Just being curious - i´m struggling with the "Hotplug"- Method

[KaosEngineer]

2 hours ago, SS_Dave said:

If that's the case then there is no point on nulling the HDD password if the key is calculated using the drives serial number, The way I read is the hard drive key is calculated from the Xbox serial number and nothing to do with the hard drive's model and or the serial number.

As an example you can buy a fully loaded Hard drive online that's pre locked to a nulled key and drop it in any Xbox that has a nulled HDD key.

I might be wrong and misunderstood the whole HDD locking part as I only ever unlock after a hard mod if the customer has plans to reuse the original drive for something else.

 

 

Cheers

SS Dave

Soft modding is like masturbating, It gets the job done but it's nothing like the real thing.
 

The password is computed using 3 values:

1. HDDKey stored in the motherboard's configuration EEPROM
2. HDD Model number read from the hard drive
3. HDD Serial number read from the hard drive

When the Xbox shipped from the factory, each Xbox's HDDKey was a unique value assigned to that Xbox.

The password is cryptographically computed.  It uses an HMAC-SHA1 algorithm and is computed from information read from the EEPROM and Hard Drive.  If you change the hard drive, a different password is required to unlock it.  If you change the HDDKey. a different password is computed.  However, when you make the HDDKey on multiple Xboxes the same, the password computed for that particular hard drive is the same across all Xboxes with the same HDDKey.  It, the HDDKey, does not have to be NULLed (all 0's) or all 1's just the same value as on the Xbox that the hard drive is locked to.

You can use SlavaSoft's Windows program HashCalc to compute the unlocking password. See an example in the following picture.  hddinfo.txt obtained from Evoxdash's Backup operation that also saves the eeprom.bin file along with bios.bin - 1MB dump of the current BIOS, disk.bin - first 1024 sectors of the hard drive (hidden configuration data) not assigned a partition or drive letter to access its content, and hddkey.bin - a binary copy of the compted 20-byte unlocking password with NULL bytes appended to make it 32-bytes long.  ATA Security allows for Hard drive locking passwords up to 32-bytes in length.  The Xbox computes a 20-byte value and pads the remainder with NULL bytes. (Confusion here with the naming of the various values: HDKey and HDDKey used to mean different things in different programs and Xbox scene documentation. LiveInfo app - Unique HDD Key is Evox's XboxHDKey.)

The first 19 characters of the hard drive model number and 20 characters of the serial number are concatenated together and pasted into the Text String-format Data box. Leave all space characters and dashes in these two text strings.  The XboxHDKey (EEPROM's HDDKey) is copied into the HMAC-checked Hex String-format Key box.  Check the SHA-1 box then press the Calculate button for the unlocking password to be computed using the HMAC-SHA1 algorithm.

 

When the HDDKey value is changed to the same value in multiple consoles, the password is no longer unique to each Xbox. All Xboxes with the same HDDKey (oops, HDKey) value now compute a password unique only to each hard drive.

 

The HDDKey value is stored in the Configuration EEPROM encrypted with an RC4 key.  The RC4 key is stored in the 512-bytes of the MCPX's hidden boot block which a portion is also encrypted.

See Matt Borgerson's webpage for more info:

• https://mborgerson.com/deconstructing-the-xbox-boot-rom/