Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Xbox 360 Backup Discs Bootable 287

Posted by Zonk
from the new-milestone dept.
An anonymous reader writes "The firmware of the Xbox 360 DVD drive has been hacked, allowing users to boot backups of games on the new Microsoft console. A group of hackers on the xboxhacker.net forum managed to trick the DVD firmware into reporting a recordable disc as an original Xbox 360 disc. This means that it will not allow booting of unsigned homebrew code (like Linux), as the signature check is not bypassed. This hack will just trick the Xbox 360 into thinking you inserted an original Xbox 360 disc, so it'll only boot unedited executables. A video has been released, the hack has not been released to the public (because it will be mainly used for piracy), but all the research of the last few months is publicly viewable."
This discussion has been archived. No new comments can be posted.

Xbox 360 Backup Discs Bootable

Comments Filter:
  • by Quick Sick Nick (822060) on Saturday March 18, 2006 @02:35PM (#14948876)
    yeah, and I read playboy for the articles.
  • by Brit_in_the_USA (936704) on Saturday March 18, 2006 @02:37PM (#14948882)
    how long until a game is released that checksums the DVD firmware and "updates it" to soemthing more secure?

    ( + reporting to MS Live if you have a hacked verison and cancelling your account? ala Blizzard?)
  • better video (Score:5, Informative)

    by Quick Sick Nick (822060) on Saturday March 18, 2006 @02:42PM (#14948900)
    If you don't want to wait 30 seconds to download the video, stream it here:

    http://www.youtube.com/watch?v=XyZQ4k7Bi-8 [youtube.com]
    • Dumb question: has anyone actually replicated this result? All I've seen is something which could just as easily be a recorded DVD movie...
      • Re:better video (Score:3, Insightful)

        by mzwaterski (802371)
        I thought of another way to fake this. Just use the rear inputs on the television hooked up to another xbox 360 with the real game in it. That'd be much easier than making a fake video.
  • by Animats (122034) on Saturday March 18, 2006 @02:50PM (#14948929) Homepage
    This is the "piracy" hack. A way to cleanly boot non-Microsoft content would be more useful. Microsoft probably couldn't do much about that legally; if you own the unit, you have no obligation to play only approved content.
    • "if you own the unit, you have no obligation to play only approved content"
      Yes, but if you try to trick (and it is the only way) the DRM that prevents non-original content from loading you're violating the DCMA.
    • by Gadzinka (256729) <rrw@hell.pl> on Saturday March 18, 2006 @03:44PM (#14949117) Journal
      Yeah, but booting non-MS code is much more difficult than booting copied discs. All you need to boot copies of retail games is DVD-ROM telling xbox, that it's xbox360dvd in the drive.

      In order to run unsigned binaries you have to crack several levels of protection, some of them embedded into the processor itself. And these are not your garden variety propriety measures hackable in an hour by sophomore CS student.

      So, you still can't run XBMC (NG) on Xbox360, but you can play all the pirated games you want. Weird, isn't it?

      I own original Xbox modified with DuoX modchip. Of course I have several pirated games installed on my (upgraded) HD. I would have bought some games I love (like burnout 3, 4), if it weren't for extremely stupid, suicidal policy of MS to ship Xbox with defective DVD drives that don't read DVD-R etc disks[1].

      So, for me it's funny... MS is doing anything it can to make Xbox 360 unatractive to me and to prevent me from ever buying legal copies of games for either its old or new system... ;)

      Robert

      PS If you want to condemn me as unwashed pirate, bugger off. I have a DVD collection bought legally, exceeding 300 DVD-s. Give me fair deal and I'll make your toilet solid gold. But if you want me to bend over for marginal gain, you must have been smoking something very strong all of your life.

      [1] You see, me and my wife are compulsive sci-fi/crime series watchers. Unlike me, my wife can't really comprehend them in English, so whenever I buy dvd set I process it to add Polish translation. But -- in order to play those remastered DVDs -- I had to change the Xbox DVD drive to PC DVD drive, to read DVD-R. And PC DVD drive won't read original xboxdvd discs...
      • Admittedly, it's also the reason I have an Xbox in the first place; a friend of mine had to scrap his when the DVD-ROM drive just up and started not reading discs with the kind of reliability you need to actually, well, play them. So I have an Xbox, hacked it, but the way to play games is to copy them over my LAN onto the HDD, or sometimes one can convince the disc drive to copy a game to the hard drive, but it's impossible to actually play legit games legitimately.

        What I've done instead is turn it into
        • So basically, because MS used rather defective DVD-ROM drives[...]

          You see, the "defectiveness" of DVD drives is just a product of MS's DRM. They deliberately decided, that Xbox DVD can't play DVD-R/+R etc. Not just DVD media ID, but really DVD recorded discs. So they ordered drives that would have their laser IC calibrated in such a way, that it would not be able to properly play home recorder DVDs. But the side effect of this is that such DVD drive quite rapidly stops reading even "legitimate" xbox dvd dis
    • In order to run arbitrary code, two things are needed:
      - The Xbox needs to boot from DVD recordable discs. (this news means that's been done)
      - The encryption that checks whether or not the executable code is "signed" needs to be overcome. (yet to be done)

      So, this is important. The next part is probably harder, though.
      • You don't need this hack to run arbitrary code, only the signature hack. In fact, if there were a signature hack, you wouldn't need this, as you could change the flag telling the XBox what media the executable should be run off, and then recompute the signature, or perhaps find a collision.

        For arbitrary code, you compute the signature for whatever you want - media flag and all.
      • In order to run arbitrary code, two things are needed:
        - The Xbox needs to boot from DVD recordable discs. (this news means that's been done)
        - The encryption that checks whether or not the executable code is "signed" needs to be overcome. (yet to be done)


        On the Xbox the security system was broken by taking advantage of buffer overflows and similar errors in the save/load game functions and font renderers, etc. This can be done using an unmodified DVD with a correct signature.

        I bet something similar will be
  • drm sucks (Score:5, Insightful)

    by MikeFM (12491) on Saturday March 18, 2006 @02:51PM (#14948931) Homepage Journal
    DRM is a stupid idea. It never stops hackers but it stops the average consumer from having the full use of the device they've legally bought. Making backups should be a fully protected right. Not a limited number of backup copies - as many as I happen to want to make. If I make a backup and then run it over with my car it shouldn't matter because my original is in a safe location and I can just make a new backup.

    Of course 'backup' for the copy you're using isn't a very good term.
    • Re:drm sucks (Score:5, Insightful)

      by GlassHeart (579618) on Saturday March 18, 2006 @04:05PM (#14949207) Journal
      DRM is a stupid idea. It never stops hackers but it stops the average consumer from having the full use of the device they've legally bought.

      I don't like DRM either, but one fallacy among opponents is the distinction between "average consumers" and "pirates". The problem is that average consumers can easily become pirates if various conditions are ripe: the original seems expensive, copying is easy, nobody is ever punished, etc. There are entire countries of "average consumers" who almost never buy original software or music.

      • The problem being that companies are using DRM to make up for overpriced shitty products. With a decent product and decent pricing people will buy the software. As it is the average consumer is quickly learning to find free, already cracked, copies anyhow. Either they are smart enough to find it online or they just find a friend that is. Most people I know that defend commercial software are either people trying to make a living from that software or a consumer that is getting it all for free anyway. The pe
      • The problem is that average consumers can easily become pirates if various conditions are ripe: the original seems expensive, copying is easy, nobody is ever punished, etc. There are entire countries of "average consumers" who almost never buy original software or music.

        The problem is that average consumers can easily become pirates if various conditions are ripe: the original seems expensive, copying is easy, nobody is ever punished, they are dirt poor, etc. There are entire countries of "average consum

      • Maybe. But the fact remains: DRM causes lots of unpleasantness for the honest buyers, while having no effect whatsoever on the people who download from thepiratebay.

        Problem: digital copies are equally "good" as the original.

        Industry solution(drm): Make it so that today a copy is actually *superior* to the original.

        What is superior ?

        An original, say Bertine Zetlits-CD, that is not valid CD-audio, won't play in your car, won't play in your DVD-player, won't play in your computer, won't transfer cleanl

  • Nice timing! (Score:3, Informative)

    by PhoenixOne (674466) on Saturday March 18, 2006 @02:53PM (#14948938)
    Next week at the GDC we can ask the Microsoft rep all sorts of awkward questions. :)

  • by dwalsh (87765) on Saturday March 18, 2006 @02:53PM (#14948940)
    the hack has not been released to the public (because it will be mainly used for piracy)
    It is sad to see so much cynicism in the world :-)
  • by ryants (310088) on Saturday March 18, 2006 @02:54PM (#14948947)
    Frankly I'm surprised it took this long, given that the Xbox 360 will boot burned CDs/DVDs for backwards compatibility updates [xbox.com].

    I always thought that was a pretty good area of attack right there.

    • by cnettel (836611) on Saturday March 18, 2006 @03:42PM (#14949110)
      Well, it doesn't help that much, as it's the signature that determines how a valid image may be started (and no commercial game will say "burned booting OK"). Now, all software written by MS really "sees" the disc as a real DVD, completely independent of whether booting from burned DVDs is supported or not. The only way to block this would be to block flashing DVD firmware (wise) or blocking reading burned discs in hardware. The latter would of course make it less usable for playing CDs or video in more or less legitimate ways that MS still wants to support.
      • Even if the DVD firmware is/was unflashable you can always remove/disable it and add your own. XBox 1.6s don't have flashable TSOPs but their are plenty of modchips to override their firmware.

        Also, I doubt that the XBox compatability CDs are actually booted. I'd bet that the 360 checks for that type of disk the same way it checks for DVDs and launches the software from the HD, and even then I'm sure the data has to be signed.
  • Really, this could impact the future of PS3 much more than the delay or Blue Ray/HD DVD madness.
  • Citations (Score:4, Interesting)

    by OpenSourced (323149) on Saturday March 18, 2006 @03:11PM (#14949017) Journal
    From the post:
    the hack has not been released to the public

    From Jane Austen's "Emma":
    'It's to be a secret, I conclude,' said he. These matters are always a secret, till it is found out that everybody knows them. Only let me be told when I may speak out.'"
  • One small step (Score:3, Interesting)

    by Enselic (933809) on Saturday March 18, 2006 @03:20PM (#14949040) Homepage

    I remember hackers speaking of how easy hacking the Xbox 360 will be, that it will only take hours once it is released.

    Now, 4 months after the release, they manage to hack a disc. Microsoft sure has given them a challenge this time.

    • Re:One small step (Score:5, Insightful)

      by Anonymous Coward on Saturday March 18, 2006 @05:31PM (#14949601)
      to hack a disc? this is the entire disc authentication system completely reverse engineered with little or no understanding of the inner working of the 360 kernel. this is a complete sidestepping of what was probably 3 years of complete tightening of all of the 360s internal communication, integrity checking and copy protection. no one made any claims about it taking a day, and when a loose community does this in 4 months it IS god damned impressive since it is more than most people on this board could do in a fucking lifetime.
    • I remember hackers speaking of how easy hacking the Xbox 360 will be, that it will only take hours once it is released.

      No true hacker ever claimed that. Plenty of clueless idiots did, though.
    • Didn't you hear? Hours after the hacker finally got his pre-order it was hacked! It just took a while to actually get the unit.
  • I'm guessing the good researchers figured if they publicly took the credit AND released the code, they'll be in the crosshairs of (MS||HomelandSec:-s||Feds||++) in a minute. If its not already illegal (isnt it?) , it'll probably soon be.
    So they figure they wont release the code.
    They say, hey its possible.
    They say, hey this is the exact result.
    They say, hey this is how we've been going abt it these past few months.
    They say, sorry folks, y'know we'd love to spread the good hack around, but y'know
    piracy's pira
  • LOL (Score:4, Interesting)

    by bogie (31020) on Saturday March 18, 2006 @03:33PM (#14949081) Journal
    "the hack has not been released to the public (because it will be mainly used for piracy)"

    Then why did they bother? Testing XP or linux to see if its security is working is one thing. That has real world consequences. Testing it is a noble cause IMHO. Hacking the firmware of a gaming system make get done to "boot linux" but we all know the real world implication here. I don't frown on this morally one bit but let's not kid ourselves here. Information may want to be free, but people want free games even more.
    • Re:LOL (Score:3, Insightful)

      by BillyBlaze (746775)
      Even towards the more noble goal of running homebrew software on the XBox360, this hack is useful. Since it is designed to run only signed code, the obvious vector of attack is to make the signed code do something bad. One way to do this is to give the signed code malicious input, which is much easier to do now, because any unsigned content on the DVD can now be changed. (Of course, maybe the whole DVD is signed, I don't know.)
    • Well, theoretically it would be nice to have backups of your $100 games(that's what they cost here folks). Optical media is a bit tempermental and most people's living rooms(where they keep their xbox) aren't exactly low on abuse for discs.
  • I was wondering why somebody didn't try this before. It would allow you to play copied games on xbox live without getting banned as well since the main xbox firmware hasn't been tampered with, nor has any other hardware been modified in any way.

    I suppose microsoft could detect this on live by scanning the dvd drives firmware, but the data contained on the firmware itself could easily be spoofed. The other software on the xbox has to relie on whatever the firmware itself says it has. Somebody could just ad

    • If they were elaborate, they would ask the firmware to pump every single bit back out of it. It would be quite a feat to compress it enough to fit in the code to give a fake image of itself, not just a fake version number, and do the real hack. Especially if MS decides to release an update where any non-used zero bytes are replaced by uncompressable noise.
      • Just check while accounting for the diff's. I haven't RTFA, but I would imagine that the actual amount of changed code in the ROM is relatively small. I doubt that one would need twice the capacity to be able to report back correct false data. Now, uncompressible noise would be a problem...
  • by nurb432 (527695) on Saturday March 18, 2006 @04:01PM (#14949186) Homepage Journal
    Phfft. What garbage. If you arent going to release, it why even bother telling anyone? Its not like your work can be replicated ( proved ) and it makes you look like you are just making it up.

    " i found out the secret of area 51, but since it might be used improperly , ill just not tell you the details ".. its about as valid as he story subject.

    And as a disclaimer, im not a gamer.
  • I think it would have been safer to use a nonstandard DVD drive which rejects burnt DVDs right away. It is trickier to hack a drive's firmware I believe. Extra security measures would have to ensure the drive is not swapped out against a standard drive.
  • No big surprise (Score:3, Insightful)

    by Myria (562655) on Saturday March 18, 2006 @06:17PM (#14949812)
    If you look at the design of the 360's security system, you will see that they have taken *extreme* measures to protect against running unauthorized software, but very little protection against piracy. The anti-piracy system is more or less the same as it was on Xbox 1.

    It's very obvious that Microsoft cares much more about blocking Linux and Xbox Media Player than it does about piracy. They have their priorities way out of whack.

    Melissa
    • Nah, they have their priorities right in order.

      Piracy? Who cares? They don't sell many of the games!

      Rather fast game console turned general purpose parralel computer for $400? Not good.
    • Well, being able to run unauthorized code would mean that the "rip your Xbox 360 game to the hard drive" apps would be just around the corner.

      I think thats what MS is really worried about. Copying DVDs is still kind of a process, and not THAT many people have DVD burners. But if you can rip any game you rent to the hard drive (as you can on the Xbox), then you open up the doors for "casual" piracy.

      Hell, softmodding your Xbox is so pitifully easy that you'd be nuts to *not* do it. MS doesn't want that situat
  • A video with annoying music doesn't give me much confidence that this is real. However, I've thought from the beginning that the DVD firmware was the 360's greatest weakness, although I didn't know if it had to be signed or something.
  • RtFA... (Score:5, Insightful)

    by Faeton (522316) on Saturday March 18, 2006 @06:54PM (#14949996) Homepage Journal
    Please read the article!

    This isn't just a "Oh, I'll put this firmware on a disk and load it up and Bam!, insta-pirate!". This is a firmware for the DVD-ROM, which you first have to A) physically open up the XBox360 B) Then remove the DVD-ROM C) then desolder the firmware chip D) then read the firmware and figure out where to edit, because each DVD-ROM has a unique ID tag E) then you have to reprogram the chip using specialized equipment F) reinstall the chip and hope you didn't ruin a $400+ machine G) get a good copy of a game and hopefully it'll work.

    Currently, this is *far* harder than the average modchip. Since each chip has to be custom-programmed, this isn't an easy hack, even if you did have the hacked firmware available.

    Still, hopefully this is a taste of things to come. The 360 has been only out for 4 months, and this is much better progress than with the original XBox.

    • Usually its always replacing a chip somewhere to allow this to happen. The cool thing here is that drive firmware can be rewritten. Once someone figures out how to run unsigned code, you'll see an ISO that will update your drives firmware without needing to put a hacked firmware chip in making it even less painful.

      Either way, 360 devs are shitting themselves right about now. When this happened with the Dreamcast, developer support disappeared and went to the PS2.

      I have a feeling a lot of current XBox360 pro

  • "We've hacked MS's copy-protection"
    "we've given a rough idea about how we did it"
    "We're not going to release the details for fear of piracy"

    Guess who's waiting for a fat MS cheque for 'security consultancy' in the post over the next couple of days.

Loose bits sink chips.

Working...