Jump to content


Photo

Commodore4eva Explains Stealth Media


  • This topic is locked This topic is locked
43 replies to this topic

#1 Xbox-Scene

Xbox-Scene

    Memba Numero Uno

  • Admin
  • 5,201 posts
  • Location:Yurop
  • Xbox Version:unk
  • 360 version:unknown

Posted 15 August 2006 - 05:57 AM

Commodore4eva Explains Stealth Media
Posted by XanTium | August 15 00:57 EST

 
Commodore4eva implemented "Stealth Media" into the lastest version of his TS-H943 DVD firmware (Xtreme firmware 3.0 for TS-H943 Xbox 360). Today he posted more details about what this exactly means:


* Stealth Media
This is to clear up a few misconceptions about what Stealth Media is and how it works. This is not firmware stealth. Reading the firmware itself for changes is not controlled by the firmware itself, it is a low level hardware function which cannot be stopped by firrmware code.
A firmware check routine which calculated a checksum and returned that to the host was already found in V1 and was modified to always return the correct unmodified firmware value. I think this was a last minute check incorporated by MS as they knew the firmware code was not signed.
Stealth Media is all about making a backup disc appear to the Xbox360 host exactly the same as an original. Although this was already done by the Security Sector and the challenge/response, there remained a number of differences on the disc that are currently not checked for. It would be very easy for the dash or the particular game to perform these extra disc checks. There are four main aspects to Stealth Media:

* PSN Lockdown:
This is a two part process:
-Before disc authentication (security sector,challenge response) is performed the drive will only allow vaild PSN reads as defined in the PFI sector. This is currently the standard video partition. Any request to read outside this range is not allowed - as per originals. (No more reading of the backup PFI,DMI,SS sectors.)
-After disc authentication is performed and the drive is unlocked only valid PSN reads are allowed from the range defined by the Security Sector, this is the standard game partition. Any request to read outside this range is not allowed - as per originals.

* PFI Sector (Physical Format Information):
This sector is contained within the lead-in and contains information about its physical format. Disc booktype, start PSN and end PSN and Layerbreak are contained here. Currently all Xbox360 and Xbox1 games have the same PFI information, but that may change.
On Writable media (our backups), this also contains media specific information such as Media Code/Manufacturer ID and Media Product Revision number.
Any requestes for this information is now redirected to the the PFI sector now at $04FB1D (for Xbox 360 backups) or $0605FD (Xbox 1 backups), if it exists. If it does not exist (pre V3 backup) a seperate embedded PFI is used for Xbox 360 and Xbox 1.

* DMI Sector (Disk Manufacturing Information):
This sector is also contained within the lead-in and contains information about the Disc manufacturer, such as Company name, batch id etc. This is currently different for each Xbox360 and Xbox1 game in each region.
Any requestes for this information is now redirected to the the DMI sector now at $04FB1E (for Xbox 360 backups) or $0605FE (Xbox 1 backups).
A pre V3 backup will always return blank information for this. (A possible detection method.)

* Video Partition:
When Extreme V1 was released ,the disc build included a blanc video partition as it wasnt required for games to boot. As this can be checked by the XBox360 host, the standard video partition from any game was included with the stealth firmware. This is nothing new, just put back in for correctness!

* Conclusion:
As of today , none of these extra disc checks are being performed, but it is only a matter of time before a game will. The same sort of checks were introduced to XBox1 games a while ago. I performed an exhaustive check of every command that the Samsung firmware can respond to and these differences were discovered.
The Samsung firmware only supports a limited subset of commands from the MMC-3/4 standards so not all commands exist compared to a standard PC drive, so anyone testing for media specific information should bear this in mind.
Non-Stealth backups will still boot with stealth firmware and will be enhanced with the PSN Lockdown and PFI Sector embedded in the firmware. These backups will have no DMI and possibly have a blank video partition, both of which can be checked for.
Stealth backups will still boot with non-stealth firmware but will be exposed to the above top three differences (PSN Lockdown,PFI,DMI) making the backup detectable. Correct Video partition is present.


News-Source: xboxhacker.net (this is posted in the XBH tech section - please keep discussion there serious/tech only - thx)




#2 SAPHiREX

SAPHiREX

    X-S Member

  • Members
  • Pip
  • 147 posts

Posted 15 August 2006 - 05:56 AM

thanks for the headsup.
now it makes sense happy.gif

#3 Nailed

Nailed

    X-S Expert

  • Members
  • PipPipPip
  • 577 posts

Posted 15 August 2006 - 06:07 AM

Good write-up. Any word on when the Hitachi drives will be updated with Stealth?

#4 J0RD4N 007

J0RD4N 007

    X-S Young Member

  • Members
  • Pip
  • 47 posts
  • Location:New Orleans, LA
  • Xbox Version:v1.0
  • 360 version:v1 (xenon)

Posted 15 August 2006 - 06:22 AM

QUOTE

A firmware check routine which calculated a checksum and returned that to the host was already found in V1 and was modified to always return the correct unmodified firmware value.


does this mean that a modified firmware cannot be detected? sorry if this is a retarded question, but thats the impression it gave me

#5 ILLusions0fGrander

ILLusions0fGrander

    third echelon agent

  • Head Moderators
  • PipPipPipPipPipPipPipPipPipPipPip
  • 7,500 posts
  • Gender:Male
  • Location:Post Apocalyptic DC Vault No. 101
  • Xbox Version:v1.4
  • 360 version:v4.0 (jasper)

Posted 15 August 2006 - 06:24 AM

QUOTE(J0RD4N 007 @ Aug 15 2006, 12:29 AM) View Post


does this mean that a modified firmware cannot be detected? sorry if this is a retarded question, but thats the impression it gave me

QUOTE

Reading the firmware itself for changes is not controlled by the firmware itself, it is a low level hardware function which cannot be stopped by firrmware code.


anyways.. nice info... a real scene hero for this aspect of modding.


#6 halikus

halikus

    X-S Young Member

  • Members
  • Pip
  • 53 posts

Posted 15 August 2006 - 06:41 AM

You must be tired by now Commodore4eva, for the love of god, go get shitfaced drunk the rest of the week...
Thanks for your commitment to the scene. Get some rest before you tackle the new XDK shiz. wink.gif

#7 Base8

Base8

    X-S Member

  • Members
  • Pip
  • 146 posts
  • Xbox Version:v1.0
  • 360 version:unknown

Posted 15 August 2006 - 08:24 AM

Thanks again comadore4eva, I have yet to mod my drive. I will soon but I am too lazy. I am waiting to get an adapter so I dont have to run a linux boot cd and read up on things so I understand it a bit better. Im going to read ths again while I'm sober to see if I want to use a curent firmware or wait for this for the LG. After more reaserch I am sure I will be doing this soon though I am sure.

Thanks
BaseEight biggrin.gif

Edit:

Seems really cool I hope this mod lasts forever, I hope we win the cat and mouse game permanately. Sorry for my spelling, I have a GED. wink.gif

Edit 2:

Oh god, you gotta love the last sentence of the first paragraph, I'll leave it there for all to enjoy.

Edited by Base8, 15 August 2006 - 08:33 AM.


#8 tom_mandory

tom_mandory

    X-S Member

  • Members
  • Pip
  • 144 posts

Posted 15 August 2006 - 09:19 AM

i see

#9 pickie

pickie

    X-S Young Member

  • Members
  • Pip
  • 30 posts

Posted 15 August 2006 - 10:08 AM

?? so the backups of my games which i have as image files on my pc, can these be patched with slealth or do i need to re rip them again in a different way to make them stealth ?

cheers
pickie

#10 mist4fun

mist4fun

    X-S Young Member

  • Members
  • Pip
  • 54 posts

Posted 15 August 2006 - 11:06 AM

QUOTE(Base8 @ Aug 15 2006, 12:31 AM) View Post

Thanks again comadore4eva, I have yet to mod my drive. I will soon but I am too lazy. I am waiting to get an adapter so I dont have to run a linux boot cd and read up on things so I understand it a bit better. Im going to read ths again while I'm sober to see if I want to use a curent firmware or wait for this for the LG. After more reaserch I am sure I will be doing this soon though I am sure.

Thanks
BaseEight biggrin.gif

Edit:

Seems really cool I hope this mod lasts forever, I hope we win the cat and mouse game permanately. Sorry for my spelling, I have a GED. wink.gif

Edit 2:

Oh god, you gotta love the last sentence of the first paragraph, I'll leave it there for all to enjoy.


lmfao.. thanks I needed a good laugh

#11 bucko

bucko

    Super Moderator

  • Head Moderators
  • PipPipPipPipPipPipPipPipPipPipPip
  • 7,997 posts
  • Gender:Male
  • Location:England
  • Xbox Version:v1.6
  • 360 version:v5.0 (360S - trinity)

Posted 15 August 2006 - 11:11 AM

Very nice work biggrin.gif

#12 infamous_Q

infamous_Q

    X-S Senior Member

  • Members
  • PipPip
  • 237 posts
  • Xbox Version:unk
  • 360 version:v1 (xenon)

Posted 15 August 2006 - 11:42 AM

i wonder if its possible to merge this new stealth stuff onto one of the on-the-fly chips....theoretically wouldn't that make detection next to impossible?

#13 jo7a

jo7a

    X-S Member

  • Members
  • Pip
  • 67 posts
  • Xbox Version:unk
  • 360 version:unknown

Posted 15 August 2006 - 12:20 PM

thks Commodore4eva smile.gif

#14 KUNFUCHOPSTICKS

KUNFUCHOPSTICKS

    X-S X-perience

  • XS-BANNED
  • PipPip
  • 472 posts
  • Location:USA
  • Interests:Fishing
  • Xbox Version:none
  • 360 version:unknown

Posted 15 August 2006 - 12:47 PM

* DMI Sector (Disk Manufacturing Information):
This sector is also contained within the lead-in and contains information about the Disc manufacturer, such as Company name, batch id etc. This is currently different for each Xbox360 and Xbox1 game in each region.
Any requestes for this information is now redirected to the the DMI sector now at $04FB1E (for Xbox 360 backups) or $0605FE (Xbox 1 backups).
A pre V3 backup will always return blank information for this. (A possible detection method.)



I think this is where the threat will be if MS wanted to disable all backups up to this date. all i have to say is, dont plug your box in (ethernet).
peace

#15 Textbook

Textbook

    X-S Hacker

  • Last Chance
  • PipPipPipPipPipPip
  • 2,552 posts
  • Location:Near Flint, Michigan
  • Interests:Xbox and Computers
  • Xbox Version:v1.0
  • 360 version:v1 (xenon)

Posted 15 August 2006 - 12:48 PM

QUOTE(J0RD4N 007 @ Aug 15 2006, 01:29 AM) View Post

does this mean that a modified firmware cannot be detected? sorry if this is a retarded question, but thats the impression it gave me


I'd like to know the answer as well. Everybody has been weary of flashing their drive because "it's just stealth backups, not stealth firmware." Well, does this prove that incorrect? Is this why MS hasn't been able to block the firmware hacks? Maybe we've had stealth firmware all along and nobody realized it? That's what I interpreted, or was I wrong?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users