Welcome, Guest!

Here are some links you may find helpful

Xbox OG XDK HDD unlocking/dumping without EEPROM!

emoose

Member
Registered
Joined
Jun 13, 2019
Messages
14
Reaction score
21
Points
3
Just found this out and I'm not sure how well known it is, but it looks like XDK hard drives actually use all-zero HDD keys! (well, I know that mine does at least, hopefully someone can verify...)

If you're wondering what this means: hopefully XDK HDDs can be dumped without even needing the kit to power on, without any HDD keys/EEPROM dumps or anything.

To unlock on Windows just use the xboxhdm23usb-Beta2.zip package & copy an eeprom.bin from any devkit into the same folder, run the xboxhd.bat file, and go through the menus to unlock your drive, then you can use a disk copier software like HDDRawCopy to create a dump. (if that fails you might have to unplug/replug the HDD's IDE cable after unlocking though, keep the power cable connected while doing this)

(I don't really think there's any risk using Windows, after all people have hooked up X360 drives and used Xplorer360 / FATXplorer for years without any issues I've seen - just be sure to cancel any prompt about initializing the drive, if one appears)

I've posted my EEPROM file here, hopefully it should unlock pretty much any devkit HDD: https://github.com/emoose/xbox-winfsp/blob/master/eeprom.bin (click Download)

This worked fine for me under Windows 10 but I'd really like to confirm it's not just some fluke with my kit though: it'd be nice to hear from anyone has access to a devkit HDD & some way to attach it to your PC (the R-Driver III adapter (pic) worked great with my drive, the cheapest USB adapter I found that included a power brick)

(The HddKey is different to the actual password used during unlocking though, HddKey is the 'unique' part stored in EEPROM, while password is what actually unlocks the drive - password is created via HMAC-SHA(HddKey, HddModel + HddSerial), so there is still a non-zero password used, it's just much, much easier to work out on devkits :))
 
Last edited:

Risk

Member
Registered
Joined
Aug 25, 2019
Messages
24
Reaction score
11
Points
3
AG User Name
Risk
AG Join Date
Nov 9, 2018
Not all XDK's are 32 zeros for the unique key. Using xboxhdm still assumes the user has a real old PC or a usb adapter that has lock/unlocking support. There is ViridiX now that can dump the eeprom, kernel, hdd files and can dump the harddrive image, all via the network.
 

emoose

Member
Registered
Joined
Jun 13, 2019
Messages
14
Reaction score
21
Points
3
Not all XDK's are 32 zeros for the unique key. Using xboxhdm still assumes the user has a real old PC or a usb adapter that has lock/unlocking support. There is ViridiX now that can dump the eeprom, kernel, hdd files and can dump the harddrive image, all via the network.
Yeah I did see about ViridiX, but there were people who posted about network issues or not supporting kernels in the thread, so I just wanted to look into other options, nothing bad about having more than one method IMO.

Pretty strange if kits do use non-zero keys, I remember seeing a lot of stuff in the kernel where it seemed to force all zeroes which is what made me check with my box, maybe some special kits don't do that though.

E: Oh I did find out that some Xbox EEPROM tools don't actually seem to be using the correct EEPROM key for devkits, so when they decrypt the EEPROM they read in the wrong HDD key, maybe misleading about what it actually is...
This actually happened with my kit when I dumped it years ago, the txt file Eepromer gave says some completely different HDD key, but decrypting with the right devkit keys does give an all-zero key for me, could be that's why some kits seemed to use non-zero keys?
 
Last edited:

Risk

Member
Registered
Joined
Aug 25, 2019
Messages
24
Reaction score
11
Points
3
AG User Name
Risk
AG Join Date
Nov 9, 2018
Yes, ViridiX is dependent that you dont run the software off a wireless connection (even tho its connecting to your router) while dumping due to wifi congestion. I am aware the software has been unstable with networks. The issues with the kernel can be fixed, i believe its basically the xbdm.dll that it doesnt recognize. The dev is friendly enough to help if you reach out to them. They can update the tool.
 

allman

New member
Joined
Apr 20, 2021
Messages
2
Reaction score
3
Points
3
This can be seen in WritePerBoxData() inside xbox\private\sdktools\factory\WritePerBoxData\writeperboxdata.cpp:

WinRAR_tmcHg5Bc3x.png

Who knows if this code was always in place though, might have only been added later on, so maybe some early kits still use a non-zero key.
 

emoose

Member
Registered
Joined
Jun 13, 2019
Messages
14
Reaction score
21
Points
3
Seems it was confirmed on Discord a little while ago that at least some other debug kit EEPROMs besides mine also use all-zero HDD key (instead of asking people to test hooking up their HDDs I probably should have just asked to check their EEPROMs HDD key instead, d'oh)

So hopefully this should make it easier for people to dump their kits, if they can't boot or use ViridiX for some reason.

(like mentioned it's not certain all debug kits are like this though, seems the default is for HDD keys to be randomized while devkits have a special case coded in to clear it as shown above, but that special case might not have always been there...)
 
shape1
shape2
shape3
shape4
shape5
shape6
Top