The AP25 FAQ by Defosho - Last updated October 11 2011Short link to this page -
http://bit.ly/ap25faqUpdate 11 OctoberSystem Update 2.0.13604.0 has dae.bin v12 which is the same version as in previous updates 13140-13599. Therefore existing v12/Challenge set 2 patched backups do not need to be re-patched and re-burned for 13604.
All current XGD3 titles are AP25-active in dashboards 13140-13604. The
AP25 games list has been updated.
Update 4 OctoberAdded information on:
13599 dashboard
LT+ 1.91 removal of safety freeze feature
"AP26" checks
New XBC and 0800 v3 additions
AP25 active game status - Based on DAE table v12 from 13140-13604 dashDetailed list at
http://bit.ly/ap25listCODE
# Game title C set 1 active C set 2 active
1 Assassin's Creed: Brotherhood 12416-12625 13140-13604
2 Fable III 12606-12625 13140-13604
3 Need for Speed: Hot Pursuit 12416-12625 13140-13604
4 Halo Reach 12625 13140-13604
5 Call of Duty: Modern Warfare 2 12625 13140-13604
6 Call of Duty: Black Ops 12625 13140-13604
* All current XGD3 titles 13140-13604
The abgx360 database currently stores 'challenge set 2' replay sectors, which are based on dae.bin v12 for dashboards 13140-13604.
The basicsWhat does AP25 mean?AP25 is short for "AntiPiracy25", and is the term given to a type of disc copy protection used on the Xbox 360. It is an attempt by Microsoft to prevent backups from booting. The protection came into action at the end of 2010.
Which DVD drives support and use AP25?All drives except for:
Samsung - all
Hitachi - v59 and lower
My drive doesn't support AP25, will I be affected?No, assuming your drive is not spoofed.
If your drive is spoofed then it may be affected, read on for spoofing information.
Which games are AP25-active?It depends on your current dashboard version. There is a list at the top of this post or you can find a more detailed list
here. These will show you which dashboard version the games are active in.
Which dashboard versions are actively implementing AP25 checks for known games?12416 - but not when installed with
this AP25 bypass method12611 and all subsequent versions
My dashboard version is older than these but my drive supports AP25 - will I be affected?Not directly, but many games require a minimum dashboard version to work. The required System Update is on the disc. Some of these required dashboard versions are actively implementing AP25 for specific games.
Note: Even if a game requires a particular dash version to work and that dash happens to be implementing AP25, it doesn't necessarily mean that the game itself is AP25-activated in that dash.
Example 1 - NFS:HP and AC:B are wave 9 so they require a minimum dash version of 12416 which is on the discs. Both of these games became AP25-active in 12416.
Example 2 - Bulletstorm (wave 10) requires a minimum dash version of 12611 which is on the disc. Dragon Age 2 (wave 11) requires a minimum of 12625 which is on the disc. Both of these dashboards activate AP25 checks for some games, however Bulletstorm and Dragon Age 2 are not AP25-active in these dashboards.
The
AP25 games list shows the minimum dash version required as well as the dash versions that AP25 is active in.
My drive and dashboard both support AP25. Will my existing games work?Backups that are not AP25-active in your dashboard version will continue to work. All originals will also still work.
What about AP25-active games? How can I play backups of these?First there needs to be a patch (AP25 replay sector) available for your version of the game
and your dashboard version. Each replay sector is uniquely identified with a Media ID for that particular pressing/language/version of a game and will only work with a specific range of dashboard versions. The replay sector contains data based on original disc locations which cannot normally be obtained from a backup disc. The abgx360 database has replay sectors available for the games highlighted on the
AP25 games list.
Second you need to patch and (re-)burn the game with the correct AP25 replay sector. I recommend using abgx360. Make sure that the option "Check for updates" is ticked to ensure that it recognizes the most recent AP25-active games. Alternatively you can patch the game manually with a PPF patch from a trusted source (read the warning at the end of this post), you must ensure that you have the correct version (Media ID) of the game and the appropriate dashboard version that the patch applies to.
Finally you must update your drive CFW to LT
+ (2.0 is the current version). Your drive will then be able to interpret the newly patched data and provide the correct responses to mimic an original disc.
Why do I need the AP25 replay data at all? Don't I already have a full disc backup?While you may have every readable sector duplicated on a backup, you can't replicate the physical structure of the disc. It is not possible for consumer DVD writers to make an exact copy of a retail disc. Your copy is has different data location characteristics that AP25 is checking for.
What if I accidentally boot an unpatched or wrongly patched AP25-active game?If you have LT+ 1.91 or higher or a non-LT "Plus" fw you will get a "disc unreadable" error message and be flagged for a possible future XBL ban.
LT+ 1.9 and older LT+ versions have a protection feature which freezes the console and displays a black screen if an unpatched or patched game with the wrong challenges is booted. This protects your console from being flagged if you turn off the console within 3 minutes of seeing the black screen. This protection is no longer present in LT+ 1.91 and later due to "AP26" checks in newer dash versions.
What is "AP26"?"AP26" is not an official term but it refers to new checks implemented in the 13599 and later dashboards. These are random AP25 challenges that are sent to the drive in addition to the regular AP25 challenges. Because these challenges are random, the protection feature in older versions of LT+ is activated when an unrecognized challenge is encountered and blocks the game from booting. Even with the correct AP25 data on the backup, the disc will fail to boot with LT+ versions 1.9 and older.
Because of this, LT+ 1.91 and later versions no longer have this protection feature so that backups with the correct AP25 data can boot successfully.
Is there a greater risk of being flagged now that the protection feature has been removed from LT+ versions 1.91 and later?Yes. You can now be flagged in the following scenarios:
- Booting an unpatched AP25-active game
- Booting an AP25-active game with a corrupt or wrong replay sector
- Booting a game with a replay sector intended for a dash version range that your console doesn't fall into
It is therefore critical that you do not blindly apply new System Updates to your console. If the dae.bin (see below for more info) is updated and challenges change, your backup will no longer boot and you will be flagged. I strongly recommend that you avoid updating to future dashboards until it is known whether the dae.bin has been updated. If it has then you will have to re-burn your backup with new AP25 data (either from abgx360 or XBC+new dae.bin) and discard the old backup which will now be unsafe to use.
Is there any way I can avoid this? Updating firmware and patching is too much hassle for me.Three options for you:
1) Remain on a dashboard version older than 12416. You won't be able to play games that require a minimum of 12416 (wave 9 titles like NFS:HP, Kinectimals, AC:B) and higher.
2) Install 12416 dash with
this AP25 bypass method, but you can only do this if you are currently on an older version. You can now play the games mentioned in (1) but you won't be able to play games that require a minimum of 12611 (wave 10 titles like Bulletstorm) and higher (wave 11 titles like Dragon Age 2 which requires a minimum of 12625).
3) Play your original retail games instead of the backups.
Can I downgrade my dashboard version?No.
Can I apply the AP25 bypass to 12416 if I have already installed 12416?No.
Can I spoof my AP25 drive to a Samsung or early Hitachi? Could this trick the console into disabling AP25 checks because these drives don't have AP25?No. AP25 checks the OSIG (original drive signature: make+version+fw) stored in your motherboard which cannot be changed (unless you have a JTAG/RGH console). If the drive specifed here is one that supports AP25, the console will initiate the AP25 challenges, regardless of whether the actual physical installed drive supports AP25 or not.
So if the OSIG stored is a Liteon, BenQ or late Hitachi, and your actual drive is a Samsung or early Hitachi (spoofed or not), the AP25 challenges are initiated. The drive cannot respond to these challenges because it is not AP25-aware. So the check fails, the disc doesn't boot, and you may get flagged for a future XBL ban.
What about the opposite, a Samsung/early Hitachi OSIG with a spoofed Liteon/BenQ/late Hitachi actual drive?This should work but it's probably not XBL-safe.
Why am I getting more disc read errors since AP25 came into action?It has been reported that an AP25-active game causes more work for the laser than usual. The AP25 checks occur during the first few seconds of booting only so if you're getting past that stage then it's not an AP25 issue.
Check that you're using quality media, a decent writer with up to date firmware, and decent writing software like ImgBurn. If you're still having issues then you may want to get your drive laser cleaned/repaired/replaced. Intermittent and inconsistent booting is a key symptom of a bad drive or media.
AP25 activationWhat is the AP25 xex flag?This is a marker in a game executable file which designates the game as "AntiPiracy25 Media". Only AC:B and NFS:HP have this flag. Kinect dashboard versions prior to 12606 use this flag to determine whether to activate AP25 checking. However, since 12606 this is no longer used and now any game could potentially be activated whether it has the flag or not. Therefore, the flag is not a reliable way to determine if a game is AP25-active.
So how can I reliably determine if a game is AP25-active?If a game identifier is specified in the DAE table of your particular dashboard, that game is AP25-active. Games from the most recent table are listed
here with their associated identifiers. Microsoft decides when to add a game to the table. Only these games are being checked for AP25 responses. Since November 2010, they have activated six known XGD2 games and currently all XGD3 games are AP25-active.
How can I check what Media ID my game is?Scan the ISO or backup disc through abgx360 and it will show in the log. On a retail disc, the last 8 characters are marked on the inner ring, data side.
DvdAuthEx (DAE) tableWhat is the DvdAuthEx (DAE) table?Contains a list of identifiers for games and groups of games that are AP25-active along with their associated challenges.
Where is the DAE table stored?It's stored in an encrypted file in your NAND flash memory on the motherboard of your console, the filename is dae.bin. The console reads this file to determine whether to initiate AP25 checks on a particular game or group of games.
Could Microsoft update the table to change the current challenges or add more challenges?Yes.
Retail dash 13146 implemented the first change of challenges for existing AP25-active games from 'challenge set 1' to '2'.
Could Microsoft update the table to add more game identifiers in the future?Yes. They have already done so.
If Microsoft update the table to change or add to existing challenges, will I have to patch my game with the new replay data and re-burn?Yes, please read the earlier question "Is there a greater risk of being flagged...".
Why don't we extract _every_ AP25 response from the original disc then patch our games with this data so that our backups will never need to be re-burned?Not feasible. Responses can only be retrieved for known challenges (in dae.bin). Microsoft could change the challenges at any time (new dae.bin) at which point we can capture the new response data. The total number of possible challenges is
very large as each challenge includes two disc locations and there is a
lot of suitable locations on a disc.
How many times has the table changed?There are several table versions, each associated with a particular dashboard version. Once a game is added, it appears in all subsequent table and dash versions (so far). The most notable are:
CODE
Date Table ver. Dash ver. Changes
06 Sep 10 5 12416 Added challenge set 1 for: AC:B, Fable III, NFS:HP
19 Jan 11 9 12625 Added challenge set 1 for: Halo Reach, COD:MW2. COD:BO
11 Apr 11 12 13140 Changed challenges for all 6 games to challenge set 2 and added XGD3 identifiers
How is the table updated?So far, only through System Updates. The System Update writes a new dae.bin file to the NAND flash. However they could in theory send table updates over XBL "out-of-cycle" of the System Updates.
Can a Title Update activate AP25 for a game?Unlikely, it hasn't happened yet. Currently, the only way a game can become AP25-active is when one of its identifiers is added to the DAE table. The updated table must then be included in a System Update.
Extracting AP25 data from original discsCan I extract my own AP25 data from a original disc?Yes. You'll need XBC 2.9.0.345 or later and 0800 v3 firmware with a suitable dae.bin file for your dash version. It is important to ensure that you use the correct dae.bin version for XBC to use the correct challenges for your dash version. It is also important to check that the integrity of the dae.bin file is intact. The following MD5 hashes are verified to be correct:
dae.bin v5 (12416-12611)
80e5d79684268a8f3deea01cabb386a8
dae.bin v9 (12625)
fa460772c7c16897adeff049dcf1efde
dae.bin v12 (13140-13604)
d5df9cb33762b27e4b017ee52a13efa1
Which games have AP25 replay sectors available?Check the
AP25 games list or run the game through abgx360 and it will show you if a patch is available and, if you choose to, it will patch the game if there is.
Why doesn't every version of a game have a replay sector available? (e.g. non-English titles)Previously, the few individuals who could extract the AP25 response data from the original retail discs did not own every language version of every game. Now that XBC (with AP25 support) and 0800 v3 fw are public it is likely that more replay sectors will be made available.
I've found a patch for my game that appears to work but is not highlighted in your list. Why not?There are fake AP25 patches around which are unsafe to use. Read the warning below...
Warning - Fake AP25 patchesBeware of fake AP25 patches that have been released. These are constructed from target data in the dae.bin file and do not have responses from an original retail disc. In contrast, XBC with AP25 support gets actual responses from the disc.
The fake patches will work in the sense that they can allow an AP25-active game to boot. They were originally missing response data in the replay sector. Even with this data included this does
not make them any safer. They are still using hardcoded angle data much like a Kreon SSv1 security sector. Some newer patches are using randomized angle deviations. Using any of these patches is not recommended for Xbox Live use.
LT+ will
not protect you from getting flagged in the event of a patch being corrupt or incorrect in even just one byte. You should obtain your patches from a trusted source (abgx360/Xecuter) as advised in this FAQ. abgx360 only stores data obtained from original discs and specifically uses hash checks to maintain file integrity.
There are several non-English titles that don't have currently have genuine patches available. You can now obtain your own from a retail disc with the new XBC, 0800 v3 firmware, and the appropriate dae.bin file.
Thanks/creditsAnthares2k/Luigi Marconi/WizZy - 12416 AP25 bypass
Seacrest - abgx360
c4eva
k3rn3l - Team Xecuter
Redline99
This post has been edited by Defosho: Oct 11 2011, 06:48 PM
Defosho The Ap25 Faq - In Depth And Updated For 13604 Mar 2 2011, 01:04 AM
The Ap25 Faq - In Depth And Updated For 13604, Technical discussion only, please.
Mar 2 2011, 01:04 AM
