Xbox 360 File System Decoded

slurpster writes "The register reports that Pi group has decoded the file system used in the Xbox 360. They write "Once you get past the protections and down to the raw bits on the disc, its just the standard xboxdvdfs, however the offset and layer breakpoint are different.""

Look out

[kalla (254222)]

Cue the legal threats in 3..2..

Re:Look out

[by Anonymous Coward]

It starts like 3.14...

Re:Look out

[grasshoppa (657393)]

I think that may be a bit high brow humor for the morning crowd.

Got me chuckling though.

Re:Look out

[IAmTheDave (746256)]

Cue the legal threats in 3..2..

Ya know, it's starting to become a relatively predictable model, game systems, especially for MS. 1) Release console, 2) hackers bypass DRM, 3) someone deciphers FS, 4) ROMs released, emulators attempted, 5) Linux now runs on it, etc.

I'm wondering if, along with the release of a game system, Microsoft and other companies don't have legal offenses prepared in advance, so that the pounce-factor on those that break the FS/DRM schemes is near immediate. Would make sense, since it's almost guarenteed that someone will break it, and they'll get threatened/sued.

Re:Look out

[by Anonymous Coward]

Yes, definitly enough to establish a pattern. MS have only released one console you know? Well, two, but the 360 is still in the hacking stage of the pattern I'm pretending not to acknowledge.

Re:Look out

[InvalidError (771317)]

That was true for the original XBox which was based on PC-ish and off-the-shelf hardware. For the 360, it would be more like a souped-up Mac/(whatever else uses PPC chips).

Since the custom PPC and chipset/GPU for the 360 were tweaked specifically for M$ from the very start instead of quick hacks of off-the-shelf designs to make them less interoperable, chances are that the 360 will be much harder to crack.

Re:Look out

[Lucractius (649116)]

Thats also one of the crippling features of modern consoles in general, branchy code has always been a large factor of "good" AI, its inherent in complex decision making, so AI & bots/sims are getting a serious setback with machines that suck at branchy code.

This was infact highly notable when examining the PS3, The Cell design they used was abysmal when it comes to highly branching AI or decision making type code. And it seems the 360s cpu is as well. What remains to be seen is wether Nintendos cpu als

Took that long?

[GatorMan (70959)]

I hope MS DRM in future products is this unbreakable...psshh

Re:Took that long?

[Elixon (832904)]

There will be always more clever people out there then those employed in various corporations...

The motivation is the key. Salary is a motivation but the fun is bigger motivation. :-)

The word "unbreakable" should not be used anymore. (Only liars from marketing departments use it :-)

Re:Took that long?

[Kaboom13 (235759)]

Remember that the MS engineers have a near impossible task. They have to design a DRM system to ensure only official games work, but at the same time,
A. The DRM is implemented into a consumer device that the "enemy" has complete access too.
B. The DRM can not be complex as to hinder third party companies making licensed games.
C. The DRM can not signifigantly impact the performance of the device (ie no CPU intensive encryption).
D. The Xbox itself has to be able to un-drm the code to play the game.
E. Because old games can not be updated on a console, the DRM can not be changed or updated after release.
F. The DRM system can not signifigantly add to the cost of production of the consoles or games.

Basically DRM on consoles is a losing battle. All the odds are stacked against the developers. Add in the fact that the number of people trying to break it probably greatly exceeds the number of people responsible for it's development in the first place, and it becomes a fight MS can't hope to win. However, the tougher the DRM is, the more complicated the workarounds will be. Consider how massive dreamcast piracy (Dreamcast games could be copied with no mod chip and a cd burner) was compared to playstation piracy (required a mod chip with lots of soldering at first, later would require just a swap disk trick). The dreamcast sold a lot less then the playstation, but the piracy scene was enormous in comparison because it was so easy.

Re:Took that long?

[Groo Wanderer (180806)]

"B. The DRM can not be complex as to hinder third party companies making licensed games."

Unless something radically changed this time, that is not an issue. The DRM is applied after the game is done, it is part of the manufacturing process. Basically, the people give MS the gold code, MS applies the DRM infection, encrypts it, whatnot, and then makes a master.

This has been the same since day one, but I only have first hand knowledge going back to the Atari Jaguar. :)

Re:Took that long?

[IamTheRealMike (537420)]

It's worth noting that figuring out a disk image format is a million years away from breaking Xbox 360 security. Nobody should read much into this.

There will be always more clever people out there then those employed in various corporations...

Yeah, that's what I used to think as well. These days I think differently.

Sure, the world is full of clever people. However, the clever people who work for the technology companies have several advantages over those that don't:

• They work full time. In terms of sheer man-hours the tech companies can throw at the problem, Joe Randoms in their bedrooms will always lose.
• They work together. The internet is great but a mailing list and IRC channel for people in 12 different timezones is no substitute for a well equipped set of offices and labs where everybody works together every day.
• They have access to advanced equipment most other people don't. For instance, fully reverse engineering smart cards is very hard because you need tools that can be difficult to get hold of (eg, SEMs)
• They have (almost) unlimited financial resources, so they can buy the work and brainpower of other smart people

I think people have been misled by the ease of breaking pure software copy protection on x86 computers. Compared to dealing with custom hardware like the Xbox pure software solutions are very easy to attack because many people have the required tools and knowledge (typically a debugger and fluency in assembly). Comparitively few people have tools to look inside microchips and figure out what they're doing - and of course, physical things are far harder to change than software which is just a series of numbers.

And even then, it's possible to make very tough to crack pure software solutions if you get enough smart people on the problem. For instance, Windows Media DRM has had remarkably few exploits given how high profile it is: the last was back in January IIRC and it was rapidly patched (so it no longer worked after a few weeks). Even then that crack didn't let you decrypt any arbitrary file: you had to actually purchase a license first. The current generation has remained uncracked for nearly a year.

For games, some programs protected with StarForce encryption have never been cracked (and some have, but StarForce lets the developers decide how much effort they'll put into protecting their software so that's not really surprising).

Anyway, if you look at the actual technical details of how things like Xbox and DVD protection were cracked, they mostly relied on massive flukes that were only found after years of searching and typically a 3rd party had to screw up somewhere first. With each successive generation of these technologies they've been iteratively improved and I see no reason why console protection won't follow the same path DirecTV/NDS satellite security followed: a few generations in, no more cracks have become available even after many years and despite the potential profit.

Re:Took that long?

[Ankou (261125)]

Its probably becuase they only had 30 minutes at a time to work on it before it overheated ;)

how?

[mistersooreams (811324)]

I've always wondered how you actually go about understanding a file system with absolutely no documentation. I realise in this case that they just had to circumvent some DRM-style file protection, but that still leaves the question of how xboxdvdfs came to be understood in the first place. Does anyone know how they do this? Little to my surprise, the article offers no details.

Re:how?

[SigILL (6475)]

I've always wondered how you actually go about understanding a file system with absolutely no documentation.

Well, you know the contents of the files as well as their names, right? So you can use a simple text search to figure out where on the disk the contents are placed. Then you look for structures on the disk that appear to point to these contents.

You can for example figure out the size of a directory entry by looking for the amount of characters between successive file names. After that, things like file size and other metadata can usually be readily detected.

There's admittedly some guesswork involved. That's why official documentation is always preferrable to something that's reverse engineered.

Encryption?

[Mattygfunk1 (596840)]

Will this mean that if processor and read latency speeds are acceptible, that the file system could be encrypted in future versions?

__
Adult Funny Video Clips from Laugh Daily [laughdaily.com]

Re:how?

[Aladrin (926209)]

There's a lot of trial and error involved, but mainly it's a matter of understanding how it's been done in the past and how it could be done.

You start by looking for signs of things you know should exist. It's Microsoft, so they would probably use a file system along the lines of one they already use, like FAT or NTFS. Look for signs like a file table and figure out how they stored the information regarding where things are placed.

With some trial and error, you can determine exactly how things are placed there, and what format is used to describe them. (Meta data.) After you understand the meta data, you write a program to let you access it easier and then you start understanding the data.

I'm not guessing at any of this. This is exactly the process I used to write my Sims skn2obj converter a few years back. Maxis was very very tight-lipped on everything and wouldn't even respond to eep2 or I. He pointed out how close it looked to OBJ format and I took it from there. It turned out the format was relatively close, but there was a lot of extra data that obj didn't handle and everything had been rotated and transformed.

Anywhere, as always, it's a ton of work and guesswork both. (Very rewarding, though, once you get it.)

As for how to break encryption... I assume it's along the same lines, but I've never even tried it.

Re:how?

[morgan_greywolf (835522)]

You look for recognizable structures. For instance, if you have some idea of the filenames involved, you might start looking for those in a mixed hex/ASCII dump, then start trying to figure what the numbers before and after the filename mean.

In analyzing these numbers, you try to see emerging patterns that represent data structure. One 64-bit number might refer to a location in a FAT table, or it might refer to something like an inode, another might contain a date/time stamp. Some other numbers might repr

Re:how?

[tpgp (48001)]

I've always wondered how you actually go about understanding a file system with absolutely no documentation.

From Wikipedias Reverse Engineering Page [wikipedia.org]

Reverse engineering of software can be accomplished by various methods. The three main groups of software reverse engineering are:

      1. Analysis through observation of information exchange, most prevalent in protocol reverse engineering, which involve using bus analyzers and packet sniffers for example for listening into a computer bus or computer network connection, revealing the traffic data underneath. Behaviour on the bus or network can then be analyzed for producing a stand-alone implementation that mimics the same behaviour. This is especially good for reverse engineering of device drivers.
      2. Disassembly using a disassembler, meaning the raw machine language of the program is read and understood in its own terms, only with the aid of machine language mnemonics. This works on any computer program but can take quite some time, especially for someone not used to machine code.
      3. Decompilation using a decompiler, a process that tries, with varying result, to recreate the source code in some high level language for a program only available in machine code.

I suspect that methods 1 and 2 would have been most useful for the original xbox dvd filesystem.

If your filesystem is writable, you can try:

      1. Look at the volume with a hex editor
      2. Perform some operation, e.g. create a file
      3. Use the hex editor to look for changes
      4. Classify and document the changes
      5. Repeat steps 1-4 forever

(from The linux ntfs faq [sourceforge.net]

Wrong bet...

[halleluja (715870)]

Darn. I voted for FAT12!

Important to Note

[MeanderingMind (884641)]

The article notes that this in an of itself is only a step in the long march towards all those crazy things people have done with the original Xbox.

An important step, but only a step.

Don't get too excited, it will be a few months yet before any underworld homebrew applications are running.

Re:Important to Note

[Lauritz (146326)]

My guess is that the ps3 will have come out, including a linux devkit, before the xbox360 is broken so much that it is usefull.

Re:Important to Note

[CastrTroy (595695)]

Yeah, the xbox may store its games in this format, but it must be able to read the standard DVD file system if it is to play DVD movies. I'm sure if a mod chip comes out, it will have the ability to transfer the files to your computer over the wireless network, and play games off standard DVDs

Tape does it again

[rharder (218037)]

It turns out the DRM was stimied by putting electrical tape on the disc.

huh?

[the computer guy nex (916959)]

"Don't get too excited, it will be a few months yet before any underworld homebrew applications are running."

The first xbox took about a year for the first mod chips. Right now people are doing the easy part and deciphering how everything runs.

The hard part is how to get unauthorized code to run. This part involves bypassing systems bios and installing a compatible version over the top that the system cannot detect. This could take a few years.

Re:huh?

[DrXym (126579)]

The hard part is how to get unauthorized code to run. This part involves bypassing systems bios and installing a compatible version over the top that the system cannot detect. This could take a few years.

And if MS have learnt anything from the likes of the PSP (as they undoubtedly have). Any exploit will be quickly patched, either when you install a new game or next go online.

Re:huh?

[Jarlsberg (643324)]

It may be Sony that learned from MS, seeing as this is how the original Xbox has operated since day one. You can't update modded xboxes that are locked against updates. You can, however, deny them access to Live, which is exactly what MS did.

Re:huh?

[by Anonymous Coward]

Don't think it will be that easy, Microsoft has learned from their previous XB1 security blunder - and this time they do not even trust data running on the internal hardware bus.

Executable data is hashed and signed using asymmetrical keys built into the different hardware components (gpu, cpu etc). As each console has different keys "burned in", compromising one machine will mean nothing for the others!

Even if you use your electron microscope to compromise the keys of all your hardware components, using no

Not again !

[4Dmonkey (936872)]

A reliable source from Pi 'research' group later told press repoters that minutes after removing the DRM encoding, 'researchers' were surprised to see that it resembled Dos 6.2 by almost 97.5%, except it occupied 548% more memory.

The console just got out....

[Kildjean (871084)]

Jesus, the console is barely a month old and you people are already thinking in doing something else with it? Could we enjoy it til January 2006 before you start contemplating doing OS changes, putting hamsters to roll on a cage, adding fish, dressing it as barbie to play "tea party"... ;)

The Real Deal

[by Anonymous Coward]

Firstly, the Register article (and /. summary) is useless. They're just high-level summaries. The details (the meat, if you like) are here: http://www.xbox-scene.com/xbox1data/sep/EEFuplVllV IYuZHGfq.php [xbox-scene.com]

Now, for the problem. Team Pi have released an open-source extractor FOR THEIR ALREADY-DECODED IMAGES. They have NOT released an open-source decoder for turning DVDs into images.

Why is that? I believe they probably haven't fully reverse-engineered the encryption yet. They've just cracked the raw disk driver or some other part of the XBOX360 operating system, so that it performs the decryption for them (MS's code) and saves the result to hard disk.

Needless, it won't be long before there's a public utility to run on a hacked 360 or devkit that does the same thing, then eventually someone will do the hard part - fully reverse-engineering the encryption.

XBox "Live" Watchdog???

[UttBuggly (871776)]

I wonder if the 360 sends any "help me, I've been raped and pillaged" data to XBox Live?

At which point your $400-1000 console goes tits up.

MS certainly knows how people got inside the original XBox and it seems EVERY 360 game, multiplayer or not, "reports" scores and achievements to Live.

Seems like a cool feature and all, but it could very well be some crafty social engineering.

Given Sony's recent rootkit debacle, it isn't too much of stretch to believe Uncle Bill had the boys put in a "phone home and tattle" capability.

Re:XBox "Live" Watchdog???

[SteveXE (641833)]

You can...

a) Shut off the automatic connection to Xbox Live
b) Block a connection to XBL from your router
c) Unplug the ethernet cord

Not too hard

Re:XBox "Live" Watchdog???

[UttBuggly (871776)]

Well, of course, but that's where the social engineering comes in.

Some people will so want their names/scores "up in lights", they'll ignore the fact that ET is phoning home.

Re:XBox "Live" Watchdog???

[TheSpoom (715771)]

Any sort of "remote destroy" code that could be sent through an online service would make me seriously question the designers of the service and the console. What happens if someone cracks the network and broadcasts the code to all connected hosts? The results would scare even the most DRM-happy business person.

Re:Owww arr Bill Gates...

[Obvius (779709)]

Not if they're selling the consoles at a loss to recoup the investment on games.

Re:Owww arr Bill Gates...

[dreamchaser (49529)]

How would selling something at a loss help to offset investment? They sell it at a loss in order to spur sales, so they can sell the games. The money is made from the games, and that profit is what recoups the investment.

Sure, I guess you could say 'Well if they gave it away for free they'd recoup that much less', but the point is that they do not sell them at a loss in order to recoup anything. It is to drive sales, plain and simple.

Re:Owww arr Bill Gates...

[Obvius (779709)]

Well that was my point entirely, I'm sorry if it didn't come across that way. Why encourage piracy when the investment is recouped through sales of games?

Re:Owww arr Bill Gates...

[Carrot007 (37198)]

Casual Piracy.

the hardcore pirate would only buy the system if it is cracked, they would never buy any games.

However cracking the system still could sell more games though casual piracy. If someone knows the machine is cracked they may have more incentive to get it. Average joe however might only occasionally get pirate games off someone he knows so therefore may still actually buy games. Several people with cracked xbox 1's fall into this catagory. They have a lot of copies and a lot of originals.

Me I'll s

Re:Owww arr Bill Gates...

[blincoln (592401)]

Average joe however might only occasionally get pirate games off someone he knows so therefore may still actually buy games.

This is a creature I have never met. Everyone I know who pirates games talks about "buying the ones that are good enough," but none of them actually do it. As soon as the technology exists to bootleg games, they do so exclusively.

I know for a fact that this is what put a lot of developers off of the PS1 before it was commercially dead. I wouldn't be surprised if it was a significant fa

Re:Owww arr Bill Gates...

[by Anonymous Coward]

loose, adj. Not fastened, restrained, or contained.

lose, v. tr. To be unsuccessful in retaining possession of; mislay.

Know the difference!

Think more evilly

[SmallFurryCreature (593017)]

Every x-box game played is not a PS2 game played. There is one tiny little difference between Sony/Nintendo and MS. MS doesn't need to make a profit on the x-box/360. With its cash cows windows and Office it can afford to loose money on an awfull lot of other product lines and has.

Why is MS in the console market in the first place? Lets not forget that the x-box is directly competing with MS own product windows. Yes windows is a game platform as well and MS itself produces games for that platform. Exclusive games even that are not available on consoles not even its own. They are still doing it now even with the arrival of the 360.

I think the entire reason is that MS is desperate to spread out its wings. Focussing on one or two key products wich make all your money leaves you incredibly vulnerable to changes. Bill Gates probably knows like nobody else how easy it is to replace the market leader in the Word processing/Spreadsheet market or even the OS market. You youngesters may not know this but there was a day when suggesting you buy MS for a business enviroment had roughly the same reaction as suggesting linux a few years ago.

One of MS dreams has been to get a share (the lionshare) of the mythical living room entertainment hub whatever that maybe. At the moment the PC usually stands in the corner if it isn't banned to the bedroom or some pokey hobbyroom. The Internet TV was one attempt at getting the PC into the living room. It bombed but the idea remained and the very popular consoles are now being seen as the next battleground as to who will control the living room.

iTunes if anything has proven that there is a point. How many people here run iTunes because they bought an iPod? Would you have used iTunes if you bought say a Zen instead? Might it be possible that if you owned the living room entertainment center to then put something like iTunes on it and control the distribution of digital media into the living room? Can you say commercial wetdream?

The x-box was not an attempt to beat sony at making a good game console. It was an attempt to control peoples entertainment. The 360 is the same. The battle is on for who own the living room PC, the desktop PC has been won. Why do you think Sony actually sold a linux extension to their PS2? Because they are such nice people who like the whole opensource movement? Or because they are experimenting with turning their game consoles into a more PC like device.

I seen rumours about the PS3 actually running linux as either its core operating OS or at least being capable of doing so for certain tasks. If you look at the design of the cell processor it certainly seems designed far more for multitasking, essential for a desktop not for gaming.

What would happen if people actually could really surf the net (or better a subset of the net filled with your own sales channels) and everything else via their entertainment center? Oh I am not talking about people here but those people who have only got an old virus and spyware laden 98 15" CRT machine in the bedroom and a shiny new PS3/360 in their living room hooked up the a widescreen HD. It certainly seems to have MS worried that it might not be their logo on the software.

So MS doesn't care about profits. Yet. It cares about nobody but them owning this "new" market. Wether they are right or not and wether they succeed or not does not matter. They believe it is a battle to be fought same as for the Internet TV and same as with PDA's and same as with Mobile Phones. Internet TV bombed all around, PDA's MS sorta kinda won and mobile phones is unique because the phone makers do NOT want MS to muzzle in on their business.

Sony too must be smart enough to realize that MS is its true enemy, nintendo is just a competitor but MS is out to destroy it. But sony despite having a far wider customer base then MS is doing very badly. Some people even suggest that the PS2 might have won in sales numbers but it just hasn't made Sony the kind of money it needs.

So MS has the simple opti

Parent Overrated

[Lord Byron II (671689)]

Why is the parent post modded at +5?? He's just trying to get ppl to sign up for a MLM scheme.

Re:neato

[matth1jd (823437)]

Copy protections on the discs themselves is just one part of the much larger puzzle. As someone pointed out earlier you have to be able to get unsigned code to run on the machine. While this was fairly easy to accomplish on the original Xbox, the Xbox 360 is supposed to be a trusted computing platform. It looks as though there's alot to overcome in getting unsigned code to run.

You can checkout Xbox Scene [xbox-scene.com], or Free60.org [free60.org] for information.

The whole concept of protection is flawed

[DrYak (748999)]

Except this kind of protection is completly wrong, no matter how much buck you throw at it.
- It's the same as with DVD, etc. : You've got the content, the decryption key and everything required in the same place.
Data may be encrypted in an Xbox, but ultimately, the XBox has to start-up, decrypt, and run decrypted code.
The content virtually exist in an unencrypted form.

Good protection relies on secret.
When you transmit encrypted e-mails they are much more secure because an encrypted e-mail per-se doesn't contain everything needed to decrypt it. The XBox does.

This is only "traing to keep things hidden from user" and is pointless.
It'll get cracked, no matter how much bucks MS spent on it.

Unless XBoxes where to commit suicide and nuke the whole place if they find the slighest error (errors likely to show that somone is reverse-engeneering and trying to feed constructed data to see reaction), it's hard for Microsoft to stop anyone with decent tools to try to reverse-engeneer their conoles.

Re:The whole concept of protection is flawed

[Pollardito (781263)]

if a per unit unique key was being used, wouldn't you have to buy a copy of a game that's encrypted for your unit?

Re:The whole concept of protection is flawed

[b1t r0t (216468)]

The presumed per-unit key is only for accessing the BIOS. This prevents chip mods.

The games are digitally signed, and the console only knows the public key, refusing to run games that were not signed with the private key. Without using "sploits", this is pretty much unbreakable without someone finding the key. The Atari 7800, Lynx, and Jaguar keys were found by dumpster diving around a dying Atari; the 3DO key is still not publically known.

When the 360 gets broken, it will surely be through sploits. And then MS's plan is probably to "upgrade" systems over Live, and maybe even by games offering an upgrade and requiring it to play, like with the PSP. Whether the closing of the holes will work remains to be seen.

Re:Obviously Slashdot again is a bunch of n00bs

[darthtom (709528)]

The man's right. There's a reason why so many people are _still_ getting good use out of Super Nintendos (or SNES9x...). I have _yet_ to find a game that's given me as much satisfaction as Chrono Trigger or Final Fantasy 3 (VI).

Re:Fair use

[Kjella (173770)]

Q:Isn't dumping ISO files of your disks considered "fair use"?

A:Yes, it is. Which means you won't be sued for copyright infringement, you will only be charged with circumvention.

Q:But it's fair use???

A:Fair use is not a defense to circumvention.

Q:But how can I exercise my fair use rights then???

A:Fair use is not a right, it is an affirmative defense. So if you can't do it without breaking some other law, you can't.

Q:But... it's all copyright isn't it???

A:No. Even though it is called the Digital Millennium Copyright Act, only some of the paragraphs deal with copyright. Others deal with circumvention.

Q:So my fair use right are...?

A:Effectively gone, yes. Also you can't touch circumvention tools or talk about how to make one. Depressed yet?

Re:I may just be me but...

[Koatdus (8206)]

It may just be me, but once you Buy something you ought to be able to do with it as you wish.

The key word here is ought. I agree with you that once I buy something it ought to be mine to do with as I please. The same way I feel that the trees and buildings sitting on my property are mine to do with as I please. (why is it always OUR trees when they are on someone else's property)

However, there are several companys and more then a few politicians that don't seem to feel the same way.

The worst part of