Console hackers are some of the most headstrong people out there. If they want unfiltered access to a console’s hardware and software, they’ll always find a way. Usually, this is done through some soft-modding techniques, like taking advantage of a buffer overflow somewhere in a game’s code, or exploiting a port on the console. Occasionally, hard-modding techniques are used, like hardwiring a modchip onto the board. If that already sounds like an invasive method to you, you’re in for a real treat.
The Xbox 360’s security system
Microsoft took extra measures this time around
The original Xbox was a learning experience in many ways for Microsoft. Their first gaming console was a success, although security was a big issue, as it was for many consoles released in the early 2000s. Microsoft responded by implementing a hypervisor security system in the Xbox 360, which essentially stops any kind of unsigned code from being run on the system. If you wanted unfiltered access to the hardware, you needed to go through the hypervisor.
When hackers were initially taking stock of the Xbox 360 and its potential attack vectors, they quickly realized that coming up with a method to defeat the hypervisor would be a big challenge. Instead, focusing on breaking the DVD drive’s security could allow them to at least play backup disks, hypervisor notwithstanding. Homebrew would take a complete defeat of the hypervisor, and that’d have to wait.
Since the DVD drive is “underneath” the hypervisor as it were, there was technically very little in the way of users flashing a custom firmware onto the drive, and that’s exactly what happened. A hacker known as “TheSpecialist” was responsible for one of the first known videos of an Xbox 360 booting a backup copy.
The game of cat and mouse begins
The internet allowed Microsoft to continually squash exploits
Once the DVD drive’s firmware was defeated, it wasn’t long before Microsoft started their counter-attack. Those responsible for the initial hacked DVD firmware didn’t release it to the public, but that didn’t stop a hacker by the name of “Commodore4Eva” from releasing his own firmware modification. Once this was done, the gloves were officially off, and Microsoft began putting drives with different revisions in their consoles, complete with different kinds of flash chips that weren’t easily as dumped. They even went as far as covering the pin contacts of these chips with thick resin in an attempt to stop hackers from getting access to them.
New modified firmware would continue to be released for these revisions, but Microsoft began banning people from Xbox Live in mid-2007 for playing online with modified drive firmware. It was easy for them to send a challenge-response to the DVD drive to ensure everything was legitimate, and if it wasn’t, they would simply ban the console.
Commodore4Eva would continue to release new versions of the firmware every time Microsoft responded with a new revision, and with these modified firmware versions came new methods to fool Microsoft’s attempts at verifying if the game media was legitimate. Users of these modified firmware revisions were frequently caught in the crossfire, however.
Ban waves would usually coincide with a large game launch, like Gears of War 2, and Call of Duty: Modern Warfare 2, and thousands of consoles would be hardware banned from Xbox Live. At that time, it was a pretty big deal that Microsoft were able to ban consoles on a hardware basis. Despite the steep consequences, it didn’t stop people from continuing to modify their firmware.
The “Kamikaze” hack
One of the craziest console mods of all time
In early 2010, Microsoft released the Xbox 360 Slim, which was a complete redesign of the Xbox 360 hardware. With this redesign came DVD drive security, which included a write-protected firmware chip. This chip was encrypted as well, just as its predecessors were, but hackers found a very unconventional way to disable the new write protection that didn’t require any kind of special hardware – just a drill, and some precision.
By de-capping the chip, hackers discovered exactly which pins were responsible for the write protection. Theoretically, one could drill through the chip to destroy these connections, rendering the chip’s contents completely exposed and able to be flashed. In practice, it worked, and people did begin to literally drill holes into their DVD drives in order to flash modified firmware.
It was quickly coined as the “Kamikaze” hack, because you only had one shot. If you messed it up, you just ruined your drive. Some people took advantage of this by offering plastic guides that you placed over the PCB with a hole over the exact position you needed to drill. You could also purchase a drive that had been pre-Kamikaze’d from those who had the technique down pat.
A bold mod gone, but not forgotten
How a drill defeated the Xbox 360’s console security
