Extracting the HD password from an XBox hard drive
written by SpeedBump, 5 May 2002
The XBox harddrive uses a fairly old but relatively unused set of security commands to prevent easy access to it's built in drive. However, since the password system does not specify any form of challenge/reply system the password is transmitted in "clear" form. Thus with the right equipment and a little bit of patience you can easily read the values.
The ATA spec provides a command labeled SECURITY UNLOCK (command code 0xF2) which provides a means for passing a 32 byte password to an IDE drive in order to unlock it. There are two passwords, a master and a user password. The xbox uses the user password.
To get to the password you need at least 22 (preferably 23) probes.
- DD(15:0) -- data pins
- CS(1:0)- -- Chip Select
- DA(2:0) -- Device Address
- DIOW- -- Device I/O Write
- DIOR- -- Device I/O Read (optional)
When dealing with hardware you need to realise that there is a difference in the voltage level of a line and the line's meaning. For the "standard" wire the low voltage condition (usually 0V) corresponds to binary 0 and the high voltage condition (2.7V, 3.3V, 5V, 12V, or whatever) is binary 1. There are signals that are "negative logic" in which case the opposite is true: 0V == binary 1, +xV == binary 0. The ata spec uses the symbol 'A' (for asserted) to indicate the high voltage condition, and the symbol 'N' (for negated) for the low voltage condition.
The CS0-1, DIOW, and DIOR lines are negative logic, which is indicated by the '-' mark after their names (above and in the spec).
There are several registers in the ATA spec, they are addressed by the combination of the CS and DA lines. Several of these registers have different meanings depending on whether they are read or written, the write meaning is shown first.
The values for these registers are:
cs1- CS0- DA2 DA1 DA bits Name
0(A) 1(N) 1(A) 1(A) 0(N) 8 Device Control Reg./Alt. Status Reg.
1(N) 1(N) X X X 16 Data Port
1(N) 0(A) 1(A) 1(A) 1(A) 8 Command Reg./Status Reg.
1(N) 0(A) 1(A) 1(A) 0(N) 8 Device Reg.
1(N) 0(A) 1(A) 0(N) 1(A) 8 LBA High Reg.
1(N) 0(A) 1(A) 0(N) 0(N) 8 LBA Mid Reg.
1(N) 0(A) 0(N) 1(A) 1(A) 8 LBA Low Reg.
1(N) 0(A) 0(N) 1(A) 0(N) 8 Sector Count Reg.
1(N) 0(A) 0(N) 0(N) 1(A) 8 Feature Reg./Error Reg.
1(N) 0(A) 0(N) 0(N) 0(N) 16 Data Reg.
The value to be placed in the register is passed on the DD lines (the data lines). When setting an 8 bit register the low bits in the data lines (0-7) are used.
The XBox appears to use a standard method for sending ata commands to it's drives. The SECURITY UNLOCK command doesn't require the use of the sector count, LBA low/mid/high, or features registers, but they get cleared anyway. The only register that we are really interested in, to begin with, is the command register. What we need to do it setup our logic analyzer to trigger (start capturing) when the command register is written to with a value of 0xF2. The method for doing this is dependent on your analyzer, RTFM. So, trigger when:
CS1 == 1
CS0 == 0
DA2 == 1
DA1 == 1
DA0 == 1
DIOW == 1
DD(7:0) == 0xF2
At this point the XBox has written the command 0xF2 (SECURITY UNLOCK) to the drive, which is now expecting the receive the password over the data lines in subsequent writes. The mode used to transfer the data is called "PIO data-out" and transfers 512 bytes of data (that's 256 16 bit writes) over the data lines, controlled by bits in the Status register. There is a good diagram in the ATA spec showing the transfer process, and you are encouraged to have it on hand when going through this the first time (the latest ATA specs can be found at www.t13.org).
The data to be transferred is:
word #0: bit 0 == 1->Master password, 0->User password
bits 15-1 == reserved (these were 0 in my case)
so the whole data word was 0x0000
word #1: first two bytes of password
word #2: second two bytes of password
...
word #16: last two bytes of password
words #17-255: reserved (these were all zero in my case)
The transfer does not begin immediately. The device (the ide drive in the xbox) must first signal that it is read to receive the data. In the PIO modes this flow control is done through the Status Register. The bits in the 8 bit status register are:
bit 7: BSY Busy (the device is busy)
bit 6: DRDY Device Ready (the device is accepting commands)
bit 5: DF Device Fault (device is unable to complete the command)
bit 4: # (Command Specific)
bit 3: DRQ Data Request (device is ready to transfer data)
bit 2: --- Unused (Obsolete)
bit 1: --- Unused (Obsolete)
bit 0: ERR Error (an error occurred while processing a command)
The transfer of data to the drive cannot occur until BSY == 0. You will see (if you are watching the DIOR line) that the xbox is polling that register waiting for the bit to clear. When it does the xbox will begin transferring the data bytes to the drive.
It is worth while for me to note that on high speed analyzers you will see the logic lines drift from their previous value to the new value. This is *normal* and is due to the capacitance of the data bus. You need to be looking at the stable signal, not at the (possibly multiple) transient values which occur during the change. This is the reason for the DIOW- line, to tell the device when the data lines are stable. Slower measurement devices will (probably) not see these transient results. If you are unfamiliar with such highspeed devices this can be confusing :)
Options for those without a logic analyzer
I have had a bunch of questions centered mainly on how to do this without the analyzer or some other specialized equipment. Generally my answer is: you probably can't. I *seriously* doubt that any generic input device on a PC can be read at anywhere near the speed required.
If someone really wants to try, my suggestion is to start with the parallel port. I do not know that much about the parallel port, but you may be able to program it to read the data at a sufficiently fast rate. It appears to have at least 9 input lines, (though some are inverted) which can be used to read the pins on the ide cable. You would have to dedicate 6 of these pins to the control signals (CS(1:0)-, DA(2:0), and DIOW-), and could use the other 3 to gather data from the DD pins. This would, of course, require multiple runs to gather all of the 16 bits for each word in the password.
The two primary questions I can't answer are the capacitance of the input pins on the parallel port, and the speed with which they can be polled. If the capacitance is too high you will be ruining the ide signals, and the xbox will almost certainly not be able to communicate with the drive at all. If that is the case it may never get to the stage of trying to transfer the password to the drive (worst case is it could overheat the IDE controller chipset). If the read speed is too low then you will not be able to get all of the state changes, and will probably not be able to read anything of use. My *guess* as to the lowest possible read rate is somewhere around 25MHz. At this rate you will probably miss some of the DIOW line changes, but should be able to see all of the actual data bus changes.
If you decide to try this, verify it works on some other drive before using your xbox drive, as I have no idea what kinds of problems might come up if it fails.
Good luck, and happy hacking.