Jump to content
OGXbox.com

Just being curious - i´m struggling with the "Hotplug"- Method


Stef
 Share

Recommended Posts

Just being curious -  i´m struggling with the "Hotplug"- Method in combination with an rather old USB IDE Enclosure (i suppose its from the early XP Times).

Things i´ve done so far: While the XBOX HDD (WD80 with 10GB) is attached to it, things get extremely worse on my W7/Linux-PC. Its shown in the Device Manager/Drives as WD80, but not via WMIC, so Tools wont´t find the HDD at all. Hdparm (here /dev/sdc) would not resume and stalls the entire System. W7/Linux won´t shut down as long the Enclose is attached, neither does the PC boot (BIOS ginves me a B4 error, means USB Hotplug error). As soon as i power off the Enclosure/remove it, things will resume. Same happens when the drive is unlocked by the XBOX and hotswapped. But every other IDE drive in the Enclosure works fine.

I understand that ATA Security could probably stall that old the Microcontroller in the Enclosure (somehow a 7.5 MHz RISC Controller), but i think as soon the drive is unlocked, this shouldn´t be a problem at all. -Or- the MC somehow resets the HDD again before it tries to obtain the drive data and the HDD is falling back to the point where ATA Security gets in Place, but i think the controller might have at least the ability to read out the drive data (Brand, Name etc) . Of course the Enclosure has always power while Hotswapping. Removing the jumper on the HDD (from Cable Select to Master) doesn´t do it.

I got the Key for the HDD via my logic analyzer and its I2C Protocol Analyzer (Key has to be tried out).

If things get completely worse, i could try to program an MC by myself and attach the drive to it in order to unlock it via Serial Commands (and remove the lock permanently, as well lock it again). But i think thats too much work. Done a AVR IDE/FAT32-Driver more than fifteen years ago (of course sources are lost by now), but somehow i won´t fiddle around again for only one purpose. 

I have another Seagate Spare IDE drive with 20 GB, which i could fit in the XBOX and try it to lock via the enclosure (if it does accept the command), but idk where or where to obtain the neccessary OS-files (including Softmod and the ability to connect to the XBOX via LAN/FTP, as well as a driver, wchih allows Access to a USB-Stick attached to a mechanically modified controller port). I understand that there have to be at least two Partition, C and E, but idk which FS (xfat?) etc.

Any help is greatly appreciated !

Best regards

Stef

 

 

 

 

 

 

 

Edited by Stef
Link to comment
Share on other sites

Finally got access after another seval tries of hotplugging - and i was able to transfer its contents. Idk what was going on. The wmic diskdrive command initially didn´t show the drive at all (but was listed as WDC80 in the device manager); Linux assigned /dev/sdc, but i wasnt able to communicate properly with it by using any drive-related shell command.

Meanwhile i was also able to get the contents of the EEPROM by using Arduinoprom. a 1284P and an USB-FTDI232 & a MAX232, but i also had some issues here. The logic Analyzer showed activity on both SCL/SDA and RX/TX, the AVR was able to communicate with the EEPROM properly and transferred the final readout, but the Python-Script didn´t receive any data; because the FTDI (or its driver) didn´t seem to flush the RX-Buffer properly / in time; that happened both at W7 and Linux. Issuing several times the read-command directly to the 1284P also resulted in no response, unless the Com-Port was reopened several times, then data came in.

So the way to go was to save the analyzed and processed TX capture Data outgoing from the 1284P as csv and convert it into a binary file.

Some of those USB-adapters, expecially the CH341, show sometimes a strange behaviour. Here the CH341 could also easily trigger a BSOD, when it shows signs of being unresponsive - for example while programming an 8051 for x times; then it suddendly hangs within the programming process and after that the adapter being unplugged and reconnected manually - BSOD. Even a reboot would then result into a BSOD, unless the Computer  is restarted in safe mode and anything CH341-related is removed from the device manager, including the driver . I´ve never checked out the reason, but it guess must have something to do with the Buffer.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


 

Link to comment
Share on other sites

Just anther question, since XBOXHDM23USB / QEMU wont launch  - is it neccessary to unlock the drive once again inside XBOXHDM.bat / unlockhdm.bat? My USB Enclosure with a Genesys Chip wouldn´t support that at all anyway, as it is listed as an unsupported device for smartctl.

It is listed as \\.\PHYSICALDRIVE2. Using a modified launch.bat / launching QEMU directly in the commandline would result into nothing, it falls straight back to the prompt, it wouldn´t even create a log by specifing the "-D -Parameter" removing the entire -hda \\.\PHYSICALDRIVE2 Paramter results in a working QEMU, but of course without the Physical drive.

Has anyone tried to launch the System via VirtualBox (there it is also possible to attach a Physical drive to it) and is there a Virtual HDD-image available?

 

 

 

Link to comment
Share on other sites

64-Bit-Windows. I´ve got QEMU running under Linux, did everything as i should, formatted and prepared the HDD, wrote back the C : and E: Folder, but now the XBOX throws an red/green error error (can´t see which one because it switches to 60Hz at that point). The only thing i know is that QEMU throwed some "Invalid File Name"-Errors in the shell. I did not made a diff between the original C and E folders; the only thing i know, is that the summary of the C Folder is a few MB larger than the original one.

Will try to copy back the files with FatXplorer and see how it is going on from there.

I suspect that the process of softmodding is by adding/replacing files in the C  Folder - is there a way put them there directly into there or is the way going over XBOXHDM the only one? Is there anywhere an Archive which contains the C and E Folders, in case something is wrong with the backupped files?

 

 

Link to comment
Share on other sites

Found it, copied Rocky5s XBHDM / C Folder onto it, but i have no Video anymore after the Splash Screen (remember: I only have Composite output). So i guess that i have to switch in config.xml from Use480P to USEPAL60 ?!?

 

Edit: Which does not work. It slowly gets quite nerve-wrecking, considering that i have to reboot the XBOX and reattach it to the enclosure several times (ten times is nothing) only in order to get access to the HDD 😞 . The worst thing i´ve made was to throw away my Pentium 200, he would be a great help now.

Edited by Stef
Link to comment
Share on other sites

Edit2: It´s a black screen. It doesn´t look like its decoupling the composite output at all. I am not quite sure if i miss something or done something wrong at all regarding the files i´ve copied onto C. It only contains the Rocky5 C-Folder (\Xbox-Softmodding-Tool-master\Xbox-Softmodding-Tool-master\Installer Variants\XBHDM Build\C), copied over to the C Drive, nothing from the original files exist anymore, but the root folder shows at least the xboxdash.xbe. -Or- does this Folder needs to be merged with the Original installation?

 

Edit3: Unplugged the IDE Cable so many so times that the connector finally got loose, need a new cable by now. I will order a new one including a real SATA/IDE-Adaptor - this Enclosure Solution isn´t the way to go. Maybe i would get access via FTP, but the small HDD won´t do it at all and i need the ability to lock/unlock a drive anyway.

Edited by Stef
Link to comment
Share on other sites

Anyone already tried this Adapter in terms of being able to lock/unlock the drive (its quite cheap and seems to be versatile, even in terms of adding SATA/SSD to the XBOX) I know there is a thread which show some compatible Adapters, but its quite old by now.

Preobrazuvatel-ATA-kam-SATA-i-SATA-kam-A

Link to comment
Share on other sites

56 minutes ago, Stef said:

Anyone already tried this Adapter in terms of being able to lock/unlock the drive (its quite cheap and seems to be versatile, even in terms of adding SATA/SSD to the XBOX) I know there is a thread which show some compatible Adapters, but its quite old by now.

 

That adaptor is for a single IDE drive to Sata port on a PC or a IDE port to a Sata HDD.

I have seen it use in a Xbox that was hard modded and the owner got rid of the DVD drive.

What version of Xbox have you got?

 

Cheers

SS Dave


Soft modding is like masturbating, It gets the job done but it's nothing like the real thing.

 

Link to comment
Share on other sites

Thank you - it's a V1.6 (MFD 2005). Yes, it would be great in first order to get access to the IDE HDD via SATA (to try things out) and later being able to add a SATA SSD to the XBOX. Price is around €9 (including shipment).

 

 

Edited by Stef
Link to comment
Share on other sites

Just another Question - is the LiveInfo "Unique HDD Key" equal to the HDD PW??

Edit - ok, it isn´t. Since i have the Serial and Model Number (the original XBOX HDD is currently connected directly to a Microcontroller), its there any tool that allows me to key in those parameters directly, in order to form the PW in combination with the HDD Key - instead of having a physical drive attached?

Edit#2, ok found a site to generate the HMAC-SHA1-Hash out of the Serial&Model&HDD-Key, but apperantly this doesn´t work either for the moment. Idk if the Serial Number needs to be used -entirely- over all 15 given Places or, according to the ATA-Spec only 9 Places - and if the PW needs to be placed as hex values into the transmit buffer (placed @ word 1 and onwards , Word 0 shold be either filled with 0/1 (user/master PW)) into the - or as bare Text in hexadecimal notation. 

Edited by Stef
Link to comment
Share on other sites

1 hour ago, Stef said:

Just another Question - is the LiveInfo "Unique HDD Key" equal to the HDD PW??

 

Yes.

I would suggest you save a copy to of that file to your PC..

 

Cheers

SS Dave


Soft modding is like masturbating, It gets the job done but it's nothing like the real thing.
 

 

Link to comment
Share on other sites

LifeInfo (not on the XBOX, its running locally on the PC)  has a section where it shows additional HDD Info (as soon as an IDE drive is attached and being recognized, but this is not the case) where a password is calculated out out the Model Number and serial number.  According to https://xboxdevwiki.net/Hard_Drive ,section Password algorithm, it tells that the HD Password is calculated out of the Unique HDD Key, serial number and model number. That is what makes me wondering.

I´ve used https://cryptii.com/pipes/hmac, combined both model and serial numnber into one String and used the unique hdd key to generate a SHA1-Hash, but that didn´t work either by now.

 

 

 

 

 

Edited by Stef
Link to comment
Share on other sites

It can not read the HDD key from the hard drive if that's what your trying to do, The key is stored on the Disk Plater and not on the HDD's PCB.

The way I understand it, If you change the HDD key in the EEprom while the hard drive is connected and unlocked it will then relock with the key you made and the most common these days is 32 X one (11111111111111111111111111111111)

I have swapped the PCB's between a unlocked and locked hard drive of the same model drives and the unlocked HDD stayed unlocked with the locked drive remaining locked.

The key that's saved on the HDD has to match what's in the EEprom in order to unlock.

 

Cheers

SS Dave


Soft modding is like masturbating, It gets the job done but it's nothing like the real thing.
 

 

 

Link to comment
Share on other sites

I was trying to unlock via the Microcontroller (by a simple connection directly to the HDD IDE Port, the XBOX isn´t involved) in order to get it into the unlock state via ATA-Command 0xF2. So i sent over a 512 Byte-Block containing the Unique HDD Key starting at Byte 2 (counting from byte 0), where Byte 0 and Byte 1 contain 0x00 to tell the HDD that i want to unlock by using the user PW.

Since this didn´t work out with the Unique HDD Key (as well not with the "WDCWDC..."-Master password, HDD always responds with "ABORT", which is an indication that the PW wasn´t accepted), i finally thought that the Unique HDD Passwort displayed by LifeInfo, in combination with the model and serial Number, has to be used to generate the final Unlocking password by using the HMAC-SHA1-Algorithm.

But if this isn´t the case, something else must be wrong, although the communcation itself with the HDD works fine.

 

 

 

 

 

Edited by Stef
Link to comment
Share on other sites

Fatxplorer beta v22 can unlock a Xbox HDD on a PC by trying the known passwords like the master passwords and others like the nulled keys and teamassembly plus some others or if you have the eeprom data for the Xbox it came from.

 

Cheers

SS Dave


Soft modding is like masturbating, It gets the job done but it's nothing like the real thing.
 

 

Link to comment
Share on other sites

You probably know that im still struggling with the external USB Enclosure thing which isn´t able to lock/unlock HDDs, because its Chip isn´t capable to do that 😞

The enclosure handles the disk fine - as long it was unlocked by the XBOX before. With one Exception - apart from mounting the partitions i cannot do anything with in FatXplorer, thats because smartctl cannot handle the chip in the Enclosure at all. So Locking/Unlocking via the PC -over this enclosure- isn´t possible at all.

So even -if- i use another HDD and set the EEprom-PW to all 1´s or 0´s, i would be still in need to lock the HDD - and a Modchip to override that isn´t on my list, because "technically spoken" i´d like not to spent a single cent for this thing - as long as it isn´t an absolute "must".  

So my approach was to use a separate controller and my knowledge to perform the unlock as well locking.

 

 

 

Edited by Stef
Link to comment
Share on other sites

On 2/23/2023 at 1:48 AM, SS_Dave said:

The way I understand it, If you change the HDD key in the EEprom while the hard drive is connected and unlocked it will then relock with the key you made and the most common these days is 32 X one (11111111111111111111111111111111)

I don't believe this is correct.  An ATA security command with the new computed password has to be sent to the hard drive to change the password.

Link to comment
Share on other sites

23 hours ago, Stef said:

Since this didn´t work out with the Unique HDD Key (as well not with the "WDCWDC..."-Master password, HDD always responds with "ABORT", which is an indication that the PW wasn´t accepted), i finally thought that the Unique HDD Passwort displayed by LifeInfo, in combination with the model and serial Number, has to be used to generate the final Unlocking password by using the HMAC-SHA1-Algorithm.

But if this isn´t the case, something else must be wrong, although the communcation itself with the HDD works fine.

You should only send the Unique HDD password.  How are you telling the command if the password being sent is the MASTER or USER password.  The Unique HDD Password computed by the Xbox using the Configuration EEPROM's HDDKey, HDD model and serial number is the USER password.

Link to comment
Share on other sites

3 hours ago, KaosEngineer said:

That value is the HDDKey stored in the Configuration EEPROM.  It along with the hard drive's model and serial number are used to compute the locking password.

If that's the case then there is no point on nulling the HDD password if the key is calculated using the drives serial number, The way I read is the hard drive key is calculated from the Xbox serial number and nothing to do with the hard drive's model and or the serial number.

As an example you can buy a fully loaded Hard drive online that's pre locked to a nulled key and drop it in any Xbox that has a nulled HDD key.

I might be wrong and misunderstood the whole HDD locking part as I only ever unlock after a hard mod if the customer has plans to reuse the original drive for something else.

 

 

Cheers

SS Dave


Soft modding is like masturbating, It gets the job done but it's nothing like the real thing.
 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

Board Life Status


Board startup date: April 23, 2017 12:45:48
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.