Possibly one of many craziest console hacks ever (even for this sequence) was the Kamikaze Hack for the Xbox 360, which concerned drilling a gap within the DVD Drive’s chip.
Crazy Hacks – What’s this all about?
In this sequence of articles, we’ll be discussing imaginative hacks for numerous consoles and units. Some grew to become immediately fashionable on the time of their launch, others have been a bit obscure or received forgotten with time, however all of them have been actually loopy on this author’s humble opinion. From “It’s so dumb it could’t presumably work” to “wait, how did they even consider that?” and the whole lot in between, we hope you’ll take pleasure in this sequence.
Physically drilling a gap within the chip. What’s the worst that might occur?
Most of the early days of XBox 360 hacking consisted in hacking the DVD Firmware on the consoles. Our very personal Acid_Snake had this to say concerning the unique XBox 360 hacks:
For consoles with optical discs, the disc reader is an important and vital sector in stopping piracy and unlicensed video games. It’s easy: the sport disc has one thing particular that no different disc has and the laser drive is personalized to have the ability to inform this distinction, basically letting the underlying BIOS or OS know if the disc is legit or not. Hardware makers can use particular and closed equipment to craft recreation discs in a approach that permits the system to distinguish them from customary discs and drives, and since this info is often closed and the {hardware}/course of concerned in creating the discs is strictly locked behind doorways, it’s virtually not possible for outsiders to copy the construction a legit recreation disc has to have the ability to bypass the safety.
So we face the issue that we can not craft our personal discs to be similar to legit ones, now we have two choices at this level if we need to obtain disc-based hacks: both we hack the drive in order that it ignores the disc safety and all the time tells the system that it’s booting a licensed recreation, or we hack the system itself so it ignores the disc drive telling it that the disc isn’t legit
The Firmwares on the DVD Drives have been encrypted with unique-per-device keys, however these have been “pretty simple” to amass, through a mixture of software program and {hardware} means. Microsoft repeatedly launched new {hardware} revisions of their DVD drives, however hackers have been often in a position to present key-acquisition strategies shortly after every new revision. It was then solely a matter of flashing again a customized firmware on the DVD Drive, to let it settle for unofficial discs. (For extra particulars on these “early days” Xbox 360 hacks, please learn Acid_Snake’s wonderful article.)
In 2010, with the discharge of the XBox 360 slim, Microsoft tried to tighten that safety mechanism, and launched a brand new DVD mannequin, the Lite-on DG16D4S. The drive was bodily locked into “learn solely” mode, that means that even when its encryption keys have been acquired, it could be not possible to jot down any Custom firmware again to the drive. Adding insult to the harm, the SoC was encased in epoxy resin to fend off {hardware} hacks makes an attempt.
It was nonetheless potential to learn the contents of the drive’s firmware (because of the work of hacker Geremia and his instrument tarablinda), and clone it onto older drives, on which customized firmwares may then be put in. This “DVD Drive swapping” or spoofing approach was fairly helpful for hacking functions, but additionally for legit Xbox customers with a damaged DVD Drive who needed to “remarry” their alternative DVD Drive with its motherboard, by copying the keys.
Geremia’s instruments allowed folks to assemble encryption keys from the brand new Xbox 360 drives.
But DVD Drive swapping required to make use of a “donor” drive, which wasn’t essentially sensible for everybody.
The thriller remained for some time, as to how the DG16D4S was locked. But in August 2011, Geremia resurfaced, and revealed a powerful method to take away the “learn solely” standing of the drive, by (you’ve guessed it by now) drilling a gap within the DVD drive’s flash chip.
What was initially named the Geremia Winbond Unlock shortly grew to become generally known as the XBox 360 Kamikaze hack. A becoming title, given the dangers concerned: drill an excessive amount of, or on the improper place, and as an alternative of unlocking your drive you’ll merely destroy it.
This one in all probability didn’t make it
The drilling was used as a method to shortcut some particular wires contained in the chip (a way most probably found by the hackers by means of decapping of the chip), which have been chargeable for the read-only state. Because the chip was multi-layered, drilling too far would danger damaging different essential elements inside it. (That’s additionally why “merely” reducing the pins outdoors the chip would have impacted different layers of the chip, and subsequently wouldn’t have labored.)
Drilling is likely to be a powerful phrase right here (some of us stated it was higher to dig a tiny gap with a heated needle), and a few folks may need taken it a little bit bit too significantly. The hack wasn’t for the faint of coronary heart, and a gradual hand was required. Multiple folks ended up damaging their chips, however a considerably larger quantity have been simply impressed at how the hack merely labored! Automated ({hardware}) instruments have been even made to assist with the drilling course of, telling folks precisely when to drill and when to cease.
Xbox 360 Kamikaze Hack – Where are they now?
Soon after the Kamikaze hack was launched, Microsoft began pushing new revisions of DVD Drives to the Xbox 360. The 16D5S introduced a brand new set of problems for hackers, and the Kamikaze hack wasn’t helpful on these.
What different loopy hacks have you ever witnessed? Let us know within the feedback!
