Play-Asia.com - Your One-Stop-Shop for Asian Entertainment
 

Xboxic interviews 360 firmware hacker

After all the confusion of the last week over the Xbox 360 DVD firmware hack, people started launching the wildest theories on the internet about the implications of what has been achieved. The problem was mainly one of proof and solid information: there was only a video and huge heaps of incomprehensible technical mumbojumbo to work from, nothing the lesser gods amongst us could actually get a solid grip on. Xboxic met up with Robinsod, one of the 6 hackers that worked for months to perform the hack, to sort out once and for all what has been done and what it means for the Xbox 360, and all of this in understandable language anyone with some basic technical insight should mostly be able to understand.

For those too lazy to read the entire interview, the very short summary is:

  • The hack is completely unfit to be applied to a modchip.
  • Anyone selling a modchip based on this is a scammer.
  • Trying to replicate the hack without having multiple years of experience at this kind of thing will most certainly brick your 360.
  • Microsoft will quite probably be able to detect fake firmwares very soon as the cat/mouse game commences so you will get your ass kicked out of Xbox Live for the rest of your life.
  • Watch out for brickware. Some moron will release one probably.

If you are interested in the full details read on. We just skipped all the who-are-you and how’s-life bullshit because he wouldn’t tell anyway, so no useless chitchat here. Enjoy the interview, and many many thanks to Robinsod and TheSpecialist for answering all our pesky questions! If you consider this interview a worthwhile read, digg it too: spread the word, not the disc!

Xboxic: Big question for everyone ofcourse is “why?” Why would anyone bother screwing around for 4 months to break a console’s security if you have no intention to do the thing it facilitates: running illegal software?
Robinsod: Because I am naturally inquisitive, I want to understand how things work. I dont actually play video games much, if at all. Of course waving a big sign saying ‘forget it boys, you won’t break in this time’ is just going to encourage me. Ok, lets see if I’m good enough. In short the usual hacker motivations.

Xboxic: How long have you been into hacking, and what was your reason to specialise in this expertise? Do you have a related job or just doing this for the fun and the challenges?
Robinsod: I have been interested in hacking for a long, long time. I followed TheSpecialist’s Xbox1 hack in the XBH forums since it began and just started to dig around. Really it started as an idle interest but as I started to make more progress in understanding the firmware and share information & ideas with other people it became more & more important to finish the hack for it’s own sake. I dont work in the games industry or anything, this is just for fun.

Xboxic: You guys claim you will not be releasing the hacked firmware, foremost reason being Microsoft’s legal department and hacker ethics a close second. Do you personally know of any cases where hackers got into trouble with console manufacturers? And like many people claim, haven’t you already sold the hack to the highest bidder? Or received a huge payment from MS itself to keep the code to yourself?
Robinsod: We will not be releasing a hack, we won’t sell it and no-one from Microsoft has approached me either to pay me off or shut me up with legal threats (this may change of course). I want to polish this hack a little more for my own satisfaction and then I will consider it done. All the information needed to implement this hack is available and I have no interest in doing further research. I know of cases where thieves have been prosecuted for selling duplicated copyright material but I am not aware of hackers being prosecuted for being interested. I could of course just be ignorant about that.

Xboxic: There are people out there that think the released video is a fake, because it doesn’t exclude the possibility of a second 360 connected to the back of the TV to fake booting the PGR3 backup. For the people unable to understand the technical evidence in XBH forums, do you plan to release “better” evidence?
Robinsod: The video evidence is quite compelling if you know what is happenening. As TheSpecialist pointed out, the laser of the DVD drive does NOT behave like that if you simply insert a backup. The video shows a crude version of the hack, the drive is still reading some of the authentication data from the ‘middle zone’ of the disk. Maybe a better video could be filmed but why bother? I don’t really care if people believe me or not: all the ‘proof’ is there in the XBH forums and the drive firmware. Also you will never satisfy everybody that it’s not a fake no matter what you do.
Xboxic: The skeptics might still say you did succeed in hacking the firmware to behave like booting but the TV was running from another one. ICE modchip taught people to be cautious.
Robinsod: It would be impossible to convince them all, and yeah, sure, there are a lot of scammers out there. So scepticism is healthy.

Xboxic: Even though Xboxic in its original article on the upcoming hack made sufficiently clear that this hack is unusable by the general public, many people predict this breakthrough will cause a modchip to be released in a matter of weeks. How do you see chances of a modchip happening anywhere soon?
Robinsod: The hack is a modification to the DVD drive’s firmware, which is stored in a flash memory chip inside the drive. IF I was to release this hack, which I am most certainly not going to, I would release it as a Windows drive programming package, exactly the same as used to upgrade a PC’s DVD drive. Anyone who tries to sell you a chip is a scammer and is trying to cheat you. This hack is useless to the public in it’s current form, it has not been ‘weaponised’ and currently requires that the flash chip is removed from the drive circuit board and inserted into a special flash programming device. And I want to stress that if you don’t know what you’re doing you can easily destroy your 360 - don’t do it.
Xboxic: You have seen the sites on the internet though that more or less provide a step-by-step guide to recreate this hack. People will try.
Robinsod: I have seen some compilations of the many posts made by many talented people on XBH over the last few months. They should not be considered a guide, but a great set of notes containing useful stuff about interfacing to the drive. Trying to use that info without knowing every little detail will probably destroy your 360.

Xboxic: Using the current hack the system cannot detect the modification, because the firmware can lie about its authenticity because of the cracked challenge/response protocol. Is it still possible for the system to softflash the drive should it want to? And if so, isn’t the hack completely useless should Microsoft decide to simply reflash the drive’s firmware every reboot, or every week, or every dashboard update?
Robinsod: Well there are several parts to the answer. This is a consumer device and really you dont want to have a reflash fail and brick the device. I don’t know if the Toshiba-Samsung drive has a fall back position to recover from a bad flash, the Hitachi-LG has a ‘recovery’ mode if the main application is corrupted, restoring an empty firmware with only softflashing capabilities. If this feature, or something like it, does not exist then I doubt Microsoft would want to risk it, all those angry customers coming in with bricked 360’s. The drive could be softflashed from the kernel, but the firmware controls the process, so it could just say that the flash succeeded any time even though it didn’t do anything.

Xboxic: Is your analysis of the used challenge/response protocols complete or does it just cover a subset of possible challenges? Would Microsoft be able to detect the hack if they send out a dashboard update sending different challenges to trigger erroneous behaviour from the firmware?
Robinsod: Yes, I believe there’s a reponse modifier but I haven’t seen it used yet. Sure, then the game becomes how accurate an emulation can the hacker create? It becomes a game of cat and mouse…. The challenges themselves are actually on the game disc: the kernel reads an encrypted table from the disk, decrypts it and issues the challenges contained in it. Malformed challenges from the console could trigger correct responses from the hack and be detected, but we could probably reuse the existing code to factor this into the equations.

Xboxic: Say Microsoft releases a mandatory dashboard update tomorrow that installs a new firmware with a completely different challenge/response protocol on every 360 in the world, will it take you guys another four months or can Microsoft strenghten the protocol sufficiently to ward off further breaches until the release of their next console?
Robinsod: They can make life dificult by validating the disk with greater accuracy. If they do, someone else will have to continue improving the hack, since I’m done with it now we’ve proven it can be done with the current Xbox 360.

Xboxic: Following the previous question: people are claiming that Microsoft forgot to sign the firmware on purpose and left the debug routines in there to make it an attractive target, a honeypot to attract the bees. This way they bought over 4 months of time in which the best hackers of the world would try to hack the easily replaceable and patchable firmware, time they didn’t spend on hacking the really dangerous parts of the system. Do you consider this theory credible?
Robinsod: No, not really. Why leave any chink in the armour? People were going to attack the system anyway, why make it so easy with the debug routines that it only cost us 4 months? They could’ve made it much harder and we’d have attacked the firmware anyway because that’s what TheSpecialist did on the Xbox1.

Xboxic: Is there going to be an Xbox 360 revision soon containing a signed firmware in the drive? Ofcourse with the public key embedded in the DVD’s ROM to avoid any future tinkering with the firmware?
Robinsod: No idea, but unless the flash is inaccessable or properly encrypted any signature can be spoofed. I suppose if there was a bootloader in ROM that was packaged with the drives micro, that could check the flash’s signature. The problem then is it pushes up costs, the drive uses standard components which don’t have security features.
Xboxic: $5 extra cost per drive to avoid 500k Linux boxes sold at $125 loss seems an easy equation.
Robinsod: Then perhaps its a good thing the hack came so early and the cost of custom LSI can be spread over a larger number of consoles, and before too many ‘pirate capable’ systems were sold.

Xboxic: In a forumpost TheSpecialist literally said “I doubt you’ll see some kind of OTHER hack soon, that lets you boot unsigned code for example. MS did a very good job on the 360 itself this time.” Does this mean you guys don’t see homebrew or other unsigned code being run anywhere soon, like within the current console’s lifecycle?
Robinsod: Hmmm, well given the complexity of the software (and MS’s reputation for secure software) it seems unlikely that there’s no way in. The problem is finding it… Another motivation for this hack is to see if there is any possibility of an attack via unsigned modified files (no idea if there are any or if it is - thats the next area of research). But again, any successful attack opens the door to piracy. If MS would sell me a home developers XDK that allows me the opportunity to write code for what is a fantastic piece of kit then I would have no reason or excuse for doing this.
Xboxic: Devkits cost over $22k indeed. I remember my Amiga days pushing the machine to its limit until 7am squeezing the last bit of performance out of a superb system, all with a $10 shareware assembler program.
Robinsod: Yeah, but I doubt a copy of VC++ and a key to sign homebrew for execution from DVD+R needs to be expensive. Lots of devs creating quality homebrew…… Lots of new cool things to download from Live. It could make MS as happy as it would make us.

Xboxic: Do you have any other hacking projects running related to the 360 or do you consider your job with this machine done now you’ve proven that the “CIA-level security” wasn’t all that much?
Robinsod: No, when this is done I might well sell my 360 and do something else. Get a girlfriend possibly? Chicks love nerds.
Xboxic: Can I quote you on that so one of our interested female readers could pay you a visit on XBH forums?
Robinsod: As long as ’she’ doesn’t turn out to be a 47 year old male management consultant or something.

Xboxic: Got anything else you want to add that we didn’t specifically ask about?
Robinsod: Unfortunately, there is a good chance some malicious **** will put together a ‘brickware’ package, just like they did for the PSP, and using it will erase the unique key in you drive and destroy your 360. This is also one of the reasons I am probably not continuing work on the hack. Apart from that I think I’m done.
Xboxic: Thank you very much for your time.

del.icio.us:Xboxic interviews 360 firmware hacker newsvine:Xboxic interviews 360 firmware hacker furl:Xboxic interviews 360 firmware hacker reddit:Xboxic interviews 360 firmware hacker fark:Xboxic interviews 360 firmware hacker Y!:Xboxic interviews 360 firmware hacker gamegrep:Xboxic interviews 360 firmware hacker

29 comments on 'Xboxic interviews 360 firmware hacker'

Subscribe to comments with RSS or Trackback to 'Xboxic interviews 360 firmware hacker'.

WoW nice read there :D
I wished the hack would stop there but as i read on www.teamxecuter.com it seems this could soon be release to the public and if what some people are saying that these backups work on Live could maybe cause a problem!
If you like the game you should buy it! Support the developers! Because without sales it means less money to make new games :(

Comment by Eff on 2006-03-21 04:13:36 | Reply

Very good interview.
XBOXIC will become one of the top xbox site for sure. :)

Thanks, we do our best :)

Comment by Grady Durden on 2006-03-21 04:31:02 | Reply

Great interview, Curry! You must be a journalist at heart, huh? =)

The fact that I’m a developer at heart helped me more in the case of this interview, believe me ;)

And digg the story people, need to get this interview out to the misinformed teenagers of this world to silence the bullcrap about modchips appearing shortly etc.

Comment by GrandHolyKing on 2006-03-21 08:30:33 | Reply

That was an informative read, although I do hope they dont realise the “weaponised” version of it. Im happy paying for my games and marketplace downloads. If I didnt have to pay so much for the games and they were copies instead then I wouldnt get as much satisfaction out of them.
Have to say, this site is used by me a lot as it contains “official” and as seen above “Unofficial” news.
Keep up the good work guys!

Awesome interview!

Great interview. Keep up the fantastic work you guys!!


http://www.wirah.com

Xboxic interviews 360 firmware hacker…

After all the confusion of the last week over the Xbox 360 DVD firmware hack, people started launching the wildest theories on the internet about the implications of what has been achieved. The problem was mainly one of proof and solid information: the…

It’s != Its

Ben: I did the interview via secure instant messaging since these guys want to stay absolutely anonymous. Hence you may still find some “IM-jargon” in the replies such as the example you give even though I corrected some on the fly.

Comment by me on 2006-03-21 22:22:04 | Reply

some people can be so picky

[…] Xboxic interviews 360 firmware hacker [Xboxic.com] […]

Comment by Anon poster on 2006-03-21 23:41:52 | Reply

We STILL DON’T HAVE CONFIRMATION on the rumours that this particular hack / fix / flash only works on a SINGLE GAME

It’s only a rumour but I hear that you flash the drive with the PGR3 key, it’ll boot a fake PGR3 but NO OTHER GAMES - therefore you’d have to re-flash per game.

Anyone know if that’s true/

Comment by jox on 2006-03-21 23:49:05 | Reply

kudos for being honorable. Very nice hack!
someone get him a “chicks dig geeks” t-shirt

Anon poster: that rumor is very true. I double checked with Robinsod and this was his answer:

for sure the thats how the version in the movie worked, some hard coded reponses, some data read from the disk for a particular game. Once that works its a piece of cake to read the correct data from an unused burnable sector on a DVD+R. This is what I meant when I said I would work to finish the hack and then do something else.

So the proof-of-concept indeed only works for PGR3.

[…] Otra noticia importante en el ámbito de Microsoft ha sido el descubrimiento de una forma de piratear la Xbox 360 por primera vez, al parecer modificando el firmware de la unidad de DVD utilizada en su ensamblaje. Los responsables del descubrimiento no van a hacer público el proceso exacto, pero es evidente que si ellos lo han conseguido probablemente en unas semanas aparezcan métodos de modificar esta consola para poder acceder a todo un mundo de posibilidades entre las que evidentemente se encuentra el jugar a copias piratas de juegos. Por cierto que por mucho que prometan el oro y el moro, no es posible aplicar ese hack a ningún modchip, así que de momento si os intentan vender la moto yo que vosotros no me fiaría. Y de todos modos, aun consiguiéndolo estaréis cometiendo un delito. El que avisa no es traidor… […]

[…] Have a read at Xboxic interviews 360 firmware hacker for the full details. • • • […]

"Hackeando" el firmware de la XBOX 360…

Entrevista con el team que hackeo el firmaware de la XBOX. Resumen:
- El hack no se puede aplicar en un modchip, así que los supuestos chips que lo implementen son falsos
- el proceso es complejo y es muy probable que Microsoft pueda detectar el nue…

[…] 360 Hacker Interviewed - Posted by ctrlc in News (Tuesday March 21, 2006 at 10:53 pm) Recently we reported on the Xbox 360 being hacked after only four months of it’s releasein the Christmas season of last year. Xboxic has now had the honor of interviewing the hacker himself, who goes by the alias Robinsod. Robinsod clears up a lot of questions on what the hack means, and how it can be used at this point. Continue reading for the full interview. ** Edit 3/24/2006 ** I have removed the dialogue of the interview, as a courteousy, in response to a request by Xboxic. You can read the entire interview at Xboxic’s website. Click here to read the entire exclusively xboxic interview. […]

Excellent stuff


http://www.wirah.com

Blah….The only reason id buy a 360 is if rockstar bought out a new GTA on 360 platform , Only with more drugs killing and sex games.

As a matter of fact the next GTA will be released simultaneously for both 360 and PS3, with exclusive DLC for 360.

[…] Just part of Microsoft’s official response to the has-it-or-hasn’t-it Xbox 360 hack. The comments make for a pretty interesting read, too. —Alice Taylor […]

Comment by Madlib on 2006-05-19 11:31:43 | Reply

Very nice read ! thanks xboxic.com

I dont know if anyone cares, but here in S. Korea, there is a shop that makes your 360 modded. He also sells games for 5$ bucks a pop. He has been doing it for about 2 months now, and it works great. My friend plays online with his all the time, so whats the problem?

Comment by The_Glovner on 2006-11-07 12:42:36 | Reply

The problem is that developers don’t get the money they deserve so over time it waters down the pool of developers until you are only left with the EA’s of the world churning out the same shit year on year with no originality coupled with the fact that you push the price up for honest people and this makes your friend a dirty robbing bastard.

Looking+for+information+

Comment by xbox360rulez on 2010-04-08 20:01:19 | Reply

Amazing interview. I agree with j0k3r360 I wish the hacks would stop, I mean why would someone want to spend 4 whole months hacking a consoles security? It’s rediculous! But I gotta give it to Robinsod though you must be smart to figure out all the progams and understand the entire prospect of hacking, I know I couldn’t do it…. but still like I said… rediculous!

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>