Category Archives: Game Hacking

New Media Angle

After yesterday’s post I received a tip that I may wish to try getting at the Xbox disc data using the low-level Linux SCSI layer– the facility commonly known as SCSI generic, or simply ‘sg’. In order to make use of this facility, it is necessary to configure your Linux kernel with the right support (CONFIG_CHR_DEV_SG, CONFIG_BLK_DEV_IDESCSI, but not CONFIG_BLK_DEV_IDECD). Download and install the SCSI generic utilities from here (which do not compile on my AMD64 machine; fortunately, the x86-compiled utilities and associated shared library drop into the system perfectly). There are about 30 little sg* utilities in the package. One that caught my attention was sg_dd– your typical ‘dd’ Unix command, but for interacting with a SCSI device. I tested it out on a typical Xbox DVD:

$ sudo sg_dd if=/dev/sg0 of=dvd bs=2048 bpt=1 count=20
20+0 records in
20+0 records out

And, indeed, the beginning of the disc has the markings of a typical DVD filesystem. So let’s try to read beyond the 6,992-sector limit on a standard Xbox disc:

$ sudo sg_dd if=/dev/sg0 of=dvd bs=2048 bpt=1 count=2 skip=6991
reading: SCSI status: Check Condition
 Fixed format, current;  Sense key: Illegal Request
 Additional sense: Logical block address out of range

 Raw sense data (in hex):
        70 00 05 00 00 00 00 0a  00 00 00 00 21 00 00 00
        00 00
plus...: Driver_status=0x08 [DRIVER_SENSE, SUGGEST_OK]
sg_read failed, seek=1
Some error occurred,  remaining block count=1
1+0 records in
1+0 records out

I had to deal with all this SCSI nonsense in a previous life and I admit that this output is conjuring some sour memories. Anyway, it seems that the stock sg_dd command can not read beyond what the DVD header structure ostensibly reports as the size of the disc. There are a number of other utilities I need to investigate for potential. Failing that, it’s possible — with at least a modicum of effort — to program the sg layer. There may yet be a solution.

Related posts:

Xbox Media Redux

Pursuant to my post last week regarding Xbox media, I received some suggestions to throw some leading Windows utilities at the problem, notably Nero and IsoBuster. They both report the same as my results in Linux.

IsoBuster:


IsoBuster perspective

Nero:


Nero perspective

I’m sure there were a lot of people out there who already knew this stuff. But it’s hard to find specifics on the internet (sort of like heavy technical details of reverse engineering).

PS3 Linux Confusion

To date, I can not clearly recall if I have ever picked up a PlayStation or PlayStation 2 controller. I had little reason to care about the PlayStation 3 until I heard rumblings that Terra Soft’s Yellow Dog Linux distribution will run on the upcoming console. The Cell technology sounds fascinating at a technical level and I am always interested in low-level programming on weird and wonderful CPU architectures. So far, though, it has been quite difficult to find any solid details about what the PS3-Linux distribution will actually allow you to do with the system. PS2-Linux sounded interesting as well but apparently suffered from some limitations, like not allowing Linux users to access the optical drive (which could apparently be circumvented by modding the hardware, or even allegedly via a software patch).


A little yellow dog

So my confusion revolves around what Yellow Dog Linux for the PlayStation 3 will actually allow an adventurous programmer to do. Questions I have include:

  • Will you be able to program all the CPUs (the main CPU and the 6 coprocessors)?
  • Will you be able to program the graphics?
  • In different video modes?
  • All the way up to full 1080p resolution?
  • Will there be any accelerated graphics facilities available?
  • Or will you only have the privilege to poke pixels into a framebuffer and slap the resulting bitmap onto the screen?
  • Will you be able to output sound?
  • Will you be able to output stereo sound?
  • Will you be able to output 7.1 surround sound?
  • Will you be able to access the network via either the gigabit ethernet or WiFi interface?
  • Will you be able to access the optical drive? (Extraordinarily unlikely)
  • Will you be able to plug in and use any USB device?

Ars Technica has the most descriptive treatment of the impending YDL distribution. Predictably, the ensuing 3 pages of comments nitpick endlessly over what the capabilities and possibilities might be without understanding many if any answers to the above questions.

Studying Xbox Multimedia

…at least, that’s what I would like to do. I bought a used Xbox game nearly 2 years ago with the intention of opening up the disc and studying the contents for interesting multimedia formats. I picked up a few more titles some months ago because I heard these games had some unique multimedia targets. Today, close to 5 years after the Xbox’s initial launch, I tried to examine the disc contents. I ran into a few problems.

I had always heard that Xbox discs have a standard DVD-video structure at the front in order to accommodate the eventuality that the disc may be placed into a standard DVD player. Sure enough, treating the disc like a DVD shows a 13-second, totally X-treme Xbox video followed by a still screen instructing the user, in several languages, to play the disc in the proper game console.

If you use standard CD/DVD system tools to study the Xbox disc, it will be reported as having 6,992 2048-byte sectors, a little over 14 megabytes of DVD-video data. This page on Xbox-Linux describes the Xbox DVD filesystem (XDVDFS) format. However, the markers discussed in that document (“MICROSOFT*XBOX*MEDIA”) do not occur in this 14-megabyte data segment. I imagine the game data starts immediately after this segment. As the document explains, the Xbox DVDs have a fraudulent TOC which tells standard DVD-ROM drives that the disc is much shorter than it actually is. Trying to seek past that point manually just results in an unceremonious EOF.

A brief perusal of BitTorrent sites reveals that many people have absolutely no trouble ripping Xbox games for the purpose of distribution. How do they do it? Apparently, by modding an Xbox, running Linux on it, logging into the Xbox, loading a game disc into the Xbox’s drive, FTP’ing to another computer, and reading the raw game sectors from the disc using the Xbox’s drive, which apparently uses a different set of rules for reading. Not being in possession of an Xbox and having no desire to invest in one at this time, I am at a bit of a loss to study these discs, unless there is a solution I am overlooking.

Based on the filesystem format doc, I am quite confident I could write a FUSE module for browsing the filesystem in short order, based largely on my gcfuse code.