This is one method for imaging/cloning your XBOX HDD. It is by no means the only method. Index REQUIREMENTS AND OPTIONS WARNINGS UNLOCKING THE XBOX HD FILE SIZE LIMITS IMAGING USING OPTIONS CLONING 1) REQUIREMENTS AND OPTIONS A Disassembled XBOX (THIS VOIDS THE WARRANTY AND PRESENTS A POTENTIAL SAFETY HAZARD) A fairly recent PC system with an available standard IDE interface. A bootable QNX (www.qnx.com) OS. I used QNX because it installs quickly from CD ROM, and has a tiny footprint, but this should be possible with Linux as well. Free OSes rule! A spare IDE/ATA HDD of equal or greater capacity than the XBOX HH, and/or equiva...

The system software of the Microsoft® Xbox® game system will provide a small, fast, safe, robust, and customizable environment to enable the creation of great games for the Xbox game system. It will provide a set of useful common services to be taken advantage of by game developers, such as networking and file system input/output, so that developers can focus on creating great games. It will also provide an attractive, easy-to-use interface for functions other than running games, such as playing DVD movies or CD music or configuring the Xbox console. The Xbox system software will have these components: The Xbox read-only memory (ROM) ...

written by Andrew de Quincey , 5 May 2002 XDVDFS v0.2 Andrew de Quincey (adq@tardis.ed.ac.uk) This document describes the filing system present on XBOX game DVD disks. On a CD or DVD disk, sectors are 2048 bytes long. Xbox media also appear to have regular 8MB spaces reserved for “security placeholders”. It is hypothesised that these are where Microsoft will place digital signatures for each data area on the disk, thus guaranteeing security from corruption or tampering. It appears that the TOC of game DVDs has also been modified so that disks appear to contain much less data than they actually do (preventing casual copying of game data). ...

written by Michael Steil , 8 May 2002 An Xbox that has never played a game or imported an audio CD has the following files on its hard disk volumes: 0 Game Cache 1 /XMTAXBOX.XBE 1347584 Total: 1,347,584 This partition will be deleted when a game is run. The meaning of this file is unknown. 1 Game Cache 2 empty Amazingly, although there are no directory entries, there is a lot of binary data on this partition. Its bzip2-compressed size is about 150 MB. 2 Game Cache 3 /BUFFER.IN 32768 /FFT.IN 286720 Total: 319,488 The meaning of these files is unknown. This partition has a compressed size of more than 7 MB, it also contains addi...

written by Michael Steil , 2 May 2002 The Xbox hard disk contains files in some different formats, most of which are new: *.xbe XBE files are signed Xbox executables. Their format is similar to the Win32 PE format. *.xtf It is unknown what the XTF files contain. The hard disk contains two of them (Xbox Book.xtf and Xbox.xtf, about 15 MB each). They start with "XTF0 \0\0\0" followed by its file name without extension and compress down to less than 6 MB. They might contain image data, because every fourth byte is 0. *.xip XIP files (Xbox ZIP?) are uncompressed archives containing several files, usually of the types xm, xap and xbx. Offset S...

written by Michael Steil, 1 May 2002 (Updated 26 September 2002) Seagate (10 GB) Harddisk information as reported by hdparm -i Model=ST310211A, FwRev=6.55, SerialNo=6DB2WQW2 Config={ HardSect NotMFM HdSw>15uSec Fixed DTR>10Mbs RotSpdTol>.5% } RawCHS=16383/16/63, TrkSize=0, SectSize=0, ECCbytes=0 BuffType=unknown, BuffSize=512kB, MaxMultSect=16, MultSect=16 CurCHS=16383/16/63, CurSects=16514064, LBA=yes, LBAsects=19541088 IORDY=on/off, tPIO={min:240,w/IORDY:120}, tDMA={min:120,rec:120} PIO modes: pio0 pio1 pio2 pio3 pio4 DMA modes: mdma0 mdma1 mdma2 udma0 udma1 *udma2 AdvancedPM=no WriteCache=enabled Drive ...

written by Michael Steil , 26 June 2002 The Xbox uses a Pentium III compatible CPU manufactured by Intel. The exact features of any IA-32 CPU can be found out using the assembly instruction CPUID. Here is what the Xbox CPU returns: CPUID Function 0 Get maximum supported standard level and vendor ID string Register(s) Contents Comment EAX 2 Maximum supported standard level EBX-EDX-ECX "GenuineIntel" Intel processor CPUID Function 1 Get processor type/family/model/stepping and feature flags Register(s) Contents Comment EAX 0x68a Family 6 (Intel P6/P2/P3) Model 8 (P3 (0.18 痠) with 256 KB on-die L2 cache) Stepping 10 EBX ...

written by Franz Lehner and Jeff Mears , 25 September 2002 struct eeprom { /* 256 Bytes */ unsigned char data_hash[20]; // 0x00 - 0x13 HMAC_SHA1 hash of next two fields unsigned char crypted_confounder[8]; // 0x14 - 0x1B see HMAC docs unsigned char crypted_hddkey[20]; // 0x1C - 0x2F encrypted hard disk key unsigned char region[4]; // 0x30 - 0x33 encrypted region code unsigned char serial[12]; // 0x34 - 0x39 Xbox serial number in ASCII unsigned char mac_address[6]; // 0x40 - 0x45 Ethernet MAC address unsigned char pad_1[2]; // 0x46 - 0x47 always zero? unsigned char unknown_2[1...

written by Michael Steil , 1 May 2002 The Xbox hard disk is protected with an ATA password, i.e. it has to be unlocked by transmitting the 32 byte password to it at boot time, or else any read and write requests will be rejected. Just putting the hard disk into a Linux computer results in loads of errors when the kernel tries to read the partition table, but the hard disk type and layout are correctly detected. To be able to access the data, there are two possibilities: Find out the ATA password and modify the Linux kernel so that it unlocks the hard disk at boot time. Make the Xbox unlock the drive and use it in the Linux computer. Makin...

written by Michael Steil , 8 May 2002 With the Xbox hard disk conntected to your linux computer, you can just make an image by running the following line as root: dd if=/dev/hdc of=xbox-image.raw bs=1m Note that you need kernel 2.5 or above and a file system that supports files bigger than 2 GB (e.g. not ext2 or FAT), because the image size will be about 10 GB. It is possible to split the image into 1 GB files: dd if=/dev/hdc bs=1m | split -b 1024m If you want to experiment with the image contents, it might make sense to read the partitions into single files, as described in the table below. (It might be a good idea to com...

written by SpeedBump , 5 May 2002 The XBox harddrive uses a fairly old but relatively unused set of security commands to prevent easy access to it's built in drive. However, since the password system does not specify any form of challenge/reply system the password is transmitted in "clear" form. Thus with the right equipment and a little bit of patience you can easily read the values. The ATA spec provides a command labeled SECURITY UNLOCK (command code 0xF2) which provides a means for passing a 32 byte password to an IDE drive in order to unlock it. There are two passwords, a master and a user password. The xbox uses the user pas...

written by Michael Steil , 5 September 2002 (Updated 7 September 2002) Standard Linux distributions do work on the Xbox, with minor modifications. To run SuSE Linux as a server or for X Window and KDE or Gnome, you only have to change two lines in the Linux kernel, disable one init script, install two drivers for audio and networking and use our X Window configuration file. This article is a step-by-step tutorial to install SuSE 8 with X-Window on the Xbox. Ingredients You will need an Xbox that is equipped with a 10 GB drive (most are; bigger hard drives not tested) and with any modchip a SuSE 8 compatible PC with a network card SuSE Lin...

written by Milosch Meriac , 16 August 2002 In this release of our Xbox-Linux Distribution, the IP-Configuration is set to fixed values. Your Xbox will boot using the IP address 192.168.0.64 and a 255.255.255.0 Netmask. To gain access to your Xbox some preconditions have to be met: A. Your Computer and your Xbox have to be connected somehow: 1. You need a network card in your personal computer. 2a. Either you need either a network hub or network switch to connect the Xbox and your second computer. 2b. Or a crosslinked standard RJ-45 twisted pair network cable to connect them directly. 3. TCP/IP support has to be enabled on your persona...

by Edgar Hucek , 6 September 2002 My goal was it to bring Debian GNU/Linux to the XBOX. This Document describes the steps which are needed to install Debian on your XBOX. History 06 September 2002 : Written for Version 0.0.3 13 September 2002 : Adapted for Version 0.0.4 What do you need? a modded Xbox with a 10 GB hard disk or an upgraded one my Xbox Linux install CD from Sourceforge a CD/RW which works in your XBOX drive a PC or Router which acts as internetgateway, for installing additional packages !!! Warning !!! It is highly recomended to make a backup of your XBOX harddisk. How to start After downloading the Xbox Linux insta...

written by Michael Steil , 8 October 2002 There are many files on the download page, ISOs, ROMs, distributions, tools etc., so this article is supposed to show you the easiest way to running the Linux operating system on your Xbox. What you get You can already install Linux on your Xbox. You can even run Mandrake 9: We provide an installation CD that installs Mandrake Linux 9 with Gnome, KDE and everything onto your Xbox hard disk, with only slight modifications. This Linux installation behaves exactly like every PC installation of Mandrake Linux 9. You can browse the internet, write e-mail, work on text or spreadsheet documents, listen t...

written by Michael Steil , 7 May 2002 Since irregularities in the FATX filesystem might cause errors in the Xbox kernel, I did some modifications on partition 3 (System) to see how the Xbox reacted. Size/Loop Hack of xboxdash.xbe file In the FATX directory entry, there is the size of the file in bytes and the first cluster containing the file contents. Subsequent clusters are found by looking at the FAT: there is an entry for each cluster pointing to its successor or to $ffff (or $ffffffff on FATX32, partitions 0,1,2 and 4) if it's the last cluster. There can be two different irregularites in this system: There is a loop in the cl...

written by Michael Steil , 15 May 2002 The first 512 KB of the Xbox hard disk form the "Disk Config Area", or, simply spoken, the header of the hard disk. Other documents point out that there is various data in this area, but the function of all but two fields is unknown. At 0x600, there is the four character signature "BRFR", followed by a 32 bit value, which is the number of boots of the Xbox (or the number of mounts of the FATX partitions?). I wanted to find out how the Xbox reacted when the hard disk header was modified, so I just overwrote the whole 512 KB are with 0xff bytes. The Xbox still booted without any noticable change. The h...

written by Daniel Wang , 1 July 2002 Possibly worth pursuing? I heard on some BBS (I forgot where it was) hackers discussing how to screw the XBox ala IIS-style with a buffer overrun in the stack parse. Apparently the XBox uses parseflags/parseheaders, but it prevents attacks by placing this in a predictable location (the front or back), writing the checkteam or hash, as well as the block and sector size of each part; the XBox does not begin parsing until a certain header size or flag is reached, then it only parses if the size and stuff is correct. This investigation only takes a bit of time and UFS discs but I don't have my XBox...

written by Michael Steil , 2 June 2002 My proposal for booting Linux from within the Xbox kernel uses many ideas of anonymous' ideas, but might be simpler, because we do not have to defragment the Linux kernel and we can stay in Protected Mode. Using MmMapIoSpace, we can get a window in virtual memory straight through to physical memory. The Linux kernel needs to be at 1 MB in physical memory in order to get started, so we use this call to be able to copy it there directly without having to defragment it. But there are some problems: we might overwrite parts of the NT kernel we might overwrite parts of our own code we might overwrite ...

written by anonymous , 28 May 2002 Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved. Copyright (C) 2002 anonymous. (Thanks to the Free Software Foundation for that legalese.) Windows NT and Xbox are registered trademarks of Microsoft Corporation. No affliation between the author and Microsoft Corporation and the author exists or is implied. This document is an idea of how to get Linux started on the Xbox after the security measures have been broken. Think of it as a design specification for Phase 2 of the project, "Write Boot Loader". By no means is this intended to be ...