Welcome, Guest!

Here are some external resources you may find helpful

Xbox OG XDK HDD unlocking/dumping without EEPROM!

emoose

Registered
Registered
Joined
Jun 13, 2019
Messages
10
Reaction score
19
Points
3
Just found this out and I'm not sure how well known it is, but it looks like XDK hard drives actually use all-zero HDD keys! (well, I know that mine does at least, hopefully someone can verify...)

If you're wondering what this means: hopefully XDK HDDs can be dumped without even needing the kit to power on, without any HDD keys/EEPROM dumps or anything.

To unlock on Windows just use the xboxhdm23usb-Beta2.zip package & copy an eeprom.bin from any devkit into the same folder, run the xboxhd.bat file, and go through the menus to unlock your drive, then you can use a disk copier software like HDDRawCopy to create a dump. (if that fails you might have to unplug/replug the HDD's IDE cable after unlocking though, keep the power cable connected while doing this)

(I don't really think there's any risk using Windows, after all people have hooked up X360 drives and used Xplorer360 / FATXplorer for years without any issues I've seen - just be sure to cancel any prompt about initializing the drive, if one appears)

I've posted my EEPROM file here, hopefully it should unlock pretty much any devkit HDD: https://github.com/emoose/xbox-winfsp/blob/master/eeprom.bin (click Download)

This worked fine for me under Windows 10 but I'd really like to confirm it's not just some fluke with my kit though: it'd be nice to hear from anyone has access to a devkit HDD & some way to attach it to your PC (the R-Driver III adapter (pic) worked great with my drive, the cheapest USB adapter I found that included a power brick)

(The HddKey is different to the actual password used during unlocking though, HddKey is the 'unique' part stored in EEPROM, with the password created through HMAC-SHA(HddKey, HddModel + HddSerial), so there is still a non-zero password used, it's just much, much easier to work out on devkits :))
 
Last edited:

Risk

Registered
Registered
Joined
Aug 25, 2019
Messages
24
Reaction score
7
Points
3
AG User Name
Risk
AG Join Date
Nov 9, 2018
Not all XDK's are 32 zeros for the unique key. Using xboxhdm still assumes the user has a real old PC or a usb adapter that has lock/unlocking support. There is ViridiX now that can dump the eeprom, kernel, hdd files and can dump the harddrive image, all via the network.
 

emoose

Registered
Registered
Joined
Jun 13, 2019
Messages
10
Reaction score
19
Points
3
Not all XDK's are 32 zeros for the unique key. Using xboxhdm still assumes the user has a real old PC or a usb adapter that has lock/unlocking support. There is ViridiX now that can dump the eeprom, kernel, hdd files and can dump the harddrive image, all via the network.
Yeah I did see about ViridiX, but there were people who posted about network issues or not supporting kernels in the thread, so I just wanted to look into other options, nothing bad about having more than one method IMO.

Pretty strange if kits do use non-zero keys, I remember seeing a lot of stuff in the kernel where it seemed to force all zeroes which is what made me check with my box, maybe some special kits don't do that though.

E: Oh I did find out that some Xbox EEPROM tools don't actually seem to be using the correct EEPROM key for devkits, so when they decrypt the EEPROM they read in the wrong HDD key, maybe misleading about what it actually is...
This actually happened with my kit when I dumped it years ago, the txt file Eepromer gave says some completely different HDD key, but decrypting with the right devkit keys does give an all-zero key for me, could be that's why some kits seemed to use non-zero keys?
 
Last edited:

Risk

Registered
Registered
Joined
Aug 25, 2019
Messages
24
Reaction score
7
Points
3
AG User Name
Risk
AG Join Date
Nov 9, 2018
Yes, ViridiX is dependent that you dont run the software off a wireless connection (even tho its connecting to your router) while dumping due to wifi congestion. I am aware the software has been unstable with networks. The issues with the kernel can be fixed, i believe its basically the xbdm.dll that it doesnt recognize. The dev is friendly enough to help if you reach out to them. They can update the tool.
 

allman

Registered
Registered
Joined
Apr 20, 2021
Messages
1
Reaction score
1
Points
1
This can be seen in WritePerBoxData() inside xbox\private\sdktools\factory\WritePerBoxData\writeperboxdata.cpp:

WinRAR_tmcHg5Bc3x.png

Who knows if this code was always in place though, might have only been added later on, so maybe some early kits still use a non-zero key.
 
Top