Post by: Xbox-Scene on January 18, 2006, 02:02:00 AM
Unique 16 bytes in Xbox 360 DVD Firmware-- Posted by XanTium on January 18 03:26 EST
From MacDennis on xboxhacker.net:
Quote
Some new firmware facts! A little birdie told me some information about a second dump of a Toshiba/Samsung TS-H943 DVD-ROM drive. In comparison with the dump made by darkfly, only 16 bytes are different. The difference is at offset 0x401A - 0x4029. Thanks little birdie for your great effort! A 16 byte difference was also the case with the GDR-3120 dumps.
All clues indicate that each Xbox 360 DVD-rom firmware contains an unique key. I couldn't match the key to a console id / serial or drive serial. It's probably an unique key used in the AES routine to encrypt/decrypt communication between console and drive. Something which is new for the Xbox 360.
Post by: Hack_Bird on January 18, 2006, 01:57:00 AM
Another backup plan from MS ... Hope its only for productionline purpose and not for the Xbox360 to check if the original Dvd drive is inside.Note, Someone already swaped the Dvd drives? from Premium and Core ?
Post by: PedrosPad on January 18, 2006, 02:26:00 AM
QUOTE(Xbox-Scene @ Jan 18 2006, 10:33 AM) 
From MacDennis on xboxhacker.net:
All clues indicate that each Xbox 360 DVD-rom firmware contains an unique key. I couldn't match the key to a console id / serial or drive serial. It's probably an unique key used in the AES routine to encrypt/decrypt communication between console and drive. Something which is new for the Xbox 360.
So the 30 second test of exchanging same manufacture DVD-Rom drives between 2 X360s would appear to be all that's necessary to proof/disproof the per-box encryption theory!
Oh the irony M$ stock shortages so far have been its greatest defense.
This speculation sounds unlikely to me as it'd make provision/control of spare parts a bitch.
Whether it matches the stickered serial number or not, if unique on every drive, it sounds like a serial number to me.
It may contribute to an X360-console unique machine/configuration hash/digest (which, in turn, may be a component of some XBOX!Live authentication procedure like the old XBOX1 HDD key), but drive-to-console encryption? I think very unlikely.
Post by: Antioch on January 18, 2006, 03:04:00 AM
Anyways, theres always the modchip for the drive idea to fallback on...
Post by: MacDennis on January 18, 2006, 03:20:00 AM
QUOTE(PedrosPad @ Jan 18 2006, 10:33 AM)
So the 30 second test of exchanging same manufacture DVD-Rom drives between 2 X360s would appear to be all that's necessary to proof/disproof the per-box encryption theory!
Read the firmware hacking thread. This has actually been tried already and it simply does not work.
QUOTE(PedrosPad @ Jan 18 2006, 10:33 AM)
Whether it matches the stickered serial number or not, if unique on every drive, it sounds like a serial number to me.
The drive firmware contains an AES encryption routine. Which uses this 'key'. It also looks like a (256-bit) key and not like a simple serial number. The firmware also contains routines which can write to the region which contains this 'key'. These facts are also mentioned in the firmware hacking and thread and were discovered by others. The 'key' is probably written to the drive when a x360 is setup for the first time by using a setup disc or something similar. The same 'key' is probably also written to the firmware of the console kernel.
QUOTE(PedrosPad @ Jan 18 2006, 10:33 AM)
It may contribute to an X360-console unique machine/configuration hash/digest (which, in turn, may be a component of some XBOX!Live authentication procedure like the old XBOX1 HDD key), but drive-to-console encryption? I think very unlikely.
Unlikely? Well, all clues/facts seem to tell a different story ..
Post by: PedrosPad on January 18, 2006, 03:40:00 AM
Im very happy to be corrected. But I still wonder about the spare parts distribution? Ok X360 may only be repaired at M$ authorized repair shops, and they may have access to specialised/X360-unique equipment/utilities, but the administration of what would be required if your conclusions are true doesn't sound cost effective. Remember that the X360 is a comparatively low cost consumer item - there's not a lot of margin in the price for a complicated spare part control and administration system.
Just thinking of the logistics/practicalities.
Post by: MacDennis on January 18, 2006, 04:27:00 AM
QUOTE(PedrosPad @ Jan 18 2006, 11:47 AM) 
Wow! A response fomo the source (IMG:style_emoticons/default/smile.gif) Im very happy to be corrected. (IMG:style_emoticons/default/smile.gif)
QUOTE(PedrosPad @ Jan 18 2006, 11:47 AM)
But I still wonder about the spare parts distribution? Ok X360 may only be repaired at M$ authorized repair shops, and they may have access to specialised/X360-unique equipment/utilities, but the administration of what would be required if your conclusions are true doesn't sound cost effective.
Post by: PedrosPad on January 18, 2006, 04:41:00 AM
IIRC any PC DVD-Rom drive can be used (using the no-eject swap trick), which leads me to believe the data on the media is plain text.
With encryption/decryption routines built into the X360 DVD-Rom drive firmware, why print the media in plain text? (IMG:style_emoticons/default/uhh.gif)
This post has been edited by PedrosPad: Jan 18 2006, 12:44 PM
Post by: MacDennis on January 18, 2006, 05:04:00 AM
QUOTE(PedrosPad @ Jan 18 2006, 12:12 PM)
With encryption/decryption routines built into the X360 DVD-Rom drive firmware, why print the media in plain text? (IMG:style_emoticons/default/uhh.gif)
Only the communication (data transfer) between console and drive seems to be encrypted. This prevents anyone eavesdropping on the communication.
Post by: bourke on January 18, 2006, 04:54:00 AM
Surely this means we can still patch the media type flag before it gets encrypted? Or do you think there is code that hashes the drive firmware? Maybe we could patch any routine like that as well.
Cheers,
Bourkie
QUOTE(MacDennis @ Jan 18 2006, 12:35 PM)
Well, the content of a disc isn't and probably doesn't need to be encrypted. That's up to the developer. It's also not very practical. Let's say you have a 500meg encrypted data file, where are you going to store and use the decrypted version?
Only the communication (data transfer) between console and drive seems to be encrypted. This prevents anyone eavesdropping on the communication.
Post by: MacDennis on January 18, 2006, 05:51:00 AM
QUOTE(bourke @ Jan 18 2006, 01:01 PM)
Exactly, but why would they care about the communication being intercepted en-route to the console?
Surely this means we can still patch the media type flag before it gets encrypted? Or do you think there is code that hashes the drive firmware? Maybe we could patch any routine like that as well.
Cheers,
Bourkie
Why encrypt communication? Simple. Authentication seems to be based on the XBOX1. A simple but effective way to hide this fact is to encrypt the communication this time around. Security through obscurity ..
And about the hashing of the drive firmware. Some drives / manufacturers use (simple) checksums. Some use scrambling techniques. Same story as the XBOX1 drives.
This post has been edited by MacDennis: Jan 18 2006, 01:58 PM
Post by: SharkUW on January 18, 2006, 06:38:00 AM
QUOTE(MacDennis @ Jan 18 2006, 06:22 AM)
A simple but effective way to hide this fact is to encrypt the communication this time around. Security through obscurity ..
Here's to hoping they thought obscurity is actual security again
Post by: Odb718 on January 18, 2006, 06:47:00 AM
Hopefully it's not locked to each individual 360 because I know a couple peole who all ready need replacements. Im supprised no one with two 360s has tested this yet.
Post by: PedrosPad on January 18, 2006, 07:06:00 AM
QUOTE(Odb718 @ Jan 18 2006, 03:54 PM)
Sounds like good ol' fashionesd capitalism to me. I think M$ got jealous of all the eBaying of dvd drives
Hopefully it's not locked to each individual 360 because I know a couple peole who all ready need replacements. Im supprised no one with two 360s has tested this yet.
From above:
QUOTE(MacDennis @ Jan 18 2006, 12:27 PM)
This has actually been tried already and it simply does not work.
I agree with you Odb718 - with the current generation of X360 DVD-Rom drives reputedly scratching the media disks, I can foresee a lot of replacement drives being required. (The XBOX1 PSU replacement program all over again?
)
Post by: MacDennis on January 18, 2006, 07:07:00 AM
QUOTE(Odb718 @ Jan 18 2006, 02:54 PM)
Sounds like good ol' fashionesd capitalism to me. I think M$ got jealous of all the eBaying of dvd drives
Hopefully it's not locked to each individual 360 because I know a couple peole who all ready need replacements. Im supprised no one with two 360s has tested this yet.
And what I was trying to say, it seems that each drive IS actually locked to an individual console. That's why a swap does not work.
Post by: InterestedHacker on January 18, 2006, 07:36:00 AM
QUOTE(MacDennis @ Jan 18 2006, 04:14 PM)
Did you actually read my replies? A swap has already been tested and does NOT work.
And what I was trying to say, it seems that each drive IS actually locked to an individual console. That's why a swap does not work.
So you are saying that 2 identical drives, had the firmware swapped, and the machines then had the drives swapped (each 360 has the others DVD drive, but a copy of it's own original firmware), thus proving that the 16 byte code in the firmware isn't the only thing the 360 looks at to check if it's the 'locked' drive? Could it be that the 16 byte code is a duplicate of the public key used in other secure comms by the 360. (food for thought), and if this proves there is some other ID key, I wonder where it is...
I suppose differences could be found by logging initial comms between the 360 and drive on both machines, then comparing. Then there maybe clues as to where to look. EDIT: But the AES encryption is going to make this a wee bit trickier...
Post by: posiedon on January 18, 2006, 07:39:00 AM
not only did i find out about the drive i also found what the bios was for and it is relevant to the drive
the bios chip contains a random number
on the very first start up the system uses this number to generate an encryption code wich it writes to every component of the unit
it then erases the chip
from then on startup is not assisted by the bios and the data is encrypted from the moment the unit is turned on
so this encryption is used in every exposed data passage in the console to prevent us cracking the x360 like we did the original one
(by evesdroping on the startup commands)
ms originaly was leaving the chips in place and having the locking sequence run when you first start it up at home
but someone could modify the system before the first startup
so ms now starts up the system at the factory then removes the chip
this is why some units have the chip while others do not
to replace the drive a override code must be inserted in the bios chip slot
and a boot up disc must be used
the 2 of these in unison are used to start up the console without encryption in "safe mode"
this mode is usefull for changing the codes to do things like replace a dvd drive and lock it to the console
i reuqested the programmer and startup disc and they sent me a vaiver for non-disclosure of the codes on the disc and programmer
and the penalties outlined in it make me want to uphold that document
so i am NOT going to dump the contents on the internet so do not ask for them
but it only states not to release the code not the method in wich it works
so telling you all this is my way of sticking it to ms for holding a stun gun to my balls with that document
Post by: PedrosPad on January 18, 2006, 10:41:00 AM
QUOTE(posiedon @ Jan 18 2006, 04:46 PM)
the bios chip contains a random number
on the very first start up the system uses this number to generate an encryption code wich it writes to every component of the unit
it then erases the chip
from then on startup is not assisted by the bios and the data is encrypted from the moment the unit is turned on
so this encryption is used in every exposed data passage in the console to prevent us cracking the x360 like we did the original one
(by evesdroping on the startup commands)
ms originaly was leaving the chips in place and having the locking sequence run when you first start it up at home
but someone could modify the system before the first startup
so ms now starts up the system at the factory then removes the chip
Wow. That sure reads as legitimate and doesnt appears to conflict with the findings. Nice new information.
Kind'a like Windows Setup's Plug 'n' Pray hardware interrogation phase, but burns the results into Flash memory, rather then the registry.Post by: m.e on January 18, 2006, 10:59:00 AM
Post by: PS2MXBOX on January 18, 2006, 11:31:00 AM
Post by: carranzafp on January 18, 2006, 11:57:00 AM
QUOTE(greatdevourer @ Jan 18 2006, 07:55 PM)
What if you misplace the disk, and maybe someone else might pick it up, upload it, and then be kind enough to give it back to you
Not suggesting anything, of course 
I think MS cover "Unintencional Lost" on their documents but I am not sure.
It would be better to dig into the legal boundaries to get the most info about that disk and programmer that poseidon mentions.
He mention a programmer, my first question is, what kind of component it programs?
It is a Serial Eeprom (ATMEL 25020) like the mentioned near to the cpu ? (see pic)
(some 360 has it, some others not)
http://pictures.xbox...oard/eeprom.jpg
Post by: Fattysc on January 18, 2006, 11:59:00 AM
j/k
Post by: 21cwSpanky on January 18, 2006, 12:00:00 PM
Post by: MacDennis on January 18, 2006, 12:04:00 PM
QUOTE(posiedon @ Jan 18 2006, 03:46 PM)
i own a licenced repair shop and i looked into this a few weeks ago
not only did i find out about the drive i also found what the bios was for and it is relevant to the drive
the bios chip contains a random number
Can you confirm that the bios / bios chip you are talking about is the small EEprom chip as seen in this picture? Atmel 25020 EEPROM
If this is the case then your story makes a lot of sense.
Also, can you describe in general which steps you have to take if you would have to replace a broken dvd-rom drive in a x360 console?
Post by: posiedon on January 18, 2006, 12:12:00 PM
and yes that is the position of the access point next to the heatsink
i have agreemants with ms but my loyalty lies with xs
and i will give as much as those documents allow
but i regret to inform you that in the waiver it says "photographs of the contents is prohibited" wich is sad because i just got a new camera
what i can tell you is this
in the box was
-a usb keybord
-a red device (the programer)
- and 2 discs
-manual
out lined in the manual were 2 ways to use it but so far i have only used 1 of the 2 ways
the programmer is the size of a usb flashdrive and it has 8 contacts wich go on the 8 pins for the bios chip slot on the mb the other end has a male usb connector and a switch in the middle of the unit
the unit does not need bios when it starts up but that does not mean it does not look for it
the switch has 2 positions 1 and 2
position 1 is a override
position 2 is a flashable chip
when the 360 reads this chip in position 1 restarts with a black screen and a dos like kernel it asks for the "backup disc"
and then boots with a series of number selected options
wich you interface with via the usb keybord
and when you are done you remove the unit and restart
i do not know the full extent of this tool i have only used it once to swap a dvd drive
position 2 is for a laptop to write code to the programer
you can use the software to tell the programmer what to do then startup the x360 and the programer does the rest
instead of it asking for the backup disc it automaticly completes all the changes you asked for with the computer interface then restarts the x360 as normal
(but is erases the flash memory in the programmer just like if a soldered chip was there)
but i have not used the second method yet i have only used the backup disc interface not the laptop interface
i have been busy with friends, the store, my slim 360 project but i will find some time by the weekend to play with my new toy
and when it is in safe mode it does not matter if the dvd drive is locked or not it reads from it just fine
you lock it to the mb using the utilites
i took the unit apart and it has 2 chips inside one is flashable the other is read only
AND I ALREADY DID AN EXPERMIENT THE 360 DOES NOT READ THE BACKUP DISC WITHOUT THE UNIT IN SAFE MODE SO THE DISC IS USELESS WITHOUT THE PROGRAMER
that document covers everything so all you will get from me is talk
and i think i am already on thin ice for telling every that these tools exist
there is even a line to not share the non-disclosure document itself
because acording to ms these tools do not exist
and they will trace it back to me even if i have someone else upload pics or dump the contents
and the little fact of i do not have 3 million to pay in penalties and i do not want to spend in-excess of 20 years in jail over 2 discs and some code
Post by: posiedon on January 18, 2006, 12:55:00 PM
(ms started doing this on their own after the forst 2000 uunits)
and it is held in place with 2 clips that go into the holes for the "x" brace on the bottom of the heatsink
it would be a pain in the ass to have to solder it to place and remove it
and maybe some will post a dump of the read-only chip and the backup disc
because if you use a programmer you can write the code to a standard 2 mb flashrom chip then solder it to the mb
Post by: carranzafp on January 18, 2006, 01:02:00 PM
then with the override code someone can program a blank 25020 serial eeprom and ta da.... a brand new programmer... but we still need the disk... (it is the disk signed? if not call to PI or CLEAR group and...) wow my mind explodes....
Post by: posiedon on January 18, 2006, 01:05:00 PM
and the executables are not .xex or .xbe there something called .xbu
wich does not make sense to me
i suppose the bu stands for "backup
and i hate to say this but ms has this equipment so protected that i think my words are as close as you will ever get to those discs or that programmer code
also i do not know if this means anything but while in safe mode only the yellow video cable works
no sound, no component video, and no s-video
Post by: posiedon on January 18, 2006, 01:22:00 PM
and people call me "the god" of soldering because of my past work
and asking me to replicate the chip inside that thing is like replicating an x3 chip ITS DIFFICULT!
i could do it but i do not know if anyone else can only someone with my skills or better
and i know for a fact the disc is copyable
but as i said it is useless without that override codeand lets not for get the line "the contents of the parcel including this document should and will not be copied by any means including photographic, hand drawn, or physical duplication by the applicant as signed below in order to protect the security of the ......... (skip a few paragraphs) and if violated the applicant will be prosecuted to the fullest of the copyright act of ....... blah blah blah
you get the picture by now i hope
and you have to request the programmer they do not just send it to you because you have a license with them to repair consoles
i found out about it from the x360 repair manual wich also must be requested
so not a lot of repair shops know about this
i called the private repair line and asked how to rewrite the code to lock a dvd drive to a unit they sent me the waiver
i sent it back
they sent me the box with a copy of the vaiver
and i heckeled with 2 ups guys for 15 min before they were convinced i was who the package was for
(not even my driver license was enough)because ms labeled the contents as "top secret"
Post by: Psyon360 on January 18, 2006, 01:37:00 PM
QUOTE(posiedon @ Jan 18 2006, 09:29 PM)
and lets not for get the line "the contents of the parcel including this document should and will not be copied by any means including photographic, hand drawn, or physical duplication by the applicant as signed below in order to protect the security of the ......... (skip a few paragraphs) and if violated the applicant will be prosecuted to the fullest of the copyright act of ....... blah blah blah
you get the picture by now i hope
Uhm....didn't you just do exactly that by posting that sentence here?
If what you're saying is true you better be carefull...eg. its probably not the smartest thing to have your location and your birthday in your profile (if that information is actually true)
Post by: posiedon on January 18, 2006, 01:41:00 PM
it is even illegal to remove the contents from my store (ms is paranoid, but for good reason)
if the 360 is cracked that is it there is no way of undoing us cracking the security and ms is stuck for another 4 years untill xbox 3 comes out
but yes it is possible to copy it very easy
i wonder how long it will be before people start asking for the code and a dump of the disc
i should modify the code so if used it will fubar the x360
because people are too stupid to read the whole thread before pm'ing me
oh and i changed a few words so that is not the actual line from the agreement
so i am upholding that agreement
and if ms comes after me 30 min after ms sends their hit team after me that override code will be at every major modchip developer in the us
and 1 week after that everyone on this forum will have homebrew running on their x360
and i will be dead
but that is plan B and i want to stick to plan A cause everyone loves plan A dont they?
Post by: serantes on January 18, 2006, 01:57:00 PM
posedion could u tell us what these connectors are for please ?
http://www.free60.or...2-J2D1-J2D2.jpg
thanks for your great post
i think now a lot of ppl is going to buy a seccond x360 for check for the chip on it without power it before to dump it
Post by: carranzafp on January 18, 2006, 01:58:00 PM
QUOTE(posiedon @ Jan 18 2006, 09:48 PM)
and if ms comes after me 30 min after ms sends their hit team after me that override code will be at every major modchip developer in the us
and 1 week after that everyone on this forum will have homebrew running on their x360
and i will be dead
but that is plan B and i want to stick to plan A cause everyone loves plan A dont they?
It seems unlikely that the override code would allow to run homebrew or backups but who knows (if nobody will do the tests). Personally my main interest is not in running backups or homebrew, I just want to find a way to swap hardware just in case mine gets fried.
Post by: posiedon on January 18, 2006, 02:00:00 PM
but i am the only one with a grudge against ms
and i purchesed this gamestop franchise because i love games and i love modding things so i got licensed to be an authorised repair shop by sony and ms and turned my store into a game/repair shop
when you are like me you find ways to cope
and if anyone has read my complaint department i like to blow off steam
releasing the info on this programmer is my way of venting against ms
and all that is on that chip before the first atart up is a 16-bit key wich is written to all hardware on the unit that has an exposed data path and is unique to every x360
how ever this means you can alter the hardware then have the algorythem write your mods as a being stock operating hardware
this is why they start up the units at the factory then remove the chip
Post by: posiedon on January 18, 2006, 02:15:00 PM
not general knolege of the unit wich is all i am giving
believe me i read the document multiple times and had my lawyer look over it to say what i can and cannot do
and i have given all that he has said he can give
and i have a serious grudge against ms wich is why i am kind of sticking out my neck here
and the reason for my grudge pisses me off so bad that i vowed never to speak of it again and to beat any one who talks specifics of it to within an inch of their life so to say the least i am mad at ms
Post by: PedrosPad on January 18, 2006, 02:22:00 PM
QUOTE(posiedon @ Jan 18 2006, 10:12 PM)
and the executables are not .xex or .xbe there something called .xbu
wich does not make sense to me
i suppose the bu stands for "backup
wich does not make sense to me
i suppose the bu stands for "backup
Xbox Update?
QUOTE(posiedon @ Jan 18 2006, 04:46 PM)
the bios chip contains a random number
on the very first start up the system uses this number to generate an encryption code wich it writes to every component of the unit
A Globally Unique Identifier? "The GUID is a 16-byte (128-bit) number, written in hexadecimal form."
Post by: posiedon on January 18, 2006, 02:26:00 PM
QUOTE(PedrosPad @ Jan 18 2006, 04:23 PM)
Xbox Update?
i do not know what it stands for just that it is not the usual format
and since it is only the one type of file is signed i assume that this type is not signed as well
and i am waiting for ms to show up i got my shotgun my ak and my beer so i am ready
but i agree with thecheekymonkey this is serious
but worth it for me and i am still in the clear with this thread
it is just like if someone walked in on me using the device
it is going to get out sooner or later that this thing exists
i want to get up and do something but i am too fat and lazy to get up and there is a new post everytime i go to log off
and i really want to post the code but i enjoy living and i still have one last thing to do on my list of ten things i want to do before i die and that is to be beaten by my mom in a video game turnament
Post by: OpticNurv on January 18, 2006, 02:32:00 PM
Post by: vsaiyan on January 18, 2006, 02:39:00 PM
Post by: posiedon on January 18, 2006, 02:46:00 PM
and i do not want to stick my neck out any farther than it already is
and to become an authorized dealer and an authorized repair center are 2 diffrent things
i have the only repair canter on this side of the 3 rivers but there are 3 throughout the state
and there is something like 400 dealers throughour the state
and all we have of the other stores is telephone numbers
i only know the owner of the nearest store and that is 5 miles away at the local mall and i would be suprised if we have said more than a dozen words to each other
i wonder how many people would shit themselves if i posted that code
not that i would do it but how much do you think that code would fetch on ebay
(provided they do not shut down the auction)
I AM NOT GOING TO SELL IT BUT JUST FOR FUN
lets do this put a bid at the bottom of how much you would be willing to pay for it
and do not just make a post for a bid put it at the bottom of something relevant to the topic at hand
(this is a technical forum after all)
so i will start the fake bidding at 50$
Post by: vsaiyan on January 18, 2006, 02:48:00 PM
Oh yeah, fake bidding - $100
Post by: carranzafp on January 18, 2006, 02:56:00 PM
Fake bid: $1,000,000 USD hurry up before other Gamestop owner gives the information first to divineo or other site.
Post by: tenaciousdave on January 18, 2006, 03:01:00 PM
Gamestop doesn't do any repairs outside of their distribution center in Texas.
Poseidon is making up at least part of this.
Post by: carranzafp on January 18, 2006, 03:03:00 PM
QUOTE(tenaciousdave @ Jan 18 2006, 11:08 PM)
Gamestop does not have franchises.
Gamestop doesn't do any repairs outside of their distribution center in Texas.
Poseidon is making up at least part of this.
of course he is making up the things.... do you think he wants M$ visit every Gamestop on Pensilvania who have requested the programmer to catch him?
I prefer to think it is the only maked up thing here... because all the things he posted (before paranoic jokes) makes sense...
Post by: posiedon on January 18, 2006, 03:07:00 PM
but to do this someone will have to run a data recovery test on a x360 with a chip still in place to get the algorythem and take track of the start up commands for the first 30 seconds of operation
however all 6 units i have in my posession do not have a fixed chip
and i said realistic bids so the bid is still at 1,200$
i said not to post a reply just to place a fake bid
i am trying to keep this somewhat organized
for the people like myself who have a claim in this other than for flaming
the fake bid is a fun thing to do on the side to bring some comic relief
Post by: carranzafp on January 18, 2006, 03:17:00 PM
QUOTE(posiedon @ Jan 18 2006, 11:14 PM)
the encryption is only on the Eeprom chip at forst then it transfers it to a bunch of writeable portions on every major component of the unit if we can uncrypt the siganls then it may be possible to get a peer into the mind of an x360 like we did the original xbox
but to do this someone will have to run a data recovery test on a x360 with a chip still in place to get the algorythem and take track of the start up commands for the first 30 seconds of operation
Simplier than that... put the programmer (in your own words) on position "1" and read it with a common 25020 reader/programmer... and you have the patch logic configuration in your hands...
a note for "tenaciousdave" I hope this is not BS because we have a lot with the ICE fakechip and if this is BS then the X-Scene is dead....
Post by: posiedon on January 18, 2006, 03:19:00 PM
one word breadcrumbs
i am leaving everyine here a trail to follow
if followed it will lead you the cookies (a contact to aquire a programmer)
the gamestop line was my third clue as to how i got this equipment
mind you i am still bound by that non disclosure agreement it just wasnt ms that made me sign it
wich prevents me from saying how i got the device
i twist things much like those few lines from the actual agreement itself
but i will say i did not get the programer through my store and i did not steal it because i know what the omnious feel of this post will make you think
however any info i have posted on the device itself is true
it is my background info on it that is the trail i am leaving you
i cannot say anymore than that
you can believe me if you want to
but i am trying to help you and i am severely limited in what i can say
i am doing it in a way that you will figure it out in such a way that i do not have to tell you directly
i am sorry but i not being cryptic because i WANT to it is because i HAVE to
Post by: Thyatis on January 18, 2006, 03:35:00 PM
When you come back all will be ok.
Post by: posiedon on January 18, 2006, 03:35:00 PM
follow the virtual path long and WIDE
to a place where you meet the TIDE
where a mutual friend ABIDES
once there just accept his RIDE
that one was more straight-forward than the previous 6
but when you find them it will make sense
anyway i am still open for questions on the backup disc and programer
just so it does not void my non-discolsure agreement
it also states i cannot have any knolege of an attempt to remove or copy the disc or device
so it cant mysteriously dissappear and get copied
and if yu have read any of my previous replies in other threads you will know how much i am against liars
so to put it simply
it its a lie its a clue
Post by: posiedon on January 18, 2006, 03:45:00 PM
keep going and maybe you will figure it out
franchise
repair center
top secret
against ms
once you find all 6 and their relevance to each other plug that into the poem and there is the location
Post by: XBoxgeek on January 18, 2006, 03:55:00 PM
Post by: scenic rides on January 18, 2006, 04:07:00 PM
I'm thinking
franchise
repair center
top secret
against ms
follow the virtual path long and WIDE = top secret 3
to a place where you meet the TIDE = against MS 2
where a mutual friend ABIDES = franchise 1
once there just accept his RIDE =
call me stupid for speculation I just love riddles
Post by: PS2MXBOX on January 18, 2006, 04:12:00 PM
---EDIT yup pretty sure my idea is worthless haha
Post by: Beats on January 18, 2006, 04:15:00 PM
QUOTE(posiedon @ Jan 18 2006, 11:42 PM)
my last clue:
follow the virtual path long and WIDE
to a place where you meet the TIDE
Must be something to do with surfing the web - the virtual path?
Poseidon is the god of the sea (albelit spelt differently from posiedon)
QUOTE
where a mutual friend ABIDES
once there just accept his RIDE
I haven't got a clue about this bit though.
Abide could be take?
So, could it be surf the web and be taken for a ride by Posiedon?
Post by: Beats on January 18, 2006, 04:40:00 PM
QUOTE(posiedon @ Jan 18 2006, 10:22 PM)
believe me i read the document multiple times and had my lawyer look over it to say what i can and cannot do and i have given all that he has said he can give
Does your lawyer have the box? - "all that he has said he can give"
Post by: Beats on January 18, 2006, 04:49:00 PM
QUOTE(ydgmms @ Jan 19 2006, 12:49 AM)
"there is a black sedan with tinted windows in front of my house "
lie/clue ?
That is certainly a "ride"
QUOTE(posiedon @ Jan 18 2006, 09:29 PM)
i am only doing this because i want to see if someone can replicate what this equipment does without the actual code being released
and people call me "the god" of soldering because of my past work
and asking me to replicate the chip inside that thing is like replicating an x3 chip ITS DIFFICULT!
i could do it but i do not know if anyone else can only someone with my skills or better
You are telling us that you wish for this to be released.
People call you "the god"? Poseidon is a god (not you)
Your skills or better? - You are telling us that you are somehow involved? Were you an ex MS employee that has recently been sacked and now wishes to get his revenge?
This waiver that you have had to sign - could it be from when you worked for MS? MS's own "Official Secrets Act"?
Post by: antz1970 on January 18, 2006, 05:17:00 PM
follow the virtual path long and WIDE ??????? not sure what this may mean
to a place where you meet the TIDE - to me this says beach
where a mutual friend ABIDES - abide means to stay/live somewhere(well it does here in scotland
)once there just accept his RIDE - if you accept the ride from someone who stays @ the beach i would say it would be in a boat
,along with the posiedon thing , id say there was a deffo sea theme
god i feel like ted rogers on ye olde itv programme 3-2-1
^^^^ i think only old british people will understand that one lol
**edit** the info or contact is on a ferry lol
**edit** also just thought , abides could also be used in a "stick to the rules" scenario
or is this thread gonna go down like the titanic
Post by: go11um on January 18, 2006, 05:34:00 PM
Gotta say, I think posiedon is a God...(In his own mind)..!
As for the black Sedan, I think its trying to take all of us for a ride
Please don't jerk his chain any more, I think hes had enough.
How about one last clue.
Grab a shovel or spade, and slowly but surely dig yourself into a very deep hole
gollum wanders off fiddling with his ring!
Post by: Thomp on January 18, 2006, 05:35:00 PM
QUOTE(posiedon @ Jan 18 2006, 05:42 PM)
my last clue:
follow the virtual path long and WIDE
to a place where you meet the TIDE
where a mutual friend ABIDES
once there just accept his RIDE
Anybody looked at traces on the motherboard for hints?
'virtual path' - data/control bus ?
'place to meet' - connector / socket ?
'mutual friend' - chip / device / drive ?
'accept his ride' - accept unsigned content / security bypass ?
Just thoughts...
...mmm...riddles...
Post by: pez2k on January 19, 2006, 10:32:00 AM
Post by: DarkDeity on January 19, 2006, 12:07:00 PM
Xbox 360 time: set to November 15th, 2002. (when xbox 1 was released)
the xbox 360 will get tricked into thinking it is an xbox1, the GHz will start meling off the processor until it is only 733 MHz, the ram will melt down to 64mb RAM (after the xbox displays the BSOD) then your case will melt and turn into an xbox 1... from there you continue to place a modchip in it and there ya go, a modded 360
Post by: the_green_pigment on January 19, 2006, 12:25:00 PM
Post by: sebaliseb on January 19, 2006, 12:39:00 PM
QUOTE(the_green_pigment @ Jan 19 2006, 11:32 AM)
Whole thing reads like a 12 year old taking everyone for a ride. that's right, but if you lose sight of the grammar and word order, there are many detailed infos in posiedons posts. and most of them fits together so i think its to difficult for a 12 year old boy to write sth like this.
What about a 16 yo trisomical then ?
Post by: mrjiggles139 on January 19, 2006, 01:29:00 PM
Post by: PS2MXBOX on January 19, 2006, 02:18:00 PM
Post by: InterestedHacker on January 19, 2006, 03:14:00 PM
{quote from www.free60.org}
The bios chip contains a random number. on the very first start up, the system uses this number to generate an encryption code which it writes to every component of the unit, it then erases the chip. from then on startup is not assisted by the bios and the data is encrypted from the moment the unit is turned on. so this encryption is used in every exposed data passage in the console to prevent us cracking the x360 like we did the original one (by evesdroping on the startup commands).
ms originaly was leaving the chips in place and having the locking sequence run when you first start it up at home. but someone could modify the system before the first startup, so ms now starts up the system at the factory, then removes the chip. this is why some units have the chip while others do not.
to replace the drive, a override code must be inserted in the bios chip slot and a boot up disc must be used. the 2 of these in unison are used to start up the console without encryption in "safe mode". this mode is usefull for changing the codes to do things like replace a dvd drive and lock it to the console.
{/quote}
So, to sumarize, he's been using text from else where to aid his lies.
Post by: Jake on January 19, 2006, 03:45:00 PM
Feel free to prove me wrong...
Post by: kenop on January 19, 2006, 03:46:00 PM
Post by: carranzafp on January 19, 2006, 04:11:00 PM
QUOTE(Jake @ Jan 19 2006, 11:52 PM)
That information looks like it was added Jan 18 to me (after Posiedon).. look at: http://www.free60.or...l:Recentchanges (edit by Bonevichio)
Feel free to prove me wrong... ;)
You are right... damn.... 2 choices now:
a) Someone at free60 have verified the Posiedon info (at least the random number thing)
B) they are posting speculations.....
if option A is the right one I dont know why not mention to Posiedon on free60, they just talk about "random" information...
Post by: DarkDeity on January 19, 2006, 04:13:00 PM
QUOTE(Jake @ Jan 19 2006, 05:52 PM)
That information looks like it was added Jan 18 to me (after Posiedon).. look at: http://www.free60.or...l:Recentchanges (edit by Bonevichio)
Feel free to prove me wrong...
could someone just have copied what poseidon said and put it on the wiki? because they seem to have the same spelling errors and lack of capitalization.Feel free to prove me wrong...
QUOTE
to replace the drive, a override code must be inserted in the bios chip slot and a boot up disc must be used. the 2 of these in unison are used to start up the console without encryption in "safe mode". this mode is usefull for changing the codes to do things like replace a dvd drive and lock it to the console.
Post by: BlueCELL on January 19, 2006, 05:43:00 PM
Post by: rooter75 on January 19, 2006, 06:12:00 PM
QUOTE(posiedon @ Jan 18 2006, 06:06 PM)
there are 2 things you people have not found
but think about my background in intelligence
codes
secrets
contacts
protocall
you people are looking too deep as to the riddles meaning
the answer is right in front of you
the answer yeilds a location and time
i am done here so if someone figures out the riddle, excellent
if not the answer is closed like this thread
i have done all i can and no i am not drunk or high
i wish this would of unfolded in another thread
but i saw the need for knolege of the programer in the scene
so i posted, however i am sorry i had to be cryptic but we are talking about one of mocrosofts biggest secrets so i am suprised that no one foresaw the need for smoke and mirrors to hide the answer
good luck
and i hope someone figures this out and clears my name for me
otherwise ho hard feelings
When we are reading this thread what is right in front of us the internet!!
The virtual path was the internet, the 2 things that weren't found were the phone number (233-4005)mentioned previously in this thread and the following web page that was posted by pvtschlag http://www.carautode...jani--amyn.html
this was the location. I was at this website about 20 min ago and a link showed up labeled "the secret is out" so I clicked on it and it took me to a page that asked for my mailing adress I filled it out and then hit submit and it said the programer and disc would by mailed to the given address.... then I started smelling something really horrid and I realized it was all the bs that this thread has generated and then I woke up in a cold sweat and realized I too had been suckered into believing!
So I thought I would post my little dream now that I am back to reality.
Post by: BlueCELL on January 19, 2006, 06:17:00 PM
QUOTE(rooter75 @ Jan 20 2006, 02:19 AM)
Wait!!! I figured it out.
When we are reading this thread what is right in front of us the internet!!
The virtual path was the internet, the 2 things that weren't found were the phone number (233-4005)mentioned previously in this thread and the following web page that was posted by pvtschlag http://www.carautode...jani--amyn.html
this was the location. I was at this website about 20 min ago and a link showed up labeled "the secret is out" so I clicked on it and it took me to a page that asked for my mailing adress I filled it out and then hit submit and it said the programer and disc would by mailed to the given address.... then I started smelling something really horrid and I realized it was all the bs that this thread has generated and then I woke up in a cold sweat and realized I too had been suckered into believing!
So I thought I would post my little dream now that I am back to reality.
GENIUS!....
Post by: PS2MXBOX on January 19, 2006, 10:15:00 PM
QUOTE(Zenofex @ Jan 20 2006, 03:42 AM)
r u serious? thats freakin awsome, congratulations, but what was the special time?
did you even read his whole message. he says it was bullshit. there is not special time. poseidon is a loser
Post by: MacDennis on January 20, 2006, 01:35:00 AM
Post by: Xombe on January 20, 2006, 02:54:00 AM
Post by: InterestedHacker on January 20, 2006, 03:16:00 AM
Still, I don't think it's rocket science to come up with a story like that. It seemed logical to me that once we discovered there was encryption on the buses, and the fact that part of the HDD is keyed to the unique ID, it's completely logical to say that there is at least 1 unique ID used for 'locking' devices to the 360, which is logically going to happen just after the virgin hardware has been filled with the latest kernel and its unique ID after manufacturing. From that point only 'special tools' will allow the encryption to be switched off. The sorts of tools required will exist, but what you need to look at is the fact they existed also for the original XBOX, and how many of them leaked out? I don't think MS let anyone except themselves have controlled access to these kind of support tools / systems. And they aren't going to leak out.
Does anyone remember the equivelant tools leaking from MS for the original XBOX? I mean, to diagnose / reflash the TSOP / unlock / lock HDD etc?
Post by: rooter75 on January 20, 2006, 09:38:00 AM
QUOTE(mark3121 @ Jan 20 2006, 04:28 AM)
i am now dumber for reading this thread......
I think that goes for all of US. I love the scene
but it is hard to have so much crap lately bog it down.
Post by: sn4k13s on January 20, 2006, 11:12:00 AM
Post by: MacDennis on January 20, 2006, 06:24:00 PM
QUOTE(carranzafp @ Jan 20 2006, 05:50 PM)
Can somebody post information about how the dumps of drive firmware were done? because I want to get the correct hardware just in case I need to read that 16 bytes.
By removing them and using a flash programmer to read them.
Good luck, many of the PLCC flash chips are covered in epoxy ..
Post by: MacDennis on January 26, 2006, 04:15:00 AM
QUOTE(carranzafp @ Jan 21 2006, 02:53 AM)
Could you point me to some device (web page, etc) capable of read that PLCC flash chips, because mine just reads serial eeproms.
Thanks
Post by: Hazard-tb3 on February 03, 2006, 04:42:00 AM
mainly for use in repair shops and such
maybe the riddle points to a location and time that you set on you 360 and it allows it to run unsigned code or some type of boot disk?
can some one see if xboxes where actually sold in everyone of those locations in the settings menu?
like setting it to pakistan at 12:00 would give you 60 sec to pop in that boot disk?
just a thought
i dont think he is completly lying
if i had what he claims i would not just randomly leak it online.... i would want the credit for it but not to where m$ would be able to take legal action
hes trying to find a way to leak without breaching to contract
Post by: PS2MXBOX on February 03, 2006, 08:40:00 AM
Post by: SniperKilla on February 03, 2006, 10:06:00 AM
Post by: spinr34 on February 03, 2006, 01:04:00 PM
Post by: posiedon on February 03, 2006, 03:17:00 PM
but my sn dj on msn is the first and middle initals of my primary alias
the name is David Joseph ********
although most of my friends just call me "D"
i go out a lot and meet with various contacts
and somebody started saying to other people "hes out fishing" because i was out fishing for info
and from that i got my nickname Poseidon since he is the god of the sea and i am the god of fishing for info
(the reason the "E" and the "I" is switched was an inside joke and i do not want to explain it right now)
i also have a nickname that came grom this as well "posse"
Post by: Hazard-tb3 on February 03, 2006, 04:27:00 PM
just to tease?
you could have someone make a homebrew prog for you then run the unsigned code using your methods
then take pics of the 360 running the homebrew (which is in no way a breach of the contract)because it is your own software not the boot disk
Post by: GeToChKn on February 03, 2006, 08:49:00 PM
Post by: LordX on February 04, 2006, 05:10:00 PM
QUOTE(MacDennis @ Jan 21 2006, 03:31 AM)
By removing them and using a flash programmer to read them.
Good luck, many of the PLCC flash chips are covered in epoxy ..
not out any tools for a PC ? if I connect the DVDROM to PC
Post by: Hazard-tb3 on February 06, 2006, 01:18:00 AM
Bunnie is that you?
then again if it was i think it wise to not say.
Post by: mrjiggles139 on February 06, 2006, 10:54:00 PM
posiedon gave some info, then decided hed play some games and turn it into a riddle. it got carried away. now it just sounds rediculous and completely unbelievable. and the mere fact he didnt just release the "tools" that he has makes him look even moreso like a liar. until these "tools" come out (if they even exist...hence the quotes....), or someone else can give confirmation of the existence of them, this information means absolutely nothing. old news.
and note to posiedon. itd be wise not to post anything else in this thread. each post you add keeps adding to your discredibility. why dont you take a look back at your own posts and see the obvious inconsistencies?just let this thread die off..