Original Xbox thoroughly hacked

Our friend Eliot, from hack a day, has tipped us off to the latest and greatest in the Xbox hacking scene. TheSpecialist, a hacker on the xboxhacker.net forums, has managed to play a backup DVD without using a modchip/softmod. Eliot explains, "He ripped the challenge response data block from RalliSport Challenge and then patched that chunk into the firmware of the drive. So now, no matter what disc is placed into the drive, when the Xbox checks authenticity, the DVD firmware spits out the RalliSport Challenge code instead of checking the disk." Clever!
Unfortunately, The Specialist didn't want to release the hack to the public, explaining, "I understand that releasing this hack would have major impact. Althought I serioulsy [sic] doubt that releasing a firmware *patcher* is illegal, I don't want to take my chances on it :-) I think anybody who wants to do something like that should ask himself if it's worth all the trouble he might get into. I feel it's not. That's why I'm not releasing anything."
How long before the hack is readily available for everyone to use?
[Thanks, Eliot]











Reader Comments (Page 1 of 1)
n_corri @ Feb 3rd 2006 4:14AM
Damn, wonder if this same type of security can be broken on the 360 in a few years.
Franklin @ Feb 3rd 2006 4:44AM
So from my reading and understanding of this: The guy ripped the security check from a game disc, then patched the code into the Xbox drive. Is that right? Theoretically, this sounds like the security check code from any Xbox game could be used then. If this actually works, the basic idea is ingeniuously simple in that "no duh!" slapping-self-on-the-forehead way.
He may not be release the patch, but he's revealed the technique. And that may be more than enough for others to do this.
jadengyu @ Feb 3rd 2006 4:52AM
i wonder if he'd at least recommend any good books to read on the subject...
or maybe newsgroup forums to post to. actually, he should post to usenet using an annonymous server like teranews. best 3 law subverting bucks i ever...
holy crap it's the cops!
bbl.
Ed Oscuro @ Feb 3rd 2006 4:59AM
Teehee. Part of me has to laugh that the game responsible was not only considered to be great, but it was developed by Microsoft itself.
mike @ Feb 3rd 2006 5:02AM
jotsyiq.com promoting piracy lol
AndrewNeo @ Feb 3rd 2006 6:57AM
#1: It's actually the security on the 360 they were trying to break, and they ended up doing the original first, in hopes of it shedding some light on the 360's.
JPRacer @ Feb 3rd 2006 7:30AM
Ed Oscuro:
Microsoft did not developed RalliSport, DICE did. Microsoft only published it.
matt @ Feb 3rd 2006 7:47AM
it is 'available to the public.' all they have to do is read through the XBH.net forums and do it themselves. TS won't release a 'howto', but anoyone that can read can put it together themselves.
Shad Genki @ Feb 3rd 2006 9:02AM
Smells like bullshit to me. How many times have we heard this?
"Hey, I made a COOL new hack! Wanna see? Well, you cant."
Yes, I'm sure you are the 1337357 h@X0rZZ. But until you release the hack, you're full of shit.
Scott @ Feb 3rd 2006 9:15AM
IF this is true, my guess is this:
1) He ripped the "security key" from a game disc.
2) He embedded the code into the firmware of the Xbox drive.
I don't know anything about how the hacking scene for the Xbox goes, but was the above probably accomplished by taking the Xbox drive out and attacking it to a PC to rip the key from the disc and perform a firmware "update" on the drive?
It sounds like this would be analogous to making a copy of a door key, and then just keeping it in the lock so the door contiually remains unlocked.
It's funny if this is true, because everybody has been thinking in terms of breaking the lock (decryption) or getting around the locked door (mod chips). But this guy simply made a copy of the key and permanently jammed it into the lock. Brilliant.
Draco @ Feb 3rd 2006 10:35AM
Gotta agree with Shad on this one.. hes wasting our time, if it was this obnoxiously simple, it would have been done a long time ago like the Dreamcast was done(mind you the mod chip makers wouldnt be happy I guess)
Nushio @ Feb 3rd 2006 11:06AM
We do the same thing in the Nintendo DS.
Instead of crackin' the RSA, we bypass it through nefarious means (Passme, Flashme, WifiMe)
It shall be done..
Martin @ Feb 3rd 2006 11:27AM
Draco, don't be an idiot. You make the assumption that this has been attempted before, of which I've never seen mention. So unless you've proven it to be fake, you have just as much credibility as this hacker.
weaszel @ Feb 3rd 2006 1:55PM
So if I'm understanding this thing right, you would have to reflash the drive with the code of the game you wanted to play each time you changed games? Seems like more hassle than it's worth.
mrjiggles @ Feb 3rd 2006 1:59PM
"9. Smells like bullshit to me. How many times have we heard this?
"Hey, I made a COOL new hack! Wanna see? Well, you cant."
Yes, I'm sure you are the 1337357 h@X0rZZ. But until you release the hack, you're full of shit."
I understand where your coming from but there's solid evidence on this working...You must not follow the scene very much. Go check out the forums on xboxhacker and read through how he did this. Until then, stop talking, your making yourself sound incredibly ignorant.
josh @ Feb 3rd 2006 2:51PM
#14. no you wouldn't need to do it each time. The article plainly states:
"So now, no matter what disc is placed into the drive, when the Xbox checks authenticity, the DVD firmware spits out the RalliSport Challenge code instead of checking the disk."
Any disc will play.