XEXtool and MN103 Disassembler Options

[Xbox-Scene]

XEXtool and MN103 Disassembler -- Posted by XanTium on January 16 01:21 EST
I saw this over at xboxhacker.net. Groepaz and xor37h released some interesting technical tools for Xbox 360 research:
* IDA MN103 Module (source): MN103 Disassembler Module for IDA, requires IDA SDK. The Panasonic MN103 is the controller used in some Xbox 360 DVD drives.
* IDA MN103 Module (win32): MN103 Disassembler Module for IDA, precompiled for IDA 4.7 / Windows. The Panasonic MN103 is the controller used in some Xbox 360 DVD drives.
* xextool v0.1 (source, win32): unpacks and prints information on xex files. includes source and precompiled win32 binary.

Official Site: http://hitmen.c02.at/html/xbox360_releases.html
Download IDA MN103 Module: sources | win32
Download XEXtool v0.1: sources + win32.

[dom0012]

so what does this mean?

[Rickz0rz]

so what does this mean?

It means that this could bring about an interesting way of booting unsigned media onto the Xbox360. Think about it. The Xbox360 checks to see what mode the DVD drive is in, so it can verify that the media it's going to run is authorized to do so. If you disassemble the firmware, not only can you hack the drive to work on PCs, but you can also make a drive emulator (with a lot of work, I presume) that would trick the Xbox360 into thinking it's in DVD mode. Hell, you might even be able to trick the Xbox360 into thinking that it's always in Xbox360 FS mode when it's reading standard DVDs... thus making booting X360 FileSystem Only content possible from burned DVDs.

And much more!

This post has been edited by Rickz0rz: Jan 16 2006, 08:32 AM

[JoBlo69]

So im guessing that with this, there is a possiblity that you can hack the dvd drives firmware to fake out the x360 into thinking that content on a dvd-r is a true dvd5/9 game???

you should be able to play burned games with a hacked firmware in the dvd drive.....

[dom0012]

So im guessing that with this, there is a possiblity that you can hack the dvd drives firmware to fake out the x360 into thinking that content on a dvd-r is a true dvd5/9 game???

you should be able to play burned games with a hacked firmware in the dvd drive.....

umm probally not, im guessing the firmware was hacked on the original xbox already and nothing of that sort happened...

[Virtucon]

umm probally not, im guessing the firmware was hacked on the original xbox already and nothing of that sort happened...

that's what I was thinking too

[DaLeroy]

that's what I was thinking too

From the discussions here XboxHacker it appears that this is still in the works (the Original Xbox DVD Drive Firmware hack)

[Questioner]

According to Xecuter, a group or groups has already figured out a hack and are developing a product to be released shortly, perhaps the knowledge gained from this has something to do with these tools.

[generalnewbie]

ill believe it when i see it for myself and not hear speculation about things that may never happen

[BlueCop]

From the xextool readme

Only devkit AES key included (16 x 0x00) so it will not decrypt/unpack retail files but you can still view information on them!

dom0012: this means to me that once a retail key is found/extracted then we could start disasming code for the xbox 360 which is a very good thing. the mn103 module will help alot with the dvd firmware hack because IDA Pro is the best disassembler around and will speed the process with the mn103 controller support. Before this was released people were using binutils which is much less powerfull by comparison.

Rickz0rz: its not about booting "unsigned media" it is about booting signed retail games off dvdr media. its only about the media checks not the signing.

dom0012: its not needed for xbox 1 because there were other vulnerable points of attack that yeilded much better results then what a dvd firmware hack ever would. the only advantage that this dvd hack would have would be to play copied xbox games on live which i still think could be detected in time. The hacking of the firmware rather then the dvd allowed the booting of copied games as well as unsigned code. no unsigned code could ever boot purely withe the dvd firmware hack. So you can see why it would have been pointless for xbox 1 with the exception of a way to play backups on live. it would still be a cat and mouse game like you have seen between hackers and corporations(example directv vs signal pirates) if the firmware hack was released publicly because there are ways to read a firmware out of a drive and verify it. So they would update and then new measures would have to be taken. It would be h(b)ack and forth. There very well could be a private firmware hack for live on xbox 1 which people keep private to prevent MS counter measures.

DaLeroy: they are working on xbox1 first because its possible to know everything thats going on with both sides of the process(the drive and the kernel). There aren't public dumps of the xbox 360 kernel so not much is known about the kernel side on the 360. so it is simpler to implement for xbox 1 and a good starting point because xbox 360 uses what would be the same process of xbox 1 discs and something similar for 360 discs.

Questioner: I don't think these have any connection to chip makers because its run like a bussiness and they don't release secrets to help their competition. not everyone likes the wait and see approach. Being proactive helps the cause. while saying that I'll also be the first to order a chip when its released(or homebrew equivelent ala mr sporty and a flashrom in the early days of xbox1)

generalnewbie: what are you refering to the dvd hack or the xecuter statement?

peace out. I hope I helped with the understanding because it seems to have some misconceptions on the thread.

/me goes to hit the bong and watch battlestar galatica for a few hours

p.s. anyone who wishes to correct me go right ahead i could have mistated things or been misinformed but i beleive i was accurate

This post has been edited by BlueCop: Jan 16 2006, 11:17 PM

[Rickz0rz]

Rickz0rz: its not about booting "unsigned media" it is about booting signed retail games off dvdr media. its

Argh. I knew that looked wrong. Thanks for catching that.

I meant to say retail games from DVDr, but somehow that totally came askew when I typed it out.

[dom0012]

From the xextool readme


There very well could be a private firmware hack for live on xbox 1 which people keep private to prevent MS counter measures.

i really doubt it... and using a hacked firmware would most definitely get you banned from XBL. I cannot say for sure because ive never tried it but im sure MS would not let a security breach such as that to continue.

[loop2047]

i really doubt it... and using a hacked firmware would most definitely get you banned from XBL. I cannot say for sure because ive never tried it but im sure MS would not let a security breach such as that to continue.

they have no chance to detect if the firmware is hacked.
they could stop it in later models, but thats about it.

[BlueCop]

loop2047 & dom0012: i think you are both right to an extent. if a firmware is hacked to read dvdr media as an orginal disc(which is more complex then it sounds) then MS wouldn't see the firmware on the dvd drive because its only running inside the drive itself not within the xbox. It merely communicates with the drive. there are commands to send to several chipsets for dvd drives that allow you to read out the firmware in the drive. Like MTKFlash for windows can read and write mtk contoller based drive(like the samsung). So it would be possible to use similar commands within the xbox to check the firmware that is loaded onto the drive and not allow the live connection if it fails.

dom0012: what exactly are you talking about with this "I cannot say for sure because ive never tried it but im sure MS would not let a security breach such as that to continue." tried what? no firmware hack exists publicly and i don't think you are capable(not trying to be insulting) of making one. They wouldn't know about the security breach because the xbox would have to run its orginal bios and they don't do firmware checks on it currently because there isn't a public release of such a hack. only wide spreed use would make them crack down because they aren't going to waste time if there isn't a large number of people doing it. If it doesn't affect them much then they won't notice it or not care. Its seems that this is always the way it is in corporate world. They ignore or don't notice small scale stuff because it would take more time, money, and people just to stop a few little hackers. This is why i think only a public hack would be stoped. Another reason is if a hacked dvd firmware was private it would be impossible for MS to analyze the changes and take steps to counter it. I think you give MS too much credit in their security.

[loop2047]

loop2047 & dom0012: i think you are both right to an extent. if a firmware is hacked to read dvdr media as an orginal disc(which is more complex then it sounds) then MS wouldn't see the firmware on the dvd drive because its only running inside the drive itself not within the xbox. It merely communicates with the drive. there are commands to send to several chipsets for dvd drives that allow you to read out the firmware in the drive. Like MTKFlash for windows can read and write mtk contoller based drive(like the samsung). So it would be possible to use similar commands within the xbox to check the firmware that is loaded onto the drive and not allow the live connection if it fails.

dumping the firmware from within live and checking the checksum?
its not possible to do this.
sending commands works, but only if you somehow fucked up the hack.
I know, its not as simple as it sounds