Implement XDVD security challenge responses #1659
Conversation
| #ifdef XBOX | ||
| // We need to prevent small XISOs from being reported as CD-ROMs | ||
| // If the DVD security path is set, we can assume it is an XISO. | ||
| const char *dvd_security_path = g_config.sys.files.dvd_security_path; |
There was a problem hiding this comment.
We should probably make this a qdev property, like disc file path, media type, etc. so it can play nicely with other systems
| @@ -457,6 +461,11 @@ struct IDEState { | |||
| uint8_t *smart_selftest_data; | |||
| /* AHCI */ | |||
| int ncq_queues; | |||
| #ifdef XBOX | |||
| uint8_t xdvd_challenges_encrypted[XDVD_STRUCTURE_LEN]; | |||
There was a problem hiding this comment.
Do any of these fields need to be saved in vm state to support snapshots?
|
|
||
| bool xdvd_is_redump(uint64_t total_sectors) | ||
| { | ||
| return total_sectors == XDVD_REDUMP_SECTOR_CNT; |
There was a problem hiding this comment.
Is it possible for this to misclassify if a non-redump image happens to be this same size?
There was a problem hiding this comment.
Youre right it would be technically possible; although I dont think any retail xbox title in XISO format could possibly have this size but maybe some homebrew could have.
Any suggestions? I presume there is some magic bytes in the redump style image somewhere, Id need to research it
There was a problem hiding this comment.
You should be able to check the volume descriptor magic fields at the appropriate offset: https://xboxdevwiki.net/XDVDFS#Volume_descriptor
hw/xbox/xdvd/xdvd.c
Outdated
| bool xdvd_get_encrypted_challenge_table(uint8_t *xdvd_challenge_table_encrypted) | ||
| { | ||
| bool status = true; | ||
| // Check if we have already read it from the file |
There was a problem hiding this comment.
Removed the comment. Left over from old code
| @@ -1206,8 +1338,12 @@ static void cmd_read_dvd_structure(IDEState *s, uint8_t* buf) | |||
| } | |||
| } | |||
|
|
|||
| // Still some important info we don't want to lose so we disable clearing | |||
There was a problem hiding this comment.
Since this is one of the few "not defined" conditionals, it's perhaps nicer to change it into an #ifdef XBOX then the comment lines, and then an #else line before the code that has to be skipped under an Xbox build.
| #endif | ||
|
|
||
| // #define DEBUG | ||
| #ifdef DEBUG |
There was a problem hiding this comment.
This could be moved inside the above #ifdef XBOX conditional block.
|
|
||
| ide_atapi_cmd_reply(s, sizeof(XBOX_DVD_SECURITY), max_len); | ||
| #endif | ||
| break; |
There was a problem hiding this comment.
This break must reside in the above conditional block, not after it.
|
|
||
| bool xdvd_get_encrypted_challenge_table(uint8_t *xdvd_challenge_table_encrypted) | ||
| { | ||
| bool status = true; |
There was a problem hiding this comment.
Either move this variable declaration down to reside along with the others below (since it's not referred to until after those), or (if this project still requires all variable declarations to reside at the start of a function) move all below variable declarations towards here.
| (PXBOX_DVD_CHALLENGE)(&xdvd_challenge_table_decrypted[CR_ENTRIES_OFFSET]); | ||
|
|
||
| for (int i = 0; i < challengeEntryCount; i++) { | ||
| if (challenges[i].type != 1) |
There was a problem hiding this comment.
- We should name this constant. Supposedly 1 means the entry is valid.
- nit: Braces around condition body, same with below
| memcpy(xdvd_security, &s, sizeof(s)); | ||
| }; | ||
|
|
||
| bool xdvd_is_redump(uint64_t total_sectors) |
There was a problem hiding this comment.
I'd like to avoid using the term "redump" in xemu code. Although we use the term informally to mean a complete disc backup, it really is just the name of the metadata archival project and not tied directly to the layout of the disc image. So instead of using the term redump here, let's use something like xdvd_has_video_partition.
| if (max_len == XDVD_SECURITY_PAGE_LEN && buf[8] == MODE_PAGE_XBOX_SECURITY) | ||
| { | ||
| memcpy(&s->xdvd_security, buf, XDVD_SECURITY_PAGE_LEN); | ||
| XBOX_DPRINTF("Authenticated: %d, Partition: %d\n", s->xdvd_security.page.Authenticated, s->xdvd_security.page.Partition); |
There was a problem hiding this comment.
My understanding is that the drive requires the full unlock challenge-response sequence to happen before it will unlock and we are not yet fully modeling this state machine. If this is correct and you don't plan to implement this, can you leave a comment so we can remember to come back to it?
| uint32_t xdvd_get_challenge_response(const uint8_t *xdvd_challenge_table_decrypted, | ||
| uint8_t challenge_id) | ||
| { | ||
| int challengeEntryCount = |
This PR implements the DVD security challenge/response mechanism to the best of my knowledge used on a Xbox console between the DVD drive and the Xbox.
This allows loading retail Xbox titles both in 'redump' format and xiso format with an unmodified retail BIOS.
For this to work, you need the security info from your original game disk. There is two methods:
SS.binfrom a compatible 'Kreon' drive using the method on redump.org http://wiki.redump.org/index.php?title=Microsoft_Xbox_and_Xbox_360_Dumping_Guide,dvd_layout.binfrom your Xbox and original disk using these homebrew apps https://github.com/Ryzee119/OGX_CHALLENGE_TABLE/releases/tag/build-202310141001 or https://gist.github.com/Ernegien/bef054a43213c52c2bef8d94bf9f51cbThese two dumps have the same info but in a slightly different format. As I understand
SS.binrepresents what is physically on the DVD,dvd_layout.binis the packet that is formatted and sent by the DVD drive firmware. This PR detects either and converts accordingly.To provide this file to xemu, there is currently no GUI element and is done by command line
xemu.exe -dvd_security_path "SS.bin". The same arg is used for"dvd_layout.bin".Notes from my testing:
References
This process just follows the text book challenge response process from the Xbox. There may be some unusual aspects that are missed and I only have a smallish selection of disks to test with. I pulled in some public domain RC4 and SHA1 libraries, not sure if they should live in the xdvd folder or not.
Future work suggestions