Hi everyone. I think that everyone knows how people used to play pirated games on the xbox 360. They would simply modify the dvd-drive's firmware to boot backup dvd's. What's stopping us from doing the same for the xbox one? Can someone explain this to me?
Hacking DVD Drive Vulnerability
- Thread starter Andrei1744
- Start date
- Views 13,390
- Replies 27
- Likes 3
I would also like to know more info about this or any potential exploits for the xbox one, if anyone knows. I'm now mostly curious because MS has stopped making them, and I have a one original collecting dust now, since getting a series x.
Exactly! I have an original XB1 too. I heard that the xbox 360 also had a supervisor, but it didn't interfere with the custom dvd drive firmware loading backup dvd's. I think that there might be a way to pull this off. And with access to dev mode, couldn't we extract the DVD Drive keys to overwrite it's firmware?
It's not a Xbox - Xbox 360 deal where the security hardly changed. For reference, the final Xbox 360 DVD drives are not even hackable unless you get the key with a RGH - and this is just assuming they'd use the same security methods
- Joined
- Oct 27, 2021
- Messages
- 927
- Reaction score
- 839
- Trophies
- 0
- Website
- www.youtube.com
- XP
- 1,881
- Country
Can't flash those at all because of this - any slim made around late 2011 and later also require RGH and a unlocked PCB to get DVD hacks.
Thanks for explaining it to me everyone. If Microsoft didn't add the bounty feature, we would surely have a hacked xbox one. I think that most of the hackers report the vulnerability to Microsoft because they offer a huge amount of money. Could we make something like that? A site where people put bounties. Everyone could add some money to the bounty, and if someone makes the vulnerability work, they would get all the stashed money. I would add probably 250$ to get it started.
The problem based on my own research is we have no way of working out the deviation angles on the disc geometry. The arm cpu on the dvd drive can be accessed I have found via spi and a bus pirate but I cannot interact with the chip at all but its still progress I have slowly been making. If anyone has the time i'd love someone to collaborate on this as I have way more research and progress that I am unwilling to share here for obvious reasons 
May I collaborate with you? Not here of course. And I am very interested in the progress that you've made.The problem based on my own research is we have no way of working out the deviation angles on the disc geometry. The arm cpu on the dvd drive can be accessed I have found via spi and a bus pirate but I cannot interact with the chip at all but its still progress I have slowly been making. If anyone has the time i'd love someone to collaborate on this as I have way more research and progress that I am unwilling to share here for obvious reasons
Sure if you have some knowledge regarding this subject feel free to PM me if you like
The challenge/response sequence hasn't changed drastically, Xbox still makes the characteristic seeking sounds when authentciating a disc.
The problem is the drive controller. MS used to not care about it and the drive vendors just used generic chips, then the 360 drive got hacked real bad and MS realized any generic ASICs won't work. They teamed up with MTK to custom design the drive controller chip.
It's still mostly based on existing MTK drive controllers but now it properly encrypts its firmware and controls flash access/booting securely. Reverse engineering the chip becomes much harder compared to when the 360 drives were originally being reverse engineered. Those Samsung drives are almost wide open.
The problem is the drive controller. MS used to not care about it and the drive vendors just used generic chips, then the 360 drive got hacked real bad and MS realized any generic ASICs won't work. They teamed up with MTK to custom design the drive controller chip.
It's still mostly based on existing MTK drive controllers but now it properly encrypts its firmware and controls flash access/booting securely. Reverse engineering the chip becomes much harder compared to when the 360 drives were originally being reverse engineered. Those Samsung drives are almost wide open.
It actually has based on my own research AP 3.0 is mentioned in the code dumps I have and XGD4 has a wildly different geometry on the disc despite is being blu-ray. I have spent a year pouring over this. Yes they did use custom MTK chips but i have managed to interact with one via a spi bus pirate. Its all work in progress but trust me when I say the disc challenges/responses and very complex now. The 360 dvd drive was hacked mostly down to failures on the classic model. Sure they tried to improve with liteons etc. The xbox one uses secure fw crc checking on boot. Slims also did this...phats didnt. The firmware is also checked on boot to see if it is stock which also slims did. The decryption of the tool for the MTK chipset should be straight forward as I already have the maketools that were part of the xbox one leak and have figured out how to use firmcrypt for those and its all good but understanding the new PSN layer and disc AP 3.0 structure will take time. Finding a blu ray drive with an analogue controller so we can dump every bit with security sector's is what I have been doing. Tmbinc did this back in the day its actually how we understood how the 360 disc structure worked and allowed us to make 360 backup creator etc. As I say this is all work in progress but I have been researching this hard for the past year. Of course the video you posted is designed to make people like myself and other feel deterred... I wont be but you did reference some interesting stuff there I have been looking into
but you did reference some interesting stuff there I have been looking into
You know the BD-J bug also works on Xbox One and Xbox One Series apparently
I actually found a patent MS submitted, it involves burning two overlapping data tracks on the security region of the disc during glass mastering, the mechanical imperfections guaranteed true random results that couldn't be replicated reliably twice even in the mastering factory.
The overlapping tracks created intermittently unreadable regions that the patent stated to be measured for AP checks.
The patent number is EP 3 201 922 B1 if you are interested.
The overlapping tracks created intermittently unreadable regions that the patent stated to be measured for AP checks.
The patent number is EP 3 201 922 B1 if you are interested.
no one really bothered to exploit xbox one/series because you have game pass and dev mode
Similar threads
Site & Scene News
New Hot Discussed
-
-
25K views
Twilight Princess PC port "Dusk" gets its first release
It wasn't too long ago we saw our first glimpse of Courage Reborn, another Twilight Princess PC port in the works based on last year's decompilation efforts. With... -
15K views
Pokemon Platinum PC port gets a surprise release
Seemingly out of nowhere a PC port for Pokemon Platinum has surfaced online, bundled alongside the source code for those interested in building and developing it for... -
13K views
Nintendo announces price increases across the board, set to come into effect from September in western regions
After much speculation, Nintendo has finally followed their competitors in announcing price increases for their hardware. You can find a breakdown of what's changing... -
11K views
Star Fox 64 remake for the Switch 2 announced in surprise Nintendo Direct
Airing last night with very little in the way of warning, a brand new Nintendo Direct was aired. Running for 15 minutes in total, it took a moment to celebrate the... -
10K views
Steam Deck gets a major price bump, more than 40% increase for US buyers
With very little in the way of announcement, Valve has today increased the price of the Steam Deck but some fairly considerable margins. Both of the available models... -
9K views
Nintendo president Shuntaro Furukawa explains Switch 2 price increases in recent Financial Results Briefing
As a part of their Financial Results Briefing for the previous year, Nintendo president Shuntaro Furukawa took to the floor to answer key questions around the Switch... -
8K views
Sony announces PlayStation Plus price increase for new customers starting May 20
Earlier this year, Sony announced major price increases for the PS5, PS5 Pro, and PlayStation Portal. Now the company is raising prices again, this time for... -
7K views
Forza Horizon 6 leaks online after Steam preload data was uploaded without encryption
We are once again here to tell you about a game leaking before its release, but for once, it's not one published by Nintendo. The game files for Microsoft's upcoming... -
7K views
Pokémon Crystal gets a PC port titled "suiCune" based on C/C++ language
Continuing with the great news of Pokémon Platinum getting a native unofficial PC port just a few days ago, today, yet another classic title from the franchise has... -
6K views
Paper Mario PC recompilation "ReCut" gets its first pre-release build
The latest in a growing number of native PC ports, Paper Mario ReCut got its first pre-release build earlier this week. Based on the N64 recompilation toolchain, the...
-
-
-
168 replies
Steam Deck gets a major price bump, more than 40% increase for US buyers
With very little in the way of announcement, Valve has today increased the price of the Steam Deck but some fairly considerable margins. Both of the available models... -
163 replies
Twilight Princess PC port "Dusk" gets its first release
It wasn't too long ago we saw our first glimpse of Courage Reborn, another Twilight Princess PC port in the works based on last year's decompilation efforts. With... -
144 replies
Nintendo announces price increases across the board, set to come into effect from September in western regions
After much speculation, Nintendo has finally followed their competitors in announcing price increases for their hardware. You can find a breakdown of what's changing... -
134 replies
Star Fox 64 remake for the Switch 2 announced in surprise Nintendo Direct
Airing last night with very little in the way of warning, a brand new Nintendo Direct was aired. Running for 15 minutes in total, it took a moment to celebrate the... -
102 replies
Pokemon Platinum PC port gets a surprise release
Seemingly out of nowhere a PC port for Pokemon Platinum has surfaced online, bundled alongside the source code for those interested in building and developing it for... -
92 replies
Sony announces PlayStation Plus price increase for new customers starting May 20
Earlier this year, Sony announced major price increases for the PS5, PS5 Pro, and PlayStation Portal. Now the company is raising prices again, this time for... -
83 replies
Nintendo president Shuntaro Furukawa explains Switch 2 price increases in recent Financial Results Briefing
As a part of their Financial Results Briefing for the previous year, Nintendo president Shuntaro Furukawa took to the floor to answer key questions around the Switch... -
73 replies
Paper Mario PC recompilation "ReCut" gets its first pre-release build
The latest in a growing number of native PC ports, Paper Mario ReCut got its first pre-release build earlier this week. Based on the N64 recompilation toolchain, the... -
71 replies
PlayStation State of Play June 2, 2026 broadcast - new God of War announced
A whole hour of PlayStation content is on the way, thanks to the latest State of Play showcase. Headlining the stream will be Marvel's Wolverine, alongside a... -
63 replies
Call of Duty: Modern Warfare 4 to launch on Nintendo Switch 2 in October
For the first time in 13 years, the Call of Duty series will again return to Nintendo's consoles. Set to launch on the 23rd of October, the latest release, Modern...
-
