TS-H943 DVD Firmware Hack for Xbox 360 Out in the Wild
-- Posted by XanTium on May 14 23:56 EST
Commodore4Eva, who already released a working modified Xbox1 DVD firmware some weeks ago, now released a firmware for the Xbox 360. The release has already been tested by SniperKilla and Arakon and seems to be working fine.
The modified DVD firmware has been released for the Toshiba-Samsung H943 Xbox 360 DVD drive. Just like Commodore4Eva's modified Xbox1 FW, it will need raw/unmodified dumps (of same region as your console if game is region locked), some patching (security sector on ISO and DVD drive key on firmware), DVD+DL (yes double layers!) recordable discs and a DVD burner that allows to put DVD+R DL booktype to DVDRom to work. This release comes with tools to make this all as easy as possible. Also included is a 2nd firmware that will allow you to extract the security sector (what you have to patch on the raw ISO) from an original discs with your TS-H943 drive connected to a PC.
Of course ... try all this at own risk. Your warranty will be broken, it's certainly possible to break your Xbox 360 if you don't know what you are doing. Chances are also high MS will very fast find a method to detect this firmware via LIVE.
From the readme/xboxhacker.net:
Xtreme firmware for TS-H943 Xbox 360
Here it is, the long awaited World first Xbox 360 backup firmware modification to boot all game backups!
* Boots all Xtreme Xbox 360 backups
* Boots all Xtreme Xbox 1 backups
* Boots all Xbox 360 originals
* Boots all Xbox 1 originals on Xbox 360
* Xtreme0800 extraction firmware enables drive to function natively under Windows without any hardware conversion/adaptors
* Use on Xbox Live at own risk
* Reads Xbox 360 security sector from PSN 04FB1F (Layer 0)
* Reads Xbox 1 security sector from PSN 605FF (Layer 0)
* Security sector must be extrated using Xtreme0800 360 firmware for Xbox360 games and Xbox 1 games
* Will not boot Xbox 1 backups made with Xbox1 605b 0800 firmware (maybe in future release)
Flashing your drive
Advisable to make a backup of your dvd drive firmware first ("mtkflash r /m orig.bin"). Please make sure you hexedit the Xtreme.bin firmware (not Xtrm0800.bin firmware) to include your dvd drive key from your original firmware (usually at $4000-4200).
Plug SATA cable from DVD drive to PC. Power cable drive still connected to Xbox 360 Power on Xbox 360 Power on PC Boot with standard dos boot disk with included mtkflash utility.
Run "mtkflash w /m firmwarename.bin" with relevant firmware file (Xtreme.bin for running backups or Xtrm0800.bin for security sector extraction)
Extracting Security Sector
Ensure DVD drive has been flashed with Xtrm0800.bin firmware. Drive can now work under Windows.
Insert original game disk into drive and wait for windows to detect disk change.
Enter the following four custom cdb commands:
AD 00 FF 02 FD FF FE 00 08 00 01 C0
AD 00 FF 02 FD FF FE 00 08 00 03 C0
AD 00 FF 02 FD FF FE 00 08 00 05 C0
AD 00 FF 02 FD FF FE 00 08 00 07 C0
Then save hexadecimal display as bin file as SS.bin
Creating a game backup
Ensure DVD drive has been flashed with Xtrm0800.bin firmware. Drive can now work under Windows.
Insert original game disk into drive and wait for windows to detect disk change
Enter the following custom cdb command to unlock drive: (game data visable)
FF 08 01 01
Right click on DVD and select Extract From-To
Click Length and enter number of LBAs as follows:
Xbox 1 Original Number of LBA to read 3431264 decimal
Xbox 360 Original Number of LBA to read 3567872 decimal
Select User Data (2048 bytes/block)
Click Start Extraction
Enter filename as game.iso and click Save
Upon read error dialogue box choose fill with blank zeros for sector and select use this selection for all errors
Copy game.iso and ss.bin to the relevent isobuilder directory (Depending on Xbox 360 or Xbox 1 game)
Run build360.bat (Xbox 360 game) or build.bat (xbox 1 game)
Ensure your burner will set the booktype of DVD+R DL to DVDRom
Burn with CloneCd and choose the image.dvd file
Thanks to everyone at Xboxhacker.net for all their discussions. Now you guys will have to get homebrew running.
Next on the list will be the PS3 and this one will be done much quicker (once it comes out!)
DVD Firmware Hack?
The hack is a modified firmware of the Xbox 360 Toshiba-Samsung TS-H943 DVD-ROM drive. It will ONLY work on that drive - the Hitachi-LG drives will need their own modified firmware).
It's easy to find out what drive your Xbox 360 has (no need to void warranty) ... just open the DVD tray and compare to the image below:
All Xbox 360 executables (XEX containers files) are signed by Microsoft (with a private key only MS has). This means that if you try to change anything to the XEX file, the signature will be wrong and the file will not boot.
To protect from booting raw/unmodified copies of a game from a DVD-R or other recordable media, microsoft gave each XEX file a 'mediaflag'. This mediaflag tells the Xbox 360 from which media (cd-r, dvd-r, dvd+r, dvd-rw, hdd, dvdxbox, dvdxbox360, ...) the XEX is allowed to boot. Changing this mediaflag in the XEX is not an option as it'll break the signature of the file (see above), so ... what's done in this firmware hack is 'break' the detection of the disc.
Retail 360 games usually get a mediaflag where they only allow 'DVDXBOX360' (Xbox 360 discs - different than a normal DVD because they have some specific bad sectors and special info in lead-in/out that can't be written with a standard dvd burner). The modified firmware will trick the DVD drive into reporting a DVD-R (or other) as a 'DVDXBOX(360)' to the Xbox 360.
In short what you have to do (detailed instructions on 'how to' are above in the quoted readme): open xbox 360, leave DVD power connected to Xbox 360 and connect SATA to your PC (on PCI-addon card or motherboard), boot PC with DOS floppy, run mtkflash to dump FW of drive, get your DVD key (guess you can use programs like KeyDrive Xtractor/Patcher(info
) or KeyGen360(info
) for that), patch the 'Xtreme firmware' (Xtreme.bin) with your DVD key then flash this FW back to your drive with mtkflash.
To make a working copied disc: To start you'll need the exact security sectors (SS) of your game (it's different for each game!). To get this you'll need to flash your TS-H943 drive with the Xtrm0800.bin FW, using a DOS floppy and mtkflash (like described above, except that Xtrm0800.bin does not have to be hexedited with your DVD key). With this firmware Windows will detect the DVD drive and usign DVDinfoPro you can extract the security sectors (SS) from the orignal Xbox 360 disc (exact instructions/commands in readme).
When you have the SS you need to make a raw copy of the disc. Because with the Xtrm0800.bin FW the TS-H943 drive will be detected in Windows you can use Isobuilder to raw dump discs (with DVDinfoPro you can unlock drive to read Xbox 360 discs, see instructions in readme quoted above). You can also use the hot-swap method with wxRipper(info
) to make the raw dump with a normal PC DVD drive. Once you have the image you'll have to patch it with the SS (simple .bat file included with release to make this easy - see readme).
Burn this iso with CloneCd on a DVD+R DL and with booktype of DVD+R DL set to DVDRom (not all burners support this) and use the image.dvd file included in the release to burn.
* Because executables also get a regionflag, this modified DVD firmware will not allow you to boot region-locked games (changing region of game would require modifying the XEX file which would break the signature). So if a game is region-locked it MUST match the region of your console to work.
* For the same reason it will not run homebrew code, it's not signed with the MS key, so it won't run. However this hack could help find an exploit in software, who knowns ;)
* This firmware release requires dual-layer discs, it will not work with simple DVD+-R discs because the patched security section must be present on the 2nd layer. Maybe something for future versions?
* You will have to open your Xbox 360 (to get DVD drive out so you can connect it to a PC) and thus void the warranty.
* Thanks to the modified version of mtkflash included with this release you'll be able to dump the drive firmware and flash it easily from a PC with SATA ports (either on motherboard or with an PCI addon-card) booted with a DOS floppy (not sure if it'll work with all SATA chipsets. The Sil3112 chipset apparently doesn't with with mtkflash. It does not work with SATAtoUSB or toFireWire adapters either afaik).
* If you have a Hitachi-LG drive Xbox360 and you managed to get a Toshiba-Samsung drive you can theoretically swap the drive in your Xbox 360 as long as you first retreive the unique DVD key from the firmware of your Hitachi-LG drive (mtkflash doesn't work with the Hitachi-LG, but there are other methods for this drive) and patch that key on the firmware of the Toshiba-Samsung drive. Brand of DVD doesn't matter, but if DVD key is wrong your Xbox 360 will not work.
* Can Microsoft detect it via Xbox LIVE? They probably can ... and when they start checking they will probably act like with the Xbox1, ban your Xbox 360 console serial for life from the LIVE servers ... or maybe even more, who knows what they are planning. You've been warned!
* Burning at high-speed seems to make loading slower (or stutter game), but at the basic 2.4x speed for DVD+R DL discs, they play OK on an Xbox 360.
Download: n/a (firmware contains copyrighted code and might be illegal under DMCA/EUCD - don't ask for it and don't link to it from our site, thx)
News-Source: xboxhacker.net forums