Guitar Hero III demo disc online, magically works on any 360
by Christopher Grant 
{ Oct 18th 2007 at 5:26PM }
We're but simple bloggers, unfamiliar with the illicit, seedy underbelly of pirating video games, so we won't pretend to understand how all of this works. What we do know is that the demo for Guitar Hero III – which came bundled in with Tony Hawk Proving Ground and the December issue of OXM – isn't on the Xbox Live Marketplace but if you burn this magical disc you can play it on your regular old 360. No soldering, no flashing ROMs, or any of that other stuff we're vaguely familiar with from peeking around inappropriate internet sites. Just burn and shred. Now that we've got your attention, here's the track list for the curious amongst you. - "Hit Me with Your Best Shot" – Pat Benetar
- "Lay Down" – Priestess
- "Even Flow" – Pearl Jam
- "Rock You Like a Hurricane" – Scorpions
- "The Metal" by Tenacious D
Get a WordPress.com Blog
Reader Comments (Page 1 of 2)
blooh (CDF - Nipple Ring) @ Oct 18th 2007 5:29PM
tenacious d rules
i don't have a guitar yet though, gotta wait for the full game
anonymous @ Oct 18th 2007 8:02PM
tenacious d sucks
Autopsy15 @ Oct 18th 2007 11:29PM
Oh, I think you have a typo in your post. I'm pretty sure you meant to say, "Tenacious D kicks ass and I suck huge testicles."
There we go. All fixed.
Word of the street(IDF-Digital Ruler). @ Oct 18th 2007 5:30PM
The scorpions FTW!
Pearl jam? outside Jeremy and Do the evolution most of their songs are quite lame sorry if I offended any fan but that's my opinion.
Shagittarius @ Oct 18th 2007 7:04PM
Thats alright I'm sure you have really bad taste in music.
LiqwidZero @ Oct 19th 2007 8:33AM
Don't worry, you haven't offended me. I've said it before, and I'll say it again, "What Guitar Hero needs is some grinding metal or at least Black Label Society! BLS for goodness sakes!"
Rubang B (NDF - Heart) @ Oct 18th 2007 5:30PM
Mmmmm, Pat Benetar. I can't wait to get this game so I can hit her with my best shot. I think this game's going to outsell Rock Band through Christmas.
Liquid @ Oct 18th 2007 5:33PM
Interesting. Sounds like a modder/hacker's dream. I know alot of exploits piggyback on "trusted" code.
MooglyGuy @ Oct 18th 2007 8:57PM
People are morons with their theories about cracking open the X360 with this, they're going apesh@*# over something that is utterly mundane. Microsoft themselves distribute dashboard updates and the Xbox back-compatibility emulator in the form of disc images that can be burned and run on any X360, so how is this special? It *isn't*. It's still encrypted to hell and back. This isn't some special backdoor. It's just a demo.
TK00 @ Oct 18th 2007 9:11PM
Moogly: Care to explain how you know this for sure? I'm guessing you have no idea.
Hackers, modders, et al could look through the code on this disc and maybe discover something that could allow them to run non-demo games from dvd-r.
Or maybe they can't. I don't know. Neither do you.
MooglyGuy @ Oct 18th 2007 10:32PM
It's funny you should mention that, TK - I work professionally in the game industry, specifically with the Xbox 360. Somehow I'm pretty sure that I know more than some random schmuck on the Internet. The very fact that you're talking about "examining code" shows that you know nothing, as if you had even the first clue about the way the console works you would know that all executables that run on the Xbox 360 are encrypted. There is no user-changeable code.
Game discs, demo discs, dashboard updates and the Xbox back-comp emulator are, furthermore, signed such that the console can detect any modifications to the executable, so not even trial-and-error experimentation will work. Game discs do not have signed data, hence the reason behind the original King Kong exploit working via a security hole in the way the X360 handled shader fragments, which has since been corrected. Demo discs, dashboard updates and the Xbox back-comp emulator also have signed data, so you can't even edit that.
The only known ways to run unsigned code on the Xbox 360 involve timing-specific exploits during the (few) times that it's running in Supervisor mode, so any hacking attempts via modifying demos will be met with failure. Period.
why not the LS2/LS7? @ Oct 19th 2007 4:02AM
MooglyGuy:
You state that the code is encrypted, therefore it is unmodifiable. Actually, that's wrong. The reason it is unmodifiable is because it is signed. Encryption doesn't actually preclude you from putting other code on (although it may make it very difficult). The digital signature however, does prevent you from putting any code on. Even if you could look at the code on this disc (and others), you can't make your own payload that the console will run, because you cannot generate a digital signature that matches your code.
I didn't create this system, but I'm sure it works like this:
All code to be run is submitted to Microsoft.
MS looks at it and makes sure it isn't exposing any security holes (that the code won't run other, unsigned code, for example).
If they approve of the code, they then digitally sign it.
(Here the speculation begins)
For normal games, MS signs it with a certificate that will only let the code run if the code is resident on a copy protected disc.
For other things, like these demos, they can sign it with a different certificate that will let the code run from burned discs or probably even from memory cards and such.
MS would never sign a regular game with this certificate, because they don't want the games to work from copied discs. And there's no way to transmute one form of signature into another.
As MooglyGuy says, there's no way to modify the code and still have it run, unless you can figure out how to break the hash system used for the MAC. They probably use SHA-1 or SHA-256, and those are incredibly difficult to break right now.
I still think this system does represent a minor security issue. If you can find an exploit in this code that has been signed so that you can trick it into running unsigned code, then anyone can burn a copy of this disc to use as the "trigger" for the exploit and there's nothing MS can do to stop the replication of this disc. Whereas if people find an exploit in a regular game (like the one found in the Bond game used for soft-modding original Xboxes), MS can stop replication of that game and limit the exposure somewhat.
Rubang B (NDF - Heart) @ Oct 18th 2007 5:33PM
Mmmmm, Pat Benetar. I can't wait to hit her with my best shot when this game comes out. I think this is gonna outsell Rock Band through Christmas.
Autopsy15 @ Oct 18th 2007 11:22PM
Of course it is. Guitar Hero 3 is 1) Cheaper than Rock Band. 2) Mainstream (when they talk about Guitar Hero on the news...it's pretty popular.) 3) an established franchise.
While Rock Band is new, unknown, and could be considered rather expensive.
I personally like Rock Band better, but GH3 will undoubtedly outsell Rock Band
Jordan @ Oct 18th 2007 5:47PM
I hope Microsoft doesn't start... banning people... for this.
Akamaru @ Oct 18th 2007 5:55PM
Well they will now that I forwarded this article to Major Nelson!
J/K
No I'm not.
Yes I am.
No I'm not...
Autopsy15 @ Oct 18th 2007 11:24PM
I am.
Really.
MUHAHHHAHAHAH!
Crono (NDF - Knight of the Old School) @ Oct 19th 2007 9:17AM
They can ban me and my silver account all they want.
BWAHAHAHAHAHAHA!
Raptor007 @ Oct 18th 2007 5:53PM
This is actually really awesome news. Perhaps we can see the modding community mimic this demo to get working homebrew on the 360? I've waited so long for XBMC on a fast enough platform for 1080P sources!
Moofree @ Oct 19th 2007 1:13AM
It's not a matter of getting it to run... It's about knowing the key the executable was signed with.
You can rip your xbla games off of your 360s hard drive with xplorer360, burn them to a disk, and they'll run (in demo mode if you don't own the game), cause they're signed.
Unless a new hypervisor exploit is found in this game (like the one that was in king kong), I doubt that this will be any help to xbox hackers.
Cody S. @ Oct 18th 2007 5:58PM
I seem to remember when the 360 launched that people were able to burn the demo disk in the kiosks and play it at home without any frills. Same thing perhaps?
CubeGuy @ Oct 18th 2007 6:03PM
Burning it now. I'll let you guys know how it turns out.
copa @ Oct 18th 2007 6:19PM
Pointer, please. I looked on Pirate Bay and don't see anything.
copa @ Oct 18th 2007 6:35PM
Sorry for not reading, thoroughly. The link is:
http://www.megaupload.com/?d=5OX44D2U
CubeGuy @ Oct 18th 2007 6:40PM
Holy freaking crap, it works. Just scroll to the demo section and there it is. =V
whymog @ Oct 18th 2007 6:06PM
This is the best news I've heard all week. :D
a ham sandwich @ Oct 18th 2007 6:11PM
well since the demo's free, why does it matter how we get it to play on our consoles? if we're not stealing anything, there should be nothing wrong, right?
Sean @ Oct 18th 2007 6:19PM
There are probably technicalities, considering you have to buy something (THPG/OXM) in order to play the demo for "free."
mw @ Oct 18th 2007 6:15PM
You need to insert the disc. It won't run, and shows up as a Mixed Media Disc. If you then go check you demos in the dashboard, it shows up there. Takes forever to load, but works well enough...
Norm @ Oct 18th 2007 6:18PM
Thank god I don't have to pick up THPG just to play this demo.
Grant @ Oct 18th 2007 6:35PM
huzzah!
word is this is in OXM too?
which issue?
cause maybe i'll dust off my collection of demo DVDs and save a blank CD.
richie579 @ Oct 18th 2007 9:52PM
Works as instructed, like mw said, takes forever to load, probably decompressing data....I don't think any banning would occur, we didn't mod anything to play this.
Charron @ Oct 18th 2007 6:40PM
I tried this last night. Does work correctly, but once you've played them all it boots you back to the dashboard.
Overall impressions- not terribly fond of the art style but glad to see the rest of the band is actually doing stuff and not just cycling animations without much care for the music. The loading quotes suck, note charts are good, and The Metal needs its audio re-balanced.
There's talk of using this for custom soundtracks but that will likely be a while.
AndrewNeo @ Oct 18th 2007 6:45PM
I think it's funny how everyone thinks this'll be a hacking wonder or something. Xbox (original and 360) executables have a flag called Media Type that lets it determine what kind of media it will work on. Usually it's DVD9 with a security sector, but they can turn other ones on to work, say, on a CD-R. It's how the first Demo disks worked.
The drive modchips trick the 360 into thinking it's a pressed DVD instead of a DVD-R, and other stuff with the security sector from pressed disks.
Raptor007 @ Oct 18th 2007 6:57PM
Really? I guess this doesn't really help then, since the homebrew community would just set their Media Type flag to allow burned media if it were that simple.
The real problem must have to do with signed code. :¬( I hate DRM bullshit. Looks like my Xbox 1 will remain my primary media center.
AndrewNeo @ Oct 18th 2007 7:01PM
Yep, you're completely right. The executable for GH3 demo is still signed, but the CD-R/DVD-R flag is turned on.
Though, unfortunately, we also don't have access to the SDK for the 360. Linux is done by breaking out using the King Kong shader exploit.
Da Foxx @ Oct 18th 2007 6:52PM
Has anyone tried to burn a different game onto it?
C @ Oct 18th 2007 7:04PM
I thought I read that a week after the Demo appeared on the Tony Hawk game, that it would then appear on XBL Marketplace. Is that still holding true?
Scarred Star @ Oct 18th 2007 6:55PM
hmmm remember when people got onto halo epsilon when they shouldnt have.....
Anon @ Oct 18th 2007 6:57PM
This isn't anything new, you can burn any demo or arcade game to a disc and the 360 will play them (for arcade games, they only run the trial mode if your account hasn't purchased them). Handy if you have a lot of arcade games but are low on hard drive space.
SenorSneu @ Oct 18th 2007 7:55PM
Will I get banhammer'd for this though? I'd love to try it, but I'd also love to keep xbox live...
Shockgamer @ Oct 18th 2007 8:05PM
Burned it and played it. It works.
Holy crap the Metal made my hand cry. Not recommended on expert for anybody who doesn't have a grasp of HOs and POs.
Even Flow was fun to play also, the other songs were throwaways.
Hsith @ Oct 18th 2007 8:06PM
:'( Anyone mind rehosting the file somewhere?
Megaupload isn't working.
TrojanGuy @ Oct 18th 2007 8:17PM
Tried it yesterday and it works like a charm. Now I'm even more excited for GH3 to come out!
Sunny @ Oct 18th 2007 8:26PM
this has been known to work since the early days of the 360 launch. If you can get your hands on the data files for xbox arcade games and burn them to a cd they will work the same way. If your gamertag does not own the full version, it'll default to the trial mode.
Microsoft publicized this functionality before the 360 even launched. It's nothing new.
Sunny @ Oct 18th 2007 8:30PM
Joystiq even wrote about it. Over a year ago.
http://www.joystiq.com/2006/09/20/xbox-live-arcade-games-on-a-cd-r-dvd-r/
Blair Thiessen @ Oct 18th 2007 8:31PM
How long till someone figures out how to use this for all games? Then once the fall patch comes around it will probably be fixed... lol
Rob S @ Oct 18th 2007 9:17PM
Worked fine for me, and yes "Metal" is a song worthy of turning my hand into a whithered claw...
The game did freeze at one point and after that my 360 was having major issues booting after i hit the power button to "reset it". Would keep getting stuck at the 360 logo screen. Scared the living bejesus out of me. Left it off for a few minutes and switched it back on and it was fine (i hope).
Not sure if the demo caused it, or my machine is heading towards the red rings of death... either way GH3 looks like an insta-purchase, especially since Rock Band won't be out until next year (here in Australia).
Leo-Jay @ Oct 18th 2007 10:09PM
Burned it, booted it, went to town. Load times are abhorrent but that's probably my media.
This looks considerably better, plays smooth (and I'm happy they didn't dick with the Multiplier after all), and is everything I want-slash-need.
Was it just for me, or does the demo kick you out after four songs? And did anyone notice the legal bits where "Activision only supports the use of the official, Activision-branded guitar controllers and the controller included with the system"?
Crono (NDF - Knight of the Old School) @ Oct 19th 2007 9:25AM
Thats Activision being like "Don't buy Rock Band Guitars and use them with GH3, even though they'll work, and probably work better, too."