In this article we will talk about Microsoft's last hope - protection AP 2.5 . Interesting Facts and useful things that are good for all of us - users of firmware consoles - to know! What surprises await us in the future and how it works this system!? This is exactly what we will try to talk about...
AntiPiracy 2.5 (AP 2.5)– a copy protection system for XBOX 360 game discs. It is based on identifying the original structure of the licensed disc by comparing delays when moving from one sector to another (in theory, this looks like measuring the angle between sectors - discussed in more detail below) with reference values taken from a specific batch of disks at the factory.
The fact is that when producing the original Xbox 360 disc on industrial equipment, a unique structure of the physical distribution of data on its surface is specified. On the home “cutter”, this structure The media cannot be reproduced exactly because when recording, all sectors are written sequentially, one after the other.
First of all, this protection system is aimed at recognizing the modified firmware of the drive in the Xbox 360. Since only in the case of identifying a game disc, but refusing to issue AP 2.5 data, we can state with 99.9% confidence that a regular cut disc is being used, and in drive has modified firmware.
When this event occurs (the checks fail, the drive returns empty values), the Xbox 360 writes a label to the secdata.bin file X-Value – Failed AP25 Challenge. That is, Xbox becomes a candidate for a “ban” in XBL. But this does not mean an immediate ban when logging into Live! Since November 2009, the consoles that were not “distributed” are still working online!
Otherwise, if the drive firmware is factory firmware and a self-written disk is inserted, the test simply will not start.
Autumn 2010
Officially, Dashboard 2.0.12611 (unofficially from beta 2.0.12416), released on November 1, initiated the AntiPiracy 2.5 (AP2.5) check for the first time. Then, upon startup, the message “The disk is unreadable” appeared on three games: Assassin's Creed: Brotherhood, Need for Speed: Hot Pursuit, Fable III.
The new Dashboard initiated as many as 13 (!) additional disk checks before launching the game as part of AP 2.5 protection. If the checks fail (the drive returns empty values), then the modified firmware is guaranteed to be used and the console is marked as Failed AP 2.5 Challenge. Checks can be presented in the form: “question-answer”, “question-answer”, etc. All questions became known when studying the structure of the defense. But answers can only be obtained from the original disc of the game itself. To complicate the security analysis, these “question-answers” are also encrypted using AES encryption. Naturally, since checks were never carried out, only service sectors and game data were “removed” from licensed disks.
At the end of November, C4eva figured out how to bypass AP 2.5 protection - modified LT+ drive firmware appeared. The bottom line was that the drive would wait for AP 2.5 “questions”. And if any appear, then the “firmware drive” takes “answers” from certain, previously known, sectors on the disk. If the drive does not find any “answers,” it will freeze the drive to bypass the Failed AP 2.5 Challenge entry. Instead of the game, a black screen will appear, if the console is not turned off, after 3 minutes it will still leave a note Failed AP 2.5 Challenge in secdata!
On this moment, the process of removing AP 2.5 responses is owned by C4eva and K3rn3l. They “record” these responses and record them in the very places from which a modified LT+ drive can easily take them. Those same PATCHES for AP 2.5 disk images are the set of the very answers that the dashboard will “feed” so that it thinks that it has been inserted licensed disk.
I would like to note that AP 2.5 checks are removed almost exclusively by a narrow group of people. This is where most of the problems arise, namely with the release of patches for localized versions and different regions. That is, first a patch is released for the most common, for example, English Region Free image. In our case, the release date of the patch for the Russian PAL version, for example, Modern Warfare 2 or Black Ops postponed for an indefinite period of time. The bottom line is that to remove AP 2.5 responses K3rn3l'u and C4ev'e require an original licensed disk. That is, the whole paradox is that in order to play an AP 2.5 game on the latest version of Dashboard, you need to buy a license, send the disk to the authors and wait for the patch to come out, after applying which you can play on a homemade disc.
K3rn3l and C4eva do not want to disclose the method for removing AP 2.5 responses, citing the fact that if the method becomes widely known, Microsoft will try to close the vulnerability they found. Accordingly, in the future you may be left without AP25 patches altogether.
An attempt to apply damaged/incorrect patches that do not match this Media ID may result in the X-Value – Failed AP25 Challenge flag. Output of incorrect AP 2.5 responses is equivalent to no AP25 responses. The game still won't launch.
Support AP 2.5 drives:
Checks supported: LiteOn, BenQ, Hitachi 78/79
Checks not supported: Samsung, Hitachi up to 59 inclusive.
Every Xbox 360 (since 2007) is supplied with information at the factory about which drive it was released with. The OSIG section specifies the drive model and its firmware version. Spoofing is when a “non-native” drive is installed, which pretends to be “native”.
To successfully pass AP 2.5 checks on “non-native” (spoofed, substituted) drives, several rules apply.
Rule 1. You cannot use a drive without AP 2.5 support instead of a native drive that supports AP 2.5 (the set-top box will send requests, the drive will not be able to respond to them).
Rule 2. Instead of Hitachi with AP 2.5 support, you cannot install LiteOn (due to the features of the LT+ firmware)
Support for issuing AP 2.5 responses was introduced only from version LT+. All previously released drive firmware versions do not support issuing AP 2.5 responses, respectively An attempt to launch AP25 games on early versions is doomed to failure and a possible ban later.
TableDAE
The DVDAuthEx (DAE) table appeared with 12416 beta versions of Kinect-Dasha. It is located in the NAND console in the DAE.bin file. It provides a list of Media-IDs of all versions of AP 2.5 games. Each regional instance contains the necessary information to pass AP 2.5 checks. This table is used to compare the results of the drive responses to the AP 2.5 test. Each regional instance of the game with its own Media ID is unique and contains unique AP 2.5 responses. For each specific game there are about a dozen different regional Media ID instances.
Example challenge – test example, PSN1 and PSN2 (PSN – Physical Sector Number) numbers of sectors between which the measurement is made, Target Angle – obtained angle value
At the time of writing - latest version Dashboard 12625 contains 101 Media IDs, 40 of which are generally unknown and may be assigned to future games. Currently, each Media ID contains 13 checks. But the total number of possible checks is 50. Therefore, at any time, Microsoft with a new version of Dashboard can increase both the number of supported Media IDs and the number of checks. Thus, even images “patched” for LT+ that work now may no longer be relevant in the near future. Everything will depend on how aggressively Microsoft implements AP 2.5 checks.
General operating principleAP 2.5
You insert the disc into the drive. operating system XBOX 360 performs initial disk identification. The disk is pre-checked, namely, the disk files are checked for compliance with the original ones. If the verification fails, the console displays the message “Start game”, but the game logo is not shown. After passing the pre-check, the name/logo of the game appears in the “open-close tray” field. At startup, game disc authentication is activated. At this moment, if this Media ID is present in the DAE table, a series of angle measurements are taken between specific sectors. The values received from the drive are compared with the reference ones in the table and if the values match, the game starts. In practice, all this takes a few seconds and is carried out unnoticed by the user.
In general, the principle of measuring angles to unambiguously determine the authenticity of a disk has been used since the days of floppy disks. A similar protection principle was even patented by a Russian developer called StarForce.
The spiral track of laser discs is very similar to a gramophone record, only it starts not from the outside, but from the inside, that is, it is wound from the center to the edge. The laser head, held in a magnetic field (much like the voice coil in speaker systems is held), moves on a sled across a spiral track. The track itself consists of data sectors and subcode channels. Sector numbers are located both in the headers of the sectors themselves and in the subcode channels “smeared” along the spiral track. For rough targeting of the required sector, sleds and subcode channels are used, and for precise targeting, deviation in the magnetic field and sector headers are used.
You can’t just take and measure the structure of a spiral track, but you can do this. Let’s say the head reads sector X, followed by sector Y. If the angle XOY formed by the center (O) of the disk and sectors X, Y is ~15 degrees, and the sectors themselves are located in adjacent turns of the spiral track, then the drive will only need just tilt the head a little and in a moment sector Y itself will fall into his hands, like an overripe apple - the disk rotates! If the angle is less than 15 degrees, then during the movement of the head the Y sector will already “float away” and the drive will have to wait a whole revolution of the laser disk!
When the angle between sectors X and Y is ~15 degrees. when moving to the next turn, sector Y immediately “flies up” to the optical head (figure on the left), with a smaller angle value, sector Y manages to float away and the head is forced to wait a whole turn.
Thus, by measuring the reading time of various pairs of sectors, we can approximately determine their relative position on the spiral track. Each batch of disk will have its own (after all, the density of sectors per 1 mm and the steepness of the spiral are not the same and vary from batch to batch). To combat read-ahead (which plagues many drives), the protection must read sectors in descending order of their numbers. It must also measure the speed of rotation of the drive in order, firstly, to determine the constancy of time measurements (whether they are dancing like drunken little men or not), and secondly, to adjust the formula for calculating the angle, because it is easy to show that the faster the disk rotates, the faster The sector “floats away”.
It is believed that AP 2.5 also includes a more complete OSIG (Original drive Signature) identification. Apparently this is due to the fact that different models drives produce slightly different command data. Based on these data, it is apparently possible to track whether the drive in the console has been replaced or not. But in practice such checks can be carried out in XBL. Offline, only the presence of AP 2.5 support is determined.
Hacking theories
Let us once again return to the fact that in order to remove AP 2.5 responses from K3rn3l and C4ev, an original licensed disk is required. That is, it is not yet possible to remove AP 2.5 responses directly from Nand. The data is encrypted to the maximum. It is not entirely clear what method they use. But the requirement to remove the original disk indicates some possible interception. On the other hand, the authors do not want to publish the method due to the fact that supposedly disclosure would entail closing the “holes” used for interception.
1. Directly from the Dashboard using any debugging applications signed by Microsoft for testing, analyzing logs, etc.
2. Theoretically, it is possible to use a certain device, something like a SATA sniffer, connected in series between the drive and motherboard XBOX 360.
3. There is a possibility of data being intercepted from the RAM drive, but again, this is all guesswork.
In conclusion, I would like to note the following. If Microsoft begins to completely implement AP 2.5 checks on all disks, K3rn3l and C4eva will not be able to effectively remove AP 2.5 checks from hundreds of disks. Accordingly, either we will get a withdrawal method or the last bastion of independence will remain PHAT-freeboot. There is, of course, a cosmic theory that someday they will hack digital signature Microsoft and then we will get a complete collapse of XBOX 360 protection.
Materials, statements, FAQs and chat remarks were used in compiling the material:
Commodore4eva, K3rnel, Dofosho, from the Russian community I would like to thank HOMiE7 And RichY, and Chris Kaspersky aka mice.
So you have become the happy owner xbox games 360, and now you are faced with the question of how to copy games to the console, because it is expensive to constantly buy expensive discs, and on the Internet there are so many opportunities to copy your favorite entertainment for free.
You will need
Instructions for copying games to xbox 360.
Posting sponsor P&G Articles on the topic "How to copy an xbox 360 game" How to run games on ps3 with hard drive How to set up a webcam on a laptop What to do if the mouse doesn’t work
Instructions
You can install games on your hard drive so that the drive does not overload, you do not hear noise from the drive, and load the game faster, but for this you will definitely need a disk for the game console drive. Let's look at how to install the game, ignoring this requirement.
Copy the CloneCD program, preferably new version programs. Then we perform the installation and select “Read to Image” in the window that appears. Next, select a drive suitable for creating a copy of the disk. Click the "Next" button, a path selection window appears, set the path you need, you can rename the file as desired - the main thing is to keep the correct extension.
Then click the "Save" button. Since you previously selected the save path, click “ok”. We wait for the time required to create a copy, on average it takes about 10-20 minutes, determined by the read speed parameters of the drive. The best speed for copying a 2.4 disc - it allows you to most likely avoid errors; the higher the speed, the more likely the possibility of errors or longer loading times for the game.
Now we’ll find out how to copy an image with an xbox 360 game. Determine the type of drive you have; to create a copy you will need a writer; all new models have DVD+R, which allows recording. If you have specified type DVD-R drive– it will not work in writing mode. To record, you will need to additionally select a drive model.
There are several major manufacturers of drives built into game consoles, some of which can play burned discs, others not. Let's look at their characteristics:
- Samsung, BenQ allow you to burn almost any disc and reproduce information without difficulty;
- Hitachi, if the drive model is outdated, you need to use only Pioneer 109-112 for recording, it will not be able to play discs recorded on other drives.
All specifications determined, now take a double-layer disc that matches the markings of your drive, find the image with the game - it consists of files with the extensions .iso and .dvd, and then record according to the instructions specified in point 1.
How simpleOther news on the topic:
Surely you already know that you can not only buy discs with games, but also burn them yourself, and this applies not only to PC games, but also to console versions, for example, Xbox. All you need to know is how to burn an image to a blank disk. You will need - software
Many creators computer games implement certain protective systems. Some of them do not allow you to run the game without the original DVD inserted into the drive. Sponsored by P&G Articles on the topic "What to do if the game requires a disc" How to run the game iso image How to download
Disc images are often used to install games. This is a special file format that replaces a regular disk. Disc images are created if the computer does not have the ability to run a game disc using a drive (when, for example, it is faulty or missing). You will need - Computer;
Most games that are released now have a copy protection system. The main type of protection is the impossibility of starting the game without the original disc in the computer's CD drive. But this type of protection can be bypassed. You may need to unlock the game if you want to give
Xbox 360 - game console from Microsoft, which is the main competitor to Sony Play Station consoles. In addition to its main purpose - connecting to TV for games, it also provides gaming via the Internet and supports downloading content. You will need a computer with a writing
Having found a game that you want to download to disk for xbox 360, you may encounter image files. In the usual way You can rewrite them, but they will not be read by the console. To display the game well on the Xbox 360, you need to correctly transfer the image files. You will need a DVD+R DL disc
- Settings and select System.
- Select Storage.
- Select the storage device that contains the content to copy, move, or delete.
- HDD . Your console's hard drive.
- Cloud Saved Games. Storage space on Xbox Live servers. Additional information see section Placing saved games in cloud storage.
- Memorable device USB. Memorable USB device, such as a USB drive connected to the console. For more information about USB flash memory devices, see USB storage support for Xbox 360.
- Map memory. Memory card inserted in previous version Xbox 360 consoles.
- Select the type of content you want to copy, move, or delete.
- games and applications
Notes
- Saved games can be copied or moved from one Xbox 360 console to another. There is no need to repurchase the game or download it to another console.
- For tips on solving problems with PC games, see Improve PC gaming performance and stability.
- Player Profiles
Note. For instructions on making changes to your profile, see the section.
- Demos
- Video
- Player pictures
- Avatar elements
- System elements
- Music
Move multiple items at once using the Move Content command
This feature allows you to move groups of items between storage devices. You can do this as follows.
Notes
- The Xbox Dashboard is unavailable during a transfer.
- If the content transfer is interrupted for one reason or another, the content on the original storage device remains unchanged and the transfer can be restarted at any time.
- If you purchased a new Xbox 360 console, you can use the Content Transfer feature and the Xbox 360 Hard Drive Data Cable to transfer content from your Xbox 360 to your console. For more information, see Using a Hard Drive Data Cable for Xbox 360.
- On home page Xbox go to section Settings and select System.
- Select Storage.
- Highlight the storage device that contains the content you want to transfer, and then press the button on your controller Y to open Device Settings.
- Select Content transfer.
- Select your target storage device.
- Select the type of content you want to transfer, and then select Launch to start transferring.
- Select the type of content to be transferred.
- On your controller, select any of the following options.
- To remove all items click X.
- To remove individual items:
- click A to view the items.
- Select an item, then click again A.
- Click B to return to the previous screen
- Select Start to start the transfer again.
The "Space Available" indicator changes color to red. If the target storage device does not have enough space to accommodate the content, the indicator color Available places will change to red, indicating that you need to reduce the amount of data being transferred. You can do this as follows.