Copy Link
Add to Bookmark
Report

Imaging your XBOX HDD using dd (in QNX OS)

xbox's profile picture
Published in 
xbox
 · 9 months ago

This is one method for imaging/cloning your XBOX HDD. It is by no means the only method.

Index

  1. REQUIREMENTS AND OPTIONS
  2. WARNINGS
  3. UNLOCKING THE XBOX HD
  4. FILE SIZE LIMITS
  5. IMAGING
  6. USING OPTIONS
  7. CLONING

1) REQUIREMENTS AND OPTIONS

  • A Disassembled XBOX

(THIS VOIDS THE WARRANTY AND PRESENTS A POTENTIAL SAFETY HAZARD)

  • A fairly recent PC system with an available standard IDE interface.
  • A bootable QNX (www.qnx.com) OS.

I used QNX because it installs quickly from CD ROM, and has a tiny footprint, but this should be possible with Linux as well. Free OSes rule!

  • A spare IDE/ATA HDD of equal or greater capacity than the XBOX HH, and/or equivalent free space on an existing file system.

OPTIONS:

  • Networking components (NIC, drivers, cables, hubs, switches, etc.)
  • LAN with server(s) featuring disks with file systems such as NTFS that support large file sizes, and networking drivers, protocols installed necessary to share files on the LAN.
  • SMB network file system manager/client (CIFS.) This is included with QNX.

2) WARNINGS

  • Running the XBOX with the cover off, and the power supply exposed presents a safety hazard. Be extremely careful when working around the open XBOX with the power on.
  • A serious or fatal electrical shock could ruin your day.
  • Swapping cables, and working near live circuits can also potentially cause damage to the electronics if not handled carefully. If a metal part or a tool falls onto live circuits, you could roast something.
  • Watch out for static electricity. Prior to handling components, or swapping cables, touch the chassis of your PC with the back of your hand to discharge any built-up static charge on your body.
  • I, and the publisher, SiliconIce, assume no responsibility for any damage to you or your stuff. This is provided for informational purposes only.
  • Just watch yerself, OK?

3) UNLOCKING THE XBOX HDD

Since the XBOX HDD has the ATA Security feature enabled, you'll need to unlock it before you attempt to image it. This is the cable swap method. Setup your XBOX and your PC right next to each other, such that the PCs available IDE drive cable, and power connector can reach the XBOX HDD.

  • Connect an available power connector from the PCs power supply to the XBOX HDD.
  • Connect the IDE cable from XBOX to the the XBOX HDD.
  • Power up the PC and hit the "Pause" key before it autotypes the drives.
  • Power up the Xbox to the idle Dashboard.
  • During the Xbox startup, the Xbox transmits the password via the ATA Unlock Command, and the drive is unlocked.
  • Now, carefully disconnect the Xbox IDE cable from the Xbox hd.
  • Plug the PC IDE cable into the Xbox hd.
  • Hit any key on the PC keyboard to let it continue to boot.
  • Now the drive is unlocked and reconnected to the PC, ready for read(/write?) operations.

4) FILE SIZE LIMITS

As with many Unix/Linux OSes, there is a 2GB file size limit with QNX due to it’s use of the minix filesystem, which kinda sucks. This means breaking the image in to smaller chunks. However, I decided that during analysis, smaller files would be easier to handle than one huge file. So, breaking the image into eight 1GB files makes some sense. I have the 8GB Western Digital HDD.

For Linux, it probably depends on the distribution, the file system, and the processor. However, I think tweaking, and relinking the kernel in Linux for larger file support (LFS) is probably easier than it is in QNX.

Be aware that there may be a file size limit on some file systems. If your OS can handle large file sizes, then you can adjust your dd options to read/write larger images.

5) IMAGING

To make images of the XBOX HDD, you can use the standard dd util in a shell script. When using dd, you must use the raw block device. With QNX, the first IDE hd is /dev/hd0. If you connected the XBOX HDD to the secondary IDE then it’s /dev/hd1.

Use df to display the total blocks on the disks. This display is for the Western Digital 8GB, yours may look different.

# df -P

Filesystem 512-blocks Used Available Capacity Mounted on

/dev/fd0 0 0 0 100% 

/dev/hd1 15633073 15633073 0 100%

/dev/hd0t79 156344517 16213159 140131358 11% /

/dev/hd0 156355585 156355585 0 100%

#

/dev/hd1 shows 15633073 blocks (512 byte sectors.)

15633073 is not evenly divisible, but 15633072 is.

15633072 / 8 = 1954134

Just include the odd sector in the last file. So, the first seven files will be 1954134 blocks each, and the last will be 1954135.

dd can take bytes or blocks, I just kept it as blocks.

The "skip" parameter is for skipping past the previously imaged sectors.

I created eight image files of roughly 1 GB each.

Create the script using the vi editor:

# vi getxboxhd

Type the letter "i", for insert mode, and type, or cut & paste these lines in:

# Western Digital 8GB 

dd if=/dev/hd1 of=/xbx/xfile1 ibs=512 obs=512 count=1954134

dd if=/dev/hd1 of=/xbx/xfile2 ibs=512 obs=512 skip=1954134 count=1954134

dd if=/dev/hd1 of=/xbx/xfile3 ibs=512 obs=512 skip=3908268 count=1954134

dd if=/dev/hd1 of=/xbx/xfile4 ibs=512 obs=512 skip=5862402 count=1954134

dd if=/dev/hd1 of=/xbx/xfile5 ibs=512 obs=512 skip=7816536 count=1954134

dd if=/dev/hd1 of=/xbx/xfile6 ibs=512 obs=512 skip=9770670 count=1954134

dd if=/dev/hd1 of=/xbx/xfile7 ibs=512 obs=512 skip=11724804 count=1954134

dd if=/dev/hd1 of=/xbx/xfile8 ibs=512 obs=512 skip=13678938 count=1954135

Press the key to exit insert mode.

Press to save and exit the vi editor.

Chmod it for executable:

# chmod 744 getxboxhd

Run it:

# getxboxhd

Go find something else to do, this will take a long time to run. I’m sure there is a cleaner way to do this, like a speedy C program, but the script here requires no compliation/linking. While the script is running, after each dd line is done you’ll see the Records in/Records Out telling you that it copied the sectors to a file. When it is finished, you’ll be back at the command prompt.

Type ls to see the files:

# ls -al /xbx 

total 15633084

drwxrwxr-x 2 root root 2048 Jan 08 17:48 .

drwxrwxr-x 13 root root 4096 Jan 08 17:48 ..

-r--r--r-- 1 root root 1000516608 Dec 15 17:23 xfile1

-r--r--r-- 1 root root 1000516608 Dec 15 22:56 xfile2

-r--r--r-- 1 root root 1000516608 Dec 15 23:28 xfile3

-r--r--r-- 1 root root 1000516608 Dec 16 00:10 xfile4

-r--r--r-- 1 root root 1000516608 Dec 16 01:00 xfile5

-r--r--r-- 1 root root 1000516608 Dec 16 02:00 xfile6

-r--r--r-- 1 root root 1000516608 Dec 16 03:09 xfile7

-r--r--r-- 1 root root 1000517120 Dec 16 04:28 xfile8

#

Now you can use spatch to browse the files.

# spatch –b /xbx/xfile3

You should be able to use one of the file dumper utils that are out there to extract the actual xbox disk files from the images. Also, you can modify the script and add the date and time to the filename so if you image additional files, they will be unique:

filedate=`date "+%m%d%y.%H%M"` 

dd if=/dev/hd1 of=/xbx/xfile1.$filedate ibs=512 obs=512 …… ……

dd if=/dev/hd1 of=/xbx/xfile2.$filedate ibs=512 obs=512 …… ……

6) USING OPTIONS

Now that you have the image files, you may want to copy/move them to other systems for analysis. If you have an NT or Win2K system with large NTFS disks, you can copy the files there and use your favorite Windows tools. I used QNX’s fs-cifs SMB manager/client. This allows the QNX system to communicate with and use SMB network shares.

First, I created a share on my Win2k system called XBSHARE. Then, on the QNX system, I launched fs-cifs to mount that share:

# fs-cifs –a //win2kbox:192.168.1.20:/XBSHARE /xshare username password

I’m not sure why, but fs-cifs requires both Netbios name and IP. The –a option spoofs POSIX calls to get rid of error messages that occur when apps attempt to chmod/chown the files on the share. This option is not required. The /XBSHARE is the share I created on the win2k system. The /xshare is the local QNX mountpoint for the share. Username and password must be any valid user account on the win2k system that has permissions to read & write the shared directory.

Now copy the files to /xshare:

# cp /xbx/xfile? /xshare

This will take a long time, too. You could dd the files directly to the share, but this is really really slow. Another option is to dd the files to another local disk that is formatted FAT16. When dd script is complete, shutdown, and move the FAT16 drive to another system.

7) CLONING

I have not cloned the XBOX HDD to another HDD, yet. However, I believe the cloning procedure should be much the same as imaging to a file, or files using dd. You can dd from one disk to another, but I suggest that the disks be on different IDE channels. Put the XBOX HDD on as a secondary IDE master, and the spare disk on as primary IDE slave. Make sure you know which drives are which before doing the dd.

The primary master should be /dev/hd0.

The primary slave should be /dev/hd1.

The secondary master (Xbox hd) should be /dev/hd2

Again, with file size limits, the blocks/sectors may need to be copied in chunks.

You could dd something like this:

dd if=/dev/hd2 of=/dev/hd1 ibs=512 obs=512 count=n 

dd if=/dev/hd2 of=/dev/hd1 ibs=512 obs=512 skip=n count=n

dd if=/dev/hd2 of=/dev/hd1 ibs=512 obs=512 skip=n*2 count=n

dd if=/dev/hd2 of=/dev/hd1 ibs=512 obs=512 skip=n*3 count=n

: :

: :

etc.

Replace n for the count and skip options with the correct block numbers similar to the image script. Once you have cloned the drive you could use spatch, or your favorite sector editor

I hope this guide is useful to you.

Happy hacking.

-xbill

← previous
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT