Topic: Media Check (Read 331 times)

InterestedHacker · « **on:** December 15, 2005, 04:32:00 AM »

Does anyone know what the media check actually is? What specifically does it look for? And, what was the original media check on the first XBOX?

The reason I ask this... These ISOs that have been ripped, they contain the signatures, so if they were written to a DVD-R surely they would work, IF it passed the media check. Obviously the disc would need to be written in pretty much the same way it was read, so for joe bloggs, that isn't going to happen any time soon, but I am curious about the nature of the media check.

lordvader129 · « **Reply #1 on:** December 15, 2005, 08:07:00 AM »

its a bit in the xex that basicaly looks at the media code of the disc its being run from, this cannot be changed for recordable dvds (at least not for retail dvd-rs, i guess you could manufacture your own with a false media code, i might be wrong though)

its not like bitsetting that you can change on some burners, its set on the disc when its manufactured, not when its burned

kday · « **Reply #2 on:** December 15, 2005, 02:10:00 PM »

Depending on how the media is signed, it is possible to play backups on an unmodded XBOX 1. While it has never been possible to play retail backups on an unmodded XBOX, people have made backups of demo disks in the past using DVD+R media. With some DVD burners, you can change the BookType (within bitsetting) to DVD-ROM instead of DVD+R.

On retail disks, there is always a media code. You cannot change the media code on recordable DVD's as lordvader said.

lordvader129 · « **Reply #3 on:** December 15, 2005, 08:16:00 PM »

QUOTE(Tiros @ Dec 15 2005, 02:20 PM)

Since this check was not present in earlier software, I guess this is not the real reason why backups don't play directly.
So exactly why don't (X1) backup disks play directly?

media checks have always been present, MS added another, second, media check to games made after feb 2003

crosseye · « **Reply #4 on:** December 18, 2005, 09:54:00 AM »

the media checks and the signature are the security. The media check says the game can ONLY be run from whatever media specified. Unless you've got a DVD pressing facility with real DVD9s, the media check will fail when you try to back up a game. So you say to yourself, we're smart people, why don't we just remove the media check from the code. Alas, that's where the signature comes in. If you try to mess with the media check you invalidate the signature causing you to fail.

lordvader129 · « **Reply #5 on:** December 18, 2005, 10:46:00 AM »

QUOTE(Tiros @ Dec 18 2005, 11:21 AM)

Understood.
So the media check code is in the XBE?
How exactly does the XBE determine it's media type? A bios call, I guess, since you don't need to patch early (pre 2/03) games at all to avoid media check.

the xbe queries the disc type, if its not what the check is set it its kicks you back to the dashboard

early games do require patching, but early bios also autopatched them, if you look at this chart youll see only the 2 very oldest bios (enigma beta and extender v1.0) did not have the no patch hack v1

QUOTE

So can someone explain why a patch to the DVD firmware regarding media check, wont produce the same result? Seems like I should be able to flash my XDVD and play backups.

im not sure the firmware would be able to report an incorrect media typ (i could be wrong) someone with more experience with firmware should be able to answer

QUOTE

I don't think this can work. I think it MAY have more to do with the physical layout of the disk and the "security placeholders", and a stock burner being unable to produce the correct layout.

we know this is not the case for xbox1, since backups of a very select number of xbes can run on an unmodded system (xbox Live arcade, and i think a few demos from dvd movies) this is because they have no media check at all (or the check is set to all dvd, including dvd-r)

lordvader129 · « **Reply #6 on:** December 18, 2005, 12:18:00 PM »

QUOTE

Are you saying that If I could munge the firmware on the XDVD to report different media, I could play backups? Cause I could probly do that, but I wouldn't waste the effort if there is more to it, and I think there is.

theres probably more to it, liek i said someone with more firmware experience shoudl answer this question

QUOTE(Tiros @ Dec 18 2005, 12:45 PM)

I wonder if they were laid out using the "security placeholder" tool from MS.
According to the patent, if you were to rip out all the files and lay them out "willy nilly" on the discs, the placeholders will not be where they are expected, and the security mechanism will fail. If this is not responsible for backups not working, why do they have these placeholders/patented in the first place.

In all this time no one is really talking about these placeholders, and still no one is.

its possible they patented the idea but never implemented it

if the placeholder checks were xbe based we would need more patching than just media checks to get the backups to run (perhaps this IS what security placeholders refer to?)

if it was kernel based, then backups of xbox Live arcade shouldnt run on an unmodded xbox (but they do)

lordvader129 · « **Reply #7 on:** December 18, 2005, 11:29:00 PM »

QUOTE(Deathman @ Dec 18 2005, 07:07 PM)

if i recall the media id is reported by the firmware of the dvd drive, i may be wrong but when ppl were hacking the firmware of the pioneer dvd recorders to play non authorised dvd-r's they got it so that discs that werent in the media list reported a different media id so they would write at higher speeds. wonder if this would also apply to the xdvd?

well if the firmware alone reports media types then theoretically a hacked firmware should allow you to play signed backups

InterestedHacker · « **Reply #8 on:** December 19, 2005, 01:51:00 AM »

QUOTE(lordvader129 @ Dec 19 2005, 08:36 AM)

well if the firmware alone reports media types then theoretically a hacked firmware should allow you to play signed backups

Thanks for all the info on this, I have been doing some research and the firmware does indeed extract this information from the disc. This means, if someone can modify the firmware to always show official pressed DVDs then copies should work. Not a great start but it's a start! There is the possibility that M$ put some more protection to physicallly protect the disc, but I doubt it. Maybe they checksum the firmware to make sure it's not been modified?

lordvader129 · « **Reply #9 on:** December 19, 2005, 08:46:00 AM »

QUOTE

Maybe they checksum the firmware to make sure it's not been modified?

well thats pretty much a given, you could hope its a simple hash check like they did on the bios for xbox1 (easy to fake) but i doubt it will be that easy

InterestedHacker · « **Reply #10 on:** December 19, 2005, 10:56:00 AM »

QUOTE(lordvader129 @ Dec 19 2005, 05:53 PM)

well thats pretty much a given, you could hope its a simple hash check like they did on the bios for xbox1 (easy to fake) but i doubt it will be that easy

I suppose it depends on how the checksum is read? What I mean is, does the firmware produce it's own checksum, or does the kernel somehow checksum the ROM image itself, or delegate the task? If there is a command thats passed to the firmware that says 'gimme your checksum', then that's p1ss easy to bypass, but if the kernel takes a snapshot of the ROM and does it's own hash / checksum then we're screwed >.<

I suppose we need to wait for these guys that are reverse engineering the rom atm. I would have a crack myself, except... I have no 360, I have no knowledge of 8051 ASM, and I am crap when it comes to anything encrypted past XOR level encryption

daKlone · « **Reply #11 on:** December 21, 2005, 10:21:00 AM »

QUOTE(Tiros @ Dec 19 2005, 08:28 PM)

Since you can't even swap the drives with another unit, they must be "married" in some way. Probly the serial number (or hash related to it) is included in all the other juicy stuff they "hide" on the main board.

For instance (only speculation):
1:Get HD Ser#, Get DVD Ser#, Get this MB Ser# etc...
2:Compute key based on this info.
3:Burn key into protected memory.
4:Encrypt flash image with this key, and flash main rom.

Now you can't change any hardware.

I seriously doubt that the DVD's and HD's are messed with by MS. As long as there are a few bits different in each device, a unique per box key can be generated. Further, the firmware is probably NOT encrypted since there is not enough resources/ram in the dvd MPU to decrypt it's own code "on the fly".

Next logical step is to dump another DVD FW and compare, or better yet swap bios in drives and see if they can then be switched across systems.

But if your speculation is correct, there would have to be a way to "marry" another DVD drive at a later date, otherwise how would you handle broken drives?

lordvader129 · « **Reply #12 on:** December 21, 2005, 10:40:00 AM »

QUOTE(daKlone @ Dec 21 2005, 11:28 AM)

But if your speculation is correct, there would have to be a way to "marry" another DVD drive at a later date, otherwise how would you handle broken drives?

probably locked in a similar manner to xbox1 HDs, once we figure out how to lock/unlock them ourselves we should be able to swap them around with no problems

Author Topic: Media Check (Read 331 times)