Edit: This will be a rather long post detailing my experiences with personal 'hacking' an xBox 360; sorry for the length!
I have finally decided to try my hand at hacking an xBox 360. Rather than risk my own immaculate system I decided to try for a $199 used system from GameStop; the systems from there have already been opened, they have older DVD drives (better chance for finding one that can be flashed) and they have a 10 day money-back option.
The current state of xBox 360 hacking is as such: the copy protection that Microsoft uses in the 360 for is made up of two parts- software written for the 360 disk must be digitally signed (by Microsoft) and the DVD media type must read as 'XBOX360' (instead of DVD, DVD-R, etc) by the DVD drive. The first part ensures only signed code can be run on the system (no homebrew or hacks) and the later ensures that only specific media can be used in the 360. The first mentioned protection is still in place (i.e. no one has written a custom firmware that can run unsigned code for the 360- at least one that I am aware of) but the later has been the focus of most current xBox 360 hacks: the firmware on the various drives can be modified to present an 'XBOX360' media type to the system regardless of what type of media that is inserted.
This modification allows properly backed up xBox 360 games (with the digital signatures still intact) to be playable by the system. However, this is not very popular with Microsoft as it can allow the playing of pirated software as well. To counter this they have developed 'hacked system' detection tools that can be deployed via xBox live. If Microsoft finds a modified firmware in your xBox 360 it can result in a permanent ban from Microsoft Live (based on the serial number of the xBox 360). The firmware modifications as constantly being updated to provide 'stealth' for the system sp it does not get banded- but this is the classic crack-patch tug-of-war that goes on between hackers and companies trying to protect their products (like Sony with the PSP as a good example).
If you want to modify you xBox it will not allow the play of any homebrew software (as it did with the xBox classic); the sole function is to allow the play of duplicate copies of xBox 360 software. You should only use this for playing backup copies of software that you already own (i.e. this is my 'Don't copy that Floppy' statement for this post). Opening the xBox 360 will void any warranty in place with Microsoft (so if you get a RROD a few months later- you won't get any help from them!)
That said, if you really want to modify your xBox then please keep reading.
The first step in this process is determining which DVD drive is installed in the xBox 360:
Each drive has a different method for hacking and can vary in difficulty. I chanced upon having a Samsung TS-H943A drive- one of the most forgiving DVD drives to flash; however, I also had one with firmware ms28- which has a read/write protected firmware and must either be physically modified or rebooted to put it into recovery mode.
Attentively you can go to the 360 DVD Drive database if you want to look at the manufacture date and not have to actually open the xBox 360 packaging.
Once you know which drive you have, you can can get a good idea of how difficult/easy the modification should be. You next should set about to opening the system and getting access to the SATA port on the back of the DVD Drive. Opening the systems was probably the hardest part for me as I didn't want to damage the casing. There are tools that can be purchased to make this easier, but I am a tad impatient so I tried the modified CD case method to make my own 'tools'; in the end I uses a small screwdriver...
There are countless tutorials (CleverMod, The Llamma's Adventures, biline.ca, 360-HQ) of how to open the xBox 360 onthe web, but I think I learned most of what I needed from these two videos:
Once you get it opened and stripped you should have something similar to this:
You notice in the bottom right of this image is there is a standard SATA connector to the drive along side a proprietary power plug- so you will need to leave the drive connected to the power in the xBox 360 to allow for firmware reads/updates (the drive must be powered up). You will also need to have a video cable connected to the 360 as it does not boot up completely without a video cable attached (the far end does not need to be plugged into a TV, but I prepped it to allow for testing once the firmware update was complete).
You should ground your 360 to the PC that as the two devices are on different power supplies and there could be variances in power between them- and they are tethered together via a SATA cable. The odds are very rare that something could happen, but it is better to be safe. An alternative idea is to put the xBox 360 chassis in contact with metal from the PC chassis:
Now comes the tricky part; you need to download some firmware tools that can read/write to the DVD ROM firmware; usually this is not a big deal, but tools are mostly based on a DOS program called MTKFLASH and it must be able to see the SATA controller from DOS. This limited me to specific SATA chipset and gave me lots of headaches; I went through four different PCs and none of them seemed to work correctly. In the end I gave up a purchases a $12 SATA card with the VIA chipset from Newegg- this fixed all the issues I was having. (but in building this document, it looks like I could have used the Intel SATA controller in my Gateway laptop!)
Initially I tried to use MTKFLASH with various command lines, but I found Xtreme Boot Maker that runs under Windows that will make a bootable USB drive to take care of all the work for me (you will also need XBM Definitions update to use the newest 5.3 firmware- otherwise you will get 'Import Failed' if you try to go past v5.2).
There is also a software called iPrep 101 that offers a similar function to
Easy XBins is a combination IRC client/FTP client that sends a message to a bot in the XBins channel on IRC and lets you download the firmware/application you need (or you can install an IRC client, login to #xbins on EFNet and get connection info from the bot in the channel via !list command).
Once you have your hacked firmware of choice (XTreme 5.3 for me) you load it in the firmware (make sure you have the definitions update for 5.3), select the controller and select the destination USB drive. There are options of A,B, C and D firmware versions for Xtreme 5.3- these are all the same with variations on DVD speed (slow/silent or full speed- the later C and D options are dual-mode versions).
If you have a Samsung with the M28 firmware, make sure you check off the 'Apply Bokes Patch' option. I am not 100% about the serial number requirements and I entered them during read/flash as well. When all is good, click the 'Create Disk' and it will format your USB drive and make it bootable.
Shut down your PC and reboot to the USB drive inserted and boot priority set to USB Disk (also make sure your xBox drive is powered up and connected to the SATA card- if it is not available for initial system detection the software on the USB drive will not see it). After the system starts up you are present with two options:
xRead 1234567 12345
xFlash 1234567 12345
The former reads the current firmware in and writes it the disk. The later takes the prior read firmware and patches it to be written back to the drive.
The numbers following the command is the serial number of your xBox 360. This should be located on the back of your system by the video connector. Note: if you have a used/refurbished xBox 360 there may be a new serial number on the back- and the ones from Gamestop do not have the '-' in the serial number. To confirm, it should match the number in System -> Console Settings -> System Info in the xBox 360 menu.
The basic procedure is boot up with the USB drive and read the original firmware, then reboot everything and boot up with the USB drive and flash the drive with the modified firmware- make sure you reboot between the read and write of the firmware!
As mentioned above, the MS28 version of the Samsung firmware is read/write protected- so you must put the drive into 'recovery mode' by rebooting the 360 during flashing. To do this, run the 'xRead 1234567 12345' command as usual. When the prompt appears to press a number for the CD drive, turn the xBox 360 off and then press the number. Wait about 10 seconds and turn the xBox 360 back on. The drive will come up and the software will automatically start reading the firmware information (This works as the drive goes into recovery mode for a few seconds after it starts up).
To flash the MS28 you follow the same procedure as above but substitute 'xFlash' for the 'xRead' command. Here is a video of the above process from 360Mods:
After a successful flash, shut down the xBox 360 and PC, reconnect the internal SATA connector in the xBox 360 and verify it is working with a backup dvd!
Note: All xBox 360 games must be on dual-layer DVDs and they must be burned with CloneCD- I have not been able to get Nero to burn a successful copy as of yet. If you are obtaining your backup copies from UseNet then the files should be in CloneCD format- but make sure you are getting a backup for the correct region and format (i.e. NTSC over PAL, US/Canada vs. Japan, etc.)
In my research, I found the most helpful page for this project was 360mods.net website; they have pages with many tutorials (including the awesome xBox 360 Hacking for Noobs file) as well as video tutorials both the Samsung M25 and Samsung M28 (the one I have) firmware versions.
This post was specifically for the Samsung M28 firmware version- but I may try this on my xBox 360 Elite (with a Ben-Q drive) if I do not get banned from xBox live with the Fall desktop update!
Very interesting. This was made quite a while ago, have you been banned from Xbox Live yet from using this procedure? If not, I might give this a go.
ReplyDeleteI didn't know that Xbox 360 modding was such a complicated process. I thought you could do it all internally. Like Penwin said, I might just give this a go now, as the instruction manual seems to be right in front of me.
ReplyDelete