Forgot your password?
typodupeerror
XBox (Games) Hardware Hacking Hardware

Xbox 360 File System Decoded 225

Posted by CmdrTaco
from the step-in-the-right-direction dept.
slurpster writes "The register reports that Pi group has decoded the file system used in the Xbox 360. They write "Once you get past the protections and down to the raw bits on the disc, its just the standard xboxdvdfs, however the offset and layer breakpoint are different.""
This discussion has been archived. No new comments can be posted.

Xbox 360 File System Decoded

Comments Filter:
  • Look out (Score:2, Funny)

    by kalla (254222)
    Cue the legal threats in 3..2..
    • Re:Look out (Score:5, Funny)

      by Anonymous Coward on Tuesday December 13, 2005 @09:53AM (#14245866)
      It starts like 3.14...
    • Re:Look out (Score:5, Interesting)

      by IAmTheDave (746256) <basenamedave-sd@ya[ ].com ['hoo' in gap]> on Tuesday December 13, 2005 @10:14AM (#14245995) Homepage Journal
      Cue the legal threats in 3..2..

      Ya know, it's starting to become a relatively predictable model, game systems, especially for MS. 1) Release console, 2) hackers bypass DRM, 3) someone deciphers FS, 4) ROMs released, emulators attempted, 5) Linux now runs on it, etc.

      I'm wondering if, along with the release of a game system, Microsoft and other companies don't have legal offenses prepared in advance, so that the pounce-factor on those that break the FS/DRM schemes is near immediate. Would make sense, since it's almost guarenteed that someone will break it, and they'll get threatened/sued.

      • Re:Look out (Score:3, Funny)

        by Anonymous Coward
        Yes, definitly enough to establish a pattern. MS have only released one console you know? Well, two, but the 360 is still in the hacking stage of the pattern I'm pretending not to acknowledge.
      • I wonder why MS doesn't just release a *usable* version of Windows for their game systems that can compete with 'modders'. I know many people who would rather buy some disc they can put in to run a 'standard' operating system than hack their box with a hacksaw.
    • Cue the legal threats...
      Indeed. They might even here from these guys [pigroup.co.uk].
  • Took that long? (Score:2, Interesting)

    by GatorMan (70959)
    I hope MS DRM in future products is this unbreakable...psshh
    • Re:Took that long? (Score:5, Insightful)

      by Elixon (832904) on Tuesday December 13, 2005 @09:50AM (#14245854) Homepage Journal
      There will be always more clever people out there then those employed in various corporations...

      The motivation is the key. Salary is a motivation but the fun is bigger motivation. :-)

      The word "unbreakable" should not be used anymore. (Only liars from marketing departments use it :-)
      • There will be always more clever people out there then those employed in various corporations...

        That is a bit misleading. It takes a lot more work to design something hard to break, and to be sure that it is hard to break, than to actually break something.
        security is always a losing battle because the ammount of work put in to make something 'unbreakable' is often exponentially larger than the ammount of time taken to find a small mistake.
      • Re:Took that long? (Score:5, Insightful)

        by Kaboom13 (235759) <kaboom108@bellsout[ ]et ['h.n' in gap]> on Tuesday December 13, 2005 @12:17PM (#14247333)
        Remember that the MS engineers have a near impossible task. They have to design a DRM system to ensure only official games work, but at the same time,
        A. The DRM is implemented into a consumer device that the "enemy" has complete access too.
        B. The DRM can not be complex as to hinder third party companies making licensed games.
        C. The DRM can not signifigantly impact the performance of the device (ie no CPU intensive encryption).
        D. The Xbox itself has to be able to un-drm the code to play the game.
        E. Because old games can not be updated on a console, the DRM can not be changed or updated after release.
        F. The DRM system can not signifigantly add to the cost of production of the consoles or games.

        Basically DRM on consoles is a losing battle. All the odds are stacked against the developers. Add in the fact that the number of people trying to break it probably greatly exceeds the number of people responsible for it's development in the first place, and it becomes a fight MS can't hope to win. However, the tougher the DRM is, the more complicated the workarounds will be. Consider how massive dreamcast piracy (Dreamcast games could be copied with no mod chip and a cd burner) was compared to playstation piracy (required a mod chip with lots of soldering at first, later would require just a swap disk trick). The dreamcast sold a lot less then the playstation, but the piracy scene was enormous in comparison because it was so easy.
        • B. The DRM can not be complex as to hinder third party companies making licensed games.

          Sure it can. How else is Microsoft to make a profit on every XBOX 360 game sold by granting access to the platform to third-party companies for money?

          E. Because old games can not be updated on a console, the DRM can not be changed or updated after release.

          Backwards compatibility can be maintained where desired and the console has network connectivity. Especially if you can ban Live users until they update. There's also
        • "B. The DRM can not be complex as to hinder third party companies making licensed games."

          Unless something radically changed this time, that is not an issue. The DRM is applied after the game is done, it is part of the manufacturing process. Basically, the people give MS the gold code, MS applies the DRM infection, encrypts it, whatnot, and then makes a master.

          This has been the same since day one, but I only have first hand knowledge going back to the Atari Jaguar. :)
      • Re:Took that long? (Score:5, Interesting)

        by IamTheRealMike (537420) <mike@plan99.net> on Tuesday December 13, 2005 @12:34PM (#14247526) Homepage
        It's worth noting that figuring out a disk image format is a million years away from breaking Xbox 360 security. Nobody should read much into this.

        There will be always more clever people out there then those employed in various corporations...

        Yeah, that's what I used to think as well. These days I think differently.

        Sure, the world is full of clever people. However, the clever people who work for the technology companies have several advantages over those that don't:

        • They work full time. In terms of sheer man-hours the tech companies can throw at the problem, Joe Randoms in their bedrooms will always lose.
        • They work together. The internet is great but a mailing list and IRC channel for people in 12 different timezones is no substitute for a well equipped set of offices and labs where everybody works together every day.
        • They have access to advanced equipment most other people don't. For instance, fully reverse engineering smart cards is very hard because you need tools that can be difficult to get hold of (eg, SEMs)
        • They have (almost) unlimited financial resources, so they can buy the work and brainpower of other smart people

        I think people have been misled by the ease of breaking pure software copy protection on x86 computers. Compared to dealing with custom hardware like the Xbox pure software solutions are very easy to attack because many people have the required tools and knowledge (typically a debugger and fluency in assembly). Comparitively few people have tools to look inside microchips and figure out what they're doing - and of course, physical things are far harder to change than software which is just a series of numbers.

        And even then, it's possible to make very tough to crack pure software solutions if you get enough smart people on the problem. For instance, Windows Media DRM has had remarkably few exploits given how high profile it is: the last was back in January IIRC and it was rapidly patched (so it no longer worked after a few weeks). Even then that crack didn't let you decrypt any arbitrary file: you had to actually purchase a license first. The current generation has remained uncracked for nearly a year.

        For games, some programs protected with StarForce encryption have never been cracked (and some have, but StarForce lets the developers decide how much effort they'll put into protecting their software so that's not really surprising).

        Anyway, if you look at the actual technical details of how things like Xbox and DVD protection were cracked, they mostly relied on massive flukes that were only found after years of searching and typically a 3rd party had to screw up somewhere first. With each successive generation of these technologies they've been iteratively improved and I see no reason why console protection won't follow the same path DirecTV/NDS satellite security followed: a few generations in, no more cracks have become available even after many years and despite the potential profit.

        • Yeah but all it takes is for one former employee to spill the beans. Or maybe a current employee who doesn't like his job.

          Also, the consumer has to have some way to get the media. Its not all that easy to deny the hacker what he's after but still allow the consumer to get what he paid for.

        • Re:Took that long? (Score:2, Insightful)

          by salgiza (650851)
          Yes. But those clever hackers have something that most people who work for technology companies don't have. Lots of motivation. They don't do it for money, they do it because it's a challenge.
          And you can be thankful that most hackers don't even think of using social engineering [wikipedia.org].

          That's not to say that cracking something as the XBOX 360 is going to be easy or fast, nor that I disagree with part of your post. But we are still far away (if it ever happens) from the point that it is too expensive/complicated t

        • "# They work full time. In terms of sheer man-hours the tech companies can throw at the problem, Joe Randoms in their bedrooms will always lose."

          Simply because someone is simply sitting in a cube for 8->12 hours a day doesn't mean they are any more effective than someone who is putting in ~4->6 hours a day in his off-work hours (and lets not forget weekends). You will also find that someone works far more effectively when the work is fun.

          "# They work together. The internet is great but a mailing

      • (Only liars from marketing departments use it :-) I hate to point out mistakes in posts but this one was obvious. The above sentence should have been written as follows: Only marketing departments use it. This is a common mistake. It is generally accepted that marketing = lies.
    • by Ankou (261125) on Tuesday December 13, 2005 @10:52AM (#14246374)
      Its probably becuase they only had 30 minutes at a time to work on it before it overheated ;)
    • Windows Media DRM is still holding strong, much to the relief of Napster and its ilk.
  • how? (Score:5, Interesting)

    by mistersooreams (811324) on Tuesday December 13, 2005 @09:42AM (#14245814) Homepage
    I've always wondered how you actually go about understanding a file system with absolutely no documentation. I realise in this case that they just had to circumvent some DRM-style file protection, but that still leaves the question of how xboxdvdfs came to be understood in the first place. Does anyone know how they do this? Little to my surprise, the article offers no details.
    • Re:how? (Score:5, Insightful)

      by SigILL (6475) on Tuesday December 13, 2005 @09:59AM (#14245892) Homepage
      I've always wondered how you actually go about understanding a file system with absolutely no documentation.

      Well, you know the contents of the files as well as their names, right? So you can use a simple text search to figure out where on the disk the contents are placed. Then you look for structures on the disk that appear to point to these contents.

      You can for example figure out the size of a directory entry by looking for the amount of characters between successive file names. After that, things like file size and other metadata can usually be readily detected.

      There's admittedly some guesswork involved. That's why official documentation is always preferrable to something that's reverse engineered.

      • Encryption? (Score:4, Interesting)

        by Mattygfunk1 (596840) on Tuesday December 13, 2005 @10:07AM (#14245951)

        Will this mean that if processor and read latency speeds are acceptible, that the file system could be encrypted in future versions?

        __
        Adult Funny Video Clips from Laugh Daily [laughdaily.com]
        • Will this mean that if processor and read latency speeds are acceptible, that the file system could be encrypted in future versions?

          Great idea! This way, without the key, nobody will be able to boot their Xbox.
          Wait that sounds like they're going to have to give you the key.... :)

          This is why satellite TV boxes have smartcard readers on them. The issuse isn't one of hardware speed, but rather making it really freakin hard to pull the key out of the box.
          You have to have somewhere to store the key that
    • Re:how? (Score:5, Interesting)

      by Aladrin (926209) on Tuesday December 13, 2005 @10:04AM (#14245932)
      There's a lot of trial and error involved, but mainly it's a matter of understanding how it's been done in the past and how it could be done.

      You start by looking for signs of things you know should exist. It's Microsoft, so they would probably use a file system along the lines of one they already use, like FAT or NTFS. Look for signs like a file table and figure out how they stored the information regarding where things are placed.

      With some trial and error, you can determine exactly how things are placed there, and what format is used to describe them. (Meta data.) After you understand the meta data, you write a program to let you access it easier and then you start understanding the data.

      I'm not guessing at any of this. This is exactly the process I used to write my Sims skn2obj converter a few years back. Maxis was very very tight-lipped on everything and wouldn't even respond to eep2 or I. He pointed out how close it looked to OBJ format and I took it from there. It turned out the format was relatively close, but there was a lot of extra data that obj didn't handle and everything had been rotated and transformed.

      Anywhere, as always, it's a ton of work and guesswork both. (Very rewarding, though, once you get it.)

      As for how to break encryption... I assume it's along the same lines, but I've never even tried it.
    • You look for recognizable structures. For instance, if you have some idea of the filenames involved, you might start looking for those in a mixed hex/ASCII dump, then start trying to figure what the numbers before and after the filename mean.

      In analyzing these numbers, you try to see emerging patterns that represent data structure. One 64-bit number might refer to a location in a FAT table, or it might refer to something like an inode, another might contain a date/time stamp. Some other numbers might repr
    • Re:how? (Score:5, Informative)

      by tpgp (48001) on Tuesday December 13, 2005 @10:12AM (#14245980) Homepage
      I've always wondered how you actually go about understanding a file system with absolutely no documentation.

      From Wikipedias Reverse Engineering Page [wikipedia.org]
      Reverse engineering of software can be accomplished by various methods. The three main groups of software reverse engineering are:

            1. Analysis through observation of information exchange, most prevalent in protocol reverse engineering, which involve using bus analyzers and packet sniffers for example for listening into a computer bus or computer network connection, revealing the traffic data underneath. Behaviour on the bus or network can then be analyzed for producing a stand-alone implementation that mimics the same behaviour. This is especially good for reverse engineering of device drivers.
            2. Disassembly using a disassembler, meaning the raw machine language of the program is read and understood in its own terms, only with the aid of machine language mnemonics. This works on any computer program but can take quite some time, especially for someone not used to machine code.
            3. Decompilation using a decompiler, a process that tries, with varying result, to recreate the source code in some high level language for a program only available in machine code.
      I suspect that methods 1 and 2 would have been most useful for the original xbox dvd filesystem.

      If your filesystem is writable, you can try:

            1. Look at the volume with a hex editor
            2. Perform some operation, e.g. create a file
            3. Use the hex editor to look for changes
            4. Classify and document the changes
            5. Repeat steps 1-4 forever

      (from The linux ntfs faq [sourceforge.net]
      • Yeah those 5 steps are pretty much what you do if you want to reverse engineer a networking protocol, too. Do various actions and watch the TCP stream. Change one property and see how that affects the data. Before long you start to get a picture of how the protocol functions and you start getting some real progress. :) Then you can write up your own 3rd party software to interface with the protocol's native software. In fact that's how most "proxy" cheat programs work for games like WoW, Quake, CS, etc... t
    • Well, in this case, it was very similar to the Xbox file system, so there was no work to do.

      So, how was the Xbox file system decoded?

      Well, in this case, someone pirated a copy of the MS tool GDFIMAGE. They could use that to make test file systems and reverse engineer those knowing exactly what was in them. But really, I don't think that they did either, they likely just disassembled GDFIMAGE. There have been replacement (presumably legal) tools for GDFIMAGE for some time now, as the original is copyrighted
      • Whether it is contaminated or not depends on where you live. For large chunks of the worlds population this would be perfectly legal.
    • The XDK (Xbox Developers' Kit) is "out there" and not very hard to obtain. It has huge amounts of documentation on developing for the Xbox, and at the same time a pretty decent amount of filesystem info.

      Also the Xbox filesystem is very very similar to FAT32 (or was it NTFS? I forget which now), as people snooping at the systems quickly determined. It's easy to look for signature filesystem footprints and so on using various handy filesystem tools :)
  • by halleluja (715870) on Tuesday December 13, 2005 @09:42AM (#14245815)
    Darn. I voted for FAT12!
  • Important to Note (Score:5, Insightful)

    by MeanderingMind (884641) on Tuesday December 13, 2005 @09:43AM (#14245823) Homepage Journal
    The article notes that this in an of itself is only a step in the long march towards all those crazy things people have done with the original Xbox.

    An important step, but only a step.

    Don't get too excited, it will be a few months yet before any underworld homebrew applications are running.
    • Re:Important to Note (Score:2, Interesting)

      by Lauritz (146326)
      My guess is that the ps3 will have come out, including a linux devkit, before the xbox360 is broken so much that it is usefull.
    • Yeah, the xbox may store its games in this format, but it must be able to read the standard DVD file system if it is to play DVD movies. I'm sure if a mod chip comes out, it will have the ability to transfer the files to your computer over the wireless network, and play games off standard DVDs
  • by rharder (218037) on Tuesday December 13, 2005 @09:48AM (#14245846) Homepage
    It turns out the DRM was stimied by putting electrical tape on the disc.
  • huh? (Score:5, Interesting)

    by the computer guy nex (916959) on Tuesday December 13, 2005 @10:02AM (#14245923)
    "Don't get too excited, it will be a few months yet before any underworld homebrew applications are running."

    The first xbox took about a year for the first mod chips. Right now people are doing the easy part and deciphering how everything runs.

    The hard part is how to get unauthorized code to run. This part involves bypassing systems bios and installing a compatible version over the top that the system cannot detect. This could take a few years.
    • Re:huh? (Score:5, Insightful)

      by DrXym (126579) on Tuesday December 13, 2005 @10:15AM (#14246001)
      The hard part is how to get unauthorized code to run. This part involves bypassing systems bios and installing a compatible version over the top that the system cannot detect. This could take a few years.

      And if MS have learnt anything from the likes of the PSP (as they undoubtedly have). Any exploit will be quickly patched, either when you install a new game or next go online.

      • It may be Sony that learned from MS, seeing as this is how the original Xbox has operated since day one. You can't update modded xboxes that are locked against updates. You can, however, deny them access to Live, which is exactly what MS did.
      • And if MS have learnt anything from the likes of the PSP (as they undoubtedly have). Any exploit will be quickly patched, either when you install a new game or next go online.

        Ah, but that mechanism itself, if insecure, can be just the hole hackers need to get their code in just the right places....
    • Re:huh? (Score:3, Informative)

      by Anonymous Coward
      Don't think it will be that easy, Microsoft has learned from their previous XB1 security blunder - and this time they do not even trust data running on the internal hardware bus.

      Executable data is hashed and signed using asymmetrical keys built into the different hardware components (gpu, cpu etc). As each console has different keys "burned in", compromising one machine will mean nothing for the others!

      Even if you use your electron microscope to compromise the keys of all your hardware components, using no
    • Erm.... few years? I think you people overestimate copy-protection.

      It doesn't take a rare person like Einstein to figure out a way to bypass copy protection and figure out the inner workings of the system.

      Nothing is uncrackable, and when enough people are working to figure something out, it won't take long. Mod chip manufacturers made a TON of money from last gen consoles, so they have engineers working on this already. Not to mention all the people that DO have the experitise to figure this out and start t
  • Not again ! (Score:4, Funny)

    by 4Dmonkey (936872) on Tuesday December 13, 2005 @10:20AM (#14246023)
    A reliable source from Pi 'research' group later told press repoters that minutes after removing the DRM encoding, 'researchers' were surprised to see that it resembled Dos 6.2 by almost 97.5%, except it occupied 548% more memory.
  • by Kildjean (871084) on Tuesday December 13, 2005 @10:36AM (#14246192) Homepage
    Jesus, the console is barely a month old and you people are already thinking in doing something else with it? Could we enjoy it til January 2006 before you start contemplating doing OS changes, putting hamsters to roll on a cage, adding fish, dressing it as barbie to play "tea party"... ;)
    • You've seen the list of launch titles, right?

      This isn't finding something else to do with the console, it's finding something entertaining to do with it, period. There's only so much high-definition Shaq-sweat a man can watch before the novelty wears off.
  • The Real Deal (Score:3, Informative)

    by Anonymous Coward on Tuesday December 13, 2005 @10:36AM (#14246195)
    Firstly, the Register article (and /. summary) is useless. They're just high-level summaries. The details (the meat, if you like) are here: http://www.xbox-scene.com/xbox1data/sep/EEFuplVllV IYuZHGfq.php [xbox-scene.com]

    Now, for the problem. Team Pi have released an open-source extractor FOR THEIR ALREADY-DECODED IMAGES. They have NOT released an open-source decoder for turning DVDs into images.

    Why is that? I believe they probably haven't fully reverse-engineered the encryption yet. They've just cracked the raw disk driver or some other part of the XBOX360 operating system, so that it performs the decryption for them (MS's code) and saves the result to hard disk.

    Needless, it won't be long before there's a public utility to run on a hacked 360 or devkit that does the same thing, then eventually someone will do the hard part - fully reverse-engineering the encryption.
  • can expect the FBI on their doorstep for violating trade secrets.

    A representative said:

      "Users don't need to know the details."
      "This was clearly done by terrorists and hackers."
      "We will find you, and we w_i_l_l kill you"

    That all she wrote. :-)
  • by UttBuggly (871776) on Tuesday December 13, 2005 @11:36AM (#14246865)
    I wonder if the 360 sends any "help me, I've been raped and pillaged" data to XBox Live?

    At which point your $400-1000 console goes tits up.

    MS certainly knows how people got inside the original XBox and it seems EVERY 360 game, multiplayer or not, "reports" scores and achievements to Live.

    Seems like a cool feature and all, but it could very well be some crafty social engineering.

    Given Sony's recent rootkit debacle, it isn't too much of stretch to believe Uncle Bill had the boys put in a "phone home and tattle" capability.

    • by SteveXE (641833) on Tuesday December 13, 2005 @11:55AM (#14247080)
      You can...

      a) Shut off the automatic connection to Xbox Live
      b) Block a connection to XBL from your router
      c) Unplug the ethernet cord

      Not too hard
    • Any sort of "remote destroy" code that could be sent through an online service would make me seriously question the designers of the service and the console. What happens if someone cracks the network and broadcasts the code to all connected hosts? The results would scare even the most DRM-happy business person.
    • You couldn't put a hacked XBox (with the chip on) on to Live before, and you won't now. Most people that wanted to play on Live ended up with two XBoxes. I had one for Live and one for things like XBMC. Some people just disabled their chip when they went online..but mine got banned on the first wave.
  • It may just be me, but once you Buy something you ought to be able to do with it as you wish. Restrictions on use after the first sale are often not legal (if they were, all the gun companies would all have EULA's stating you are not allowed to commit a crime with their product), and any attempts to enforce any such behavior should immediately be thrown out of court.
    • It's worth it if it keeps cheaters off Live. IMO.

      Yes, I care more about people cheating in online games than I do about "software freedom."
    • Get him!
      .
    • It may just be me, but once you Buy something you ought to be able to do with it as you wish.

      The key word here is ought. I agree with you that once I buy something it ought to be mine to do with as I please. The same way I feel that the trees and buildings sitting on my property are mine to do with as I please. (why is it always OUR trees when they are on someone else's property)

      However, there are several companys and more then a few politicians that don't seem to feel the same way.

      The worst part of

  • Standard xboxdvdfs, from the makers of Microsoft Works!-)
  • Basicly, you make it so that every machine instruction is decrypted as it is executed by the CPU (I know it has been done in the past for a number of arcade machines, some of which have been cracked because they used weak encryption and some of which have never been cracked)

    If decrypting every instruction as it gets executed is too slow or otherwise unfesable(which I suspect to be the case), another answer is to encrypt the executable files on disk and decrypt them when they get read into main RAM. In this

Today's scientific question is: What in the world is electricity? And where does it go after it leaves the toaster? -- Dave Barry, "What is Electricity?"

Working...