can anyone in 2023 access data from an original xbox hdd without eeprom on pc?

[sirgilmour]

I'm pretty sure it's locked and I don't have an original xbox console, just a ide hdd with tons of photos from my youth I lost over time.
anyone found a trick to access the data? like cloning the hdd and searching through the img file?

 

[godreborn]

I don't know about the xbox, but you wouldn't be able to just search an image of the hdd if it's encrypted.

 

[FAST6191]

How was the console it came from modded? If it was mod chip or TSOP then it might well not be locked and thus if the drive still functions then should just be a matter of peering into the drive with a tool to parse the file system.
If it was game save softmod or drive hotswap then different matter.

If you soft modded it yourself then you would have been told to take the EEPROM and keep it safe. This might well include emailing it to yourself or similar if you can go that way if you care to find such a thing, or if you have the old hard drive/contents thereof from your PC of the era same thing.

When you say you don't have an original xbox I do have to ask what happened to the one it came from? Leaky cap or something might well be fixed for long enough to boot it and do what is necessary if you can still lay hands on it.

Beyond that then there might well be a technique (computer forensics does extend to game consoles, indeed some have a special interest and the original xbox being a not inconsiderable Linux machine once modded kicked off a lot of it) but I am not aware of a common one for the homebrew scene, probably as most don't care that much (you are not the first to want something from an old device like this, gameboy cameras appearing more than once around here, but most times the response to dead drive is chip/TSOP and sucks about your save games).
Likewise I can't rule out a vulnerability in the locking protocol (it was more than fig leaf but never high security) such that some fun with the drive firmware/EEPROM/whatever carries user settings dump and a modern GPU might do something.
This does however mean it is probably worth keeping as such a method could come up, and might at some level be useful in the future as whatever has not succumb to leaky clock caps might well also come with a dead drive and chips nowhere to be seen.

 

[sirgilmour]

How was the console it came from modded? If it was mod chip or TSOP then it might well not be locked and thus if the drive still functions then should just be a matter of peering into the drive with a tool to parse the file system.
If it was game save softmod or drive hotswap then different matter.

If you soft modded it yourself then you would have been told to take the EEPROM and keep it safe. This might well include emailing it to yourself or similar if you can go that way if you care to find such a thing, or if you have the old hard drive/contents thereof from your PC of the era same thing.

When you say you don't have an original xbox I do have to ask what happened to the one it came from? Leaky cap or something might well be fixed for long enough to boot it and do what is necessary if you can still lay hands on it.

Beyond that then there might well be a technique (computer forensics does extend to game consoles, indeed some have a special interest and the original xbox being a not inconsiderable Linux machine once modded kicked off a lot of it) but I am not aware of a common one for the homebrew scene, probably as most don't care that much (you are not the first to want something from an old device like this, gameboy cameras appearing more than once around here, but most times the response to dead drive is chip/TSOP and sucks about your save games).
Likewise I can't rule out a vulnerability in the locking protocol (it was more than fig leaf but never high security) such that some fun with the drive firmware/EEPROM/whatever carries user settings dump and a modern GPU might do something.
This does however mean it is probably worth keeping as such a method could come up, and might at some level be useful in the future as whatever has not succumb to leaky clock caps might well also come with a dead drive and chips nowhere to be seen.

i think had a modded(chip) console first for this hdd and had a non modded console I softmodded and the hdd could not be read, then i sold it.
The pc that contained the eeprom if i took note of it is long gone with no bkp.
I tried several softwares made to read xbox or xbox 360 hdd and never could get past the security lock but that was a while ago.
I was wondering if there is now a way to get past that.
If i found someone who had a xbox with a modchip in it would be the only way?

 

[FAST6191]

Hard drive locking is a feature of the IDE/PATA spec but a rarely used one so not everything implemented it, especially not hard drive readers/adapters, hence the x-pec compatibility list ( https://xboxdrives.x-pec.com/?p=list ) and need for a computer with it on the motherboard to do anything with in all the guides.
The locking key in the case of the xbox is contained within the EEPROM files and can be read from a softmodded machine (not sure there is an option to grab it via some reader either). This is then considered unique per console.

Hardmods (chips and TSOP) jump in before the BIOS runs and thus can skip the locking stage (thus can use any drive they like).
Softmods (save exploits and drive swap) come in after the BIOS runs and thus have to be able to lock and unlock to get through that portion.

If it had come directly out of the former then you might well have been able to play with something from https://xbox-hq.com/html/downloads-cat59.html or whatever FATX (the slightly tweaked version of FAT drive format that the xbox used and possibly further tweaked for the 360). If you had stuffed it into a softmodded machine it might well have locked it with its own key (possibly having seen the modded dash and deciding it was not a valid dash -- the softmods would install exploits and keep a minimal version of the original dash before jumping to a homebrew one, if you control the BIOS then who cares just go for the good stuff). If you have a motherboard with IDE in still available to you then by all means try some of those or whatever comes up from a search as it is not likely to be a long affair.

Most of the xbox drive format capable software should be smart enough to see if something is encrypted or not rather than just have it as a default assumption that you have to enter a dummy code for.

A mod chip in some xbox out there is unlikely to do anything for you if it is already locked with some unknown key.

To this end we are back to seeing if someone out there has a means of bypassing IDE drive locking. I fully expect there to be something (it is a seldom used security feature that not everything even bothered to implement and only considered a part of security rather than whole deal and made for hard drive format that was old at the time where hard drive processors probably have less power than many watches today... I would be truly stunned if there was not a exploit to bypass things), however I don't know of anything in particular having appeared in public xbox circles.
https://xboxdevwiki.net/Hard_Drive#Locking_Mechanism has a tiny bit more if you did want something. Assuming you can run it against a file rather than the drive that would be within reason for a brute force attack (possibly guided by needing to be combined with serial and model number). If you have to try it against the drive and wait for it to spin up and down then rather less so.

 

[sirgilmour]

Hard drive locking is a feature of the IDE/PATA spec but a rarely used one so not everything implemented it, especially not hard drive readers/adapters, hence the x-pec compatibility list ( https://xboxdrives.x-pec.com/?p=list ) and need for a computer with it on the motherboard to do anything with in all the guides.
The locking key in the case of the xbox is contained within the EEPROM files and can be read from a softmodded machine (not sure there is an option to grab it via some reader either). This is then considered unique per console.

Hardmods (chips and TSOP) jump in before the BIOS runs and thus can skip the locking stage (thus can use any drive they like).
Softmods (save exploits and drive swap) come in after the BIOS runs and thus have to be able to lock and unlock to get through that portion.

If it had come directly out of the former then you might well have been able to play with something from https://xbox-hq.com/html/downloads-cat59.html or whatever FATX (the slightly tweaked version of FAT drive format that the xbox used and possibly further tweaked for the 360). If you had stuffed it into a softmodded machine it might well have locked it with its own key (possibly having seen the modded dash and deciding it was not a valid dash -- the softmods would install exploits and keep a minimal version of the original dash before jumping to a homebrew one, if you control the BIOS then who cares just go for the good stuff). If you have a motherboard with IDE in still available to you then by all means try some of those or whatever comes up from a search as it is not likely to be a long affair.

Most of the xbox drive format capable software should be smart enough to see if something is encrypted or not rather than just have it as a default assumption that you have to enter a dummy code for.

A mod chip in some xbox out there is unlikely to do anything for you if it is already locked with some unknown key.

To this end we are back to seeing if someone out there has a means of bypassing IDE drive locking. I fully expect there to be something (it is a seldom used security feature that not everything even bothered to implement and only considered a part of security rather than whole deal and made for hard drive format that was old at the time where hard drive processors probably have less power than many watches today... I would be truly stunned if there was not a exploit to bypass things), however I don't know of anything in particular having appeared in public xbox circles.
https://xboxdevwiki.net/Hard_Drive#Locking_Mechanism has a tiny bit more if you did want something. Assuming you can run it against a file rather than the drive that would be within reason for a brute force attack (possibly guided by needing to be combined with serial and model number). If you have to try it against the drive and wait for it to spin up and down then rather less so.

What about an Original Xbox Emulator? With bios control, I could take one of my old pcs with ide ports and put that drive in along with the os drive. Maybe trying linux instead of windows? I know absolutely know nothing about linux but if it could bypass this, why not try.

 

[FAST6191]

Not unless you magically find your original or possibly that last xbox's EEPROM data, or another means (the mere fact a human achievable timing attack works on the protocol means there is probably some other oversight in there somewhere, whether known or yet to be discovered I do not know).

The xbox is not some magical black box (hah), even hacked, that has enough hidden data and secret abilities inside it to decode these things. Each xbox in the factory had the individual keys burned in for that setup and that is what you are facing here.

 

[cactusjack901]

No idea if it's feasible these days; BUT, back in the day, if you wound up with a locked HDD and no eeprom dump, as a last ditch effort you could, and I swear I'm not making this up. Use a specialized boot CD on an open PC that would wait to look for an Xbox HDD, then, boot up the xbox with the top casing off, after the boot animation finished playing but BEFORE the Microsoft logo popped up at the bottom of the screen/error message would pop up, swap out the IDE cable from the Xbox to one hanging out the side of the PC, hoping you caught the right moment, and would then be able to alter the contents of the hard drive, plug it back into the xbox, shut the xbox back down, have the xbox lock it, and provided you did it all correctly, boot the xbox.

THIS, my friend is a very poor description of how I softmodded my first OG Xbox, circa 2006. I was like 15, and had no money, no tools, no games, no controller, and only had access to my friend's PC. It took me weeks to get it working since we only had 2-3 hours a day to try it and we had no idea what we were doing (I'm MUCH better now, lmao). That being said, once I finally got a controller... I was already set to go with all my super fancy burned DVDs (like hell I was paying $50 to get a larger HDD. I was 15 and had a DS and iPod, I got a flashcart and believe it or not, a high end (not really, but they genuinely perform like it, and they were on sale; 10/10 best audio purchase I've ever made) pair of headphones that I still use to this day instead.

 

[tech3475]

No idea if it's feasible these days; BUT, back in the day, if you wound up with a locked HDD and no eeprom dump, as a last ditch effort you could, and I swear I'm not making this up. Use a specialized boot CD on an open PC that would wait to look for an Xbox HDD, then, boot up the xbox with the top casing off, after the boot animation finished playing but BEFORE the Microsoft logo popped up at the bottom of the screen/error message would pop up, swap out the IDE cable from the Xbox to one hanging out the side of the PC, hoping you caught the right moment, and would then be able to alter the contents of the hard drive, plug it back into the xbox, shut the xbox back down, have the xbox lock it, and provided you did it all correctly, boot the xbox.

THIS, my friend is a very poor description of how I softmodded my first OG Xbox, circa 2006. I was like 15, and had no money, no tools, no games, no controller, and only had access to my friend's PC. It took me weeks to get it working since we only had 2-3 hours a day to try it and we had no idea what we were doing (I'm MUCH better now, lmao). That being said, once I finally got a controller... I was already set to go with all my super fancy burned DVDs (like hell I was paying $50 to get a larger HDD. I was 15 and had a DS and iPod, I got a flashcart and believe it or not, a high end (not really, but they genuinely perform like it, and they were on sale; 10/10 best audio purchase I've ever made) pair of headphones that I still use to this day instead.

OP doesn’t have the console.

 

[cactusjack901]

OP doesn’t have the console.

Ahh, much different case. To the best of my recollection, when you didn't have the console, there wasn't too much you could do; the best you could really hope for would be to tell them stories that don’t go anywhere; like the time I caught the ferry over to Shelbyville. I needed a new heel for my shoe, so I decided to go to Morganville which is what they called Shelbyville in those days. So, I tied an onion to my belt which was the style at the time. Now, to take the ferry cost a nickel. And in those days, nickels had pictures of bumblebees on ‘em. ‘Give me five bees for a quarter,’ you’d say. Now, where were we? Oh, yeah! The important thing was that I had an onion on my belt which was the style at the time. They didn’t have white onions because of the war. The only thing you could get was those big yellow ones.

 

[tech3475]

Ahh, much different case. To the best of my recollection, when you didn't have the console, there wasn't too much you could do; the best you could really hope for would be to tell them stories that don’t go anywhere; like the time I caught the ferry over to Shelbyville. I needed a new heel for my shoe, so I decided to go to Morganville which is what they called Shelbyville in those days. So, I tied an onion to my belt which was the style at the time. Now, to take the ferry cost a nickel. And in those days, nickels had pictures of bumblebees on ‘em. ‘Give me five bees for a quarter,’ you’d say. Now, where were we? Oh, yeah! The important thing was that I had an onion on my belt which was the style at the time. They didn’t have white onions because of the war. The only thing you could get was those big yellow ones.

Go yell at a cloud or something.

 

[Testo007]

Its hard to help with no detailed information like
Exact drive type (Manifacturer - type - interface)
Kind of modding (which chip or what soft mod)
Exact security state of the drive - master pw reenabled or only user pw (like original XBox drives)

As a first help I recommend the following:
Download Hdat2 from hdat2-dot-com (replace -dot- with . )
use either a bootable DOS USB Stick and copy Hdat2.exe or create one with Rufus from the provided Hdat2.iso
Boot from USB and analyse your (IDE?)-Hdd attached as master on your PC (ProTip: remove all other HDD/SSD for security reasons)
Depending on the security state of your HDD:
You can try to unlock the drive by using a possibly set master-password and/or removing the user and master PW at all.
Master PW depends on the type of mod or are drive manufacturer specific:
Master-PWs are always 32 digits long AND CASE sensitive - so you have to fill up with spaces when trying the following list:

Soft modded PWs - fill up to 32 with spaces(!):
XBOXSCENE
TEAMASSEMBLY
Manufacturer PWs (source: forensicswiki org wiki/Hard_Drive_Passwords):
Western Digital - WDCWDCWDCWDCWDCWDCWDCWDCWDCWDCWD
Seagate - Seagate (+25 spaces)
Maxtor - Maxtor*INIT SECURITY TEST STEP*F (* means 00h)
Fujitsu, Hitachi, Toshiba - 32 spaces
Samsung - tttttttttttttttttttttttttttttttt
IBM - CED79IJUFNATIT
IBM - VON89IJUFSUNAJ
IBM - RAM00IJUFOTSELET

If the drive is unlocked you can access it on the PC from Windows with fatxplorer:
fatxplorer . eaton-works . com / 2022 / 06 / 21 / fatxplorer-3-0-beta-21-new-og-xbox-hdd-lock-unlock-tool-other-enhancements/ --> remove blanks/spaces

Please give in case of success a short feedback (and if no success further information as stated above)

Good unlock!