My Find For Xbox Originals! Options

[Anubis-MG]

Ok so I seen the hot swap method being done for ripping 360 games so I jumped on this testing for the

possibility of playing original xbox games on the 360 drive but swaping with a backup.

I opened the 360 dvd drive for this so if your considering this will void your warrentie go for it.

I started by popping in my original Xbox game and started playing for a few mins then I stopped playing

but kept the game going after a few mins the screen turns dark and the disc stops spinning this is when I

popped in the back up of the same game mind you,also you cannot press eject or this will not work you

have to take the top off your dvd drive any ways after swapping I moved the thumb stick on the controller

and the game went from dark to light and I was able to start playing again only till I got to the next area

and the 360 had to read off the disc then I got this message that says disc maybe dirty or damaged ect bla

bla bla.

So I thought I would post this info as not sure if others have found this out for them selves and if not they

can use this info for farther testing ect..

Hope I am onto something here!!

Oh and to let you know I tested like 3 or 4 games and they all resulted in the same they all played for a

short period of time then the error screen occurs after reading.

There has to be a way arround this..

Also a quick quesrtion was I playing off the game back up or was the game just in the memory??

This post has been edited by Anubis-MG: Dec 18 2005, 07:50 PM

[lordvader129]

Also a quick quesrtion was I playing off the game back up or was the game just in the memory??

you were just playing off the harddrive cache, youd get the same results if you took the game out and left the drive empty, or put a different game in its place

[crosseye]

yep, just playing off the cache.

[Anubis-MG]

Shit yeah your right I just tried and was able to play for the same amount of time with out a game in and the same

thing happens with the error code when going to the next area.

Oh well I thought I was on to something good

This post has been edited by Anubis-MG: Dec 18 2005, 09:12 PM

[crosseye]

no problem. At least you tested what we said and found out for yourself. Other people lately just want to argue a point they know nothing about. Keep searching for stuff, you may accidentally stumble across something. After all, most of mans great discoveries are just accidents.

[Monoxboogie]

Shit yeah your right I just tried and was able to play for the same amount of time with out a game in and the same

thing happens with the error code when going to the next area.

Oh well I thought I was on to something good

How were these dumps created? If the backups you used were created using a method that doesn't yield an exact copy of the disc, then that could be the problem. If, for example, the backup didn't include the track that has the "This DVD must be played in an Xbox 360" movie, then when it tries to seek to the proper section, it will fail.

Also, for shits and giggles, have you tried doing so in an area prior to a media load. Play the game, find a place where an FMV loads. Get to that spot again. Let the screen dark. Switch. Play more; load media. Perhaps upon removal of the disk, you're killing the alignment of the laser. And perhaps the "seek" needed to get to the media would realign it, and allow you to play the backup.

Keep us posted. It's a long shot, but you have got guts; removing the top of the drive and all. I admire your bravery.

[lordvader129]

Shit yeah your right I just tried and was able to play for the same amount of time with out a game in and the same

thing happens with the error code when going to the next area.

Oh well I thought I was on to something good

yeah, this may not have worked, but at least when you had an idea you gave it a try yourself and posted results, thats what we need in this forum, less talkers more doers

How were these dumps created? If the backups you used were created using a method that doesn't yield an exact copy of the disc, then that could be the problem. If, for example, the backup didn't include the track that has the "This DVD must be played in an Xbox 360" movie, then when it tries to seek to the proper section, it will fail.

Also, for shits and giggles, have you tried doing so in an area prior to a media load. Play the game, find a place where an FMV loads. Get to that spot again. Let the screen dark. Switch. Play more; load media. Perhaps upon removal of the disk, you're killing the alignment of the laser. And perhaps the "seek" needed to get to the media would realign it, and allow you to play the backup.

Keep us posted. It's a long shot, but you have got guts; removing the top of the drive and all. I admire your bravery.

hmm, its possible, but i dont think it would be worth much on the topic of playing backups (having to swap with your orignal each time would cause more handling of the discs and probably more scratches, defeating the purpose of the backup, lol)

also, for games that use multiple xbes (liek 007:EON) when it switches from one xbe to the other the media check would fail

either way its worth giving a try, might lead to soemthing else

[CattyKid]

Man, I can at least say that I respect you. Way to get your hands dirty.
Trying never hurt anybody.

[Monoxboogie]

yeah, this may not have worked, but at least when you had an idea you gave it a try yourself and posted results, thats what we need in this forum, less talkers more doers
hmm, its possible, but i dont think it would be worth much on the topic of playing backups (having to swap with your orignal each time would cause more handling of the discs and probably more scratches, defeating the purpose of the backup, lol)

also, for games that use multiple xbes (liek 007:EON) when it switches from one xbe to the other the media check would fail

either way its worth giving a try, might lead to soemthing else

My thought is currently that if we can make it do this switch, we won't play backups, but perhaps create a dummy DVD with a VERY similar TOC and file structure...but a malformed media file. When it loads, buffer overflow, or some other nasty thing, and code execution. I'm aware that MS has stepped up buffer overflow protection, but my hope is that MS let its guard down on media within a game (not save files). I mean, how is a user to make the information on a legitimate DVD bad? ;-)

Of course, I lack a 360 as of yet. If anybody would like to sell me one at cost...(Yes; I suppose I'm a comedian), then I'll gladly take my hand at it.

[edit_text]

I was also thinking along these lines. I think that a raw backup may be required. Then again, the xbox may well be checking the media type again. If a swap trick of this nature could be executed, that would give us a solid means of attack. If we can gain full access to the emulations virtual machine, we maybe able to find other holes from there. This, of course, is assuming that the emulation has some low level access to the underlying operating system. It may well not. A swap trick like this is very diffrent from those performed on Sony sytems to boot backups. Keep in mind, when a swap is performed on a playstation, that there is a piece of software stoping the drive. At that point it is expecting to have to read something diffrent. With what you have tried so far, the xbox is not expecting any changes. It want to pick up reading where it left off. This again is assuming that it is not performing a media check everytime it reads the disk. Many people view this as fruitless, I know. The ponit of this is not so much playing backups. What the goal here should be is finding a means to execute our own code.

e_t

[bowser22]

You cannot do a buffer overflow on the 360 it is nearly impossible because satck memory is non-executable

[InterestedHacker]

Sounds like a good idea, until you read the hundreds of posts explaining how the boot process works.

Here are my results:-

Inserted original disk, once game started I swapped it with a copy, which doesn't contain the original media check, and doesn't have any of the security place holders, and the XBOX then told me to STFU and read the bloody forums posts first.

This post has been edited by InterestedHacker: Dec 23 2005, 11:58 PM

[Monoxboogie]

You cannot do a buffer overflow on the 360 it is nearly impossible because satck memory is non-executable

As we all know, MS has had a large amount of success in thwarting these attacks.

http://www.securiteam.com/windowsntfocus/5OP0W00EKW.html

Even with the NX bit on the processors, and DEP, computers are still vulnerable to the same old style exploits. It's very likely that some exploits like this may be able to be found.

And Mr. InterestedHacker needs to read the fucking post. I didn't suggest doing this *AT* boot. I suggested doing this after the boot process has taken place. A hot swap is the removal media without allowing the device to know that the media has been switched. This means that the power stays on, and the host device is not made aware of the fact that the drive tray has been ejected, or the media has been removed.

[DaBiscuit]

Is there any point to trying this with an old XBox1 backup? If any kind of non-original media can be played, it's a start, and we do at least know how to reproduce working copies of the XBox1 disks. I can't try it myself, since the XBox360 aren't in stock in my area, and I can't get one. Still, it's something to try.

EDIT: Oh, nevermind, you were using XBox1 Backups. If the game was continuing from the HDD cache, how about removing the HDD first? How about trying it with a backup copy of a 360 game, now that the dumps are out there? I really wish I could get my hands dirty right now, this is the fun part, even if there are no results.

This post has been edited by DaBiscuit: Dec 24 2005, 04:52 AM

[InterestedHacker]

As we all know, MS has had a large amount of success in thwarting these attacks.

http://www.securiteam.com/windowsntfocus/5OP0W00EKW.html

Even with the NX bit on the processors, and DEP, computers are still vulnerable to the same old style exploits. It's very likely that some exploits like this may be able to be found.

And Mr. InterestedHacker needs to read the fucking post. I didn't suggest doing this *AT* boot. I suggested doing this after the boot process has taken place. A hot swap is the removal media without allowing the device to know that the media has been switched. This means that the power stays on, and the host device is not made aware of the fact that the drive tray has been ejected, or the media has been removed.

It's FACT that the media checks happen more than once! Due to the way in which the security works, you would likely need the original disk (for that game) to boot from every time, so that kinda makes the whole thing pointless! Sorry for being sharp, just fed up of reading the same posts over and over.

It rotates like this:-

1) Why can't we use a buffer over flow.
2) Why can't we hot swap the discs.
3) Why can't we FTP. (This one REALLY winds me up no end)
4) Why can't someone hack MCE so I can watch DivX movies.


It's good to suggest things, but this has been suggested before, and before, and before.