nd xbe. I remember it specifically using topspin giving me a hard time with errors 21. (and I'm quite sure the mediaflags were allready patched in the xbe's)
It would also seem more logical to me that after checking the first xbe media flag it would set that to an 'authentication bit' since the other xbe's are on the same disc and rechecking the others seem quite useless.
Post by: crsnwby on February 25, 2006, 07:58:00 PM
for fuks sake SWAP DOES NOT WORK AND IS POINTLESSLY RESTRICTED EVEN IF IT DID WORK
close this shit
Post by: tom15 on February 26, 2006, 07:30:00 AM
QUOTE(crsnwby @ Feb 26 2006, 04:05 AM)
fuck me these forums used to be handy and all i get now is posts on top of posts in shite threads that have titles that will never work...
for fuks sake SWAP DOES NOT WORK AND IS POINTLESSLY RESTRICTED EVEN IF IT DID WORK
close this shit
Oh no Crosseye is back...
Post by: bowser22 on February 26, 2006, 11:08:00 AM
c ya:)
Post by: krayzie on February 26, 2006, 12:56:00 PM
Post by: bowser22 on February 26, 2006, 03:37:00 PM
Post by: TheSpecialist on February 28, 2006, 09:58:00 AM
QUOTE(krayzie @ Feb 24 2006, 06:39 AM)
I remember in the old days before pbl and the days where pbl wouldn't work on a 5530 or higher kernel we needed to sign our xbe's manually to work with the exploit. in that situation we needed to sign all xbe's on the disc to ensure not to get an error 21 after loading the 2nd xbe. I remember it specifically using topspin giving me a hard time with errors 21. (and I'm quite sure the mediaflags were allready patched in the xbe's)
It would also seem more logical to me that after checking the first xbe media flag it would set that to an 'authentication bit' since the other xbe's are on the same disc and rechecking the others seem quite useless.
Yes,: the media flag of all xbe's had to be changed to allow booting of 'none xbox dvd media', so these patched xbe's would also require a new (habibi) signature. But as you'll understand, my point was that that 'DISC authentication' check (to see if the disc in the drive is an 'authentic' xbox dvd) is only executed ONCE, at disc insertion.
So, to make it clear:
1. disc is inserted, xbox does a check on the disc to see if it is an 'authentic' xbox dvd and set the 'authentication bit' accordingly.
2. Once an xbe is started, the kernel will check its media flag and see if it is allowed to boot, according to the 'authentication' bit.
Post by: krayzie on February 28, 2006, 10:11:00 AM
QUOTE(TheSpecialist @ Feb 28 2006, 06:05 PM)
Yes,: the media flag of all xbe's had to be changed to allow booting of 'none xbox dvd media', so these patched xbe's would also require a new (habibi) signature. But as you'll understand, my point was that that 'DISC authentication' check (to see if the disc in the drive is an 'authentic' xbox dvd) is only executed ONCE, at disc insertion.
Ahh ok I see we understand eachother now. I was bit confused by your former post. The signature needs to be valid on every xbe but the disc media check is only performed once. Yup still sounds logical.