Xtreme Firmware 3.0 for TS-H943 Xbox 360 (Stealth Firmware): What Is It Really About? |
Ó
A while back, Commodore4eva (C4eva 4 short) released his Xtreme Firmware 3.0 for TS-H943 Xbox 360 - the world's first stealth firmware for the 360. What it does is make backups of games appear exactly as original disc, regardless of the disc check command used by Xbox 360. We posted an article on this where you can read the full details about it and all it takes to see it is for you to click here. Apparently, C4eva has received a lot of questions and misconceptions about this stealth firmware so he took the time to explain it. And he writes:Stealth Media
-----------------
This is to clear up a few misconceptions about what Stealth Media is and how it works. This is not firmware stealth. Reading the firmware itself for changes is not controlled by the firmware itself, it is a low level hardware function which cannot be stopped by firrmware code.
A firmware check routine which calculated a checksum and returned that to the host was already found in V1 and was modified to always return the correct unmodified firmware value. I think this was a last minute check incorporated by MS as they new the firmware code was not signed.
Stealth Media is all about making a backup disc appear to the Xbox360 host exactly the same as an original. Although this was already done by the Security Sector and the challenge/response, there remained a number of differences on the disc that are currently not checked for. It would be very easy for the dash or the particular game to perform these extra disc checks. There are four main aspects to Stealth Media:
PSN Lockdown:
-------------
This is a two part process:
Before disc authentication (security sector,challenge response) is performed the drive will only allow vaild PSN reads as defined in the PFI sector. This is currently the standard video partition. Any request to read outside this range is not allowed - as per originals. (No more reading of the backup PFI,DMI,SS sectors.)
After disc authentication is performed and the drive is unlocked only valid PSN reads are allowed from the range defined by the Security Sector, this is the standard game partition. Any request to read outside this range is not allowed - as per originals.
PFI Sector (Physical Format Information):
-----------------------------------------
This sector is contained within the lead-in and contains information about its physical format. Disc booktype, start PSN and end PSN and Layerbreak are contained here. Currently all Xbox360 and Xbox1 games have the same PFI information, but that may change.
On Writable media (our backups), this also contains media specific information such as Media Code/Manufacturer ID and Media Product Revision number.
Any requestes for this information is now redirected to the the PFI sector now at $04FB1D (for Xbox 360 backups) or $0605FD (Xbox 1 backups), if it exists. If it does not exist (pre V3 backup) a seperate embedded PFI is used for Xbox 360 and Xbox 1.
DMI Sector (Disk Manufacturing Information):
------------------------------------------
This sector is also contained within the lead-in and contains information about the Disc manufacturer, such as Company name, batch id etc. This is currently different for each Xbox360 and Xbox1 game in each region.
Any requestes for this information is now redirected to the the DMI sector now at $04FB1E (for Xbox 360 backups) or $0605FE (Xbox 1 backups).
A pre V3 backup will always return blank information for this. (A possible detection method.)
Video Partition:
----------------
When Extreme V1 was released ,the disc build included a blanc video partition as it wasnt required for games to boot. As this can be checked by the XBox360 host, the standard video partition from any game was included with the stealth firmware. This is nothing new, just put back in for correctness!
Conclusion:
-----------
As of today , none of these extra disc checks are being performed, but it is only a matter of time before a game will. The same sort of checks were introduced to XBox1 games a while ago. I performed an exhaustive check of every command that the Samsung firmware can respond to and these differences were discovered.
The Samsung firmware only supports a limited subset of commands from the MMC-3/4 standards so not all commands exist compared to a standard PC drive, so anyone testing for media specific information should bear this in mind.
Non-Stealth backups will still boot with stealth firmware and will be enhanced with the PSN Lockdown and PFI Sector embedded in the firmware. These backups will have no DMI and possibly have a blank video partition, both of which can be checked for.
Stealth backups will still boot with non-stealth firmware but will be exposed to the above top three differences (PSN Lockdown,PFI,DMI) making the backup detectable. Correct Video partition is present.
Via Xbox Hacker BBS
45 Jumps PSP homebrew - PSP live TV v0.3
35 Jumps PSP homebrew - PSP Live TV v0.4
18 Jumps PSP homebrew - QMixer v1.0
17 Jumps Buy two, get one free at Best Buy
13 Jumps Atlus now mass-recruiting debuggers
Contact Us:
The QJ.net Network |
 |
| Site | Feed |
| QJ.NET | RSS |
| Nintendo DS | RSS |
| PlayStation 3 | RSS |
| PSP Updates | RSS |
| Wii | RSS |
| Xbox 360 | RSS |
| MMORPG | RSS |
| Personal Computer Games | RSS |
| iPhone - iPod Touch | RSS |
| QJ.NET Forums | RSS |
Add QJ.NET
User Favorites - December
User Favorites - December
Categories
Archives
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
Comments [refresh]
one step closer to fullproof