Xbox Hard Disk Header Hacking
written by Michael Steil, 15 May 2002
The first 512 KB of the Xbox hard disk form the "Disk Config Area", or, simply spoken, the header of the hard disk. Other documents point out that there is various data in this area, but the function of all but two fields is unknown. At 0x600, there is the four character signature "BRFR", followed by a 32 bit value, which is the number of boots of the Xbox (or the number of mounts of the FATX partitions?).
I wanted to find out how the Xbox reacted when the hard disk header was modified, so I just overwrote the whole 512 KB are with 0xff bytes. The Xbox still booted without any noticable change. The header still contained most of the the 0xff's afterwards, except between 0x600 and 0x7ff: The Xbox recreated the signature "BRFR" at 0x600 and filled the rest of the sector (until 0x7ff) with zeros, thus setting the number of boots to 0.
To find out more about the meaning of the header, there would still be some experiments to do:
- What does the Xbox do when every byte is 0xff, but the signature is intact?
- Does the Xbox always overwrite 0x600 to 0x7ff if the signature is not intact?
If the Xbox does nothing as long as the signature is intact, it always overwrites the sector if it isn't, and nothing but the number of boots gets changed after many reboots and many hours of playing (this is what I assume), this will tell us the following:
- Only sector #3 (0x600-0x7ff) of the header is ever read and therefore relevant.
- The sector has only two fields:
- the ASCII string "BRFR" at position 0, which is always present
- the 32 bit number of boots at position 4, which is irrelevant for other applications
- There is no explicit partition table in the header, so there is none anywhere on the disk.
So, to recognize an Xbox hard disk, a program has to test whether the 4 byte signature is present.
