HomeQJ.NETXbox 360Xtreme Firmware 3.0 for TS-H943 Xbox 360 (Stealth Firmware): What Is It Really About?

Xtreme Firmware 3.0 for TS-H943 Xbox 360 (Stealth Firmware): What Is It Really About?

August 16, 2006

xbox 360A while back, Commodore4eva (C4eva 4 short) released his Xtreme Firmware 3.0 for TS-H943 Xbox 360 – the world’s first stealth firmware for the 360. What it does is make backups of games appear exactly as original disc, regardless of the disc check command used by Xbox 360. We posted an article on this where you can read the full details about it and all it takes to see it is for you to click here. Apparently, C4eva has received a lot of questions and misconceptions about this stealth firmware so he took the time to explain it.

Read C4eva’s explanation after the jump!

xbox 360A while back, Commodore4eva (C4eva 4 short) released his Xtreme Firmware 3.0 for TS-H943 Xbox 360 – the world’s first stealth firmware for the 360. What it does is make backups of games appear exactly as original disc, regardless of the disc check command used by Xbox 360. We posted an article on this where you can read the full details about it and all it takes to see it is for you to click here. Apparently, C4eva has received a lot of questions and misconceptions about this stealth firmware so he took the time to explain it. And he writes:

Stealth Media
—————–
This is to clear up a few misconceptions about what Stealth Media is and how it works. This is not firmware stealth. Reading the firmware itself for changes is not controlled by the firmware itself, it is a low level hardware function which cannot be stopped by firrmware code.

A firmware check routine which calculated a checksum and returned that to the host was already found in V1 and was modified to always return the correct unmodified firmware value. I think this was a last minute check incorporated by MS as they new the firmware code was not signed.

Stealth Media is all about making a backup disc appear to the Xbox360 host exactly the same as an original. Although this was already done by the Security Sector and the challenge/response, there remained a number of differences on the disc that are currently not checked for. It would be very easy for the dash or the particular game to perform these extra disc checks. There are four main aspects to Stealth Media:

PSN Lockdown:
————-
This is a two part process:

Before disc authentication (security sector,challenge response) is performed the drive will only allow vaild PSN reads as defined in the PFI sector. This is currently the standard video partition. Any request to read outside this range is not allowed – as per originals. (No more reading of the backup PFI,DMI,SS sectors.)

After disc authentication is performed and the drive is unlocked only valid PSN reads are allowed from the range defined by the Security Sector, this is the standard game partition. Any request to read outside this range is not allowed – as per originals.

PFI Sector (Physical Format Information):
—————————————–
This sector is contained within the lead-in and contains information about its physical format. Disc booktype, start PSN and end PSN and Layerbreak are contained here. Currently all Xbox360 and Xbox1 games have the same PFI information, but that may change.

On Writable media (our backups), this also contains media specific information such as Media Code/Manufacturer ID and Media Product Revision number.

Any requestes for this information is now redirected to the the PFI sector now at $04FB1D (for Xbox 360 backups) or $0605FD (Xbox 1 backups), if it exists. If it does not exist (pre V3 backup) a seperate embedded PFI is used for Xbox 360 and Xbox 1.

DMI Sector (Disk Manufacturing Information):
——————————————
This sector is also contained within the lead-in and contains information about the Disc manufacturer, such as Company name, batch id etc. This is currently different for each Xbox360 and Xbox1 game in each region.

Any requestes for this information is now redirected to the the DMI sector now at $04FB1E (for Xbox 360 backups) or $0605FE (Xbox 1 backups).

A pre V3 backup will always return blank information for this. (A possible detection method.)

Video Partition:
—————-
When Extreme V1 was released ,the disc build included a blanc video partition as it wasnt required for games to boot. As this can be checked by the XBox360 host, the standard video partition from any game was included with the stealth firmware. This is nothing new, just put back in for correctness!

Conclusion:
———–
As of today , none of these extra disc checks are being performed, but it is only a matter of time before a game will. The same sort of checks were introduced to XBox1 games a while ago. I performed an exhaustive check of every command that the Samsung firmware can respond to and these differences were discovered.

The Samsung firmware only supports a limited subset of commands from the MMC-3/4 standards so not all commands exist compared to a standard PC drive, so anyone testing for media specific information should bear this in mind.

Non-Stealth backups will still boot with stealth firmware and will be enhanced with the PSN Lockdown and PFI Sector embedded in the firmware. These backups will have no DMI and possibly have a blank video partition, both of which can be checked for.

Stealth backups will still boot with non-stealth firmware but will be exposed to the above top three differences (PSN Lockdown,PFI,DMI) making the backup detectable. Correct Video partition is present.

Via Xbox Hacker BBS

Related Posts

About The Author

qjadmin

Add a Comment

Your email address will not be published. Required fields are marked *