How the Xbox 360 is aware of in case your hard-drive is real
•
The Xbox 360 was launched in 2005 with 2 fashions – a “Core” mannequin and a “Professional” mannequin. The thought behind the Core was to offer a lower-cost mannequin so players may play their video games from disc, whereas the Professional included a 20 GB hard-drive, which was lots for the restricted quantity of downloadable content material and different extras on the time. The hard-drive has all the time been an non-compulsory accent, but it surely shortly turned a necessity for players who needed to avoid wasting their profiles and obtain content material from Xbox Dwell. The draw back is that the Xbox 360 branded hard-drives had been costly. The 20 GB at launch was $99! an previous AnandTech price guide from November 2005, for $57 you would get an 80 GB hard-drive to your PC. Xbox 360 storage got here at a big premium.
Instinctively, modders explored the potential of utilizing customized hard-drives as a way to get numerous storage on a price range. Sadly, they shortly discovered it was inconceivable.
Kernel-mode Authenticity Examine
Each real Xbox 360 hard-drive has a singular piece of information in sector 16 referred to as the “safety sector” that comprises the next info:
The safety sector information is processed in a kernel perform named SataDiskAuthenticateDevice. It seems like this in IDA:
The decompiled model:
The perform is comparatively easy. It begins by calling IoSynchronousFsdRequest. This can be a perform carried over from the unique Xbox, and also you received’t discover it on Home windows. It mainly executes an asynchronous IO request, after which waits for it to finish. On this case, it’s a learn request for sector 16:
After that perform runs, Buffer will comprise the safety sector information, or, if the learn failed, the console will show an E69 error display screen. That may solely occur if the disk may be very loosely related, or if the disk is failing.
When the safety sector is in reminiscence, the authenticity verify takes place. All hard-drives report a serial quantity, firmware revision, and mannequin quantity as part of the IDE_COMMAND_IDENTIFY_DEVICE command. The info the disk firmware stories is in contrast towards what’s saved within the safety sector. It does this utilizing a devoted helper perform named SataDiskEqualAuthenticationStrings, which mainly works like memcmp (a perform that checks if bytes are equal).
If any of these 3 strings don’t match, the verify fails. You may be pondering, it must be trivial to only change the safety sector to match the info the disk firmware, stories, proper? Sadly, all the safety sector is RSA-signed utilizing a non-public key solely Microsoft possesses. Which means that when you modify the safety sector to match the disk firmware info, it’s going to fail the cryptographic verify. Right here is the RSA signature verification:
The Workarounds
If you don’t want to purchase the real Microsoft Xbox 360 hard-drive, there are 2 workarounds
1. HDDHackr
For the reason that safety sector can’t be modified to match the disk firmware info, the one doable workaround is to vary the disk firmware so it’s going to match the safety sector. HDDHackr was created – an MS-DOS app that updates the firmware on Western Digital drives to impersonate one other. For instance, if a safety sector says the disk is a Hitachi, HDDHackr would change the disk firmware to report Hitachi info.
There are nonetheless a number of limitations to the HDDHackr workaround:
- It’s not maintained anymore and solely works on older PC {hardware}.
- There are stories it doesn’t work effectively on newer Western Digital drives.
- It can’t make drives bigger than 500 GB work. The safety sector limits the quantity of addressable sectors, and 500 GB is the most important hard-drive measurement Microsoft formally launched.
2. Modded Console
When modding Xbox 360 consoles turned doable by way of the JTAG and RGH hacks, the hard-drive authenticity verify and measurement limitations had been one of many first issues patched out. With the checks eliminated, any hard-drive as much as 2 TB in measurement might be related, formatted on the dashboard, and be prepared to be used. These hacks require {hardware} modifications although, and also you surrender Xbox Dwell entry within the course of.
Microsoft is aware of about your hacked/customized hard-drive
For those who use the HDDHackr workaround, you’ll obtain a sound safety sector from the web to make use of to your hard-drive. For instance, when the five hundred GB HDD got here out in 2014, the group quickly uploaded the security sector so others may make their very own, customized 500 GB HDDs. What most individuals don’t understand is that Microsoft has been accumulating your hard-drive data this whole time. Particularly, whereas related to Xbox Dwell the next info from the safety sector is shipped to Microsoft periodically as a part of a safety problem response:
- Serial quantity
- Firmware revision
- Mannequin quantity
- Consumer addressable sectors
Microsoft is aware of about each Xbox Dwell-connected console that has a HDDHackr’d drive related, since it’s going to see tens of hundreds of consoles utilizing the identical hard-drive. Safety sectors are distinctive and can be utilized to uniquely determine a hard-drive. Xbox 360 hard-drives can be utilized on totally different consoles, so Microsoft seeing a number of consoles utilizing the identical hard-drive received’t be a purple flag, however when doubtlessly lots of or hundreds of consoles are reporting the identical hard-drive data directly, it’s fairly clear they’re utilizing a hacked/customized hard-drive.
Microsoft may have banned consoles for utilizing a non-genuine hard-drive, however there isn’t a proof this has ever occurred.
Brand Verification
For those who seemed carefully on the HDD_SECURITY_BLOB construction firstly, you’ll have observed the LogoBitmapDigest. Proper after the safety sector, in sector 17, a PNG picture of the previous Microsoft emblem could be discovered:
Enjoyable truth: Primarily based on metadata embedded within the picture, it was created in Macromedia Fireworks MX 2004 on July 19, 2005. The Xbox 360 launched later that yr on November 22. After taking a look at a number of early and late safety sector samples, I consider this very same picture is utilized in each safety sector on each hard-drive despatched to retail.
The brand is used when viewing the storage on the Xbox 360 dashboard:
Microsoft cared sufficient about their emblem to SHA1 hash it. That hash is RSA-signed within the safety sector, so you can not change the hash or the emblem.
It’s doable Microsoft thought-about permitting third events to promote their very own branded hard-drives for Xbox 360, very like how Seagate completely sells the Xbox Series X|S expansion cards in the present day. Presumably, the Microsoft emblem would have been changed with their very own. That is all simply conjecture and it’s doable the reply boils all the way down to Microsoft wanting you to really feel good realizing you bought a real accent.
Brand Enjoyable
With a modded console it’s doable to vary the emblem to every other picture you need, for the reason that cryptographic checks are not enforced. Some enjoyable photographs are beneath. Notice that whereas the HDD is called Retail, altering the emblem is barely doable on a modded console. These are additionally display screen captures from the console – not photoshops!
Unlucky Errors
The safety sector is positioned firstly of the disk. For those who join the disk to Home windows and open Disk Administration, it’s going to present up as “Not Initialized” since Home windows doesn’t acknowledge the Xbox 360 partitioning scheme. A popup may also seem asking you to initialize the disk in MBR or GPT format, to get it arrange for Home windows partitioning.
Sadly, the results of clicking OK are devastating. The safety sector will likely be overwritten with Home windows partition tables. Until you made a backup of it, the hard-drive won’t ever work in an unmodded Xbox 360 once more. I get emails about this on a regular basis and it pains me to inform folks there isn’t a option to save the hard-drive. The issue turned so frequent that I added computerized safety sector backups to FATXplorer again in 2015. When it begins, it’s going to instantly again up any legitimate safety sector on all hard-drives it finds. Sadly, as much as the time this submit was printed, it has not saved a single hard-drive. Everybody unintentionally initializes their disks earlier than opening FATXplorer the primary time, rendering the life-saving function ineffective. For those who nonetheless play in your Xbox 360, contemplate backing up your safety sector!