Date: Saturday, March 18 @ 14:37:40 UTC Topic: Homebrew
As you know TheSpecialist and his team were working on a modified firmware for the Xbox 360. He already managed to make one for the original Xbox a while ago, and he announced this method was highly likely possible with the Xbox 360 too. From TheSpecialist on xboxhacker.net:
Months of hard work have come to an end. The 360 FW security details were posted a few days ago already, so why not make it official :-) It's been done.
Respect to all the people on this board who made it possible with their brilliant contributions:
Anita999, Geremia, Nayr, Bluecop, Interestedhacker, MacDennis, Phantasm, Marvin, Tiros, SpenzerX, Team Modfreakz, Fuzzylogic, Takires, loser, jasper, SMO, Groepaz, Zobyone, Jumba, Amadeus, Tser, DjHuevo, oz_paulb, DaveX, darkfly, evestu, Robinsod, Dark_Neo, Gael360, Seventhson, probutus.
Months of hard work have come to an end. The 360 FW security details were posted a few days ago already, so why not make it official It's been done.
Respect to all the people on this board who made it possible with their brilliant contributions:
Anita999, Geremia, Nayr, Bluecop, Interestedhacker, MacDennis, Phantasm, Marvin, Tiros, SpenzerX, Team Modfreakz, Fuzzylogic, Takires, loser, jasper, SMO, Groepaz, Zobyone, Jumba, Amadeus, Tser, DjHuevo, oz_paulb, DaveX, darkfly, evestu, Robinsod, Dark_Neo, Gael360, Seventhson, probutus.
Just for fun, here's a little video: http://rapidshare.de/files/15810304/360hack.mpg.html. And no, the team decided not to release a hacked FW. The security details are proof itself. The team advocates hacking, not piracy.
And no, the team decided not to release a hacked FW. The security details are proof itself. The team advocates hacking, not piracy.
[/QUOTE]
What is this? A bit more info...
The hack is a modified firmware of the Xbox 360 Hitachi-LG GDR-3120L DVD-ROM drive (the security in the Toshiba/Samsung TS-H943 is said to be similar, so it's probably also possible with this drive ... but it does require it's own hacked firmware of course).
As you (should) know, all Xbox 360 executables (XEX files) are signed by Microsoft (with a private key only MS has). This means that if you try to change anything to the XEX file, the signature will be wrong and the file will not boot.
Now ... to protect from booting an exact copy of a game from a DVD-R or other recordable media, microsoft gave each XEX file a 'mediaflag'. This mediaflag tells the Xbox 360 from which media (cd-r, dvd-r, dvd+r, dvd-rw, hdd, dvdxbox, dvdxbox360, ...) the XEX is allowed to boot. Changing this mediaflag in the XEX header is not an option as it'll break the signature of the file (see above), so ... what's done in this firmware hack is 'break' the detection of the disc.
Retail games usually get a mediaflag where they only allow 'dvdxbox360' (Xbox 360 discs - different than a normal DVD because it has some specific bad sectors and special info in lead-in/out that can't be written with a standard dvd burner). The modified firmware will trick the DVD drive into reporting a DVD-R (or other) as a DVDXBOX360 to the Xbox 360.
How can you do this?
Well, right now you can't. The firmware has not been released to the public because it would mostly be used for piracy and that's not what this team wants. But the research done by these guys is public as you can read their discussions of the last few months on the xboxhacker.net, so people with good assembly experience should be able to duplicate this hack.
If the firmware was released, what would it mean?
Right now the Xbox 360 DVD firmware can't be flashed via PC, because there's no software to do this. Of course, drivers and flashing software for Xbox360 DVD drives could probably be written (and some people have been working on this), but so far this has not been done (atleast not publicly).
So, that means you'd have to open your Xbox 360, open your DVD drive and desolder the flash where the firmware is stored.
Each Xbox 360 DVD drive has a unique key, if that key is wrong your DVD drive will not work.
So next you will need to read your current firmware (flash) with a special machine, to find your unique DVD 16 byte key (stored at 0x4F00). Then you'll have to insert this key in the modified firmware (or patch your original firmware) and program this modified firmware back on the firmware flash. Put the firmware chip in the drive, close DVD drive and Xbox 360 and I guess you're done.
As said above the hack would allow you to run MS-signed and unmodified XEX files only, so that also means the game must be of right region (as changing the mediaflag in XEX would break the signature). Unsigned, homebrew executables would of course not work, again because signature check would fail.
(This news post will be updated often with more info/details, so keep checking if you're interested)