XBOX
EVOLUTION
Locking a replacement Hard Disk for the
Xbox (v0.1)
Tutorial written by : -opjose
The OEM Xbox hard drive comes from Microsoft in a locked
condition. This is a privacy mechanism which was intended
to prevent you or hackers from looking at the contents of
the original disk.
If you place the OEM drive into a PC, the PC bios will be
unable to unlock the drive, and the drive will not enter a
ready state that the PC can deal with.
It should be also noted that if the drive were to be unlocked
the PC would still not understand the drives formatting mechanism
so it would still be unable to display its contents. Even
imaging programs such as Norton Ghost will fail to read or
duplicate the drive.
Why lock (or unlock) the drive?
If you elect to put a new hard drive in your Xbox you MUST
first already have a mod chip in the machine that
supports hard drive swapping.
The normal bios and first and second generation mod chips
were never designed to support drive swapping. The original
unmodified bios code for handling the drive is contained on
those bios chips.
As you will see later, locking a drive requires that the
Xbox be first able to utilize an unlocked drive.
As a result DO NOT proceed unless you know that your bios/mod
chip already supports hard drive swapping.
If you have a mod chip and replacement bios which does support
the hard drive swap there is no immediate compelling
reason to lock the hard drive. Your Xbox will actually operate
just fine with the replacement drive.
It has also been found that XboxLive works quite well with
modified Xboxes, though there are some dashboard issues which
I will not cover here.
This being the case, why are you still reading?
Probably because you are a bit paranoid and believe that
you MUST put the Xbox back into its pristine state to
get XboxLive to work. You dont really have to though.
You may also have a Matrix type Mod/Bios chip and want to
utilize the dual boot function that makes your machine revert
back to the original BIOS. You could merely elect to disable
this function by setting the chip to mode 2 that
always keeps the flashed bios on.
What does locking accomplish?
Locking the drive permits the Xbox to utilize a replacement
drive in the same manner as an OEM drive. During startup,
the original protected bios will temporarily unlock
the locked drive during the boot (flubber animation) phase
and be none the wiser. When the unit is powered off, the drive
goes back into its fully locked state.
With the original BIOS enabled, any additional space seemingly
disappears. As far as the Xbox is concerned it is still running
on an original 8 gigabyte hard drive. You do not loose the
information contained therein though!
This may be a very good thing down the road if the powers
that be decide to implement something new.
When used in combination with the Evolution-X BIOS releases
such as Evo 2.x,ybox or Evo 2.x,evox, locking the drive permits
you to quickly switch between a virgin Xbox and
a wide open device.
What is ybox?
The normal OEM Xbox BIOS initializes and unlocks the hardware
upon startup and then attempts to launch a user interface
from the C:\ partition on the OEM hard drive.
This interface is what you see once the Xbox is fully operational.
It is the green control panel that comes up if
there is no DVD game in the machine after it is turned on.
This interface is referred to as the dashboard.
The name of the file that contains this program is called
c:\xboxdash.xbe. An XBE file is an Xbox Executable
program.
The ybox bios has an additional modification in it which
causes it to instead look for and use a file called c:\yboxdash.xbe
instead. If you have one of these bios/mod chips you can then
install the Evolution-X dashboard to the hard drive with the
name yboxdash.xbe.
So if you have a hardware switch or a Matrix Mod set to enable
multi-boot, it is possible to quickly flip between the original
protected BIOS and dashboard, or the unprotected bios and
the evolution-X dashboard. Cool huh?
A bug in the ointment.
However there is that one bug in the ointment, your replacement
hard drive!
When you boot up the Xbox using the original bios, with a
replacement but unlocked drive in place, you will inevitably
see the your Xbox needs servicing message.
This is because the bios attempts to unlock the drive with
a UNIQUE code and expects a reply from the drive indicating
success. If it does not get the reply the Xbox assumes that
something is wrong with the drive, shuts everything down and
issues the error message.
The Lock codes
The OEM bios generates the unlock key on the fly.
That is it generates a unique key or password which is dependant
upon several things.
This password is generated by looking at your Xboxs
unique serial number, configuration, revision level and the
information obtained from the currently installed hard drive
itself.
This in turn means that you cannot simply use a password
from another drive or Xbox when locking a new drive. Instead
you must figure out what the Xbox is going to use as an unlock
password for your new replacement drive.Fortunately the Evolution-X
hackers gave us a wonderful tool to do this very thing.
This tool is built into the Evolution-X dashboards
backup command. The backup command
figures out what password the Xbox will use to unlock the
currently installed drive. It places the password/key into
the C:\Backup directory in a file called hddinfo.txt.
This is why Evolution-X must be installed and running on
the Xbox and drive that you intend to lock first.
What do I need?
Before proceeding be aware that you will need the following.
* A working modified Xbox with a replacement hard drive ALREADY
installed.
* The Evolution-X 1.8.2xxx dashboard installed to the Xbox.
(note if you are using 1.8.4xx you are using an old version!)
* A PC that you can open and access the IDE cables. (not all
PCs work however!)
* Some floppies
* ATAPWD.EXE (found here)
* HDDLOCK.EXE (found here)
* FlashXP
* A working network configuration and you should already be
able to have your PC talk to the Xbox.
* Tools to open the Xbox and remove and re-insert the drive.
* Berg Jumpers for the Cable/Select Master/Slave configuration.
Locking the drive
Start by making sure that you can access the Xbox via your
Network. Also be sure that you have a working bootable DVD/CD-RW
that you can using to access the Xbox if you make a mistake.
If you ever accidentally make a mistake in renaming a file
or in the evox.ini file youll need this disk to recover
from problems.
You should also have a full backup of the C: & E: partitions
of the Xboxs hard drive for safety.
I cant stress this enough! Burn it to CD and put it
away.
Since the new password file for the hard drive will be written
to the same folder Evolution-X is initially run from, Evolution-X
itself must be booted from the hard drive. You cannot use
DVD/CD-RW.
With Evolution-X installed, select the Backup
command from the menu. You will see a sideways smiley face
to let you know that the files were created in C:\Backup.
Use FlashXP to copy over the C:\Backup\hddinfo.txt file to
your PC and print it out. Youll need the hardcopy later.
The file will look something like this:
Disk Serial Number : "WD-WMA8C1313646"
Disk Serial Number : "WDC WD1200JB-00CRA0"
HDD Key : 65:fd:29:ca:25:4d:78:cb
f4:41:f7:b8:c3:69:15:0f
dd:dc:97:a9:00:00:00:00
00:00:00:00:00:00:00:00
On the page you printed write down the HDD Key numbers in
this format:
65fd29ca254d78cbf441f7b8c369150fdddc97a9
omitting the zeros and the colons. This is the actual password
that the Xbox will use to unlock the drive, and that you need
to utilize to lock it with.
Shut off your Xbox, unplug it and remove the hard drive from
the machine carefully. You should already know how to do this.
The drives arrive from the factory jumpered for cable
select. Make a note of how your working drive is currently
jumpered as you need to restore the Berg jumpers back to the
same settings.
On your PC create a DOS floppy boot disk, preferably using
Windows 9x or below. Make sure that there are no IDE/CD or
SCSI drivers installed and that Himem.sys and any other memory
managers are not on the floppy.
Copy the following files to the floppy.
ATAPWD.EXE
HDLOCK.EXE
HDUNLOCK.EXE
There should be ample space left over for text files on the
floppy when you are done.
Connect the drive you removed from the Xbox to your PCs
PRIMARY IDE channel. You may want to remove your existing
drive from the IDE cable for safety.
If you have no other drives on the primary channel cable,
jumper the Xbox drive to be only drive or no
other drives present. If you do have another drive on
the IDE cable jumper your new drive to be either MASTER/with
slave present, or Slave accordingly.
Dont forget to provide power to the drive.
With the drive installed boot your PC up from the floppy
you created.
ATAPWD
At the DOS prompt type ATAPWD.EXE
You will see a nice screen listing the detected drives on
your system. At the far right you will see a column with the
heading:
S E L F X V
Under each letter you will see either a plus sign +
or a minus sign -.
Verify that the S has a plus sign under it and
that the ALL of the other entries are minus signs. If you
see a plus sign under the F this normally indicates
that your drive arrived frozen from the factory
and it cannot be modified. This is extremely RARE.
If you only see a single minus sign under the S
and nothing else, then your hard drive does not fully support
the ATA command set. E.G. it is not an ATA66 or better hard
drive and is too old to use.
Any other combinations indicate that your motherboard may
not be communicating with the drive properly and you may need
to perform this procedure on another computer.
Exit out of the ATAPWD program and return to the DOS prompt.
HDlock
At the DOS prompt type HDLOCK.EXE
The detected drives will be listed.
Select your Xbox hard drive by pressing 1 or 2 accordingly.
You will be asked for the PASSWORD to use to lock the drive.
Enter the password in the format you wrote down before. Double
and triple check your work before you hit the enter key.
In this case I would enter:
65fd29ca254d78cbf441f7b8c369150fdddc97a9
Note that it IS- case sensitive and you should be using
all lower case.
Also if you make a mistake DO NOT try again, read below.
If the drive accepted the lock command, you will receive
an acknowledgement and will be returned to the DOS prompt.
If it failed you will either see a drive not ready
message or command not accepted or something similar
as I do not remember the exact error message.
In any case DO NOT run this program again. Each time the
program runs it creates a new text file called hddpw.txt on
the floppy. This contains the password that the program thinks
you entered.
Copy or rename this file before attempting to run the program
again!!!
After locking the drive you can run ATAPWD again and verify
the USER LOCK status. Normally the E and/or L
will show a plus sign if properly done.
Note: This procedure seems to be very picky about the motherboard,
bios and version of DOS you use. I have been unable to get
it to work on some Intel 850 and 845 Pentium 4 motherboards,
while others report success.
I ended up resorting to utilizing an old Gigabyte 440BX motherboard
before I observed the correct results.
PRINT OUT the locking password and TAPE it to the drive for
safety (just do not cover any air holes or you will ruin your
drive).
Re-installation
Remove the drive from the PC and put your computer back together.
Jumper the new drive back to CABLE SELECT and re-install
it into the Xbox.
Verify that your Xbox boots with the mod chip after locking.
If it does you should actually be ok.
Verify that the default Microsoft dashboard is named xboxdash.xbe
and switch off your mod chip or restart the Xbox using the
eject button.
Your Xbox should boot up to the Microsoft dashboard while
utilizing the OEM bios now.
Congratulations youve fooled the security mechanism.
Tutorial written by : -opjose
The Hottest DCEmu Posters
|