Anyone who’s owned a game console from the last couple of generations will tell you that the machines are becoming increasingly like set-top computers — equipped with USB ports, Bluetooth, removable hard drives, and their own online software repositories. But while this overlap theoretically offers considerable benefits, such as the ability to use your own USB controller rather than being stuck with the system’s default, the manufacturers haven’t always been so accommodating.
Take for example the removable hard drive of the Xbox 360. It was a bog standard 2.5″ SATA drive inside a fancy enclosure, but as explained by [Eaton], Microsoft went to considerable lengths to prevent the user from upgrading it themselves. Which wouldn’t have been such a big deal, if the Redmond giant wasn’t putting a huge markup on the things; even in 2005, $99 USD for 20 GBs was highway robbery.
So how did the drive lockout work? Genuine Xbox drives had an RSA-signed “security sector” at sector 16, which contained information like the drive’s serial number, firmware revision, and model number. The RSA signature would prevent tampering with the fields stored in the security sector, and you couldn’t simply copy this sector over to a blank drive, because when the console compared the data with what the drive self-reported, it wouldn’t match.
Of course, industrious hackers did eventually figure out some workarounds. A DOS tool called HDDHackr was created which would let you plug in whatever identifying information you wanted into drives from Western Digital. All one had to do was grab a copy of a security sector from the seedier parts of the Internet, spoof the values it contained to the drive with HDDHackr, and you were golden. There’s reason to believe Microsoft could detect this — hundreds or thousands of Xbox consoles phoning into the mothership with identical drive serial numbers was surely a red flag — but apparently no action was ever taken to stop it.
Later on, once it was possible to modify the console’s firmware with JTAG access, the RSA check on the security sector was patched out, basically allowing you to use whatever drive you wanted. But this is where Microsoft apparently drew the line, as modifying your console in this way meant you could no longer sign on to Xbox Live.
As an interesting side effect of being able to modify the security sector, [Eton] notes it’s possible to replace the Microsoft logo with whatever image you wish, which will show up on the console when you check the drive’s capacity. Why have a logo stored on the drive at all? He theorizes Microsoft may have planned to let third-party companies produce drives, in which case you’d have seen their logo instead. It’s only conjecture though, since in the end, Microsoft was the only company to produce drives for the 360.
These days, Sony lets you install your own M.2 SSD in the PS5, and even the traditionally tech-adverse Nintendo will let you store your games on generic SD cards. The situation hasn’t changed much for Microsoft though, as their latest Series X console uses custom NVMe-based storage devices that only Seagate makes. That said, they’ve adopted a considerably more enlightened approach towards letting the user run their own software on the console, which is certainly a step in the right direction.
31 thoughts on “A Look Back At The Xbox 360’s Hard Drive Security”
Ahhhh, the good “old” days, I remember how I made my 360 to accept a WD1200BEVS. And that hard drive still works, people tried to justify the official hard drives price saying they were expensive because they were more durable.
Wasn’t my experience, between red rings of death and failed disks I ended up with many an RMA for the 360 and more than enough time spent using a computer to clone a disk the 360 insisted was dead but still spun up and could be read… Can’t quite remember that adventure properly, just that it was a massive PITA at the time.
Microsoft went to considerable lengths to prevent the user from upgrading it themselves. Which wouldn’t have been such a big deal, if …
Of course it is a big deal.
The only reason for locking down the stuff in the first place is for extorting customers in this way.
I could half understand it from a support point of view. If you have 5 to 50 models of certified hard drives, from a support perspective is far easier to trouble shoot glitches than 5000 to 50000 (over the full lifetime of a generation of console) if you find a firmware flaw in one and want to centrally roll-out a global update. That is much easier when there are fewer qualified parts. And a big attraction for customers of consoles is that they are all basically the same, one game is not going to look better on someone else console of the same generation. Allowing any internal hardware changes may modify the performance profile for the better or worse. And if a drive uses too much power, that will generate more heat, and shorten the working life of the rest of the console hardware* to possibly be even shorter than the warranty.
They could have simply just added a seal, break it and the hardware warranty for the full console ends.
They do sell all consoles at a loss (except for Nintendo, they sell their hardware at a profit) making up the shortfall from licensing games and hardware add-ons, so in a way I also understand the exorbitant prices to a manufactured closed market. And I can even understand the reason they want to lock customers out of using “their” hardware, for anything that the console makers do not explicitly allow. There are some markets where there are higher import duties and taxes on general purpose computers than luxuries like consoles and other countries have the reverse (Sony PS3 used to have Linux for that loophole).
* If you flip the Arrhenius equation (The reaction rate doubles, when the temperature increases, for every 10 degrees Celsius**) on its head, you eventually end up with “every 10°C drop in temperature increases the life of electronics by a factor of two”.
** The Arrhenius equation is heavily used by silicon chip makers, those who want to fully remove early failures, the “infant mortality” section of the “Bathtub curve”. This is achieved by operating their chips inside ovens for a few days to weeks at high temperature to force chips to fail that would have failed in the first 0-12 months of operation to fault in a much shorter period (it is basically a form of super accelerated burn-in).
The fact that they never went after faked disc clearly point to the fact that one of the big driver for the protection was not to have to support random drive plugged… through selling accessory higher was definitely also on the plus side…
That’s easy to handle. You instead publish a list of supported drives.
Yeah; QNAP does it for their NAS appliances.
Admittedly, the ‘big’ enterprise storage vendors also do strange things to the commodity drive they put into their systems, like oddball sector sizes, (Netapp) their own firmware (also Netapp, but pretty much everyone), etc. But that I can understand, because the vast majority of their customers also buy support contracts for their stuff and generally don’t hack them.
The warranty seals are actually illegal or at least not enforceable in the USA so that wouldn’t have actually been a “solution”. (And honestly, I haven’t seen hdd firmware updates since early 20GB Seagate drives)
The thing to keep in mind is that initial product design starts about 3-10 years before it ships, so what was considered a good feature at the early stages, may not be by the time it actually ships.
There is a reason firmware updates do not happen as much theses days, the expectation is that you will store your data in the “cloud” or migrate it to newer media before it becomes corrupt.
Helium filled spinning rust hard disks are now a totally disposable item, 5 years is about the most that can be covered by warranty until the helium leaks away enough to in effect eventually vacuum weld the head to the platter. Most items are designed to be as good as they can be but for a limited lifetime (Which will long term ship more product). Solid state drives have a limited number of writes, every single read uses error correcting code to recreate the correct data from the “normal” corruption that happens (The number of electrons used to store information is getting fewer and fewer as the structures are getting smaller and smaller and the amount of information stored per cell is getting larger – ref: https://en.wikipedia.org/wiki/Multi-level_cell#/media/File:Cell_types_SLC-PLC_in_comparison_20211102.svg ). And if the error correcting algorithms used to detect and repair data corruption is offline/powered-off for long enough then the data becomes corrupt (putting in a freezer slows down the thermal electron migration/corruption – the way that flash/eeproms work is amazing similar to rubbing a balloon on your hair or onto wool fabric adds electrons to the balloon to build up a static charge just much much smaller – https://www.rfwireless-world.com/images/Flash-memory.jpg ).
HDDs have not been manufactured airtight or filled with helium for decades now – most will have a „breather hole” (often marked „DO NOT COVER”) with a particle filter in their top cover meant for internal pressure equalization. Otherwise air transport or operation at varying altitudes – both not unheard of for a HDD these days – would damage them.
@Joe – Hermetically-sealed helium-filled drives are very much being manufactured and sold today. See drives like the Western Digital Ultrastar DC HC560, a 20 TB data center drive, specifically the model numbers starting with WUH. The “H” stands for helium-filled.
My take on this is that there isn’t really a hardware warranty reason to block drives, the only issues would be with software. So, all that’s needed is a statement like this:
“We only test games on official hardware. Please understand that if you replace your hard drive we will not be able to support software problem reports unless you are willing to transfer the software to an officially supported storage device. Please understand that this is out of a desire to provide excellent support. We cannot predict the interactions of all the thousands of different speeds of hard drives in the market.”
I think that’s a fair shake for consumer and manufacturer.
Per model hard drive support?
It’s not like we are talking about the old days of MFM/RTL drives where every drive install had to start with a map of bad sectors, entering parameters and a low level format.
You plug a hard drive in and use it. What’s to support?
Oh, it looks like a hard drive error, let’s see what you have.
Oh, it wasn’t bought from us. You are going to have to contact the company you bought it from for support. Oh, they won’t talk to you because it isn’t under warranty?
Ok, if you would like we can sell you a new Microsoft drive. With express delivey you could be playing your game again this time tomorrow.
$$ – commission earned
Hardly. The average console gamer doesn’t want the headache of PC gaming, that’s why they got the console in the first place. So there’s value in offering known-good upgrade paths. Rather than spending half the night on some Internet forum trying to figure out what components will work with your system, you just go to the big box store and get the thing off the rack.
It’s possible to provide that service WITHOUT fleecing the consumer, but that’s not what happened here. The drives were sold for around 2x the going $1/GB rate for the time.
If you are a console gamer and don’t want the “headache” you still could have bought the “original” if paying double gives you some ease of mind. And you could do that even if the things were not locked down.
It’s also common to have “lists of approved & tested hardware”. Especially with Mobo, Processor and Memory combination this is common.
That leaves the door open to unscrupulous retailers selling “xbox compatible” upgrades, which turn out to not fully compatible when you get home and plug them in.
If the harddrive fails immediately you might realise it was a knock off and get your money back, but if it was (eg) a cheap harddrive that was really slow, it would work well enough that most people wouldn’t realise it was fake, and they’d blame Microsoft for “my games are slow to load”.
So part of the lockdown on upgrades is to guarantee a certain minimum level of quality, and to not tarnish MS’s name.
Supporting the basic user seems to always be the excuse for locking down hardware and dumbing down features. And it’s only an excuse because of exactly what you said, allowing 3rd party does not mean you can’t still sell official, supported, plug and play pieces.
There also is a great paper describing the original Xbox security and how it was eventually circumvented.
There’s also the book by bunnie Huang, which is excellent and available no-charge… Though it might be about the 360? Been a while since I read it.
You’re right. The book is “Hacking the Xbox” by bunnie, and also for the original Xbox.
Free ebook available at: https://nostarch.com/xboxfree
I used some Windows tools to mod a specific model of 500 gig Western Digital drive for an Xbox 360 Slim. Easy as could be, with a PC I set up just for HDD tinkering with the SATA controller set to legacy/IDE mode and running XP Pro 32bit.
That seems to be the only way any of these Windows HDD software tools can work. I used the same PC to easily remove a password from a 500 gig Samsung I removed from a free laptop a few years ago. Just got the right software, went to the security menu, clicked Remove Password. The software is Samsung specific.
The drive is now the system drive in a 2011 Mac Mini Open Media Vault 6 server.
I still have my 360 JTAG, it’s got a 1TB drive and a 64GB solid state. Unfortunately I believe the 360 is SATA 1, so the SSD can’t really reach its potential but was noticeably faster with larger levels (maybe 40 seconds load time down to 25). I didn’t know about the custom storage logo, I’ll have to try that sometime.
Fascinating to see how complicated things used to be. Given how easy it got with Xbox One, PS3 and PS4.
The logo is probably a demand from MS legal. With it they could use it to get images of drives removed from most file sharing websites.
That’s also the exact reason game boy games are required to have the Nintendo logo in them as a trivial form of CRC check.
It also doubles as copyright infringement if you’re not actually licensed by Nintendo and your caught selling the thing.
When was this check removed? I have installed hard drives on tons of Slims without knowing this, and not once have they complained of a non-retail drive. I even print the little trays for them
System update 17349 (4/30/2015) added support for external drives larger than 2TB, and support for NTFS file system. Internal drives still need to be formatted by the Xbox (FATX), and I don’t know if anything over 500GB will be recognized. Wouldn’t hurt to try.
>larger than 2TB
up to 2TB
“…it’s possible to replace the Microsoft logo… Why have a logo stored on the drive at all?”
I strongly suspect it was an attempt at DRM co-mingled with copyright. It’s long been legal to create compatible accessories/hardware/code, but it’s generally illegal to directly copy / include copyrighted information. By including a copyrighted logo, they setup a potential way to sue compatible third-party accessories out of existence.
Why was it never used?
Lexmark was sued by SCC for effectively the same practice, and it went all the way to the US Supreme Court. Lexmark lost.
My super-simple-and-non-expert understanding of the case: copyright can’t be enforced if the code was added strictly to prevent otherwise-legal bypass of DRM for compatibility of third party accessories.
I got into 360 hacking recently and I got my 360 rghd and it’s so cool, there are “stealth” servers which basically connect you to Microsoft servers without letting them know you have a hacked console, there are paid and free, I’ve been using proto (free) and it works great, it’s so wild like you don’t see this on any other console, it’s either no security or very low that just a console modification let’s you access online features (ps3/vita/Wii) or completely impossible to circumvent (ps4) the 360 is such a weird and cool console tbh.
I of course installed a bigger hdd I had laying around, btw did y’all know that the enclosure changed designs between the original 20GB one and the later ones (aka 60+GB)? The later ones don’t have the border on that silver chromatic plastic and the badge at the top is a simple sticker and is flat instead of curved inwards, I kept the 20GB enclosure (which also doesn’t say the capacity just HDD 🥸), also there’s software to mount an Xbox 360 formatted hdd as a normal partition and modify whatever u want, that’s how you “clone” one drive to a bigger one, it’s honestly so cool
You could buy the lower end hard drive and upgrade it with the larger capacity keeping your original RSA key. or even buying a broken one you could still retrieve the key. You pretty much had to buy the official HD for the original XBox in order to get the enclosure. The later slim models you could just shove it into the slot and didn’t need the enclosure. Just throw in some paper towels or what not to fill up the empty space so it doesn’t rattle around.
Please be kind and respectful to help make the comments section excellent. (Comment Policy)